Optical LANs Provide Advanced Security Features to Better Protect Networks Against Data Breaches
|
|
- Rosamund Reynolds
- 8 years ago
- Views:
Transcription
1 LANs Provide Advanced Security Features to Better Protect Networks Against Breaches The news headlines tell the story. Network data breaches at Fortune 500 companies are driving chief information officers (CIOs) and IT professionals to make investments to ensure that corporate info is secure and protected, yet still highly available. A recent Gartner study finds that security is a Top 10 technology priority for CIOs, 1 and Infonetics Research ranks security as a top concern for Enterprise-access Networks. 2 Tellabs LAN Solution Tellabs LAN Solution and Tellabs Panorama PON Manager play vital roles in providing more secure LAN with consistent security policies and procedures, fewer human errors and a more reliable network infrastructure [Figure 1]. The solution improves network security in a number of ways, including: Mitigating the security impact on corporations and IT leadership Eliminating the inefficiencies of legacy copper-based LAN Improving network element management security Providing systemwide security across the LAN Taking advantage of the inherent security of optical fiber Leveraging the security features of ONTs Exceeding Government, Military, HIPAA and PCI requirements LANs improve network security by: Providing powerful security measures at the physical layer, the data layer, user level and port level Reducing the threat of both internal and external malicious attacks while lowering LAN costs Supporting breach response plans and macrosecurity programs Complying with HIPAA and PCI requirements Leveraging the inherent security features of fiber Line Network s Figure 1: Tellabs LAN Solution provides advanced security throughout the network. 1 Gartner 2 Infonetics See Tellabs.com for more information about Tellabs Solutions 1
2 Mitigating the security impact on corporations and IT leadership What is the cost of losing data, files and records accessible through the LAN? In 2014, a Ponemon Institute study concluded that the average cost of a data breach to a company in the United States (U.S.) was $5.85 million per incident. The average cost to U.S. businesses for each lost or stolen record averaged $201/record. The industries for which the costs were the highest are Healthcare ($358 per file) and Education ($294 per file). Ponemon Institute found that the root cause was 42% malicious/ criminal, 30% human error and 29% system glitch. 3 A Healthcare News article describes how LAN downtime can result in lost data, files and records. 4 The Healthcare vertical is an excellent example of this correlation between data loss and network reliability. Doctors, nurses and healthcare staff are constantly uploading critical data 24/7/365, and if the LAN is down, then data/files/ records can be lost. The Healthcare News article reports that healthcare organizations are making significant IT investments to transform the IT infrastructure and ensure that patient information is secure, protected and highly available. How can businesses protect themselves from data breaches as a result of insecure LAN equipment and infrastructure? The Federal Communications Commission (FCC) published a securityplanning guide outlining the steps to secure a corporate network: 5 Identify all devices and connections on the network Set boundaries between your company s systems and others Enforce controls to ensure that unauthorized access, misuse or denial-of-service events can be thwarted or rapidly contained and recovered from if they do occur The U.S. Department of Homeland Security says that cyber insurance should be considered to mitigate losses from security incidents, such as data breaches, business interruption and network damage. Insurance should promote the adoption of preventive measures in return for more coverage. And the insurance should encourage the use of best practices by basing premiums on the level of protection. 6 Therefore, proactively building a more secure LAN can lower the costs of cyber insurance. CIOs and IT staff often have network security key performance indicators (KPIs) than can affect performance and compensation reviews, including: The number of security breaches/incidents in systems and infrastructure Percent of systems/applications compliant with security policies/standards Security patches applied within timelines/deadlines percentage Uptime percent for business-critical systems Business time lost due to unscheduled downtime There are real costs associated with data breaches. LAN equipment and infrastructure are possible entry points for malicious activity. It is best for CIOs and IT pros to have a proactive data breach response plan. And with a proactive, highly secure LAN in place, CIOs and IT pros can benefit from lower lost costs, better KPI reviews and lower insurance premiums. Eliminating the inefficiencies of legacy copper-based LAN LAN security is gaining greater importance every year for IT professionals. What s not changing is the architecture, cabling and equipment used by legacy copper-based active Ethernet LANs. In comparison, LANs have many attributes that can