HughesNet Broadband VPN End-to-End Security Using the Cisco 87x
|
|
- Gwen Bennett
- 8 years ago
- Views:
Transcription
1 HughesNet Broadband VPN End-to-End Security Using the Cisco 87x HughesNet Managed Broadband Services includes a high level of end-to-end security features based on a robust architecture designed to meet the needs of the enterprise customer. APR 2009
2 White Paper HughesNet Broadband VPN End-to-End Security Using the Cisco 87x Introduction Hughes is one of the world s largest providers of managed broadband services to a wide range of enterprise and government customers for whom a high level of end-to-end security is an absolute requirement. This white paper describes the comprehensive security functions, features, and safeguards that Hughes has designed into its HughesNet managed service capabilities. As illustrated in Figure 1, a typical enterprise end-to-end network architecture covers all information paths from the customer premise equipment (CPE) to the Network Operations Center (NOC), and through to the backhaul terminating at the customer datacenter. Figure 1. Enterprise Network APR 2009
3 Customer Premises Equipment (CPE) As illustrated in Figure 2, HughesNet Managed Services employs the Cisco 87x family of routers at customer sites to enable virtual private networks (VPNs). In particular, the Cisco 877 is used for DSL circuits incorporating an integrated modem and connected directly to the twisted pair copper wire jack. The Cisco 871 is used for any non-dsl site and connects to a cable or wireless modem via Ethernet (not shown in the diagram) in order to transmit/receive traffic over the non-dsl broadband access network. In both cases, the modem serves as a Layer 2 bridge and has no routing functionality. Both models, the 871 and 877, provide all the Layer 3 routing, security, and management functions. The following discussion applies to both the 871 and 877, as the same implementation, configuration, and management rules apply. The HughesNet standard configuration of the Cisco 87x router is in a PCI-compliant architecture that does not allow open Internet connectivity. The configuration management system ensures that the router configuration allows only one route, which is to the 3DES IPSec tunnel, terminating at the Hughes NOC. The router s ACL has rules to ensure that all traffic is sent over the tunnel. Within the 3DES IPSec tunnel, HughesNet establishes, maintains, and monitors an L2TP tunnel. All management traffic is transmitted within the 3DES IPSec tunnel, including ICMP pings that are used to determine up/down status of the remote site. In addition, HughesNet can support a PCI-compliant, split-tunneling architecture, which provides simultaneous open Internet and secure tunneling. This requires an Intrusion Detection System (IDS) and/or Intrusion Prevention System (IPS) to maintain proper security of the secured tunnel traffic from the open Internet traffic. This document does not focus on the split-tunneling configuration and only discusses the standard secured tunneling approach. The 3DES IPSec tunnel provides security and encryption functionality protecting all data traffic from the remote site to the Hughes NOC and return. HughesNet supports both Layer 2 and Layer 3 broadband access architectures. For either option, the network only provides connectivity between the remote site and the Hughes NOC. There is no other connectivity allowed since these are private connections. With Layer 3, the Internet is used as a transport network, and the 3DES IPSec VPN tunnel is administered to maintain security. The same 3DES IPSec VPN tunnel used in the Layer 3 case is also used in the Layer 2 case. There is no local (LAN) access to the Cisco 87x to view or modify the configuration. Hence, there is no Figure 2. Hughes Enterprise Access Network
4 unauthorized way to alter the configuration for access to the network. Hughes implements two-factor authentication, and each user has his/her own username/password combination. All configurations are managed at the NOC and are pushed out to the remote sites. Hughes goes to great lengths to ensure proper configuration management. When a specific configuration is sent to the customer site, there are various quality assurance steps. Any potential mis-configuration that could impact security at the remote site is automatically crosschecked against the router s configuration capabilities. For example, if the configuration mistakenly allows open Internet connectivity and there is no IDS or IPS on the CPE, then the configuration management system will not allow the configuration to be sent. It will be reviewed and changed to the correct configuration. Very careful attention is paid to the remote site configuration to ensure proper safety guidelines. Network Operation Center (NOC) In the Hughes NOC, many devices are deployed to provide a high level of service functionality, as well as to maintain and enforce robust security. The Hughes NOC has several functions. First, it aggregates traffic from the remote sites regardless of the access transport used. Second, it provides connectivity to third-party entities such as credit processors. Third, it hosts the functionality to perform the Hughes Proactive Monitoring Service. Fourth, it provides connectivity to the datacenter(s) via a backhaul. All these functions are supported and maintained in a highly secure environment. Figure 3 shows the Hughes NOC architecture. Figure 3. Hughes NOC
5 All NOC equipment requires SSL security for management access with two-factor authentication. The authentication request is logged through an RSA server. It is a standard Hughes security practice to ensure that only authorized personnel have access to the network. Remote Site Aggregation There are four NOC devices to assist in aggregating remote site traffic; the DSL Provider Edge (PE) router, Hughes Internet (Inet) router, the L2TP router, and the IPSec firewall. The DSL PE router and the Hughes Inet router have similar functions. Both directly aggregate traffic, but the DSL PE router supports the Layer 2 network and the Hughes Inet router supports the Layer 3 network. Both routers forward data to the IPSec firewall, then to the LT2P router, and then to the enterprise LAN for transmission to the datacenter(s) or the credit card processor network. The DSL PE Router has no connection to the Internet. This router only aggregates sites served via a private Layer 2 connection, therefore, there are no inherent threats from third-party attacks on the Internet. The only type of attack could be from within the network via the remote site, but since there is no ability to access the Cisco 87x configuration from the remote site, there is no way to alter the configuration to allow for a rogue user to enter the network. The Inet router has access to the Internet to aggregate traffic from sites using the Layer 3 architecture. The router s ACL is set up to access traffic only from a remote site sent over the proper port with the proper protocol. Any third-party entity attempting to gain access to the network would have to emulate a remote site s IP address, emulate the Inet router s IP address, emulate the transport protocol, and send over the correct port. Also, penetration tests and port scans are conducted every three months (per the PCI standard) on the Inet router. After the traffic flows through either the DSL PE router (for Layer 2 traffic) or the Inet router (for Layer 3 traffic), it flows to the IPSec firewall. The IPSec firewall terminates the IPSec tunnel from the 87x located at the remote site. After the IPSec firewall is terminated, the traffic is sent to the L2TP router. The L2TP router terminates the L2TP tunnel. After this tunnel is terminated, the traffic is forwarded to the enterprise LAN for delivery to the corporate headquarters (via the backhaul) or the credit processor network. Third-Party Network Connectivity The credit processor routers have direct communication with the credit processor network. This architecture is supported either with private line access or public secure VPN access. Regardless of the architecture, Hughes, along with the credit card processor, ensures security. Hughes demarcation is the WAN side of the NAT router. The credit processor routers, collocated at the Hughes NOC, are managed by the third party, not by Hughes. Hughes Proactive Monitoring Service The Hughes proactive monitoring router serves to ping the remote sites and does not represent any live enterprise-specific traffic. The proactive monitoring traffic is in the form of Hughes-initiated pings. This management traffic is transmitted over the same 3DES IPSec tunnel as the enterprise data traffic. Optional Firewalls Hughes provides optional firewalls in the NOC. One firewall is used to protect the enterprise LAN from viruses or anomolous traffic. This way, if a remote site is affected, the impact can be quarantined to that site and not impact the corporate network. The second optional firewall is to provide secure Internet access via the NOC. Either open or fenced (white list) Internet access can be provided. The firewall protects the enterprise LAN and remote sites against security threats from the Internet. Backhaul Connectivity The Hughes NOC also supports backhaul connectivity to the datacenter(s) as described in the next section.
6 Backhaul The backhaul network connects the Hughes NOC to the customer datacenter(s). The NOC backhaul routers connect to the enterprise network routers at the datacenter(s). There are two different architectures to support the backhauls. First, there is the private line backhaul, which is supported by the enterprise backhaul router from the NOC. This router is connected to an enterprise router on the enterprise network at the datacenter. As with all the equipment in the NOC, both routers require SSL security for management access with two-factor authentication. The authentication request is logged through an RSA server. There also is an option for an IPSec VPN tunnel from the NOC to the datacenter(s). This is supported by the enterprise backhaul VPN router connected to the enterprise router at the datacenter. Both routers have restricted ACLs that permit only IPSec on the Internet interface for a VPN peer. The IPSec VPN is 3DES strength, using a pre-shared secret key with a 15-minute lifetime. There is no NAT supported for end-user client Internet access. Also, as explained above, SSL security is required for management access with two-factor authentication. The authentication request is logged through an RSA server. Figure 4. Backhaul Architecture
7 Security Management Hughes has been evaluated on various business practices based on Payment Card Industry (PCI) standards. In addition to the configuration of the network, Hughes takes pride in the processes and procedures that are in place in order to maintain its high level of security. This includes a structured and consistent installation procedure ensuring that only the correct configurations are deployed in the network by authorized personnel. Any changes in the network configuration are first reviewed and verified in a test environment before being launched in the production environment by authorized personnel. All critical NOC component configurations are reviewed and anti-virus programs run on a consistent basis. Additionally, Hughes has a process in place to identify new security risks and test the network for vulnerabilities. Logging occurs in case of unauthorized access to a critical NOC component. Lastly, Hughes strictly adheres to both physical and logical security. Only authorized personnel are allowed in controlled areas. Two-factor authentication is consistently used for logical access to sensitive equipment. Summary From the CPE to the NOC to the backhaul, all components in the HughesNet managed broadband service architecture have robust security. This has been validated by the successful PCI review of the HughesNet Managed Services conducted by the Cardholder Information Security Program (CISP) in By adhering to PCI standards, not only does Hughes provide strong protection and security for customer traffic, but the processes and procedures used for implementation, monitoring, and change management call for continuous improvement. The end result is a highly secure and reliable HughesNet managed broadband VPN service for even the most demanding enterprise customer. Proprietary Statement All rights reserved. This publication and its contents are proprietary to Hughes Network Systems, LLC. No part of this publication may be reproduced in any form or by any means without the written permission of Hughes Network Systems, LLC, Exploration Lane, Germantown, Maryland HUGHES, HughesNet, IPoS, TurboPage, SPACEWAY, AIReach, Broadband Unbound, and Connect to the future are trademarks of Hughes Network Systems, LLC. All other trademarks are the property of their respective owners Hughes Network Systems. LLC. All information is subject to change. All rights reserved. HUGHES PROPRIETARY H39083 ID APR Exploration Lane Germantown, MD USA
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationHughesNet High Availability VPN
HughesNet High Availability VPN HughesNet High Availability VPNs provide a nationwide solution expressly designed to deliver cost-effective, highly available IP networking for distributed enterprises using
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationREDCENTRIC MANAGED FIREWALL SERVICE DEFINITION
REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationState of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY
State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationConfiguring an IPsec VPN to provide ios devices with secure, remote access to the network
Configuring an IPsec VPN to provide ios devices with secure, remote access to the network This recipe uses the IPsec VPN Wizard to provide a group of remote ios users with secure, encrypted access to the
More informationConfiguring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router
print email Article ID: 4938 Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router Objective Virtual Private
More informationOptimizing Networks for NASPI
Optimizing Networks for NASPI Scott Pelton, CISSP National Director AT&T Enterprise Network Architecture Center 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationNovember 2013. Defining the Value of MPLS VPNs
November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do
More informationWICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationUniversal Network Access Policy
Universal Network Access Policy Purpose Poynton Workmens Club makes extensive use of network ed Information Technology resources to support its research and administration functions and provides a variety
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationSmart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationImplementing Secured Converged Wide Area Networks (ISCW) Version 1.0
COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.
More informationIP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationEnterprise VPNs: Choose Performance, Reliability, and Low Cost
Enterprise VPNs: Choose Performance, Reliability, and Low Cost IT executives are always asked to provide more with less, particularly in this challenging economic environment. There is constant pressure
More informationCisco Virtual Office Express
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationVirtual Private Networks Secured Connectivity for the Distributed Organization
Virtual Private Networks Secured Connectivity for the Distributed Organization FORTINET VIRTUAL PRIVATE NETWORKS PAGE 2 Introduction A Virtual Private Network (VPN) allows organizations to securely connect
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationWAN Failover Scenarios Using Digi Wireless WAN Routers
WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationWATCHGUARD FIREBOX SOHO 6TC AND SOHO 6
WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6 FIREWALL AND VPN APPLIANCES FOR SMALL BUSINESSES AND BRANCH OFFICES Today, complete Internet security goes beyond a firewall. Firebox SOHO 6tc and SOHO 6 are dedicated
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationWAN Traffic Management with PowerLink Pro100
Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More informationNetwork Services Internet VPN
Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order
More informationNEN Community REANNZ. Design Statement: NEN Edge Device
TO FROM NEN Community REANNZ DATE June 2010 SUBJECT Design Statement: NEN Edge Device Background This National Education Network (NEN) design statement was developed by REANNZ with input from the relevant
More informationChapter 1 Instructor Version
Name Date Objectives: Instructor Version Explain how multiple networks are used in everyday life. Explain the topologies and devices used in a small to medium-sized business network. Explain the basic
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationInternet Content Provider Safeguards Customer Networks and Services
Internet Content Provider Safeguards Customer Networks and Services Synacor used Cisco network infrastructure and security solutions to enhance network protection and streamline compliance. NAME Synacor
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationLab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM
Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationSolutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.
Solutions Guide Secure Remote Access Allied Telesis provides comprehensive solutions for secure remote access. Introduction The world is generating electronic data at an astonishing rate, and that data
More informationIntroduction. Technology background
White paper: Redundant IP-VPN networks Introduction IP VPN solutions based on the IPsec protocol are already available since a number of years. The main driver for these kinds of solutions is of course
More informationADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access
Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationBased on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.
30. VoIP Example 3 (VoIP over VPN) Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel. In this example 3300V
More informationConfiguring IPsec VPN with a FortiGate and a Cisco ASA
Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationTable of Contents. Introduction
viii Table of Contents Introduction xvii Chapter 1 All About the Cisco Certified Security Professional 3 How This Book Can Help You Pass the CCSP Cisco Secure VPN Exam 5 Overview of CCSP Certification
More informationIPsec VPN Application Guide REV: 1.0.0 1910010876
IPsec VPN Application Guide REV: 1.0.0 1910010876 CONTENTS Chapter 1. Overview... 1 Chapter 2. Before Configuration... 2 Chapter 3. Configuration... 5 3.1 Configure IPsec VPN on TL-WR842ND (Router A)...
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationJOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01
JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment
More informationHow To Configure L2TP VPN Connection for MAC OS X client
How To Configure L2TP VPN Connection for MAC OS X client How To Configure L2TP VPN Connection for MAC OS X client Applicable Version: 10.00 onwards Overview Layer 2 Tunnelling Protocol (L2TP) can be used
More informationVPN Wizard Default Settings and General Information
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
More informationSecure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity
Secure Remote Monitoring of the Critical System Infrastructure An Application Note from the Experts in Business-Critical Continuity TABLE OF CONTENTS Introduction................................................2
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationUsing a VPN with Niagara Systems. v0.3 6, July 2013
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationCisco SR 520-T1 Secure Router
Secure, High-Bandwidth Connectivity for Your Small Business Part of the Cisco Small Business Pro Series Connections -- between employees, customers, partners, and suppliers -- are essential to the success
More informationSecurely Deliver Remote Monitoring and Service to Critical Systems. A White Paper from the Experts in Business-Critical Continuity TM
Securely Deliver Remote Monitoring and Service to Critical Systems A White Paper from the Experts in Business-Critical Continuity TM Executive Summary As a leading equipment manufacturer of critical infrastructure
More informationAdded Security for your Traffic Signal Network
Purpose You can use the information in this document to help secure Internet Protocol (IP) Networks that contain traffic control devices. The focus of this document is IP communications security, not Serial
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationLink Layer and Network Layer Security for Wireless Networks
White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R F l e x i b l e N e t w o r k - B a s e d, E n t e r p r i s e - C l a s s I P
More informationISG50 Application Note Version 1.0 June, 2011
ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,
More informationWireless Controller DWC-1000
Network Architecture Manage up to 6 wireless APs, upgradable to 24 APs 1 per controller Control up to 24 wireless APs, maximum 96 APs 1 per cluster Robust Network Security Wireless Instruction Detection
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationViewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355
VPN This chapter describes how to configure Virtual Private Networks (VPNs) that allow other sites and remote workers to access your network resources. It includes the following sections: About VPNs, page
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationIPv6 Fundamentals, Design, and Deployment
IPv6 Fundamentals, Design, and Deployment Course IP6FD v3.0; 5 Days, Instructor-led Course Description The IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 course is an instructor-led course that
More informationFirewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationVPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert
VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert Contents: 1.0 Introduction p2 1.1 Ok, what is the problem? p2 1.2 Port Forwarding and Edge based Solutions p2 1.3 What is a VPN? p2 1.4
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationPolicies and Procedures
Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,
More information