Cyber & Information. assuranc e. Land Mobile Radio System Product & Services Offerings

Transcription

1 Cyber & Information assuranc e Land Mobile Radio System Product & Services Offerings

2 4Introduction 5Overview 7Access Control Directory Services (Active Directory & Radius) Certificate Authority Strong Authentication Accountability & Auditing 9Network Security 9 Perimeter Firewalls 9 10 Network Intrusion Detection & Prevention Link Encryption 11Computer Security 11 Patch Mgmt 11 Harris Software Updates 12 Patch Mgmt - SUMS Security Enhancements 12 Validated and Verified 12 Confirmation 12 Commitment to Sucess 12 Cost Effective 12 Host-based Security 13 Updates and Patches 13 System Lockdown & Operations 14Security Management 14 Host-based Security 15 Network Infrastructure Mgmt 16 Network Intrusion Mgmt & Monitoring Centralized Log Mgmt Continuity of Operations & Disaster Recovery Security Information & Event Mgmt Vulnerability Mgmt & Environmental 19Physical Security 2 Harris Corporation

3 Cyber and Information Assurance Products and Services 3

4 Introduction The world is becoming a fast paced society built on the flexible infrastructure of the Internet protocol (IP), and industries are moving technology over to IP-based solutions because of the numerous benefits provided, including common backbone and infrastructure, commercially available standard products, common support and maintenance, and flexibility for newer technologies. As technology and industries make systems and solutions IPbased, they become susceptible to the same risks that home and work computers are exposed to (e.g. viruses, trojans, spyware, and misuse), and therefore needs to be protected with the same solutions as you would see in corporate and federal networks. It is the mission of any security solution to enable the owner and users to fully utilize their system, and take advantage of the benefits of having an IP-based system with confidence and trust that their system is maintaining the confidentiality of their information, the integrity of their data, and the availability of the their system. 4 Harris Corporation

5 to facilities critical elements security measures to control & monitor access (Logging) Physical & personnel Personnel (IA Training Class) Personal Accountability (Administrator, Console, etc.) Training of Critical Assignment of Roles & Responsibilities Role-based Access Intrusion Detection (Network Firewall, Host the Firewall) Security Managing Management) (Configuration Defenses Layered Passive Attacks: Encryption Active Attacks: Firewalls Defense in Multiple Places & Layers Posture (Patch Management) Key Management Certifying & Accrediting changes to the baseline Continuity of Operations & Disaster Recovery Overview Harris is a leading provider of assured communications because of our commitment to delivering leading-edge secure and reliable communications systems. Harris evaluates each system individually using a risk management framework that provides a Defense in Depth Strategy using industry best practices that addresses the risks as they pertain to each system in ensuring confidentiality, integrity, availability, authentication, and non-repudiation. Defense in Depth is an approach where security is not resolved purely on a technical level, but should also be addressed across Personnel and Operations. Therefore Harris has tailored our product offering to assist customers in achieving this objective from simply providing antivirus to implementing our entire security portfolio as provided to our federal customers in the Department of Justice, and Department of Defense. Defense in Depth Strategy People Technology Operations Assignment of Roles & Responsibilities (Administrator, Console, etc.) Training of Critical Personnel (IA Training Class) Personal Accountability (Logging) Physical & personnel security measures to control & monitor access to facilities critical elements (Network Sentry) Defense in Multiple Places & Layers Passive Attacks: Encryption Active Attacks: Firewalls Layered Defenses (Network Firewall, Host Firewall) Role-based Access Intrusion Detection Certified Products Continuity of Operations & Disaster Recovery Certifying & Accrediting changes to the baseline (Configuration Management) Managing the Security Posture (Patch Management) Key Management Incident Response (Network Sentry) Certified Products Incident Response People Technology Operations Information Assurance and Security Products and Services 5 Defense in Depth Strategy for:

