Securing Access to Network Devices
|
|
- Godfrey Allen
- 6 years ago
- Views:
Transcription
1 Securing Access to Network s Data Track Technology October, 2003 A corporate information security strategy will not be effective unless IT administrative services are protected through processes that safeguard voice and data network infrastructure devices. This paper attempts to identify the issues involved in delivering secure remote access to network devices, the first basic step of infrastructure security, and to discuss the solutions that Data Track Technology offers for resolving them. Introduction An integral part of the discussion of securing access to network devices is to identify how the steps of authentication, authorization, and auditing relate to information security, in general, and to secure remote access, specifically. To that end, definitions of the terms used in this paper follow. Authentication is the control over who is allowed to gain access to a network device, usually through a login/password process. Once a user is authenticated and has gained access, he may still need to use additional authentication mechanisms for access to specific services. Authorization is the ability to limit network services and therefore capabilities available to different users and/or groups of users. This is usually achieved by the application of a user profile based on unique username/password combinations. Auditing/Accounting collects and logs user activities on the network. The information collected can then be used for internal billing purposes, and as source material for security investigations. Issue: Administering Network s at Remote Locations Administrative access to voice and data network infrastructure devices such as routers, firewalls, PBXs, etc. usually takes place either remotely over a wide area network, remotely over a local area network, or locally with a serial cable from a computer to the console port of the device. A remote location within an organization will have voice and data network devices located on the premise, but the IT staff charged with maintaining these devices is often located elsewhere. Access methods are needed to administer and configure network devices, but the methods must be secured from hackers on the outside and from malicious persons on the inside.
2 Example: Remote Branch Office A typical example of network devices at a remote location would be a branch office that has a router that connects the office to the corporate WAN for data communications and a small PBX for telecommunications. There is no IT staff at this site. When there is a performance problem with the router, a system administrator (SA) or support engineer (SE) at the regional headquarters uses the telnet program to connect to the router across the WAN to read system logs, and then to possibly reconfigure a route table. When a new user needs to be added to the PBX, a telecom manager at the regional headquarters uses a Windows software program from the PBX manufacturer to connect to the PBX across the WAN and add a user to the system. SA/SE WAN Router PSTN PBX Legend Ethernet network Unrestricted dial-up Voice Mail LAN Figure 1 - Remote branch office with voice and data equipment. If the wide area network connection to this site is not functioning due to a failure of the router or the transport between the router and the WAN backbone, in-band access is not available for either data communications or telecommunications administration. In this case, a system administrator connects to a modem on the router via a telephone line, logs in directly to the router, and then uses the command line interface on the router to debug the wide area network interface. If the router is unresponsive, a technician has to be dispatched to the site to power cycle the router and to check the integrity of the IOS image in the system. The telecom manager connects to the service modem on the PBX via a telephone line, logs in directly to the PBX, and then uses a command line tool on the PBX to add a user to the system. If there are no service modems on the router or the PBX, a technician is dispatched to the site.
3 Security Shortcomings In this example scenario with in-band access over the WAN and out-of-band access via individual modems on each device, there are several serious security disasters waiting to happen. In-band Access From within the WAN, there may be many sections of the corporate intranet that have routes to remote corporate locations. Unless route-based vulnerability assessments have been performed, there can be little assurance that users on the WAN, other than authorized system administrators, are blocked from reaching remote devices. And since the voice and data network devices may well have telnet, tftp, ftp, and even http servers running to offer access to system administrators, these devices are vulnerable to attack from insiders through the administrative access points available across the WAN. (See the discussion below on administering network devices on the LAN for a more detailed discussion of insider attack issues.) Out-of-band Access The voice and data network devices to be managed remotely may have relatively weak access methods. In addition, adding only a simple modem to be the service access point for a network device magnifies the opportunity for the device to be compromised. Hackers using war dialer mechanisms will eventually find the modem and will attack the login prompt of the device. Issue: Administering Network s on the LAN Methods of access to voice and data network devices located where IT staff reside also need to be secured not only from the same outsider threats as remote locations but also from insider threats. A host of studies from well-known sources including the FBI, SANS Institute, and the Office for Critical Infrastructure Assurance at the White House have shown that sophisticated insiders pose the greatest security threat to corporate networks. Disgruntled staff and those attempting to masquerade as administrators are at the top of the insider threat list. Example: Regional Headquarters An example of network devices on a large local area network is a regional headquarters facility that has a direct connection to the Internet, a series of routers and firewalls for data communications, and a large PBX for telecommunications. There are IT staff members at this location. When there is a performance problem with the router, a local system administrator uses the telnet program to connect to the router across the LAN to read system logs, and then to possibly reconfigure a route table. When a new user needs to be added to the PBX, a local telecom manager uses a Windows software program from the PBX manufacturer to connect to the PBX across the LAN and add a user to the system.
