Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
|
|
- Cecil Rice
- 8 years ago
- Views:
Transcription
1 Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco
2 Vendor offers a remote firmware update and PLC programming. Contractor asks for access to SCADA from pipeline pump station Available industrial security guidelines do not detail Secure Access 2
3 Agenda Risks and Benefits Secure Remote Access into an IACS Secure Local Access into an IACS Secure Direct Access enabled by NAC Summary 3
4 Remote and Local Access Parties Authorized employees, contractors, vendors External Security Center Standalone Remote Embedded Device Remote Center And others. Do not forget Portable Storage Media 4
5 Cyber Security Risks Unauthorized/Unknown Access Inability to Limited Access Malicious and Mobile Code Accidental Misconfiguration Disgruntled Insiders 5
6 Business Risks Loss of Revenue Unanticipated Costs Fines Due to Violation of Legal and Regulatory Requirements Safety Incident Adverse Press Coverage 6
7 7
8 Level 4 Cisco Secure Architecture for IACS ISA SP95 and SP99 Si Si Corporate/ Business Network VPN/SSL Concentrator Internet/ Intranet/ PSTN/WAN Level 5 Level 3.5 (DMZ) LAN/WAN ASA 5500 Cisco Security Manager Access Server CS-MARS Level 3 Level 2 Level 1 Level 8 0 8
9 Business Benefits Reduce Total Cost of Ownership Improve Operational Efficiency Low-cost External Manufacturing and Engineering Support Mobile Workers Reduce Errors of Manual Input Regulatory Compliance: Logging, Audit and Reporting of Access Attempts 9
10 Agenda Risks and Benefits Secure Remote Access into an IACS Secure Local Access into an IACS Secure Direct Access enabled by NAC Summary 10
11 11
12 DMZ Principles Disconnect Point Terminal Services Patch Mgmt. AV Server Decryption and Inspection L2 Segmentation (PVLANS) Historian Web Services Operations No Pass Through Direct Traffic Disconnect Point 12
13 Other DMZ considerations of RA Client Less VPN Role Based Access Bandwidth Adjustment Intrusion Protection Split tunneling should be avoided RDP Session Recording (metadata analytics) 13
14 Options of Secure Remote Access Type 1: SSL VPN and WEB Portal Type 2: Service-Oriented RA Type 3: Corporate IT best-practice RA 14
15 DMZ Architecture for unmanaged devices Type 1. SSL VPN/Web portal TS Emulation by ASA Corporate Network DMZ VLAN 1 DMZ VLAN 3 DMZ VLAN 4 Adaptive Security Appliance (ASA) Network 15
16 DMZ Architecture for unmanaged devices Type 1. SSL VPN/Web portal No need for a Terminal Server Only SSL VPN mode Protocols doesn t pass through a DMZ firewall Available Single SignOn Terminal Session is not captured 16
17 DMZ - Exteneded control for unmnaged access Type 2. Service-Oriented RA Virtualized Machines Server Role-based VLAN Mapping Corporate Network 802.1q (VLAN 2,3,4) DMZ VLAN q (VLANs 2,3,4,5,6) Adaptive Security Appliance (ASA) DMZ VLAN 6 Network 17
18 DMZ - Extended control for unmanaged access Type 2. Service-Oriented RA IPSec and SSL VPNs All types of Authentication Granular Role-based Access Model Session Recording Single SignOn available (for TS Access) 18
19 DMZ Enhanced Architecture Type 3. Corporate IT RA Virtualized Machines Server Corporate Network 802.1q (VLAN 2,3,4) DMZ VLAN q (VLANs 2,3,4,5,6) Adaptive Security Appliance (ASA) DMZ VLAN 6 Network 19
20 DMZ Enhanced Architecture Type 3. Corporate IT RA Enhanced and adjusted version of Type 2 Corporate IT VPN Security Best Practice Security Policy Enforcement Quarantine and Remediate Managed and Unmanaged Endpoints 20
21 Agenda Risks and Benefits Secure Remote Access into an IACS Secure Local Access into an IACS Secure Direct Access enabled by NAC Summary 21
22 Level 4 Secure Local Access into an IACS Type 1. VPN-Based Local Access Si Si Corporate/ Business Network VPN/SSL Concentrator Level Corporate Applications 5 Unified Communications Level 3.5 (DMZ) LAN/WAN ASA 5500 Cisco Security Manager Access Server IPSec / SSL VPN Tunnel CS-MARS Level 3 User Traffic Level 2 Level 1 Level 220 Quality of Service Virtualization User Web-based authentication Dynamic ACL (IPSec and SSL only) Rate-Limit and QoS Enforcement 22
23 Secure Local Access into an IACS Type 2. Web-Portal Based Local Access Level 3 Multiple Functional Subzones Level 2 Remote Access VLAN to ASA ports interconnect low-speed WAN Production Supervisory Optimizing HMI Historian Site Operations and Supervisory Engineering Station HMI Area Supervisory Remote Zone Terminal Services/VNC Traffic Port Security QoS Smart Ports 23 Level 1 Level 0 Batch Discrete Optional Firewall and IDS Continuous Web-Portal / SSL VPN Terminal Services/VNC Emulation Hybrid Basic Process
24 Agenda Risks and Benefits Secure Remote Access into an IACS Secure Local Access into an IACS Secure Direct Access enabled by NAC Summary 24
25 Secure e Direct Access into an IACS Network Admission Level 3 Multiple Functional Subzones interconnect low-speed WAN Client Authentication Production Optimizing Historian Engineering Station Site Operations and Remote Zone Level 2 Supervisory HMI Supervisory HMI Area Supervisory Port Security QoS Smart Ports Level 1 Level 0 Batch Discrete Optional Firewall and IDS Continuous Hybrid Direct Access Traffic Basic Process 25
