Inventory and Reporting Security Q&A

Similar documents
Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

SECURITY & PRIVACY DOCUMENTATION

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Security Policies and Procedures Principles and Practices

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Smart Net Total Care SNTC Deployment, Demo and Features. Hernani Crespi Technical Engagement Manager Oct 2014

IBM SmartCloud Notes Security

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

IBM SmartCloud Engage Security

WHITE PAPER- Managed Services Security Practices

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

SECURITY PRACTICES OVERVIEW

Unleash the Power of Secure, Real-Time Collaboration

The Common Controls Framework BY ADOBE

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Projectplace: A Secure Project Collaboration Solution

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Trust Services Principles and Criteria

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Hybrid Data Security Overview

University of Colorado

PCI DSS Compliance. White Paper Parallels Remote Application Server

CONNX SECURITY OVERVIEW

Oracle Data Cloud ( ODC ) Inbound Security Policies

PCI Compliance Assessment Module with Inspector

Security and Certificates

Data Security and Privacy Principles IBM Cloud Services

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

IBM Security Intelligence on Cloud

Security

AUTHORITY FOR ELECTRICITY REGULATION

Security Architecture

Cloud-Based Data Security

Pillar 4: Be Accountable: Implement your Privacy & Data Protection (PDP) Measures Legal Basis: Sec. 20.a-e, 22 and 24 of the DPA, Sections of

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

IBM Case Manager on Cloud

Juniper Vendor Security Requirements

Data Protection Policy

Data Center Operations Guide

EXHIBIT A. - HIPAA Security Assessment Template -

Keys to a more secure data environment

Google Cloud Platform: Customer Responsibility Matrix. April 2017

CIS Controls Measures and Metrics for Version 7

SAS SOLUTIONS ONDEMAND

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

7.16 INFORMATION TECHNOLOGY SECURITY

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Security and Compliance at Mavenlink

CIS Controls Measures and Metrics for Version 7

NEN The Education Network

Ready Theatre Systems RTS POS

TRACKVIA SECURITY OVERVIEW

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Overview Brosix stringent corporate security requirements.

WORKSHARE SECURITY OVERVIEW

Security in Bomgar Remote Support

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

HIPAA Technical Safeguards and (a)(7)(ii) Administrative Safeguards

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

efolder White Paper: HIPAA Compliance

Simple and Powerful Security for PCI DSS

Cloud FastPath: Highly Secure Data Transfer

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Total Security Management PCI DSS Compliance Guide

The simplified guide to. HIPAA compliance

Ellipse Support. Contents

Network Performance, Security and Reliability Assessment

epldt Web Builder Security March 2017

Managing Certificates

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

What can the OnBase Cloud do for you? lbmctech.com

Information Security Policy

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Carbon Black PCI Compliance Mapping Checklist

Cloud Security Whitepaper

Google Cloud Platform: Customer Responsibility Matrix. December 2018

InterCall Virtual Environments and Webcasting

Information Security Controls Policy

AppPulse Point of Presence (POP)

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

State of Colorado Cyber Security Policies

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.

The following security and privacy-related audits and certifications are applicable to the Lime Services:

RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS

Data Classification, Security, and Privacy

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Common Services Platform Collector Overview

GateHouse Logistics. GateHouse Logistics A/S Security Statement. Document Data. Release date: 7 August Number of pages: Version: 3.

IPM Secure Hardening Guidelines

Safeguarding Cardholder Account Data

Transcription:

Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes Cisco network devices and provides various detailed reports on the devices deployed in customer networks. To help ensure customers stay informed about important alerts announced by Cisco, Inventory Reporting, Collection, and Analysis also includes a Product Alerts/Advisory report displaying Cisco alerts that affect devices in customer networks. Inventory Reporting, Collection, and Analysis also allows customers to customize reports displaying only the inventory data that is of most interest and importance and omit the information that is not relevant. Q. What is the Inventory Collection, Reporting, and Analysis deployment model? A. Inventory Reporting, Collection, and Analysis is a system composed of Cisco Network Collector; Transport Gateway; Inventory Reporting, Collection, and Analysis; and the Inventory Reporting, Collection, and Analysis portal. The Cisco Network Collector collects network device inventory and network device configuration data based on product and collection rules from the customer network and uploads the data securely to the Cisco back end (that is, Inventory and Reporting) for analysis and reporting. Cisco Network Collector relies on Transport Gateway, which securely transports customer network data collected by Cisco Network Collector to Inventory and Reporting, which resides in the Cisco back-end system (that is, behind the Cisco firewall). The Inventory Reporting, Collection, and Analysis web portal enables the Inventory Reporting, Collection, and Analysis user to register other users for access to Inventory Reporting, Collection, and Analysis and to securely view reports of a user s network devices and configuration. The Inventory Reporting, Collection, and Analysis web portal is the only mechanism from which a user can generate and view various reports and export the reports to PDF or CSV format. Q. What security policy does Inventory Reporting, Collection, and Analysis address? A. Inventory Reporting, Collection, and Analysis security covers data use and data security measures for customer network data collected by Cisco Network Collector and processed by Inventory Reporting, Collection, and Analysis. Q. What is considered customer network data? A. Customer network data includes network inventory, configuration, syslog, audit, and diagnostic data collected and analyzed by Cisco Service Technology Solutions (STS) tools. Also included within scope is the customer seedfile data identifying customer network hostnames, IP addresses, and device accounts and passwords, which is gathered prior to the collection process. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7

Q. What is Security Alert Manager? A. Security Alert Manager is a web-based threat and vulnerability intelligence service that provides early warning, analysis, decision support, and threat management tools to aid our clients in protecting their electronic infrastructure. It issues alerts that cover the entire threat landscape: security vulnerabilities, malicious codes (worms, viruses, and Trojans), and global security trends. IntelliShield Alert Manager enables you to filter out all of the "noise" and only receive information on technologies that are relevant to your environment. Q. How do I access Security Alert Manager? A. Security Alert Manager can be accessed at https://intellishield.cisco.com. Similar to Inventory Reporting, Collection, and Analysis, a username and password pair is required to access Security Alert Manager. Unlike Inventory Reporting, Collection, and Analysis, Security Alert Manager does not depend on the user s Cisco.com ID and requires a user to create username and password pair to log in the IntelliShield portal. Q. Is the connection to the IntelliShield web portal secure? A. Yes. Connection to the Security Alert Manager web portal is over HTTPS to protect the privacy and confidentiality of the reporting data. Q. What are your sources for Security Alert Manager? A. Security Alert Manager obtains alerts from public and private sources, including product vendors, government agencies, security firms, and more. Q. How quickly does Security Alert Manager publish alerts compared to other companies, like antivirus vendors? A. Cisco puts alerts out in as timely a fashion as possible. Our goal is to provide a more complete picture than any single source. Q. Why was Security Alert Manager not the first to come out with information on a threat or vulnerability? A. We cannot be first to publish every alert although we do strive to do so. We firmly believe that our content and our multiple sources, as well as our ongoing analysis, allow us to produce firstclass intelligence in a timely manner. Our multisource approach enables us to validate and verify information before we publish it as intelligence. Data Use Q. How does Cisco use customer network data? A. All customer network raw data collected by Cisco tools for service delivery will be used in the delivery of contracted services as well as for Cisco downstream services and business functions supporting Cisco customers and business. Q. Who at Cisco has access to customer network data? A. Customer network data is available to Cisco internal personnel for use in approved business functions that include but are not limited to product development, product testing, integration testing, HW replacement, and contract renewal. Q. How does Cisco control access to customer network data? A. All data use is controlled via individual user authentication with use limited to the stated business purpose. All use of customer network data for downstream services and businesses must be approved by Cisco STS and Legal. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7