tighten network security. Legacy copper-based LAN A legacy copper-based active Ethernet LAN is a complex distributed network. All of its resources are distributed to the farthest reaches of the LAN, which makes implementing and managing consistent security policies and processes difficult. With network intelligence distributed to all the disparate end-points, security policy, security procedures, equipment configurations and moves/adds/changes (MACs) require more human touches, which increase the chance of errors. Copper-based active Ethernet LAN is inherently less reliable, contributing to security risks due to loss of data, files and records. Copper cabling introduces security weakness since its radiant data is tasked with transporting data that is, you do not need to tap into copper cable to gain access to sensitive data, files and records. Finally, all of the deep network devices with full functionality and intelligence add complexity and vulnerability to malicious access. LAN In comparison, the LAN architecture promotes centralized intelligence and management, which simplify the implementation of consistent security policies and processes. The Tellabs Panorama PON Manager element management system reduces the need for human touches on equipment, thus reducing errors. cabling is also inherently more secure than copper cabling. And deep network devices in LANs do not store any configuration or user information and present no local physical management access. 3 Ponemon Institute SEL03027USEN.PDF 4 Healthcare News healthcares-slack-security-costs-16b 5 FCC 6 DHS See Tellabs.com for more information about Tellabs Solutions 2
3 Fewer than 500 users Enhanced Security Quantifiable Savings for fewer than a 500-User/Employee LAN Realistic deployment size for an Enterprise LAN served by a Tellabs 1134 OLT $99, Symantec data breach calculator theorized that this is the cost of a data breach for a service only company that has only employee/company info at risk 7 29% Ponemon Institute found that the root cause of 29% of network errors was a system glitch $28,983 $99,994 x.29 = Percentage of responsibility for a secure LAN infrastructure $28,983 Proportional savings for Tellabs LAN, but it could also be argued that $99,994 is the true value at risk Figure 2: Potential savings from a Tellabs 1134 OLT blocking a security breach for a 500-user and/or end-points LAN. What are the potential cost savings from blocking data breaches with Tellabs LAN Solution? A realistic deployment size for an Enterprise LAN being served by a Tellabs 1134 Line (OLT) is 500 users and/or end-point devices. We can use the Symantec data breach calculator to get an estimate of $99,994 for the cost of a data breach for a service only company that has only employee/company info at risk. 7 The Ponemon Institute study found that the root cause of 29% of network errors was a system glitch, so we can extrapolate that $28,983 in savings (29% of $99,994) is attributable to a 500-user/device using LAN. [Figure 2]. An Enterprise LAN being served by a Tellabs 1150 OLT most likely has 1,000 to 5,000 users and/or end-point devices. The Symantec data breach calculator estimates $1.5 million for the cost of a data breach for a service only company where only employee/company info is at risk. If we apply the Ponemon Institute 29% system glitch percentage, we can extrapolate that $435,000 in savings (29% of $1,500,000) is attributable to a 1,000- to 5,000-user/device LAN. But just like the insurance cost for any calamity, it could also be argued that $1.5 million is the true cost [Figure 3]. Improving network element management security A secure LAN starts with the Tellabs Panorama PON Manager, the element management interface for the LAN. Within the Tellabs PON Manager, role-based access for users is established through strict authentication and authorization [Figure 4]. This is where secure passwords are assigned and managed. Based on IT staff credentials, privileges are defined for what a user can view and modify. Then the activity of the IT staff can be tracked, which helps root cause analyses during troubleshooting and can help with junior IT staff training. User management is very important to achieve the highest levels of security, stability and operational efficiency. The Tellabs PON Manager supports IPv6 and IPSec, which provide additional security functions. Finally, the Tellabs PON Manager is where secure profiles/templates are created for ONTs, ports, connections and other network elements. Within these secure profiles/templates are consistent security policies and procedures. Information managed within these profiles/ templates includes: ONT identifier and name, Ethernet port configuration, PoE settings, IEEE 802.1x, LLDP, RSTP settings and NAC are configured as autonomous rules-based provisioning. The goal of Tellabs LAN is to improve physical LAN security, enabling consistent security policies that are centrally managed while reducing human error and increasing network stability. Enhanced Security Quantifiable Savings for a 1,000- to 5,000-User/Employee LAN 1,000 to 5,000 users Realistic deployment size for an Enterprise LAN served by a Tellabs 1150E OLT $1,500, Symantec data breach calculator theorized that this is the cost of data breach for a service only company that has only employee/company info at risk 7 29% Ponemon Institute found that the root cause of 29% of network errors was a system glitch $435,000 $1,500,000 x.29 = Percentage of responsibility for a secure LAN infrastructure $435,000 Proportional savings for Tellabs LAN, but it could also be argued that if and when the event happens, $1.5 million would be at risk Figure 3: Potential savings from a Tellabs 1150 OLT system blocking a security breach for 1,000 5,000 users served by LAN 7 Symantec See Tellabs.com for more information about Tellabs Solutions 3