4 POWERFA ULT DATA ALARM NetworkingPS, LLC Internet Router DMZ Firewall SA/SE IDS Web Legend Ethernet network PBX Voice Mail Figure 2 - Regional headquarters with voice and data equipment If the local area network at this site is not functioning, in-band access is not available for either data communications or telecommunications administration. In this case, IT staff members would directly access the consoles of voice and data network devices to remedy the situation. It would be unusual to have modems connected to the network devices at a site where there is a sizable IT staff. Security Shortcomings In this example, the greatest vulnerability is not via out-of-band access but rather in-band access since there will be few situations where modems will be present as a standard operating procedure on network devices. In our example regional headquarters, administrative access to network devices is via the corporate network and not via a separate administrative VLAN or a separate physical network. At the regional headquarters, there will be users on the corporate network attempting to gain unauthorized access to network resources. It may be a former IT staff member who has maintained back door access to the network. It may be a visitor to a company site sitting down at a logged-in PC. It may be a current employee who has some time on his or her hands and thinks they have hacking skills, or it may be a short-term contractor. It may be a bored vendor s representative handling a service event. Or it could even be a hacker that has actually penetrated the network and is looking for the soft, chewy center now that he is past the hardened borders.
5 In-band Access In a typical corporate network, critical network infrastructure devices such as routers, servers, firewalls, LAN switches, and PBXs are relatively unprotected from compromise from within. The former IT employee may still have an active password to a web server, and in just a few minutes on the network, he adds a back door for future mischief. The visitor or current employee may decide to download one of the many hacker tools available on the Internet and propagate a flood of packets to the open telnet port on the nearest router. The vendor s representative adding a software upgrade to a PBX may decide to try and telnet around the network seeing which devices he can gain access to. The hacker that has successfully penetrated the network perimeter is roaming about trying to find, compromise, and reconfigure any internal servers found running insecure services such as tftp. Data Track s Secure Remote Access (SRA) Data Track s solution delivers a consistent, secure system to connect IT personnel to voice and data network devices across local and wide area networks. It uses proven methods of authentication, authorization, and auditing/accounting. Beyond the secure connectivity functions, there are a number of services within Data Track s SRA solution to monitor network devices. One of these services keeps track of the connection status of each monitored device. Another records the activity of system administrators on each monitored device. A power management service allows remote support engineers to power cycled network devices. A logging service provides a data collection facility for monitored devices either through a serial port or via TCP. There is also a facility that allows local storage and retrieval of configuration data for network devices. And an alerting service offers a message delivery facility to an upstream network management system. The overall benefits of deploying Data Track s SRA are: Improved management of system administration activity Reduced technician dispatches (and associated costs) Increased network infrastructure security Methodology A key element of Data Track s Secure Remote Access solution is that rather than connecting directly into a network device, a system administrator or support engineer connects to a security appliance called a Tracker. It is a reliable and robust platform based on the Linux operating system. The operating system, the configuration parameters, and the Tracker applications are stored in non-volatile memory, making them resilient to power failures. The configuration parameters of the Tracker can be set remotely, and system upgrades can be uploaded using or dial-up connections.
