FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 8 Firewall Configuration and Administration
|
|
- Colin Hampton
- 7 years ago
- Views:
Transcription
1 FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 8 Firewall Configuration and Administration
2 Learning Objectives Set up firewall rules that reflect an organization s overall security approach Identify and implement different firewall configuration strategies Update a firewall to meet new needs and threats Adhere to proven security principles to help the firewall protect network resources Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 2
3 Learning Objectives (continued) Use a remote management interface Track firewall log files and follow the basic initial steps in responding to security incidents Understand the nature of advanced firewall functions Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 3
4 Establishing Firewall Rules and Restrictions Rules give firewalls specific criteria for making decisions about whether to allow packets through or drop them All firewalls have a rules file the most important configuration file on the firewall Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 4
5 The Role of the Rules File Establishes the order the firewall should follow Tells the firewall which packets should be blocked and which should be allowed Requirements Need for scalability Importance of enabling productivity of end users while maintaining adequate security Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 5
6 Restrictive Firewalls Block all access by default; permit only specific types of traffic to pass through Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 6
7 Restrictive Firewalls (continued) Follow the concept of least privilege Spell out services that employees cannot use Use and maintain passwords Choose an approach Open Optimistic Cautious Strict Paranoid Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 7
8 Connectivity-Based Firewalls Have fewer rules; primary orientation is to let all traffic pass through and then block specific types of traffic Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 8
9 Firewall Configuration Strategies Criteria Scalable Take communication needs of individual employees into account Deal with IP address needs of the organization Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 9
10 Scalability Provide for the firewall s growth by recommending a periodic review and upgrading software and hardware as needed Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 10
11 Productivity The stronger and more elaborate the firewall, the slower the data transmissions Important features of firewall: processing and memory resources available to the bastion host Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 11
12 Dealing with IP Address Issues If service network needs to be privately rather than publicly accessible, which DNS will its component systems use? If you mix public and private addresses, how will Web server and DNS servers communicate? Let the proxy server do the IP forwarding (it s the security device) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 12
13 Approaches That Add Functionality to Your Firewall Network Address Translation (NAT) Port Address Translation (PAT) Encryption Application proxies VPNs Intrusion Detection and Prevention Systems (IDPSs) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 13
14 NAT/PAT NAT and PAT convert publicly accessible IP addresses to private ones and vice versa; shields IP addresses of computers on the protected network from those on the outside Where NAT converts these addresses on a oneto-one association internal to external PAT allows one external address to map to multiple internal addresses Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 14
15 Encryption Takes a request and turns it into gibberish using a private key; exchanges the public key with the recipient firewall or router Recipient decrypts the message and presents it to the end user in understandable form Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 15
16 Encryption (continued) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 16
17 Application Proxies Act on behalf of a host; receive requests, rebuild them from scratch, and forward them to the intended location as though the request originated with it (the proxy) Can be set up with either a dual-homed host or a screened host system Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 17
18 Application Proxies (continued) Dual-homed setup Host that contains the firewall or proxy server software has two interfaces, one to the Internet and one to the internal network being protected Screened subnet system Host that holds proxy server software has a single network interface Packet filters on either side of the host filter out all traffic except that destined for proxy server software Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 18
19 Application Proxies on a Dual-Homed Host Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 19
20 VPNs Connect internal hosts with specific clients in other organizations Connections are encrypted and limited only to machines with specific IP addresses VPN gateway can: Go on a DMZ Bypass the firewall and connect directly to the internal LAN Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 20
21 VPN Gateway Bypassing the Firewall Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 21
22 Intrusion Detection and Prevention Systems Can be installed in external and/or internal routers at the perimeter of the network Built into many popular firewall packages Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 22
23 IDPS Integrated into Perimeter Routers Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 23
24 IDPS Positioned between Firewall and Internet Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 24
25 Enabling a Firewall to Meet New Needs Throughput Scalability Security Recoverability Manageability Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 25
26 Verifying Resources Needed by the Firewall Ways to track memory and system resources Use the formula: MemoryUsage = ((ConcurrentConnections)/ (AverageLifetime))*(AverageLifetime + 50 seconds)*120 Use software s own monitoring feature Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 26
27 Identifying New Risks Monitor activities and review log files Check Web sites to keep informed of latest dangers; install patches and updates Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 27
