1 SECURE DATA CENTER DESIGN Piotr Wojciechowski (CCIE #25543)
2 ABOUT ME Senior Network Engineer MSO at VeriFone Inc. Previously Network Solutions Architect at one of top polish IT integrators CCIE #25543 (Routing & Switching) Blogger Administrator of CCIE.PL board The biggest Cisco community in Europe Over 6800 users 3 admin, 7 moderators 58 polish CCIEs as members, 20 of them actively posting About 150 new topics per month About 1000 posts per month English section available
3 AGENDA What we want to protect? Physical DC security Secure Network Design Internet Edge Protection Security Audits
4 WHAT WE WANT TO PROTECT?
5 WHAT WE WANT TO PROTECT? Sensitive data Business-related processes Network services Applications Hardware
6 WHAT WE WANT TO PROTECT?
7 WHAT WE WANT TO PROTECT?
8 WHERE WE PROTECT?
9 WHERE WE PROTECT?
10 SECURITY AS A PROCESS 1. Subject matter experts define policies 2. Policies used to create application templates 3. Application templates used to create application profiles 4. Associated profiles creates resources automatically
11 PHYSICAL DC SECURITY
12 DATA CENTER PHYSICAL SECURITY Site location Risk of natural disasters on acceptable level (fires, lightning storms, hurricanes, earthquakes etc.) Man-made disasters on low level (plane crashes, riots, fires, explosions etc.) Site should not be adjacent to airports, prisons, freeways, banks, rafineries etc.) Data center should not share the same building with other offices, especially offices not owned by organization
13 DATA CENTER PHYSICAL SECURITY Site location Electrical utility powering the site should have 99,9% or better reliability of service. It must be delivered from at least two separate substations Backup power generators Water should be delivered from more than one source
14 DATA CENTER PHYSICAL SECURITY Perimiters Fence around the facility Guard kiosks at each access point Automatic authentication method for employees (badges) CCTV Parking not align to the building No clear advertisement that Data Center is located at this facility
15 DATA CENTER PHYSICAL SECURITY Surveillance Monitoring of property as well as neighborhood Guards on patrol Parking permits for vehicles Separate parking areas for employees and visitors
16 DATA CENTER PHYSICAL SECURITY Entry points Loading docks and all outside doors should have automatic authentication methods (ie. badges) Each entrance should have physical barriers and CCTV cameras Engineers must be required to use badges with pictures Track equippment being placed in and removed
17 DATA CENTER PHYSICAL SECURITY NOC (Network Operation Centre) Must have power, temperature, fire and humidity monitoring systems in place Redundant methods of communication with outside (analog phones, IP phones, cell phones etc.) Manned 24/7
18 DATA CENTER PHYSICAL SECURITY Disaster Recovery It s a must have! Must contain definition of disaster, who gets notified, who conduct damage assessment, where backups are located and what to do to maintain them Plan must be updated and reviewed
19 DATA CENTER PHYSICAL SECURITY
20 DATA CENTER PHYSICAL SECURITY
21 DATA CENTER PHYSICAL SECURITY
22 DATA CENTER PHYSICAL SECURITY
23 DATA CENTER PHYSICAL SECURITY
24 DATA CENTER PHYSICAL SECURITY
25 DATA CENTER PHYSICAL SECURITY
26 SECURE NETWORK DESIGN
27 MULTI-LAYER DC PROTECTION No single solution for all data centers Security should be deployed basing on application requirement, certification requirement as well as traffic flow To much protection can be worse than no protection Virtualization new challenges for security
28 SECURITY ZONES A security zone is an area within a network occupied by a group of systems and components with similar requirements for the protection of information and the attendant characteristics associated with those requirements. Security zones are often layered as trust zones such that resources in higher trust zones may communicate with resource in lower trust zones, but not the other way around.
29 SECURITY ZONES
30 SECURITY ZONES Goal of security zones: Control inter-zone communication Monitor inter-zone communication using IDP/IPS Control management access into, out of and within the zone (jump servers) Enforce data confidential and integrity rules for data stored within a zone, as well as for replication and backup.
