What do we mean when we say security on the NBN?
|
|
- Oscar Walsh
- 8 years ago
- Views:
Transcription
1 Security on the NBN: Perspectives The National Broadband Network, or NBN, is going to dramatically change the way Australians connect and obtain network services such as Internet, telephony and television. It promises greater speeds, reliability and reach than any other consumer network before it very exciting! But will this new network have more security? Will it meet the security needs of Australia s next generation of consumers, enterprises and carriers? Who will ensure the security of the NBN and our trust in it? This article will pose some of these questions and offer some potential answers. What do we mean when we say security on the NBN? Security means different things to different people. In general we consider network security as the ability of a network to remain available and to perform well even with exposure to would-be attackers. This also includes the ability to keep sensitive information travelling across the network safe from unauthorised access or modification. In implementation there are many aspects of modern networks that link together to preserve that security. By the time the first paying customer uses the NBN, there will have been literally hundreds of security processes, features and settings applied to keep customers, and the network itself, safe. Will the NBN be fundamentally secure? Yes. 90% of Australian homes will be connected by Fibre To The Premises, or FTTP. Fibre optic cable is a generally more secure way to transmit information across public ground compared to the copper twisted-pair cabling used for most telephone/dsl connections today, as well as most cable-modem based Internet services (pre-docsis v3). This is primarily due to the higher levels of difficulty associated with cutting into the fibre and/or passively listening in. On top of this, GPON uses encryption over the optical link to the user s premises. That means that the data travelling to the customer over fibre can only be decoded by the intended optical modem (ONT). Similarly, security processes exist for wireless and satellite which will be used for the 10% of the population not served by fibre. The details of how this is accomplished vary from product to product, so the NBN will need to make security assessments an important part of its selection processes for equipment.
2 But will connecting 100% of the population come with additional security issues? Yes. While the NBN holds great promise for Australians and the future of networking in our country, the existence of such a pervasive networking resource does mean that attackers will attempt to exploit it. So how will we know the NBN is safe, and who will keep it (and us) safe? Ultimately, security will be achieved in different ways by the people and organisations involved. Each have different security concerns and different compensating controls to address them. Taken as a whole, and with proper maintenance, the measures put in place to secure the NBN at all layers will combine to create a strong, resilient asset for all Australians. Figure 1: NBN Co., the NSP, and the Customer all have a role to play in security. Let s look at how security of the NBN is achieved by the user, by the Network Service Provider (NSP), and by NBN Co., as part of an overall layered approach. In the following sections, the home, enterprise, and government users are all operating as customers of the NBN with the same general issues and types of protection applied just at a different scale. Specifically, in the commercial and government sectors, the threats faced are much more potent, but these are offset by correspondingly greater resources to counter the threats.
3 Other/future security concerns in the home Staying safe at home It s important to understand that the NBN does not, by itself, expose residential customers to greater security risks. The NBN is just an access network, and a secure one in that it is itself resistant to attack. With more computers on-line, and increasingly being used for home banking, shopping, and other commercial activities, security threats (both to the PC itself and to other new network components of an NBNenabled household) need to be considered. The increased numbers of systems online due to the NBN will create a larger population of potential victims for online attackers. Of course, the accessibility of the NBN will also improve security, in that it will allow things like virus protection and computer security updates to be much more readily accessible than ever before and the best protection for your PC and home network is to keep your defences up to date. In order to minimise online vulnerability, computer users should follow the four basic rules of home computing: 1. Use a firewall that controls both outbound traffic as well as inbound (default firewalls may not provide this); 2. Use anti-virus software with updates applied regularly (e.g., daily); 3. Keep up-to-date with system updates; and 4. Do not click links received in s or instant messages, or attachments unless you trust where you got them from. Following these simple steps will give your computer a high degree of protection against most security threats. Also, in a NBN world just as today, it will remain imperative that we all pay close attention to keeping our personal information private in our dealings with others, both online and off. Personal computers will not be the only part of a home installation of interest to attackers. As Australians come to enjoy a fuller on net experience associated with better connectivity, consumer products will become available which leverage this connectivity. This could be called the real value of the NBN the enhancement to everyday life afforded by being connected. For example, the NBN could likely be used to deliver telephony, security alarm monitoring, IP TV, and access to smart meters for utilities. However, it is important to remember that the appliances for these new services and applications will normally be network-enabled, computer-based, and therefore open to attack. This also creates an opportunity for attacks to and from home computers and other intelligent devices in the same household. The NBN will need to support related security functionality to keep these services safe, both for the carrier to offer and operate, and the customer to use, including keeping them safe from each other. For example: A PC must not be able to disable telephone services, or television set-top boxes and vice-versa. Remote access to consumer products must be provided securely, including the use of encryption and strong authentication techniques. Equipment to be located on the customer network that plays a part in billing must be secured to prevent fraud. Utilities (power meters, etc) must be secured to prevent unauthorised control by criminals planning to compromise a building s security, for example by turning off power to an alarm panel. However, these smart meters incorporate security features of their own which can effectively mitigate this risk. New services and products offered via the NBN will become targets for phishing and spoofing attacks these try to trick people into unwittingly helping the attacker gain personal information. As such, up-front, consumer training should be provided to help people differentiate between legitimate business interactions and attackers trying to get personal information such as passwords.
