1 DATA SECURITY MANAGEMENT INTERNET SECURITY ARCHITECTURE Carol A. Siegel INSIDE Why is Architecture Important?, What is Architecture and How is it Created?, The Importance of Business Requirements, The Purpose of a Demilitarized Zone (DMZ), An Example of a Demilitarized Zone (DMZ) Architecture, How to Make an Architecture Successful, Selling the Architecture. WHY IS ARCHITECTURE IMPORTANT? Architecture is the art or science of building, including plan, design and construction. 1 Architecture as it relates to physical structures has perhaps been best illustrated by such ancient marvels as the Stonehenge or the Pyramids, however, architecture as it relates to technology is still an extremely young field. With the proliferation of computers and the advent of distributed computing, technology architecture started to gain recognition as a discipline within corporate America in the 1980s. As the computer industry matured mainframes giving birth to minis and micros, and network interconnectivity starting to play a more significant role, choices in technology were not so simple. It became more challenging for a large company to remain true to one vendor, whether for hardware, software, or telecommunications. As computing infrastructures in medium- to large-size companies became increasingly diverse, interoperability problems were the first to surface. Often, when two vendors products were used, they did not work. Sometimes vendors wanted to constrain customers to their products (in certain cases this might have been true), or it was a situation of products not operating by the same standards. Good architecture becomes the first means by which technologists ensure compatibility between tech- PAYOFF IDEA Security architecture is critical when conducting electronic commerce. To protect an organization s information assets, strong security, designed for the entire enterprise, has become the hot focus. As individual business units interoperate and communicate security credentials across business lines, security solutions now effect the entire organization. The infrastructures required to support these security solutions must fit the business requirements and be based on technology platforms that will work in the future. Good security architecture can help in the design of one global solution that will provide for secure communications for your Internet, intranet, and extranets. 06/98 Auerbach Publications 1999 CRC Press LLC
2 nology platforms. This leads to the inevitable question: Why is architecture important? To illustrate its importance, consider a large company: what might happen if each business unit wanted to make their own technology choices, independent of each other? Under this scenario, each unit does their own R&D, implements, administers, and supports their own specific solution. What may result is different platforms, technologies, and industry standards. Costs may be significantly more than if the whole organization provided a standard solution. With individual solutions, there may be compatibility and interoperability issues, not to mention eventual replacement and unwind costs. The kinds of security issues that are being resolved today involve solutions that affect the entire enterprise. For example, take the use of a Public Key Infrastructure (PKI), which is used to provide digital certificates to entities to ensure strong authentication. This type of a solution will only work if all businesses in the organization participate. Other reasons involve risks associated with making a bad choice one that might expose a vulnerability from inadequate security going to a technology that is based on proprietary not open standards, using a vendor that cannot provide adequate support or just goes out of business. For example, by standardizing on APIs, application portability is achieved; by standardizing on protocols or tokens (X.509 Certificates, Kerberos Tickets, any defined data structure) one achieves implementation interoperability; by standardizing on all of the above, one achieves implementation replaceability of products. In fact, in terms of bang for the buck for information risk management, architecture will always be the best choice, as illustrated in Exhibit 1. WHAT IS ARCHITECTURE AND HOW IS IT CREATED? In general, the objective of architecture is to provide a framework that allows products to be assembled quickly and seamlessly permitting the old and the new to interoperate. Client/server, legacy, and distributed systems must bond into a uniform processing machine on a network that enables ubiquitous communications. The enterprise architecture should provide a vehicle for information sharing and promote component reuse. The enterprise architecture can be discussed on four different levels: business, information, application, and technical architectures. These are considered to be horizontal architectures, while security architecture is a vertical architecture contributing to each of these efforts. Security in the business architecture concerns system ownership, business risks, correct deployment of security services in accordance with business risks, and separation of duties. Security in the information architecture concerns information risk management and data risk assessment. Information risk assessments should be conducted on all data, which should be classified according to sensitivity or business confidentiality. Any inherent risk in