4 Line Network s Figure 4: Tellabs Panorama PON Manager provides centralized intelligence, control, automation and management across all network elements. Providing systemwide security across the LAN The Tellabs Panorama PON Manager provides much of the system-wide centralized intelligence, control, automation and management. There are other security features and functionality associated with the OLTs and the LAN solution that contribute to enhanced security across the entire network [Figure 5]. Advanced Encryption Standard (AES) Tellabs LAN Solution support the Advanced Encryption Standard (AES), an encryption algorithm and constantly churning keys. GPON uses 128-bit AES encryption for downstream transmissions. To illustrate the relative size of a 128-bit key would require a constantly changing (i.e., churning) 340 undecillion (that s 39 zeros)-size number. AES has been adopted by the U.S. government and is now used worldwide. GPON has no encryption in the upstream direction because the traffic is granted and orchestrated by the OLT, which has the intelligence to recognize rogue or unexpected ONTs that have neither been properly authenticated nor authorized. The GPON protocol is a stateful protocol; therefore, any interruption of communications is deemed suspicious, and that ONT is quarantined immediately. Simply stated, the OLT with its centralized intelligence are managing tens if not thousands of ONTs simultaneously, and only it can decipher the order of upstream transmission from multiple ONTs. Service Segmentation In the past, LAN services (e.g., voice, video, wireless access) services were physically separated onto different Layer 1 cabling for security purposes. These overlay networks were costly to purchase and operate negatively impacting building space, introducing wasteful material, consuming power and emitting thermals. Today, it is an accepted practice to provide secure transmission over a single physical network utilizing Layer 2 VLAN trunking because service-level VLANs can extend to all end-points. This is how LANs segregate and secure data flows to each client device. Even different ports and ONTs on the same VLAN can be offered different Service Level Agreements with VLAN trunking. What used to be relegated to disparate physical networks can now be converged over a single fiber with LAN. Authentication and Authorization Another important aspect of security over an LAN is the support of consistent authentication and authorization policies. This is accomplished through the Tellabs Panorama PON Manager within profiles and templates relying on protocols, such as IEEE 802.1x, NAC, PAC, DHCP and RADIUS, and IEEE 802.1x. They provide controlled access through strong authentication mechanisms for end-user devices utilizing encryption keys. This helps with intrusion detection and protects from unauthorized activity at the user and device levels. These functions work in concert with Network Access Control (NAC) and Port Access Control (PAC) functions, Line Network s Figure 5: Tellabs LAN Solution has systemwide security enhancements. See Tellabs.com for more information about Tellabs Solutions 4
5 NAP Server(s) WiFi Access Point AAA Server Network Distribution Radius OLT GPON Local Area Network ONT Laptop VoIP Phone Workstation POLICY DECISION POINT POLICY ENFORCEMENT POINT ACCESS REQUESTOR Figure 6: Tellabs LAN systemwide secure authentication and authorization mechanisms provide strong security at individual and device levels. which also include Dynamic Host Control Protocol (including Option 82) and RADIUS support [Figure 6]. Access Control Lists Access Control Lists (ACLs) assist with end-to-end security across the LAN. ACLs can be created at Layer 2 (Ethernet), Layer 3 (IP) and Layer 4 (TCP/UDP), and are either static or dynamic. Their purpose is to facilitate network protection for trusted and nontrusted devices, and to operate in conjunction with authentication mechanisms, for example: L2 Ethernet Filtering: source and destination MAC address, Ethertype and organizationally unique identifier (OUI) L3 IP Filtering: source and destination IP address and Protocol Level L4 TCP/UPD Filtering: Type and Port The Tellabs LAN system can support 2,048 basic ACL filters and 512 deep ACL filters with granularity down to the PON service module card. Rate Limiting Ingress rate limiting is an element of security necessary when enabling Ethernet bridging across the LAN. Its purpose is to limit all broadcast ingress datagrams down to a controlled and safe level. Rate limiting can be enabled on any