4 Needs of the small-to-medium business / enterprise customer In addition to the basic security issues faced by residential customers, businesses of all sizes are subject to some additional threats when they go online: Commercial attackers seeking to eavesdrop confidential information Denial-of-Service attacks to block access or cripple servers Targeted penetration of defences to steal and/or destroy information. Again, the NBN does not by default have an active role in securing customers systems and information; it is merely the network access enabler. The security measures implemented by the NBN will be focused on ensuring the availability and performance of the underlying infrastructure rather than securing customers. But the NSP, leveraging bandwidth that the NBN delivers, is now free to develop and deploy value-added services that will improve security, especially for business customers. For example, the widespread introduction of high-bandwidth services will create a much more attractive market for network-based data backup and restore services. These services are critical for recovering from an attack, or failure of an important system. In another case, a full suite of managed security services could be offered by the NSP to deliver a secure network as part of the package. This could bring best-of-breed enterprise security capabilities within reach of small businesses that would otherwise find procurement and maintenance of such systems unaffordable. Whatever the security service offerings that develop, the NBN itself will leverage network segregation technologies such as Ethernet Virtual LAN (VLAN) and Multiprotocol Label Switching (MPLS) with Quality of Service (QoS). Ethernet VLAN and MPLS will enable the NBN to partition and segregate traffic between networks and QoS to restrict traffic flows to agreed limits. An additional level of segregation and security is provided by encrypted VPNs. As is currently the case today, enterprise users of the network often request encryption for their inter-office networks, and in some cases (e.g., processing credit card transactions) it is mandatory. NBN will probably spark a rise in the deployment of VPNs as more and more customers do business on the NBN and security-savvy NSPs will be there to assist with, and/or provide these VPNs. Government and law enforcement Government departments resemble enterprises in their operation multiple sites, interactions with business and consumers and budget constraints for IT spend. Yet they face all the same risks, as well as holding special security-based responsibilities: Managing information sensitive to national security Managing personal information on nearly every resident in Australia Supporting Law Enforcement agencies and Emergency Services. The implication for government departments is that a very high level of security is expected of them in order to protect the interests of individuals and the nation in general. Possible exposure via the NBN is just one facet of this, which can be tackled using similar processes and technologies to those found in ordinary enterprises, especially MPLS, QoS, and encrypted VPNs. NBN will also have an opportunity to provide universal standard lawful interception capabilities on behalf on NSPs (who would otherwise be obliged to each develop and deploy a solution). This will lower the barriers of entry for NSPs, and in turn, this should result in lower costs to the consumer. This might be some way off but with NBN it becomes a real possibility and even likelihood.
