Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader
|
|
- Augustine West
- 8 years ago
- Views:
Transcription
1 Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader
2 Cisco Support Community Expert Series Webcast Today s featured expert is Cisco Technical Leader Ask him questions now about How to protect your network Jazib Frahim CCIE in Routing and Switching, & Security 2011 Cisco and/or its affiliates. All rights reserved. 2 2
3 Thank You for Joining Us Today Today s presentation will include audience polling questions We encourage you to participate! 2011 Cisco and/or its affiliates. All rights reserved. 3
4 Thank You for Joining Us Today If you would like a copy of the presentation slides, click the PDF link in the chat box on the right or go to /others Or, Cisco and/or its affiliates. All rights reserved. 4
5 Polling Question 1 What is your primary role/function in the company that you work for? a) Network/Security engineer b) Systems Administrator c) Network/IT Manager d) IT Executive e) Other 2011 Cisco and/or its affiliates. All rights reserved. 5
6 Submit Your Questions Now Use the Q&A panel to submit your questions. Experts will start responding those 2011 Cisco and/or its affiliates. All rights reserved. 6
7 Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader
8 Agenda Case Study 1 Incident in the VPN network Case Study 2 Incident in the branch network Case Study 3 Incident in the Internet edge Recommendations Questions and Answers 2011 Cisco and/or its affiliates. All rights reserved. 8
9 Case Study 1 Incident in the VPN network
10 Telecommuters Partner 1 Partner 2 Internet ASA VPN Cluster Corporate Network New York Road warriors 2011 Cisco and/or its affiliates. All rights reserved. 10
11 Unauthorized Access via Clientless SSL VPN several times for about 3-4 weeks Cisco and/or its affiliates. All rights reserved. 11
12 Attacker Exploited the Authentication Bypass Vulnerability described in CVE The Cisco ASA was not patched for the vulnerability Attacker was able to compromise other internal systems and stole several documents / information Cisco and/or its affiliates. All rights reserved. 12
13 In a monthly VPN activity report they noticed that a user called CatchMeIfYouCan logged in several times for a period of 3-4 weeks. The username did not conform to the active directory standard. After further investigation, they found that VPN authentication was being bypassed in the ASA cluster as a result of CVE Cisco and/or its affiliates. All rights reserved. 13
14 Only allowed VPN traffic to ASAs External user authentication ASA VPN Cluster AD/NTLM authentication Idle and session timeouts Road warriors Leveraged DAP New York Disabled Split-tunneling VPN traffic inspected by IPS 2011 Cisco and/or its affiliates. All rights reserved. 14
15 Polling Question 2 Where do you typically hear about security breaches/compromises in the enterprises? a) Online b) Print Media c) Television d) Social circles e) Other 2011 Cisco and/or its affiliates. All rights reserved. 15
16 Submit Your Questions Now Use the Q&A panel to submit your questions. Experts will start responding those 2011 Cisco and/or its affiliates. All rights reserved. 16
17 Case Study 2 Incident in the Branch Network
18 Branch Office Network Branch Network 1 Corporate Network Private WAN Branch Network Cisco and/or its affiliates. All rights reserved. 18
19 A retail store in Mobile, Alabama was, apparently, not physically secured. Finally, they transferred sensitive data outside of the network Hackers plugged and hid a wireless router on the network They sniffed traffic to extract user credentials with escalated privileges They controlled the router over an encrypted wireless connection 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2011 Cisco and/or its affiliates. All rights reserved. 19
20 Law enforcement agencies traced a number of fraudulent purchases all over the country, with one commonality all victims had used their cards in their company stores Cisco and/or its affiliates. All rights reserved. 20
21 AAA in all Networking Devices Secure Protocols such as SSH Branch Network Redundancy (Logical & Physical) Corporate Network Private WAN NetFlow and Event Monitoring Routing Protocol Security WAN edge acting as firewall & IPS Control Plane Policing (CoPP) QoS for traffic prioritization GETVPN to encrypt all WAN traffic 2011 Cisco and/or its affiliates. All rights reserved. 21
22 Case Study 3
23 Disgruntled Employee (Network Administrator) Created backdoor accounts on AAA Servers After a Month of Being Fired Logged in to the network and erased configurations of several Internet Edge networking devices (including firewalls and routers) Erased backup configurations from a management server using such account 2011 Cisco and/or its affiliates. All rights reserved. 23
24 SP Edge Backup Configs Ex-employee was able to SSH to the outside router and use it as a stepping stone to connect to the firewall. Internet ISP A ISP B DMZ DNS/FTP/NTP Corporate Network /WWW Sec Appliances After he connected to the firewall, he modified the rules to be able to further SSH into several networking devices Erased their configuration Erased the backup configurations on a server he had previously configured in our network Cisco and/or its affiliates. All rights reserved. 24
25 Everyone Experienced the Effects Everyone Called!! 2011 Cisco and/or its affiliates. All rights reserved. 25
26 SP Edge AAA in all Networking Devices Internet ISP A ISP B Corporate Network Secure Protocols such as SSH Redundancy in all areas Netflow urpf/anti-spoofing DMZ Firewalls Intrusion Prevention Systems (IPS) DNS/FTP/NTP /WWW Sec Appliances Control Plane Policing (CoPP) Port Security 2011 Cisco and/or its affiliates. All rights reserved. 26