ACL (not just broadcast). It protects against network flooding and blocking, and can be set in 64 Kbps increments. Rate limiting greatly reduces the potential for Denial of Service (DoS), redirects or other malicious attacks. IP/Ethernet Protocols Supported The Tellabs LAN system exceed the expectations and needs of Enterprise LAN standards-based Ethernet and IP protocols. That is, Tellabs LAN system support a long list of IEEE and RFC protocols too numerous to list for the purposes of this overview. Taking advantage of the inherent security of optical fiber The optical plant, also known as fiber cabling infrastructure, can make significant contributions to overall network security [Figure 7]. Fiber optic cabling is more secure than copper cabling. Fiber is neither susceptible to interference nor does it introduce interference. With fiber you have no cross-talk, no EMI, no RFI and no EMP, unlike copper cabling that allows RF emissions that can be eavesdropped without physical access. You cannot listen to fiber from any distance. Hackers would need to physically access fiber to gain entry to fiber-based communications, which is tremendously difficult to do. GPON is a stateful protocol that detects all abnormal, rogue intrusion events and thwarts physical tapping. Line Network s Figure 7: plant cabling infrastructure provides inherent security protections. See Tellabs.com for more information about Tellabs Solutions 5
6 Core Routers Public Access xdomain Content Aggregator VANGUARD Alarmed PDS Trunk Cable ODN Splitter 1:32 Flexible Interlocking Alarmed and Armored Fiber Optic Cable ONTS Desktop xdomain Thin Clients Internal Corporate OLT SMF (30 km) High Security d/locked Building Main Room/MDF d/locked IDF d/locked ONTs Nonmilitary illustration. If military, unclassified transmissions would be on separate networks. Figure 8: All- PON provides armored, alarmed and 24/7/365-monitored fiber cabling for added security. All- PON All- PON is a means of building highly secure LANs by combining the inherent security benefits of LANs with armored, alarmed and 24/7/365-monitored fiber cabling. 8 All- PON delivers unparalleled performance, security and information assurance [Figure 8]. It is JITC certified, NSTISSI 7003 compliant and deployed throughout the U.S. Department of Defense. All- PON can now be utilized by other markets that experience the high costs associated with data breaches and thus require highly secure LAN, such as hospitals, financial institutions and educational organizations. Even a legacy-hardened carrier protective distribution system (PDS) with electrical metallic tubing and concrete encasement requires periodic visual inspections (PVIs). The carrier (or cabling) was deployed below ceilings and above floors for the purposes of visual inspection. The electrical metallic tubing requires welding and epoxying of all connections. For security, the outdoor cabling requires concrete encasement. With All- PON and its armored, alarmed and 24/7/365-monitored fiber cabling, both CapEx and OpEx are drastically reduced. With the constant auto-learning threshold monitoring of the cabling 24/7/365, the requirement for periodic visual inspections is eliminated. The cables can installed out of sight above ceilings and below floors. Real-world business cases for All- PON showcase a 66% savings in install costs and 75% in faster MACs. Leveraging the security feature of ONTs The ONTs are inherently secure as well [Figure 9]. LAN ONTs are designed with no local management access. This is done because there are few needs for human touches at the ONTs. The ONTs are basically simple optical-to-electrical terminals. ONTs are highly secure and reliable, which ultimately helps improve security. Furthermore, LANs have centralized intelligence and management; no information is stored at the ONTs. User and provisioning information does not reside on the ONT. ONTs are a thin client user/device policies are managed solely at OLT. Thus, ONTs can move freely around the LAN and be sent back to the vendor for repair/return if needed without risk of network/user data being compromised. What if someone with malicious intent tries to access ports on ONTs? The open unused ONT ports are dead by default and cannot pass traffic. And even if that open port somehow got activated, the perpetrators would be blocked by NAC protection mechanisms. The activation of an open unused ONT port can only be done centrally from the secure Tellabs Panorama PON Line Network s Figure 9: Equipment redundancy options include uplink, control, timing, service module, power plant and fans. 8 Tellabs and Network Integrity Systems See Tellabs.com for more information about Tellabs Solutions 6