6 Many voice and data network devices can be connected to a single Tracker security appliance via either a serial connection to the console port of the network device, or a TCP/IP Ethernet network connection, or both. When the connection is via a Tracker serial port, the unit s full auditing capabilities are available, including logging the commands that an administrative user enters at the console of the managed device. Note that when the Tracker is used as the administrative access point to a network device, any other administrative access to that device can be disabled, further increasing the reliability of the network device from a failure due to an attack. Security within Tracker When a system administrator wants to administer a network device, the first step is to set up a VPN tunnel to the Tracker security appliance, if the connection is over a TCP/IP network, or to set up a CHAP- authenticated PPP session to the Tracker, if the connection is over a dial-up network. The next step is to logon to the Tracker via a password protected terminal session. Once the logon is successful, the firewall in the Tracker ensures that system administrators have access only to authorized equipment and/or applications. When the Tracker is fitted with multiple Ethernet ports, its internal routing tables are used to restrict the traffic flow between these interfaces, creating a secure routing environment. In addition to the security of the logon process and the firewall rules, the administrator of the Tracker also configures the logon methods allowed per user, and enables the level of access required per user.
7 System Administrator Tracker Serial Serial PSTN Modem Ethernet Ethernet System Administrator Serial Serial Legend Restricted dial-up Serial to device console Corporate network Admin VLAN Internal firewall Figure 3 Logical diagram of Tracker s internal firewall in a secure remote access installation. When managing network devices via a Tracker using a TCP/IP network, the highest security level would have a Tracker Ethernet interface and the administrative Ethernet interfaces of the network devices on a VLAN or at least a sub-net separated from the rest of the local area network. This would allow for internal network segmentation methodologies to be used to severely limit the number of users that have access to the administrative interfaces of network devices. System Applications The Tracker provides a series of extensible services and system applications to support secure remote access and to serve as building blocks for other solutions. These include: VPN tunnels to provide secure in-band sessions across a LAN or WAN. Firewall to isolate system administrators from network segments where there are no authorized network devices. Monitoring service to provide a basic connection status of managed devices. Management service that captures and filters SNMP traps, and then redirects them to one or more management applications Auditing service to show system administration activity on each device Alerting service to provide a message delivery facility to send alarms to a management application. Logging service to provide a data collection facility for devices connected via serial ports or TCP/IP sockets.
8 Power management facility to allow remote support engineers to power cycle network devices. Local storage and retrieval of network device configuration data via restricted TFTP. In-band and Side-band Access to Network s For in-band access across a LAN, an administrator connects one Ethernet port on the Tracker to the corporate network. For more protection, an admin VLAN or even a separate admin LAN would be in use, and another Ethernet port on the Tracker would be connected to it. (Using a VLAN or a separate LAN for administrative purposes is often called side-band access.) For in-band or side-band access across a WAN, the Tracker would be connected to an Ethernet network and it would have a TCP/IP route available to traverse the WAN to connect to the devices to be administered. A system administrator looking to connect via in-band or side-band access to a network device managed by a Tracker will telnet to the IP address of the Tracker s Ethernet interface on the corporate network, and then select the authorized device to administer. Out-of-band Access to Network s For out-of-band access, a telephone line is connected to the Tracker s integral modem. The Tracker can be configured to restrict answering to a set of originating numbers. A system administrator looking to connect via out-of-band access to a network device managed by a Tracker must call from a phone line whose number is authorized by the Tracker. A CHAPauthenticated PPP session will start up; the user will logon; and then the user will select the authorized device to administer from a menu. North American Distributor: NetworkingPS, LLC Info@NetworkingPS.com PHONE: (908) FAX: (908)
