CYBER SECURITY FOR VIRTUAL AND CLOUD ENVIRONMENTS
|
|
- Linda McKenzie
- 8 years ago
- Views:
Transcription
1 CYBER SECURITY FOR VIRTUAL AND CLOUD ENVIRONMENTS August 2011 Rev. A 08/11
2 SPIRENT 1325 Borregas Avenue Sunnyvale, CA USA Web: AMERICAS SPIRENT EUROPE AND THE MIDDLE EAST +44 (0) ASIA AND THE PACIFIC Spirent. All Rights Reserved. All of the company names and/or brand names and/or product names referred to in this document, in particular, the name Spirent and its logo device, are either registered trademarks or trademarks of Spirent plc and its subsidiaries, pending registration in accordance with relevant national laws. All other registered trademarks or trademarks are the property of their respective owners. The information contained in this document is subject to change without notice and does not represent a commitment on the part of Spirent. The information in this document is believed to be accurate and reliable; however, Spirent assumes no responsibility or liability for any errors or inaccuracies that may appear in the document.
3 CONTENTS EXECUTIVE SUMMARY... 1 BACKGROUND... 2 Under Cyber Security... 2 Increasing Importance of Cyber Security... 2 Responsibility for Cyber Security... 3 CYBER SECURITY THE BUSINESSPERSPECTIVE... 3 Financial Impact... 3 Security Disasters... 4 Cost Tradeoffs Security Is An Optimization Problem... 4 SECURITY THREATS ARE REAL... 5 Security Breaches Are All To Common... 5 Network, Virtirtualization and Cloud Security... 6 Network Security... 6 Virtualization and Cloud Computing... 6 IT Leaders Must Take Action CYBER SECURITY A CLOSER LOOK... 7 Virtualization and Cloud Computing SPIRENT WHITE PAPER i
4 CONTENTS OVERCOMING THE CHALLENGES Designing for Security... 8 PASS Testing Methodology Choosing a Test Solution... 9 CONCLUSIONS ii SPIRENT WHITE PAPER
5 EXECUTIVE SUMMARY Cyber threats are one of the greatest risks faced by IT organizations today. While government organizations are increasingly involved in cyber security, individual IT organizations still have responsibility for protecting their own assets. Without action, IT organizations of all types risk becoming victims of expensive and damaging cyber attacks. Cyber security is not just a technical problem, it is a business problem. Networks serve as a key control point for cyber security, providing an access path for both inside and outside attacks. Yet networks are not easy to secure. They are complex, require careful configuration and are subject to human errors. They must also maintain a degree of openness while protecting against threats. Over recent years, the use of virtualization technologies and cloud services has increased dramatically. Like all new technologies, virtualization and cloud computing introduce some new security concerns. For example, gaining access to the hypervisor in a multi-tenant environment would expose a number of virtual machines from different tenants at the same time. Unfortunately, even with higher and higher spending, there is no way to absolutely guarantee cyber security. In fact there is a hidden risk with extremely high levels of security. So many security measures can be applied that it can become difficult to keep an organization running smoothly. If no one can access systems, including legitimate users, the security solution is clearly not working correctly. Similarly, if security measures make performance unacceptable, security is again not achieving its objectives. Cyber security cannot be addressed in isolation. It must consider other variables and test them together in order to ensure an optimal solution. This process is called PASS testing since it includes performance, availability, security and scalability testing. In order to validate cyber security including PASS testing a proper testing system must be selected and used. The following criteria should be considered when choosing a security test solution for virtual and cloud computing environments: PASS testing The test solution should support all aspects of PASS and should also provide automation, advanced testing features and support for the latest network and data center technologies. Design independence The test solution should work with all types of security designs. It should not matter whether a centralized design based primarily on hardware is chosen, or a distributed design with virtual appliances is used. Mixed traffic and encryption The test solution must be able to generate encrypted traffic such as IPsec VPN and SSL VPN traffic. It should also be able to send secure and attack traffic from the same port and measure performance while sending that traffic. Physical and virtual support The test solution must work on both physical and virtual infrastructure and test traffic between VMs within same server. Test engineers need solutions that allow them to place test code behind virtual firewalls, allowing one of the VMs to act as a test port. SPIRENT WHITE PAPER 1