31 SECURITY ZONES How to establish security zone?
32 IPS DEPLOYMENT The Intrusion Prevention System (IPS) provides deep packet and anomaly inspection to protect against both common and complex embedded attacks. Because of the nature of IPS and the intense inspection capabilities, the amount of overall throughput varies depending on the active policy. The IPS deployment in the data center usually leverages EtherChannel load balancing from the service switch. This method is recommended for the data center because it allows the IPS services to scale to meet the data center requirements
33 IPS DEPLOYMENT Usually deployed in service layer (part or DMZ and high security zones) A port channel is configured on the services switch to forward traffic
34 IPS DEPLOYMENT Spanning tree plays an important role for IPS redundancy in this design Under normal operating conditions traffic, a VLAN will always follow the same active Layer-2 path
35 IPS DEPLOYMENT Spanning tree plays an important role for IPS redundancy in this design If a failure occurs (service switch failure or a service switch link failure), spanning tree would converge and the active Layer-2 traffic path would change to the redundant service switch and Cisco IPS appliances.
36 IPS DEPLOYMENT SECURE TRAFFIC FLOW
37 VIRTUALIZATION CHALLENGES - VISIBILITY New challenges for visibility into what is occurring at the virtual network level Traffic flows can now occur within the server between virtual machines without needing to traverse a physical access switch
38 VIRTUALIZATION CHALLENGES - VISIBILITY If a virtual machine is infected or compromised it might be more difficult for administrators to spot without the traffic forwarding through security appliances
39 VIRTUALIZATION CHALLENGES - VISIBILITY ERSPAN forwards copies of the virtual machine traffic to the Cisco IPS appliance and the Cisco Network Analysis Module (NAM)
40 VIRTUALIZATION CHALLENGES - ISOLATION Server-to-server filtering can be performed using ACLs on the Cisco Nexus 1000V Because the server-to-server traffic never leaves the physical server, the ACL provides an excellent method for segmenting this traffic.
41 VIRTUALIZATION CHALLENGES - ISOLATION There are two options for adding an access list to the virtual Ethernet interfaces to block communication: The ACL can be defined and the access group can be applied to a port profile. All interfaces configured for the port profile will inherit the access-group setting. Specific ACLs on an interface can be applied directly to the virtual Ethernet interface in addition to the port profile. The port profile will still apply but the access group will only be applied to the specific interface instead of all interfaces that have inherited the particular port profile.
42 VIRTUALIZATION CHALLENGES - FIREWALLING An additional virtual context is created on the Cisco ASA and designated to reside between the servers and an Oracle database It can also be virtual firewall ASA 1000V
43 VIRTUALIZATION CHALLENGES - FIREWALLING The goal is not to prevent any server from communicating with the database, but rather to control which servers can access the database Context firewalls can run in routed and transparent modes
44 VIRTUALIZATION CHALLENGES WEB APPLICATION FIREWALL WAF can protect servers from a number of highly damaging application-layer attacks including command injection, directory traversal attacks, and crosssite (XSS) attacks
45 VIRTUALIZATION CHALLENGES WEB APPLICATION FIREWALL Can be used also for SSL offloading
46 VIRTUALIZATION CHALLENGES VM-TO-VM IDS ERSPAN on the Cisco Nexus 1000V is leveraged to forward a copy of virtual machineto-virtual machine traffic to the IDS at the services layer Both virtual machines reside on the same physical server
47 VIRTUALIZATION CHALLENGES VM-TO-VM IDS The attempt triggers a signature on the IDS and is logged for investigation
51 INTERNET EDE PROTECTION The Internet edge is a public-facing network infrastructure and is particularly exposed to large array of external threats. Some of the expected threats are as follows: Denial-of-service (DoS), distributed DoS (DDoS) Spyware, malware, and adware Network intrusion, takeover, and unauthorized network access spam and viruses Web-based phishing, viruses, and spyware Application-layer attacks (XML attacks, cross scripting, and so on) Identity theft, fraud, and data leakage
52 FIREWALL PHYSICAL INTERFACES LAYOUT The different logical interfaces on the Cisco ASA can be used to separate the DMZ, SP-facing interfaces, and the inside corporate infrastructure
53 WEB APPLICATION FIREWALL
54 WEB APPLICATION FIREWALL Configure the web application firewall to retain the source IP address if the traffic is directed to appliances in the data center. It is recommended that HTTPS traffic directed to the data center, not be encrypted as the Cisco ACE module in data center will perform the loadbalancing and decryption while also providing higher performance. The web application firewall in the Internet edge and the web application firewall in data center to be configured in the same cluster.