9 Appendix A: Alternative Solutions Data Track s Secure Remote Access versus alternatives Tracker Terminal server LAN modem Access Methods Modem restricted answering VPN server telnet server Security Firewall Audit trail Comfort alarm Network Management Alerting service Logging service Monitoring service SNMP agent SNMP capture / redirect Other Digital I/O ports Application scripting Menu-driven interface Remote configuration Remote upgrade 19 rack mount UPS options
Securing CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationWHITE PAPER: IRONSHIELD BEST PRACTICES MANAGEMENT VLANS
Written By: Philip Kwan April 2003 April 2003 2003 Foundry Networks, Inc. Summary The IronShield Best Practices: Management VLANs document is designed to help network and security administrators understand
More informationSecure Remote Access And Password Management
+44(0)1425 270 333 email: sales@dtrack.com website: dtt.dtrack.com Secure Remote Access And Password Management Data Track Technolo gy Ltd 153 Somerford Road Christchurch Dorset BH23 3TY UK Contents The
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005
85 Grove Street - Peterboro ugh, N H 0345 8 voice 603-924-6 079 fax 60 3-924- 8668 CN!Express CX-6000 Single User Version 3.38.4.4 PCI Compliance Status Version 1.0 28 June 2005 Overview Auric Systems
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationWHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points
WHITE PAPER Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS Starting Points...1 The Four Essentials...2 The Business Case for SIP Trunks...3 To benefit from the latest
More informationExam: : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 03.20.04 QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationApplication Note 3Com VCX Connect with SIP Trunking - Configuration Guide
Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide 28 May 2009 3Com VCX Connect Solution SIP Trunking Table of Contents 1 3COM VCX CONNECT AND INGATE... 1 1.1 SIP TRUNKING SUPPORT...
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationXceedium Xio Framework: Securing Remote Out-of-band Access
Xceedium Xio Framework: Securing Remote Out-of-band Access 1 Common Scenario A major corporation, with many domestic and international offices, has a massive network infrastructure that spans across many
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationSecurely Deliver Remote Monitoring and Service to Critical Systems. A White Paper from the Experts in Business-Critical Continuity TM
Securely Deliver Remote Monitoring and Service to Critical Systems A White Paper from the Experts in Business-Critical Continuity TM Executive Summary As a leading equipment manufacturer of critical infrastructure
More informationCHAPTER 7 ADVANCED ADMINISTRATION PC
ii Table of Contents CHAPTER 1 INTRODUCTION... 1 Broadband ADSL Router Features... 1 Package Contents... 3 Physical Details... 4 CHAPTER 2 INSTALLATION... 6 Requirements... 6 Procedure... 6 CHAPTER 3 SETUP...
More informationExam: Title : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 04.21.04 QUESTION 1 You are a technician at Certkiller. Certkiller has its headquarters in New York. The company has just established two branch offices located in Baltimore
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More information3050 Integrated Communications Platform
3050 Integrated Communications Platform Network Configuration Guide Release 1 October 2002 Copyright 2002 Mitel Networks Corporation. This document is unpublished and the foregoing notice is affixed to
More informationApplication Note Asterisk BE with Remote Phones - Configuration Guide
Application Note Asterisk BE with Remote Phones - Configuration Guide 15 January 2009 Asterisk BE - Remote SIP Phones Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 REMOTE SIP PHONE
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationIngate Firewall & SIParator Product Training. SIP Trunking Focused
Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationSpectrum Enterprise SIP Trunking Service Vertical TM Wave IP500TM / Wave IP2500 TM Release 4.0, 4.5 IP PBX Configuration Guide
Spectrum Enterprise SIP Trunking Service Vertical TM Wave IP500TM / Wave IP2500 TM Release 4.0, 4.5 IP PBX Configuration Guide About Spectrum Enterprise: Spectrum Enterprise is a division of Charter Communications
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationON-LINE EXPERT SUPPORT THROUGH VPN ACCESS
ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS P. Fidry, V. Rakotomanana, C. Ausanneau Pierre.fidry@alcatel-lucent.fr Alcatel-Lucent, Centre de Villarceaux, 91620, Nozay, France Abstract: As a consequence of
