Secure Access Link. Table of Contents. Introduction. Background. avaya.com. Introduction Background Secure Access Link...
|
|
- Lily Marsh
- 8 years ago
- Views:
Transcription
1 Secure Access Link Table of Contents Introduction... 1 Background... 1 Secure Access Link... 2 Components... 3 Aggregated Traffic... 5 Flexible Authentication. and Authorization... 6 Complete Control over. Remote Access... 7 Channel Neutral Support and. Customer Self-Service... 7 Foundation for Value-Added. Support Applications... 8 Naturally Secure... 9 Conclusion...10 Introduction Avaya is embarking on a new, next-generation architecture that will significantly improve the way in which customers receive support of their communications networks. The new architecture eliminates the Avaya requirement for unfettered 24x7 access to customers network equipment. Customers can take advantage of channel-neutral support by enabling self-service, Avaya support, and/or authorized partner support of their networks at levels never achieved before. And, customers can be in complete control of when and how Avaya, or any other service partner, accesses their equipment. With this new service and support architecture, Avaya has significantly changed its underlying software, procedures, and paradigms to provide customers with more choices, more control and improved security. Background Historically, modems have been the primary means by which Avaya has remotely accessed customers products and networks. The use of modems allowed Avaya professionals to gain the same level of administrative access as if they were locally attached to the product terminal. Because modems allowed access from remote locations, Avaya was able to provide service to distant customer locations. With the widespread adoption of modems by customers, Avaya created supporting software that could automatically perform regular tasks instead of requiring a technician to login manually to each product. This concept has matured into what is known as Avaya EXPERT Systems SM Diagnostic Tools. As customers became more sensitive to controlling access to their networks, and as Avaya products became more network-dependent (e.g. IP-enabled with rich Web-based interfaces), Avaya introduced new support capabilities that provided greater bandwidth and did not require the use of modems. These IP-based solutions used IPSec virtual private networks (VPN) combined with white paper 1
2 customer-resident servers such as Avaya Secure Services Gateways (SSG) to provide remote support capabilities similar to those previously provided by modems, but with the added benefit of higher bandwidth and improved customer control. Avaya improved IP-based remote access with the introduction of advanced services. Again, these services were provided through the use of IPSec VPNs and a customer-resident management server, the Avaya Secure Intelligent Gateway (SIG), to deploy software providing advanced features such as patching and software release management. As part of developing advanced services, Avaya deployed secure, isolated Enterprise Service Platform (ESP) data centers to contain and control access to the Avaya Secure Intelligent Gateways and constrain access to any customer-sensitive data. Even though Avaya had migrated to providing service for IP-based solutions (while still supplying modem support, when necessary), more security enhancements were needed, especially in the areas of improved customer control; customer-controlled and auditable logging; and unique identification and authentication of technicians on the customer network using resilient, two-factor authentication. In addition, the IP-based solutions did not provide any notable ability for authorized partners to access customer networks via the business-to-business VPN or customerresident servers (Avaya SSG or Avaya SIG). Secure Access Link Next-Generation Remote Access Notwithstanding the remote-access improvements in the development of the advanced architectures, customers still wanted the ability to obtain support from their in-house staff or from preferred partners. In addition, customers wanted complete control over when Avaya and other service partners accessed their networks. And, customers wanted better logging and greater control over those accessing their networks both when they were accessed, and what was accessible. Avaya investigated alternatives that would provide the same level of support, yet still allow for support from Avaya EXPERT Systems Diagnostic Tools and other automated and transactional tools. The alternative had to be flexible enough to allow for growth and introduction of new support services, while still meeting the requirements set forth by customers. With extensive customer feedback and thorough investigation of numerous architectural options, the design for the next generation of remote access began to clearly emerge Avaya Secure Access Link (SAL). The dominant feature of Avaya SAL is that customers have complete control over all remote access to their networks. To provide this control, Avaya SAL enables customers to determine who will provide services to their products and to what degree. Customers may have services provided by Avaya, their own internal support groups, authorized Avaya partners, or any combination thereof. With Avaya SAL, customers have channel-neutral support in addition to control, auditable logging, and strong identification and authentication of any users who access their networks. 2