3 EXHIBIT 1 Where the Risk Dollar Should Be Spent The cost of security is rising exponentially as technology becomes more sophisticated and ubiquitous Allocation of risk dollars must be carefully targeted where they yield the most benefit Businesses must decide where they are prepared to accept risk Business Continuity Administration Tools Controls/Assessments Architecture the technology, as well as operation risk, should also be assessed. Security in the application architecture includes placement of mechanisms such as identification and authentication, access control, audit, cryptographic, nonrepudiation, and administration. It is at the application layer we talk about APIs. This article focuses on the technical architecture. An enterprise architecture should be based on a company s information risk and security policies, but should be tempered by business requirements. The security and risk policies are normally determined by policy committees and can have input from other corporate entities such as audit, compliance, and a corporate communications function. The policies should be technology independent and high level in nature. Based on the policies, more specific technical standards can be written to guide the implementation of the policies. The technical standards should address key technologies and industry standards, but still attempt to be product independent. Both the policies and standards provide input into the architecture. From the architecture, specific products can be determined. Exhibit 2 illustrates the architecture creation process: THE IMPORTANCE OF BUSINESS REQUIREMENTS All architectures must be based on business requirements, which can be different for each organization. They can also vary tremendously from unit to unit within the same organization. The first step in designing any architecture is to collect business requirements. This may seem simple,
4 EXHIBIT 2 Architecture Creation Process Business Requirements Information Security Policies Technology Standards Security Architecture Senior Management Technology Risk Management Enterprise Architecture Security Architecture but it can be the most challenging step. Either by interview or by asking units to submit requirements immediately raises questions about how the requirements should be articulated. Simply put, business people talk about requirements in business terms and security professionals talk about requirements in terms of security services. The seven security services are defined in Exhibit 3. In general, the two perspectives of business requirements are quite different. Businesspeople want to know what products meet their business needs while satisfying the policy people. Their concerns often do not involve (nor do they care particularly) about the information risk level of the data or how each security service is provided. These two perspectives are illustrated in Exhibit 4. When talking to business people, one might hear requirements such as the following: EXHIBIT 3 Security Services 1. Access control. The prevention of unauthorized use of a resource. 2. Authentication. Verifying the identity of an individual or entity in order to determine the right to access specific categories of information or services. 3. Confidentiality. The prevention of unauthorized disclosure of information. 4. Integrity. The prevention of unauthorized modification or destruction of information. 5. Nonrepudiation. The process that prevents someone from denying initiation and/or receipt of a message/transactijon. 6. Audit. The performance of monitoring and independent review of system records, operational procedures and system activities to test for the adequacy of controls, and compliance with policy. 7. Availability. Ensuring that information resources and/or computing services are usable by authorized persons or programs when needed.
5 EXHIBIT 4 Perspectives: Business Vs. Security Technologist s Business Perspective Business Requirements Product Sets Versus Security Technologist's Perspective Business Requirements Information Risk Security Requirements Technical Architecture Product Sets We need to exchange documents/files with our clients, prospective clients, our business partners and suppliers in a secure way. We need to be able to give our clients the ability to place orders and receive confirmations remotely over the Internet. We need to enable our portfolio managers to remotely manage their clients portfolios. We would like to be required to login only once to our company s systems via the Web and able to access all of our company s internal databases without having to login a second time. We would like to provide for end-to-end security (from client to back-end data) when performing financial transactions over the Internet. Both business and security professionals agree, however, that there are fundamental technology business drivers. A framework of solid business controls will help minimize financial losses and damage to reputation. Facilitating secure communications between clients and the enterprise will enable new business and permit business to be conducted location independently. An architectural strategy will aid the building of global business, increase market share, and reduce technology cost, while improving availability of information. At the same time, confidentiality and the integrity of client data can be maintained. The business requirements must be translated into security requirements before the architecture is built. Solutions for classes of require-
6 EXHIBIT 5 Business Requirements: Their Relative Risk Level and Security Service Provided Security Service Required Business Requirement Risk Level of Data Access Control Authentication Confidentiality Integrity Non-Repudiation Audit Availability 1 View/Query non-sensitive, non-client L Y Y Y information 2 Sales/Marketing information L Y Y Y 3 Client query of research data M Y Y Y Y Y 4 Client use of analytical tools M Y Y Y Y Y 5 View/Query client information H Y Y Y Y Y Y 6 Update client information H Y Y Y Y Y Y Y ments can be found, which can be categorized on a high, medium, or low information risk level of data. Examples of each of the risk levels of data is given in Exhibit 5. The security technologist goes through more steps to arrive at the desired product solution. He starts with the business requirements and does an information risk assessment of the business data. This determines whether the data is high-, medium-, or low-risk and which security services are required (e.g., strong authentication, nonrepudiation). The risk