28 Adding Software Updates and Patches Test updates and patches as soon as you install them Ask vendors (of firewall, VPN appliance, routers, etc.) for notification when security patches are available Check manufacturer s Web site for security patches and software updates Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 28
29 Adding Hardware Identify network hardware so firewall can include it in routing and protection services Different ways for different firewalls List workstations, routers, VPN appliances, and other gateways you add as the network grows Choose good passwords that you guard closely Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 29
30 Dealing with Complexity on the Network Distributed firewalls Installed at endpoints of the network, including remote computers that connect to network through VPNs Add complexity Require that you install and/or maintain a variety of firewalls located on your network and in remote locations Add security Protect network from viruses or other attacks that can originate from machines that use VPNs to connect (e.g., remote laptops) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 30
31 Adhering to Proven Security Principles Generally Accepted System Security Principles (GASSP) apply to ongoing firewall management Secure physical environment where firewallrelated equipment is housed Importance of locking software so that unauthorized users cannot access it Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 31
32 Environmental Management Measures taken to reduce risks to physical environment where resources are stored Back-up power systems overcome power outages Back-up hardware and software help recover network data and services in case of equipment failure Sprinkler/alarm systems reduce damage from fire Locks guard against theft Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 32
33 BIOS, Boot, and Screen Locks BIOS and boot-up passwords Supervisor passwords Screen saver passwords Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 33
34 Remote Management Interface Software that enables you to configure and monitor firewall(s) that are located at different network locations Used to start/stop the firewall or change rule base from locations other than the primary computer Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 34
35 Why Remote Management Tools Are Important Reduce time and make the job easier for the security administrator Reduce chance of configuration errors that might result if the same changes were made manually for each firewall on the network Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 35
36 Security Concerns Can use a Security Information Management (SIM) device to prevent unauthorized users from circumventing security systems Offers strong security controls (e.g., multi-factor authentication and encryption) Should have an auditing feature Should use tunneling to connect to the firewall or use certificates for authentication Evaluate SIM software to ensure it does not introduce new vulnerabilities Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 36
37 Basic Features of Remote Management Tools Ability to monitor and configure firewalls from a single centralized location View and change firewall status View firewall s current activity View any firewall event or alert messages Ability to start and stop firewalls as needed Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 37
38 Automating Security Checks Outsource firewall management Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 38
39 Configuring Advanced Firewall Functions Ultimate goal High availability Scalability Advanced firewall functions Data caching Redundancy Load balancing Content filtering Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 39
40 Data Caching Set up a server that will: Receive requests for URLs Filter those requests against different criteria Options No caching URI Filtering Protocol (UFP) server VPN & Firewall (one request) VPN & Firewall (two requests) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 40
41 Hot Standby Redundancy Secondary or failover firewall is configured to take over traffic duties in case primary firewall fails Usually involves two firewalls; only one operates at any given time The two firewalls are connected in a heartbeat network Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 41
42 Hot Standby Redundancy (continued) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 42
43 Hot Standby Redundancy (continued) Advantages Ease and economy of setup and quick backup system it provides for the network One firewall can be stopped for maintenance without stopping network traffic Disadvantages Does not improve network performance VPN connections may or may not be included in the failover system Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 43
44 Load Balancing Practice of balancing the load placed on the firewall so that it is handled by two or more firewall systems Load sharing Practice of configuring two or more firewalls to share the total traffic load Traffic between firewalls is distributed by routers using special routing protocols Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 44
45 Load Balancing (continued) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 45
46 Load Sharing Advantages Improves total network performance Maintenance can be performed on one firewall without disrupting total network traffic Disadvantages Load usually distributed unevenly (can be remedied by using layer four switches) Configuration can be complex to administer Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 46
47 Filtering Content Firewalls don t scan for viruses but can work with third-party applications to scan for viruses or other functions Open Platform for Security (OPSEC) model Content Vectoring Protocol (CVP) Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 47
48 Filtering Content (continued) Install anti-virus software on SMTP gateway in addition to providing desktop anti-virus protection for each computer Choose an anti-virus gateway product that: Provides for content filtering Can be updated regularly to account for recent viruses Can scan the system in real time Has detailed logging capabilities Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 48
49 Chapter Summary After establishing a security policy, implement the strategies that policy specifies If primary goal of planned firewall is to block unauthorized access, you must emphasize restricting rather than enabling connectivity A firewall must be scalable so it can grow with the network it protects The stronger and more elaborate your firewall, the slower data transmissions are likely to be The more complex a network becomes, the more IP-addressing complications arise Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 49