3 With SAL, all of customers service partners, including Avaya, will need customer approval to initiate connections to customers networks. In addition, Avaya SAL provides no inherent mechanism to allow Avaya or any service partner to remotely access customers products without the TCP/IP connection first being initiated from customers networks. To help customers remain compliant with Payment Card Industry (PCI) and other industry regulations, all Avaya users are uniquely identified and authenticated. Avaya SAL provides clear, auditable logging of any access attempt, either by a technician or automated tool. Next-Generation Architecture The emerging Avaya SAL architecture is scalable and flexible. Although initial releases will require customers to deploy and manage a small server for remote access, Avaya s long-term vision is to integrate the SAL solution into Avaya products as a software-only solution so that customers will not be required to deploy hardware. However, optional hardware may be deployed by customers who want to realize the benefits of some of SAL s most advanced features and management capabilities. In any case, if customers deploy servers as parts of their solutions, they will always control the highest level of administrative access to those servers (i.e. owning root ). Based on their needs, customers can choose the SAL components appropriate for inclusion in their networks. This allows customers to make balanced decisions about how they want to achieve access control in addition to the three A s of security authentication, authorization, and accounting (AAA). By providing flexible deployment options, Avaya gives a tailored solution to every customer whether a large enterprise, small or mid-sized business. Components Following are descriptions of the major components of the new Avaya SAL architecture. These components are also depicted in Figures 1-3 (pages 6-9) illustrating the SAL architecture-based scenarios for flexible alarming, secure remote access and comprehensive policy management applications. Embedded Agent The Embedded Agent is co-resident software automatically included on Avaya products. (Initial releases of Avaya SAL will support only Embedded Agent within Secure Access Gateways. However, later versions of Avaya products will automatically include co-resident Agents as part of the software releases.) Embedded Agent is intended to facilitate the transmission of alarms to the service provider (e.g. the Avaya support center, the customer network operations center, or authorized partner support center), polls the service providers via HTTPS for remote-access connection requests, and authenticates any connection request to the product. Authentication of Avaya remote access requests is performed through examination and validation of the Public Key Infrastructure (PKI) certificate of the technician or tool that initiated the request. Authentication can be augmented through implementation of a RADIUS-based, one-time password. It is important to note that the Agent is the only required customer component of this new architecture. 3
4 Secure Access Gateway Server This Secure Access Gateway Server is optional software intended to be loaded on a customer-provided and -managed server. Avaya provides SAL Gateway Server software to customers at no additional cost they simply download it. Its primary purpose is to host an Agent for products that do not support the use of a co-resident Agent on the product (i.e. legacy or third-party products). It is important to note that the Gateway Server is the only required customer-component of this new architecture. The Gateway Server can receive alarms (e.g. SNMP, INADS, etc.) from Avaya products, reformat them, and forward them onto the Secure Access Core Concentrator Servers in addition to customer-managed Network Management System (NMS) systems. Similar to the Agent, the Gateway Server polls the service providers for connection requests and supports the same authentication option as Agents. Secure Access Concentrator Remote Server The Secure Access Concentrator Remote Server, resident at the Avaya support center and/or authorized partner s support center, may be optionally deployed on a customer-provided and -managed server as part of a federated deployment. The software is designed to work on a separate server as the Gateway Server. The Remote Server is the point of connection management and communication aggregation, when accessing SAL Agents from the customer s network. Technicians who are local and wish to access products must be authenticated by the Concentrator Remote Server and wait in queue for Agents to poll for connection requests. This approach provides a single authentication and access point for servicing products. The Remote Server will be able to integrate with a customer-provided AAA server (e.g. RADIUS, LDAP, etc.) in addition to being able to authenticate the certificates of Avaya users and automated tools. If a Concentrator Remote Server is deployed on the customer network. It is the single point within the customer s network that polls the service partner for connection requests (instead of the Agent or Gateway, which are configured to poll the Concentrator Remote Server). Concentrator Remote Servers are deployed within Avaya data centers and may be deployed on the customer s network, an authorized partner s network, or a combination of both networks. This provides a federated hierarchy so that the customer may receive multiple tiers of support. Secure Access Concentrator Core Server The Secure Access Concentrator Core Server is equivalent to the Remote Server with the exception that the Core Server receives alarms delivered by the Agents or the Gateway Server. If a Concentrator Core Server is deployed on the customer network, it is the single point where alarms may be sent and forwarded onto the Avaya support center and/or authorized partner s support center. Concentrator Core Servers are deployed within Avaya data centers and may be deployed on the customer s network, an authorized partner s network, or a combination of both networks. This provides a federated hierarchy so that the customer may receive multiple tiers of support. 4