Data Collection Q. Where does the data collection take place? A. All data collection is done on the customer premises by Cisco Network Collector, which is installed on a server inside the customer network. Q. How is security controlled during the collection? A. Since the collection is done inside the customer network, data security from the customer network to Cisco Network Collector is controlled by the customer. Q. Is the customer responsible for the security of the data collected by Cisco Network Collector? A. Yes, until the data reaches Cisco Network Collector, the data security is now shifted to Cisco or the partner during the storage, transmission, and processing of the data. Data Transmission Q. Is the customer data secured when transmitting data from the customer network to Cisco back end? A. Yes. Prior to transmission, customer raw data is packaged and encrypted using the AES-128 encryption algorithm. The encrypted data is also signed using PKI. This extra effort helps ensure a customer cannot view other customers data except his/her own. The encrypted and signed package is then transported via the secured HTTPS to the Cisco back end for service processing. By using HTTPS, the customer data is again encrypted before it reaches the upload server in the Cisco back-end system. Q. What is AES-128 encryption? A. The Advanced Encryption Standard (AES) is adopted as an encryption standard by the U.S. government. This encryption algorithm is fast in both software and hardware, relatively easy to implement, and requires little memory. AES has been deployed on a large scale and offers strong encryption of the data to be transmitted. Q. What is PKI? A. PKI stands for Public Key Infrastructure. It is a system for managing public-key encryption and digital certificates or signature services. By managing keys and certificates through a PKI, an organization establishes and maintains a trustworthy networking environment. A PKI enables the use of encryption and digital signature services across a wide variety of applications. Q. Why is PKI important? A. To protect the security and privacy of customer network data, a digital certificate with digital signature containing: The user's name in the format of a distinguished name. The distinguished name specifies the user's name and any additional attributes required to uniquely identify the user (for example, the distinguished name could contain the user's employee number). A public key of the user. The public key is required so that others can encrypt for the user or verify the user's digital signature. The validity period (or lifetime) of the certificate (a start date and an end date). The specific operations for which the public key is to be used (whether for encrypting data, verifying digital signatures, or both). By using PKI, Cisco provides customer the confidence that the key obtained from the certificate is valid and can be used only in the manner for which it is intended. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7

Q. Why does Cisco use HTTPS to transmit customer network data? A. HTTPS encrypts and decrypts the information between the client and server using SSL. By using SSL, the customer network data is again encrypted, thus adding more security to the data during the transmission. Data Storage Q. After collection, where is the customer network data stored? A. Cisco Network Collector performs data collection on the customer premises only. Cisco Network Collector may reside on Cisco and partner laptops and notebooks or on dedicated collector servers at the customer premises. In order to protect against inappropriate access or use of the collector technology, Cisco Network Collector and the server it runs on are protected via security mechanisms including but not limited to the following: Passwords are kept in encoded state in the db to minimize vulnerability. Cisco Network Collector services are performed via unprivileged user accounts (no read/write access to the db). Cisco Network Collector technology is access-restricted via CLI and/or web interfaces. Q. After the customer network data is transmitted to Cisco back-end system, where is it stored? A. When the customer network data reaches the Cisco back end, it is stored in an upload server. The data will be automatically purged three weeks after it is uploaded. Q. When does Inventory Collection, Reporting, and Analysis retrieve the data from the upload server? A. Inventory Reporting, Collection, and Analysis polls the upload server every minute to identify and pull over the newly collected data. Q. How secure is the upload server? A. There is strict access control to the upload server. The only persons who can log in to the upload servers are within Cisco (limited to a few user IDs who provide support from STS/IT). Servers are also monitored by Infosec/IT for inappropriate activity (since they're within Cisco DMZ) and do have firewall protection to help ensure no new ports are opened up on the server. Q. Is the customer network data on the Inventory Reporting, Collection, and Analysis server encrypted? A. Data stored on Inventory Reporting, Collection, and Analysis server is not encrypted. However, Cisco complies with stringent requirements and internal policies for data protection of all internal Cisco servers. Inventory Reporting, Collection, and Analysis will validate the signature on the encrypted data before starting the decryption. If Inventory Reporting, Collection, and Analysis detects any discrepancy with the signature, it will not decrypt the data and notify the user about the problem. The user then has an option to reupload the data or investigate the root cause of the problem. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7

