Making Your Network Safe



Similar documents
PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

PCI v2.0 Compliance for Wireless LAN

Best Practices for PCI DSS V3.0 Network Security Compliance

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

PCI Data Security Standards (DSS)

PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

SecurityMetrics Vision whitepaper

Enforcing PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

What Every Business Should Know About PCI Compliance

IT Security Standard: Network Device Configuration and Management

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

How To Protect A Wireless Lan From A Rogue Access Point

Network Segmentation

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

PCI Wireless Compliance with AirTight WIPS

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Why Is Compliance with PCI DSS Important?

Don t Let Wireless Detour Your PCI Compliance

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

March

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

PCI DSS 3.1 and the Impact on Wi-Fi Security

PCI DSS COMPLIANCE DATA

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI COMPLIANCE Protecting Against External Threats Protecting Against the Insider Threat

Automate Key Network Compliance Tasks

White Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

Frequently Asked Questions

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

SecurityMetrics Introduction to PCI Compliance

The Business Case for Security Information Management

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, One Connection - A World of Opportunities

74% 96 Action Items. Compliance

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Josiah Wilkinson Internal Security Assessor. Nationwide

SonicWALL PCI 1.1 Implementation Guide

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Closing Wireless Loopholes for PCI Compliance and Security

Catapult PCI Compliance

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Project Title slide Project: PCI. Are You At Risk?

Accelerating PCI Compliance

United States Trustee Program s Wireless LAN Security Checklist

PCI Compliance: Protection Against Data Breaches

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

SecurityMetrics. PCI Starter Kit

Packet Filtering using the ADTRAN OS firewall has two fundamental parts:

PCI Data Security Standards

Overview of Banking Application Security and PCI DSS Compliance for Banking Applications

The Impact of HIPAA and HITECH

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

PCI Requirements Coverage Summary Table

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

How To Secure Your Store Data With Fortinet

Need to be PCI DSS compliant and reduce the risk of fraud?

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Lab Organizing CCENT Objectives by OSI Layer

Your Compliance Classification Level and What it Means

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Western Australian Auditor General s Report. Information Systems Audit Report

MEETING PCI COMPLIANCE WITH SONICWALL GLOBAL MANAGEMENT SYSTEM

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers.

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Is the PCI Data Security Standard Enough?

Using the NetVanta 7100 Series

Implementation Guide

Franchise Data Compromise Trends and Cardholder. December, 2010

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

HOW SECURE IS YOUR PAYMENT CARD DATA?

Preemptive security solutions for healthcare

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Transcription:

Making Your Network Safe Key Differentiator NetVanta Security Audit

Investing in Secure Networking Solutions is Key to Prevention It is critical that your communications network provides the security necessary for protecting your customers data and your business reputation. Everyday, businesses like yours use cyber systems to accomplish real-time tracking of supply chains, manage inventory, improve employee efficiency, ecommerce, and more. Virtually every business has calculated the positive aspects of digitalization into its immediate and longterm business plans, but is the data protected? Security breaches can be extremely costly! Can your business afford it? n Stolen customer data for identify thief n Fraudulent credit card transactions n Loss of customer confidence n Lost sales and revenue n Drop in volume of ecommerce transactions n Expensive legal settlements n Fines and penalties for non-compliance n Lower stock price 2 www.adtran.com

The NetVanta Security Audit The NetVanta Security Audit feature in the NetVanta routing and switching platforms helps you identify common security vulnerabilities in your network. This innovative tool will audit your NetVanta configuration for common security deficiencies such as default or weak user passwords, clear text TELNET access, disabled or insecure firewall settings, wireless security levels, and much more. This innovative Security Audit feature can be initiated and the results viewed from either the Command Line Interface (CLI) or the Web-based Graphical User Interface (GUI). Samples of the configuration items that will be audited: n Passwords: Audits passwords to determine if they are the safest character length, unique, contain the appropriate number of alphabetic/numeric characters, and whether encryption is enabled n Firewall and Security Policy Settings: Alerts users if firewall is disabled, if stateful inspection is disabled, checks to see if NAT is configured on Private IP interfaces, checks to see if an enabled interface has a policy-class assignment n SNMP: Verifies whether SNMPv1 or SNMPv2 access is enabled n Network Protocols: Alerts user to network protocols that allow access to the unit and are considered unsecured including HTTP, Telnet, FTP, TFTP, and HTTPs SSLv2 n Wireless Security: Alerts user if: anything but WPA2 is configured including no encryption, SSID broadcast is enabled, or a weak key is found n Session Access: If session (SSH, Console, HTTPS) timeout is set to an excessive amount of time it will recommend setting to 15 minutes or less to avoid rogue access n Time-Servers: Alerts if a time-server (SNTP or NTP) is not configured or not in-sync www.adtran.com 3