5 Secure Access Policy Server As customers expand the use of this architecture, they may have multiple Agents (on products) and Gateway Servers to support hundreds or thousands of products. By using the Secure Access Policy Server software (deployed on the customer network using a customer-provided and -managed server), the customer can centrally manage policies that are enforced by Agents and Gateway Servers that control access to Avaya products deployed within their network. When a customer purchases an Avaya maintenance agreement with remote access capabilities, Avaya provides the SAL Policy Server software at no additional cost. Secure Access Global Access Server The Secure Access Global Access Server (GAS) is deployed within the Avaya data centers along with the Secure Access Concentrator Core and Remote Servers. These GAS servers are used as the conduit of remote access connection between the technician s desktop and the Agent on the customer s network. GAS completes the secure, high-performance link for each session created by the technician to a customer product. GAS servers are regionally distributed to help ensure minimal network delay between the technician and Agent and provide a layer of high-reliability and redundancy in the event that regional Internet traffic is disrupted. Aggregated Traffic For the most security-conscious customers, the Secure Access Concentrator Remote Servers (deployed on customer networks), provide an additional benefit of routing all SAL alarms and polls through a single choke-point on the networks. Although customers may also manage traffic without deploying a Concentrator Core or Remote Server, and through the use of routers or Web proxies, the Concentrator Core and Remote Servers provide alternatives. Even without the Secure Access Remote Server, the inherent SAL architecture and functionality of Agents and Gateways provide a level of assurance to customers that their service partners are given access only to specified products, and will not get unfettered access to the their entire networks. 5
6 Alarms may be forwarded upstream from a customer s Concentrator Remote Server to a partner s Concentrator Remote Server and then to Avaya. Figure 1 Avaya Secure Access Link Flexible Alarming Flexible Authentication and Authorization Avaya Secure Access Link inherently supports two-factor authentication (2FA) of technicians through user-assigned certificates as the form of identification and strong authentication. Avaya has standard VeriSign-issued certificates combined with federal approved (FIPS-140-2) USB Smart Cards (i.e. etokens) to identify and authenticate Avaya technicians. The 2FA method provides unique, strong, auditable identification and authentication of each user, without burdening the customer with the overhead of administering an account for each Avaya technician (possibly thousands of technicians globally) supporting that network. The user-assigned certificates are inherently integrated with the logging mechanisms of the Secure Access Link solution. Whenever a technician accesses the customer s network, identifying information from his or her certificate is stored in the customer logging servers (e.g. when Agents or Gateway Servers are configured to export logging information). In addition to certificate-based authentication, the customer is able to configure a Secure Access Concentrator Remote Server, Gateway, and Agent to authenticate users to a local, customer-provided AAA server. This capability allows the customer to use its RADIUS or LDAP servers as the basis of authentication of users to its products through this architecture, and also allows the customer to utilize other forms of 2FA, such as SafeWord onetime-password (OTP) tokens. Local RADIUS or LDAP authentication can be used in addition to or in lieu of the certificate-authentication support inherent in Secure Access Link. Access policies, centrally managed by the optional Policy Server, will allow customers to define access maintenance windows, manage access and assign roles to the individuals based on who they are, how they authenticate, or when they are accessing the network. 6
7 Complete Control over Remote Access In addition to the ability to integrate local AAA servers to this architecture for authentication or control of access, SAL will also provide the customer the control to individually authorize each remote access request. When using this optional feature, the customer must approve each and every connection request. Channel Neutral Support and Customer Self-Service Even though it is described throughout this white paper, it is worth re-emphasizing that customers will be able to select their preferred service partners that will provide service and support. It could be Avaya, an authorized Avaya partner, or customers in-house staff. Furthermore, customers can select a combination of support from all three sources. Agents poll the Avaya or partner s Concentrator Remote using HTTPS for connection requests from technicians or automated systems. Connection requests are authenticated and permitted per customer-defined policy. Once connection requests are approved, a secure end-to-end session is created via high-capacity Global Access Servers. Figure 2a Avaya Secure Access Link - Secure Remote Access 7