50 Chapter Summary (continued) Network security setups can become more complex when specific functions are added Firewalls must be maintained regularly to assure critical measures of success are kept within acceptable levels of performance Successful firewall management requires adherence to principles that have been put forth by reputable organizations to ensure that firewalls and network security configurations are maintained correctly Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 50
51 Chapter Summary (continued) Remote management allows configuration and monitoring of one or more firewalls that are located at different network locations Ultimate goal for many organizations is the development of a high-performance firewall configuration that has high availability and that can be scaled as the organization grows; accomplished by using data caching, redundancy, load balancing, and content filtering Firewalls & Network Security, 2nd ed. - Chapter 8 Slide 51
Recommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationIntroduction p. 2. Introduction to Information Security p. 1. Introduction
Introduction p. xvii Introduction to Information Security p. 1 Introduction p. 2 What Is Information Security? p. 3 Critical Characteristics of Information p. 4 CNSS Security Model p. 5 Securing Components
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationArchitecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationSITECATALYST SECURITY
SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationFirewall Audit Techniques. K.S.Narayanan HCL Technologies Limited
Firewall Audit Techniques K.S.Narayanan HCL Technologies Limited Firewall Management Technology Network Security Architecture Firewall Placement Firewall Appliance Rule base compliance with security policy
More information- Introduction to PIX/ASA Firewalls -
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More information8 Steps for Network Security Protection
8 Steps for Network Security Protection cognoscape.com 8 Steps for Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationHow To Protect Your Network From Attack From Outside From Inside And Outside
IT 4823 Information Security Administration Firewalls and Intrusion Prevention October 7 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More information8 Steps For Network Security Protection
8 Steps For Network Security Protection 8 Steps For Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because of their
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationCheck Point Security Administrator R70
Page 1 of 6 Check Point Security Administrator R70 Check Point Security Administration R70 Length Prerequisites 5 days* (recommended) Basic networking knowledge, knowledge of Windows Server and/or UNIX,
More informationOverview and Deployment Guide. Sophos UTM on AWS
Overview and Deployment Guide Sophos UTM on AWS Overview and Deployment Guide Document date: November 2014 1 Sophos UTM and AWS Contents 1 Amazon Web Services... 4 1.1 AMI (Amazon Machine Image)... 4 1.2
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More information1B1 SECURITY RESPONSIBILITY
(ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationICAWEB423A Ensure dynamic website security
ICAWEB423A Ensure dynamic website security Release: 1 ICAWEB423A Ensure dynamic website security Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications
More informationTk20 Network Infrastructure
Tk20 Network Infrastructure Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:...
More informationIndustrial Firewalls Endpoint Security
Industrial Firewalls Endpoint Security Is there a need for a new type of industrial firewall? Industries have a huge park of different management and control systems to monitor their production. These
More informationInternet infrastructure. Prof. dr. ir. André Mariën
Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 31/01/2006 Topic Firewalls (c) A. Mariën 31/01/2006 Firewalls Only a short introduction See for instance: Building Internet Firewalls, second
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationAltus UC Security Overview
Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationFirewall Environments. Name
Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting
More informationGregSowell.com. Mikrotik Basics
Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationTECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations
TECHNICAL WHITE PAPER Symantec pcanywhere Security Recommendations Technical White Paper Symantec pcanywhere Security Recommendations Introduction... 3 pcanywhere Configuration Recommendations... 4 General
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationHow To Protect Your Network From Attack
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
More informationADM:49 DPS POLICY MANUAL Page 1 of 5
DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationAdvanced Higher Computing. Computer Networks. Homework Sheets
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
More informationTroubleshooting and Maintaining Cisco IP Networks Volume 1
Troubleshooting and Maintaining Cisco IP Networks Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and E Learning Goal and Course Flow Additional Cisco Glossary of Terms Your Training
More informationFirewall Security. Presented by: Daminda Perera
Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationIT Security Standard: Computing Devices
IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationBest Practices: Pass-Through w/bypass (Bridge Mode)
Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationChapter 9 Monitoring System Performance
Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important
More informationDMZ Network Visibility with Wireshark June 15, 2010
DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationCourse Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion
Key Data Product #: 3380 Course #: 6420A Number of Days: 5 Format: Certification Exams: Instructor-Led None This course syllabus should be used to determine whether the course is appropriate for the students,
More informationSmall Business Server Part 2
Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP director@ciaops.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More information