Next Generation Network Security Guide
|
|
- Sibyl Mason
- 8 years ago
- Views:
Transcription
1 Next Generation Network Security Guide
2 This expert e-guide explores the latest challenges in network security. First, learn how to deploy network security devices and how to avoid deployment failures. Next, get tips for evaluating network. Finally, explore the pros and of softwaredefined networking. John Burke, SearchSecurity.com Contributor The enterprise is exploding! Bits of it are winding up on mobile phones and tablets and dangling from Internet connections -- used as WAN links -- in the corner Starbucks and on Amtrak's Acela Express trains. This concept of the extended enterprise -- in which sensitive and valuable data often resides outside the traditional network perimeter -- poses an increasingly vexing problem for IT security organizations. To secure an organization against multi-modal and low-and-slow adaptive persistent threats, IT organizations are deploying a dizzying array of new network security devices: next-generation firewalls; IDS and IPS boxes; security information event management, or SIEM, systems; and advanced threatdetection systems. Ideally, these systems are managed in concert, in accordance with a central security policy, as part of a pervasive protection strategy. Common mistakes that organizations make when deploying these devices can severely hinder their ability to offer pervasive protection, however. This tip examines what to watch out for when planning the deployment of new network security devices and how to avoid the problems that can result in failed defense-in-depth. Page 1 of 12
3 Unlearn assumptions about security appliances The single biggest mistake is to assume that security appliances are themselves secure. This seems too obvious for words, but it's critical as a starting point. How secure is that "hardened" OS? How current is it? What about that "ultra-hardened" Web server it runs? Before you do anything else, create a test plan to validate that your network security devices are actually secure. Start with the basics: Are you delivering timely upgrades, patches and bug fixes to individual devices and to their supporting network, server and storage infrastructure? Check with clearinghouses such as the National Vulnerability Database that maintain current catalogues of known vulnerabilities, and make sure you regularly upgrade and patch your devices. Then move on to the harder stuff: regularly assess multi-device configurations for potential weaknesses. Putting an encryption system and application delivery optimization (ADO) device in the wrong sequence can leave data exposed, even when each device is working perfectly. This process can work in concert with regularly-scheduled penetration (pen) tests. Evaluate how you work with network security devices For any security device, the management/control channel is the greatest vulnerability. So pay attention to how you expect to configure and modify the security device -- and to who is allowed to do the configuration. If you expect to work with a security system via a Web browser, the security appliance is running a Web server and allowing Web traffic. Is that traffic encrypted? Is it on a standard port? Is it on the same port on every device (and, therefore, guessable by an intruder)? Is it accessible via a regular network connection (in-band) or a separate management network connection (out-of-band)? If it is in-band, then any machine that can send traffic across that interface can attack that appliance. If it is on a management network, at least, you only have to worry about the other things on that network. (And if it's configured via a serial port connection and a KVM solution, so much the better.) Your optimal scenario: Ensure that all configuration changes require encryption and multifactor authentication, if not direct physical access to the Page 2 of 12
4 device. And tightly track and control credentials for device administration so that only authorized users can gain admin rights. Contents Apply standard pen testing tools If you've taken the first two steps, you're off to a good start -- but you're not home free. Hacks, assaults and threat vectors tantly grow and evolve, and you need to regularly test your systems to ensure they're protected against recognized attacks, not just vulnerabilities. What's the difference between an attack and a vulnerability? An attack is an organized effort to exploit vulnerabilities. System vulnerabilities make an attack possible, but the existence of the attack raises the stakes -- the exploit has moved from the hypothetical to the real. Pen testing tools and services will tell you if your network security devices are vulnerable to attacks. Open source tools and frameworks -- Network Mapper, or Nmap, Nikto, Open Vulnerability Assessment System (OpenVAS) and Metasploit, for example -- have been around for many years. And, of course, there are multitudes of commercial tools from the likes of McAfee (an appliance to scan your appliance!) and Qualys. These tools are widely used to map out the ports on which a network device will respond to network traffic; record its responses to standard test packets; and with OpenVAS and Metasploit, test its vulnerability to common attacks (more kinds with the commercial versions). Other pen testing tools specifically focus on Web servers and applications, such as OWASP Zed Attack Proxy, or ZAP, and Arachni. By applying standard tools and techniques, and identifying vulnerabilities in security appliances -- SQL injection attacks via a management Web interface, for example -- you can build a clear picture of how the network security devices themselves need to be protected. Mitigate the risks when deploying network security devices Nothing is perfect and no system is invulnerable. Failing to take the proper precautions when deploying and configuring new network security devices Page 3 of 12