5 Expectations on the NBN and responsible organisations It goes without saying that all organisations responsible for providing services as part of NBN will be expected to maintain good general security practices (a critical example of this would be having a defined, published and audited security policy), ensure confidentiality and integrity of customer data, ensure the security of their own facilities against attack, and documented procedures to manage risk. In addition to this, there are more specific expectations at each part of the delivery chain and associated organisations. NBN Co. and the network itself Assuming a wholesale bitstream model, NBN Co. will be responsible for the delivery of data across the access network to customers premises. They must ensure the security of the NBN components, systems, network operations centres, offsite data backups, billing systems, etc. They will need to ensure that each customer only has access to their own information and network, and that traffic from one provider does not compromise the service provided to and by others. Given the larger number of providers expected to take advantage of the NBN, security systems and processes will need to be highly scalable, and able to function with complete security in an efficient manner. Another Australian concern for an NBN to reach 100% of the population, and 90% via fibre, is the physical reach of it traversing thousands of kilometres including connectivity to some quite remote areas. As the NBN Co. builds out this web of interconnecting access networks feeding into the NBN, there will be some physical security considerations associated with reaching out this far with the infrastructure. For example, special security alarm systems and monitoring will need to be a part of remote sites. Also, encryption will be required to protect sensitive management traffic to the remote distribution points and network equipment within them. a value-added service the NBN Co. could sell to NSPs, and that the NSPs may be able to re-sell to its customers. Also, the way the NBN is designed will need to include security from the ground up. For example, if the network were to be designed around physical fibre connections being leased to NSPs, it would be almost impossible to achieve proper security in a measurable way because there would be no end- to-end visibility or ownership of the security of the network, and there would be increased risk of undetectable tampering with the fibres themselves before they became active or leased. By contrast, keeping the NBN Co. accountable for the underlying security elements of the entire end to end network, and having a single lit network reduces the opportunity for tampering with the fibres, adding illicit links, and so on. As a national resource, Australians will want to see independent security audits and reviews being carried out regularly on the NBN s security, and reported on such that the burgeoning NBN ebusiness environment remains an attractive investment for Australia and the myriad service providers utilising the NBN. These expectations and others besides will evolve over time as the plans for NBN are developed. Industry, consumer, and government consultation and involvement will be required. A technique that is gaining in popularity is the introduction of anomaly detection systems into the network. These systems simply observe traffic and usage patterns and then raise an alarm if something odd occurs in the usage patterns of the network. For example, an attempt to guess passwords on an NBN Co. system would be visible in this way; also a virus outbreak within an NSP could be detected which could be
6 Service Provider The service provider, as the initial customer of the NBN, will start with a trusted network environment provided by the NBN Co. This will then support standard internet access, customer VPNs, all their monitoring needs, and so on. In addition there will be security filters and policies deployed to the provider s edge and extensive QoS and other traffic management measures in place to keep the provider s services safe, and also to ensure service availability for consumers, small business and enterprise customers alike. It will be the responsibility of the service provider to ensure their internal operations and customers networks and services are not at risk from attack by hackers, including users connected to other providers networks. A defence in depth model will need to be deployed in which security measures are layered to prevent attacks from breaking through defences, with no single point of failure resulting in a breakdown of security. Complementing these preventive measures, the providers will be expected to monitor for any untoward occurrences and then to respond to incidents when they occur. Customers will expect the service providers to also engage the services of security auditors to validate the measures they have in place to protect customers networks and data in transit across the provider s network. Hopefully a strong security practice, documented and audited, will become a key expectation and differentiating selling point between service providers. The role of government in securing the NBN Cyber-terrorism is a very real threat and the Government will need to ensure the NBN will be built from the ground up to resist largescale attacks that might be used to harm Australia s new network infrastructure or its users en masse. To the extent critical infrastructure (including public transport, utilities, law enforcement, etc.) and related services might connect to the NBN, focused security testing and audits will be required to ensure the utmost levels of security are maintained in all aspects of these networks. Cooperation with international efforts and contribution to standards relating to securing critical infrastructure should be part of what the government brings to NBN for security. Additionally, as a regulator, the Government will need to ensure appropriate security features and settings are maintained across each service provider connecting to NBN. This could be done via the establishment of security policies and requirements that form part of the entry criteria for a service provider to be setup on the NBN; and the regulator should require yearly audits of the security of the provider s network and systems, to identify developed issues and allow for remediation processes to be initiated. At key connection points where the NBN feeds into the wider Internet, there should also be standards to ensure the NBN is not an easy target to the myriad of skilled attackers present on the wider Net. As a provider of potentially very many services to all Australians, the Government will perhaps be one of the NBN s biggest users, with a strong vested interest in ensuring that the security capabilities of the network remain effective over the lifetime of the network. This vigilance will benefit all Australians as neighbours on the same network.
