What do we mean when we say security on the NBN?

Size: px
Start display at page:

Download "What do we mean when we say security on the NBN?"

Transcription

1 Security on the NBN: Perspectives The National Broadband Network, or NBN, is going to dramatically change the way Australians connect and obtain network services such as Internet, telephony and television. It promises greater speeds, reliability and reach than any other consumer network before it very exciting! But will this new network have more security? Will it meet the security needs of Australia s next generation of consumers, enterprises and carriers? Who will ensure the security of the NBN and our trust in it? This article will pose some of these questions and offer some potential answers. What do we mean when we say security on the NBN? Security means different things to different people. In general we consider network security as the ability of a network to remain available and to perform well even with exposure to would-be attackers. This also includes the ability to keep sensitive information travelling across the network safe from unauthorised access or modification. In implementation there are many aspects of modern networks that link together to preserve that security. By the time the first paying customer uses the NBN, there will have been literally hundreds of security processes, features and settings applied to keep customers, and the network itself, safe. Will the NBN be fundamentally secure? Yes. 90% of Australian homes will be connected by Fibre To The Premises, or FTTP. Fibre optic cable is a generally more secure way to transmit information across public ground compared to the copper twisted-pair cabling used for most telephone/dsl connections today, as well as most cable-modem based Internet services (pre-docsis v3). This is primarily due to the higher levels of difficulty associated with cutting into the fibre and/or passively listening in. On top of this, GPON uses encryption over the optical link to the user s premises. That means that the data travelling to the customer over fibre can only be decoded by the intended optical modem (ONT). Similarly, security processes exist for wireless and satellite which will be used for the 10% of the population not served by fibre. The details of how this is accomplished vary from product to product, so the NBN will need to make security assessments an important part of its selection processes for equipment.

2 But will connecting 100% of the population come with additional security issues? Yes. While the NBN holds great promise for Australians and the future of networking in our country, the existence of such a pervasive networking resource does mean that attackers will attempt to exploit it. So how will we know the NBN is safe, and who will keep it (and us) safe? Ultimately, security will be achieved in different ways by the people and organisations involved. Each have different security concerns and different compensating controls to address them. Taken as a whole, and with proper maintenance, the measures put in place to secure the NBN at all layers will combine to create a strong, resilient asset for all Australians. Figure 1: NBN Co., the NSP, and the Customer all have a role to play in security. Let s look at how security of the NBN is achieved by the user, by the Network Service Provider (NSP), and by NBN Co., as part of an overall layered approach. In the following sections, the home, enterprise, and government users are all operating as customers of the NBN with the same general issues and types of protection applied just at a different scale. Specifically, in the commercial and government sectors, the threats faced are much more potent, but these are offset by correspondingly greater resources to counter the threats.