6 Host-based Security (McAfee) Host-based Firewall (Windows) Antivirus Protection with Centralized Management & Control (McAfee) (ACL, Port Security, etc.) Link Encryption with AES Monitoring & Control (Sourcefire) Secure Router & Switch Configurations The following table has been provided as a quick reference guide of the available options in how Harris addresses security in the various fields or domains of Information Security. The information listed is a full examination of our products and services that will be tailored to address the risks associated with a particular system. Information Assurance & Cyber Security Quick Reference Discipline Access Control Operational Security Centralized Management Physical Security Network Security Computer Security Products & Services Directory Services Certificate Authority Strong Two-Factor Authentication Accountability & Auditing (System & Event Logging) Patch & Configuration Management Disaster Recovery with Centralized Back-up Recovery Centralized System Logging & Storage (LogLogic) Vulnerability Management Training & Documentation Technical Assistance Center (TAC) Domain Controllers Remote Authentication (RADIUS) for Embedded, Cisco, & Laptop Devices Certificate Authority for Mutual Authentication (CA) Domain Name Services Integration (DNS) Host-based Security Management Network Infrastructure Management & Monitoring Centralized Patch Management Centralized Log Management Security Information & Event Management Alarm Monitoring & Control Centralized Real-time Alarm Monitoring Perimeter Firewalls Network Intrusion Detection with Centralized Monitoring & Control Secure Router & Switch Configurations Link Encryption with AES Router Software Firewalls Antivirus Protection with Centralized Management & Control Host-based Security Host-based Firewall Operating System Lockdown e.g. Group Policies Operating System Lockdown e.g. Group Policies Computer Security 6 Harris Corporation Router Software Firewalls (Cisco Advanced Security IOS)

7 Access Control The main goal of any information system is to restrict access to those who are authorized to and have a need to know, including the ability to audit the information system to ensure that the policies and regulations are being implemented appropriately, and to provide accountability for the actions of those with the responsibility of using and administering the system. Access control seeks to ensure that the information system maintains confidentiality of information but also ensures the integrity of information with role-based access control. With the philosophy that access control should involve the implementation of least privileges, authentication, and accountability, Harris provides the following capabilities to assist with access control to provide a layered defense in addition to the system s physical and environmental security. Active Directory RADIUS Certification Authority Strong (Two-Factor) Authentication Accountability and Auditing Intrusion Detection (See Network and Computer Security) Directory Services Windows Active Directory (AD) is our primary method of controlling access to the system from connecting your laptop to the network to accessing a core server, and has been integrated with RADIUS to provide remote authentication of devices that don t support the AD protocols. This permits a centralized server with redundant, and backup server capability to handle authentication and authorization of users and devices, including user passwords. Active Directory allows us to create differentiated roles that are not only keyed to a user but to the machine in which they are accessing, including Unix Servers with the integration of Quest Authentication Services for Solaris and Linux operating systems. The differentiated roles and centralized user management permits the ability for an administrator to not only control access to infrastructure devices, but to generate and push security policies, trusted websites and certifications, wallpapers, et cetera. The Group Policies inherent in Active Directory allow for policies to differentiate not only to user roles but to allow policies that apply in tandem to the joint machine and user profile. RADIUS is used to provide AD authentication from devices that don t support the AD protocol like embedded devices and Cisco Networking Appliances. Cisco, along with the supported 802.1X protocol allows for the authentication of technician laptops before they are even allowed to access the network. Cyber and Information Assurance Products and Services 7

8 Certificate Authority The Windows Certificate Authority (CA) is used in Harris system to provide mutual authentication for web services, and Kerberos authentication between devices and machines. The CA is integrated with our existing Active Directory Server to leverage capability, reduce costs, and reduce maintenance of hardware and software while strengthening or PKI architecture. Strong Authentication A key component within Information Assurance and Access Control is the concept and methods of Identity Assurance that addresses minimizing business risk associated with identity impersonation, and inappropriate account use. The Harris PSPC system utilizes two-factor authentication, and associated tokens to provide the confidence to system owners that users accessing critical infrastructure or communicating remotely via VPN Remote Access are trusted identities with the use of two-factor (or strong) authentication by which the user must provide three bits of information: account name, account password (something they know), and the token ID (something they have). The Harris PSPC two-factor authentication for mission critical communications provides just such a solution in an extremely flexible and affordable alternative. It is a critical component of any security infrastructure, adding strong authentication to your LMR network. The Harris PSPC twofactor solution verifies authentication requests, and enforces authentication policies across LMR networks based on your investment in Active Directory and the identities, roles, and rules already present in that de-facto enterprise directory. More importantly, our solution provides a unified, vendor neutral, fully scalable infrastructure that can grow and adapt with the ever changing needs of your system. 8 Harris Corporation