27 Recommendations
28 Key points to consider about security 100 % Secure Network Security Baseline You can never get a 100% secure network. No product of any size, vendor or type can provide 100% security at a given time You can not rely on products and technologies for full security You need to keep improving the security posture of network infrastructure to meet the challenges of the evolving threats. You must create a baseline for the activities occurring in your network infrastructure to provide answers to hard questions such as: Are we more secure today than we were before? Have we improved from last year? Are we secure enough? 2011 Cisco and/or its affiliates. All rights reserved. 28
29 Patch Management Proactive Security Vulnerability Announced by Vendor Identify Workarounds Patch/Fix is Tested Identify Affected Devices Patch/Fix is Obtained Patch is Implemented Awareness You need to keep up with vulnerability announcements from vendors at all times. Identification/ Correlation Identify vulnerable devices Identify potential workarounds and network mitigations Fix Tested and Implemented Test Certify Image/Software Implement 2011 Cisco and/or its affiliates. All rights reserved. 29
30 Incident Management Reactive Security T 0 T e T i T c T Event (T e -T o ) T incident (T i -T e ) T containment (T c -T i ) T o = Time when an event occurs on the network T e = Time when the event is detected on the network T i = Time when the event is classified as an incident T c = Time when the incident is contained on the network 2011 Cisco and/or its affiliates. All rights reserved. 30
31 AAA Management Restricted Access Physical Security Network Device Authentication? Network User Authentication? Guest Access with network restrictions? Shutting down unused ports? Traffic filtering from branch to corporate network? Unlocked/unres tricted wiring closets? Monitoring via cameras? 2011 Cisco and/or its affiliates. All rights reserved. 31
32 AAA Management Outside Router Firewalls Process around User accounts No Audits of AAA Accounts? Change Control Correlation & Enforcement? Why Listen to SSH There? No VTY Access Control? Why SSH from the Outside Router? Change Control Correlation & Enforcement? 2011 Cisco and/or its affiliates. All rights reserved. 32
33 Useful References Cisco's Security Center BugTraq: Emerging Threats Open Source Mallware Collect (mwcollect) SANS Internet Storm Center Team Cymru Cisco Advanced Services offers a Security Architectural Assessment service _saa_ds.pdf 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2011 Cisco and/or its affiliates. All rights reserved
34 Polling Question 3 Have you created a baseline for the operational and technical activities that occur in your network? a) Yes, We already have a good baseline b) Yes, We are in the process of creating a baseline c) No, but we are thinking about it d) No, and we are not thinking about it 2011 Cisco and/or its affiliates. All rights reserved. 34
35 Submit Your Questions Now Use the Q&A panel to submit your questions. Experts will start responding those 2011 Cisco and/or its affiliates. All rights reserved. 35
36 Q&A 2011 Cisco and/or its affiliates. All rights reserved. 36
37 We Appreciate Your Feedback! The first 5 listeners who fill out the Evaluation Survey will receive a free: $20 USD Gift Certificate To complete the evaluation, please click on link provided in the chat Cisco and/or its affiliates. All rights reserved. 37
38 If you have additional questions, you can ask them to Expert He will be answering from day X to day Y. You can watch the video or read the Q&A 5 business days after the event at
39 in Polish Topic: Security Architecture for Corporate Networks Tuesday, September 27th, at 10:00 a.m. Warsaw (UTC +2) 9:00 a.m London (UTC +1) 4:00 a.m. New York (UTC -4) Join Security CCIE and CISSP-ISSAP Expert Gaweł Mikołajczyk Technical Leader at Cisco in Europe He will talk about Cisco Security architecture for corporate newtorks During this interactive session you will be able ask all your questions related to this topic. Register for this live Webcast at Cisco and/or its affiliates. All rights reserved. 39
40 Community Cisco and/or its affiliates. All rights reserved. 40
41 If you speak Polish, Japanese, or Spanish, we invite you to ask your questions and collaborate in your language. Spanish Polish etc/netpro-polska Japanese We re also running a pilot for Russian and Portuguese. You can register at the following links Russian: Portuguese: Cisco and/or its affiliates. All rights reserved. 41
42 Thank You for Your Time Please Take a Moment to Complete the Evaluation
43
Cisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationSECURE DATA CENTER DESIGN. Piotr Wojciechowski (CCIE #25543)
SECURE DATA CENTER DESIGN Piotr Wojciechowski (CCIE #25543) ABOUT ME Senior Network Engineer MSO at VeriFone Inc. Previously Network Solutions Architect at one of top polish IT integrators CCIE #25543
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationNetwork Security. 1 Pass the course => Pass Written exam week 11 Pass Labs
Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationCisco ASA. Administrators
Cisco ASA for Accidental Administrators Version 1.1 Corrected Table of Contents i Contents PRELUDE CHAPTER 1: Understanding Firewall Fundamentals What Do Firewalls Do? 5 Types of Firewalls 6 Classification
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationSpooks in the Machine
