Own nothing control everything. Belnet Security Conference
|
|
- Miranda Poole
- 8 years ago
- Views:
Transcription
1 Own nothing control everything Belnet Security Conference
2 I am Rutger doing security Agfa 2
3 Agfa-Gevaert Group Business & Organization Belgian Companies Agfa-Gevaert NV Agfa Healthcare NV Agfa Graphics NV Agfa-Gevaert Group Parent Company CC and GSS CC = Corporate Center GSS = Global Shared Service GSS GSS Agfa Agfa ICS ICS Global HR/ Global Procurement/ HR Logistics Agfa Graphics Agfa HealthCare Agfa Materials Specialty Products ICT within AGFA is called Agfa ICS (ICS = Information & Communication Services 3
4 Agfa in the World Sales organisations in 40 countries Representations in 100 countries Manufacturing sites in 10 countries HealthCare No 1-2 Prepress No 1-2 Other 4
5 Agfa Graphics: Product Portfolio Software Computerto-Film Film setter Film Analog Plates Offset Press Computerto-Plate Plate setter Digital Plates Thermal, Polymer & Silver Proofing PC Flexo Printing Flexo CTP Flexo Plates Flexo Press Screen Printing Screen exposure frame Screen Screen Press Scanner Industrial Inkjet Printing Digital Inkjet Print 5 Ink
6 Agfa HealthCare: Radiology Product Portfolio Contrast media Screen Film, Intensifying screens, cassettes Film processor & chemistry Screen Film Diagnosis on light box Analog X Ray Digital X Ray Reusable Imaging plate CR Digitizer Musica - CR Dry Imager Hardcopy film workstation CT, MR, PET, Connectivity PACS 6
7 Agfa HealthCare: IT Solution Portfolio Administration The HealthCare Community Referring Physicians Assisted Living Home Care Pharmacists Billing Payors Planning Emergency Room Nursing Reporting Intensive Care Intensive Care Electronic Patient Record Surgery Accounting Examining Cardiology Radiology Laboratory Treating Resource Management Diagnosing Catering Logistics 7
8 Specialty Products: Product Portfolio Classics : Motion Picture PCB-film Microfilm Film manufacturing services NDT-film 3rd party contracts New businesses Synthetic Paper Membranes Functional inks for industrial applications Identification & Security Orgacon 8
9 Agfa ICS facts and figures +/ users +/ servers +/ network devices Mainframe 3 main data centers + various server rooms Manufacturing environment R&D environment ICT within AGFA is called Agfa ICS (ICS = Information & Communication Services 9
10 First of all The topics covered in this presentation are applicable for the Agfa This is not an infomercial!! This is not the silver bullet solution!! 10
11 CISCO VPN 3000 CONCENTRATOR SERIES SYSTEM ETHERNET LINK STATUS EXPANSION MODULES INSERTION STATUS RUN STATUS FAN STATUS POWER SUPPLIES A B CISCO VPN 3000 CONCENTRATOR SERIES SYSTEM ETHERNET LINK STATUS EXPANSION MODULES INSERTION STATUS RUN STATUS FAN STATUS POWER SUPPLIES A B CPU UTILIZATION ACTIVE SESSIONS THROUGHPUT CPU UTILIZATION ACTIVE SESSIONS THROUGHPUT High level network/security design Country xyz MPLS Internet Customer Customer Customer Customer Networks Networks Networks Networks Core Internet routers Core MPLS routers Internet backbone Intranet backbone VPN Concentrators Firewall Cluster Proxies Rem. Supp. Customer A,B,C,D.. winsock Mgmt. DMZ Core WAF Core Mgmt. DMZ Mgmt. DMZ Datacenter User LAN MORTSEL Internet area User LAN Intranet area Extranet area 11
12 Security vision in the past Keep the evil outside of the perimeter Very strict interconnection policy Standardization High risk information processing in a secure "bubble (HE customers) 12
13 Why? Issues Capacity issues (MPLS) and related cost Internet issues Quick integration of acquisitions and associated risks Security 13
14 Capacity issues (MPLS) and related cost Internet Proxies Large office Datacenter Internet VPN (mpls backup) MPLS VPN(mpls backup) ` Small office Proxies User LAN Internet ` 14
15 Internet issues Internet Proxies Large office Datacenter Internet VPN (mpls backup) MPLS VPN(mpls backup) ` Small office Proxies User LAN Internet ` 15