9 Accountability & Auditing In conjunction with Active Directory, Harris also provides the capability of monitoring and recording system and event logs from a vast majority of the devices on the network. These logs can then be forwarded to a centralized repository for analysis by using either built in capability (e.g. Solaris or Cisco) or using a third-party application (e.g. Windows with Lasso). For detailed information about the centralized management, correlation, and analysis of logs, please see the appropriate sections in Security Management. Harris Monitors and records: Windows Event Logs Windows Security Logs Unix System Logs Cisco Firewall Logs Cisco Router Logs Cisco Switch Logs Network Security The core of an information system is the network which permits the sharing of information between systems, which makes it a primary medium for infiltration but also an excellent source for preventing and detecting unauthorized behavior. Harris provides multiple options of network security that address many differing risks associated with IP Networks with Access Control Lists, Perimeter Firewalls, Network Intrusion Detection, and Link Encryption. Many of the Cisco Integrated Service Routers are also capable of supporting Advanced Security operating systems that permit not only the link encryption described later but a software based stateful firewall for additional network security. Perimeter Firewalls The perimeter firewall provides protection to the system by enforcing policies, preventing abnormal network behavior, and integrating high-performance security features, including applicationaware firewall, SSL and IPSec, VPN, IPS, antivirus, antispam, antiphishing, and web filtering services. These technologies deliver strong network and application layer security, user-based access control, worm mitigation, malware protection, and improved employee productivity. Harris utilizes the Cisco ASA 5500 Series as their preferred perimeter firewall with the 5505 and the 5510 being the two most often deployed appliances depending on the network configuration, bandwidth, and risk associated with the point being protected. The adaptive security appliances integrate industry-leading Cyber and Information Assurance Products and Services 9

10 firewalls, unified communications security, VPN technology, intrusion prevention, and content security in a unified platform to: Stop attacks before they penetrate the network perimeter Protect resources and data, as well as voice, video, and multimedia traffic Control network and application activity Reduce deployment and operational costs Adaptable architecture for rapid and customized security services deployment Advanced intrusion prevention services that defend against a broad range of threats Highly secure remote access and unified communications to enhance mobility, collaboration, and productivity The Cisco ASA 5510 is extensively used to protect the Network Switching Center (NSC), and any other server farms being implemented to meet customer needs, e.g. CAD/AVL. The Cisco ASA 5505 is often used as a boundary firewall between Harris system and a customer s network infrastructure to provide security and VPN Access but will be increased to the 5510 if bandwidth between the systems is elevated or is connected to a public system as in the Internet. Network Intrusion Detection & Prevention (IDS/IPS) In today s environment where networks are is highly dynamic with newer technologies and sophisticated threats, networks need to implement network security measures that are just as dynamic and adaptive. Sourcefire 3D is an awardwinning intrusion detection and prevention system that is built on Snort, the de facto standard. By placing Sourcefire 3D in line with the network configurations, the system can act as a preventative measure while placing it on the spanning (or sniffer) port of a switch, which can allow it to act as a detection system on all traffic on the switch, even the network traffic that is not being routed outside of the local area network. Sourcefire IPS uses a powerful combination of vulnerability, and anomaly-based inspection methods at line speeds up to 10Gbps to analyze network traffic, and prevent threats from damaging your network, including: Worms P2P attacks Statistical anomalies Protocol anomalies Application anomalies Malformed traffic Invalid headers Blended threats Rate-based attacks Zero-day threats TCP segmentation and IP fragmentation Trojans Backdoor attacks Spyware Port scans VoIP attacks IPv6 attacks DoS attacks Buffer overflows For large systems, where maintenance and monitoring of individual components is too resource intensive, Harris offers a Defense Center for the centralized management and monitoring of all the appliances on the network. (See Network Intrusion Management and Monitoring) 10 Harris Corporation

