Scalable Secure Remote Access Solutions

Size: px
Start display at page:

Download "Scalable Secure Remote Access Solutions"

Transcription

1 Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant Scott Friberg Solutions Architect Cisco Systems, Inc. Jeffrey A. Shearer, CISSP, PMP Principal Security Consultant Rev 5058-CO900C Copyright 2012 Rockwell Automation, Inc. All rights reserved.

2 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations

3 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Reference Material

4 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Reference Material Verticals/CPwE/CPwE_chapter6.html

5 Reference Material Publications numbers 1783-in005_-en-p.pdf 1783-um003_-ene.pdf Copyright 2012 Rockwell Automation, Inc. All rights reserved.

6 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Reference Material Buy and read operating system reference materials Invest in yourself

7 Copyright 2012 Rockwell Automation, Inc. All rights reserved. What is remote access? In order to answer this question you need to define the requirements What problems are you trying to solve and identify who has the problem? Requirements generation makes the designer consider Users / User Personas Problem Statements (i.e. what problem are we trying to solve?) Use Cases Users / User Personas Problem Statements Use Cases OEM, System Integrator Engineering Help Maintenance Troubleshoot Use Case : Remote Access from Hotel Room An OEM, SI Engineer is in a hotel and must help the customer troubleshoot a PLC or HMI program. The engineer uses the hotel internet connection and connects security to the machine at the customer site and is able to view PLC or HMI code.

8 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 8 Remote Access Requirements (1) Required to view a machine s ControlLogix processor from a hotel room to help troubleshoot the system OEM, SI, Engineer Factory Processing Filling Material Handling

9 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 9 Remote Access Requirements (2) Required to transfer a file containing ControlLogix code from a laptop to a manufacturing workstation. OEM, SI, Engineer Factory Processing Filling Material Handling

10 Remote Access Requirements (3) View manufacturing data from FactoryTalk VantagePoint to decision makers who are located in the enterprise (office) zone Data Center FactoryTalk Processing Filling Material Handling VantagePoint Server Copyright 2012 Rockwell Automation, Inc. All rights reserved.

11 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Copy 11 Remote Access Challenges Industrial Automation and Control System (IACS) applications are often managed by plant personnel, while enterprise-level remote access solutions such as VPNs are the responsibility of the IT organization. Remote access can expose critical IACS applications to viruses, malware and other risks that may be present when using remote or partner computers, potentially impacting manufacturing Limiting the accessibility to only functions that are appropriate for remote users

12 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations

13 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Controlling Access to the Manufacturing Zone Level 5 Level 4 , Intranet, etc. Router Enterprise Network Site Business Planning and Logistics Network Enterprise Zone Terminal Services Patch Management AV Server Historian Mirror Web Services Operations Application Server Firewall Web CIP DMZ Level 3 FactoryTalk Application Server FactoryTalk Directory Engineering Workstation Domain Controller Firewall Site Manufacturing Operations and Control Manufacturing Zone Level 2 Level 1 FactoryTalk Client Batch Control Operator Interface Discrete Control FactoryTalk Client Drive Control Engineering Workstation Continuous Process Control Operator Interface Safety Control Area Supervisory Control Basic Control Cell/Area Zone Level 0 Sensors Drives Actuators Robots Process No Direct Traffic Flow from Enterprise to Manufacturing Zone

14 Copyright 2012 Rockwell Automation, Inc. All rights reserved. High Level Architecture Review Remote access involves cooperation between: Enterprise Zone Information Technologies (IT) and infrastructure of the facility Automation Demilitarized Zone (Automation DMZ) To design it requires knowledge of data that must move from the plant to enterprise systems Manufacturing Zone Cell and Area devices Industrial Protocols

15 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Enterprise Zone Enterprise Zone Levels 4 & 5 owned by Information Technologies (IT) Traditionally some VLAN s in place Campus to Campus communications IT knowledgeable with routing and firewalls IT will provide VPN Services for remote access You need to work with the IT personnel to get access to the DMZ

16 Automation DMZ Automation DMZ Shared ownership by IT and Manufacturing professionals Designed to replicate services and data Remote Access Services (Terminal Services) located here Typically IT owns firewalls IT configures the switches on behalf of Manufacturing professionals Manufacturing professionals own DMZ terminal servers, application servers, patch management servers Copyright 2012 Rockwell Automation, Inc. All rights reserved.