26 Network Admission (NAC) Authenticates clients (users and devices) before allowing network (wired/wireless) access Checks client devices for security policy compliance Running HIPS (e.g. CSA), AV, patch current? Clients that fail posture assessment placed on remediation VLAN Helps prevent infection of ICS by mobile devices NAC Profiler identifies devices and enforces roles PLC? Vendor laptop? Employee? Network admin? Role based VLAN assignment Appropriate for both DMZ (Remote access) and Zone (local access) 26
27 NAC Components The Appliance Deployed out of band in CZ for device and user role enforcement Deployed in band in DMZ to enforce remote access user roles NAC Profiler Collector runs on NAC Appliance The Profiler Server Resides in DMZ, works with multiple NAC Appliances The Manager Resides in DMZ, controls multiple NAC Appliances Device & user profiles specified on NAC Manager 27
28 NAC Profiler: Automated Profiling of Devices NAC Profiler PCs Non-PCs CZ Devices Printer AP PLC Discovery Monitoring Endpoint Profiling Discover all network endpoints by type and location Maintain real time and historical contextual data for all endpoints Behavior Monitoring Monitor the state of the network endpoints Detect events such as MAC spoofing, port swapping, etc. Automated process populates devices into the NAC Manager; and subsequently, into appropriate NAC policy 28
29 NAC Profiler Components NAC Profiler Server Aggregates all data from Collectors and manages database of endpoint information. Updates the Cisco NAC Appliance Manager, where roles are applied. Collector NAC Collector Gathers information about endpoints using SNMP, Netflow, DHCP, and active profiling Co resident with NAC Appliance Server 29
30 NAC Profiler Collector (NPC) Gathers information about the endpoints associated with that NAC Appliance (CAS) Information gathered includes data from SNMP, Network Traffic Analysis, and/or Active Profiling It s a PLC! Distributed Collector model allows many NPCs to work with a single NAC Profiler Server (NPS) NPC resides on NAC Appliance (CAS) 30
31 NAC Profiler and Collector Remote Location NAC Manager NAC API NAC Profiler Server (NPS) SPAN NAC Appliance with Collector (NPC) AAA Server May not be a DMZ Windows AD 31
32 In-Band NAC Deployment for Remote Access NAC Appliance deployed in-line between ASA and Switch Remote users authenticate to ASA, e.g. via SSL VPN NAC Appliance then enforces user role by granting user access to appropriate VLANs and preventing access to others. This would be the NAC deployment model in the DMZ where remote access to the control systems network is controlled. ASA NAC Appliance Protected DMZ Protected resources Resources in the DMZ 32
33 NAC Deployment Guidelines for IACS Profiler Guidelines Profile creation not trivial Easy when you have similar devices (ports, protocols) Architecture/Design Practice Out of band placement of the appliances (DMZ, Enterprise) In band placement problems and lessons Others Cost issues Configuration 33
34 Agenda Risks and Benefits Secure Remote Access into an IACS Secure Local Access into an IACS Secure Direct Access enabled by NAC Summary 34
35 Key takeaways Secure Access provides a clear value for organizations Different Secure Access options available to fit various needs NAC Enables Security for a Direct Access 35
36 36 THANK YOU...
Secure Access into Industrial Automation and Control Systems Best Practice and Trends
Secure Access into Industrial Automation and Systems Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Collaborating to Advance System Security Vendor offers a remote firmware update and
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationEvaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco
More informationThis chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview
This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview Deployment models C H A P T E R 6 Implementing Network
More informationScalable Secure Remote Access Solutions
Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,
More informationSecuring the Connected Enterprise
Securing the Connected Enterprise ABID ALI, Network and Security Consultant. Why Infrastructure Matters Rapidly Growing Markets Global Network Infrastructure and Security Markets 13.7% CAGR over the next
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationThe Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationT46 - Integrated Architecture Tools for Securing Your Control System
T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationRemote Vendor Monitoring
` Remote Vendor Monitoring How to Record All Remote Access (via SSL VPN Gateway Sessions) An ObserveIT Whitepaper Daniel Petri March 2008 Copyright 2008 ObserveIT Ltd. 2 Table of Contents Executive Summary...