11 Link Encryption With the advanced security operating system running on Cisco Integrated Service Routers, the router is capable of providing many features including link encryption and a software-based stateful firewall. Link Encryption allows for information traversing the network through public, shared, or insecure physical media to be encrypted in its entirety. This protects information being sniffed from physical media, whether copper or microwave, from revealing any information including IP headers, which can be used to learn about the customer s network infrastructure. Even though end-to-end encryption provided at the application level provides multiple layers of security, it does not encrypt or protect the IP headers from being sniffed, and network behavior from being analyzed. By offering the capability for customer s to encrypt links traversing public or shared media, Harris mitigates the risk of providing information about your network infrastructure, business behavior, or confidential information to unauthorized sources. Computer Security Computer systems have become the primary resource for not only storing information but also the primary work horse for users to perform their jobs, and therefore has become a primary objective for intruders for either data gathering or destruction. This makes a computer system the end point for security that layers need to be built around to minimize the risk associated with the information they contain or with the trusted capability placed at their disposal. Patch Management A common approach to gaining access to unauthorized systems is to leverage a known vulnerability within a software system, which is why it becomes important to ensure that the system is properly maintained throughout the life cycle of the system with up-to-date software versions and patches that close vulnerabilities and bugs to prevent them from being exploited. Because of its importance Harris offers many levels of customer maintenance support in Information Security. Harris Software Updates (Software FX) A comprehensive software maintenance program is available as an option that provides semi-annual upgrades to Harris developed software applications. These software upgrades include enhancements to the existing software baseline, corrections to issues, and the ability to purchase and enable newly developed licensed features. Software FX is purchased on an annual or multi year basis. Cyber and Information Assurance Products and Services 11

12 Patch Management - Security Update Management Service (SUMS 2.0) With software and the threats against that software constantly evolving, organizations need an effective way to assess, deploy and manage a constant flow of patches for the myriad operating systems and applications in their heterogeneous environments. For system administrators responsible for potentially tens or hundreds of thousands of endpoints running various operating systems and software applications, patch management can easily overwhelm already strained budgets and staff. SUMS 2.0 balances the need for fast deployment and high availability with an automated, simplified patching process that is administered from a single console. Security Enhancements SUMS 2.0 automates the complete patch management process and enhances security while saving money, time and effort. Validated and Verified SUMS 2.0 acquires, tests, packages and distributes many patch policies directly for customers, removing considerable patch management overhead. This largely automated process provides a consistent, high-quality patch in a timely manner. The SUMS 2.0 automation agent continuously monitors and reports endpoint state, including patch levels, to a management server. This agent also com-pares endpoint compliance against defined policies, such as mandatory patch levels. Organizations can quickly create a report showing which endpoints need updates and then distribute those updates to the endpoints within minutes. IT administrators can safely and rapidly patch Windows, Linux, and UNIX operating systems with no domain-specific knowledge or expertise. Confirmation Once a patch is deployed, SUMS 2.0 automatically reassesses the endpoint status to confirm successful installation and immediately updates the management server in real time. This step is critical in supporting compliance requirements, which require definitive proof of patch installation. With 12 Harris Corporation this solution, operators can watch the patch deployment process in real time via a centralized management console to receive installation confirmation within minutes of initiating the patch process. By closing the loop on patch times, organizations can ensure patch compliance in a way that is smarter and faster. Commitment to Success SUMS 2.0 builds upon Harris continuing customer commitment as a valued enhancement to the Software FX program and is only offered with a Software FX subscription. Cost Effective The combination of Software FX and SUMS 2.0 provides a cost-effective means of keeping Harris critical communications systems up to date and secure. Software FX and SUMS 2.0 permit customers to incorporate the latest system features, functions, options, and security updates to protect their mission-critical communications with confidence. Host-based Security (Anti-Virus & HIDPS) Host-based Security is applying a suite of software or software functionality within a single software that protects the host computer from malicious behavior. McAfee Antivirus is a recommended minimum application to protect workstations and servers from malicious code as most individuals accept for even their home computers, but it does not pro-

