Tk20 Network Infrastructure



Similar documents
Fifty Critical Alerts for Monitoring Windows Servers Best practices

Introduction of Intrusion Detection Systems

SITECATALYST SECURITY

Security Policy JUNE 1, SalesNOW. Security Policy v v

8 Steps for Network Security Protection

8 Steps For Network Security Protection

ITIL A guide to Event Management

Retention & Destruction

Designing a security policy to protect your automation solution

Network monitoring systems & tools

OMNITURE MONITORING. Ensuring the Security and Availability of Customer Data. June 16, 2008 Version 2.0

Free Network Monitoring Software for Small Networks

Network Management System (NMS) FAQ

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Introduction to Network Monitoring and Management

Chapter 8 Monitoring and Logging

Lab Configure IOS Firewall IDS

Hosted Testing and Grading

Protecting Critical Infrastructure

ITIL A guide to event management

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

Monitor all of your critical infrastructure from a single, integrated system.

KeyLock Solutions Security and Privacy Protection Practices

Technical Overview CM-2 Climate Monitor. Get yours direct at:

Norton Personal Firewall for Macintosh

HMS Industrial Networks

Chapter 4 Managing Your Network

Network Monitoring with SNMP

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

Network Services Internet VPN

WhatsUp Gold vs. Orion

Network Router Monitoring & Management Services

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

TS-301 Case Project Shaun DeRosa

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Configuring SNMP Cisco and/or its affiliates. All rights reserved. 1

Best Practices For Department Server and Enterprise System Checklist

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

IP Telephony Management

WhatsUp Gold v11 Features Overview

mbits Network Operations Centrec

How To Set Up Foglight Nms For A Proof Of Concept

74% 96 Action Items. Compliance

Network Monitoring with SNMP

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Network Management Deployment Guide

PART D NETWORK SERVICES

State of Texas. TEX-AN Next Generation. NNI Plan

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Name. Description. Rationale

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Network Management & Monitoring Overview

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Recommended IP Telephony Architecture

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

TNT SOFTWARE White Paper Series

INTRUSION DETECTION SYSTEMS and Network Security

Features Overview Guide About new features in WhatsUp Gold v14

RUGGEDCOM NMS. Monitor Availability Quick detection of network failures at the port and

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

SECURITY DOCUMENT. BetterTranslationTechnology

Network Management and Monitoring Software

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary

redcoal SMS for MS Outlook and Lotus Notes

Managing Central Monitoring in Distributed Systems

SapphireIMS 4.0 BSM Feature Specification

Firebox X550e, Firebox X750e, Firebox X1250e Firebox X5500e, Firebox X6500e, Firebox X8500e, Firebox X8500e-F

Report of Independent Auditors

OpManager MSP Edition

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Managed Security Services

Technical Overview CM-16 Climate Monitor. Get yours direct at:

The new services in nagios: network bandwidth utility, notification and sms alert in improving the network performance

Managed Service Plans

Industrial Security Solutions

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

AKCess Pro Server Management Software

Service Descriptions

WhatsUp Gold v11 Features Overview

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

Firewall VPN Router. Quick Installation Guide M73-APO09-380

join.me architecture whitepaper

Top 3 Issues and Questions (in Network Monitoring!) Developing a Network Monitoring Architecture! infotex. Dan Hadaway CRISC Managing Partner, infotex

Configuring Security for FTP Traffic

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

A Guide to New Features in Propalms OneGate 4.0

Network Monitoring and Management Introduction to Networking Monitoring and Management

Network Defense Tools

Transcription:

Tk20 Network Infrastructure

Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:... 4 Network Security:... 5 Firewall:... 5 Virtual Private Network:... 5 Network Scans:... 5 Intrusion Detection System:... 5 Network Architecture Diagram:... 7 Network Monitoring System:... 8 Features of the Monitoring System:... 8