6 BACKGROUND Understanding Cyber Security Modern society simply does not function without operational food, water, power and transportation systems. The same has become true for cyberspace, the globally interconnected network of information technology infrastructures, including the Internet, telecommunications networks and computer systems. In fact, almost every economic, social and political activity in the modern world has come to depend on elements of cyberspace. With so much at stake, it is not surprising that cyber security has emerged as one of the most important domains within the IT industry. Broadly speaking, cyber security refers to the collective processes and mechanisms by which IT data, infrastructure and services are protected from threats that include damage, disruption, theft, exposure and corruption. Increasing Importance of Cyber Security Cyber security is now viewed as fundamental to the prosperity and overall security of nations worldwide. It is becoming more common for national governments to develop cyber security strategies alongside their national security strategies. In 2009, the British Prime Minister said: Just as in the nineteenth century we had to secure the seas for our national safety and prosperity, and in the twentieth century we had to secure the air, in the twenty first century we also have to secure our position in cyber space in order to give people and businesses the confidence they need to operate safely there. That is why today I am announcing - alongside our updated National Security Strategy - the UK s first strategy for cyber security. More recently, the U.S. President has appointed a national Cyber Security Coordinator and created the Cyber Security Office within the National Security Staff. In May, 2011, the U.S. Cyber Security Coordinator said: I am proud to announce the United States first, comprehensive International Strategy for Cyberspace. The International Strategy is a historic policy document for the 21st Century one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world. Cyber security has become so critical that national governments have had no choice but to become active participants in the protection of cyberspace. At the same time governments alone are unable to take full responsibility for cyber security for everyone. There are far too many independent and interconnected IT environments that must be properly managed to ensure security. 2 SPIRENT WHITE PAPER
7 Responsibility for Cyber Security The majority of enforcement takes place within infrastructure that is owned and operated by smaller entities. This includes IT service providers as well as many types of businesses that maintain their own IT capabilities. It also includes local, state and national government agencies. IT leaders from all these groups must identify cyber security threats, lower their probability of occurrence, reduce their impact and maintain plans for quick recovery from attacks. Of course accomplishing this is no easy task CYBER SECURITY THE BUSINESS PERSPECTIVE Financial Impact Security breaches can cause severe financial damage and in extreme cases can even destroy businesses. Simply put, security is not just a technical problem, it is also a business problem. Consider these examples from some of the major cost categories that may be involved in responding to a successful cyber attack: Loss of revenue during and while recovering from an attack Loss of revenue after recovery due to loss of existing and prospective customers Labor costs and lower productivity for impacted employees Labor costs for resources involved directly in responding to an attack Legal costs related to building a case and prosecuting attackers Legal costs for defending against liability suits and paying damages and fines Increased operational costs due to ongoing regulatory scrutiny, higher insurance premiums and escalating customer acquisition costs The actual costs involved in recovering from a major security breach can be staggering. TJX, the parent company of discount stores T.J. Maxx and Marshalls, disclosed in 2007 that tens of millions of credit and debit cards had been stolen after its systems had been compromised. While a number of the hackers were eventually arrested, that was little consolation to TJX management and shareholders. Initial statements released by TJX estimated costs stemming from the attack to be $25 million. Just a few months later, the company disclosed in an earnings statement that costs would reach $256 million. SPIRENT WHITE PAPER 3
8 Security Disasters The business implications of security breaches go well beyond the immediate costs of recovery. Exposure of trade secrets and other proprietary information can wreak havoc on a company s position within their market. Their competitive advantage may be greatly eroded or completely wiped out when leaked information gets in the hands of competitors. Public relations damage can last a decade or longer, as a generation of customers avoids the business for fear of having their own personal information stolen. Cost Tradeoffs In public cloud computing environments, security breaches can be a lot like airplane crashes in terms of publicity and damage. While automobile accidents rarely make headlines, commercial airline disasters always do. No one wants to be responsible for a public cloud breach that impacts thousands of different companies. That sort of breach is sure to make headlines. Similar to the airline industry, customers hold much higher expectations for public clouds than for their own IT environments. Organizations can spend a nearly unlimited amount of time and money on security, yet some risks will still remain. From this perspective, cyber security can be viewed as an exercise in risk management where costs and budget are part of the security equation. Basic security measures can be applied inexpensively. Then, to achieve higher levels of security, more can be spent to add additional protections. Unfortunately, even with higher and higher spending, there is no way to absolutely guarantee IT security. In fact there is a hidden risk with extremely high levels of security. So many security measures can be applied that it can become difficult to keep an organization running smoothly. If no one can access systems, including legitimate users, the security solution is clearly not working correctly. Similarly, if security measures make performance unacceptable, security is again not achieving its objectives. Security Is An Optimization Problem Many problems in IT involve several interdependent variables. As the last examples show, maximizing security can lead to other problems with related variables such as availability and performance. The solution to this problem is to optimize, rather than maximize, a given variable. So, instead of maximizing security, it should be optimized while taking into consideration other variables such as cost, risk, performance, availability and scalability. An important step in this process is PASS (performance, availability, security and scalability) testing. 4 SPIRENT WHITE PAPER
9 SECURITY THREATS ARE REAL Security Breaches Are All Too Common Major security breaches seem to be a weekly occurrence with every type of organization coming under attack at some point. Even the largest organizations with highly sophisticated cyber security systems can become victims of cyber attacks. Here are several notable examples: In an open letter to RSA customers in 2011, EMC s RSA Security division acknowledged it had identified an extremely sophisticated cyber attack in progress being mounted against RSA. The company, which is a leading provider of two-factor authentication solutions, said data was stolen which could potentially compromise its SecurID tokens. Google revealed through a blog post in 2010 that it had been the victim of a cyber attack that originated in China. The company stated that some of its intellectual property had been stolen and that more than twenty other companies had been victims of the same overall attack. The Sony PlayStation network was hacked in 2011, which brought down the service for several weeks and exposed personal information from about 77 million user accounts. The exposed information included the names, addresses, birthdates and addresses for its users. Unfortunately, the threats which often lead to breaches are so varied, numerous and continuously evolving that they are nearly impossible to list comprehensively. The following categories of attacks provide a general idea of some of the more common cyber security threats: Authentication and authorization attacks Client-side attacks Command execution Information disclosure Logical attacks and physical attacks Some specific attacks include: Eavesdropping Social engineering Denial-of-service Spoofing and buffer overflow There is no single technology available which can address all threats. Yet Cyber security must be addressed thoroughly in order to be effective. SPIRENT WHITE PAPER 5
10 Network, Virtualization and Cloud Security Attacks can take advantage of weaknesses in nearly any component within an IT environment. This includes operating systems, networks, applications, file systems and databases. Components with vulnerabilities may be hardware-based or software based. People themselves are another source of weakness in IT environments since insiders and authenticated users have greater access to protected systems. While vulnerabilities may exist within any component of an IT environment, some areas demand closer attention. Network Security Virtualization and Cloud Computing Networks serve as a key control point for cyber security. They provide an access path for both inside and outside attacks. Without the pervasive interconnectivity provided by public and private networks, cyber security would be a much simpler task. At the same time, the value and effectiveness of IT systems as a whole would be greatly diminished. This means networks must maintain a degree of openness while at the same time protecting against threats. With that said, networks are still not easy to secure. They are complex, require careful configuration and are subject to human errors. Over recent years, the use of virtualization technologies and cloud services has increased dramatically. Like all new technologies, virtualization and cloud computing introduce some new security concerns. For example, gaining access to the hypervisor in a multi-tenant environment would expose a number of virtual machines from different tenants at the same time. This does not mean that either technology is inherently less secure than its predecessors. It does mean, however, that new issues must also be considered in order to maintain adequate protection over emerging threats. IT Leaders Must Take Action Security threats have been growing in scale and sophistication for decades. Twenty years ago, cyber attacks were primarily the domain of hobbyists. Then, as the opportunity for profiting from stolen digital assets grew, criminals took an even larger role. More recently, spies in cases of both government and corporate espionage are leading some of the most technically advanced and resource intensive attacks. Without action, all types of IT organizations risk becoming victims of expensive and damaging cyber attacks. The remainder of this white paper is focused on cyber security for virtualized and cloud computing environments from the network perspective. 6 SPIRENT WHITE PAPER
11 CYBER SECURITY A CLOSER LOOK Security systems for IT environments have grown complex. Some elements are centralized while many more are distributed throughout networks. Some components are hardware-based while others are software-based or come in the form of virtual appliances. Some security systems rely on passive monitoring while others take specific actions to deter threats. Regardless of how they are built or where they are deployed, the entire security system must be tested to verify correct operation across all aspects of PASS. The security system must comprehensively address every part of the network including LAN, WAN, DMZ and any sub-networks. Networks for distributed organizations include additional complexities such as site-to-site, branch office and remote access networks. They may also add additional network security layers such as virtual private networks (VPN), virtual LANS (VLAN) or content based security. Within each portion of the network, organizations may choose to deploy a set of individual security devices, each offering their own particular capabilities. Alternatively, some organizations follow an approach called unified threat management (UTM). With UTM, multiple security capabilities are packaged together in a single device. These may include network firewalling, network intrusion prevention, gateway antivirus (AV), gateway anti-spam and VPN. To ensure performance, availability and scalability are maintained, it is very important to test the interactions between all of the PASS variables on these multi-focus devices. Virtualization and Cloud Computing Security systems must not only help stop threats from entering an organization s network; they must prevent them from spreading. This idea is particularly important when it comes to multitenant virtual and cloud environments. For example, if an intruder gains access to a hypervisor running on a physical server a process called hyper-jacking all of the guest virtual machines (VM) could in turn be compromised. Servers may be the most obvious shared resource within virtual and cloud environments. However, network and storage devices also utilize a variety of virtualization techniques to enable physical resource sharing. Storage area networks (SAN), VLANs and VPNs are all common elements within cloud computing environments. They are all intended to provide secure resource sharing, yet they must still be tested to ensure inter-tenant security. Hypervisors also have internal virtual switches for sending traffic between VMs on the same host. This reduces traffic on network interface cards (NIC) but also adds some complexities and additional security risks. Network engineers must ensure that traffic destined for one VM cannot be leaked to other VMs. Virtual and cloud computing environments share several more unique challenges. Since VMs can move between servers, security policies must be able to follow and remain with them. Yet, without taking great care, VMs can become accessible on a new server before appropriate firewall settings are in place. These environments also make heavy use of software-based or virtual security devices rather than just physical devices. This can lead to challenges around performance and scalability as well as security. SPIRENT WHITE PAPER 7
12 OVERCOMING THE CHALLENGES There are at least two critical steps toward securing virtual and cloud environments. These are proper network design and PASS testing. Designing for Security There is no single answer or best approach for all situations when it comes to designing a secure network for virtual and cloud environments. However, three common options have emerged: Primarily hardware In this case, centralized network devices provide shared services such as firewall and routing for all devices on the network. For example, where VLANs are heavily used in virtual and cloud environments, traffic from all VLAN segments is trunked or brought together on shared network devices. These trunked devices must perform their designated functions while ensuring security. This includes preventing traffic from leaking from one VLAN to another. Primarily software This method is in direct contrast to the hardware focused approach. Rather than centralized physical devices, virtual network components are distributed throughout the network and placed in proximity to the devices or network sub-segments they support. For example, each VM on a server could have its own virtual appliances to provide firewall and anti-virus capabilities. Hybrid mix of hardware and software As with all design decisions, there are tradeoffs between the hardware and software based approaches. For example, hardware-only solutions offer centralized control, yet may require more expensive, higher capacity devices. A hybrid approach allows architects to apply different solutions as needed throughout the network. IT leaders must be free to select the best approach to meet the unique needs of their particular IT organization. Then, whatever the chosen design, they must apply PASS testing to verify that the resulting environment is secure. 8 SPIRENT WHITE PAPER
13 PASS Testing Methodology As mentioned earlier, security involves optimizing a number of interdependent variables. Testing should include those same variables Performance, Availability, Security and Scalability or PASS and should also consider how those variables impact each other. Proper PASS testing includes running a complete database of realistic threats. Importantly, those threats must be tested under real world conditions. This means testing during normal operating conditions as well as during times of peak workloads when infrastructure is severely stressed. In order to validate security, PASS testing must also occur during simulated attack situations. If the testing is not realistic, it will fail to find problems One important, real world attack scenario is the distributed denial of service (DDoS) attack. Resiliency against targeted threats should be tested while under DDoS attack loads. This helps determine if any security components fail to detect threats while under stress. For example, in 2011 when the Sony PlayStation Network was hacked, a DDoS attack was used to assist with and mask more targeted attacks happening simultaneously. Effective PASS testing should combine a variety of test scenarios at the same time. PASS testing should also include test cases that are specific to virtualized and cloud environments. Since VMs can move around within an infrastructure, a variety of tests should be performed to determine whether any vulnerability is created in the process. For example, certain network ports should remain blocked during and after VM migration. PASS testing should be used to determine whether, and for how long, there is a time window when security settings such as blocked ports are out of date. Test cases and procedures for all the above scenarios and others must be developed to achieve the desired results of PASS testing. The Spirent Journal of PASS Test Methodologies is an element of the Spirent test ecosystem that defines and documents the most critical PASS test cases. It includes test methodologies which are intended to help development engineers and product verification engineers rapidly develop and test complex scenarios. Sections like Testing Cloud Application and Security Services help clarify what should be tested and provide step-by-step procedures for doing so. Choosing a Test Solution Security systems are necessary for protecting against cyber threats. Yet they also impact other aspects of IT including performance, availability and scalability. Maximizing any single variable in the PASS equation is likely to have a negative impact on the other variables. IT leaders should choose a test system that provides a holistic view of all PASS variables so that they can be tuned and optimized together. There are many other detailed considerations for selecting a test solution. Automation, test capabilities, and support for the latest technologies must all be evaluated. When it comes to selecting a test solution for virtual and cloud computing environments, three more areas should also be considered: SPIRENT WHITE PAPER 9
14 CONCLUSIONS Design independence A security test solution should work regardless of your security design. It should not matter whether a centralized design based primarily on hardware is chosen, or a distributed design with virtual appliances is used. The test solution should still work. Mixed traffic and encryption A security test solution must be able to generate encrypted traffic such as IPsec VPN and SSL VPN traffic. It should also be able to send secure and attack traffic from the same port and measure performance while sending that traffic. Physical and virtual support A security test solution must work on both physical and virtual infrastructure and test traffic between VMs within same server. Test engineers need solutions that allow them to place test code behind virtual firewalls, allowing one of the VMs to act as a test port. Cyber threats are one of the greatest risks faced by IT organizations today. While government organizations are increasingly involved in cyber security, individual IT organizations still have responsibility for protecting their own assets. Without action, IT organizations of all types risk becoming victims of expensive and damaging cyber attacks. Cyber threats are here to stay, and so is cyber security. IT leaders must identify cyber security threats, lower their probability of occurrence, reduce their impact and maintain plans for quickly recovering from attacks. To do this, they must ensure their teams have the proper resources for protecting against security threats. This includes having an automated test system designed to address all elements of PASS, not just security alone. 10 SPIRENT WHITE PAPER
15 SPIRENT WHITE PAPER 11
16
Securing Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationTHE INS AND OUTS OF CLOUD COMPUTING
THE INS AND OUTS OF CLOUD COMPUTING and Its Impact on the Network April 2010 Rev. A 04/10 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com http://www.spirent.com AMERICAS
More informationOvercoming Security Challenges to Virtualize Internet-facing Applications
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
More informationTesting Challenges for Modern Networks Built Using SDN and OpenFlow
Using SDN and OpenFlow July 2013 Rev. A 07/13 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 sales@spirent.com
More informationA Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model
A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid
More informationGETTING THE PERFORMANCE YOU NEED WITH VDI AND BYOD
GETTING THE PERFORMANCE YOU NEED WITH VDI AND BYOD Overcoming the Challenges of Virtual Desktop Infrastructure (VDI), Desktop-as-a-Service (DaaS) and Bring-Your-Own-Device (BYOD) August 2012 Rev. A 08/12
More informationsecurity in the cloud White Paper Series
security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationVeeam Cloud Connect. Version 8.0. Administrator Guide
Veeam Cloud Connect Version 8.0 Administrator Guide April, 2015 2015 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be
More informationHOLDING THE FORT SECURING YOUR NETWORK WITH APP-AWARE FIREWALL TESTING
HOLDING THE FORT SECURING YOUR NETWORK WITH APP-AWARE FIREWALL TESTING August 2012 Rev. A 08/12 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS
More informationCisco Virtualization Experience Infrastructure: Secure the Virtual Desktop
White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization
More informationTesting Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES
Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationSecure your Virtual World with Cyberoam
White paper Secure your Virtual World with Cyberoam www.cyberoam.com Virtualization The Why and the What... Rising Data Center costs... Ever-increasing demand for data storage... Under-utilized processors...
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationEnterprise A Closer Look at Wireless Intrusion Detection:
White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become
More informationSecuring Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly
Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationNETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes
WHITE PAPER www.brocade.com NETWORK FUNCTIONS VIRTUALIZATION The Top Five Virtualization Mistakes Virtualization is taking the IT world by storm. After years of IT build-out, virtualization suddenly fixes
More informationNetwork Security. Intertech Associates, Inc.
Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationThe Challenges of Securing Hosting Hyper-V Multi-Tenant Environments
#1 Management and Security for Windows Server and Hyper-V The Challenges of Securing Hosting Hyper-V Multi-Tenant Environments by Brien M. Posey In the not too distant past, VMware was the hypervisor of
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationFirewall Migration. Migrating to Juniper Networks Firewall/VPN Solutions. White Paper
White Paper Firewall Migration Migrating to Juniper Networks Firewall/VPN Solutions Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationUnlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre
Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for
More informationSoftware-Defined Networks Powered by VellOS
WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible
More informationMisconceptions surrounding security in a virtualized environment
Misconceptions surrounding security in a virtualized environment Clavister White Paper ization is a boom technology, and it is imperative that this environment is secure as any other part of the network.
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationOVERCOMING THE CHALLENGES OF TODAY S CLOUD REALITY
OVERCOMING THE CHALLENGES OF TODAY S CLOUD REALITY May 2011 Rev. B 05/11 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683
More informationAt dincloud, Cloud Security is Job #1
At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationINSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats
Symantec Enterprise Security WHITE PAPER Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats INSIDE Executive Summary Challenges to securing NAS An effective
More informationSecuring the private cloud
Securing the private cloud Gary Gardiner Security Engineer 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone Top Trends of 2011 1 2 3 4 5 6 7 8 9 Virtualization & Cloud Computing
More informationSecure SSL, Fast SSL
Citrix NetScaler and Thales nshield work together to protect encryption keys and accelerate SSL traffic With growing use of cloud-based, virtual, and multi-tenant services, customers want to utilize virtual
More informationWhite Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments
White Paper SSL vs. IPSec Streamlining Site-to-Site VPN Deployments May 2011 SiteDirect Access. Security. Delivery. Introduction Traditionally, corporate users rely on IPSec for site-to-site access. However,
More informationSecuring Physical and Virtual IT Assets Without Hardware Firewalls or VLANs
white paper Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs A New Approach: An Identity-Aware Network Inside the Perimeter Introduction For security administrators at large
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationDEFENDING THE REMOTE OFFICE: WHICH VPN TECHNOLOGY IS BEST? AUGUST 2004
DEFENDING THE REMOTE OFFICE: WHICH VPN TECHNOLOGY IS BEST? AUGUST 2004 DEFENDING THE REMOTE OFFICE: WHICH VPN TECHNOLOGY IS BEST? EXECUTIVE SUMMARY Using the Internet to connect the distributed small-
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationSoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
More informationHow Network Virtualization can improve your Data Center Security
How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is
More informationThe Evolving Threat Landscape and New Best Practices for SSL
The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationVirtualization Essentials
Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationCisco ASA 5500 Series Business Edition
Cisco ASA 5500 Series Business Edition Cisco ASA 5500 Series Business Edition Provides an All-in-One Security Solution The Cisco ASA 5500 Series Business Edition is an enterprise-strength comprehensive
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationConquering PCI DSS Compliance
Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,
More informationWhat are your firm s plans to adopt x86 server virtualization? Not interested
The benefits of server virtualization are widely accepted and the majority of organizations have deployed virtualization technologies. Organizations are virtualizing mission-critical workloads but must
More informationTop virtualization security risks and how to prevent them
E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationPCI DSS and the A10 Solution
WHITE PAPER PCI DSS and the A10 Solution How Cloud Service Providers Can Achieve PCI Compliance with A10 Thunder ADC and vthunder Table of Contents The Challenge of PCI Compliance... 3 Overview of PCI
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationBuilding Secure Networks for the Industrial World
Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data
More informationHow To Secure Your Business
security In our world and in our time, security is a term that places a tremendous responsibility on the people who claim it. You need to be certain that your security partner demonstrates the right values
More informationSecuring the Intelligent Network
WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationBest Practices for Secure Remote Access. Aventail Technical White Paper
Aventail Technical White Paper Table of contents Overview 3 1. Strong, secure access policy for the corporate network 3 2. Personal firewall, anti-virus, and intrusion-prevention for all desktops 4 3.
More informationTotal Business Continuity with Cyberoam High Availability
White paper Cyberoam UTM Total Business Continuity with Cyberoam High Availability Companies, big and small, must ensure constant availability of their company's network and data and prepare themselves
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationWhite Paper. Architecting the security of the next-generation data center. why security needs to be a key component early in the design phase
White Paper Architecting the security of the next-generation data center A White Paper by Bloor Research Author : Fran Howarth Publish date : August 2011 teams involved in modernization projects need to
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationData Center Security That Accelerates Your Business
Solution Overview Data Center Security That Accelerates Your Business Business today runs at a breakneck pace. Customers want exceptional service, and workers expect instant access to their job tools,
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationInternet Content Provider Safeguards Customer Networks and Services
Internet Content Provider Safeguards Customer Networks and Services Synacor used Cisco network infrastructure and security solutions to enhance network protection and streamline compliance. NAME Synacor
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationSILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE
VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak
More informationWHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System
AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes
More informationUsing LISP for Secure Hybrid Cloud Extension
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK A New Use Case for LISP It s a use
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationProtecting VMs in a Multi-Tenancy Environment
Protecting VMs in a Multi-Tenancy Environment Prepared by: XenServer Engineering www.citrix.com Table of Contents 1. Executive Summary... 3 2. Introduction... 4 3. Preventing Vulnerabilities with XenServer...
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More information12 Security Camera System Best Practices - Cyber Safe
12 Security Camera System Best Practices - Cyber Safe Dean Drako, President and CEO, Eagle Eye Networks Website version of white paper Dean Drako video introduction for cyber security white paper Introduction
More informationEvolving Uses of Technology: Mobility and Cybersecurity
WHITE PAPER Evolving Uses of Technology: Mobility and Cybersecurity March 2012 Conventional security standards and practices cannot keep up with the frequency and sophistication of attacks. EXECUTIVE SUMMARY
More informationThe evolution of data connectivity
Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationHow To Protect Your Data From Being Hacked
Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW
More informationScott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.
Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More information