Electronic Access Controls June 27, Kevin B. Perry Director, Critical Infrastructure Protection
|
|
- Andrew Webb
- 6 years ago
- Views:
Transcription
1 Electronic Access Controls June 27, 2017 Kevin B. Perry Director, Critical Infrastructure Protection
2 Electronic Access Point 2
3 What does your access control look like? 3
4 Corp Network Satellite Clock VLAN 20 / /24 VLAN 22 / /24 VLAN 24 / /24 A B C D Jump Host VLAN 21 / /24 VLAN 23 / /24 App DB HMI AD CFE Terminal s A, B, and C A/V WSUS RHEL Syslog Historian ESP Microsoft Windows Field Network Redhat Linux Firmware-based 4
5 Corp Network Satellite Clock VLAN 20 / /24 VLAN 22 / /24 VLAN 24 / /24 A B C D Jump Host VLAN 21 / /24 VLAN 23 / /24 App DB HMI AD CFE Terminal s A, B, and C A/V WSUS RHEL Syslog Historian ESP HTTP, HTTPS Listening Field Network 5
6 Corp Network ESP-Group Satellite Clock VLAN 20 / /24 VLAN 22 / /24 VLAN 24 / /24 A B C D Jump Host VLAN 21 / /24 VLAN 23 / /24 ESP App DB HMI AD CFE Terminal s A, B, and C A/V WSUS RHEL Syslog Historian DMZ-Group Field Network 6
7 Consider this object-group network ESP-Group network-object network-object network-object object-group network DMZ-Group network-object network-object object-group service WSUS service-object icmp echo service-object icmp echo-reply service-object icmp time-exceeded service-object icmp unreachable service-object tcp destination eq www service-object tcp destination eq 443 service-object tcp destination eq 135 service-object tcp destination range permit ESP_allow_in extended permit object-group WSUS object-group DMZ-Group object-group ESP-Group permit ESP_allow_out extended permit object-group WSUS object-group ESP-Group object-group DMZ-Group 7
8 Audience Participation Time What are the compliance concerns with the rules just shown? What are the risks posed by the rules as written? How would you make the access control lists better? (No fair looking ahead ) 8
9 Compliance Concerns CIP-005-5, Requirement R1, Part 1.3 states: Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default Expectation: Inbound and outbound permissions are demonstrably needed Inbound and outbound permissions are tightly restricted 9
10 Compliance Concerns Object groups are not sufficiently granular ESP-Group encompasses every Cyber Asset within the ESP DMZ-Group encompasses every Cyber Asset in the DMZ WSUS defines every port (service) that is required for any reason to support WSUS, plus some not required by WSUS No consideration of reason for the port No consideration of direction of traffic flow This example will result in a Potential Non-Compliance 10
11 Compliance Concerns From Microsoft TechNet: Configure the firewall to allow communication for the HTTP and HTTPS ports used by the WSUS server. By default, a WSUS server that is configured for the default Web site uses port 80 for HTTP and port 443 for HTTPS. By default, the WSUS server uses port 8530 for HTTP and port 8531 for HTTPS if it is using the WSUS custom Web site References:
12 Risks Posed by the Rules Full DMZ ESP inbound and outbound access Even with port limitation, such broad IP ranges are not warranted in a Control Center network environment Reciprocal rules not required with a stateful firewall Unnecessarily increases the attack surface ICMP not required for WSUS purposes Although limited to only the ping and traceroute commands, ICMP can be used by a malicious attacker to perform network reconnaissance 12
13 Risks Posed by the Rules WSUS uses either ports 80/443 or 8530/8531 per the TechNet bulletins. Ports only listening on the WSUS server Listening ports configured when WSUS is installed Ports required to download patches from an upstream server or Microsoft web site. No requirement for the WSUS server to connect to the client Cyber Assets, thus inbound rules not required 13
14 Risks Posed by the Rules Only Microsoft Windows-based Cyber Assets are supported by WSUS Outbound rules should permit either ports 80/443 or 8530/8531 from the operator consoles and Active Directory server to the WSUS server Permitting broad outbound access increases the ability of malware to contact its command and control system through a compromised proxy in the non-esp networks 14
15 Risks Posed by the Rules Permitting port 80 and 443 from every Cyber Asset in the DMZ inadvertently exposes the CFE terminal servers to malicious configuration interface access Any external remote access to the CFE terminal servers using web services needs to go through the Intermediate System (jump host) Malicious actor could access and reconfigure the CFE terminal servers and disrupt SCADA/EMS communication with the generating plants and substations 15