17 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Manufacturing Zone Divide plant into functional areas for secured access ISA-SP99 Zones and Conduit model OEM s / System Integrator / Engineering Participation Required IP Address VLAN ID s Access layer to Distribution layer cooperation System design requires full cooperation of all asset owners

18 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations

19 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Demilitarized Zone (DMZ) Sometimes referred to a perimeter network that exposes an organizations external services to an untrusted network. The purpose of the DMZ is to add an additional layer of security to the trusted network Internet UNTRUSTED Web Proxy BROKER DMZ TRUSTED

20 DMZ Topology Firewall(s) Enterprise Interface DMZ Interface Manufacturing Interface Firewalls are used to block or allow access to devices on these interfaces based on a set of rules There will be assets like switches and servers that are part of the DMZ Copyright 2012 Rockwell Automation, Inc. All rights reserved. Copy 20

21 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations

22 22 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Technologies Allows user to remotely view and control another computer. The user will see the remote computer s screen while sending keystrokes and mouse movements to the remote computer. Two options of Remote Desktop Technologies being discussed today Option 1 Host a Remote Desktop Session from the Cisco Firewall Option 2 Host a Remote Desktop Session from a Microsoft Windows Server 2008 R2 Computer Option 1 Remote Desktop Client Remote Desktop Client Option 2 Firewall: Secure RDP Session Host MS 2008 R2 Secure RDP Session Host Remote Desktop Remote Desktop

23 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Protocol Via Cisco Firewall Remote Desktop Gateway functionality hosted from the Cisco ASA Firewall Same user experience as Microsoft Remote Desktop Gateway Configure Firewall to host the RDP session Come to AF Network & Security Booth to see how well this solution works.

24 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved.

25 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved.

26 Remote Desktop Protocol Via Cisco Firewall Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

27 Remote Desktop Protocol Via Cisco Firewall Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

28 Remote Desktop Protocol Via Cisco Firewall Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

29 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Protocol Via Cisco Firewall Connect to the outside of the Cisco firewall via a web browser (SSL) session by opening a web browser. Continue to inside assets via Remote Desktop Protocol

30 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved. 30

31 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved.

32 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Gateway Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2. Enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users and internal network resources

33 Remote Access via Remote Desktop Gateway (HTTPS) Copyright 2012 Rockwell Automation, Inc. All rights reserved.

34 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Session Host CALs Anyone who wants to connect to a Remote Desktop Session Host (Terminal Server) must have a Client Access License (CAL) Consult Microsoft to Validate your CAL questions

35 Remote Access Demo: Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved.

36 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Gateway Configuration Add Remote Desktop Role Connection Authorization Policies (Users) Resource Authorization Policies (Computers) Export / Import Certificates

37 Remote Desktop Gateway Configuration Copyright 2012 Rockwell Automation, Inc. All rights reserved. 37

38 Remote Desktop Gateway Configuration Copyright 2012 Rockwell Automation, Inc. All rights reserved. 38

39 Remote Access Demo : Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved. 39

40 Remote Access Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 40

41 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations

42 Secured File Transfer: Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved.

43 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 43 Secured Shell (SSH) Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network This demo is running OpenSSH server on Linux You can use an SSH server on Windows as well

44 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 44

45 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 45

46 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 46

47 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 47

48 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 48 Reverse Web Proxy Evolution Website servers required protection from web users without depriving them of those services. In the summer of 1996, the Apache HTTP project wrote an add-on module in the Apache 1.1 web server Retrieves resources on behalf of a client from one or more servers. Hide the existence and characteristics of the origin server(s). Internet Pre 1996 Post 1996 Reverse Router Proxy Web Server Web Server

49 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 49 Reverse Web Proxy During the early years of the Internet, website administrators recognized the need to prevent their servers from being accessible to web users without depriving them of those services. In the summer of 1996, the Apache HTTP project wrote an add-on module called mod_proxy in the Apache 1.1 web server that allowed it to act like a reverse proxy server. A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though it originated from the reverse proxy itself. Reverse proxies can hide the existence and characteristics of the origin server(s).

50 Reverse Web Proxy: Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved. 50

51 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 51 Summary Remote Access involves requirements generation Identifying users and support systems that require access from the enterprise to the manufacturing zone Identifying data flow, source and destination for firewall rule creation Often times minimal remote access strategies involving visibility and file transfer DMZ s for separation of enterprise and manufacturing zones recommended Security must be part of remote access design

52 Thank you for participating! Please remember to tidy up your work area for the next session. We want your feedback! Please complete the session survey! Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn. Rev 5058-CO900C Copyright 2012 Rockwell Automation, 52 Inc. All rights reserved.

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

Simplifying the Transition to Virtualization TS17

Simplifying the Transition to Virtualization TS17 Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation

More information

Das sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen

Das sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen Das sollte jeder ITSpezialist über Automations- und Produktionsnetzwerke wissen Frank Schirra, Rockwell Automation Solution Architect Edi Truttmann, Cisco Systems Network Solution Sales Specialist 2012

More information

Securing The Connected Enterprise

Securing The Connected Enterprise Securing The Connected Enterprise Pack Expo 2015 Las Vegas Chelsea An Business Development Lead, Network & Security PUBLIC Copyright 2015 Rockwell Automation, Inc. All Rights Reserved. 8 Connected Enterprise

More information

AUP28 - Implementing Security and IP Protection

AUP28 - Implementing Security and IP Protection AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Computer System Security Updates

Computer System Security Updates Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),

More information

Network Security Trends & Fundamentals of Securing EtherNet/IP Networks

Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"

More information

The Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015

The Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects

More information

T46 - Integrated Architecture Tools for Securing Your Control System

T46 - Integrated Architecture Tools for Securing Your Control System T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright

More information

Virtualization In Manufacturing Industries. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

Virtualization In Manufacturing Industries. Copyright 2012 Rockwell Automation, Inc. All rights reserved. Virtualization In Manufacturing Industries Rev 5058-CO900C What is Virtualization? Traditionally the OS and its applications were tightly coupled to the hardware they were installed on Virtualization breaks

More information

Achieving Secure, Remote Access to Plant-Floor Applications and Data

Achieving Secure, Remote Access to Plant-Floor Applications and Data Achieving Secure, Remote Access to Plant-Floor Applications and Data Abstract To increase the flexibility and efficiency of production operations, manufacturers are adopting open networking standards for

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common

More information

Production Software Within Manufacturing Reference Architectures

Production Software Within Manufacturing Reference Architectures Production Software Within Manufacturing Reference Architectures Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard Ethernet for manufacturing

More information

Extending FactoryTalk View Site Edition with Microsoft's Remote Desktop Services

Extending FactoryTalk View Site Edition with Microsoft's Remote Desktop Services Extending FactoryTalk View Site Edition with Microsoft's Remote Desktop Services FactoryTalk View Site Edition Lab PUBLIC INFORMATION A View for Every Manufacturing Scenario FactoryTalk View Machine Edition

More information

AUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)

AUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) AUP28 Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) Clive Barwise, Rockwell Automation European Product Manager Networks and Security

More information

REFERENCE ARCHITECTURES FOR MANUFACTURING

REFERENCE ARCHITECTURES FOR MANUFACTURING Synopsis Industry adoption of EtherNet/IP TM for control and information resulted in the wide deployment of standard Ethernet in manufacturing. This deployment acts as the technology enabler for the convergence

More information

PR03. High Availability

PR03. High Availability PR03 High Availability Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process) Agenda Overview Controllers & I/O Software

More information

Securing the Connected Enterprise

Securing the Connected Enterprise Securing the Connected Enterprise Doug Bellin, Cisco Amadou Diaw, Rockwell Automation 2 The Internet of Things (IoT) Continuing Trend in Industrial Applications More Things are gaining the ability to communicate

More information

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks

More information

InTouch Access Anywhere

InTouch Access Anywhere InTouch Access Anywhere InTouch Access Anywhere is the latest capability of InTouch, enabling you to gain more out of your existing assets and resources. We unlock the value of your existing plant data

More information

Why a Reverse Proxy with My Instant Communicator for mobiles??

Why a Reverse Proxy with My Instant Communicator for mobiles?? Why a Reverse Proxy with My Instant Communicator for mobiles?? INTEGRATED COMMUNICATION SYSTEMS 8AL020043359DRARA, February 2010 What is OmniTouch 8600 My Instant Communicator? Is an aggregator of all

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use TMG network templates Abstract In this article I will show

More information

DMZ Network Visibility with Wireshark June 15, 2010

DMZ Network Visibility with Wireshark June 15, 2010 DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ

More information

Virtualized System Reduces Client s Capital and Maintenance Costs

Virtualized System Reduces Client s Capital and Maintenance Costs Virtualized System Reduces Client s Capital and Maintenance Costs Insert Photo Here Steve Malyszko, P. E. President Steve Schneebeli Lead Systems Engineer Rockwell Automation Process Solutions User Group

More information

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

T07 - Talking to IT about Secure Remote Access

T07 - Talking to IT about Secure Remote Access T07 - Talking to IT about Secure Remote Access PUBLIC INFORMATION Rev 5058-CO900E Why is Secure Remote Access Important? What s Driving the Need? 3 The Modern Enterprise Global Locations, Partners & Suppliers

More information

Process Control Networks Secure Architecture Design

Process Control Networks Secure Architecture Design Process Control Networks Secure Architecture Design Guest Speaker Robert Alston Principle Lead Network and Security Consultant Over 25 years network experience including design, implementation, troubleshooting

More information

s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,

More information

Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application

Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application By: Josh Matson Various Time Synchronization Protocols From the earliest days of networked

More information

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com STERLING SECURE PROXY Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com Agenda Terminology Proxy Definition Sterling Secure Proxy Overview Architecture Components Architecture Diagram

More information

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware. VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.com) Copyright 2008 EMC Corporation. All rights reserved. Agenda

More information

Securing the Connected Enterprise

Securing the Connected Enterprise Securing the Connected Enterprise ABID ALI, Network and Security Consultant. Why Infrastructure Matters Rapidly Growing Markets Global Network Infrastructure and Security Markets 13.7% CAGR over the next

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Scalable, Secure Remote Monitoring Solutions Stay a step ahead by remotely monitoring your critical assets

Scalable, Secure Remote Monitoring Solutions Stay a step ahead by remotely monitoring your critical assets Scalable, Secure Remote Monitoring Solutions Stay a step ahead by remotely monitoring your critical assets PUBLIC PUBLIC - 5058-CO900G Why Is This Important? What s Driving This Need? Customer Impact It

More information

WW HMI SCADA-08 Remote Desktop Services Best Practices

WW HMI SCADA-08 Remote Desktop Services Best Practices Slide 1 WW HMI SCADA-08 Remote Desktop Services Best Practices Steven L. Weygandt Portfolio Product Manager - Device Integration /Wonderware social.invensys.com @InvensysOpsMgmt / #SoftwareRevolution /InvensysVideos

More information

Securing Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014

Securing Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 Securing Manufacturing Control Networks Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 As Internet-enabled technologies such as cloud and mobility grow, the need to understand the potential

More information

Associate in Science Degree in Computer Network Systems Engineering

Associate in Science Degree in Computer Network Systems Engineering Moorpark College Associate in Science Degree in Computer Network Systems Engineering To earn an Associate in Science Degree with a major in Computer Network Systems Engineering, students complete 40.5-45

More information

Scalable Secure Remote Access Solutions for OEMs

Scalable Secure Remote Access Solutions for OEMs Scalable Secure Remote Access Solutions for OEMs Introduction Secure remote access to production assets, data, and applications, along with the latest collaboration tools, provides manufacturers with the

More information

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM Testing New Applications In The DMZ Using VMware ESX Ivan Dell Era Software Engineer IBM Agenda Problem definition Traditional solution The solution with VMware VI Remote control through the firewall Problem