A Higher Education Services Company Spooks in the Machine Proactive Strategies for Securing the Network Steven M. Helwig, CISSP Technical Director shelwig@sungardcollegis.com Contents of Presentation Aligning
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationTHE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI Introduction. I. VULNERABILITIES AND TECHNOLOGIES. 1. Hackers and Threats. Contending with Vulnerability Realizing Value in Security
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationSSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x
SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x Introduction The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course is a five-day instructor-led course
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationRouter Security - Approaches and Techniques You Can Use Today
Router Security - Approaches and Techniques You Can Use Today Neal Ziring System and Network Attack Center Information Assurance Directorate National Security Agency 1 Introduction and Outline GOAL: Define
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationUseful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important
Useful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important System administrators are advised to read. Overview and Use of this Guide Objectives This guide provides additional
More informationMicrosoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.
Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc. Foundstone Labs October, 2003 Table of Contents Table of Contents...2 Introduction...3 Scope and Approach...3
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationCisco Certified Network Expert (CCNE)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Network Expert (CCNE) Program Summary This instructor- led program with a combination
More informationC H A P T E R Management Cisco SAFE Reference Guide OL-19523-01 9-1
CHAPTER 9 The primary goal of the management module is to facilitate the secure management of all devices and hosts within the enterprise network architecture. The management module is key for any network
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationEvaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationManaging Enterprise Security with Cisco Security Manager
Managing Enterprise Security with Cisco Security Manager Course SSECMGT v4.0; 5 Days, Instructor-led Course Description: The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course
More informationCisco IOS Advanced Firewall
Cisco IOS Advanced Firewall Integrated Threat Control for Router Security Solutions http://www.cisco.com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 All-in-One Security
More information300-208 - Implementing Cisco Secure AccessSolutions Exam
Implementing Cisco Secure Access Solutions Duration: 5 Days Course Code: SISAS Overview: This course has been designed to provide engineers with the foundational knowledge and skills required to implement
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationThis chapter covers the following topics:
This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E
More informationSession Border Controllers in Enterprise
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationCisco Virtual Office Express
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationmodules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:
SERVER SECURITY STANDARD Security Standards are mandatory security rules applicable to the defined scope with respect to the subject. Overview Scope Purpose Instructions Improperly configured systems,
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE
ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationThrough the Security Looking Glass. Presented by Steve Meek, CISSP
Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationNetwork Security Policy: Best Practices White Paper
Security Policy: Best Practices White Paper Document ID: 13601 Introduction Preparation Create Usage Policy Statements Conduct a Risk Analysis Establish a Security Team Structure Prevention Approving Security
More informationENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0
ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS Version 2.0 July 20, 2012 Table of Contents 1 Foreword... 1 2 Introduction... 1 2.1 Classification... 1 3 Scope... 1
More informationCCNA Security 2.0 Scope and Sequence
CCNA Security 2.0 Scope and Sequence Last Updated August 26, 2015 Target Audience The Cisco CCNA Security course is designed for Cisco Networking Academy students seeking career-oriented, entry-level security
More informationCITY UNIVERSITY OF HONG KONG Network and Platform Security Standard
CITY UNIVERSITY OF HONG KONG Network and Platform Security Standard (Approved by the Information Strategy and Governance Committee in December 2013) INTERNAL Date of Issue: 2013-12-24 Document Control
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationHIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures
HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures Don Hewitt and Chris Goggans March 1, 2001 Copyright 2001 by Security Design International, Inc. 1 Agenda The Proposed Rule
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More information- Introduction to PIX/ASA Firewalls -
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
More informationNetwork Security. Mike Trice, Network Engineer mtrice@asc.edu. Richard Trice, Systems Specialist rtrice@asc.edu. Alabama Supercomputer Authority
Network Security Mike Trice, Network Engineer mtrice@asc.edu Richard Trice, Systems Specialist rtrice@asc.edu Alabama Supercomputer Authority What is Network Security Network security consists of the provisions
More information