16 Quick integration of acquisitions and associated risks Is like opening Pandora s Box 16
17 Quick integration of acquisitions and associated risks Internet Proxies Large office Datacenter Internet VPN (mpls backup) VPN(mpls backup) Joint V./ Acquisition MPLS VPN(mpls backup) ` Small office Proxies User LAN Internet ` 17
18 Security ISO 27K FDA Datacenter TÜV HIPAA NONE Proxies LAN Internet ` 18
19 Why? New business requirements Open device policy (BYOC) Managed Services model Local island networks 19
20 BYOC 20
21 Managed Services model 3 Managed Service Models On-site Solution as a Service (SaaS) Off-site Managed Hosting Remote Management IMPAX 6 PACS IMPAX RIS ORBIS EPR IMPAX CARDIO Agfa HealthCare IT Solutions IMPAX DATA CENTER HYDMEDIA ECM 21
22 Managed Services model Agfa Hosting Datacenter Impax servers / DB Datacenter Service Provider Impax servers / DB Datacenter Customer Customer network IDC Customer FW Customer A 22
23 Isolated networks Internet Datacenter Proxies Large office Internet VPN (mpls backup) VPN(mpls backup) Joint V./ Acquisition MPLS ` Plantnet, R&D.. VPN(mpls backup) Small office Proxies LAN Internet ` 23
24 Conclusion Some security measures are the cause of network issues Ignoring these issues or just saying no is not a solution 100% end user device standardization is utopia The internal trust/security concept is an illusion Protection of most important assets (datacenter) are necessary We need a plan!!! 24
25 We tried the hard way Enforce standardization Enforce policy More appliances (Wan opti., Firewalls, QOS, Winsock, ) 25
26 Result.. Overall happiness Security Long term operational costs 26
27 Let s start with a BIG project, that Solves network/security issues Brings internet into the company Provides a flexible but secure network Supports the new security vision Is future proof Embrace BYOC 27
28 The new security vision High risk information processing in a secure "bubble (HE customer, Manufacturing ) Granular security model (Different security requirements between BU s) Adopt a least privilege strategy and strictly enforce access control (user and device authentication) Gaining network traffic visibility: inspection and logging Virtualization It is not about who you keep OUT, it s about who you let IN User LAN = untrusted 28
29 Embrace BYOC Reducing costs User understands and supports his own system Agfa ICS can focus on infrastructure,projects,security etc not on fix and break support User satisfaction BYOC gives a sense of ownership Overall hapiness goes up Flexibility home enabler Could trigger thin client computing The only real way to standardize computing Ideal way to approach Secure Environments (healthcare,manufacturing) 29
30 Drawbacks Helpdesk support ICS Service Desk will be called first in case of problems, also when the problem is related to their own system Costs Application delivery Virtual environment delivery Network/security infrastructure Security Information security Legal issues 30
31 Looking for a security appliance Identify By Application By UserGroup By Content Inspection By Device Categorize By Application By Application Category By Destination By Content By usergroup Control Prioritize Apps by Policy Manage Apps by Policy Block Apps/Devices by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts 31
32 Future high level netwerk/security design 32
33 How do we solve the capacity issues? Datacenter VPN (mpls backup) Large office ` Internet VPN(mpls backup) Joint V./ Acquisition MPLS Plantnet, R&D.. VPN(mpls backup) Small office LAN Internet ` 33
34 How do we solve the internet issues? Datacenter VPN (mpls backup) Large office ` Internet VPN(mpls backup) Joint V./ Acquisition MPLS Plantnet, R&D.. VPN(mpls backup) Small office LAN Internet ` 34