16 Corp Network Satellite Clock VLAN 20 / /24 VLAN 22 / /24 VLAN 24 / /24 A B C D Jump Host VLAN 21 / /24 VLAN 23 / /24 App DB HMI AD CFE Terminal s A, B, and C A/V WSUS RHEL Syslog Historian ESP HTTP, HTTPS Listening Field Network Windows Clients in the ESP 16
17 Improving the Access Control Lists object-group network Windows-Systems network-object object _A network-object object _B network-object object _C network-object object _D network-object object AD_ object network WSUS- host object-group service WSUS service-object tcp destination range permit ESP_allow_out extended permit object-group WSUS object-group Windows-Systems object WSUS- Define similar tight rules for interaction with the Active Directory server, RHEL update server, anti-virus server, the syslog server, and between the primary and backup Control Center ESPs 17
18 Active Directory Current design AD server is inside the ESP to allow normal operation with the outside interface of the firewall disconnected in an emergency DMZ Cyber Assets have to reach into the ESP to access the AD server Default AD server configuration (Dynamic RPC) exposes the ESP to approximately 95% of all possible ports Exposure is magnified if inbound access is not limited to just the AD server 18
19 Active Directory Required ports Dynamic RPC (default) configuration Service RPC endpoint mapper Network basic input/output system (NetBIOS) name service NetBIOS datagram service NetBIOS session service RPC dynamic assignment message block (SMB) over IP (Microsoft-DS) Lightweight Directory Access Protocol (LDAP) LDAP ping LDAP over SSL Global catalog LDAP Global catalog LDAP over SSL Kerberos Domain Name Service (DNS) Windows Internet Naming Service (WINS) resolution (if required) WINS replication (if required) Source: Port/protocol 135/tcp, 135/udp 137/tcp, 137/udp 138/udp 139/tcp /tcp 445/tcp, 445/udp 389/tcp 389/udp 636/tcp 3268/tcp 3269/tcp 88/tcp, 88/udp 53/tcp1, 53/udp 1512/tcp, 1512/udp 42/tcp, 42/udp 19
20 Active Directory Dynamic RPC (default) configuration Pros: No special server configuration Cons: Turns the firewall into "Swiss cheese" Random incoming high-port connections Insecure firewall configuration 20
21 Active Directory Required Ports Limited RPC configuration Service Port/protocol RPC endpoint mapper 135/tcp, 135/udp NetBIOS name service 137/tcp, 137/udp NetBIOS datagram service 138/udp NetBIOS session service 139/tcp RPC static port for AD replication <AD-fixed-port>/TCP RPC static port for FRS <FRS-fixed-port>/TCP SMB over IP (Microsoft-DS) 445/tcp, 445/udp LDAP 389/tcp LDAP ping 389/udp LDAP over SSL 636/tcp Global catalog LDAP 3268/tcp Global catalog LDAP over SSL 3269/tcp Kerberos 88/tcp, 88/udp DNS 53/tcp, 53/udp WINS resolution (if required) 1512/tcp, 1512/udp WINS replication (if required) 42/tcp, 42/udp Source: 21
22 Active Directory Limited RPC configuration Pros: More secure than dynamic RPC only two open high ports Cons: Registry modification to all Active Directory servers Instructions for selecting the high ports and modifying the Registry are found in: 22
23 Active Directory But wait It can get even better Currently, the DMZ Cyber Assets need to punch through the firewall to access the Active Directory server Every permitted port is another opportunity for exploit A read-only domain controller (RODC) is a new type of domain controller in the Windows 2008 operating system. Eliminates need for inbound port permissions to the Active Directory server inside the ESP 23
24 Corp Network Satellite Clock VLAN 20 / /24 VLAN 22 / /24 VLAN 24 / /24 A B C D Jump Host VLAN 21 / /24 VLAN 23 / /24 App DB HMI AD CFE Terminal s A, B, and C AD (RODC) A/V WSUS RHEL Syslog Historian ESP Field Network 24
25 Read-Only Active Directory Read-only AD DS database Except for account passwords, an RODC holds all the Active Directory objects and attributes that a writable domain controller holds. However, changes cannot be made to the database that is stored on the RODC. Changes must be made on a writable domain controller and then replicated back to the RODC. Unidirectional replication Because no changes are written directly to the RODC, no changes originate at the RODC. Accordingly, writable domain controllers that are replication partners do not have to pull changes from the RODC. This means that any changes or corruption that a malicious user might make to the DMZ Active Directory cannot replicate from the RODC to the rest of the forest. Source: 25