assessment then translates into security requirements that define the technical architecture. Out of the technical architecture comes the product set solutions. THE PURPOSE OF A DEMILITARIZED ZONE (DMZ) Taken from the military term, a demilitarized zone or DMZ, is used to refer to any kind of screened subnetwork placed between an internal network (i.e., a corporate network) and the Internet. The screening of the subnet is generally achieved by a dual firewall architecture, which can include elements such as bastion hosts and choke routers as well as commercial firewall boxes. The purpose of the firewalls is to provide controlled access to/from the DMZ from both the Internet as well as the corporate or trusted network. A DMZ architecture creates three distinct areas to which access is controlled by the rules set by the firewalls. A typical firewall architecture for a DMZ is illustrated in Exhibit 6. The left area labeled Internet provides no protection to systems located in it. This area is defined as accessible to and by the general public. All systems and data located in the Internet area are assumed to be insecure and potentially compromised. Any information placed on systems in
7 EXHIBIT 6 A Firewall Architecture for a DMZ External Firewall Internal Firewall Web Browser Web Browser Web Browser Web Server Web Server Web Server Oracle / Sybase Server Oracle / Sybase Server Oracle / Sybase Server Internet Demilitarized Zone (DMZ) Intranet the Internet area must be low risk, that is, not be sensitive, critical, confidential or proprietary in nature. The Internet area is typically used for public Web services or any type of public application services a company may want to provide to the Internet community. The middle area, labeled DMZ, is used to house systems that can provide data and application services to clients of the company via the Internet. Any client application placed in the DMZ affects other systems that reside in the DMZ in terms of overall risk. If one application is compromised in the DMZ, others are exposed to increased risk. These considerations must be taken into account when designing DMZ systems and determining the viability and potential liability of client data that reside there. However, in general, both the Internet and DMZ areas are to be considered part of the Internet; only low risk data may be transmitted through or stored in these areas without additional security controls. The right area, labeled Internal, represents the corporate or trusted network. All systems and hosts in this area are considered to be fully protected and secured according to company security policies and standards. The three areas are controlled by the external and internal firewalls, which protect and restrict access to/from the DMZ. The primary role for the external firewall is to provide controlled access by providing packet filtering rules as well as additional authentication to systems located in the DMZ. This firewall is configured to allow only those systems and services that reside in the DMZ to pass into company network. The internal firewall has a dual function. The first is to protect the Internal network from any unauthorized external access. The second is to protect those hosts and applications residing in the DMZ from any unauthorized access by internal company users. To meet additional future needs, the DMZ can be divided into several segments to provide additional segregation between applications and areas pertaining to different clients.
8 Some general rules for configuring a firewall are: That which is not explicitly allowed is denied. All services that pass through a company s firewall systems must be specifically allowed. No network packet is allowed to enter or leave the company network without first being inspected by the firewall. Only those services that can be secured will be allowed to traverse the firewall. All inbound and outbound traffic from the corporate network must be explicitly allowed and defined by source and destination addresses, protocol, port, and service type. All other undefined traffic is denied. All inbound network traffic from an external source first must be initiated by a host from within the internal network before the network packet is allowed to traverse the firewall. All inbound traffic that has not been initiated from within the Internal network is denied. AN EXAMPLE OF A DEMILITARIZED ZONE ARCHITECTURE So what does an architecture really look like? It will have an implementation model that shows technical components (such as browsers, servers, and certification authorities), how these components talk to one another, and where they physically reside, whether on an internal network, a DMZ, or the Internet. It will contain the characteristics of the model and discuss the flow of a typical message through the architecture. It also should include what level of information risk the data flowing through it can have and how the model addresses the information security services. An example of a security architecture for a DMZ configuration is shown in Exhibit 7. Exhibit 7 represents a three-tier architecture that can support high risk data. The heart of the architecture is end-to-end security, achieved between Tiers 1 and 3. Additionally, transport layer security is achieved between Tiers 1 and 2 and between Tiers 2 and 3. The path of a request through the architecture is as follows: 1. A secure transport layer is established between Tiers 1 and 2 using Transport Layer Security (SSL). This establishes mutual identification and authentication as well as data confidentiality and integrity. 2. The browser sends a request to the Web server in the DMZ. 3. The request is digitally signed and enciphered by the user. 4. The Web server passes or rejects the request based on the identity established by the transport layer security. 5. If accepted, another secure transport layer is established between Tiers 2 and 3, also using SSL (or some other transport layer security protocol).
