Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD Agenda Network Security Remote Access Anti-Virus Protection E-mail Content Filtering and Blocking Possible Future Directions Network Security SITA Internet Internet DMZ External Firewall X25 Internal Firewall Extranet DMZ Private Network Network Security 2 levels of firewalls for access control 2 separate DMZs to protect sensitive information Outgoing Internet access through application relays Intrusion detection systems on both DMZs Vulnerability scanning on a regular basis Intrusion Detection System Network sensor watching for attack signatures Responses to suspicious activity: Connection termination Alerts sent by E-mail Session recorded Other … Remote Access Exchange Web SQL Remote Access For portables and Outlook Web Access users to access the OECD network, twofactor authentication based on: A PIN number (known by the user) An authenticator (either hardware or software) Also based on Windows authentication to access network resources Anti-Virus Protection Network Server Point of Entry Point of Entry Gateway & Firewall E-mail & SMTP relay Point of Entry Internet Client Prevention And Detection Anti-Virus products from 2 different vendors installed on: Desktops and laptops File Servers E-mail Servers SMTP Relays Signature updates on a weekly basis Scanning on PCs and servers on a weekly basis User Education Being Prepared Basic Network Security Standard Disaster Recovery Procedures E-mail Content Filtering and Blocking Implemented after the ILOVEYOU virus SMTP relay level filtering of all incoming and outgoing Internet messages: Scan for viruses Block « program » attachments and HTML scripts for 2 days Search for « suspicious » text strings in subject Reporting to management E-mail Content Filtering and Blocking W32/Navidad W32/Navidad-B Possible Future Directions Outsource detection and reporting of network vulnerabilities SSL for Outlook Web Access Use RTBL to prevent spamming Content inspection on HTTP/FTP downloads Comments and Questions?