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationImplementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
Question Number (ID) : 1 (jaamsp_mngnwi-088) You are the administrator for medium-sized network with many users who connect remotely. You have configured a server running Microsoft Windows Server 2003,
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationGetting Started with the VG248
CHAPTER 2 Before you can configure the telephony features on the VG248 to interact with the analog phones, you must first configure the basic network, SNMP, and password settings. These settings enable
More informationApplication Note. Microsoft OCS 2007 Configuration Guide
Application Note Microsoft OCS 2007 Configuration Guide 15 October 2009 Microsoft OCS 2007 Configuration Guide Table of Contents 1 MICROSOFT OCS 2007 AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2 2 INGATE
More informationOpengear Technical Note
) 0 FO U N D Y FastIron Workgroup X N E T WO R K S C o n s o le L in k 0 P o w e r F F F F 0 0 0 0 0 0 S Y T R P S S T A T D U P L X S P E E D M O D E 0 0 -Port Standard KVM Switch Model B00-00 0 0 C at
More informationEasy-to-Use PCI Kit to Enable PCI Compliance Audits
Easy-to-Use PCI Kit to Enable PCI Compliance Audits Version 2.0 and Above Table of Contents Executive Summary... 3 About This Guide... 3 What Is PCI?... 3 ForeScout CounterACT... 3 PCI Requirements Addressed
More informationMobile MOUSe ROUTING AND SWITCHING FUNDAMENTALS ONLINE COURSE OUTLINE
Mobile MOUSe ROUTING AND SWITCHING FUNDAMENTALS ONLINE COURSE OUTLINE COURSE TITLE ROUTING AND SWITCHING FUNDAMENTALS COURSE DURATION 16 Hour(s) of Self-Paced Interactive Training COURSE OVERVIEW In the
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationSecurity Guide SAP Supplier InfoNet
SAP Supplier InfoNet Table of Contents 1 About this document....3 2 Network and communication security....4 2.1 Network security....4 2.2 Communication channel security....4 2.3 Network resource security....4
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationXO SITE SECURITY SERVICES
XO SITE SECURITY SERVICES 1.0 Product and Services 1.1 Product Description. XO Site Security (the "Service") is a managed security service which uses Premises-based, multi-threat sensing Customer Premises
More informationSecure Network Design Document
Secure Network Design Document May 3, 2007 Authored by: Steven Puzio TABLE OF CONTENTS I. Overview... 3 II. Company Information... 5 III. Wiring Closet Cabling and Design... 6 IV. Network Electronics Selection...
More informationRecommendations for Device Provisioning Security
Internet Telephony Services Providers Association Recommendations for Device Provisioning Security Version 2 May 2017 Contact: team@itspa.org.uk Contents Summary... 3 Introduction... 3 Risks... 4 Automatic
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : GSLC Title : GIAC Security Leadership Certification (GSLC) Vendors : GIAC
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationInformation Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1)
Appendixes Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1) 1.0 Scope All credit card data and its storage
More informationCisco 4: Enterprise Networking
Western Technical College 10150140 Cisco 4: Enterprise Networking Course Outcome Summary Course Information Description Career Cluster Instructional Level Total Credits 3.00 Total Hours 90.00 Topics covered
More informationTruffle Broadband Bonding Network Appliance
Truffle Broadband Bonding Network Appliance Reliable high throughput data connections with low-cost & diverse transport technologies PART I Truffle in standalone installation for a single office. Executive
More informationTop-Down Network Design
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 1 Network Security Design The steps for security design are: 1. Identify
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationDesigning a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,
Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10, 2007 1 Some of Our Tools Encryption Authentication mechanisms Access
More informationMetasys System Extended Architecture
Product Bulletin Issue Date March 31, 2003 Metasys System Extended Architecture The architecture of the Metasys building automation and facilities management system has been extended to be fully compatible
More informationRIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich
RIPE RIPE-17 Table of Contents The Langner Group Washington Hamburg Munich RIPE Operations Technology Management Plan (MP-17) 0.1 Purpose... 4 0.2 Process Overview... 4 0.3 Implementation Scope... 5 0.4
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationNetworks with Cisco NAC Appliance primarily benefit from:
Cisco NAC Appliance Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrators to authenticate, authorize, evaluate,