13 vide a complete solution for all the vectors that malicious behavior can occur from zero-day viruses, which are not found by antivirus software, intentional attacks through bugs or even accidental user actions. A comprehensive host solution is necessary for ensuring proper protection from known attack vectors and unallowable behaviors to anomaly detection for incident handling and chain of events. To provide a complete Host-based Security Suite, Harris offers McAfee s Total Protection for Endpoint to minimize risks and lower costs by continuously and proactively blocking threats while enforcing endpoint policy. The Total Protection software is a proven technology from a long standing company in the industry with: Proven comprehensive anti-virus protection, antispyware, anti-spam, web security, desktop firewall, intrusion prevention, NAC and policy auditing A single, integrated console (not multiple applications for antivirus, antispyware, intrusion detection, etc.) lowers cost of managing and increases visibility Straightforward and flexible policy definition with predefined compliance checks in plain English, and granular policies Integrated and centralized console via McAfee epolicy Orchestrator (epo ) (See Host-based Security Management) Audit and verify endpoints are free of vulnerabilities, misconfigurations, and policy violations with integrated policy auditing Renowned virus protection for the hardest systems to manage desktops and file servers Desktop anti-spyware uses true on-access scanning to identify, proactively block, and safely eliminate potentially unwanted programs, which can leak information to unauthorized sites on the Internet Desktop host intrusion prevention proactively protects against zero-day threats and reduces patching headaches Desktop firewall protects remote and mobile endpoints and reduces the threat of networkborne threats Integrated web security provides web safety information to end users to inform them of potentially malicious web sites that harbor spyware, viruses, and other threats server anti-spam and anti-virus stand guard over your messaging servers with comprehensive virus protection and content filtering Updates & Patches (SUMS 2.0) The SUMS 2.0 subscription meets customers needs to update an LMR system with the latest third-party security related patches, McAfee anti-virus signatures, and recommended third-party software settings. Harris will obtain third party patches directly from commercial vendors and will keep abreast of current vulnerability reports. Once obtained Harris will evaluate these patches in our dedicated SUMS 2.0 lab for quality assurance and system usability. Harris will include those patches that are both applicable and usable in a convenient SUMS release. For more detailed description and options, please see Patch Management (FX & SUMS 2.0). System Lockdown Harris systems offer two sources for providing security policies to computer systems. First and primary is the security policies pushed down from Active Directory, which permits the administrator to centrally manage security policies for devices or users. Secondly, Harris offers a lockdown script that sets the local security policies for Unix machines and stand-alone Windows machines that comes standard with the SUMS 2.0 Product Line. Harris can configure baseline security controls on VIDA Network system components, including the servers, the workstations, and the network routers. These controls include removing unused services and daemons, removing unnecessary rights from user and service logins, configuring secured web browsers, utilized secured remote administration tools, et cetera. Cyber and Information Assurance Products and Services 13

14 Security & Operations Management A proper security plan is ineffective without a means to manage, configure, and monitor the system to ensure that the security of the system is healthy and unaffected. It is also strategic in an effective security plan to have at the security administrator s disposal, the ability to address any changes or perform any incident response necessary for restoring the system back to its healthy state with little or no impact to the users. Therefore, Harris provides a variety of products from trusted third-party companies that have been tested and configured to work with our systems. Host-Based Security Management Harris offers McAfee s epolicy Orchestrator (epo), which is the only enterprise-class, open platform to centrally manage security for systems, networks, data, and compliance solutions. McAfee epo provides end-to-end visibility and powerful automations that slash incident response times, dramatically strengthens protection, and drives down the cost of managing security by allowing IT administrators to centrally manage industryleading security for systems, networks, data, and compliance solutions from McAfee and McAfee Security Innovation Alliance (SIA) partner portfolios. With McAfee epo, administrators share information, create escalation paths, and automate remediation tasks with the following capabilities: Future proof your security architecture to protect your organization from threats of today and tomorrow; real-time threat intelligence delivered from the cloud proactively protects your infrastructure; open platform facilitates rapid adoption of security innovations as new threat categories arise Orchestrate end-to-end security through a single point of reference for enterprise-wide visibility; epolicy Orchestrator leverages security data from multiple points across the enterprise, immediately surfacing issues that typically require days to investigate if using a siloed approach; identifies and prioritizes risks in seconds, so your teams can respond quickly and confidently Detect unmanaged assets and apply a range of policy based responses to rogue systems; epo correlates threat analysis, vulnerability data and countermeasure awareness from McAfee Labs and points across your security infrastructure to provide immediate risk assessment within your environment Integration within and between endpoints, networks, data, and compliance solutions reduces security gaps and management complexity Open APIs help you future-proof your se- 14 Harris Corporation

15 curity architecture by extending security management to include a large and growing ecosystem of certified product partners Closed-loop incident response with leading system management solutions including HP Service Desk and BMC Remedy provide faster response time and better visibility Rogue system detection identifies new systems that gain network access, enabling faster time to protection Integration with Active Directory simplifies role-based administration, and automates the addition of new systems requiring Security Centralized Control and Visibility enabling faster response times, and confidence in your security and compliance posture Single point of reference for enterprise security enables you to quickly identify and understand relationships between security events throughout your environment Web interface provides flexibility to manage security enterprise-wide Customizable dashboards, and user interface provide personalized views of the security status and trends Automated reports and dashboards provide clear, current role-based visibility into security status across the organization Role-based permissions ensure appropriate access and control for all administrators by product, region, and function and the enterprise-class architecture dramatically reduces costs with proven scalability Policy sharing across servers, and roll-up reporting reduces administrative time Network Infrastructure Management Harris s network infrastructure is built upon Cisco Products and therefore offers the CiscoWorks LAN Management Solution (LMS), which is a suite of powerful management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco based devices. It integrates these capabilities into a best-in-class solution for: Improving the accuracy and efficiency of the network operations staff Increasing the overall availability of the network by simplifying the configuration, and quickly identifying and fixing network problems Maximizes network security through integration with access control services, and auditing of network-level changes A centralized system for sharing device information across all LAN management applications, improving manageability, and increasing system wide awareness of network changes Network discovery, topology views, end-station tracking, and VLAN management Real-time network fault analysis with easyto-deploy device-specific, and best-practice templates Hardware and software inventory management, centralized configuration tools, and syslog monitoring Monitoring and tracking of network response time and availability Real-time device and link management, as well as port traffic management, analysis, and reporting A flexible Web portal for launching and navigating network management functionality A workflow engine that provides step-by-step wizards for system setup, and device troubleshooting Cyber and Information Assurance Products and Services 15

16 Securely transport log data to the LogLogic ST long-term archives Service-Oriented Architecture and API leverage SOAP and XML Automated data retention and deletion setting Network Intrusion Management & Monitoring Sourcefire provides a centralized and fully customizable management console that is the nerve center of the Sourcefire 3D System. The Sourcefire Defense Center correlates attacks with realtime network and user intelligence and centrally manages network security and operational functions, including event monitoring, incident prioritization, forensic analysis, and reporting, so that you can better protect your business. On top of the fully customizable user-tailored workflows, custom reports can be created in PDF, HTML, and CSV formats with pre-defined report templates. To improve response times and reduce down time, the security analyst can configure the system to send alerts in the form of messages or SNMP alerts. To ensure the confidentiality and integrity of the security events reported from the Sourcefire 3D sensors, the events are sent securely to the Defense Center for analysis and storage. The Defense Center is capable of collecting events from up to 100 sensors and handling a maximum of one hundred million events. Centralized Log Management To support auditing, detection, and accountability practices, Harris offers centralized Log Management capability with the LogLogic LX series, and the capability of long term storage with LogLogic ST series. These tools form the foundation for integrating the collection, normalization, and indexing of log information. In combination with the LogLogic ST Series your capabilities expand to allow simple, secure long-term log data retention by providing up to 70 terabytes of on-board compressed storage or infinite archives through NAS, SAN and WORM storage connectivity. LogLogic Series Features LogLogic LX Features Supports all editions of LogLogic Compliance and Control Suite Dynamic reports exportable as CSV, PDF, or HTML formats Logs are parsed, normalized, indexed and alrted on in real-time Automatically indentifies new log sources Support for Active Directory, RADIUS, and TACACS authentication Deploy in distributed or stand-alone architectures Service-Oriented Architecture and API leverage SOAP and XML Securely transport log data to the LogLogic ST long-term archives LogLogic ST Features Stores up to 70 terabytes worth of compressed log data on-board Log data compression and optional encryption of log data archives Stores a secure hash key in a separate location for tamper-proof log archives Forensic search and replay capabilities of ST data into LX appliance Connects to external SAN and NAS storage networks Certified support for leading WORM storage solutions Automated data retention and deletion setting 16 Harris Corporation Certified Products architectures Incident Response storage solutions Intrusion Detection Deploy in distributed or stand-alone Key Management Certified support for leading WORM Role-based Access Posture (Patch Management) and TACACS authentication storage networks (Network Firewall, Host Firewall) Support for Active Directory, RADIUS, Managing the Security Connects to external SAN and NAS