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationManaging Enterprise Security with Cisco Security Manager
Course: Managing Enterprise Security with Cisco Security Manager Duration: 5 Day Hands-on Lab & Lecture Course Price: $ 3,395.00 Learning Credits: 34 Description: The Managing Enterprise Security with
More informationData Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement
Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationAchieving Secure, Remote Access to Plant-Floor Applications and Data
Achieving Secure, Remote Access to Plant-Floor Applications and Data Abstract To increase the flexibility and efficiency of production operations, manufacturers are adopting open networking standards for
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationCisco ASA. Administrators
Cisco ASA for Accidental Administrators Version 1.1 Corrected Table of Contents i Contents PRELUDE CHAPTER 1: Understanding Firewall Fundamentals What Do Firewalls Do? 5 Types of Firewalls 6 Classification
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationToday's security needs in networking
Today's security needs in networking Besoins actuels de la sécurité réseau European partner summit Thursday, October 13, 2005 Hervé Schauer Hervé Schauer Agenda Firewalls Liability
More informationAUP28 - Implementing Security and IP Protection
AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationLatest IT Exam Questions & Answers
DumpKiller Latest IT Exam Questions & Answers http://www.dumpkiller.com No help, Full refund! Exam : 210-260 Title : Implementing Cisco Network Security Vendor : Cisco Version : DEMO 1 NO.1 Which address
More informationNetwork Access Security It's Broke, Now What? June 15, 2010
Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's
More informationNetwork Security Trends & Fundamentals of Securing EtherNet/IP Networks
Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"
More informationUsing Ranch Networks for Internal LAN Security
Using Ranch Networks for Internal LAN Security The Need for Internal LAN Security Many companies have secured the perimeter of their network with Firewall and VPN devices. However many studies have shown
More informationNetwork Virtualization
. White Paper Network Services Virtualization What Is Network Virtualization? Business and IT leaders require a more responsive IT infrastructure that can help accelerate business initiatives and remove
More informationTowards End-to-End Security
Towards End-to-End Security Thomas M. Chen Dept. of Electrical Engineering Southern Methodist University PO Box 750338 Dallas, TX 75275-0338 USA Tel: 214-768-8541 Fax: 214-768-3573 Email: tchen@engr.smu.edu
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationSolutions for admission control and data loss prevention in a modern corporate network
Solutions for admission control and data loss prevention in a modern corporate network 15 th Finance Tech Forum Yasen Spasov Sales & Pre-sales Manager Executive Summary Founded in 1995 Subsidiary of INTRACOM
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More information(d-5273) CCIE Security v3.0 Written Exam Topics
(d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please
More informationAPPENDIX 3 LOT 3: WIRELESS NETWORK
APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop
More informationSSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x
SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x Introduction The Managing Enterprise Security with Cisco Security Manager (SSECMGT) v4.0 course is a five-day instructor-led course
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationEnforcing PCI Data Security Standard Compliance
Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security & VideoSurveillance Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 The
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationOverview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A
Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What is NetFlow? Network protocol originally developed by Cisco
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationSOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect Nate.Isaacson@cdw.com
SOSPG2 Implementing Network Access Controls Nate Isaacson Security Solution Architect Nate.Isaacson@cdw.com Offer Pa Agenda The BYOD Challenges NAC terms The Big Picture NAC Solutions and Deployment What
More informationMobile Network Access Control
Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices
More informationSNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab
Length 5 days Format Lecture/lab Version 3.0 SNRS Course Description SNRS 1.0 is a 5-day, lab-intensive course that provides the knowledge and skills needed to secure Cisco IOS router and switch networks.