3 Other/future security concerns in the home Staying safe at home It s important to understand that the NBN does not, by itself, expose residential customers to greater security risks. The NBN is just an access network, and a secure one in that it is itself resistant to attack. With more computers on-line, and increasingly being used for home banking, shopping, and other commercial activities, security threats (both to the PC itself and to other new network components of an NBNenabled household) need to be considered. The increased numbers of systems online due to the NBN will create a larger population of potential victims for online attackers. Of course, the accessibility of the NBN will also improve security, in that it will allow things like virus protection and computer security updates to be much more readily accessible than ever before and the best protection for your PC and home network is to keep your defences up to date. In order to minimise online vulnerability, computer users should follow the four basic rules of home computing: 1. Use a firewall that controls both outbound traffic as well as inbound (default firewalls may not provide this); 2. Use anti-virus software with updates applied regularly (e.g., daily); 3. Keep up-to-date with system updates; and 4. Do not click links received in s or instant messages, or attachments unless you trust where you got them from. Following these simple steps will give your computer a high degree of protection against most security threats. Also, in a NBN world just as today, it will remain imperative that we all pay close attention to keeping our personal information private in our dealings with others, both online and off. Personal computers will not be the only part of a home installation of interest to attackers. As Australians come to enjoy a fuller on net experience associated with better connectivity, consumer products will become available which leverage this connectivity. This could be called the real value of the NBN the enhancement to everyday life afforded by being connected. For example, the NBN could likely be used to deliver telephony, security alarm monitoring, IP TV, and access to smart meters for utilities. However, it is important to remember that the appliances for these new services and applications will normally be network-enabled, computer-based, and therefore open to attack. This also creates an opportunity for attacks to and from home computers and other intelligent devices in the same household. The NBN will need to support related security functionality to keep these services safe, both for the carrier to offer and operate, and the customer to use, including keeping them safe from each other. For example: A PC must not be able to disable telephone services, or television set-top boxes and vice-versa. Remote access to consumer products must be provided securely, including the use of encryption and strong authentication techniques. Equipment to be located on the customer network that plays a part in billing must be secured to prevent fraud. Utilities (power meters, etc) must be secured to prevent unauthorised control by criminals planning to compromise a building s security, for example by turning off power to an alarm panel. However, these smart meters incorporate security features of their own which can effectively mitigate this risk. New services and products offered via the NBN will become targets for phishing and spoofing attacks these try to trick people into unwittingly helping the attacker gain personal information. As such, up-front, consumer training should be provided to help people differentiate between legitimate business interactions and attackers trying to get personal information such as passwords.

4 Needs of the small-to-medium business / enterprise customer In addition to the basic security issues faced by residential customers, businesses of all sizes are subject to some additional threats when they go online: Commercial attackers seeking to eavesdrop confidential information Denial-of-Service attacks to block access or cripple servers Targeted penetration of defences to steal and/or destroy information. Again, the NBN does not by default have an active role in securing customers systems and information; it is merely the network access enabler. The security measures implemented by the NBN will be focused on ensuring the availability and performance of the underlying infrastructure rather than securing customers. But the NSP, leveraging bandwidth that the NBN delivers, is now free to develop and deploy value-added services that will improve security, especially for business customers. For example, the widespread introduction of high-bandwidth services will create a much more attractive market for network-based data backup and restore services. These services are critical for recovering from an attack, or failure of an important system. In another case, a full suite of managed security services could be offered by the NSP to deliver a secure network as part of the package. This could bring best-of-breed enterprise security capabilities within reach of small businesses that would otherwise find procurement and maintenance of such systems unaffordable. Whatever the security service offerings that develop, the NBN itself will leverage network segregation technologies such as Ethernet Virtual LAN (VLAN) and Multiprotocol Label Switching (MPLS) with Quality of Service (QoS). Ethernet VLAN and MPLS will enable the NBN to partition and segregate traffic between networks and QoS to restrict traffic flows to agreed limits. An additional level of segregation and security is provided by encrypted VPNs. As is currently the case today, enterprise users of the network often request encryption for their inter-office networks, and in some cases (e.g., processing credit card transactions) it is mandatory. NBN will probably spark a rise in the deployment of VPNs as more and more customers do business on the NBN and security-savvy NSPs will be there to assist with, and/or provide these VPNs. Government and law enforcement Government departments resemble enterprises in their operation multiple sites, interactions with business and consumers and budget constraints for IT spend. Yet they face all the same risks, as well as holding special security-based responsibilities: Managing information sensitive to national security Managing personal information on nearly every resident in Australia Supporting Law Enforcement agencies and Emergency Services. The implication for government departments is that a very high level of security is expected of them in order to protect the interests of individuals and the nation in general. Possible exposure via the NBN is just one facet of this, which can be tackled using similar processes and technologies to those found in ordinary enterprises, especially MPLS, QoS, and encrypted VPNs. NBN will also have an opportunity to provide universal standard lawful interception capabilities on behalf on NSPs (who would otherwise be obliged to each develop and deploy a solution). This will lower the barriers of entry for NSPs, and in turn, this should result in lower costs to the consumer. This might be some way off but with NBN it becomes a real possibility and even likelihood.