Data Access Q. What is Cisco s policy to protect the security and privacy of customer network data? A. Cisco is committed to protecting the privacy and confidentiality of the customer data we store. To help ensure this the following steps are taken: The Inventory Reporting, Collection, and Analysis application that processes customer data is located behind the Cisco firewalls and on a secure switched segment of the network. The data that resides on these production machines is managed and controlled by Cisco IT. The installation process for all Cisco IT machines follows a rigorous standard of security. This includes the installation of titan scripts to harden these machines. The machines are kept in a lock-and-key facility where access is restricted to Cisco IT administrators only. These machines are distributed in numerous geographical locations. The data is backed up daily. The uploaded customer network information is uncompressed and decrypted only on Cisco production machines inside the Cisco firewalls. Additional steps are taken to help ensure the signature on the encrypted data matches with the signature maintained in Inventory Reporting, Collection, and Analysis for the entitled company. If Inventory Reporting, Collection, and Analysis detects any change or mismatch of the signature, it will not decrypt the data. Moreover, Cisco intrusion detection systems are deployed throughout the corporate network and the restricted network on which the back-end data is stored. Q. Who has access to the raw customer network data? A. The Inventory Reporting, Collection, and Analysis server automates many tasks to process customer network data. If needed, only authorized staff is allowed to access the data. Moreover, all Cisco employees are required to protect and preserve the privacy of customer network data. Reports Q. How do customers access their data reports? A. After Inventory Collection, Reporting, and Analysis processes the customer network data, users can access the Inventory Reporting, Collection, and Analysis web portal to generate reports. The web portal provides a secure interface that lets users select a variety of reports in several different format types. Reports can also be exported to CSV or PDF format. Q. Who has access to customer network data? A. To access the Inventory Reporting, Collection, and Analysis portal, a user must have been registered for the data of the entitled company whose data reports the user wishes to access. Q. Can a registered user access reports of another user s network data? A. No, each user has a profile created in Inventory Reporting, Collection, and Analysis, and the profile dictates the entitled company for which the user can gain access. Furthermore, in order to register with Inventory Reporting, Collection, and Analysis, the user must have a valid Cisco.com ID, which is mapped to the entitled company of the user. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7

Q. Is the connection to the Inventory Reporting, Collection, and Analysis web portal secure? A. Connection to the Inventory Reporting, Collection, and Analysis web portal is over HTTPS to protect the privacy and confidentiality of the reporting data. Q. Are the reports kept on the Inventory Reporting, Collection, and Analysis server? A. No, the Inventory Reporting, Collection, and Analysis reports are generated dynamically and are not kept on the Inventory Reporting, Collection, and Analysis servers. Data Management Q. How often does Cisco back up the customer network data? A. Cisco supports regular daily backups for raw customer data stored on the Inventory Reporting, Collection, and Analysis server residing inside the Cisco firewall. First, the data is backed up to a second disk. Periodically, the data on the second disk is stored on backup media and shipped to a third-party security vendor for storage in compliance with government regulatory standards. Q. Does Inventory Reporting, Collection, and Analysis back up the raw data stored on the Cisco Network Collector server? A. No. Raw customer data stored on local collection Cisco laptops/notebooks residing in the customer facility is not backed up. Q. How long does the upload server keep the uploaded customer network data? A. The data residing in the upload server will be purged after three weeks, starting from the time it was uploaded to the Cisco back-end system. A nightly job is run by Cisco IT to detect and purge data that resides in the upload servers for three weeks or longer. Q. How long does the Inventory Reporting, Collection, and Analysis server retain the processed customer network data? A. At the present time there is no policy in place to purge this data with any regularity. However, this data can be purged manually if the customer requests Cisco to delete the data. Customer data is stored on the Inventory Reporting, Collection, and Analysis server inside the Cisco firewall. Q. Is the customer network data covered under the Cisco disaster recovery policy? A. Yes. Cisco supports an enterprisewide disaster recovery plan for all data stored and managed inside the Cisco firewall. Inventory Reporting, Collection, and Analysis subscribes to Cisco disaster recovery and business continuity info/guidelines. 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7

Printed in USA C67-508149-00 11/08 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback