Scalable Secure Remote Access Solutions
|
|
- Tracey Walton
- 8 years ago
- Views:
Transcription
1 Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant Scott Friberg Solutions Architect Cisco Systems, Inc. Jeffrey A. Shearer, CISSP, PMP Principal Security Consultant Rev 5058-CO900C Copyright 2012 Rockwell Automation, Inc. All rights reserved.
2 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations
3 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Reference Material
4 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Reference Material Verticals/CPwE/CPwE_chapter6.html
5 Reference Material Publications numbers 1783-in005_-en-p.pdf 1783-um003_-ene.pdf Copyright 2012 Rockwell Automation, Inc. All rights reserved.
6 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Reference Material Buy and read operating system reference materials Invest in yourself
7 Copyright 2012 Rockwell Automation, Inc. All rights reserved. What is remote access? In order to answer this question you need to define the requirements What problems are you trying to solve and identify who has the problem? Requirements generation makes the designer consider Users / User Personas Problem Statements (i.e. what problem are we trying to solve?) Use Cases Users / User Personas Problem Statements Use Cases OEM, System Integrator Engineering Help Maintenance Troubleshoot Use Case : Remote Access from Hotel Room An OEM, SI Engineer is in a hotel and must help the customer troubleshoot a PLC or HMI program. The engineer uses the hotel internet connection and connects security to the machine at the customer site and is able to view PLC or HMI code.
8 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 8 Remote Access Requirements (1) Required to view a machine s ControlLogix processor from a hotel room to help troubleshoot the system OEM, SI, Engineer Factory Processing Filling Material Handling
9 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 9 Remote Access Requirements (2) Required to transfer a file containing ControlLogix code from a laptop to a manufacturing workstation. OEM, SI, Engineer Factory Processing Filling Material Handling
10 Remote Access Requirements (3) View manufacturing data from FactoryTalk VantagePoint to decision makers who are located in the enterprise (office) zone Data Center FactoryTalk Processing Filling Material Handling VantagePoint Server Copyright 2012 Rockwell Automation, Inc. All rights reserved.
11 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Copy 11 Remote Access Challenges Industrial Automation and Control System (IACS) applications are often managed by plant personnel, while enterprise-level remote access solutions such as VPNs are the responsibility of the IT organization. Remote access can expose critical IACS applications to viruses, malware and other risks that may be present when using remote or partner computers, potentially impacting manufacturing Limiting the accessibility to only functions that are appropriate for remote users
12 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations
13 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Controlling Access to the Manufacturing Zone Level 5 Level 4 , Intranet, etc. Router Enterprise Network Site Business Planning and Logistics Network Enterprise Zone Terminal Services Patch Management AV Server Historian Mirror Web Services Operations Application Server Firewall Web CIP DMZ Level 3 FactoryTalk Application Server FactoryTalk Directory Engineering Workstation Domain Controller Firewall Site Manufacturing Operations and Control Manufacturing Zone Level 2 Level 1 FactoryTalk Client Batch Control Operator Interface Discrete Control FactoryTalk Client Drive Control Engineering Workstation Continuous Process Control Operator Interface Safety Control Area Supervisory Control Basic Control Cell/Area Zone Level 0 Sensors Drives Actuators Robots Process No Direct Traffic Flow from Enterprise to Manufacturing Zone
14 Copyright 2012 Rockwell Automation, Inc. All rights reserved. High Level Architecture Review Remote access involves cooperation between: Enterprise Zone Information Technologies (IT) and infrastructure of the facility Automation Demilitarized Zone (Automation DMZ) To design it requires knowledge of data that must move from the plant to enterprise systems Manufacturing Zone Cell and Area devices Industrial Protocols
15 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Enterprise Zone Enterprise Zone Levels 4 & 5 owned by Information Technologies (IT) Traditionally some VLAN s in place Campus to Campus communications IT knowledgeable with routing and firewalls IT will provide VPN Services for remote access You need to work with the IT personnel to get access to the DMZ
16 Automation DMZ Automation DMZ Shared ownership by IT and Manufacturing professionals Designed to replicate services and data Remote Access Services (Terminal Services) located here Typically IT owns firewalls IT configures the switches on behalf of Manufacturing professionals Manufacturing professionals own DMZ terminal servers, application servers, patch management servers Copyright 2012 Rockwell Automation, Inc. All rights reserved.
17 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Manufacturing Zone Divide plant into functional areas for secured access ISA-SP99 Zones and Conduit model OEM s / System Integrator / Engineering Participation Required IP Address VLAN ID s Access layer to Distribution layer cooperation System design requires full cooperation of all asset owners
18 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations
19 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Demilitarized Zone (DMZ) Sometimes referred to a perimeter network that exposes an organizations external services to an untrusted network. The purpose of the DMZ is to add an additional layer of security to the trusted network Internet UNTRUSTED Web Proxy BROKER DMZ TRUSTED
20 DMZ Topology Firewall(s) Enterprise Interface DMZ Interface Manufacturing Interface Firewalls are used to block or allow access to devices on these interfaces based on a set of rules There will be assets like switches and servers that are part of the DMZ Copyright 2012 Rockwell Automation, Inc. All rights reserved. Copy 20
21 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations
22 22 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Technologies Allows user to remotely view and control another computer. The user will see the remote computer s screen while sending keystrokes and mouse movements to the remote computer. Two options of Remote Desktop Technologies being discussed today Option 1 Host a Remote Desktop Session from the Cisco Firewall Option 2 Host a Remote Desktop Session from a Microsoft Windows Server 2008 R2 Computer Option 1 Remote Desktop Client Remote Desktop Client Option 2 Firewall: Secure RDP Session Host MS 2008 R2 Secure RDP Session Host Remote Desktop Remote Desktop
23 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Protocol Via Cisco Firewall Remote Desktop Gateway functionality hosted from the Cisco ASA Firewall Same user experience as Microsoft Remote Desktop Gateway Configure Firewall to host the RDP session Come to AF Network & Security Booth to see how well this solution works.
24 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved.
25 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved.
26 Remote Desktop Protocol Via Cisco Firewall Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2012 Rockwell Automation, Inc. All rights reserved.
27 Remote Desktop Protocol Via Cisco Firewall Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2012 Rockwell Automation, Inc. All rights reserved.
28 Remote Desktop Protocol Via Cisco Firewall Copyright 2011 Rockwell Automation, Inc. All rights reserved. Copyright 2012 Rockwell Automation, Inc. All rights reserved.
29 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Protocol Via Cisco Firewall Connect to the outside of the Cisco firewall via a web browser (SSL) session by opening a web browser. Continue to inside assets via Remote Desktop Protocol
30 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved. 30
31 Remote Desktop Protocol Via Cisco Firewall Copyright 2012 Rockwell Automation, Inc. All rights reserved.
32 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Gateway Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2. Enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users and internal network resources
33 Remote Access via Remote Desktop Gateway (HTTPS) Copyright 2012 Rockwell Automation, Inc. All rights reserved.
34 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Session Host CALs Anyone who wants to connect to a Remote Desktop Session Host (Terminal Server) must have a Client Access License (CAL) Consult Microsoft to Validate your CAL questions
35 Remote Access Demo: Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved.
36 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Remote Desktop Gateway Configuration Add Remote Desktop Role Connection Authorization Policies (Users) Resource Authorization Policies (Computers) Export / Import Certificates
37 Remote Desktop Gateway Configuration Copyright 2012 Rockwell Automation, Inc. All rights reserved. 37
38 Remote Desktop Gateway Configuration Copyright 2012 Rockwell Automation, Inc. All rights reserved. 38
39 Remote Access Demo : Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved. 39
40 Remote Access Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 40
41 Copyright 2012 Rockwell Automation, Inc. All rights reserved. Agenda and Topic List What is Remote Access? What are the requirements? Secured remote Access Architectures DMZ Architectures Remote Desktop Protocol (RDP) Discussion & Demonstrations Secured File Transfer & Reverse Web Proxy Demonstrations
42 Secured File Transfer: Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved.
43 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 43 Secured Shell (SSH) Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network This demo is running OpenSSH server on Linux You can use an SSH server on Windows as well
44 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 44
45 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 45
46 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 46
47 Secured File Transfer: Demo Copyright 2012 Rockwell Automation, Inc. All rights reserved. 47
48 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 48 Reverse Web Proxy Evolution Website servers required protection from web users without depriving them of those services. In the summer of 1996, the Apache HTTP project wrote an add-on module in the Apache 1.1 web server Retrieves resources on behalf of a client from one or more servers. Hide the existence and characteristics of the origin server(s). Internet Pre 1996 Post 1996 Reverse Router Proxy Web Server Web Server
49 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 49 Reverse Web Proxy During the early years of the Internet, website administrators recognized the need to prevent their servers from being accessible to web users without depriving them of those services. In the summer of 1996, the Apache HTTP project wrote an add-on module called mod_proxy in the Apache 1.1 web server that allowed it to act like a reverse proxy server. A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though it originated from the reverse proxy itself. Reverse proxies can hide the existence and characteristics of the origin server(s).
50 Reverse Web Proxy: Architecture Copyright 2012 Rockwell Automation, Inc. All rights reserved. 50
51 Copyright 2012 Rockwell Automation, Inc. All rights reserved. 51 Summary Remote Access involves requirements generation Identifying users and support systems that require access from the enterprise to the manufacturing zone Identifying data flow, source and destination for firewall rule creation Often times minimal remote access strategies involving visibility and file transfer DMZ s for separation of enterprise and manufacturing zones recommended Security must be part of remote access design
52 Thank you for participating! Please remember to tidy up your work area for the next session. We want your feedback! Please complete the session survey! Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn. Rev 5058-CO900C Copyright 2012 Rockwell Automation, 52 Inc. All rights reserved.
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationSimplifying the Transition to Virtualization TS17
Simplifying the Transition to Virtualization TS17 Name Sandeep Redkar Title Manager Process Solutions Date 11 th February 2015 Agenda Overview & Drivers Virtualization for Production Rockwell Automation
More informationAUP28 - Implementing Security and IP Protection
AUP28 - Implementing Security and IP Protection Features in the Integrated Architecture Mads Laier DK Commercial Engineer Logix & Networks Rev 5058-CO900E Agenda Why IACS Security Now! Defense in depth
More informationDas sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen
Das sollte jeder ITSpezialist über Automations- und Produktionsnetzwerke wissen Frank Schirra, Rockwell Automation Solution Architect Edi Truttmann, Cisco Systems Network Solution Sales Specialist 2012
More informationIndustrial Security Solutions
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
More informationSecuring The Connected Enterprise
Securing The Connected Enterprise Pack Expo 2015 Las Vegas Chelsea An Business Development Lead, Network & Security PUBLIC Copyright 2015 Rockwell Automation, Inc. All Rights Reserved. 8 Connected Enterprise
More informationNetwork Security Trends & Fundamentals of Securing EtherNet/IP Networks
Network Security Trends & Fundamentals of Securing EtherNet/IP Networks Presented by Rockwell Automation Industrial Network Security Trends Security Quips "Good enough" security now, is better than "perfect"
More informationComputer System Security Updates
Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),
More informationThe Internet of Things (IoT) and Industrial Networks. Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015
The Internet of Things (IoT) and Industrial Networks Guy Denis gudenis@cisco.com Rockwell Automation Alliance Manager Europe 2015 Increasingly Everything will be interconnected 50 Billion Smart Objects
More informationT46 - Integrated Architecture Tools for Securing Your Control System
T46 - Integrated Architecture Tools for Securing Your Control System PUBLIC PUBLIC - 5058-CO900G Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. The Connected Enterprise PUBLIC Copyright
More informationProduction Software Within Manufacturing Reference Architectures
Production Software Within Manufacturing Reference Architectures Synopsis Industry adoption of EtherNet/IP for control and information has driven the wide deployment of standard Ethernet for manufacturing
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationVirtualization In Manufacturing Industries. Copyright 2012 Rockwell Automation, Inc. All rights reserved.
Virtualization In Manufacturing Industries Rev 5058-CO900C What is Virtualization? Traditionally the OS and its applications were tightly coupled to the hardware they were installed on Virtualization breaks
More informationAUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)
AUP28 Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS) Clive Barwise, Rockwell Automation European Product Manager Networks and Security
More informationRequirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module
Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common
More informationAchieving Secure, Remote Access to Plant-Floor Applications and Data
Achieving Secure, Remote Access to Plant-Floor Applications and Data Abstract To increase the flexibility and efficiency of production operations, manufacturers are adopting open networking standards for
More informationPR03. High Availability
PR03 High Availability Related Topics NI10 Ethernet/IP Best Practices NI15 Enterprise Data Collection Options NI16 Thin Client Overview Solution Area 4 (Process) Agenda Overview Controllers & I/O Software
More informationREFERENCE ARCHITECTURES FOR MANUFACTURING
Synopsis Industry adoption of EtherNet/IP TM for control and information resulted in the wide deployment of standard Ethernet in manufacturing. This deployment acts as the technology enabler for the convergence
More informations@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]
s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More informationExtending FactoryTalk View Site Edition with Microsoft's Remote Desktop Services
Extending FactoryTalk View Site Edition with Microsoft's Remote Desktop Services FactoryTalk View Site Edition Lab PUBLIC INFORMATION A View for Every Manufacturing Scenario FactoryTalk View Machine Edition
More informationSecuring the Connected Enterprise
Securing the Connected Enterprise ABID ALI, Network and Security Consultant. Why Infrastructure Matters Rapidly Growing Markets Global Network Infrastructure and Security Markets 13.7% CAGR over the next
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationDMZ Network Visibility with Wireshark June 15, 2010
DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ
More informationVirtualized System Reduces Client s Capital and Maintenance Costs
Virtualized System Reduces Client s Capital and Maintenance Costs Insert Photo Here Steve Malyszko, P. E. President Steve Schneebeli Lead Systems Engineer Rockwell Automation Process Solutions User Group
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use TMG network templates Abstract In this article I will show
More informationScalable, Secure Remote Monitoring Solutions Stay a step ahead by remotely monitoring your critical assets
Scalable, Secure Remote Monitoring Solutions Stay a step ahead by remotely monitoring your critical assets PUBLIC PUBLIC - 5058-CO900G Why Is This Important? What s Driving This Need? Customer Impact It
More informationWhy a Reverse Proxy with My Instant Communicator for mobiles??
Why a Reverse Proxy with My Instant Communicator for mobiles?? INTEGRATED COMMUNICATION SYSTEMS 8AL020043359DRARA, February 2010 What is OmniTouch 8600 My Instant Communicator? Is an aggregator of all
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationProcess Control Networks Secure Architecture Design
Process Control Networks Secure Architecture Design Guest Speaker Robert Alston Principle Lead Network and Security Consultant Over 25 years network experience including design, implementation, troubleshooting
More informationTesting New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM
Testing New Applications In The DMZ Using VMware ESX Ivan Dell Era Software Engineer IBM Agenda Problem definition Traditional solution The solution with VMware VI Remote control through the firewall Problem
More informationInTouch Access Anywhere
InTouch Access Anywhere InTouch Access Anywhere is the latest capability of InTouch, enabling you to gain more out of your existing assets and resources. We unlock the value of your existing plant data
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationAssociate in Science Degree in Computer Network Systems Engineering
Moorpark College Associate in Science Degree in Computer Network Systems Engineering To earn an Associate in Science Degree with a major in Computer Network Systems Engineering, students complete 40.5-45
More informationChoosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application
Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application By: Josh Matson Various Time Synchronization Protocols From the earliest days of networked
More informationSecuring Manufacturing Control Networks. Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014
Securing Manufacturing Control Networks Alan J. Raveling, CISSP November 2 nd 5 th Pack Expo 2014 As Internet-enabled technologies such as cloud and mobility grow, the need to understand the potential
More informationINTRODUCTION TO VMWARE PRODUCT SUITE: VIRTUALIZATION SOLUTIONS
explore EXPO INTRODUCTION TO VMWARE PRODUCT SUITE: VIRTUALIZATION SOLUTIONS Jim Lass, Information Solutions Manager, Van Meter Inc. Jason Sinclair, IT Systems Engineer, Van Meter Inc. explore EXPO Agenda
More informationSTERLING SECURE PROXY. Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com
STERLING SECURE PROXY Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com Agenda Terminology Proxy Definition Sterling Secure Proxy Overview Architecture Components Architecture Diagram
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationSecure Remote Support
Secure Remote Support - Monitor, Manage, Configure remote assets - Cloud Based Data Collection Tom Peshek Program Manager Remote Services and Support - 5058-CO900G Remote Monitoring and Diagnostics Value
More informationVMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.
VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.com) Copyright 2008 EMC Corporation. All rights reserved. Agenda
More informationRemote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.
Remote Desktop Gateway Accessing a Campus Managed Device (Windows Only) from home. Contents Introduction... 2 Quick Reference... 2 Gateway Setup - Windows Desktop... 3 Gateway Setup Windows App... 4 Gateway
More informationControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions
Network Segmentation Methodology Application Guide ControlLogix and CompactLogix 5370 Segmentation Methods for Plant-wide/ Site-wide Networks with OEM Convergence-ready Solutions By Josh Matson and Gregory
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationScalable Secure Remote Access Solutions for OEMs
Scalable Secure Remote Access Solutions for OEMs Introduction Secure remote access to production assets, data, and applications, along with the latest collaboration tools, provides manufacturers with the
More informationBuilding Secure Networks for the Industrial World
Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data
More informationLab 5.5.3 Developing ACLs to Implement Firewall Rule Sets
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationNetwork Configuration Settings
Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices
More informationWW HMI SCADA-08 Remote Desktop Services Best Practices
Slide 1 WW HMI SCADA-08 Remote Desktop Services Best Practices Steven L. Weygandt Portfolio Product Manager - Device Integration /Wonderware social.invensys.com @InvensysOpsMgmt / #SoftwareRevolution /InvensysVideos
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationFundamentals of Windows Server 2008 Network and Applications Infrastructure
Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure
More informationRedesigning automation network security
White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The
More informationBuilding a Reporting and Analytics System Connected Enterprise Seminar
Manufacturing Intelligence, de stuwende kracht om in een Connected Enterprise snel accurate beslissingen te nemen om de bedrijfsprestaties te optimaliseren. Building a Reporting and Analytics System Connected
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
More informationFactoryTalk Historian Site Edition Architectures and Design Considerations
FactoryTalk Historian Site Edition Architectures and Design Considerations PUBLIC INFORMATION Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. Agenda Related Sessions FactoryTalk Historian
More informationProfessional Integrated SSL-VPN Appliance for Small and Medium-sized businesses
Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationEase Server Support With Pre-Configured Virtualization Systems
Ease Server Support With Pre-Configured Virtualization Systems Manufacturers and industrial production companies are increasingly challenged with supporting the complex server environments that host their
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationStratix 5700 Network Address Translation. Quick Start
Stratix 5700 Network Address Translation Quick Start Important User Information Solid state equipment has operational characteristics differing from those of electromechanical equipment. Safety Guidelines
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationLesson 5: Network perimeter security
Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
More informationSANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises
SANS Technology Institute Group Discussion/Written Project The Rapid Implementation of IPv6 at GIAC Enterprises 12/9/2010 Stacy Jordan Beth Binde Glen Roberts Table of Contents Executive Summary 3 Background
More informationCommon Remote Service Platform (crsp) Security Concept
Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationFirewall Environments. Name
Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting
More informationDesigning and Implementing a Server Infrastructure
Course 20413C: Designing and Implementing a Server Infrastructure Course Details Course Outline Module 1: Planning Server Upgrade and Migration This module explains how to plan a server upgrade and migration
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationCNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions
CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions Overview The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure,
More informationSecure Web Appliance. Reverse Proxy
Secure Web Appliance Reverse Proxy Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About Reverse Proxy... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationSECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS
SECURING NETWEAVER DEPLOYMENTS A RSACCESS WHITE PAPER SECURING NETWEAVER DEPLOYMENTS 1 Introduction 2 NetWeaver Deployments 3 Safe-T RSAccess Overview 4 Securing NetWeaver Deployments with Safe-T RSAccess
More informationChapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationSFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
More informationTF02 Virtualization in Manufacturing
TF02 Virtualization in Manufacturing PUBLIC INFORMATION Copyright 2014 Rockwell Automation, Inc. All Rights Reserved. 2 Agenda Overview Virtualization for Engineers Virtualization for Production Virtualization
More informationCOURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE
COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE MODULE 1: PLANNING SERVER UPGRADE AND MIGRATION This module explains how to plan a server upgrade and migration strategy. Considerations
More informationVoIP Telephony Network Security Considerations TR41.4.4 01-11-018. Title: VoIP Telephone Network Security Architectural Considerations
VoIP Telephony Network Security Considerations TR41.4.4 01-11-018 Standards Project: PN-3-4462-URV Title: VoIP Telephone Network Security Architectural Considerations Source: 170 West Tasman Dr. San Jose,
More informationDEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS. Single Computer running I m InTouch with a DSL or Cable Modem Internet Connection
DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS Introduction I m InTouch is a personal remote access application that allows a user to access the data on his or her PC from a remote location,
More informationBarracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK
Barracuda Networks Technical Documentation Barracuda SSL VPN Administrator s Guide Version 2.x RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks, Inc. www.barracuda.com v20-110511w-02-110915jc
More informationSecurity perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders
Network Security Part 2: protocols and systems (f) s and VPNs (overview) Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Security perimeter Insider - Access control,
More informationIgnify ecommerce. Item Requirements Notes
wwwignifycom Tel (888) IGNIFY5 sales@ignifycom Fax (408) 516-9006 Ignify ecommerce Server Configuration 1 Hardware Requirement (Minimum configuration) Item Requirements Notes Operating System Processor
More informationT16 Information on the Go: Mobility Solutions
T16 Information on the Go: Mobility Solutions Andrew Ellis Manager, Commercial Engineering Information Software Copyright 2012 Rockwell Automation, Inc. All rights reserved. 1 2 How we think of mobile
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationEXAM - 70-980. Recertification for MCSE: Server Infrastructure. Buy Full Product. http://www.examskey.com/70-980.html
Microsoft EXAM - 70-980 Recertification for MCSE: Server Infrastructure Buy Full Product http://www.examskey.com/70-980.html Examskey Microsoft 70-980 exam demo product is here for you to test the quality
More informationDeploy Remote Desktop Gateway on the AWS Cloud
Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4
More informationFirewalls and Network Defence
Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand
More informationACADEMIC PROGRAM REVIEW PC AGE 145 TALMADGE ROAD EDISON, NJ 08817 REVIEW DATE. Report Amended October 2011
ACADEMIC PROGRAM REVIEW of PC AGE 145 TALMADGE ROAD EDISON, NJ 08817 REVIEW DATE May 12-13, 2011 Report Amended October 2011 Table of Contents PC AGE Organizational Profile... 3 Academic Program Review
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More information