5 Expectations on the NBN and responsible organisations It goes without saying that all organisations responsible for providing services as part of NBN will be expected to maintain good general security practices (a critical example of this would be having a defined, published and audited security policy), ensure confidentiality and integrity of customer data, ensure the security of their own facilities against attack, and documented procedures to manage risk. In addition to this, there are more specific expectations at each part of the delivery chain and associated organisations. NBN Co. and the network itself Assuming a wholesale bitstream model, NBN Co. will be responsible for the delivery of data across the access network to customers premises. They must ensure the security of the NBN components, systems, network operations centres, offsite data backups, billing systems, etc. They will need to ensure that each customer only has access to their own information and network, and that traffic from one provider does not compromise the service provided to and by others. Given the larger number of providers expected to take advantage of the NBN, security systems and processes will need to be highly scalable, and able to function with complete security in an efficient manner. Another Australian concern for an NBN to reach 100% of the population, and 90% via fibre, is the physical reach of it traversing thousands of kilometres including connectivity to some quite remote areas. As the NBN Co. builds out this web of interconnecting access networks feeding into the NBN, there will be some physical security considerations associated with reaching out this far with the infrastructure. For example, special security alarm systems and monitoring will need to be a part of remote sites. Also, encryption will be required to protect sensitive management traffic to the remote distribution points and network equipment within them. a value-added service the NBN Co. could sell to NSPs, and that the NSPs may be able to re-sell to its customers. Also, the way the NBN is designed will need to include security from the ground up. For example, if the network were to be designed around physical fibre connections being leased to NSPs, it would be almost impossible to achieve proper security in a measurable way because there would be no end- to-end visibility or ownership of the security of the network, and there would be increased risk of undetectable tampering with the fibres themselves before they became active or leased. By contrast, keeping the NBN Co. accountable for the underlying security elements of the entire end to end network, and having a single lit network reduces the opportunity for tampering with the fibres, adding illicit links, and so on. As a national resource, Australians will want to see independent security audits and reviews being carried out regularly on the NBN s security, and reported on such that the burgeoning NBN ebusiness environment remains an attractive investment for Australia and the myriad service providers utilising the NBN. These expectations and others besides will evolve over time as the plans for NBN are developed. Industry, consumer, and government consultation and involvement will be required. A technique that is gaining in popularity is the introduction of anomaly detection systems into the network. These systems simply observe traffic and usage patterns and then raise an alarm if something odd occurs in the usage patterns of the network. For example, an attempt to guess passwords on an NBN Co. system would be visible in this way; also a virus outbreak within an NSP could be detected which could be

6 Service Provider The service provider, as the initial customer of the NBN, will start with a trusted network environment provided by the NBN Co. This will then support standard internet access, customer VPNs, all their monitoring needs, and so on. In addition there will be security filters and policies deployed to the provider s edge and extensive QoS and other traffic management measures in place to keep the provider s services safe, and also to ensure service availability for consumers, small business and enterprise customers alike. It will be the responsibility of the service provider to ensure their internal operations and customers networks and services are not at risk from attack by hackers, including users connected to other providers networks. A defence in depth model will need to be deployed in which security measures are layered to prevent attacks from breaking through defences, with no single point of failure resulting in a breakdown of security. Complementing these preventive measures, the providers will be expected to monitor for any untoward occurrences and then to respond to incidents when they occur. Customers will expect the service providers to also engage the services of security auditors to validate the measures they have in place to protect customers networks and data in transit across the provider s network. Hopefully a strong security practice, documented and audited, will become a key expectation and differentiating selling point between service providers. The role of government in securing the NBN Cyber-terrorism is a very real threat and the Government will need to ensure the NBN will be built from the ground up to resist largescale attacks that might be used to harm Australia s new network infrastructure or its users en masse. To the extent critical infrastructure (including public transport, utilities, law enforcement, etc.) and related services might connect to the NBN, focused security testing and audits will be required to ensure the utmost levels of security are maintained in all aspects of these networks. Cooperation with international efforts and contribution to standards relating to securing critical infrastructure should be part of what the government brings to NBN for security. Additionally, as a regulator, the Government will need to ensure appropriate security features and settings are maintained across each service provider connecting to NBN. This could be done via the establishment of security policies and requirements that form part of the entry criteria for a service provider to be setup on the NBN; and the regulator should require yearly audits of the security of the provider s network and systems, to identify developed issues and allow for remediation processes to be initiated. At key connection points where the NBN feeds into the wider Internet, there should also be standards to ensure the NBN is not an easy target to the myriad of skilled attackers present on the wider Net. As a provider of potentially very many services to all Australians, the Government will perhaps be one of the NBN s biggest users, with a strong vested interest in ensuring that the security capabilities of the network remain effective over the lifetime of the network. This vigilance will benefit all Australians as neighbours on the same network.

7 A good way to establish the security of a service or network or system is to make use of established international standards as the foundation for assessing security, then repeating this assessment at intervals to measure improvement or stagnation in the security posture of the subject. A comprehensive security standard such as ITU-T Recommendation X.805 provides an architecture for providing end-to-end security. It is also useful in calling out security requirements and characteristics for assessment. Its systematic consideration of security across the user plane, control plane and management plane, covering eight so-called dimensions of security provides a robust matrix of security assessment, especially when applied against the NBN at the three layers called out: per element (infrastructure), per network (referred to as a service ) and per NSP (called an application ). Figure 2: An ITU-T X.805 diagram, depicting the various ways to evaluate end-to-end security. Conclusions The provision of a NBN to all Australians will undoubtedly bring with it enormous benefits to our society. Consumers frustrated by slow network access speeds today will find themselves able to participate fully in the network-centric Internet, thanks to the NBN. Rural communities will be able to access this digital economy for the first time. Businesses and government will find new ways to work with each other and with their customers in an always-on world. Improved education, research, and collaboration capabilities will become available to all Australian homes in a much richer way thanks to improved bandwidth and coverage. Crucially, in addition to connecting Australia, the NBN must take active and comprehensive steps to ensure the ongoing security and confidence of users of the network at all levels from the consumer at home to the government itself. We view strong security for the NBN as non-optional, and we hope this introduction to some of the issues and accountabilities has helped show why. Glossary DOCSIS Data Over Cable Service Interface Specification FTTP Fibre to the Premises GPON Gigabit Passive Optical Network IPTV Internet Protocol Television ONT Optical Network Termination MPLS Multiprotocol Label Switching NBN National Broadband Network NSP Network Service Provider QoS Quality of Service VLAN Virtual LAN VPN Virtual Private Network Alcatel-Lucent Australia contact details: Ric Clark, Chief Technology Officer ph: Lisa Poninghaus, External Communications Manager ph:

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Converged Private Networks. Supporting voice and business-critical applications across multiple sites Converged Private Networks Supporting voice and business-critical applications across multiple sites Harness converged voice and high-speed data connectivity MPLS-based WAN solution that supports voice

More information

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications Best Effort gets Better with MPLS Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications A White Paper on Multiprotocol Label Switching October,

More information

Partner with the UK s leading. Managed Security Service Provider

Partner with the UK s leading. Managed Security Service Provider Partner with the UK s leading Managed Security Service Provider The Talk Straight Advantage Established in 2007, Talk Straight is an ISP with a difference, and is at the forefront of a revolution in cloud

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

IP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract

IP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

The evolution of data connectivity

The evolution of data connectivity Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity

More information

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Converged Private Networks. Supporting voice and business-critical applications across multiple sites Converged Private Networks Supporting voice and business-critical applications across multiple sites Harness converged Converged Private Networks voice and high-speed data connectivity Reliable, highly