7 Manager console, most likely positioned in a locked room. Pulling a working service connection (i.e., cable) from an active ONT port triggers an alarm thru the Tellabs Panorama PON Manager and triggers NAC protection that blocks hacker access. If the fiber is tapped at the ONTs, could meaningful data, records and files be extracted? First, the reflection loss is too great to recover any ONT s upstream signal at another ONT. Second, only the OLT can synch upstream data from multiple ONTs, since upstream frame alignment is offset. This offset frame alignment means that an intermediate interception would not have correct frame alignment synchronization; therefore, no useful data, records or files could be gathered. Last, even if inline monitoring of a single ONT was attempted, once the fiber was accessed, the OLT (especially with All- PON) would immediately detect and alarm the system to the fiber tampering. Also, the faceplate screws of the Tellabs 120W Mini Network are alarmed through the Tellabs Panorama PON Manager. Lockable cover options can be deployed with the Tellabs 100 ONT series and Tellabs 700 ONT series end-devices. Exceeding Government, Military, HIPAA and PCI requirements The U.S. Federal Government and Military were the early adopters of Tellabs LAN because of its ability to improve network security both at the electronics level and across the cabling infrastructure. Today, other industry verticals such as Healthcare, Education, Retail and Financial are looking to LAN for the same security benefits. Government and Military All Tellabs LAN hardware and software pass rigorous and constant testing through Joint Interoperability Test Command (JITC). All Tellabs LAN products are listed on the DISA JITC UC APL, which is publicly accessible to all Healthcare, Education, Retail and Financial entities considering the technology. In addition to JITC testing, Tellabs LAN has successfully completed U.S. Army I3MP/ I3C2 Performance Evaluation testing and Certified TEMPEST Technical Authority (CTTA), meets UCR 2013, STIGs and FIPS criteria. Tellabs LAN is deployed in the most secure government and military networks in the U.S. Health Insurance Portability and Accountability (HIPAA) The intent of HIPAA is to protect patient data integrity from eavesdropping, manipulation and theft. LAN is a robust and secure solution that meets applicable HIPAA requirements. LAN presents no access to any ephi data. As such, LAN s primary role is to provide transport and systemwide security. LAN s combination of very robust security and no ephi data minimizes any risk to ephi data. LAN can also provide documented hardening of operational systems and procedures. These HIPAA policies and procedures are well-defined step-by-step procedures otherwise known as the Security Technical Implementation Guide (STIG) for hardening the operating system, the Tellabs Panorama PON Manager and the LAN hardware (OLTs and ONTs). Tellabs LAN is deployed in HIPAA-compliant LANs. Payment Card Industry (PCI) The purpose of the PCI is to provide protection for credit cardholders by ensuring that merchants meet minimum levels of security when they store, process and transmit transactional data. LAN can help build and maintain a secure network for the protection of credit cardholder data. LAN is ideal to implement consistent PCI policies, including strong access control measures and regular monitoring and testing of the network all of which should be part of overarching information security policy and procedure, of which Tellabs LAN and Tellabs Panorama PON Manager play a vital role. Tellabs LAN is deployed in PCI-compliant LANs across multiple vertical markets. Summary No company wants to be the victim of data breach, and no business wants their security weaknesses to be showcased across all media outlets in the event of such an unfortunate breach. No doubt there are real costs for the business and a negative impact on the employees as a result of the breach. A fiber-based LAN infrastructure with Tellabs LAN solution and Tellabs Panorama PON Manager are a viable solution for building a more defensible LAN, where security polices and procedures are implemented consistently. Take the next step. Contact Tellabs today West Diehl Road Naperville, IL U.S.A. 2015, Tellabs Access, LLC. All rights reserved. TEL /15
Healthcare ICT Trends & Innovation: Passive Optical LAN (GPON) for the New Era
Healthcare ICT Trends & Innovation: Passive Optical LAN (GPON) for the New Era Michael Wilson, RCDD Solutions Engineering Manager, Tellabs Access Darren Vican, RCDD, OSP Vice President, RTKL 3/17/2015
More informationHow To Get The Most Out Of A Pon From Commscope
Passive Optical Network (PON): Solutions for Federal Government Deployments Operational Efficiency Solutions Passive Optical Network (PON) solutions for federal government networks Discover opportunities
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationHow Passive Optical LANs are Enlightening the Enterprise LAN
WHITE PAPER How Passive Optical LANs are Enlightening the Enterprise LAN Executive Summary Enterprise businesses that need to upgrade or replace existing telecommunications networks are looking for ways
More informationOperational efficiencies
Operational efficiencies Improving efficiency is a top 10 priority for CIOs per a Gartner 2013 study. 1 Tellabs LAN Solutions and Tellabs Panorama PON Manager have many quantifiable methods of gaining
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationHow Enterprises Are Solving Evolving Network Challenges with Optical LAN
APPLICATION NOTE How Enterprises Are Solving Evolving Challenges with Optical LAN Executive Summary Enterprise businesses that need to upgrade or replace existing telecommunications networks are looking
More informationHow To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack
DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page
More informationHow to Prevent a Data Breach and Protect Your Business
Enforcing Security Policies Key Differentiator NetVanta Microsoft Desktop Auditing Providing Insight Into Your Network With an increasingly mobile workforce, technology portability, and the increase in
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationGPON Equips Marines to Address Networking Demands of Today and Tomorrow
GPON Equips Marines to Address Networking Demands of Today and Tomorrow The primary responsibility of the Marine Corps Recruit Depot (MCRD) in San Diego is to make Marines out of all male recruits who
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationIntegrated Health Systems. Enterprise Wireless LAN Security for Long Term Care. Integrated Systems, Inc. (866) 602-6100
Integrated Health Systems Enterprise Wireless LAN Security for Long Term Care Integrated Systems, Inc. (866) 602-6100 Enterprise Wireless LAN Security This paper describes the challenges today s healthcare
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationPotential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University
Potential Security Vulnerabilities of a Wireless Network Implementation in a Military Healthcare Environment Jason Meyer East Carolina University Abstract This paper will look into the regulations governing
More informationSECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC
SECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC End-to-end Infrastructure Protection for Institutions In the last few years, the demand for classified information experienced by many government
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationMYTHBUSTERS: The Honest Facts About Gigabit Passive Optical Networks (GPON)
MYTHBUSTERS: The Honest Facts About Gigabit Passive Optical Networks (GPON) Michael Wilson, RCDD Solutions Sales Manager, Optical LAN Tellabs Government & Enterprise Systems Michael.Wilson@Tellabs.com
More informationLink Layer and Network Layer Security for Wireless Networks
White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:
More informationProtecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems
Page 1 of 5 Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems In July the Payment Card Industry Security Standards Council (PCI SSC) published
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationEnterprise A Closer Look at Wireless Intrusion Detection:
White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become
More informationCisco Wireless Control System (WCS)
Data Sheet Cisco Wireless Control System (WCS) PRODUCT OVERVIEW Cisco Wireless Control System (WCS) Cisco Wireless Control System (WCS) is the industry s leading platform for wireless LAN planning, configuration,
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationCISCO WIRELESS CONTROL SYSTEM (WCS)
CISCO WIRELESS CONTROL SYSTEM (WCS) Figure 1. Cisco Wireless Control System (WCS) PRODUCT OVERVIEW Cisco Wireless Control System (WCS) Cisco Wireless Control System (WCS) is the industry s leading platform
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationVOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======
VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationA POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications
Polycom Recommended Best Security Practices for Unified Communications March 2012 Unified Communications (UC) can be viewed as another set of data and protocols utilizing IP networks. From a security perspective,
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationWireless Security and Healthcare Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance
Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs are prevalent in healthcare institutions. The
More informationA Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model
A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationWHITE PAPER. Enterprise Wireless LAN Security
WHITE PAPER Enterprise Wireless LAN Security Preface This paper describes the challenges today s administrators face when planning data protection for their wireless networks. Paramount in this discussion
More informationTech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
More informationWHITE PAPER. Preventing Wireless Data Breaches in Retail
WHITE PAPER Preventing Wireless Data Breaches in Retail Preventing Wireless Data Breaches in Retail The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing
More informationNEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service
NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service This document describes the benefits of the NEWT Digital PBX solution with respect to features, hardware partners, architecture,
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network security strategy to meet new threats and simplify IT security operations
WHITEPAPER An Adaptive Approach to Network Security Evolve your network security strategy to meet new threats and simplify IT security operations Frank Andrus CTO, Bradford Networks Executive Summary...