17 Continuity of Operations & Disaster Recovery During critical operations, Harris understands the importance of quickly recovering systems to bring the users and the system functionality back to full operational status. It was therefore important to find an enterprise backup solution that was effective, provided bare metal restore capability, and cost effective within Harris critical system infrastructure. Unitrends is an affordable and easy to use data protection solution focused on the needs of small and medium-sized companies with the enterprise-level power to grow as needed. Our appliances support: Entry-level desktop to redundant rack-mounted systems Over 100 versions of operating systems and applications supported Monitored and managed in a Web 2.0 single pane of glass user interface Scalable grid-based enterprise-level solution Adaptive Deduplication offers storage and in-flight-based data reduction D2D2x supports on-premise and cloud-based disaster recovery Private and public, single and multi-tenant cloud-based disaster recovery Flexible deployment options allow optimization for your environment Customer-obsessed service with a single company responsible for your warranty and support With Unitrends, customers are capable of expanding their system or adopting to new technology with a cost-effective solution that doesn t require forklift upgrades because the licensing is constructed such that it does not charge for features such as deduplication, per-protected client basis, multiple operating systems, multiple applications, multiple storage types, new software releases, or per-protected gigabytes. Security Information & Event Management Harris offers Security Event Management for the real-time advanced correlation and analysis of complex events generated from firewalls, IDS/ IPS, operating systems, databases, and applications. The LogLogic SEM Series allows for security analysts to quickly prioritize security incidents and mitigate threats by providing visibility of the most critical security incidents, and deep insight into the security posture of their IT infrastructure. Alerts provided by the SEM are easier to generate and edit using a unique, top-down security event schema that enables human language communication. ALERT! Cyber and Information Assurance Products and Services 17

18 network vulnerabilities that lead to exposure and malicious attacks. integrated security and threat management tools needed to effectively identify and remediate the (Configuration Management) Managing the Security Vulnerability Management A key element of ensuring that the system maintains a proper security posture is the periodic auditing of the vulnerabilities inherent in the system to ensure that new vulnerabilities are being addressed, and that previous closed vulnerabilities haven t resurfaced due to changes made to systems during normal business operations. Harris provides multiple options for the integrated security and threat management that assists with identification and remediation of vulnerabilities. This can be done by either individually scanning every asset on the system with a vulnerability manage- Vulnerability Management Tools Scanners Vender Product Highlight Foundstone Nessus Retina McAfee Tenable eeye Digital Secureity McAfee Foundstone Enterprise is a priority-based vulnerability management solution that enables you to mitigate risk by carefully balancing asset value, vulnerability severity, and threat criticality. Your organization can then direct valuable IT resources where they will have the greatest return, thereby improving its overall security health. The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. When managed by Tenable's SecurityCenter, Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks and the information is centralized for analysis and reporting. Retina Network Security Scanner is a professional-grade security solution with a lengthy track record of success and industry leadership. Retina contains all the integrated security and threat management tools needed to effectively identify and remediate the network vulnerabilities that lead to exposure and malicious attacks. 18 Harris Corporation Certified Products Incident Response and industry leadership. Retina contains all the Intrusion Detection security solution with a lengthy track record of success Key Management Role-based Access Retina Network Security Scanner is a professional-grade Posture (Patch Management) (Network Firewall, Host Firewall) Layered Defenses and reporting.

19 ment tool or automatically by a centralized appliance that is capable of scheduled scans, both of which Harris is willing to provide from industry leaders in the field: McAfee Foundstone, Retina, and/or Nessus. All these vulnerability management tools are used constantly in our test and development labs to constantly improve our security posture that are then released in our patch management solutions FX and SUMS 2.0. Physical & Environmental Security Environmental and Physical Security are a key stone to any security plan, and Harris has tools that are already present in every system we implement that are capable of improving your environmental and physical security situation. Two products that come provided with all LMR systems are the Network Sentry and Regional Network Manager (RNM), which are designed for alarm monitoring and reporting of critical LMR functions but are designed to handle a multitude of voltage and current control alarms. The Network Sentry comes standard at all RF Sites and can be used to monitor alarms or perform auxiliary voltage control functionality. The information collected from the Network Sentries is then forwarded to the RNM for centralized monitoring and alarm notification in a single color-coded graphical user interface with the capability of forwarding alerts of interest by SNMP or SMTP. The Maestro IP console also is capable of monitoring some simple alarms for dispatchers and supervisors to be kept aware of any important information, which could include: RF Power Failure Excessive VSWR Shelter Door Alarms Cabinet Door Alarms Line Power Failure UPS Power Failure Generator Failure Smoke Detector Humidity Detector HVAC Failure Low Generator Fuel Low Battery Cyber and Information Assurance Products and Services 19

20 20 Harris Corporation Copyright 2011 Harris Corporation ECR 7764