8 Agents poll the Avaya or partner s Concentrator Remote Server using HTTPS for connection requests from technicians or automated systems. Connection requests are authenticated and permitted per customer-defined policy. Once connection requests are approved, a secure end-to-end session is created. Figure 2b Avaya Secure Access Link Secure Remote Access with Onsite Concentrator Remote Server Foundation for Value-Added Support Applications The ability to leverage tools is paramount to the efficient delivery of support. Using tools to parse system logs, take inventory, or consistently apply detailed changes across multiple systems are just a few examples of the benefits of automated tools. The architecture presented in this white paper is also intended to further the development of automated tools. The Avaya Secure Access Link project has resulted in an extensive redesign of the tools that have been developed over the past 25 years. As part of the redesign, Avaya is laying the foundation for a framework for future tools development that can be leveraged not only by Avaya, but by customers and their partners as well. The framework is intended to allow the integration of tools in future releases so that the tools may be used locally or remotely. Regardless of access point, tools will require authentication of the user or initiating automated system. For example, before Avaya EXPERT Systems Diagnostic Tools could access a product, it would be required to identify and authenticate itself to the Concentrator Remote Server, Gateway, or Agent at the same level of security as that of an individual. As additional automated or transactional tools are developed, they will also be uniquely identified and authenticated prior to accessing a product or customer network even if that tool is being used locally. 8
9 Naturally Secure Although it has not been specifically detailed within this white paper, the SAL architecture will adopt all aspects of security that are fundamental to a system of this nature and would be expected of advanced technology of this kind. These include support for customer-controlled and auditable logging using standard methods (e.g. SYSLOG); compatibility with standard AAA servers (e.g. RADIUS and LDAP); use of secure protocols (e.g. TLS, SSH, HTTPS); alignment of federal guidelines with respect to cryptographic algorithms and key usage (e.g. NIST Special Publications and Federal Information Processing Standards); application and operating system hardening that complies with generally-accepted practices, unique identification and strong authentication of each user, implicit or explicit customer-control of all remote access, and Avaya data center operational processes and procedures, which can be audited against industry standards ( e.g. ISO17799/27002, PCI, etc.). An optional Secure Access Policy Server may be deployed to centrally define and manage the access and control policies enforced by each of the Agents resident in the Gateways. Agents (within Gateways) poll the Policy Server for updated policies. Figure 3 Avaya Secure Access Link Comprehensive Policy Management 9
10 Conclusion Avaya is embarking on a significant advancement of its remote access architecture to provide greater security and control to customers, while still affording them best-in-class support. This endeavor is resulting in a fundamental change in the way Avaya supports customers by eliminating unfettered 24x7 access to customers networks. Under the architecture of Avaya Secure Access Link, customers have complete control over remote access, all communication is initiated from the customers networks, channel-neutral support is inherent, users are uniquely identified and authenticated, and customers are provided with the auditable logging necessary to meet today s stringent regulatory requirements. Avaya Global Services is among the first providers of professional, support and operations services to deliver this level of secure remote access to organizations. Learn more about Avaya Secure Access Link and how it can help you and organization. Contact your Avaya Account Manager, authorized Avaya partner or visit About Avaya Avaya is a global leader in enterprise communications systems. The company provides unified communications, contact centers, and related services directly and through its channel partners to leading businesses and organizations around the world. Enterprises of all sizes depend on Avaya for state-of-the-art communications that improve efficiency, collaboration, customer service and competitiveness. For more information please visit Avaya Inc. All Rights Reserved. Avaya and the Avaya Logo are trademarks of Avaya Inc. and may be registered in certain jurisdictions. All trademarks identified by, TM or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc All other trademarks are the property of their respective owners. 05/09 SVC4274 avaya.com
Opengear Technical Note
- Solutions for Avaya Installations Opengear Technical Note Jared Mallett - Product Marketing Manager Opengear solutions deliver cost-effective universal access to Avaya equipment and converged devices
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationAvaya Diagnostic Server
Avaya Diagnostic Server Benefits of Avaya Diagnostic Server: Resolve issues faster with remote IP Phone testing Reduce the need for costly third party diagnostics equipment and software licensing Self-diagnose
More informationTwo-Factor Authentication
Two-Factor Authentication A Total Cost of Ownership Viewpoint CONTENTS + Two-Factor Authentication 3 A Total Cost of Ownership Viewpoint + Introduction 3 + Defining Total Cost of Ownership 3 + VeriSign
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationHigh speed Ethernet WAN: Is encryption compromising your network?