35 How do we solve the security issues? Datacenter VPN (mpls backup) Large office ` Internet VPN(mpls backup) Joint V./ Acquisition MPLS Plantnet, R&D.. VPN(mpls backup) Small office LAN Internet ` 35
36 Does this design meet the new requirements? Datacenter VPN (mpls backup) Large office ` Internet VPN(mpls backup) Joint V./ Acquisition MPLS Plantnet, R&D.. VPN(mpls backup) Small office LAN Internet ` 36
37 How to BYOC Smart phones Tablets PCs All devices No restrictions (non) Agfa Internet With controls (non) Agfa Device Checked for: - Virus software - Agfa standard Agfa devices Checked for: - Virus software - Encryption - Agfa standards -. Next Gen. firewall Internal Agfa Web applications Internal Agfa applications Highly secure applications Virtual Desktop Infrastructure 37
38 Managed Services model Agfa Hosting Datacenter Impax servers / DB Impax servers / DB Datacenter Service Provider Impax servers / DB Datacenter Customer Customer network IDC IDC Customer FW Customer A Customer B 38
39 Use cases Contractor -> SAP infrastructure 1 2 Ng Firewal 4 5 Datacenter 3 1. Contractor initiates traffic to the datacenter 2. FW agent sends user-ip mapping + system profile/parameters 3. Firewall verifies user credentials on AD 4. Firewall does policy check (User ok,av = OK, Agfa Standard = not ok system) 5. Only RPD Traffic allowed to Virtual Desktop VLAN 39
40 Use cases Agfa user to notes 1 2 Ng Firewal 4 5 Datacenter 3 1. Contractor initiates traffic to the datacenter 2. FW agent sends user-ip mapping + system profile/parameters 3. Firewall verifies user credentials on AD 4. Firewall does policy check (User = ok, AV = ok, Agfa Standard system = ok) 5. Notes/sametime traffic allowed to notes infrastructure 40
41 Use cases Agfa ICS administrator to notes 1 2 Ng Firewal 4 5 Datacenter 3 1. Contractor initiates traffic to the datacenter 2. FW agent sends user-ip mapping + system profile/parameters 3. Firewall verifies user credentials on AD 4. Firewall does policy check (User = ok, AV = ok, Agfa Standard system = ok) 5. Notes/sametime/administration traffic allowed to notes infrastructure 41
42 Final conclusion Next generation appliances are not a revolution This is not the silver bullet security solution, secure MZ s such as SRSS are still needed IT security is more than a security applicance doing UTM There is still a lot of work to do 42
43 Questions & Answers
44 Backup slides 44
45 Use cases Guest to internet 1 2 Ng Firewal 4 5 Internet 3 1. Guest initiates traffic to the internet 2. Webform used to collect authentication information 3. Firewall verifies user credentials on AD 4. Firewall does policy check (URL, application, user..) 5. Internet-bound traffic passed if allowed by policy 45
46 Use cases Contractor to HE webportal 1 2 Ng Firewal 4 5 Datacenter 3 1. Contractor initiates traffic to the datacenter 2. FW agent sends user-ip mapping + system profile/parameters 3. Firewall verifies user credentials on AD 4. Firewall does policy check (User = ok, AV = ok, Agfa Standard system = not ok) 5. Only HTTPS Traffic allowed to HE webportal 46
47 Use cases HE engineer to SRSS 1 2 Ng Firewal 4 5 Datacenter 3 1. Contractor initiate traffic to the datacenter 2. FW agent sends user-ip mapping + system profile/parameters 3. Firewall verifies user credentials on AD 4. Firewall does policy check (User = ok, AV = ok, Agfa Standard system = ok, Encryption = Ok) 5. SRSS traffic allowed to SRSS MZ 47
48 What is changed between 2001 and now? Good old days.. Related to Now Desktops > Laptops No smartphones Ownership/control + End user devices Desktop < Laptops everybody smartphones Ownership/control - Internet = privilege Browser/ftp client Internet Internet = Commodity A lot of other applications Static/economical Internet content Dynamic Economical Files Large Client <-> Lan Applications Client <-> LAN Client <-> Internet Default installed OS Users with no passwd Vulnerable CGI, OS To many ports open Security Threats Client side software Websites Zero-days + 48