More information

Information Technology Security Guideline. Network Security Zoning

Information Technology Security Guideline. Network Security Zoning Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning

More information

Network Configuration Settings

Network Configuration Settings Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

SANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises

SANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises SANS Technology Institute Group Discussion/Written Project The Rapid Implementation of IPv6 at GIAC Enterprises 12/9/2010 Stacy Jordan Beth Binde Glen Roberts Table of Contents Executive Summary 3 Background

More information

FactoryTalk Historian Site Edition Architectures and Design Considerations

FactoryTalk Historian Site Edition Architectures and Design Considerations FactoryTalk Historian Site Edition Architectures and Design Considerations PUBLIC INFORMATION Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. Agenda Related Sessions FactoryTalk Historian

More information

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home. Remote Desktop Gateway Accessing a Campus Managed Device (Windows Only) from home. Contents Introduction... 2 Quick Reference... 2 Gateway Setup - Windows Desktop... 3 Gateway Setup Windows App... 4 Gateway

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection

More information

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Fundamentals of Windows Server 2008 Network and Applications Infrastructure Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure

More information

CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions

CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions Overview The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure,

More information

ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions

ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions Network Segmentation Methodology Application Guide ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions By Josh Matson and Gregory

More information

Secure Remote Support

Secure Remote Support Secure Remote Support - Monitor, Manage, Configure remote assets - Cloud Based Data Collection Tom Peshek Program Manager Remote Services and Support - 5058-CO900G Remote Monitoring and Diagnostics Value

More information

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

Ease Server Support With Pre-Configured Virtualization Systems

Ease Server Support With Pre-Configured Virtualization Systems Ease Server Support With Pre-Configured Virtualization Systems Manufacturers and industrial production companies are increasingly challenged with supporting the complex server environments that host their

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

Les clés de l Ethernet Industriel : Comment se faire comprendre par votre département I.T.

Les clés de l Ethernet Industriel : Comment se faire comprendre par votre département I.T. Les clés de l Ethernet Industriel : Comment se faire comprendre par votre département I.T. Alexis Malchair, Business Development Manager, Internet of Things Group March 2015 IoT Is Here Now and Growing!

More information

Redesigning automation network security

Redesigning automation network security White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure Course 20413C: Designing and Implementing a Server Infrastructure Course Details Course Outline Module 1: Planning Server Upgrade and Migration This module explains how to plan a server upgrade and migration

More information

Building Secure Networks for the Industrial World

Building Secure Networks for the Industrial World Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data

More information

Stratix 5700 Network Address Translation. Quick Start

Stratix 5700 Network Address Translation. Quick Start Stratix 5700 Network Address Translation Quick Start Important User Information Solid state equipment has operational characteristics differing from those of electromechanical equipment. Safety Guidelines

More information

Network Security Guidelines. e-governance

Network Security Guidelines. e-governance Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

VoIP Telephony Network Security Considerations TR41.4.4 01-11-018. Title: VoIP Telephone Network Security Architectural Considerations

VoIP Telephony Network Security Considerations TR41.4.4 01-11-018. Title: VoIP Telephone Network Security Architectural Considerations VoIP Telephony Network Security Considerations TR41.4.4 01-11-018 Standards Project: PN-3-4462-URV Title: VoIP Telephone Network Security Architectural Considerations Source: 170 West Tasman Dr. San Jose,

More information

INTRODUCTION TO VMWARE PRODUCT SUITE: VIRTUALIZATION SOLUTIONS

INTRODUCTION TO VMWARE PRODUCT SUITE: VIRTUALIZATION SOLUTIONS explore EXPO INTRODUCTION TO VMWARE PRODUCT SUITE: VIRTUALIZATION SOLUTIONS Jim Lass, Information Solutions Manager, Van Meter Inc. Jason Sinclair, IT Systems Engineer, Van Meter Inc. explore EXPO Agenda

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS. Single Computer running I m InTouch with a DSL or Cable Modem Internet Connection

DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS. Single Computer running I m InTouch with a DSL or Cable Modem Internet Connection DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS Introduction I m InTouch is a personal remote access application that allows a user to access the data on his or her PC from a remote location,