High speed Ethernet WAN: Is encryption compromising your network? Trademark: 2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names
More informationAvaya Aura System Manager
Avaya Aura System Manager is an integrated solution that helps enterprises implement and maintain optimal results for their communications and business collaboration solutions. Avaya Aura System Manager
More informationHow do I secure and manage an out-of-band connection to network devices?
How do I secure and manage an out-of-band connection to network devices? ION Product(s): SA5600 Site Appliance, SM110 Secure Modem, ST510 Soft Token, PRIISMS Use Case Number: 19821 Issue Number: 2 Release
More informationADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access
Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationWhat s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4
Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This
More information3Si Managed Authentication Services Service Description
3Si Managed Authentication Services Service Description [Pick the date] 3Si Managed Authentication Services Service Description [Type the document subtitle] JT www.3sicloud.com www.3sicloud.com enquiry@3sicloud.com
More informationCisco Virtual Office Express
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationAvaya Diagnostic Server
Avaya Diagnostic Server Benefits of Avaya Diagnostic Server: Resolve issues faster with remote IP Phone testing Reduce the need for costly third party diagnostics equipment and software licensing On premise,
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationEnhanced Enterprise SIP Communication Solutions
Enhanced Enterprise SIP Communication Solutions with Avaya Aura and Allstream SIP Trunking An Allstream White Paper 1 Table Of Contents Beyond VoIP 1 SIP Trunking delivers even more benefits 1 Choosing
More informationBusiness Process Desktop
Maximum Scalability, Security, and Availability for VMware View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View solution is a powerful architecture intended to serve the needs of non-mobile
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
More informationAvaya Aura Session Manager
Avaya Aura Session Manager Avaya Aura Session Manager is the core of Avaya s revolutionary Session Initiated Protocol (SIP) based cloud computing architecture. The Session Manager platform makes it possible
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationBrocade Monitoring Services Security White Paper
WHITE PAPER Monitoring Services Security White Paper In today s globally connected world, the enterprise network is a strategic platform, a platform that demands deep and instantaneous integration between
More informationCommon Remote Service Platform (crsp) Security Concept
Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry
More informationThe IBM Solution Architecture for Energy and Utilities Framework
IBM Solution Architecture for Energy and Utilities Framework Accelerating Solutions for Smarter Utilities The IBM Solution Architecture for Energy and Utilities Framework Providing a foundation for solutions
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More informationDirected Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM
Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring A White Paper from the Experts in Business-Critical Continuity TM Executive Summary With continued efforts to reduce overhead,
More informationEasily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC
Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC As wireless standards develop and IPv6 gains widespread adoption, more and more developers are creating smart devices
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationCisco IOS Voice XML Browser
Cisco IOS Voice XML Browser Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It enables more effective, more secure,
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationa Item Summar WHY ACTION IS NECESSARY: Board approval required for the expenditure of approximately $143,000 which is in excess of the $50,000 limit.