More information

E-commerce Home Office Small Business Network Solution

E-commerce Home Office Small Business Network Solution Converged Private Networks Supporting voice and business-critical applications across multiple sites Harness converged voice and high-speed data connectivity Reliable, highly available MPLS-based WAN solution

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Information Security: A Perspective for Higher Education

Information Security: A Perspective for Higher Education Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose

More information

The Next Generation Network:

The Next Generation Network: JULY, 2012 The Next Generation Network: Why the Distributed Enterprise Should Consider Multi-circuit WAN VPN Solutions versus Traditional MPLS Tolt Solutions Network Services 125 Technology Drive Suite

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Chapter 1 Instructor Version

Chapter 1 Instructor Version Name Date Objectives: Instructor Version Explain how multiple networks are used in everyday life. Explain the topologies and devices used in a small to medium-sized business network. Explain the basic

More information

A HELPING HAND TO PROTECT YOUR REPUTATION

A HELPING HAND TO PROTECT YOUR REPUTATION OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

How To Protect Your Network From Attack From A Network Security Threat

How To Protect Your Network From Attack From A Network Security Threat Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

VoIP Resilience and Security Jim Credland

VoIP Resilience and Security Jim Credland VoIP Resilience and Security Jim Credland About THUS plc Provider and user of VoIP and Soft Switch technologies Developing Enterprise Security Standards NISCC VoIP Working Group Security Considerations

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

Supporting voice and business-critical applications across multiple sites

Supporting voice and business-critical applications across multiple sites MPLS Supporting voice and business-critical applications across multiple sites Harness converged voice and high-speed data connectivity Reliable, highly available MPLS-based WAN solution that supports

More information

SingTel MPLS. The Great Multi Protocol Label Switching (MPLS) Migration

SingTel MPLS. The Great Multi Protocol Label Switching (MPLS) Migration SingTel MPLS The Great Multi Protocol Label Switching (MPLS) Migration SingTel MPLS The Great MPLS Migration There are now a variety of alternatives when it comes to connecting multiple sites with WAN

More information

HANDBOOK 8 NETWORK SECURITY Version 1.0

HANDBOOK 8 NETWORK SECURITY Version 1.0 Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives

More information

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...

More information

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI Solution for Retail: Addressing Compliance and Security Best Practices PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

MUNICIPAL WIRELESS NETWORK

MUNICIPAL WIRELESS NETWORK MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP

More information

NBN Frequently Asked Questions NBN Information Pack for Safety Link Clients

NBN Frequently Asked Questions NBN Information Pack for Safety Link Clients NBN Frequently Asked Questions NBN Information Pack for Safety Link Clients Table of Contents Table of Contents... 2 General FAQs:... 4 What is the NBN?... 4 Do I have to connect to the NBN?... 4 What

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Leveraging Broadband to Offer Value-add Revenue-Generating Managed Services to Small Medium Enterprises (SMEs) by Network Service Providers (NSPs)

Leveraging Broadband to Offer Value-add Revenue-Generating Managed Services to Small Medium Enterprises (SMEs) by Network Service Providers (NSPs) www.msona.co.uk Leveraging Broadband to Offer Value-add Revenue-Generating Managed Services to Small Medium Enterprises (SMEs) by Network Service Providers (NSPs) Broadband Internet has gone from being

More information

Managing internet security

Managing internet security Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further

More information

Specific recommendations

Specific recommendations Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It

More information

esoft Technical White Paper: Who Needs Firewall Protection?

esoft Technical White Paper: Who Needs Firewall Protection? esoft Technical White Paper: Who Needs Firewall Protection? "Without the protection of a firewall, which serves as a buffer between an organization s internal network and myriad external networks including

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper How Proactive Business Continuity Can Protect and Grow Your Business For most companies, business continuity planning is instantly equated with disaster recovery the reactive ability of a business to continue

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Mobile Devices and Malicious Code Attack Prevention

Mobile Devices and Malicious Code Attack Prevention Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Remote Access Security