26 Read-Only Active Directory One more thing to do Point the Cyber Assets inside the ESP to the Active Directory server inside the ESP Point the Cyber Assets outside the ESP to the Active Directory server in the DMZ Eliminate all AD-related permissions through the firewall from the DMZ into the ESP Frustrates the malicious actor too bad, so sad 26
27 Interactive Remote Access 27
28 28
29 What is Multi-Factor Authentication? Something you know: Password, passphrase, PIN Something you have: RSA token, CRYPTOcard, challenge/response card, cell phone Something you are: Biometrics (fingerprint, facial features, iris) 29
30 Something You Have This is the most misunderstood factor You need to be in physical possession You cannot stop off somewhere (electronically) and pick it up It cannot be publicly available The Guidelines and Technical Basis for CIP-005-5, Requirement R2 simply says See Secure Remote Access Reference Document (see remote access alert). Guidance for Secure Interactive Remote Access 30
31 Multi-Factor Scenario 1 Authentication is performed by the following sequence: Enter username and password One-time token is sent by the authentication server to your company account Enter the one-time token value found in the body You are authenticated Question: Is this a valid form of multi-factor authentication? NO 31
32 Multi-Factor Scenario 2 Authentication is performed by the following sequence: Enter username and password One-time token is generated using an app on your smart phone Enter the one-time token You are authenticated Question: Is this a valid form of multi-factor authentication? YES 32
33 Multi-Factor Scenario 3 Authentication is performed by the following sequence: Enter username and password to authenticate to a Citrix server (not the Intermediate System) Connect to the Intermediate System from the Citrix server Enter your username and password Enter the password to enable use of your digital certificate, stored in your user profile on the Citrix server You are authenticated Question: Is this a valid form of multi-factor authentication? NO 33
34 Multi-Factor Scenario 4 Authentication is performed by the following sequence: Connect to the Intermediate System from your laptop Enter your username and password Enter the password to enable use of your digital certificate, stored in your user profile on your laptop You are authenticated Question: Is this a valid form of multi-factor authentication? Yes, but 34
35 Multi-Factor Scenario 5 Authentication is performed by the following sequence: Enter username and password The authentication system places a call to a pre-registered phone number (cell or landline) Answer the phone and respond as instructed You are authenticated Question: Is this a valid form of multi-factor authentication? YES (cell phone would be best) 35
36 Multi-Factor Scenario 6 Authentication is performed by the following sequence: Insert USB key containing your digital certificate into your laptop Launch your VPN client on your laptop and connect to the VPN concentrator (upstream from the Intermediate System) Enter the passcode required to use your digital certificate You are authenticated Question: Is this a valid form of multi-factor authentication? YES 36
37 Multi-Factor Scenario 7 Authentication is performed by the following sequence: Log into your laptop using your fingerprint in lieu of entering your username and password Once logged in, connect to the Intermediate System with a username and password You are authenticated Question: Is this a valid form of multi-factor authentication? You would think so, but, NO 37
38 Summary Electronic Access Point You want tight ingress and egress access controls Access in and out needs to be limited to what is necessary to operate, not for convenience Multi-Factor Authentication Two of three: something you know, something you have, something you are You need to be in sole possession of something you have 38
39 SPP RE CIP Team Kevin Perry, Director of Critical Infrastructure Protection (501) Shon Austin, Lead Compliance Specialist-CIP (501) Ted Bell, Senior Compliance Specialist-CIP (501) Jeremy Withers, Senior Compliance Specialist-CIP (501) Robert Vaughn, Compliance Specialist II-CIP (501) Sushil Subedi, Compliance Specialist II-CIP (501)
CIP Workshop. SPP.org ->Regional Entity -> CIP Workshop: Questions? Wireless. SPP GUEST network. Enter your address on the login page.