More informationRussian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall 1 U.S. and U.K. authorities last week alerted the public to an on-going effort to exploit network infrastructure devices including
More informationG-4200 SMB PAC with built-in AAA
G-4200 SMB PAC with built-in AAA 10 Mar. 2008 Browan, Inc. Version 1.1 Page 1 Production overview The G-4200 is a cost-effective platform designed for small to medium sized public access venues. AT-A-GLANCE:
More informationApplication Note Asterisk BE with SIP Trunking - Configuration Guide
Application Note Asterisk BE with SIP Trunking - Configuration Guide 23 January 2009 Asterisk BE SIP Trunking Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2
More informationIndustrial Control System Security white paper
Industrial Control System Security white paper The top 10 threats to automation and process control systems and their countermeasures with INSYS routers Introduction With the advent of M2M (machine to
More informationVANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER
VANGUARD INSURANCE INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationWHITE PAPERS. INSURANCE INDUSTRY (White Paper)
(White Paper) Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance
More informationCommunications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise
Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise The Changing Landscape IP-based unified communications is widely deployed in enterprise networks, both for internal calling
More informationMANAGED WAN SERVICE GENERAL Service Definition Standard Service Features. Monitor and Notify Service Level Monitoring Notification
MANAGED WAN SERVICE 1. GENERAL 1.1 Service Definition 1.2 Standard Service Features 1.3 Optional Service Features 1.4 Customer Responsibilities 2. SUPPLEMENTAL TERMS 3. SERVICE LEVEL AGREEMENT 4. FINANCIAL
More informationImproving Business Continuity for the
Improving Business Continuity for the Remote Office EXECUTIVE SUMMARY Remote System availability is critical to maintaining business continuity. Network outages and related disruptions in services account
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :
CompTIA CAS-002 CompTIA Advanced Security Practitioner (CASP) Download Full Version : http://killexams.com/pass4sure/exam-detail/cas-002 QUESTION: 517 A security engineer is a new member to a configuration
More informationChildren s Health System. Remote User Policy
Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationRemote Desktop Security for the SMB
A BWW Media Group Brand Petri Webinar Brief October 5th, 2018 Remote Desktop Security for the SMB Presenter: Michael Otey Moderator: Brad Sams, Petri IT Knowledgebase, Executive Editor at Petri.com There
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationNGN: Carriers and Vendors Must Take Security Seriously
Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationCCNA Exploration Network Fundamentals
CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing
More informationNetwork+ Guide to Networks 6 th Edition
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access Objectives 1. Explain virtualization and identify characteristics of virtual network components 2. Create and configure
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationInformation System Security. Nguyen Ho Minh Duc, M.Sc
Information System Security Nguyen Ho Minh Duc, M.Sc Contact 2 Nguyen Ho Minh Duc Phone: 0935 662211 E-mail: duc.nhm@gmail.com Web:http://nhmduc.wordpress.com 3 Lecture 01 INTRODUCTION Topics 4 What information
More informationMessage Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
More informationFirewall Configuration and Management Policy
Firewall Configuration and Management Policy Version Date Change/s Author/s Approver/s 1.0 01/01/2013 Initial written policy. Kyle Johnson Dean of Information Services Executive Director for Compliance
More informationCORPORATE GLOBAL ROAMING PRODUCT SPECIFICATION
CORPORATE GLOBAL ROAMING PRODUCT SPECIFICATION 1. INTRODUCTION This document contains information on the Corporate Global Roaming service. If you require more detailed technical information, please contact
More informationUser Guide IP Connect CSD
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Wireless Maingate AB shall have no liability for any error or damages
More informationInformation Services IT Security Policies L. Network Management
Information Services IT Security Policies L. Network Management Version 1.1 Last updated: 11th August 2010 Approved by Directorate: 2nd July 2009 Review date: 1st August 2011 Primary owner of security
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationChapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.
Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP
More information