7 A good way to establish the security of a service or network or system is to make use of established international standards as the foundation for assessing security, then repeating this assessment at intervals to measure improvement or stagnation in the security posture of the subject. A comprehensive security standard such as ITU-T Recommendation X.805 provides an architecture for providing end-to-end security. It is also useful in calling out security requirements and characteristics for assessment. Its systematic consideration of security across the user plane, control plane and management plane, covering eight so-called dimensions of security provides a robust matrix of security assessment, especially when applied against the NBN at the three layers called out: per element (infrastructure), per network (referred to as a service ) and per NSP (called an application ). Figure 2: An ITU-T X.805 diagram, depicting the various ways to evaluate end-to-end security. Conclusions The provision of a NBN to all Australians will undoubtedly bring with it enormous benefits to our society. Consumers frustrated by slow network access speeds today will find themselves able to participate fully in the network-centric Internet, thanks to the NBN. Rural communities will be able to access this digital economy for the first time. Businesses and government will find new ways to work with each other and with their customers in an always-on world. Improved education, research, and collaboration capabilities will become available to all Australian homes in a much richer way thanks to improved bandwidth and coverage. Crucially, in addition to connecting Australia, the NBN must take active and comprehensive steps to ensure the ongoing security and confidence of users of the network at all levels from the consumer at home to the government itself. We view strong security for the NBN as non-optional, and we hope this introduction to some of the issues and accountabilities has helped show why. Glossary DOCSIS Data Over Cable Service Interface Specification FTTP Fibre to the Premises GPON Gigabit Passive Optical Network IPTV Internet Protocol Television ONT Optical Network Termination MPLS Multiprotocol Label Switching NBN National Broadband Network NSP Network Service Provider QoS Quality of Service VLAN Virtual LAN VPN Virtual Private Network Alcatel-Lucent Australia contact details: Ric Clark, Chief Technology Officer ph: Lisa Poninghaus, External Communications Manager ph:
IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationConverged Private Networks. Supporting voice and business-critical applications across multiple sites
Converged Private Networks Supporting voice and business-critical applications across multiple sites Harness converged voice and high-speed data connectivity MPLS-based WAN solution that supports voice
More informationBest Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications
Best Effort gets Better with MPLS Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications A White Paper on Multiprotocol Label Switching October,
More informationPartner with the UK s leading. Managed Security Service Provider
Partner with the UK s leading Managed Security Service Provider The Talk Straight Advantage Established in 2007, Talk Straight is an ISP with a difference, and is at the forefront of a revolution in cloud
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationIP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
More informationDraft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications
Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationThe evolution of data connectivity
Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity
More informationConverged Private Networks. Supporting voice and business-critical applications across multiple sites
Converged Private Networks Supporting voice and business-critical applications across multiple sites Harness converged Converged Private Networks voice and high-speed data connectivity Reliable, highly
More informationE-commerce Home Office Small Business Network Solution
Converged Private Networks Supporting voice and business-critical applications across multiple sites Harness converged voice and high-speed data connectivity Reliable, highly available MPLS-based WAN solution
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationInformation Security: A Perspective for Higher Education
Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose
More informationThe Next Generation Network:
JULY, 2012 The Next Generation Network: Why the Distributed Enterprise Should Consider Multi-circuit WAN VPN Solutions versus Traditional MPLS Tolt Solutions Network Services 125 Technology Drive Suite
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationChapter 1 Instructor Version
Name Date Objectives: Instructor Version Explain how multiple networks are used in everyday life. Explain the topologies and devices used in a small to medium-sized business network. Explain the basic
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationVoIP Resilience and Security Jim Credland
VoIP Resilience and Security Jim Credland About THUS plc Provider and user of VoIP and Soft Switch technologies Developing Enterprise Security Standards NISCC VoIP Working Group Security Considerations
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationSupporting voice and business-critical applications across multiple sites
MPLS Supporting voice and business-critical applications across multiple sites Harness converged voice and high-speed data connectivity Reliable, highly available MPLS-based WAN solution that supports
More informationSingTel MPLS. The Great Multi Protocol Label Switching (MPLS) Migration
SingTel MPLS The Great Multi Protocol Label Switching (MPLS) Migration SingTel MPLS The Great MPLS Migration There are now a variety of alternatives when it comes to connecting multiple sites with WAN
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationMUNICIPAL WIRELESS NETWORK
MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationPromoting Network Security (A Service Provider Perspective)
Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationNBN Frequently Asked Questions NBN Information Pack for Safety Link Clients
NBN Frequently Asked Questions NBN Information Pack for Safety Link Clients Table of Contents Table of Contents... 2 General FAQs:... 4 What is the NBN?... 4 Do I have to connect to the NBN?... 4 What
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationLeveraging Broadband to Offer Value-add Revenue-Generating Managed Services to Small Medium Enterprises (SMEs) by Network Service Providers (NSPs)
www.msona.co.uk Leveraging Broadband to Offer Value-add Revenue-Generating Managed Services to Small Medium Enterprises (SMEs) by Network Service Providers (NSPs) Broadband Internet has gone from being
More informationManaging internet security
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationesoft Technical White Paper: Who Needs Firewall Protection?