a Item Summar ACTION REOUESTED: WHY ACTION IS NECESSARY: Board approval required for the expenditure of approximately $143,000 which is in excess of the $50,000 limit. WHAT ACTION ACCOMPLISHES: The wireless
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationWhite Paper: Managing Security on Mobile Phones
White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile
More informationMobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE
Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View Mobile Secure Desktop solution is a powerful architecture intended
More informationiphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
More informationCisco IOS Voice XML Browser
Cisco IOS Voice XML Browser Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It enables more effective, more secure,
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationWhat s new in IP Office R2.0
What s new in IP Office R2.0 15 ways Avaya has made IP Office better than ever IP Telephony Contact Centers Unified Communication Services IP Office R2.0 is a major release with new capabilities that address
More informationDell SonicWALL Secure Virtual Assist: Clientless remote support over SSL VPN
Dell SonicWALL Secure Virtual Assist: Clientless remote support over SSL VPN Businesses can enhance user satisfaction, productivity, profitability and security by leveraging existing infrastructure to
More informationSSL VPN vs. IPSec VPN
SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White
More informationION Networks. White Paper
ION Networks White Paper Examining New Options in Remote Connectivity for Managed Service Providers: Services SSL VPN vs. Traditional SSL VPN and IPSec VPN Written by: Tara Flynn Condon Steve Scrace Bill
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationEvaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationCisco Virtual Office Flexibility and Productivity for the Remote Workforce
Cisco Virtual Office Flexibility and Productivity for the Remote Workforce Cisco Virtual Office Overview Q. What is the Cisco Virtual Office? A. The Cisco Virtual Office solution provides secure, rich
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationSecurity Overview Introduction Application Firewall Compatibility
Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging
More informationAppendix C Pricing Index DIR Contract Number DIR-TSO-2724
Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers
More informationEnsuring the Security of Your Company s Data & Identities. a best practices guide
a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management
More informationCisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats
More informationViSolve Open Source Solutions
ViSolve Open Source Solutions Best-In-Class Authentication and Authorization Solutions & Services ViSolve Inc. ViSolve Securing Digital Assets Contents Security Overview Security Concerns Security Needs
More informationData Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement
Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through
More informationSecuring Virtual Desktop Infrastructures with Strong Authentication
Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication
More informationVPN_2: Deploying Cisco ASA VPN Solutions
VPN_2: Deploying Cisco ASA VPN Solutions Description Deploying Cisco ASA VPN Solutions (VPN) 2.0 is the latest update to the Cisco Certified VPN Training that aims at providing network security engineers
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationProvide access control with innovative solutions from IBM.
Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business
More informationHOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services
HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationCisco Secure Access Control Server 4.2 for Windows
Cisco Secure Access Control Server 4.2 for Windows Overview Q. What is Cisco Secure Access Control Server (ACS)? A. Cisco Secure ACS is a highly scalable, high-performance access control server that operates
More informationSecure, Remote Access for IT Infrastructure Management
Infrastructure Management & Monitoring for Business-Critical Continuity TM Secure, Remote Access for IT Infrastructure Management ACS Advanced Console Server Secure, Remote Access for IT Infrastructure
More informationHP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet
Data sheet HP Intelligent Management Center Enterprise Software Platform Key features Highly flexible and scalable deployment options Powerful administration control Rich resource management Detailed performance
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationAuthentication. Authentication in FortiOS. Single Sign-On (SSO)
Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationBaltimore UniCERT. www.baltimore.com. the world s leading PKI. global e security
TM the world s leading PKI www.baltimore.com global e security Bringing Real Business On-Line The Internet is now forming a key part of organizations operating strategy. Although most companies accept
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More information2012 European Cloud-Based Authentication Services New Product Innovation Award
2012 2012 European Cloud-Based Authentication Services New Product Innovation Award 2012 Frost & Sullivan 1 We Accelerate Growth New Product Innovation Award Cloud-Based Authentication Service Europe,
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationAuthentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationBuilding Your Complete Remote Access Infrastructure on Windows Server 2012
Building Your Complete Remote Access nappliance White Paper August 2012 Introduction Remote access is a complex challenge for IT administrators. Providing system access to remote users involves a broad
More informationSSL VPN Technical Primer
4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses
More informationVASCO: Compliant Digital Identity Protection for Healthcare
VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationTECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION
TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION SMS PASSCODE is the leading technology in a new generation of two-factor authentication systems protecting against the modern Internet threats.
More informationKaseya IT Automation Framework
Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More informationE-commerce: Competing the Advantages of a Mobile Enterprise
Addressing the Challenges of Going Mobile Mobile Data Collection Using COMMANDmobile Table of Contents Introduction... 3 Challenges of Going Mobile... 4 Existing Infrastructures... 4 Configuration Management...
More informationRanch Networks for Hosted Data Centers
Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch
More informationAvaya Contact Center Control Manager (ACCCM)
Avaya Contact Center Control Manager (ACCCM) In today s dynamic marketplace customers expect rapid, efficient, and highly effective interactions when communicating with vendors. Any vendor who fails to
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationUSB etoken and USB Flash Features Support
USB etoken and USB Flash Features Support USB etoken and USB Flash Features Support Cisco Integrated Services Routers provide secure, wire-speed delivery of concurrent data, voice, and video services (Figure
More informationLAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS
LAB FORWARD WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS Medical diagnostics are a vital part of the modern healthcare system, and instrument uptime is critical
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More information