Department of Technology, Management and Budget (DTMB) Solutions. April 2013



Similar documents
Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

City of Coral Gables

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

PortWise Access Management Suite

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

iphone in Business How-To Setup Guide for Users

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Microsoft Windows Intune: Cloud-based solution

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

The User is Evolving. July 12, 2011

Introduction to Cyber Security / Information Security

ipad in Business Mobile Device Management

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

AVeS Cloud Security powered by SYMANTEC TM

Mobile Device Management A Functional Overview

ACME Enterprises IT Infrastructure Assessment

Introduction to Endpoint Security

iphone in Business Mobile Device Management

Athena Mobile Device Management from Symantec

WHITE PAPER. Mobility Services Platform (MSP) Using MSP in Wide Area Networks (Carriers)

PortWise Access Management Suite

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Sichere Virtualisierung mit VMware

Network Security Guidelines. e-governance

Decrease your HMI/SCADA risk

Industrial Security for Process Automation

MaaS360 Mobile Service

Network Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Solving the Desktop Dilemma

Cisco Secure Access Control Server 4.2 for Windows

Oracle Desktop Virtualization

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Proof of Concept Guide

Radia Cloud. User Guide. For the Windows operating systems Software Version: Document Release Date: June 2014

Virtuelle WLAN Controller Alcatel Lucent Wireless LAN Instant AP

SofaWare Management Architecture Basics

Managed Services. Business Intelligence Solutions

LAW ENFORCEMENT INFORMATION NETWORK INFORMATION MANUAL

Commercial Practices in IA Testing Panel

Case Study of Mobile Implementations at OPPD. April 17 th 2012

BYOD: BRING YOUR OWN DEVICE.

LANDesk Management Suite 9.0. Getting started with Patch Manager

Goals. Understanding security testing

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

Chris Boykin VP of Professional Services

Security Considerations for DirectAccess Deployments. Whitepaper

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Symantec Mobile Management for Configuration Manager 7.2

Quick Start 5: Introducing and configuring Websense Cloud Web Security solution

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

PCI Requirements Coverage Summary Table

Implementing and Supporting Microsoft Windows XP Professional

ICANWK406A Install, configure and test network security

Microsoft Enterprise Mobility Suite

State of Texas. TEX-AN Next Generation. NNI Plan

A Guide to New Features in Propalms OneGate 4.0

Payment Card Industry Data Security Standard

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

How To Ensure The C.E.A.S.A

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Client Security Risk Assessment Questionnaire

Network Documentation Checklist

The Bomgar Appliance in the Network

Symphony Plus Cyber security for the power and water industries

USER GUIDE: MaaS360 Financial IT Reg Enforcement Service

AirWatch Solution Overview

On Demand Penetration Testing Applications Networks Compliance.

ManageEngine Desktop Central Training

Mobility Challenges & Trends The Financial Services Point Of View

Embracing Complete BYOD Security with MDM and NAC

Security Policy for External Customers

Technical Brief: Virtualization

USER GUIDE: MaaS360 Services

Protecting productivity with Plant Security Services

Mobile Device Strategy

Vendor Questions regarding Valley Transit District RFP No. 017 Demand Response System Management Software Solution and Mobile Data Computers

Transcription:

Department of Technology, Management and Budget (DTMB) Solutions April 2013

Agenda History Overview Cellular Wi-Fi Private Radio Network Mobile VPN Computers Mobile LEIN Client Future Closing Questions and Answers

Michigan State Police Mobile Data 1998 2008 MSP started adding Local, Mobile Data Equipment to MSP Cars Grand Haven Mobile Data Terminals Mt Pleasant Computer purchased by Tribes Kent County Private Radio Network MSP Metro Post Bio-Key Mobile Cop over 1 st Generation Cellular

Michigan State Police / Communications 1995 Present Start Construction of Michigan Public Safety Communication System (7 Zones / 184 Sites) Built 7 Dispatch Centers Bay City, Detroit, Gaylord, Lansing, Negaunee, Paw Paw, and Rockford Deployed Phase I and II E9-1-1 Gaylord, Negaunee, and Rockford Consolidated and Closed Centers Bay City, Paw Paw and Rockford

Department of Natural Resources Law Division 1998 Present Build Report All Poaching (RAP) Room Dispatch 5 Console Positions Deployed a Private Radio Network 150 Low Band Modems 28 Tower State Wide CAD / LEIN Application FleetTrac Mobile Client

Michigan Public Safety Communication System 2004 Upgrade 6.5 Platform Upgrade added Integrated Voice and Data (IV&D) Premier MDC Message Switch Installed 70 IV&D Devices Deployed Van Buren County Sheriff MSP Paw Paw and South Haven Bangor, Decatur, Hartford, Lawton, etc.. Required Background Check

Department of Information Technology (DIT) 2001 Executive Order creating Department of Information Technology 2010 merged DIT and the Department of Management and Budget, creating the Department of Technology, Management and Budget

Department of Technology, Management and Budget Enterprise Architecture Team Team of subject matter experts Review Deny/Approve Solution Assessments Review to reduce State supported solution Review law compliance Review policy compliance Review for Industry Standard Document Technology Road Maps (Life Cycle) Host Technology / Vendor Spotlights

Department of Technology, Management and Budget Infrastructure Service Request Review ISR / Assign Resource Technical Services Server OS/Hardware Configuration Deploy Physical and Virtual Servers Harden Operating Systems Scan Server for Vulnerabilities Quarterly Operating System Patching Provide Solutions for Non Standard Applications

Department of Technology, Management and Budget Telecom Manage SoM Networks, To Locals, Courts, Vendors Firewall Management Implement approved Firewall Rules Manage CBDS / VPN Manage RSA SecurID Appliances

Department of Technology, Management and Budget Michigan Cyber Security (Office Enterprise Security) Approve / Audit Firewall Rule Document Risk (DIT-170) Data Classification Audit Vulnerability Server Scan Monitor Network Security

Department of Information Technology Office of Automation Manage Anti-Virus Appliances Hard Disk Encryption Manage Client Computer Patch Client Computers Active Directory

Cellular Goals Coverage M-55 and South Review New Technologies Become Carrier Agnostic Leverage SoM Infrastructure

Cellular Carrier Spotlights Technology Spotlight Gathered High Level Requirements Created and Sent Request for Product Presentation and Presentation Cover letter to Vendors Product Presentation Invited End Users, Enterprise Security, Telecom, Enterprise Architecture Limited to 90 Minute Presentation Attending Personal Evaluated each Vendor on presentation and technology

Cellular Deployment AT&T Mobility APN Already Existed Static Addressing Refresh AT&T Private APN to SoM Network Request New Firewall Rule

Cellular Deployment Verizon Wireless Vendor Gateway to Gateway DHCP Address Multiple APN and Address Spaces

Wi-Fi Goals Leverage SoM Infrastructure Access Point already deployed SoM / Internet Access Controls In place Support Model Ability to Roam SoM AP w/o User Intervention Future Public Access Points Issues Support ability User Rights Terms and Use

Wi-Fi Telecom / Enterprise Security Developed Network Design Question Sent to FBI for clarification Define User (Law Enforcement Only) Michigan State Police DNR Law Division Deployment Pilot Solution Assessment Two Site Pilot (Training Academy / MDOT Grand Rapids Document Risk (DIT-170) Pilot to Production Solution Assessment

Private Radio Network Goals State Wide Data Coverage Design to Include Inter operability to Public Safety Agencies at all levels of government Plan for Future Data Technologies FirstNet

Mobile VPN Goals Relative ease/difficulty of product use for a typical end user Method of Security Support for Mobile wireless Centralized management Scalability Compatibility with typical systems/applications

Mobile Virtual Private Network (VPN) Spotlights Technology Spotlight Gathered High Level Requirements Created and Sent Request for Product Presentation and Presentation Cover letter to Vendors Product Presentation Invited End Users, Enterprise Security, Telecom, Enterprise Architecture Limited to 90 Minute Presentation Attending Personal Evaluated each Vendor on presentation and technology

NetMotion Implementation Pilot Deployment Network Firewall Rules AT&T APN 1 Server DMZ, 2 Servers High Zone NTLM Authentication for Client 3 rd Party Vendor Verify NetMotion Configuration Pilot to Product Started Roll Out to Post Password Management County CAD s

NetMotion Regional Policing Plan MSP Regional Policing Plan Server OS Refresh Deployed RSA SecurID (1500 MSP) Increase Subnet Size Added Wi-Fi Added Verizon Future Web Access NetMotion Client s added Advanced Authentication DMZ Mobility Server s added Advanced Authentication

Computer / Mobile Devices Clients MSP Clients Joined to MSP Domain DNR Clients Joined to SoM Domain Deployed with NetMotion Mobile VPN McAfee Endpoint Hard Disk Encryption Symantec Endpoint Protection Antivirus and Antispyware Protection Proactive Treat Protection Network Threat Protection Network Access Control Security Patch and Updates pushed with SCCM

MagStripe Readers Devices Requirements AAMVA Standards Driver Licenses Standard Format of Information Magnetic Strip 2-D Bar Code 3-D Bar Code Human Interface Device (HID) Format Bio-Key Code Support HID Premier MDC Code Modified to Support HID

Cellular Hardware Cellular Hardware Gobi Sierra Wireless Modems Blue Tree

Mobile Applications - LEIN Mobile LEIN Existing Licensed Client Bio-Key Mobile Cop Motorola Premier MDC Requirements CJIS 5.0 Compliance (Draft) MPSCS IV&D and Cellular Networks Compared Functionality Deployment Application Installed / Server Hardened Application Hardened

Mobile Application - Web Apps / Resources Internet Explorer Internet Apps / Resources Intranet Apps / Resources Officer Daily MSP Web MiCJIN Portal Setting Network Access Controls Intranet Access via SoM managed Firewall s Internet Access via Proxy / Blue Coat WebSense

Future Automatic Resource Locator Remote Monitor and Configuration Mobile Devices FirstNet (Public Safety LTE) BlueTooth Reduction of User Logins Dispatch Centers

Closing Where is the State heading with implementing a solution that locals can use? Would this be only 800MHz users or other local connections (i.e. cellular to their county)? What is the solution, how do agencies find out more info etc.

Question and Answers Randy Williams Engineering Services - Office of Michigan s Public Safety Communications System Department of Technology, Management and Budget 4000 Collins Road Lansing, MI C: (517) 336.6345 williamsr14@michigan.gov Jerry Nummer Engineering Services - Office of Michigan s Public Safety Communications System Department of Technology, Management and Budget 8650 Algoma Ave NE Rockford, MI C: (616) 240.1585 nummerj@michigan.gov