49 User LAN Server VLAN s 49
50 The good old days Ratio desktop/laptop 80/20 Especially client server LAN traffic Internet was a privilege Static and economical internet content Browser <-> internet No smartphones etc.. Limited removable media IT was something work related Less compliancy obligation IT no core business Server based security threats 50
51 This resulted in following security controls Remote access only via VPN (strong authentication) Very tight network perimeter security Very strict interconnection policy Only internet access via proxy(authenticated) Seperated internal and external dns infrastructure 51
Cisco Network Switches Juniper Firewall Clusters
Cisco Network Switches Juniper Firewall Clusters Cisco Network Infrastructure Cisco Network Infrastructure Core Network Consists of 4 Cisco 4506 switches 10 Gig E Fiber Optic Connections between switches
More informationDigital transformation through e-leadership perspectives of the CIO Agfa Case
Digital transformation through e-leadership perspectives of the CIO Agfa Case Freddy Van den Wyngaert, CIO Agfa-Gevaert Chairman of the Board of the European CIO Association Chairman of the Board of the
More informationCyber Essentials Questionnaire
Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.
More informationENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0
ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS Version 2.0 July 20, 2012 Table of Contents 1 Foreword... 1 2 Introduction... 1 2.1 Classification... 1 3 Scope... 1
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationBring Your Own Device:
Bring Your Own Device: Finding the perfect balance between Security, Performance, Flexibility & Manageability SECURELINK WHITEPAPER 2012 By Frank Staut Management summary This white paper discusses some
More informationService Descriptions
Mainframe Application Hosting/Central Processing Unit (CPU) Rate: $1,044.00 per hour (Based on normalization to an IBM 2064-116 model rated at 8,117.7067 SUs per second) The DTS provides software application
More informationIntroducing Agfa HealthCare. Dave Wilson Director, Imaging Informatics Agfa HealthCare Inc., (Canada)
Introducing Agfa HealthCare Dave Wilson Director, Imaging Informatics Agfa HealthCare Inc., (Canada) A leading multinational organization Agfa HealthCare, a part of the Agfa-Gevaert Group A leading provider
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationCisco AnyConnect Secure Mobility Solution Guide
Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationWireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com
Wireless Services The Top Questions to Help You Choose the Right Wireless Solution for Your Business Get Started Now: 877.611.6342 to learn more. www.megapath.com Why Go Wireless? Today, it seems that
More informationMobile, Cloud, Advanced Threats: A Unified Approach to Security
Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationWho Moved My Firewall. Clinton Thomson Derivco (PTY) Ltd
Who Moved My Firewall Clinton Thomson Derivco (PTY) Ltd 1 Agenda Introduction to Derivco (Pty) Ltd Efficacy of Firewalls Firewall Roles Threat Landscape De-perimeterisation Q & A 2 Derivco as a company
More informationScalable Secure Remote Access Solutions
Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,
More informationSSL-VPN 200 Getting Started Guide
Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN
More informationInformation Technology 2016-2021 Strategic Plan
Information Technology 2016-2021 Strategic Plan Draft Table of Contents Table of Contents... 3 Introduction... 4 Mission of IT... 4 Primary Service Delivery Objectives... 4 Availability of Systems...
More informationUsing a VPN with Niagara Systems. v0.3 6, July 2013
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationTable of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems... 3. Improve Processes...