5 will introduce more risk into the environment. Take appropriate measures to protect the appliances that will defend the rest of your infrastructure, including commonsense precautions that often get overlooked: Change default passwords and account names. Disable unneeded services and accounts. Make sure underlying OSes and systems software are patched and up to date with manufacturer specs. Restrict access to the administrative interfaces of management networks; if that's not possible, use ACLs on upstream devices (switches and routers) to restrict where management sessions can originate. Revisit pen testing regularly, as attacks evolve. Tools such as OpenVAS and Metasploit have advanced to keep up, and the library of exploits they can use grows steadily. The bottom line? Having a pervasive protection strategy is just the beginning. To protect devices and data in today's increasingly perimeter-less world, you need three things: a pervasive protection strategy, the tools and technologies to implement the strategy -- and the policies and processes for ensuring those tools and technologies work in concert to maximize protection. All policies and processes need to take into account both the vulnerability of the network security devices themselves (individually and in concert), as well as the ever-changing landscape of attacks and threat vectors that exploit those vulnerabilities. About the author: John Burke is a principal research analyst at Nemertes Research, where he advises key enterprise and vendor clients, conducts and analyzes primary research, and writes thought-leadership pieces across a wide variety of topics. John leads research on virtual enterprise, focusing primarily on the virtual and mobile desktop, application delivery optimization, and management and orchestration tools for the virtualized data center and the cloud. Page 4 of 12
6 Contents Dave Shackleford, SearchSecurity.com Contributor Along with business units' and IT operations' steady push to virtualize data center servers and components comes a new conundrum for security professionals: how best to maintain adequate controls inside the virtual environment. Fortunately, there is now a new breed of mature network security options that encompass virtualization, with enhanced features that rival those of their physical counterparts. In this tip, we'll review key factors to ider when evaluating network. The first step (and arguably the most important one) in the evaluation process is to determine which would be a good fit for you and your organization. The following specific points can help to determine this: Cost. Cost is primarily a factor when weighing whether to replace existing network security technology that likely has limited or no virtualization security capabilities or augment or replace it with new virtual technology. Many vendors have pricing models for virtual platforms that license per hypervisor, per a certain number of virtual machines or per CPU. This may not only result in applying a totally different formula for evaluating the cost of the product, but also the incurrence of additional costs as virtualization use increases over time. Vendor viability. As with any vendor, make sure you do your homework. Some suppliers are more viable than others, and you should talk to their existing customers to see what they think of both the product and their relationship with the vendor. It's wise to scan the recent headlines for any news pertaining to vendors' executive leadership changes, funding announcements or acquisition rumors. Page 5 of 12
7 Native integration with hypervisor platforms. In looking at more technical iderations, most virtual security vendors focus on VMware as the market leader, but more technology companies support Microsoft Hyper-V, Citrix, KVM, and other platforms as well. If your organization has chosen a single virtualization platform vendor, then the security vendor evaluation process becomes easier; if several different virtualization platforms exist, then multiplatform support is a must. Management capabilities. Consider whether the virtual network appliance is easy to manage, whether it integrates into existing security oles, what type of remote access is available (SSH, for example) and whether the system provides granular role-based access. Performance impact and scalability. How much RAM and other resources does the virtual network appliance require? What are the average peak usage scenarios? Vendors should be able to supply some of this information. Architecture flexibility. How many virtual NICs/ports can the virtual firewall support? What kinds of rules are supported and at which protocol stack layers? Virtualization-specific features. What features are available to help control and protect virtual assets, ranging from the hypervisors to VMs? Speaking of features, there are a number that are good to look for, depending on the type of virtual firewall, switch or gateway you are interested in. One of the most important is API extensibility, allowing integration with orchestration platforms, automation environments and other vendors'. Many virtual firewalls today offer stateful inspection, intrusion detection capabilities, anti-malware features, and configuration and patch assessment and monitoring for the virtual infrastructure. Ensure the platform can perform both intra-vm (internal flows on the hypervisor) and inter-vm (between virtual machines and external networks) monitoring and filtering. Deep integration with the hypervisor environment, preferably at the kernel level, will improve performance and reduce overhead, as well. The ability to identify, monitor and control virtualization-specific traffic and dynamic VM Page 6 of 12
8 migration operations like vmotion should also be a priority when choosing one of these solutions. Contents Many options exist today, from both well-known vendors and startups. Juniper Networks offers its vgw (vgateway) series of virtual appliances, Cisco Systems has the Nexus 1000v virtual switch and ASA 1000v virtual firewall, and 5Nine Security Manager for Hyper-V offers anti-malware and traffic access controls for Microsoft environments. Most IDS/IPS vendors have virtual models, as well, including Sourcefire, McAfee, TippingPoint and others. SDN security pros and Matthew Pascucci In the technology industry, hype is a tant. This is no different with the upand-coming technology of software-defined networks. In this case, however, the hype is justified: SDN could change the network security landscape as we know it. Over the past couple of years, software-defined networking (SDN) has developed from merely an idea to a paradigm that large networking vendors are not only embracing, but also talking up as their model for future enterprise network management. This technology adds greater granularity, dynamics and manageability to networking, but brings up other concerns that should be seen from a security perspective. In this tip, we'll explain what SDN is and explore the network security pros and that enterprise networking and security pros need to know. A definition of software-defined networking To understand a few of the security benefits and downfalls of softwaredefined networking, let's take a quick tour of the technology. Softwaredefined networking is the ability to split the data plane from the control plane Page 7 of 12
9 in routers and switches. The control plane, which has historically been proprietary and known only to the vendors that developed them, would be open and controlled centrally with SDN while having commands and logic sent back down to the data planes of the hardware (routers or switches). This provides a view of the entire network and affords the ability to make changes centrally without a device-centric configuration on each router or switch. The ability to manage the control planes through open protocols such as the OpenFlow standard allows for precise changes to networks or devices that will increase the speed and security of the network. SDN security benefits Like everything else, there will be both benefits and concerns when implementing new technology. Let's review some of the benefits of softwaredefined networking: By having the free-moving network of SDN, engineers are able to change the rules by having a quick, high-level view into all areas of the network and being able to modify the network. This freedom and control also allows for better security of your systems. By having the ability to quickly limit and see inside the network from a centralized viewpoint, managers can make changes with efficiency. For example, if there were a malware outbreak within your network, with SDN and OpenFlow you'd be able to quickly limit the outbreak from one centralized control plane that would stop the traffic without having to access multiple routers or switches. Being able to quickly change things in the network enables managers to perform traffic shaping and QoS of packets in a more secure matter. This ability exists now, but the speed and efficiency doesn't exist and will limit the manager's ability when attempting to secure the network. SDN security concerns With innovative new technology come security concerns that could easily go overlooked. Let's take a look at a few security-related issues to be aware of when implementing SDN. The majority of software-defined networking security concerns are going to evolve around the controller itself. Page 8 of 12
10 The controller can be idered the brains of the switching/routing, which allows the control panel from each system to be centrally managed. Contents The largest SDN challenge for security managers is securing the controller at all costs. Now that the brains have been taken out of the routers or switches and replaced with the new controller, this device needs to be hardened and secured through the following steps: Knowing and auditing who has access to the controller and where it resides on the network is a big security concern. It's important to remember that access to the controller could potentially give complete control to an attacker, so it's vital that it is secured. Verify the security between the controller and end nodes (routers or switches) -- specifically that they're communicating over SSL to prevent any malicious intent from accessing the controller. As with anything else, if security isn't baked in from the start, it must be added later on, and it's always more difficult and expensive to do it that way. Make sure the security between the node and controller is configured properly. Verify that there is high availability in the controllers. Creating a business continuity effort for controllers is important because if they are lost, the ability to manage the network is also lost -- and equently, so are all the benefits of SDN and OpenFlow. Verify that everything that comes out of the system is logged. Since managers have control over the network centrally, log every change made and send it to the company's log management solution. When implementing SDN, verify that the organization's SIEM, IPS and any other filtering technology that might block or log changes is updated accordingly. Correlate the logs from the SIEM to alert the manager of changes. Tracking custom events with the SIEM on the control, like login failures and policy changes, will assist with the security of the system. Verify that the IPS isn't identifying any of this traffic as malicious. Configure the appropriate rules in the filtering systems to allow the controller to speak with the nodes when needed. Page 9 of 12
11 In conclusion, software-defined networking is an emerging technology that can allow for granular security by giving an administrator a complete view of the enterprise network. However, by giving the SDN controller centralized management over network nodes to push down changes to these systems, it becomes imperative that the security around this system is locked down. This system is the brains of SDN, and without proper security wrapped around it, the network becomes completely vulnerable to malicious attacks or accidental changes, both of which can take a network down. Now is the time for organizations to ensure that security is a primary ideration in the design, deployment and management of SDNs. About the author Matthew Pascucci is senior information security engineer at a large retail company where he leads the threat and vulnerability management program. He has written for various information security publications and spoken for many industry companies, and is heavily involved with his local InfraGard chapter. You can follow him on or check out his blog at Page 10 of 12
12 Free resources for technology professionals TechTarget publishes targeted technology media that address your need for information and resources for researching, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. Related TechTarget Websites Page 11 of 12
How to Develop Cloud Applications Based on Web App Security Lessons
Applications Based on Before moving applications to the public cloud, it is important to implement security practices and techniques. This expert E-Guide provides guidance on how to develop secure applications
More informationBenefits of virtualizing your network
While server virtulization can improve your infrastructure as a whole, it can affect. Extending virtualization to can eliminate any unnecessary impacts and allow you to maximize your virtual investment.
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationSoftware Defined Networking Goes Well Beyond the Data Center
Software Defined Goes Well Software Defined Goes Well Software-defined networking (SDN) is already changing the data center network, but now the technology could redefine other parts of the network, as
More informationA Guide to MAM and Planning for BYOD Security in the Enterprise
A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.
More informationBest Practices for Database Security
Database Security Databases contain a large amount of highly sensitive data, making database protection extremely important. But what about the security challenges that can pose a problem when it comes
More informationHyper-V 3.0: Creating new virtual data center design options Top four methods for deployment
Creating new virtual data center design options Top four for deployment New features of Hyper-V provide IT pros with new options for designing virtual data centers. Inside this e-guide, our experts take
More informationSolution Spotlight BEST PRACTICES FOR DEVELOPING MOBILE CLOUD APPS REVEALED
Solution Spotlight BEST PRACTICES FOR DEVELOPING MOBILE CLOUD APPS REVEALED T here s two ways you can build your mobile applications: native applications, or mobile cloud applications. Which option is
More informationE-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER
E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER E ach enterprise cloud service has different capabilities. This expert E-Guide deep dives into how to know what you re getting
More informationThe Do s and Don ts of Server Virtualization Back to basics tips for Australian IT professionals
The Do s and Don ts of Server Virtualization Back to basics tips for Australian IT professionals Virtualization is a well-established in today s IT environments, but it still remains a top priority among
More informationE-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT
E-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT F or many reasons, has become a critical issue for many IT organizations and enterprise s alike. With many licensing options, hurdles and
More informationHybrid cloud computing explained
computing explained A few years ago, the IT industry was focused on public cloud computing. Then after facing public cloud security issues, the focus shifted to private clouds. And now the focus has shifted
More informationE-Guide NETWORKING MONITORING BEST PRACTICES: SETTING A NETWORK PERFORMANCE BASELINE
E-Guide NETWORKING MONITORING BEST PRACTICES: SETTING A NETWORK PERFORMANCE BASELINE W hy the need for a baseline? A baseline is a set of metrics used in network performance monitoring to define the normal
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationE-Guide HOW THE VMWARE SOFTWARE DEFINED DATA CENTER WORKS: AN IAAS EXAMPLE
E-Guide HOW THE VMWARE SOFTWARE DEFINED DATA CENTER WORKS: AN IAAS EXAMPLE T he VMware software-defined data center turns virtualization into Infrastructure as a Service with automation and self-service.
More informationData warehouse software bundles: tips and tricks
Data software bundles: tips and tricks Data software bundles: Data The emergence of data appliances has broadened the potential uses of business intelligence (BI) and analytics within many organizations
More informationHow to Define SIEM Strategy, Management and Success in the Enterprise
How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationIs Your Data Safe in the Cloud?
Is Your Data Safe in the? Is Your Data Safe in the? : Tactics and Any organization likely to be using public cloud computing are also likely to be storing data in the cloud. Yet storing data in the cloud
More informationPreparing for the cloud: Understanding the infrastructure impacts Eight essential tips for a successful cloud migration
Eight essential tips for a successful How a The move to the cloud is happening and it s happening now. But before you jump start your cloud migration project, be sure you understand how to adequately prepare
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More informationSecuring the SIEM system: Control access, prioritize availability
The prospect of a SIEM system crash or compromise should scare any enterprise given the role it plays in an organization s security infrastructure. This expert E-Guide discusses the implications of a compromised
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationHow SSL-Encrypted Web Connections are Intercepted
Web Connections are Web Connections Are When an encrypted web connection is intercepted, it could be by an enterprise for a lawful reason. But what should be done when the interception is illegal and caused
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationHow To Protect A Virtual Desktop From Attack
Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationE-Guide UNDERSTANDING PCI MOBILE PAYMENT PROCESSING SECURITY GUIDELINES
E-Guide UNDERSTANDING PCI MOBILE PAYMENT PROCESSING SECURITY GUIDELINES I n this E-Guide, Mike Chapple; a Search- Security.com expert discusses the new PCI Mobile Payment Acceptance Security Guidelines
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationStreamlining the move to the cloud. Key tips for selecting the right cloud tools and preparing your infrastructure for migration
Streamlining the move to the cloud Key tips for selecting the right cloud tools and preparing your infrastructure for migration When planning for a, you must (1) carefully evaluate various cloud tools
More informationManaging Virtual Desktop Environments
Managing Virtual Desktop Environments Desktop virtualization can be extremely beneficial to a company's operating system environment. Yet while working through the virtualization planning process, IT professionals
More informationFive Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
More informationHow To Protect Your Online Backup From Being Hacked
Cloud Backup: Pros, Cons, and Cloud backup has taken the storage world by storm, and most IT professionals have given some serious thought to implementing it. But before you get started on your cloud backup
More informationA Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.
A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC September 18, 2014 Charles Sun www.linkedin.com/in/charlessun @CharlesSun_ 1 What is SDN? Benefits
More informationHOW TO SELECT THE BEST SOLID- STATE STORAGE ARRAY FOR YOUR ENVIRONMENT
E-Guide HOW TO SELECT THE BEST SOLID- STATE STORAGE ARRAY FOR YOUR ENVIRONMENT SearchSolidState Storage P erformance is the driving factor for the vast majority of companies considering a solid-state storage
More information5 ways to leverage the free VMware hypervisor Key tips for working around the VMware cost barrier
5 ways to leverage the free VMware Key tips for working around the VMware cost barrier While a free VMware virtualization setup only provides a limited list of features and functionalities, the shortcomings
More informationThe State of Desktop Virtualization in 2013: Brian Madden analyzes uses cases, preferred vendors and effective tools
The State of Desktop Virtualization in 2013: Brian Madden analyzes uses cases, preferred vendors and effective tools Why have virtual desktops been positioned as a cure-all for many of today s endpoint
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More information3 common cloud challenges eradicated with hybrid cloud
3 common cloud eradicated 3 common cloud eradicated Cloud storage may provide flexibility and capacityon-demand benefits but it also poses some difficult that have limited its widespread adoption. Consequently,
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationCloud Storage: Top Concerns, Provider Considerations, and Application Candidates
Cloud Storage: Top Concerns, Provider Considerations, and Application Candidates As cloud technology and deployment models become increasingly sophisticated, once-wary storage professionals are plunging
More informationE-Guide VIDEO CONFERENCING SOFTWARE AND HARDWARE: HYBRID APPROACH NEEDED
E-Guide VIDEO CONFERENCING SOFTWARE AND HARDWARE: HYBRID APPROACH NEEDED M obility spurs video conferencing software need; users want software-and cloud-based offerings to interoperate with their legacy
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationAdvanced analytics key component for decision management systems
decision management In the last 20 to 30 years, companies have faced significant changes in how they perform their day-to-day operations, and so have the analytics used to make decisions. In this Q&A Tip
More informationSecuring the Intelligent Network
WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.
More informationI D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!
I D C T E C H N O L O G Y S P O T L I G H T S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! December 2014 Adapted from Worldwide Endpoint Security 2013 2017 Forecast and 2012 Vendor Shares by
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationE-Guide BEST PRACTICES FOR CLOUD BASED DISASTER RECOVERY
E-Guide BEST PRACTICES FOR CLOUD BASED DISASTER RECOVERY and mean for F or IT managers, has always been high priority, however the new IT landscape and increased deployment of cloud has complicated the
More informationSDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network
SDN AND SECURITY: Why Take Over the s When You Can Take Over the Network SESSION ID: TECH0R03 Robert M. Hinden Check Point Fellow Check Point Software What are the SDN Security Challenges? Vulnerability
More informationPICO Compliance Audit - A Quick Guide to Virtualization
WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization
More informationCONTENTS. PCI DSS Compliance Guide
CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationCLOUD APPLICATION INTEGRATION AND DEPLOYMENT MADE SIMPLE
E-Guide CLOUD APPLICATION INTEGRATION AND DEPLOYMENT MADE SIMPLE SearchCloud Applications C loud application integration and continue to be some of the top for software developers. In this e-guide, learn
More informationThe first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V
The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V #1 Hyper-V Security The first agentless Security, Virtual Firewall, Anti-Malware
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More informationMDM features vs. native mobile security
vs. : Mobile device management or MDM plays a critical role in, but should always trump native security features of mobile devices? Lisa Phifer weighs in on how to choose the best approach for your workforce.
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationTrend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION
SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationMaking the Case for Open Source Controllers
White Paper Making the Case for Open Source Controllers Prepared by Roz Roseboro Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.brocade.com September 2014 Introduction Telcos face
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationSilver Peak s Virtual Acceleration Open Architecture (VXOA)
Silver Peak s Virtual Acceleration Open Architecture (VXOA) A FOUNDATION FOR UNIVERSAL WAN OPTIMIZATION The major IT initiatives of today data center consolidation, cloud computing, unified communications,
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationManaging Data Center Growth Explore Your Options
Managing Growth Explore Your Options Managing Growth: Managing The increasing demand on data centers has forced many IT managers to look for new ways to manage data center growth, either by consolidating,
More informationVirtualization backup tools: How the field stacks up
tools: How the field Searching for the right virtual backup tools can be a grueling process. While there are plenty of available options, you must make sure to select the most effective products for a
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More informationRethink defense-in-depth security model
e-guide E-Guide Rethink defense-in-depth By Mike Rothman Rethink defense-in-depth T oday s endpoint security modevl is failing. What s next? Learn why endpoint defense-in-depth controls must assume the
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationCloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum 2012-04-05 HUAWEI TECHNOLOGIES CO., LTD.
2012-04-05 Cloud Security Securing what you can t touch www.huawei.com www.huawei.com Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD. Why worry about cloud security?
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationNetwork Security Demonstration - Snort based IDS Integration -
Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and
More information