9 EXHIBIT 7 Security Architecture for a DMZ Tier 1 Tier 2 Tier 3 Web Browser Signs & Enciphers Request Web Server Oracle / Sybase Server Passes or Rejects Request Signature Verifies & Deciphers Request Processes Request Signature Verifies & Deciphers Response Signs & Enciphers Response Internet Demilitarized Zone (DMZ) SSL-Transport Layer Security End-to-End Security Intranet 6. The request is passed to an application server (Oracle or Sybase), which signature verifies and deciphers the request. Note that there may be other required steps for processing not indicated on this diagram. 7. The application server processes the request and signs and enciphers the response. 8. The response is passed back to the Tier 2 Web server and then to the Web browser, both over a secure transport layer links. 9. The Web browser signature verifies and deciphers the response, thereby achieving end-to-end security. With this model, mutual authentication, confidentially, integrity, and access control are achieved from end to end. As this model represents a security architecture view, products must be found or developed that provide these functionalities. The marketplace is quite close to providing commercial off-the-shelf (COTS) products to fit this model, but in some cases, some custom development must be undertaken. In general, implementing a COTS products will ready the architecture more quickly, but building custom components will give an organization some competitive advantage. HOW TO MAKE AN ARCHITECTURE SUCCESSFUL Creating a master project plan is always advisable when undertaking such a monumental task as developing and implementing a security ar-
10 chitecture. There are tasks that need to happen serially and those that need to happen in tandem. High-level tasks of such a project plan would most likely include the following: 1. Assemble a team of cross-business representatives. The team must include both technologists and business people, which gives a more complete perspective. This group should make all the major decisions, thereby inherently giving buy-in to any conclusions. Funding should come in part from each business unit and in part from the central infrastructure group. 2. Determine the scope of the project. Decide if the architecture will be for the Internet, an intranet, or an extranet, or all of the above. Decide if the architecture is to last one or five years. Decide if the architecture is to be based on any given infrastructural choices on which the organization has already made a sizable investment. 3. Gather the cross-business requirements. Gather the requirements in business terms, helping the team to focus on like categories of requirements. Translate the business requirements into security terms, because the products must meet the security requirements. 4. Design a security architecture that meets the security requirements. Base solutions on open standards: Internet Engineering Task Force (IETF), Object Management Group (OMG), the OpenGroup, and other standards that are on a standards track to ensure that the architecture is interoperable and compatible with other technologies and products. Base solutions on official corporate technology policies and standards. Choose one or two businesses with a current and pressing need for the architecture and work with them to develop a solution that will fit their needs. 4. Develop an implementation plan for the architecture. Develop two or three business-specific implementation architectures that map to the general architecture. Identify all common components and services to be reused. These components and services may already be in existence or may have to be built. Evaluate and select the actual products to implement the architecture and custom build any components that are not COT products. Discuss the implications of deploying a technology that is not one of the core infrastructural choices. Discuss any unwind costs or technical transition/migration issues.
11 Develop specific implementation road maps (timelines to implement specific technologies) for any infrastructure service or reusable component. Develop critical path diagrams (Gantt Charts) to show which tasks must occur in tandem, and which serially. Include all start dates and end dates to determine windows of availability for products and components. The final document should also include a discussion of the legalities of privacy as well as the export of encryption (international vs. domestic). Products that use encryption are subject to specific export controls by the U.S. Department of Commerce (DOC). The controls center around the length of the encryption key and who is the designated user of the encryption (such as name and country). These names must be registered/verified with the DOC twice per year. Export controls also vary depending on requesting institution. In the past, financial institutions have been given more flexibility. In general, these laws may change quickly because financial services organizations are being redefined. There also may be issues with data privacy laws covering the monitoring of individuals in Germany, Scandinavia, Singapore and some other countries as well. Other issues may surface with the forthcoming European Privacy Directive. For example, France does not permit the use of any encryption unless it is with permission. There may be restrictions from the People s Republic of China and Russia as well as some type of process requirement from Singapore. These restrictions/laws need to be investigated, and if possible, attorneys should determine the most current laws and regulations. SELLING THE ARCHITECTURE Measurable benefits must be identified to cost justify the architecture. Show dollar values where at all possible. Generally, the benefits fall into three categories: 1. Business enablements. Typical business enablements that may result from a security architecture might be: secure financial transactions over the Internet, single sign-on to multiple Web servers, secure communications with clients via or FTP, strong authentication of clients from any location or any machine, and secure remote client portfolio management by salesforce. 2. Cost savings. Typical cost savings might be: electronic delivery of services (sales, fulfillment, and support), reuse of infrastructure services, and
12 reuse of software components. 3. Cost avoidance: This category is the hardest to quantify, but include: Elimination of redundant architectural efforts R&D and tools evaluation analysis of security risks and countermeasures performed by information risk and security professionals Risk reduction resulting from single architectural effort information risk audit findings Centralization of resources (architectural implementation, required infrastructure, security administration, security monitoring, standards research and analysis) Unwind costs of bad technology choices: nonstandard, noninteroperable, etc. The final architecture document should include a matrix that maps the solutions back to the original business requirements to close the loop. This is critical: it shows how the architecture meets the requirements on a one-by-one basis. Now, to really sell the architecture, put on a roadshow with a fancy presentation illustrating all the key benefits; getting buy-in from key senior players. Nothing sells like how to save money!! Carol A. Siegel is a vice president of JP Morgan s Internet & Security Architecture group. Carol is responsible for setting Morgan s strategic direction with respect to Internet security, and most recently has led a major Internet security architectural development effort at Morgan. Carol has an undergraduate degree in Systems Analysis Engineering and an MBA in Computer Applications. Note 1. Webster s.