55 SERVICE PROVIDER EDGE Use BGP as the routing protocol for all dynamic routing both between the border routers and between the border routers and SP. Have an independent autonomous system number. This will give the flexibility of advertising the Internet prefix to different SPs. Use PfR as path-optimization mechanism. This will ensure that the optimal path is selected between the SPs thereby increasing the application performance.
56 SECURITY AUDITS
57 SECURITY AUDITS There is no one template of security audit that will fit everyone Some security audits are cerification related (in example PCI-DSS) Audits does not cover only networking aspects If performed correctly, a security audit can reveal weakness in technology, practices, employees and other key areas Usually is semi-automated
58 SECURITY AUDITS Audit components (some, not all): Vulnerability scans Examination of OS settings Examination of application settings Network analyses Employee interview Logs studying Security policies review
59 SECURITY AUDITS Some of the key questions that auditor must ask include: Who is in charge of security, and who does this person report to? Have ACLs (Access Control Lists) been placed on network devices to control who has access to shared data? How are passwords created and managed? Are there audit logs to record who accesses data? Who reviews the audit logs, and how often are they examined? Are the security settings for OSes and applications in accordance with accepted industry security practices?
60 SECURITY AUDITS Some of the key questions that auditor must ask include: Have unnecessary applications and services been purged from systems? How often does this task take place? Are all OSes and applications updated to current levels? How is backup media stored? Who has access to it? Is it up-to-date? How is security addressed? How is Web security addressed? How is wireless security addressed?
61 SECURITY AUDITS Some of the key questions that auditor must ask include: Are remote workers covered by security policies? Is a disaster-recovery plan in place? Has the plan ever been rehearsed? Have custom applications been tested for security flaws? How are configuration and code changes documented? How often are these records reviewed? Many other questions pertaining to the exact nature of the business's operations also must be addressed.
62 INERNAL AUDITS BAU audits: Checking current status of maintained platform and software Should be regular On-demand audits Test if procedures are working Test if team is prepared for emergency situation Test third-party responsibility
63 SECURITY AUDITS Off-the-shelf auditis: Ineffective More costly in long term Are not showing results management and security teams are requesting Usually 99% software-based
64 SECURITY AUDITS Audit time: Stage % of Total Time Preparation 10 Reviewint Policy/Docs 10 Talking/Interviewing 10 Technical Investigation 15 Reviewing Data 20 Writing Up Documentation 20 Report Presentation 5 Post Audit Actions 10
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
Troubleshooting and Maintaining Cisco IP Networks Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and E Learning Goal and Course Flow Additional Cisco Glossary of Terms Your Training
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
White Paper Secure Reverse Proxy Server and Web Application Firewall 2 Contents 3 3 4 4 8 Losing control Online accessibility means vulnerability Regain control with a central access point Strategic security
Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader Cisco Support Community Expert Series Webcast Today s featured expert is Cisco Technical Leader Ask him questions
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
FIREWALLS & CBAC firstname.lastname@example.org Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
WHITE PAPER Healthcare Security and HIPAA Compliance with A10 Contents Moving Medicine to the Cloud: the HIPAA Challenge...3 HIPAA History and Standards...3 HIPAA Compliance and the A10 Solution...4 164.308
SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats
Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology email@example.com Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : firstname.lastname@example.org Why are people concerned
Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
Cisco ASA for Accidental Administrators Version 1.1 Corrected Table of Contents i Contents PRELUDE CHAPTER 1: Understanding Firewall Fundamentals What Do Firewalls Do? 5 Types of Firewalls 6 Classification
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
Cisco ASA 5500 Series Business Edition Cisco ASA 5500 Series Business Edition Provides an All-in-One Security Solution The Cisco ASA 5500 Series Business Edition is an enterprise-strength comprehensive
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls