Secure Network Access Solutions for Banks and Financial Institutions. Secure. Easy. Protected. Access.



Similar documents
Cloud Management. Overview. Cloud Managed Networks

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer

Global Headquarters: 5 Speen Street Framingham, MA USA P F

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Cisco Virtual Office Express

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

VPN. Date: 4/15/2004 By: Heena Patel

The Next Generation Network:

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

Enterprise Solutions. Solutions for Enterprise Customers Data, Voice, Security. Get Started Now: to learn more.

PCI Solution for Retail: Addressing Compliance and Security Best Practices

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Recommended IP Telephony Architecture

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

Business Continuity White Paper

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Navigating Endpoint Encryption Technologies

WHITE PAPER SECURING DISTRIBUTED ENTERPRISE NETWORKS FOR PCI DSS 3.0 COMPLIANCE

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

SCADA SYSTEMS AND SECURITY WHITEPAPER

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

VoIP Reliability in Managed Service Deployments

Cloud Management. Overview. Cloud Managed Networks

Clean VPN Approach to Secure Remote Access for the SMB

We Prevent Breaches (and surprises) Intelligent Prevention

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Design and Implementation Guide. Apple iphone Compatibility

VoIP Survivor s s Guide

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

MaaS360 Mobile Service

High speed Ethernet WAN: Is encryption compromising your network?

Building Robust Security Solutions Using Layering And Independence

WAN Failover Scenarios Using Digi Wireless WAN Routers

TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents

network infrastructure: getting started with VoIP

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

Truffle Broadband Bonding Network Appliance

Rohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests

Cisco Unified Access Technology Overview: Converged Access

Virtual Privacy vs. Real Security

Fundamentals of Network Security Graphic Symbols

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies

1.264 Lecture 37. Telecom: Enterprise networks, VPN

Secure Network Design: Designing a DMZ & VPN

Deploying Firewalls Throughout Your Organization

Protecting VMs in a Multi-Tenancy Environment

Monitoring Remote Access VPN Services

Security & Encryption

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Latest IT Exam Questions & Answers

Zone Labs Integrity Smarter Enterprise Security

ADVANCED NETWORK CONFIGURATION GUIDE

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

SecureAge SecureDs Data Breach Prevention Solution

Cisco Wireless Security Gateway R2

Did you know your security solution can help with PCI compliance too?

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

WAN Traffic Management with PowerLink Pro100

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Best Practices for Secure Remote Access. Aventail Technical White Paper

Building A Secure Microsoft Exchange Continuity Appliance

SANS Top 20 Critical Controls for Effective Cyber Defense

Introduction. Technology background

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

IINS Implementing Cisco Network Security 3.0 (IINS)

Voice over IP Basics for IT Technicians

Module 1: Facilitated e-learning

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Payment Card Industry Data Security Standard

Eliminating the cost and complexity of hardware controllers with cloud-based centralized management

That Point of Sale is a PoS

Cisco IOS Firewall. Scenarios

Everything You Need to Know About Network Failover

Security Controls What Works. Southside Virginia Community College: Security Awareness

Using Omnisec 422 and 423 IP Encryptors Over BGAN

Transcription:

Secure Network Access Solutions for Banks and Financial Institutions Secure. Easy. Protected. Access.

Cybersecurity A Growing Concern for Banks The banking sector is shifting from using closed, proprietary systems for its network operations to using open systems that facilitate interaction with customers, branch offices, third party administrators, auditors, and Enterprises currently face an 80% employees working from remote locations. New probability of a successful network network innovations such as cloud-based attack costing almost $6 million to applications, wireless networking, customer remediate. kiosks, and mobile devices introduce a new level Ponemon Institute Studies of complexity in the various ways they interact. This complexity increases security vulnerabilities such as unauthorized access, malware attacks, and hacking. Customers demand convenient access to their account information and instant transaction processing, but they also want assurance that their information is secure. Banks collect, store and transmit vast amounts of nonpublic personal information and their networks are prime targets for fraudulent activity. A successful attack poses financial risk to a bank with the added risk of negative publicity that damages reputation. Bank network and security administrators face increasing pressure to provide fast, reliable access to sensitive information while protecting it, creating the potential for tradeoffs between performance and security. Banks and depository institutions are periodically required to demonstrate compliance with legal and regulatory requirements for network security, such as the Federal Financial Institutions Examination Council (FFIEC), the Gramm-Leach-Bliley Act of Regulatory Compliance Adds Network Security Requirements. 1999 (GLBA), the Sarbanes-Oxley Act of 2002, and, for credit unions, the NCUA's Information Technology Plan. What many of these regulatory provisions have in common is a mandate to establish a security plan, processes, and procedures to ensure that only authorized users have access to sensitive data and are engaged in permitted activities. Bank fiduciaries and network administrators need to demonstrate best-in-class practices for meeting these requirements while minimizing network overhead and the burden of compliance. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 2

Blue Ridge Networks A Proven Cybersecurity Architecture Blue Ridge provides solutions for banks and their network administrators for trusted remote access to enterprise networks. Blue Ridge s cybersecurity architecture offers an Blue Ridge has never had a reported vulnerability of its solutions. unmatched suite of reliable, scalable, certified, easy-to-install, and affordable solutions that enable secure access to network resources with protection and control of endpoints. For more than 15 years, Blue Ridge has successfully protected networks worldwide for government agencies and business enterprises in banking, retail, healthcare, energy, and industry. The Blue Ridge s cyber security architecture locks down networks, preventing unauthorized access and protecting against malicious code (malware), data leakage, and network attacks while allowing full and easy use of enterprise network operations. The Blue Ridge security approach establishes trust in a company s core infrastructure and then extends that trust to each network tunnel, LAN, remote device, computer, employee, and authorized agent. U.S. Government penetration testing has reported no vulnerabilities in the architecture and there never been a reported penetration of Blue Ridge s solutions. The Blue Ridge architecture uses patented technologies, trade secrets, and best practices that have delivered security and operational efficiencies previously thought unattainable. It is compatible with major vendor Blue Ridge Certifications Include: services such as Microsoft, Linux, Cisco, Apple, FIPS 140-2 level 2 Blackberry, and Citrix. Security software HSPD-12, PIV compliant operates at Layer 2 and is transport layer FISMA 2010 agnostic, operating with all wire and wireless Extended RSA keys transmission modes: 802.XX, ATM, LTE, MPLS, IEEE 802.1Q VLAN Frame Relay, 3G/4G, Wi-Fi, GSM, and satellite. Blue Ridge s approach is service and network agnostic deployment does not require either user or administrator interventions for deployment. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 3

Network Security Design Configurations Blue Ridge s architecture provides banks with secure network access over the public internet. The Blue Ridge Project Manager works with the bank s administrator to determine the configuration of the Managed Services BorderGuard or Compact No capital outlay BorderGuard, and to create the Pre-configured network security equipment required policies for each user or groups Easily configurable Enterprise policies of users. 24x7x365 monitoring and helpdesk Bring your own bandwidth Once the BorderGuard infrastructure Managed Data Centers available (single or redundant) is in place, the Blue Ridge team works with the bank s administrator to manage, monitor, and audit information. Installation is easy because the system wraps the existing IT infrastructure and requires no network configuration changes. Bank Data Center Protection Need: Banks require access security for Primary and optional Disaster Recovery Data Centers. Solution: The BorderGuard family provides banks with secure devices for Primary and optional Disaster Recovery Data Centers, all with built-in redundancy and automatic fail-over. Placing a BorderGuard in a Data Center hosted by either the Bank or Blue Ridge allows secure, redundant access to bank records and data. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 4

BorderGuard Redundancy BorderGuards and Compact BorderGuards can be grouped in pools to provide automatic failover for remote access connections. These pools can be random to provide for load-spreading, or ordered to force the connection to one BorderGuard or a pool of BorderGuards. BorderGuards can be located in different areas and still be pooled for connections. The figure on the right illustrates the pooling of BorderGuards to provide automatic failover for remote access. Master Pool - Ordered Pool 1 selected first; if not available, automatically fails over to Pool 2 Extend Architecture to Branches and ATMs Need: Banks require access to branches and ATM machines from a Headquarters site or Data Center. Solution: The BorderGuard architecture provides banks with secure devices for all sites: headquarters, branches, ATMs, and Data Centers. A Compact BorderGuard enables secure sessions between headquarters and branches along with ATMs, which are protected by RemoteLinks, and can interface directly with a BorderGuard device in a Data Center. All communications are secure. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 5

Extend Solution to Mobile Workforce and Teleworkers Need: Personnel need to telework securely, and budget cuts may necessitate using legacy equipment. In addition, mobile workers need trusted connectivity from nonsecure facilities and the internet. Solution: EdgeGuard provides a completely isolated desktop, crypto engine and network access for a secure session from a PC anywhere, with no data or residue left behind and no chance of malware intrusion. Boot EdgeGuard is bootable device, and Virtual EdgeGuard is a software installation completely isolated from the PC. EdgeGuard Client enables individuals to access the enterprise network from any remote location, creating a secure session without exposing the network to malware or intrusion. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 6

Extend Solution to Enterprise Customers Accessing Bank Network Need: Corporate customers require secure access to their data within the bank. Solution: Banks can provide either a Boot or Virtual EdgeGuard device to corporate customers to allow secure access to their financial data while preventing malware incursion and data leakage. Alternatively, a BorderGuard RemoteLink can enable a remote site or user to securely connect to the bank s Data Center. Blue Ridge can also provide Thin Client terminals to provide secure remote access. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 7

Frequently Asked Questions (FAQs) How do I know my data is secure? Blue Ridge solutions define a strict closed network for communication among trusted elements of an organization s IT infrastructure. At each point of entry to a secured network, there is a Blue Ridge hardware appliance with at least two physical Ethernet ports. One port connects to the trusted network or device. The other port connects to the untrusted network (typically internet). The appliance enforces 100% separation between these ports with the following policy: a. The only data that can move from the inside (trusted port) to the outside port has been fully encrypted and is addressed to another Blue Ridge Networks appliance that is part of the customer s closed network. b. The only data that moves from the outside port to the inside port is data that was successfully decrypted and authenticated as having originated from another Blue Ridge appliance that is part of the customer s closed network. Authentication of arriving data is based upon unique RSA public-key certificates issued for each Blue Ridge appliance. c. At no time does customer data touch the untrusted network. Customer data never shares any switches or buffers with any other customer data. How affordable is the Blue Ridge architecture? Symantec s 2011 Annual Study: U.S. Cost of a Data Breach, released in March 2012, states that data breaches continue to have serious financial consequences, with an average organizational cost per data breach at $5.5 million, and the cost per compromised record approaching $200. Well-meaning insiders and malicious attacks are the main causes of data breaches. The Blue Ridge architecture protects against malware and data leaks, thereby reducing the potential of high costs of remediating a successful attack and generating operating savings. In addition, Blue Ridge solutions can bring efficiencies into an enterprise, including cloud-based operations and secure remote access. The Blue Ridge architecture is easy to deploy, and overlays the organization s existing infrastructure with minimal disruptions. What options does Blue Ridge provide for redundancy? Blue Ridge solutions are not restricted to any specific network carrier, enabling them to bring network diversity and a higher level of redundancy to customer networks. Blue Ridge can auto-fail to another provider if one provider s network goes down. Network diversity can extend to the last mile. Instead of the backup network running over the same copper wire as the primary network, backup can be provided via 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 8

inexpensive cable coaxial to provide a truly diverse path. For those that want to go the extra mile, the BorderGuard system can also work over fixed wireless or VSAT. Will my VoIP and other bandwidth-intensive applications work? Blue Ridge fully supports Quality of Service (QoS) demands of advanced voice, video, and data applications. Our experience is that the biggest reason for the lack of quality in VoIP is insufficient or oversubscribed bandwidth. Blue Ridge enables its customers to secure more bandwidth by using DSL or cable at a lower cost than a T1. And because Blue Ridge encryption is Layer 2, it adds very little overhead to each packet. What are the logging capabilities? BorderGuard with Management Console logging capabilities are as follows: IP incoming IP assigned by DHCP Time connect and disconnect MAC address of the remote device Packets in/out during session Bytes in/out during session Which BorderGuard connected to (in the case of multiple BorderGuards) Management plane tunnel statistics User account changes for IP address, permissions, lockout, etc. Any regular admin actions, e.g., BorderGuard up/down, failures, power up/down, administrator privilege changes, etc. Authentication failure attempts, e.g., key length failures, mismatches. What are the Bandwidth requirements? There is no lower limit on bandwidth requirements, but there can be a practical limit based on the user experience. Upper bandwidth requirements are determined by how many BorderGuards are used (BorderGuards are stackable with 1,500 concurrent users per BorderGuard pool, and 200 BorderGuards per Management Console). Users of the Blue Ridge architecture often realize increases in bandwidth efficiency, some as high as 50% more throughput over the same bandwidth. Due to the Layer 2 approach, the BorderGuard generally has smaller packet overhead compared to Layer 3 systems. What standard does the BorderGuard use to create the secure VPN tunnel through the public IP network? BorderGuard solutions use a proprietary variant of IPsec ESB tunnel mode with a security enhanced IKE to create the Layer 2 tunnels. This variant is immune to all known attacks on IPsec and IKE. 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 9

Are Blue Ridge solutions compatible with IPv6? BorderGuard Clients, BorderGuard RemoteLinks and EdgeGuard solutions consist of operating systems and applications that support IPv6 transfer over ISP/Internet IPv4 networks. The IPv6 traffic is transferred via secure Layer 2 tunnels through BorderGuards into the enterprise intranet. Efforts are underway to update FIPS certifications for Blue Ridge products to include the new BorderGuard 7 series devices. With an operating system based on Linux, the BorderGuard 7 series is fully IPv6- capable, and can send tunneled IPv4 and IPv6 traffic through ISP/Internet IPv6 networks. Contact Information For further information, please contact: David Natelson, President of Nasatka Security 1101 Channelside Drive, STE 301 Tampa, FL 33602 727-215-4078 david.natelson@nasatka.com 2013 Nasatka Security & Blue Ridge Networks. All Rights Reserved. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information