CIP Workshop SPP.org ->Regional Entity ->6-27-17 CIP Workshop: Questions? Online question box generates anonymous email to staff from info@spp.org You can also email questions/comments to reworkshop@spp.org
More informationGlobal Information Assurance Certification Paper
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationCIP 007 Compliance. Kevin B. Perry Dir, Critical Infrastructure Protection
CIP 007 Compliance Kevin B. Perry Dir, Critical Infrastructure Protection kperry@spp.org 501.614.3251 Agenda CIP 007 Purpose CIP 007 Requirement Overview Past Non Compliance Potential Non Compliance Concerns
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationSecuring IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems
Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems Eroshan Weerathunga, Anca Cioraca, Mark Adamiak GE Grid Solutions MIPSYCON 2017 Introduction Threat
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationTable of Contents Table of Contents Disclaimer...4 Executive Summary...5 Background...6 Scope... 6 Audience... 6 Intent... 6 Other Materials... 6 Crit
Guidance for Secure Interactive Remote Access July 2011 Table of Contents Table of Contents Disclaimer...4 Executive Summary...5 Background...6 Scope... 6 Audience... 6 Intent... 6 Other Materials... 6
More informationAlberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against
More informationSEL-3620 ETHERNET SECURITY GATEWAY
ETHERNET SECURITY GATEWAY STRONG ACCESS CONTROL FOR YOUR ELECTRONIC SECURITY PERIMETER Firewall Ethernet WAN SEL-421 SEL Relays Serial Ethernet Security Gateway Real-Time Automation Controller (RTAC) SEL-3530
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationWindow Server Firewall Configuration
Windows Server Firewall, on page 1 Cisco Firewall Configuration Utility Prerequisites, on page 2 Run Cisco Firewall Configuration Utility, on page 2 Verify New Windows Firewall Settings, on page 3 Windows
More informationMerge physical security and cybersecurity for field operations.
Security Gateway Merge physical security and cybersecurity for field operations. Small form factor and wide temperature range for cabinet installation on distribution poles and in substation yards. Accelerometer,
More informationActive Directory in Networks Segmented by Firewalls
Active Directory in Networks Segmented by Firewalls Microsoft Corporation Published: July 2002 Updated: October 2004 Abstract Microsoft Active Directory service domain controllers are increasingly being
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationCIP 005 R2: Electronic Access Controls
CIP 005 R2: Electronic Access Controls Knowing who is in your network Steven Keller Senior Compliance Specialist CIP skeller.re@spp.org 501.688.1633 September 28, 2012 Objectives Improve your understanding
More informationThe Privileged Remote Access Appliance in the Network
The Privileged Remote Access Appliance in the Network The architecture of the BeyondTrust application environment relies on the BeyondTrust Appliance as a centralized routing point for all communications
More informationRussian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall 1 U.S. and U.K. authorities last week alerted the public to an on-going effort to exploit network infrastructure devices including
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationThe Bomgar Appliance in the Network
The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.
More informationIndependent DeltaV Domain Controller
Independent DeltaV Domain Controller The domain controller functionality can be de-coupled from the ProfessionalPLUS / Application stations in DeltaV systems version 14.3 and higher. Table of Contents
More informationThe Privileged Access Appliance in the Network
The Privileged Access Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application
More informationDomain Restructuring Windows Server 2008
Domain Restructuring Windows Server 2008 Introduction: This document will describe design decision to add Additional Domain Controller in the existing Active Directory Forest. The infrastructure is assumed
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationHP ArcSight Port and Protocol Information
Important Notice HP ArcSight Port and Protocol Information The information (data) contained on all sheets of this document constitutes confidential information of Hewlett- Packard Company or its affiliates
More informationNetwork Communication Requirements for SecureAuth IdP
Network Communication Requirements for SecureAuth IdP 9.1-9.2 Introduction This document lists the firewall ports that must be opened to ensure network connectivity of the SecureAuth IdP v9.1 - v9.2 appliance.
More informationDeploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2
Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationPROPOSAL OF WINDOWS NETWORK
PROPOSAL OF WINDOWS NETWORK By: Class: CMIT 370 Administering Windows Servers Author: Rev: 1.0 Date: 01.07.2017 Page 1 of 10 OVERVIEW This is a proposal for Ear Dynamics to integrate a Windows Network
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationBomgar PA Integration with ServiceNow
Bomgar PA Integration with ServiceNow 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationRSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458
RSA Ready Implementation Guide for v1.458 FAL, RSA Partner Engineering Last Modified: 7/22/16 Solution Summary The Check Point software solution is a comprehensive VPN
More informationDeploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3
Deploying VMware Identity Manager in the DMZ SEPT 2018 VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationInteractive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.
Interactive Remote Access Compliance Workshop October 27, 2016 Eric Weston Compliance Auditor Cyber Security 2 Agenda Interactive Remote Access Overview Review of Use Cases and Strategy 1 Interactive Remote
More informationBarracuda Networks NG Firewall 7.0.0
RSA SECURID ACCESS Standard Agent Implementation Guide Barracuda Networks.0 fal, RSA Partner Engineering Last Modified: 10/13/16 Solution Summary The Barracuda NG Firewall
More informationSecurity. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.
Security Bob Shantz Director of Infrastructure & Cloud Services 2016 Computer Guidance Corporation. All Rights Reserved. CPE Credits To receive your CPE Credits:. Complete a survey for each session attended.
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationCompTIA SY CompTIA Security+
CompTIA SY0-501 CompTIA Security+ https://killexams.com/pass4sure/exam-detail/sy0-501 QUESTION: 338 The help desk is receiving numerous password change alerts from users in the accounting department. These
More informationAccess Rules. Controlling Network Access
This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent
More informationPrivileged Identity App Launcher and Session Recording
Privileged Identity App Launcher and Session Recording 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationCCNA Security PT Practice SBA
A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done.
More informationHow to Configure a Remote Management Tunnel for an F-Series Firewall
How to Configure a Remote Management Tunnel for an F-Series Firewall If the managed NextGen Firewall F-Series cannot directly reach the NextGen Control Center, it must connect via a remote management tunnel.
More informationHySecure Quick Start Guide. HySecure 5.0
HySecure Quick Start Guide HySecure 5.0 Last Updated: 25 May 2017 2012-2017 Propalms Technologies Private Limited. All rights reserved. The information contained in this document represents the current
More informationPremediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.
Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Overview Case Study Remediation Overview Premediation
More informationIdentity Firewall. About the Identity Firewall
This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More information: Administration of Symantec Endpoint Protection 14 Exam
250-428: of Symantec Endpoint Protection 14 Exam Study Guide v. 2.2 Copyright 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Altiris are trademarks or registered trademarks
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More informationVendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo
Vendor: Citrix Exam Code: 1Y0-253 Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Version: Demo QUESTION 1 A Citrix Administrator needs to configure a single virtual server
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationComputer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 12. Firewalls & VPNs Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Conversation Isolation: Network Layer Virtual Private Networks (VPNs)
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationContext Based Access Control (CBAC): Introduction and Configuration
Context Based Access Control (CBAC): Introduction and Configuration Document ID: 13814 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Traffic Do
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationLab - Troubleshooting ACL Configuration and Placement Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway HQ G0/1 192.168.1.1
More informationSecure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions
ewon Security Paper Secure Industrial Automation Remote Access Connectivity Using ewon and Talk2M Pro solutions www.ewon.us Last Modified: January 13, 2015 Overview ewon is a global provider of secure
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationChapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationNERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System
Application description 04/2017 NERC CIP Compliance Matrix of RUGGEDCOM RUGGEDCOM https://support.industry.siemens.com/cs/ww/en/view/109747098 Warranty and Liability Warranty and Liability Note The Application
More informationNew Features for ASA Version 9.0(2)
FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core
More informationTeacher s Reference Manual
UNIVERSITY OF MUMBAI Teacher s Reference Manual Subject: Security in Computing Practical with effect from the academic year 2018 2019 Practical 1: Packet Tracer - Configure Cisco Routers for Syslog, NTP,
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationTroubleshooting. Testing Your Configuration CHAPTER
82 CHAPTER This chapter describes how to troubleshoot the ASA and includes the following sections: Testing Your Configuration, page 82-1 Reloading the ASA, page 82-8 Performing Password Recovery, page
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationCisco ISE Ports Reference
Cisco ISE Infrastructure Cisco ISE Infrastructure, on page 1 Cisco ISE Administration Node Ports, on page 2 Cisco ISE Monitoring Node Ports, on page 4 Cisco ISE Policy Service Node Ports, on page 6 Cisco
More informationConfiguration Guide. BlackBerry UEM. Version 12.9
Configuration Guide BlackBerry UEM Version 12.9 Published: 2018-07-16 SWD-20180713083904821 Contents About this guide... 8 Getting started... 9 Configuring BlackBerry UEM for the first time...9 Configuration
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationInfinite Device Management
Infinite Device Management Version: Date: 18 04-Dec-2018 15:18 Table of Contents Infinite Device Management Features...................................... 3 Minimal software to install......................................................