More informationFrank Andrus WHITEPAPER. CTO, Bradford Networks. Evolve your network strategy to meet new threats and achieve expanded business imperatives
WHITEPAPER The Emergence of Adaptive Network Security Evolve your network strategy to meet new threats and achieve expanded business imperatives Frank Andrus CTO, Bradford Networks Executive Summary...
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationBeef O Brady's. Security Review. Powered by
Beef O Brady's Security Review Powered by Why install a Business Class Firewall? Allows proper segmentation of Trusted and Untrusted computer networks (PCI Requirement) Restrict inbound and outbound traffic
More informationSecuring end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
More informationWHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Secure Network Access Control Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationHIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper
HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationHIPAA Compliance for the Wireless LAN
White Paper HIPAA Compliance for the Wireless LAN JUNE 2015 This publication describes the implications of HIPAA (the Health Insurance Portability and Accountability Act of 1996) on a wireless LAN solution,
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationNetwork Management Basics
Updated November 2011 MILLENIUM TELECOM, LLC d/b/a ONESOURCE COMMUNICATIONS BROADBAND INTERNET SERVICE DISCLOSURES Consistent with FCC regulations, 1 OneSource Communications (OneSource) provides this
More informationS-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009
S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationLink Layer and Network Layer Security for Wireless Networks
Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More informationWireless like Wired reliability delivered
Service Assurance Made Easy Meru Service Assurance Management Suite Forrester found that organizations using the Meru solution can benefit from potentially avoiding repeated site surveys, reducing the
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationSecure Network Access Solutions for Banks and Financial Institutions. Secure. Easy. Protected. Access.
Secure Network Access Solutions for Banks and Financial Institutions Secure. Easy. Protected. Access. Cybersecurity A Growing Concern for Banks The banking sector is shifting from using closed, proprietary
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationTellabs Optical LAN Solutions Overview
Tellabs Optical LAN Solutions Overview Is your LAN ready for tomorrow s challenges? Optical LANs versus copper LANs CIOs and IT professionals are finding solutions to the many network challenges created
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD
SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD www.wipro.com Table of Contents Executive Summary 03 Introduction 03 Challanges 04 Solution 05 Three Layered Approach to secure BYOD 06 Conclusion
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationNetwork Access Control (NAC)
Solutions Network Access Control (NAC) Allied Telesis provides advanced edge security for Enterprise networks Security Issues The security issues facing Enterprise networks have evolved over the years,
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationWi-Fi, Health Care, and HIPAA
AN AIRMAGNET TECHNICAL WHITE PAPER Wi-Fi, Health Care, and HIPAA WLAN Management in the Modern Hospital by Wade Williamson WWW.AIRMAGNET.COM This page contains no topical information. Table of Contents
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationHow To Create An Intelligent Infrastructure Solution
SYSTIMAX Solutions Intelligent Infrastructure & Security Using an Internet Protocol Architecture for Security Applications White Paper July 2009 www.commscope.com Contents I. Intelligent Building Infrastructure
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More information