Table of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems... 3 Improve Processes... 3 Innovation... 4 IT Planning & Alignment
More informationARCHITECT S GUIDE: Mobile Security Using TNC Technology
ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org
More informationSSL VPN A look at UCD through the tunnel
SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within
More informationSECURING YOUR MODERN DATA CENTER WITH CHECK POINT
SECURING YOUR MODERN DATA CENTER WITH CHECK POINT Javier Hijas Security Architect Check Point Europe 1 Agenda 1 2 3 4 What Questions is a modern / Answers datacenter Datacenter protection evolution Security
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationBuilding Your Complete Remote Access Infrastructure on Windows Server 2012
Building Your Complete Remote Access nappliance White Paper August 2012 Introduction Remote access is a complex challenge for IT administrators. Providing system access to remote users involves a broad
More informationManaged WiFi. Choosing the Right Managed WiFi Solution for your Organization. www.megapath.com. Get Started Now: 877.611.6342 to learn more.
Managed WiFi Choosing the Right Managed WiFi Solution for your Organization Get Started Now: 877.611.6342 to learn more. www.megapath.com Everyone is going Wireless Today, it seems that everywhere you
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More information- Introduction to PIX/ASA Firewalls -
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
More informationTable of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems...
Table of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems...3 Improve Processes...4 Innovation...4 IT Planning & Alignment
More informationCisco RV082 Dual WAN VPN Router Cisco Small Business Routers
Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers Secure Remote Access at the Heart of the Small Business Network Highlights Dual WAN connections for load balancing and connection redundancy
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationNominee: Barracuda Networks
Nominee: Barracuda Networks Nomination title: Barracuda Next Generation Firewall The Barracuda NG (Next Generation) Firewall is much more than a traditional firewall. It is designed to protect network
More informationEnterprise Governance and Planning
GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationHow To - Deploy Cyberoam in Gateway Mode
How To - Deploy Cyberoam in Gateway Mode Cyberoam appliance can be deployed in a network in two modes: Gateway mode. Popularly known as Route mode Bridge mode. Popularly known as Transparent mode Article
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationFirewall Audit Techniques. K.S.Narayanan HCL Technologies Limited
Firewall Audit Techniques K.S.Narayanan HCL Technologies Limited Firewall Management Technology Network Security Architecture Firewall Placement Firewall Appliance Rule base compliance with security policy
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationEHR Implementation: What you need to know to have a successful project: Part 2. Bruce Kleaveland President Kleaveland Consulting, Inc.
EHR Implementation: What you need to know to have a successful project: Part 2. Bruce Kleaveland President Kleaveland Consulting, Inc. Learning Objectives: Recognize key EHR hardware & network components
More informationWhat would you like to protect?
Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber
More informationSecuring and Monitoring BYOD Networks using NetFlow
Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine
More informationCity of Coral Gables
City of Coral Gables Information Technology Department IT TECHNICAL SUPPORT DIVISION Infrastructure Upgrade Plan Systems, Applications, Network, and Telecommunications Infrastructure OVERVIEW Last revision:
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationNetwork Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July 2010. Network Security 08
Network Security (Principles i & Practices) Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ By: Arash Habibi Lashkari July 2010 1 Introduction to Network Security Model of Network
More informationBYOD(evice) without BYOI(nsecurity)
BYOD(evice) without BYOI(nsecurity) Dan Houser CISSP-ISSAP CISM Goran Avramov MCSE+M VCP4 Cardinal Health Session ID: HOT-107 Session Classification: Intermediate Agenda Drivers for Bring Your Own Device
More informationHow To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (
UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationThe Secure Web Access Solution Includes:
F5 - AppDome Partnership F5 and AppDome share a vision that BYOD users should benefit from secure access to enterprise internal portals for increased productivity. With the exponential growth of mobile
More informationBring Your Own Device (BYOD) and 1:1 Initiatives: What Questions Do You Need to Answer Before Jumping In?
