12. Diágnostico Que tan vulnerable soy? Botnet gana…. December 31, 2007 Half a million sites hit by huge web hack April 28, 2008 Inf personal de + 14,000 empleados militares robados por un hack.USA. Apr 28, 2006 Trojanos-Infectados MP3s May 9, 2008 Ataque DDoS afecta a EE.UU. y Corea del Sur Jul 10, 2009
17. Infraestructura Crítica de Red Marco de Control WAN SISTEMAS DE INFORMACION LAN, WLAN INTERNET Identificar Monitorear Correlacionar Endurecer Aislar Aplicar Visibilidad Total Control Completo
19. Perímetros de Red Internet INTERNET FRONTERA DE RED CONTRATISTAS SUCURSALES Internautas Internautas Teletrabajo Secure Router Firewall VPN DDoS Correo CAR WEB DLP WAF IPS BWM Identificar
20. Perímetros de Red WAN SUCURSAL FRONTERA DE RED CENTRO DE DATOS FRONTERA DE RED WAN VSAT FIBRA OPTICA WIFI RADIO Secure Router Firewall IPS Secure Router Firewall VPN VPN
21. Aplicaciones De Negocio Alianzas Mercadeo Finanzas Juridica Modelos Funcionales Colaboraci ón Modelos funcionales que al ser dividos en capas funcionales y bloques administrables/granulares, debe operar y ser controlado mediante la designación de un rol especifico en la red. Perímetros de Red LAN, WLAN E C P I U G
22. Perímetros de Red LAN, WLAN WAN INTERNET ACCESO A LA RED VISITANTES EMPLEADOS Perímetro 1 Perímetro 2 Perímetro 3 Perímetro N SISTEMAS DE INFORMACION CONTRATISTAS CAR FW SR AAA IPS WL
23. Perímetros de Red Sistemas de Información MAN Seg 1 Seg 2 Seg N Seg 1 Seg 2 Seg N IPS IPS MAN
24.
25.
26.
27. Dankie Faleminderit Shukran Shur-nur-ah-gah-lem Thoinks Eskerrik Asko Dhannyabad Blagodaria Hvala Jae Zu Din Pa De Na som M'goy Gràcies Wado Skee Xie Xie Kia Manuia Dekuji Tak Bedankt Dankon Aitäh Akpé Vinaka Kiitos Kpè nu wé Merci Abarka Madlobt Danke Efharisto Aguije Abarka Aabar Mahalo Toda Dhanyavaad Köszönöm Þakka þér fyrir Terima kasih Moteshakeram Go raibh maith agat Grazie Arigato Matur nuwun Dhan-ya-vaadaa Kamsa hamaida Paldies Achu Waybale Nandi Terima Kasih Kia Manuia Na gode Takk Shakkran Soolong Aguije Mam'noon Salamat Dziekuje Obrigado Bhala Hove Multumesc Spasiba Fa'afetai Tapadh Leibh Dakujem Dankie Gracias Nuhun Ahsante Tack Maururu Manjuthe Khob Khun Kha/Krab Thuk Ji Chhe Tesekkurler Thank You Dyakuyu Maherbani Shukria спасибо Rahmat Kam ouen Diolch Nkosi Modupe Ngiyabonga GRACIAS
28.
29. Perímetros de Red Sistemas de Información MAN ACCESO A LA RED VISITANTES EMPLEADOS MAN Seg 1 Seg 2 Seg N Seg 1 Seg 2 Seg N CONTRATISTAS IPS IPS P1 P2 PN P3
30.
31. ViTTS – Victim Tracking & Tracing System victims Triage area Internet Hospital A Hospital B Export to Orion Health Internet Portal Orion Health Centralised DB containing real-time view on patients and their location Local hotspot Cisco MAR Hosting provider Crisis Staff Centralized DB containing Maps of infrastructure Cisco AP Aeroscout Exciter +
Notas do Editor
Today’s militaries are called upon to do a variety of missions. Because of its organizational structure and discipline, the military is often the best and sometimes the only resort for nations to deal with crises. The primary mission of a nation’s military is the defense of the country – to fight that nation’s wars. The largest share of that military’s time and effort will be devoted to the training and equipping of that mission. Combat troops from many nations are also involved in coalition missions that include combat, such as ISAF in Afghanistan. However, nation states today are generally not in conflict with each other. Most conflicts are in fact internal to nations. For most militaries, activities have been primarily operations other than war. These include Humanitarian missions, such as the relief operations in Pakistan in 2006 or the Southeast Asian Tsunami relief effort in 2005. These were multinational efforts that relied upon militaries to bring initial assistance into areas where infrastructure was severely damaged or completely destroyed. Many nations involved in international organizations dedicate portions of their militaries to these organization missions, primarily the UN but also ASEAN, African Union, and NATO.