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationCCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554)
CCNA Security Öngereksinimler: CCNA http://www.cliguru.com/ccna Kurs Tanımı: CCNA Security network'ün temellerini anlamış olan katılımcılara network güvenliği hakkında temel bilgi sağlamaya yönelik hazırlanmış
More informationCisco Small Business ISA500 Series Integrated Security Appliances
Q & A Cisco Small Business ISA500 Series Integrated Security Appliances Q. What is the Cisco Small Business ISA500 Series Integrated Security Appliance? A. The Cisco Small Business ISA500 Series Integrated
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationCredit Card Secure Architecture for Interactive Voice Response (IVR) Applications
Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications What You Will Learn This whitepaper describes how to meet the Payment Card Industry Data Security Standard (PCI DSS) for
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationNetwork Security. Mike Trice, Network Engineer mtrice@asc.edu. Richard Trice, Systems Specialist rtrice@asc.edu. Alabama Supercomputer Authority
Network Security Mike Trice, Network Engineer mtrice@asc.edu Richard Trice, Systems Specialist rtrice@asc.edu Alabama Supercomputer Authority What is Network Security Network security consists of the provisions
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title
Introduction The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and the new 210-260
More informationCheck Point NAC and Endpoint Security Martin Koldovský SE Manager Eastern Europe mkoldov@checkpoint.com
Check Point NAC and Endpoint Security Martin Koldovský SE Manager Eastern Europe mkoldov@checkpoint.com NAC is Here to Enforce identity-based access policies Control who is accessing what Prevent guests
More informationCisco Wide Area Application Services (WAAS) Software Version 4.0
Cisco Wide Area Application Services () Software Version 4.0 Product Overview Cisco Wide Area Application Services () is a powerful application acceleration and WAN optimization solution that optimizes
More informationConfigure ISE Version 1.4 Posture with Microsoft WSUS
Configure ISE Version 1.4 Posture with Microsoft WSUS Document ID: 119214 Contributed by Michal Garcarz, Cisco TAC Engineer. Aug 03, 2015 Contents Introduction Prerequisites Requirements Components Used
More informationSecuring Networks with Cisco Routers and Switches (642-637)
Securing Networks with Cisco Routers and Switches (642-637) Exam Description: The 642-637 Securing Networks with Cisco Routers and Switches exam is the exam associated with the CCSP, CCNP Security, and
More informationNetwork Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway
PLANET Product Guide 2011 Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your
More informationCisco Router and Security Device Manager (SDM)
Cisco Router and Security Device Manager (SDM) Session Number 1 Cisco SDM: Combining Ease Of Use & Application Intelligence Cisco SDM is an intuitive, web-based tool for Easy and Reliable Deployment and
More informationPolicy Based Networks in Process Control Design and Deployment Techniques. Steve Hargis Enterasys Networks
Policy Based Networks in Process Control Design and Deployment Techniques Steve Hargis Enterasys Networks The Evolving Process Control Network Significant increase in use (and dependencies) on standards-based
More informationCisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems
Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationCisco TrustSec How-To Guide: Planning and Predeployment Checklists
Cisco TrustSec How-To Guide: Planning and Predeployment Checklists For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents...
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationBypassing Network Access Control Systems
1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution
More informationTechnical Brief: Virtualization
Technical Brief: Virtualization Technology Overview Tempered Networks automates connectivity and network security for distributed devices over trusted and untrusted network infrastructure. The Tempered
More informationPrint4 Solutions fully comply with all HIPAA regulations
HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer
More informationTo participate in the hands-on labs in this class, you need to bring a laptop computer with the following:
Course: Deploying Cisco ASA VPN Solutions Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Learning Credits: 35 Description: The Deploying Cisco ASA VPN Solutions (VPN) v2.0 course is a
More informationCisco Certified Network Expert (CCNE)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Network Expert (CCNE) Program Summary This instructor- led program with a combination
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationCisco TrustSec Solution Overview
Solution Overview Cisco TrustSec Solution Overview 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents Introduction... 3 Solution Overview...
More informationF5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France
F5 Identity and Access Management (IAM) Overview Laurent PETROQUE Manager Field Systems Engineering, France F5 s Security Strategy Protect Apps/Data Wherever They Reside Control Access to Apps/Data from
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network security strategy to meet new threats and simplify IT security operations
WHITEPAPER An Adaptive Approach to Network Security Evolve your network security strategy to meet new threats and simplify IT security operations Frank Andrus CTO, Bradford Networks Executive Summary...
More informationMOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES
MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single
More informationC H A P T E R Management Cisco SAFE Reference Guide OL-19523-01 9-1
CHAPTER 9 The primary goal of the management module is to facilitate the secure management of all devices and hosts within the enterprise network architecture. The management module is key for any network
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationBypassing Network Access Control Systems
Bypassing Network Access Control Systems Ofir Arkin Chief Technology Officer Insightix Ltd. September 2006 United States International 945 Concord Street 13 Hasadna Street Framingham, MA 01701 Ra'anana,
More informationScalable Secure Remote Access Solutions for OEMs
Scalable Secure Remote Access Solutions for OEMs Introduction Secure remote access to production assets, data, and applications, along with the latest collaboration tools, provides manufacturers with the
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationOn the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks
CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt
More informationSecure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access
More informationLevel: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.
This unit has 6 learning outcomes. 1. Know telephony principles. 1.1. Demonstrate application of traffic engineering concepts Prioritization of voice traffic Trunking requirements Traffic shaping. 1.2.
More information