esoft Technical White Paper: Who Needs Firewall Protection? "Without the protection of a firewall, which serves as a buffer between an organization s internal network and myriad external networks including
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationHow Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper
How Proactive Business Continuity Can Protect and Grow Your Business For most companies, business continuity planning is instantly equated with disaster recovery the reactive ability of a business to continue
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationNetwork Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access
Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationEA-ISP-012-Network Management Policy
Technology & Information Services EA-ISP-012-Network Management Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 01/04/2015 Document Security Level: PUBLIC Document Version: 1.00 Document Ref:
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationHow to complete the Secure Internet Site Declaration (SISD) form
1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationThe term Virtual Private Networks comes with a simple three-letter acronym VPN
Application Brief Nortel Networks Virtual Private Networking solutions for service providers Service providers addressing the market for Virtual Private Networking (VPN) need solutions that effectively
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationSecurity in DSL Networks. Issues and Solutions for Small-to-Medium Sized Enterprises
Security in DSL Networks Issues and Solutions for Small-to-Medium Sized Enterprises T E C H N I C A L P A P E R Security in DSL Networks The High Cost of Internet Security Breaches.... 1 Who is Most at
More informationManaged 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service
Solution Overview Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service What You Will Learn With the arrival of the fourth-generation (4G) or Long Term Evolution (LTE) cellular wireless
More informationDatawire Secure Transport Value Proposition
Transport Value Proposition Contents: What is Transport? Transport is a patented connectivity service Datawire Defined that transports financial transactions securely and reliably over Datawire Value Proposition
More informationVirus Protection Across The Enterprise
White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationManaged Network Services
Managed Network Services Delivering innovative network data services to business NETWOR Communications are an essential and integral part of any IT strategy and are as important as the systems and processes
More informationENTERPRISE CONNECTIVITY
ENTERPRISE CONNECTIVITY IP Services for Business, Governmental & Non-Governmental Organizations The success of today s organizations and enterprises highly depends on reliable and secure connectivity.
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationMPLS/IP VPN Services Market Update, 2014. United States
MPLS/IP VPN Services Market Update, 2014 United States August 2014 Contents Section Slide Numbers Executive Summary 4 Market Overview & Definitions 8 Drivers & Restraints 14 Market Trends & Revenue Forecasts
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationThe Hidden Dangers of Public WiFi
WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect
More informationEVALUATING NETWORKING TECHNOLOGIES
WHITE PAPER EVALUATING NETWORKING TECHNOLOGIES CONTENTS EXECUTIVE SUMMARY 01 NETWORKS HAVE CHANGED 02 Origin of VPNS Next-generation VPNS TODAY S CHOICES 04 Layer 3 VPNS Layer 2 VPNS MAKING YOUR DECISION
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationIBM Internet Security Systems
IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationTop Five Security Issues for Small and Medium-Sized Businesses
White Paper Top Five Security Issues for Small and Medium-Sized Businesses SUMMARY Small and medium-sized businesses use the Internet and networked applications to reach new customers and serve their existing
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationGPRS and 3G Services: Connectivity Options
GPRS and 3G Services: Connectivity Options An O2 White Paper Contents Page No. 3-4 5-7 5 6 7 7 8-10 8 10 11-12 11 12 13 14 15 15 15 16 17 Chapter No. 1. Executive Summary 2. Bearer Service 2.1. Overview
More informationMaking the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008
Making the Case for Satellite: Ensuring Business Continuity and Beyond July 2008 Ensuring Business Continuity and Beyond Ensuring business continuity is a major concern of any company in today s technology
More informationSECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS
SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS Karen Scarfone, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Many people
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More information