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
Xerox SMart esolutions Security White Paper 1 Xerox SMart esolutions White Paper Network and data security is one of the many challenges that businesses face on a daily basis. Recognizing this, Xerox Corporation
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture
3117 NETWORK ARCHITECTURE STANDARD OWNER: Security Management Branch ISSUE DATE: 10/25/2011 DISTRIBUTION: All Employees REVISED DATE: 7/1/2013 SECTION 1: INTRODUCTION The California Department of Technology
REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,
LOGIIC Remote Access June 2015 Final Public Report Document Title LOGIIC Remote Monitoring Project Public Report Version Version 1.0 Primary Author A. McIntyre (SRI) Distribution Category LOGIIC Approved
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
51-30-10 Selecting a Firewall Gilbert Held Payoff Although a company may reap significant benefits from connecting to a public network such as the Internet, doing so can sometimes compromise the security
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology email@example.com Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting
Security for Application Service Providers Overview Outsourcing is nothing new. Time sharing services for data processing have been around for some time. EDI applications have been at least partially outsourced
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: firstname.lastname@example.org
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company IT Security and Compliance Program Plan for Maxistar Medical Supplies Company IT Security and Compliance Program for PCI, HIPAA
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
Information Security Network Connectivity Process Handbook AS-805-D September 2009 Transmittal Letter A. Purpose It is more important than ever that each of us be aware of the latest policies, regulations,
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
FIREWALL ARCHITECTURES The configuration that works best for a particular organization depends on three factors: The objectives of the network, the organization s ability to develop and implement the architectures,
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
Video Conferencing and Security Using the Open Internet and Encryption for Secure Video Communications & Guidelines for Selecting the Right Level of Security for Your Organization 1 Table of Contents 1.
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
White Paper Securing and Integrating File Transfers Over the Internet While the integrity of data during transfer has always been a concern the desire to use the Internet has highlighted the need to secure
Page 1 de 9 What Is the Java TM 2 Platform, Enterprise Edition? This document provides an introduction to the features and benefits of the Java 2 platform, Enterprise Edition. Overview Enterprises today
Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
PCI Compliance Report Fri Jul 17 14:38:26 CDT 2009 YahooCMA (192.168.20.192) created by FireMon This report is based on the PCI Data Security Standard version 1.2, and covers control items related to Firewall
Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
Firewall and Router Policy Approved By: \S\ James Palmer CSC Loss Prevention Director PCI Policy # 1600 Version # 1.1 Effective Date: 12/31/2011 Revision Date: 12/31/2014 December 31, 2011 Date 1.0 Purpose:
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
Audit Report Judiciary Judicial Information Systems November 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
Lesson 5: Network perimeter security Alejandro Ramos Fraile email@example.com Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
87-10-17 DATA SECURITY MANAGEMENT EXTRANET SECURITY: WHAT S RIGHT FOR YOUR BUSINESS? Steve Trolan INSIDE What Is an?, Business Basics, Security Components, Types of s, Case Study, Conclusion It has been
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY...
Technical Proposition ADAM Software NV The global provider of media workflow and marketing technology software ADAM Software NV adamsoftware.net firstname.lastname@example.org Why Read this Technical Proposition?
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL