Cryptographically Isolated Virtual Networks
|
|
- Arthur Byrd
- 5 years ago
- Views:
Transcription
1 Cryptographically Isolated Virtual Networks A Community of Interest Approach SecTor 2013 Rob Johnson, Distinguished Engineer Unisys
2 Agenda Who am I? What is the issue? What are Secure COIs? How do Secure COIs work? How do Secure COIs help? What did I say? 2013 Unisys Corporation All rights reserved Page 2
3 Crypto COIs Who Am I? Rob Johnson, Distinguished Engineer, Unisys 32 years with Unisys about average for Unisys engineers Same company, different jobs Current Jobs Chief Architect Unisys Stealth program Security Architect, Unisys Secure Private Cloud program Security Architect, Unisys Forward! program What I do Architecture Products, services, solutions, protocols, design analysis, Evangelism Conferences, customers, whitepapers, 2013 Unisys Corporation All rights reserved Page 3
4 Crypto COIs What Is The Issue? Competing Trends Networks are getting fewer and flatter 2013 Unisys Corporation All rights reserved Page 4
5 Crypto COIs What Is The Issue? Competing Trends Networks are getting fewer and flatter Regulations are getting more numerous and tighter 2013 Unisys Corporation All rights reserved Page 5
6 Crypto COIs What Is The Issue? Competing Trends Networks are getting fewer and flatter Regulations are getting more numerous and tighter Technology Outruns Bureaucracy 2013 Unisys Corporation All rights reserved Page 6
7 Crypto COIs What Is The Issue? Maybe the World Really Is Flat! LANs => VLANs Hardware Switches => vswitches VLANs => SDNs (Software Defined Networks) vswitches => Clouds IPv4 => IPv6 PSTN => VoIP BYOD Remote access from unmanaged PCs Employee laptops inside the firewall Phones and Tablets Mobile malware grew by 614% % of BYOD enterprises have had a BYOD-related data breach 2 1: Juniper Networks 2: Decisive Analytics 2013 Unisys Corporation All rights reserved Page 7
8 Crypto COIs What Is The Issue? Private Information Must Be Protected Personally Identifiable Information (PII) Personal financial information (PCI DSS) Corporate financial information (US: SOX) Healthcare information (US: HIPPA) Governmental information (US: FISMA/FedRAMP) Data jurisdictions Regulations Are Similar, But Different Isolation of in-scope systems Segmentation of networks connecting in-scope systems Traditional: Physical Emerging: Cryptographic 2013 Unisys Corporation All rights reserved Page 8
9 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other 2013 Unisys Corporation All rights reserved Page 9
10 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) 2013 Unisys Corporation All rights reserved Page 10
11 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) Network Virtualization Cryptographically enforced 2013 Unisys Corporation All rights reserved Page 11
12 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) Network Virtualization Cryptographically enforced Topology agnostic 2013 Unisys Corporation All rights reserved Page 12
13 Secure COIs What Are They? Community of Interest (COI) Members of a COI can communicate with each other Non-members can not communicate with members (unless explicitly allowed) Network Virtualization Cryptographically enforced Topology agnostic Identity-Based Users authorized as COI members My set of COIs defines my virtual network 2013 Unisys Corporation All rights reserved Page 13
14 Secure COIs What Are They? Dynamic Mesh of Secure Endpoints Point-to-point tunnels Pre-tunnel COI membership agreement FIPS (or local equivalent) cryptography Protocols Multi-factor user authentication Secure user COI authorization Network tunneling protocol Standard IPsec Pre-IKE COI agreement protocol Proprietary 2013 Unisys Corporation All rights reserved Page 14
15 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Id Mgmt Svr 2013 Unisys Corporation All rights reserved Page 15
16 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A COI-A holds traffic until a point-to-point tunnel is established Server-A Id Mgmt Svr 2013 Unisys Corporation All rights reserved Page 16
17 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Id Mgmt Svr Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership 2013 Unisys Corporation All rights reserved Page 17
18 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Id Mgmt Svr Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key 2013 Unisys Corporation All rights reserved Page 18
19 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key Id Mgmt Svr Client-1 validates Server-A s key and sends back its ECDH key 2013 Unisys Corporation All rights reserved Page 19
20 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key Id Mgmt Svr Client-1 validates Server-A s key and sends back its ECDH key Server-A and Client-1 have agreed on a shared secret which they use to establish an IPsec tunnel 2013 Unisys Corporation All rights reserved Page 20
21 Secure COIs How Do They Work? Alice Logs Onto Client-1 Alice s credentials are authenticated Alice s Role is determined Alice s membership in COI-A is authorized Alice Browses to Server-A, which is also a member of COI-A Server-A COI-A holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-A membership Server-A accepts COI-A and returns ECDH key Id Mgmt Svr Client-1 validates Server-A s key and sends back its ECDH key Server-A and Client-1 have agreed on a shared secret which they use to establish an IPsec tunnel Traffic between Client-1 and Server-A flows through the IPsec tunnel 2013 Unisys Corporation All rights reserved Page 21
22 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Id Mgmt Svr Server-A 2013 Unisys Corporation All rights reserved Page 22
23 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Id Mgmt Svr 2013 Unisys Corporation All rights reserved Page 23
24 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established 2013 Unisys Corporation All rights reserved Page 24
25 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-B membership 2013 Unisys Corporation All rights reserved Page 25
26 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-B membership Server-A rejects COI-B and siliently drops Client-1 s request 2013 Unisys Corporation All rights reserved Page 26
27 Secure COIs How Do They Work? Alice Logs Off Client-1 Tunnel to Server-A is terminated Alice s COI membership is forgotten Bob Logs Onto Client-1 Bob s credentials are authenticated Bob s Role is determined Bob s membership in COI-B is authorized Server-A Id Mgmt Svr Bob Browses to Server-A, which is not a member of COI-B COI-B holds traffic until a point-to-point tunnel is established Client-1 securely advertises COI-B membership Server-A rejects COI-B and siliently drops Client-1 s request Client-1 times out the request and discards traffic to Server-A 2013 Unisys Corporation All rights reserved Page 27
28 Secure COIs How Do They Help? Identity-Based Network Virtualization COIs grouped into Roles for access control Managed through IdMS No network infrastructure changes Regulatory Compliance Identity-based authentication Separation of duties Role-based authorization Network traffic is encrypted In-scope resources are segregated, maybe Dark Endpoints No access allowed from outside COI Mitigates malware exposure, including from BYOD devices 2013 Unisys Corporation All rights reserved Page 28
29 Secure COIs Summary Two Colliding Trends Flattening/virtualization of networks Increasingly tight security controls 2013 Unisys Corporation All rights reserved Page 29
30 Secure COIs Summary Two Colliding Trends Flattening/virtualization of networks Increasingly tight security controls Secure COIs Identity/Role-based COI membership, ie access control Isolation/segregation of critical resources Cryptographically enforced dynamic mesh 2013 Unisys Corporation All rights reserved Page 30
31 Cryptographically Isolated Virtual Networks A Community of Interest Approach Questions? Contact: Rob Johnson RobertJohnson@unisyscom 2013 Unisys Corporation All rights reserved Page 31
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationConsolidated Hygiene and Encryption Service E-Hub. Slide 1
Consolidated Email Hygiene and Encryption Service E-Hub Slide 1 Agenda E-Hub Service Overview E-Hub Benefits & Features E-Hub Rates and Implementation Microsoft FOPE Overview Demo Questions Slide 2 2 OTECH
More informationChoosing the level that works for you!
The Encryption Pyramid: Choosing the level that works for you! Eysha S. Powers eysha@us.ibm.com IBM, Enterprise Cryptography Extensive use of encryption is one of the most impactful ways to help reduce
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationCloud-Based Data Security
White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,
More informationClearPath OS 2200 System LAN Security Overview. White paper
ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationUser-to-Data-Center Access Control Using TrustSec Design Guide
CISCO VALIDATED DESIGN User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 REFERENCE NETWORK ARCHITECTURE Table of Contents About This Document... 1 Cisco TrustSec Overview... 2
More informationSecuring the Corporate WLAN in a Healthcare Regulated Organization
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Securing
More informationPulse Policy Secure X Network Access Control (NAC) White Paper
Pulse Policy Secure 802.1X Network Access Control (NAC) White Paper Introduction The growing mobility trend has created a greater need for many organizations to secure and manage access for both users
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationSecuring Institutional Data in a Mobile World
University of Wisconsin Madison Securing Institutional Data in a Mobile World July 13, 2017 Securing Institutional Data in a Mobile World / Agenda 01 What is a mobile device? 02 Protecting institutional
More informationSD-WAN 101. November 3 rd 2016 Rob McBride Marketing
SD-WAN 101 November 3 rd 2016 Rob McBride Marketing Email: rob@viptela.com Twitter: @digitalmcb Industry trends impacting networking Cloud Mobile Social 2 Today s WAN is challenged to keep up Complex Operations
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationCompliance Audit Readiness. Bob Kral Tenable Network Security
Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationNetwork Access Control
Network Access Control It is about saying YES! to BYOD but staying on control Jan Michael de Kok Sales Engineering Manager Caribbean & Central America Realities of Smart Devices, Like It Or Not A new device
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationMapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd
Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationThe Device Has Left the Building
The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use
More informationMitigating Cybersecurity Risk with Hyper-Segmentation
Mitigating Cybersecurity Risk with Hyper-Segmentation Session 46, February 20, 2017 Eric Miller, Sr. Director, Ascension Information Services Paul Unbehagen, Chief Architect, Avaya 1 Speaker Introduction
More informationKey Management in a System z Enterprise
IBM Systems IBM z Systems Security Conference Business Security for today and tomorrow > 27-30 September Montpellier Key Management in a System z Enterprise Leo Moesgaard (lemo@dk.ibm.com) Manager of IBM
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationLink Security Considerations in the. Enterprise
Link Security Considerations in the Mahalingam Mani 1 Security in Brief Point Security System Protection: beyond standards Servers upto application level Layer 2 & 3 Network Devices Perimeter Protection
More informationIntroducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN
Avaya-FatPipe Solution Overview Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN The Avaya SDN-Fx and FatPipe Networks solution provides a fabric-based SDN architecture for simplicity
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationPCI DSS and the VNC SDK
RealVNC Limited 2016. 1 What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) compliance is mandated by many major credit card companies, including Visa, MasterCard, American Express,
More informationWelcome to the Jungle: (If we act like prey, they ll act like predators)
Welcome to the Jungle: (If we act like prey, they ll act like predators) Chris Hoke April 6, 2017 www.siriuscom.com 4/4/2017 1 Agenda Who I am Basics of information security Target rich environment Defend
More informationGEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:
Advanced Compliance Enforcement for Healthcare Presented by: December 16, 2014 Adam Winn GEARS Product Manager OPSWAT Kevin Mayer Product Manager ForeScout Agenda Challenges for the healthcare industry
More informationCisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design
White Paper Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Emerging IT technologies have brought about a shift from IT as a cost center to IT as a business driver.
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationBest Practices for Extending the WAN into AWS (IaaS) with SD-WAN
Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN Ariful Huq Product Management @arifulhuq & Rob McBride Marketing @digitalmcb Industry trends impacting networking Cloud Mobile Social 2
More informationAddressing PCI DSS 3.2
Organizational Challenges Securing the evergrowing landscape of devices while keeping pace with regulations Enforcing appropriate access for compliant and non-compliant endpoints Requiring tools that provide
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSecurity Automation Connecting Your Silos
Security Automation Connecting Your Silos Lisa Lorenzin Principal Solutions Architect Juniper Network What We Have 9/29/2014 Copyright 2014 Trusted Computing Group 2 Drowning in Information 9/29/2014 Copyright
More informationPolicy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4
Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of
More informationSecuring Health Data in a BYOD World
Business White Paper Securing Health Data in a BYOD World Five strategies to minimize risk Page 2 of 9 Securing Health Data in a BYOD World Table of Contents Page 2 Introduction Page 3 BYOD Adoption Drivers
More informationSoftware Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University
Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationCSE543 Computer and Network Security Module: Network Security
CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel
More informationLeveraging the LincPass in USDA
Leveraging the LincPass in USDA Two Factor Authentication, Digital Signature, Enterprise VPN, eauth Single Sign On February 2010 USDA Takes Advantage of the LincPass USDA is taking advantage of the LincPass
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationManaging Site-to-Site VPNs: The Basics
CHAPTER 23 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationMobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management
Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management June 29, 2011 1 Forward-Looking Statements This presentation
More informationCompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)
CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001) Course Outline Course Introduction Course Introduction Lesson 01 - The Enterprise Security Architecture Topic A: The Basics of Enterprise Security
More informationModule Overview. works Identify NAP enforcement options Identify scenarios for NAP usage
Module 6: Network Policies and Access Protection Module Overview Describe how Network Policies Access Protection (NAP) works Identify NAP enforcement options Identify scenarios for NAP usage Describe Routing
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationVPN Overview. VPN Types
VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationVNC Connect security whitepaper. Cloud versus direct with VNC Connect
VNC Connect security whitepaper Cloud versus direct with VNC Connect November 2017 Contents Introduction... 3 Key terminology... 3 Direct connectivity... 4 Cloud connectivity... 5 Summary... 6 Appendix:
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationQuestions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP
Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP 1. If we cannot attend the September 27 pre-bid meeting in-person, will there be conference call capability
More informationComplying with PCI DSS 3.0
New PCI DSS standards are designed to help organizations keep credit card information secure, but can cause expensive implementation challenges. The F5 PCI DSS 3.0 solution allows organizations to protect
More informationHIPrelay Product. The Industry's First Identity-Based Router Product FAQ
HIPrelay Product The Industry's First Identity-Based Router Product FAQ Q. What is the HIPrelay? The HIPrelay is an identity-based router that seamlessly extends identity-defined micro-segments (IDMS)
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationSecure Access for Microsoft Office 365 & SaaS Applications
Best Practices Guide Secure Access for Microsoft Office 365 & SaaS Applications Implement Robust Compliance for All Users, All Devices, and All Data This guide illustrates best practices for secure Office
More informationHow to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT
How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS 1 BACKGROUND 2 WINDOWS SERVER CONFIGURATION STEPS 2 CONFIGURING USER AUTHENTICATION 3 ACTIVE DIRECTORY
More informationHow to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway
How to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway To connect to the Google Cloud VPN gateway, create an IPsec IKEv2 site-to-site VPN tunnel on your F-Series Firewall
More informationIt s About the Data, Stupid.
Next Presentation Begins at 16:40 It s About the Data, Stupid. Salo Fajer, Chief Technology Officer It s About the Data, Stupid. Salo Fajer, Chief Technology Officer First, allow me to explain my session
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPsec with pre-shared secrets establishing
More informationPROTECT WORKLOADS IN THE HYBRID CLOUD
PROTECT WORKLOADS IN THE HYBRID CLOUD SPOTLIGHTS Industry Aviation Use Case Protect workloads in the hybrid cloud for the safety and integrity of mission-critical applications and sensitive data across
More informationENCRYPTION STANDARDS FOR PUBLIC CLOUD ENVIRONMENTS
Allscripts Enterprise INFORMATION PRIVACY & SECURITY POLICIES: ENCRYPTION STANDARDS FOR PUBLIC CLOUD ENVIRONMENTS Revision: 1.0 FINAL Approval Date: December 01, 2015 Security Policy: S-10-01 Approval
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationHow Security Policy Orchestration Extends to Hybrid Cloud Platforms
How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationMonitoring Remote Access VPN Services
CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,
More informationIAM Security & Privacy Policies Scott Bradner
IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement
More informationThe Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies
The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies Daniel Yeung Technical Manager, Hong Kong & Taiwan AUG 2017 2017 Citrix Why Worry? Security needs to be top-of-mind
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationManaging Site-to-Site VPNs
CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationSecuring the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC
Securing the Network: Understanding CIA, Segmentation, and Zero Trust Jacek Szamrej VP of Cybersecurity SEDC Jacek Szamrej VP of Cybersecurity SEDC C? A I What are we protecting? Confidentiality DATA Availability
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationWhitepaper on EU Data Protection October 2014
Whitepaper on EU Data Protection October 2014 (Please see http://aws.amazon.com/compliance/aws-whitepapers/ for the latest version of this paper, and http://aws.amazon.com/de/data-protection/ for the German
More informationSecurity Operations & Analytics Services
Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some
More informationANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM
ROLE OF NETWORK VIRTUALIZATION AND SOFTWARE DEFINED SECURITY IN MULTICLOUD ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM This statement of direction sets forth Juniper Networks current intention and
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationThe Current State of Encryption and Key Management
BDB G The Current State of Encryption and Key Management Where Security Gaps Persist and Strategies for Addressing Them whitepaper Executive Summary While encryption has been employed for decades, much
More informationManaging Site-to-Site VPNs: The Basics
CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationCradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions
Cradlepoint to Palo Alto VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a Cradlepoint Series 3 router and a Palo Alto firewall. IPSec is customizable on both the Cradlepoint
More informationInternet security and privacy
Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationData Privacy and Protection GDPR Compliance for Databases
Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking
More informationEM L01 Introduction to Mobile
EM L01 Introduction to Scott Jareo Principal Field Enablement Mgr. 1 Agenda 1 Welcome and Introduction 2 Overview 3 Lab Exercises 4 Resources and Conclusion 2 Leading Concerns In Enterprise Mobility Discussions
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationMobility Policy Bundle
Version 2018-02 Mobility Policy Bundle Table of Contents This document contains the following policies: BYOD Access and Use Policy (revised 02/2018) Mobile Device Access and Use Policy (revised 02/2018)
More information