Hoe ontwerp en realiseer je een digitale wasstraat?

Similar documents

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Joint Information Environment Single Security Architecture (JIE SSA)

Solving the Desktop Dilemma

Mitigating Information Security Risks of Virtualization Technologies

Network Segmentation

F5 NETWORKS Good, Better & Best. Patrick Heirwegh Channel Manager p.heirwegh@f5.com

Questions for Vermont Hosting RFI

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Softverski definirani data centri - 2. dio

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Netzwerkvirtualisierung? Aber mit Sicherheit!

Managed Security Services Als je het doet moet je het goed doen.

Het Dynamisch Datacenter uitgelicht. Arne Peleman

Data Center Establishment to Run the IT System in Power Utilities

SDN van start naar finish

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

VDI Best Practices with Citrix XenDesktop.

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Security in the Software Defined Data Center

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

GroupWise SMTP Infrastructure Design:

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

How To Get Atos Paas For Free

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Table of Contents. CSC CloudCompute Service Description Summary CSC 1

Secure networks are crucial for IT systems and their

Remote Voting Conference

Cloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD.

Recommended IP Telephony Architecture

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

How To Attack A Website With An Asymmetric Attack

Unified Threat Management, Managed Security, and the Cloud Services Model

Network Virtualization

Cisco IT Executive Presentation Data Center and Storage Networking

Response of bidders' queries for RFP for Hosting of Website(s) of PNB on Dedicated Server

Grant Aitken. Area Vice-President VMware Canada (B) (M)

Security Information & Event Management (SIEM)

THE REVOLUTION TOWARDS SOFTWARE- DEFINED NETWORKING

SoftLayer Fundamentals. Security / Firewalls. August, 2014

The State of Application Delivery in 2015

C a r l G o e t h a l s T e r r e m a r k E u r o p e. C a r l. g o e t h a l t e r r e m a r k. c o m

Load Balancing Lync Jaap Wesselius

Copyright 2015 VMdamentals.com. All rights reserved.

CHOOSING A RACKSPACE HOSTING PLATFORM

CompTIA Cloud+ 9318; 5 Days, Instructor-led

ExamPDF. Higher Quality,Better service!

Vendor Audit Questionnaire

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

OGH: : 11g in de praktijk

How To Extend Security Policies To Public Clouds

The growing importance of a secure Cloud environment

Securing the Cloud. A Review of Cloud Computing, Security Implications and Best Practices W H I T E P A P E R

Secure Cloud-Ready Data Centers Juniper Networks

IP Telephony Management

OPEN FOR EDUCATION. CampusNet - Managed Hosting services for Higher Education

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Application centric Datacenter Management. Ralf Brünig, F5 Networks GmbH Field Systems Engineer March 2014

Move over, TMG! Replacing TMG with Sophos UTM

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cisco ACI and F5 LTM Integration for accelerated application deployments. Dennis de Leest Sr. Systems Engineer F5

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Industrial Security for Process Automation

DNSSEC and DNS Proxying

Enterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky

KeyLock Solutions Security and Privacy Protection Practices

PCI Requirements Coverage Summary Table

Enterprise Cloud Adoption- Deployment Models, Workloads and Industry Perspective

Required Software Product List

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Running Mission-Critical Enterprise Applications in Private and Hybrid Cloud Environments

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

PROFIBUS & PROFINET Nederland PROFIBUS, PROFINET en IO-Link. Ede, 12 november 2009

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

IT Security in Banque du Liban

Data center fo the future software defined DC

Solutions as a Service N.Konstantinidis Technical Director - MNG

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

EC Council Certified Ethical Hacker V8

EMC E Exam Name: Virtualized Data Center and Cloud Infrastructure Design Specialist

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Designing Virtual Network Security Architectures Dave Shackleford

[CEH]: Ethical Hacking and Countermeasures

Transcription:

Hoe ontwerp en realiseer je een digitale wasstraat? Introductie Context Basis Browsing Hosting Conclusie & Contact

Wie zijn wij Jeroen van der Meer In IT sinds 1984 CTO Systems programming Datacenter design & Automated operations Marc Guardiola In IT sinds 1997 Lead Engineer & Manager Innovation Engineering & architecture met Linux, Networking & Security CISSP-ISSAP, CEH Outsourcing achtergrond

ASP4all Bitbrains Personeel Servers 175+ 3000+ ASP4all is gespecialiseerd in migratie, hosting en beheer van bedrijfskritische applicaties. Top 3 Bitbrains is gespecialiseerd in high performance computing en ultrasnelle levering van PoC s

Marktontwikkelingen Werkveld is veranderd van Managed Hosting naar Reputation Hosting Security technologie versnipperd Patriot Act en NSA DDoS

Context Intrusion prevention Content scanning DDoS Secured web Reverse proxy Secured zones REPUTATION Secured mail Bandwidth mgmt Secured systems Encryption Infra scaling Disaster recovery

Klant

Basis infra Public Internet Trusted partners Internal WAN DC1 DC2 Internal WAN Trusted partners Public Internet Encryption Encryption A A A External Internal Encryption A A Encryption Zonering Zonering

Zonering en componenten Zone firewall Zonefirewall Zonefirewall Zonefirewall 10G 10G 10G 10G 10G 10G 10G 10G Diensten Diensten Diensten Diensten VLAN VLAN VLAN TL2: Besloten TL2: Besloten TL2: Besloten VLAN VLANAL1: VLANBeperkt AL1: Beperkt AL1: Beperkt VLAN VLAN VLAN 11 12 13 11 12 13 11 12 13 21 22 23 21 22 23 21 22 23 31 32 33 31 32 33 31 32 33 24 25 26 27 24 25 26 27 24 25 26 27 34 35 36 37 34 35 36 37 34 35 36 37 TL1: Publiek TL1: Publiek TL1: Publiek NTP NTP NTP Mail Mail Mail Mail File Mail File Mail File Authoritative Authoritative Authoritative Authoritative Authoritative Authoritative DNS DNS DNS DNS DNS DNS Forward ProxyForward Proxy Forward ProxyForward Proxy Forward Forward Proxy Forward AV Proxy AV Proxy AV Resolving DNSResolving DNS

Scheiding Fysieke versus logische scheiding Snijverliezen, investering End-to-end logische scheiding Zone firewall Switch Compute Virtualization

Scheiding Besloten Beperkt Publiek Zone firewall 1 2 FEX A 1 1 FEX B 2 2 3 FIA FIB 16 Host ports 16 Host ports 4 4 2 1 1 2 3 1240 VIC A1 A2 B1 B2 802.1Q Trunk VN-TAG Trunk Primary path Secondary path OS / Hypervisor Visibility Portchannel 1 2 3 64 5 46 7 8 9 Portchannel 256 vnics

Scheiding FEX A 1 2 3 FIA FIB FEX B 16 Host ports 16 Host ports 4 4 2 1 1 2 1 2 3 1240 VIC A1 A2 B1 B2 802.1Q Trunk VN-TAG Trunk Primary path Secondary path OS / Hypervisor Visibility Portchannel 1 2 3 64 5 46 7 8 9 Portchannel 256 vnics FC1 FC2 NFS vswitch TL2 vswitch AL1 vswitch TL1 VLAN 1 2 3 VLAN 11 12 13 VLAN 21 22 23 Vmware VMware server 1 1 Besloten Beperkt Publiek

Design for failure

Webbrowsing CONNECT www.google.nl:443 App check ACL Blacklisting Categorize App check Anti-Virus App check Anti-Virus Anti-Malware App check Anti-Virus Anti-Malware Customer Wasstraat Internet

Mail App check DKIM SPF DMARC App check App check DKIM SPF DMARC Anti-Virus Anti-Malware Blacklisting Quarantaine App check Anti-DDoS Anti-Virus Anti-Malware Customer Wasstraat Internet

Hosting Anti-Virus Anti-Malware Anti-Vulnerability Loadbalancing WAF Caching SSL Offloading App check DDoS check Anti-Virus Anti-Malware App check Caching App check Webserver Wasstraat Internet

Conclusie: Defence in-depth! Policies, Procedures, Awareness ISO27001, ISAE3402 type II Physical Tier3+ Datacenters Perimeter Anti-DDoS, L7 Firewall / IDP Internal network WAF, Zoning/IDP, Web&Mail security Host Hardened OS & Middleware Application Standard frameworks, patched & audited Data Enterprise storage

Conclusie Een ontwerp kan sterven in schoonheid

Conclusie Maar ASP4all & Securelink hebben dit daadwerkelijk gerealiseerd! >36000 end users 400 servers 75 koppelingen met externe netwerken 70 TB raw storage Binnen budget, binnen tijd

Meer weten? Jeroen van der Meer: jmeer@asp4all.nl Marc Guardiola: mguardiola@asp4all.nl Voorbeeld klantcase: http://www.asp4all.nl/over-asp4all/klantervaringen/ ministerie-van-veiligheid-en-justitie

Bedankt voor uw aandacht!