More information

Ignify ecommerce. Item Requirements Notes

Ignify ecommerce. Item Requirements Notes wwwignifycom Tel (888) IGNIFY5 sales@ignifycom Fax (408) 516-9006 Ignify ecommerce Server Configuration 1 Hardware Requirement (Minimum configuration) Item Requirements Notes Operating System Processor

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE MODULE 1: PLANNING SERVER UPGRADE AND MIGRATION This module explains how to plan a server upgrade and migration strategy. Considerations

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

ALABAMA CENTRALIZED E-MAIL (ACE) PROJECT SUMMARY

ALABAMA CENTRALIZED E-MAIL (ACE) PROJECT SUMMARY ALABAMA CENTRALIZED E-MAIL (ACE) PROJECT SUMMARY E-mail is a mission-critical application that business and government organizations expect to be secure, reliable and available at all times. The State

More information

Network System Design Lesson Objectives

Network System Design Lesson Objectives Network System Design Lesson Unit 1: INTRODUCTION TO NETWORK DESIGN Assignment Customer Needs and Goals Identify the purpose and parts of a good customer needs report. Gather information to identify network

More information

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS SECURING NETWEAVER DEPLOYMENTS A RSACCESS WHITE PAPER SECURING NETWEAVER DEPLOYMENTS 1 Introduction 2 NetWeaver Deployments 3 Safe-T RSAccess Overview 4 Securing NetWeaver Deployments with Safe-T RSAccess

More information

Common Remote Service Platform (crsp) Security Concept

Common Remote Service Platform (crsp) Security Concept Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry

More information

Secure Web Appliance. Reverse Proxy

Secure Web Appliance. Reverse Proxy Secure Web Appliance Reverse Proxy Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About Reverse Proxy... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...

More information

Building a Reporting and Analytics System Connected Enterprise Seminar

Building a Reporting and Analytics System Connected Enterprise Seminar Manufacturing Intelligence, de stuwende kracht om in een Connected Enterprise snel accurate beslissingen te nemen om de bedrijfsprestaties te optimaliseren. Building a Reporting and Analytics System Connected

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

About Network Data Collector

About Network Data Collector CHAPTER 2 About Network Data Collector The Network Data Collector is a telnet and SNMP-based data collector for Cisco devices which is used by customers to collect data for Net Audits. It provides a robust

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Lesson 5: Network perimeter security

Lesson 5: Network perimeter security Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide

More information

Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure Page 1 of 7 Overview This 5-day instructor-led course provides you with the skills and knowledge needed to plan, design, and deploy a physical and logical Windows Server 2012 Active Directory Domain Services

More information

Filtering remote users with Websense remote filtering software v7.6

Filtering remote users with Websense remote filtering software v7.6 Filtering remote users with Websense remote filtering software v7.6 Websense Support Webinar April 2012 Websense 2012 Webinar Presenter Greg Didier Title: Support Specialist Accomplishments: 9 years supporting

More information

SSL VPN A look at UCD through the tunnel

SSL VPN A look at UCD through the tunnel SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within

More information

Avaya TM G700 Media Gateway Security. White Paper

Avaya TM G700 Media Gateway Security. White Paper Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

EXAM - 70-980. Recertification for MCSE: Server Infrastructure. Buy Full Product. http://www.examskey.com/70-980.html

EXAM - 70-980. Recertification for MCSE: Server Infrastructure. Buy Full Product. http://www.examskey.com/70-980.html Microsoft EXAM - 70-980 Recertification for MCSE: Server Infrastructure Buy Full Product http://www.examskey.com/70-980.html Examskey Microsoft 70-980 exam demo product is here for you to test the quality

More information

Avaya G700 Media Gateway Security - Issue 1.0

Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

Firewall Environments. Name

Firewall Environments. Name Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

800xA Smart Client Frequently Asked Questions

800xA Smart Client Frequently Asked Questions 800xA Smart Client Frequently Asked Questions Table of Contents Click section title to jump to topic area General information and licensing requirements Security Applications PC and operating system requirements

More information