More informationChapter 11: It s a Network. Introduction to Networking
Chapter 11: It s a Network Introduction to Networking Small Network Topologies Typical Small Network Topology IT Essentials v5.0 2 Device Selection for a Small Network Factors to be considered when selecting
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationWindows Server Security Guide
Windows Server Security Guide August 2017 Contents Windows Server 2016 Security Guide... 3 Why is Windows Server 2016 security important?... 3 How does Windows Server 2016 help prevent and detect compromise?...
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationTCP, UDP Ports, and ICMP Message Types1
Appendix A APPENDIX A TCP, UDP Ports, and ICMP Message Types1 I list useful TCP, UDP ports, and ICMP message types in this appendix. A comprehensive list of registered TCP and UDP services may be found
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More information<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide
RSA SECURID ACCESS Standard Agent Client Implementation Guide Pulse Secure John Sammon, Dan Pintal, RSA Partner Engineering Last Modified: July 11, 2018 Solution Summary
More informationThe StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.
Introduction: Intended Audience The StrideLinx Remote Access Solution is designed to offer safe and secure remote access to industrial equipment worldwide for efficient remote troubleshooting, programming
More informationMcAfee Endpoint Security Firewall Product Guide. (McAfee epolicy Orchestrator)
McAfee Endpoint Security 10.6.0 - Firewall Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationConfiguring Authentication Proxy
The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.
More informationGuide to DDoS Attacks November 2017
This Multi-State Information Sharing and Analysis Center (MS-ISAC) document is a guide to aid partners in their remediation efforts of Distributed Denial of Service (DDoS) attacks. This guide is not inclusive
More informationCisco IOS Firewall Authentication Proxy
Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration
More informationFacilities Manager Technical Overview
Facilities Manager Technical Overview Overview Print Audit Facilities Manager is a powerful, easy to use tool designed to remotely collect meter reads, automate supplies fulfillment and report service
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationConfiguring Management Access
37 CHAPTER This chapter describes how to access the ASA for system management through Telnet, SSH, and HTTPS (using ASDM), how to authenticate and authorize users, how to create login banners, and how
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationStripe Terminal Implementation Guide
Stripe Terminal Implementation Guide 12/27/2018 This document details how to install the Stripe Terminal application in compliance with PCI 1 PA-DSS Version 3.2. This guide applies to the Stripe Terminal
More informationSurePassID Local Agent Guide SurePassID Authentication Server 2016
SurePassID Local Agent Guide SurePassID Authentication Server 2016 SurePassID Local Agent Guide Revision: 03 10 2016 You can find the most up-to-date technical documentation at: http://www.surepassid.com
More informationVPN Connection through Zone based Firewall Router Configuration Example
VPN Connection through Zone based Firewall Router Configuration Example Document ID: 112051 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationDeploying F5 with Citrix XenApp or XenDesktop
Deploying F5 with Citrix XenApp or XenDesktop Welcome to the F5 deployment guide for Citrix VDI applications, including XenApp and XenDesktop with the BIG-IP system v11.4 and later. This guide shows how
More informationHP Load Balancing Module
HP Load Balancing Module Security Configuration Guide Part number: 5998-2686 Document version: 6PW101-20120217 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More information