Bring Your Own Device (BYOD) and 1:1 Initiatives: What Questions Do You Need to Answer Before Jumping In? Bruce Alexander Product Specialist- Wireless and Mobility Bret Straffon Product Specialist-Security
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationSizing Guideline. Sophos UTM 9.2 - SG Series Appliances. Sophos UTM 9.2 Sizing Guide for SG Series appliances
Sizing Guideline Sophos UTM 9.2 - SG Series Appliances Three steps to specifying the right appliance model This document provides a guideline for choosing the right Sophos SG Series appliance for your
More informationSecure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions
Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)
More informationProfessional Integrated SSL-VPN Appliance for Small and Medium-sized businesses
Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration
More informationCyberoam Perspective BFSI Security Guidelines. Overview
Overview The term BFSI stands for Banking, Financial Services and Insurance (BFSI). This term is widely used to address those companies which provide an array of financial products or services. Financial
More informationSafe Harbor. Henning B. Treichl. Senior Sales Engineer salesforce.com
Henning B. Treichl Senior Sales Engineer salesforce.com Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements
More informationSmart Telephone System
IG7600 Smart Telephone System Quick Installation Guide Copyright 2013, All Rights Reserved. Ver11140311 IG7600 Smart Telephone System Quick Installation Guide Powering up 1. Plug the IG7600 in and allow
More informationMillbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0
Millbeck Communications Secure Remote Access Service Internet VPN Access to N3 VPN Client Set Up Guide Version 6.0 COPYRIGHT NOTICE Copyright 2013 Millbeck Communications Ltd. All Rights Reserved. Introduction
More informationService Definition. Asta Powerproject. Project, Portfolio & Resource Management Software
Asta Powerproject Service Definition Asta Powerproject Project, Portfolio & Resource Management Software Asta Development plc Kingston House, Goodsons Mews Wellington Street Thame OX9 3BX Table of Contents
More informationUsing a VPN with CentraLine AX Systems
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationUsing Innominate mguard over BGAN
Using Innominate mguard over BGAN Version 2 6 June 2008 inmarsat.com/bgan Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure its accuracy,
More informationSecurity Models for Cloud. Kurtis E. Minder, CISSP
Security Models for Cloud Kurtis E. Minder, CISSP 1 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson Business
More informationCisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security
White Paper Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security Introduction Organizations that want to harness the power of the web must deal with
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationWAN Failover Scenarios Using Digi Wireless WAN Routers
WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More informationCisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model: MX60 MX60W MX80 MX100 MX400 MX600
MX Sizing Guide MARCH 2014 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationU06 IT Infrastructure Policy
Dartmoor National Park Authority U06 IT Infrastructure Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without the agreement
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationE2BN Direct - Network Services for Schools and Academies
E2BN Direct - Network Services for Schools and Academies E2BN Direct provides internet, web filtering and other services directly to Schools and Academies. We use proven products backed by dedicated support,
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationThe User is Evolving. July 12, 2011
McAfee Enterprise Mobility Management Securing Mobile Applications An overview for MEEC The User is Evolving 2 The User is Evolving 3 IT s Challenge with Mobile Devices Web 2.0, Apps 2.0, Mobility 2.0
More informationFreedom for Servers, Drives & Desktops
a cloud commerce marketplace THE CLOUD REVOLUTION: Freedom for Servers, Drives & Desktops...cloud computing is enabling small and medium businesses (SMBs) to compete with the upper echelon of corporate
More informationThe Holistic Guide to BYOD in Your Business Jazib Frahim
The Holistic Guide to BYOD in Your Business Jazib Frahim Technical Leader Security Services Practice Cisco Advanced Services May 8, 2012 We are in love with our devices Proliferation of Devices By 2020
More informationFigure 41-1 IP Filter Rules
41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationMission-Critical Mobile Security: A Stronger, Sensible Approach
Mission-Critical Mobile Security: A Stronger, Sensible Approach An Overview of Unisys Stealth for Mobile By Rob Johnson White Paper 2 Table of Contents Abstract 4 Introduction 4 Unisys Stealth for Mobile
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More information