Remote Access Security Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to

More information

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

EA-ISP-012-Network Management Policy

EA-ISP-012-Network Management Policy Technology & Information Services EA-ISP-012-Network Management Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 01/04/2015 Document Security Level: PUBLIC Document Version: 1.00 Document Ref:

More information

Managed Security Services for Data

Managed Security Services for Data A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

Malicious Email Mitigation Strategy Guide

Malicious Email Mitigation Strategy Guide CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly

More information

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

The term Virtual Private Networks comes with a simple three-letter acronym VPN

The term Virtual Private Networks comes with a simple three-letter acronym VPN Application Brief Nortel Networks Virtual Private Networking solutions for service providers Service providers addressing the market for Virtual Private Networking (VPN) need solutions that effectively

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

Security in DSL Networks. Issues and Solutions for Small-to-Medium Sized Enterprises

Security in DSL Networks. Issues and Solutions for Small-to-Medium Sized Enterprises Security in DSL Networks Issues and Solutions for Small-to-Medium Sized Enterprises T E C H N I C A L P A P E R Security in DSL Networks The High Cost of Internet Security Breaches.... 1 Who is Most at

More information

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service Solution Overview Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service What You Will Learn With the arrival of the fourth-generation (4G) or Long Term Evolution (LTE) cellular wireless

More information

Datawire Secure Transport Value Proposition

Datawire Secure Transport Value Proposition Transport Value Proposition Contents: What is Transport? Transport is a patented connectivity service Datawire Defined that transports financial transactions securely and reliably over Datawire Value Proposition

More information

Virus Protection Across The Enterprise

Virus Protection Across The Enterprise White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

How To Secure Your Store Data With Fortinet

How To Secure Your Store Data With Fortinet Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the

More information

Managed Network Services

Managed Network Services Managed Network Services Delivering innovative network data services to business NETWOR Communications are an essential and integral part of any IT strategy and are as important as the systems and processes

More information

ENTERPRISE CONNECTIVITY

ENTERPRISE CONNECTIVITY ENTERPRISE CONNECTIVITY IP Services for Business, Governmental & Non-Governmental Organizations The success of today s organizations and enterprises highly depends on reliable and secure connectivity.

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2 Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls

More information

MPLS/IP VPN Services Market Update, 2014. United States

MPLS/IP VPN Services Market Update, 2014. United States MPLS/IP VPN Services Market Update, 2014 United States August 2014 Contents Section Slide Numbers Executive Summary 4 Market Overview & Definitions 8 Drivers & Restraints 14 Market Trends & Revenue Forecasts

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

EVALUATING NETWORKING TECHNOLOGIES

EVALUATING NETWORKING TECHNOLOGIES WHITE PAPER EVALUATING NETWORKING TECHNOLOGIES CONTENTS EXECUTIVE SUMMARY 01 NETWORKS HAVE CHANGED 02 Origin of VPNS Next-generation VPNS TODAY S CHOICES 04 Layer 3 VPNS Layer 2 VPNS MAKING YOUR DECISION

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

IBM Internet Security Systems

IBM Internet Security Systems IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

Top Five Security Issues for Small and Medium-Sized Businesses

Top Five Security Issues for Small and Medium-Sized Businesses White Paper Top Five Security Issues for Small and Medium-Sized Businesses SUMMARY Small and medium-sized businesses use the Internet and networked applications to reach new customers and serve their existing

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

GPRS and 3G Services: Connectivity Options

GPRS and 3G Services: Connectivity Options GPRS and 3G Services: Connectivity Options An O2 White Paper Contents Page No. 3-4 5-7 5 6 7 7 8-10 8 10 11-12 11 12 13 14 15 15 15 16 17 Chapter No. 1. Executive Summary 2. Bearer Service 2.1. Overview

More information

Making the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008

Making the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008 Making the Case for Satellite: Ensuring Business Continuity and Beyond July 2008 Ensuring Business Continuity and Beyond Ensuring business continuity is a major concern of any company in today s technology

More information

SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS

SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS Karen Scarfone, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Many people

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an

More information