In addition, the Security Audit feature will generate a multipurpose report that lists the severity of the risk (high, medium, low), type of network vulnerability found, and a recommendation on how to fix the problem based on industry-best practices for network security. Supported Platforms NetVanta 1234/1238 NetVanta 1335 NetVanta 1534 NetVanta 1544 NetVanta 3120/3130 NetVanta 3200/3205 NetVanta 3305 NetVanta 3430/3448 NetVanta 3450/3458 NetVanta 4305 NetVanta 4430 NetVanta 5305 4 www.adtran.com **Summary** Severity Type Description LOW Banner Login/Exec banner not set HIGH Config Start-up/running-config mismatch MEDIUM Domain-lookup Enabled with no DNS server configured HIGH Firewall The fierwall is not enabled MEDIUM Interfaces Directed-broadcast enabled, eth 0/1 MEDIUM Logging Not enabled LOW Enable Password MD5 encryption is not enabled HIGH Network Protocol FTP server enabled HIGH Network Protocol HTTP server enabled HIGH Network Protocol Telenet enabled HIGH Policy-Class PRIVATE, undefined ACL HIGH Policy-Class Interfaces using default policy-class HIGH Password Duplicate Passwords HIGH Password Weak Passwords HIGH Session Timeout Telnet 0 timeout >=15 minutes HIGH Session Timeout SSH 0 timeout >=15 minutes HIGH Session Timeout HTTP timeout >=15 minutes HIGH SNMP Using SNMPv1/v2, not secure LOW TCL SCRIPTS Enabled HIGH WIFI Security not configured for WPA2 HIGH WIFI Weak or no security key found HIGH WIFI Broadcast SSID enabled

ADTRAN Brings You Security ADTRAN offers a full suite of business connectivity solutions that include inherent security mechanisms, like the innovative Security Audit feature. These security features can help you secure your network, identify vulnerabilities in relation to the network components, and allow you to become compliant with the network portions of the retail PCI Data Security Standard or for HIPPA in the field of healthcare. Visit our website today to access the latest information on securing your network. Investing in affordable networking solutions from ADTRAN can help you prevent security breaches. www.adtran.com Even though the NetVanta Security Audit will aid you in identifying possible vulnerabilities in the router, you will need to determine if the items discovered are true security failures and address any issues found. This tool does not take into account where the unit sits in the network; therefore, some items may be recorded as possible risks that are not risks once the entire network is taken into account. www.adtran.com 5

Are you vulnerable? Healthcare As a healthcare provider, your business faces increased costs and regulations from compliance with the Health Insurance Portability and Accountability Act (HIPAA) to government mandates for the adoption of Electronic Health Records (EHRs). That s why it is critical for businesses, like yours, to implement and maintain a best-in-class healthcare IT solution. ADTRAN offers a broad range of secure, converged voice and data network communication solutions that fully support HIPAA requirements and EHR implementations while keeping your costs under control. 6 www.adtran.com Financial The risk for identity thefts continues to grow as hackers increasingly target financial institutions with the intent to obtain administrative passwords and Personal Identifiction Numbers (PINs). Hackers not only steal confidential personal information that can be sold for malicious intent, but they can quickly verify account balances, increase balance limits, and create counterfeit credit and debit cards. As a financial service provider, your business is held accountable for keeping customer data source. ADTRAN can help our innovative, high-performance networking solutions mitigate your security risks and keep you and your customers secure.

Retail Whether your business processes only a few credit card transactions each month or many thousands, without the correct security mechanisms in place your business is at risk of becoming a target for a security breach. In response to merchant data breaches during the last several years, the Payment Card Industry (PCI) Security Standards Council (SSC) has developed a stringent set of requirements called the Data Security Standard (DSS) to help retailers secure credit and debit card transactions. To comply with the PCI DSS, a merchant who stores, processes, or transmits the Primary Account Number (PAN) for credit or debit cards must adhere to a stringent set of requirements. ADTRAN s security solutions adhere to PCI requirements, keeping your business protected and helping you achieve compliance. Education Technology helps break down geographic barriers and facilitates global communications for interaction and learning at all levels of the education system. It also introduces the liability of security breaches. A cost-effective, high-performing, secure voice and data network solution from ADTRAN is key to successfully implementing effective technology applications that create a more meaningful learning environment. www.adtran.com 7

ADTRAN, Inc. Attn.: Enterprise Networks 901 Explorer Boulevard Huntsville, AL 35806 800 9ADTRAN www.adtran.com Pre-Sales Technical Support 800 615-1176 application.engineer@adtran.com www.adtran.com/support Post-Sales Technical Support 888 423-8726 (888-4ADTRAN) support@adtran.com www.adtran.com/support ACES Installation & Maintenance Services 888 874-ACES aces@adtran.com www.adtran.com/support EN1396A August Copyright 2010 ADTRAN, Inc. All rights reserved. ADTRAN believes the information in this publication to be accurate as of publication date, and is not responsible for error. Specifications subject to change without notice. ADTRAN is a registered trademark of ADTRAN, Inc. and its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information