In Today’s Defense environment -- -Collaboration is no longer an option Not only do our collaborate within their own Defense organizations – across the Army, Navy, Air Force and Marines, but they also MUST collaborate with other countries – allies and partners. Whether it is in support of Humanitarian relief (such as the Tsunami is Indonesia & Thailand), Peace Keeping Operations (under the auspices of the United Nations), or Military Operations such as the Global War on Terrorism They are also looking to leverage innovation in the tactical environment –where the need for new capabilities more compelling and urgent, and less encumbered by the scale of deploying in a large enterprise – into the Enterprise environment. This is enabling collaboration vertically and horizontally. Our customers are demanding the Quad Play
La plataforma de la red ha ido abordando muchos procesos de negocio, de la entidad. Productividad
Algunos de los sitios estadounidenses afectados son los del Departamento del Tesoro, la Casa Blanca, la Comisión Federal de Valores o el periódico online The Washington Post. Mientras, en el país surcoreano han sido las páginas Web de la Casa presidencial, el Ministerio de Defensa y algunos bancos. The new target if “you” not the collective internet The security challenges today put businesses at risk by impacting many high level concerns such as maintaining efficient business operations without downtime, maintaining a positive reputation with customers, investors and the marketplace, steps taken to limit liability, and the increasingly important efforts to comply with regulatory compliance. The security challenges have evolved as demonstrated by recent activities and media coverage: http://www.news.com/Year-in-review-Botnet-gains%2C-Web-2.0-pains/2009-7349_3-6223531.html?tag=cd.hed http://www.techworld.com/security/news/index.cfm?RSS&NewsID=12100 http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9085081&taxonomyId=17&intsrc=kc_top
99,999 = 5,26 minutos de indisponibilidad
Teoria de los anillos de seguridad. Teoria de la proteccion de personas o instalaciones, basada en la experiencia militar, se aplica desde hace siglos, se implementa con el fin de implementar una medida de control frente a las amenazas como la fuga de informacion, la traicion o delacion, y se basa solo en el principio de cada cual solo debe saber lo necesario para ejecutar bien su trabajo (confidencialidad). Perimetro. Define las fronteras de los lugares en la red. Espacios lógicos o físicos que me permiten implementar medidas para controlar el desarrollo del comportamiento de los entes, durante la permanencia en el espacio.
Total Visibilidad. Identificar, Monitorear, Colectar, Detectar y Clasificar Usuarios, Tráfico, Aplicaciones y Protocolos Control Completo. Endurecer, Fortalecer Medidas, Limitar Acceso, y Aislar Equipos, Usuarios, Tráfico, Aplicaciones y Protocolos Identificar. Identificar, Clasificar y Asignar niveles confiables a Suscriptores, servicios y Tráfico Monitorear. Identificar Tráfico Anómalo, Monitorear, Rendimiento, Comportamiento, Eventos y Cumplimiento con Politicas Correlacionar. Colectar, Correlacionar y Analizar Eventos Globalmente del Sistema. Identificar, Notificar y Reportar Eventos Relevantes Endurecer. Endurecer Maquinas, Transporte, Servicios y Aplicaciones. Resistencia Consistente en la Infraestructura, Redundancia y Tolerancia a Fallos Aislar. Aislar Suscriptores, Sistemas y Servicios. Contener y Proteger. Aplicar. Aplicar Políticas de Seguridad. Migrar Eventos de Seguridad . Respuesta Dinámica a Eventos Anómalos
Segmentación de la red de acuerdo a los roles y necesidades de información de cada modelo funcional
Endurecimiento de la red de switches (Servicios necesarios de monitoreo, Acceso controlado administrativo, Protección ambiental, Desactivación servicios vulnerables, Protección ataques de negación de Servicio, Aseguramiento de enrutamiento de la red) Cifrado 802.1ae macsec Segmentacion de la red: control, calidad de servicio, visibilidad SR Secure Router Acceso instalaciones Identificación Estudio de Host Perímetro de acceso Permanencia Auditoria
ViTTS Demo : what did we demonstrate ? Step 1: Identify victims at the disaster site and pose a diagnose. Patient date is transmitted to a centralised database. Step 2: Transport to the hospital. If the ambulance is equipped with an Exciter and MAR the real-time location of every transported patient will automatically be transmitted. Step 3: Arrival at the hospital. Hospital is equipped with an Exciter and the real-time location of every transported patient will automatically be transmitted. The location of the patient will be adapted in real-time in the database with arrival at the hospital. The hospital gets automatically access to all the patient data: Name, Diagnose Step 4: Government data are always up-to-date: Exact amount and location of victims is know at all times: How many victims still at disaster site? How many in which hospital? How many death, severly and light wounded victims,etc. Pictures of non-identified victims are available for identification by family and friends. Conclusion The VITTS solution gives the government at each moment in time a clear overview of the number of victims, their location and their status. The identification of the victims can be simplified by providing their pictures to the police, emergency teams,... Patients can be divided between the available hospitals based on the current occupation and the amount of victims. The identification of the victims can be simplified by providing their pictures and data to the police, emergency teams,... Patients can be organized and divided between the available hospitals based on the current occupation and the amount of victims. The VITTS solution gives the government and other involved parties at each moment in time a clear overview of the number of victims, their location and their status.