Overview This document identifies the elements of the Tk20 Data center- its physical properties, network infrastructure, security and monitoring. Physical Layout The physical elements of our data center like power fail over, air conditioning, physical security and fire protection is rigorously controlled. Air Conditioning: Air conditioning to maintain a temperature range of 68-75 F is important for correct temperature and humidity to keep the servers and the internal components in good condition. At Tk20 we maintain such a system and also monitor these physical conditions using a temperature, humidity and water level sensor that can alert if any condition goes out of the accepted range. Refer to the monitoring system description on details of how any problem is handled. Backup Power: Tk20 Data Center has three phase power supply and each server is connected to at least two different phases to avoid single point failure. Personnel Security: Tk20 Data Center has restricted access to only the network administrators and support engineers at Tk20. This is achieved by using server rooms that have locked doors and monitoring of open door conditions using a closure contact detection sensor that alerts the network support engineers. Fire Prevention and Suppression: Tk20 Data Center is installed with smoke detectors to warn early about fire and in the event of a fire breakout installed gaseous fire suppression system can suppress fire faster without damaging equipment than manual extinguishers.

Network Infrastructure: Tk20 production network has a bandwidth of two bonded T1 lines (3Mbps/sec). We have three different network lines that provide redundancy of internet connection and separate out live servers from internal Tk20 network needs. All hosted servers are behind the Tk20 firewall and a secure VPN system to reduce chances of intrusion. For network security purposes we have active and passive intrusion detection software. Network Security: The components of network security at Tk20 include Firewall, Remote Access using secure Virtual Private Network, passive network scan software and active network intrusion detection system. Firewall: Each sub network in Tk20 is behind a main firewall. This firewall blocks all requests except the protocols identified on ports that are used by the application software installed on the servers hosted and the ports that are used to provide operational support by accessing the servers. Firewall rules for remote access is restricted to three IP addresses that act as relay points and these relay servers can only be accessed after connecting to secure Tk20 VPN (see below). Virtual Private Network: Any remote shell access to a server for support and maintenance by Tk20 can happen only after connecting to the secure Tk20 VPN, enabling remote server shell connections to be encrypted and not accessible to the world. Most harmful attacks to servers happen through malicious shell access to a server that is open to the world and Tk20 VPN network prevents this. VPN network is password protected and accounts are provided to internal Tk20 support engineers, passwords are changed regularly and all network access goes through relay access points that can log access details. All Tk20 servers are behind the VPN network and firewall. Network Scans: Network scan software called Nessus is used to run automated scans on all network servers to detect vulnerabilities in the operation system and application software installed on the servers. The master report is analyzed to take recommended actions to fix these vulnerabilities; these fixes include software upgrade of the operation system and third party software installed on the servers. The scan software is configured to download scan database updates to keep it up-to-date on known vulnerabilities. Intrusion Detection System: Tk20 uses Intrusion detection system software that resides on machine strategically placed to sniff on incoming and outgoing network packets. The hub to which it is

attached can smartly filter out known traffic for better performance and detect and alert malicious traffic attempts real-time based on its database which is updated automatically at a scheduled frequency.

Cisco 2610 LI NK ACT ETHERNET 0 CONSOLE AUX SLOT 0 SLOT 1 SLOT 2 PWR 0 0 0 ETH ACT 0K 1 1 1 COL Cisco 1700 SERIES ROUTER Network Architecture Diagram: T1 x2 bonded 3Mbps/sec

Network Monitoring System: Tk20 monitoring system consists of a centralized monitoring sever that runs regularly scheduled checks on hosts and services specified using external plugins which return status information to Nagios. When problems are encountered, the monitor can send notifications out to administrative contacts in Tk20 by a variety of different ways (email, instant message, SMS, etc.). Real time status information and historical logs can all be accessed via an authorized web page on the central monitoring server. Features of the Monitoring System: Tk20 central monitoring server has a lot of features that makes it a very powerful monitoring tool. Some of the major features are listed below: Monitoring of network services used by Tk20 (HTTP, PING etc) Monitoring of server resources (disk space and memory usage) Monitoring of software processes for application( java, postgresql, application access check etc) Contact notifications to Tk20 support when service or host problems occur and get resolved (via email, pager, or other user-defined method) Escalation of host and service notifications if a problem is not resolved within a configured time Scheduled downtime for suppressing host and service notifications during periods of planned outages Ability to acknowledge problems via the web interface so that Tk20 network support group is notified that someone is already working on the problem Central authorized web page for the network administrator to monitor network uptime and health of servers hosted

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information