The Service Oriented Approach How the physical infrastructure can impact service delivery and security?

Similar documents
This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Designing Wireless (WiFi) Networks for Buildings. Ronald van Kleunen CEO Globeron Pte Ltd / Globeron Security

Welcome. BICSI And BICSI Standards, An Overview. Presented by: Greg Sherry RCDD/NTS/WD BICSI European Region Director

CompTIA Network+ Study Guide Table of Contents

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

User-to-Data-Center Access Control Using TrustSec Design Guide

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

How difficult can it be to install a Wi-Fi network for a large enterprise? 18th of April pm 5.00pm Dubai, United Arab Emirates (UAE)

Essential Elements of Medical Networks. D. J. McMahon rev cewood

Compliance. Peter Oosthuizen Partner Service Team Leader

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Ingram Micro Cyber Security Portfolio

Defining Networks with the OSI Model. Module 2

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Hands-On Triple Play / IPTV for TeleCommunications

Assignment - 1 Chap. 1 Wired LAN s

INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Network Security. Thierry Sans

Fieldbus Foundation India Marketing Committee. Fieldbus Foundation End Users Council Conference Wireless LANs in Industrial Environments

REMOTE IT MANAGEMENT SOLUTIONS: MANAGE REMOTE OFFICES WITHOUT LEAVING YOURS

PRACTICAL ROUTERS and SWITCHES for ENGINEERS and TECHNICIANS

Network Review TEJ4M. SBrace

Secure Network Design Document

OSI Model. Teran Subasinghe MBCS, Bsc.(Hons) in Computer Science - University of Greenwich, UK

Mainframe Networking 101 Share Session 15422

Mainframe Networking 101 Share Session. Junie Sanders Kevin Manweiler -

Application of Cryptographic Systems. Securing Networks. Chapter 3 Part 4 of 4 CA M S Mehta, FCA

Gigabit SSL VPN Security Router

Configuring Wireless Distribution System (WDS) on the WAP131 and WAP351

ITEC 3800 Data Communication and Network. Introducing Networks

CompTIA Security+ E2C (2011 Edition) Exam.

Networking Technologies

The Bank of Zambia Experience

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

1. Which OSI layers offers reliable, connection-oriented data communication services?

Certified Ethical Hacker (CEH)

Meeting 39. Guest Speaker Dr. Williams CEH Networking

NETWORK SECURITY ITEC 435

ก ก Information Technology II

Data Communication and Network. Introducing Networks

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Our Roots. Member of HOLCOM Group 200+ companies in 35 countries 5,700+ professionals Operating since 1967 HOLCOM. Midis Group

Internet Security: Firewall

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

Hands-On TCP/IP Networking

Copyleft 2005, Binnur Kurt. Objectives

PCI DSS Compliance. White Paper Parallels Remote Application Server

Web Cash Fraud Prevention Best Practices

7.16 INFORMATION TECHNOLOGY SECURITY

Hands-On Ethical Hacking and Network Defense

Instructor PIERRE A. COLOMBEL II, M.S, CISSP-ISSAP, CEH, CIH, CHFI, LPT, PMP, MCT, Network+ & 30 more

Cisco CCNA (ICND1, ICND2) Bootcamp

Chapter 2. Communicating Over The Network. CCNA1-1 Chapter 2

Education Network Security

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Chapter 4 The Internet

CEH: CERTIFIED ETHICAL HACKER v9

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

IoT and Intelligent Building Challenges in ICT

The Pursuit of ISO/IEC 27001:2005 Certification. Joan Ross, CISSP, NSA IEM Moss Adams LLP

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

NETWORK THREATS DEMAN

GCIH. GIAC Certified Incident Handler.

MikroTik Certified Network Associate (MTCRE) Training/Exam

Course overview. CompTIA Network+ Certification (Exam N10-007) Study Guide (G525eng v038)

5105: BHARATHIDASAN ENGINEERING COLLEGE NATTARMPALLI UNIT I FUNDAMENTALS AND LINK LAYER PART A

Best Practices Guide to Electronic Banking

Systems and Principles Unit Syllabus

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

Retail Stores & Restaurant Chains

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Chapter 2 Communicating Over the Network

Massimo Nardone, TKK, S Security of Communication Protocols

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

Overview of TCP/IP Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers.

Sample question paper. Duration: 75 minutes. Candidate s name: Candidate s enrolment number: Centre name: Centre number: Date:

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

itsmf Hong Kong Chapter Annual Conference 2008 The new Era of ITSM Keith Aldis Chief Executive & Company Secretary itsmf International

The ACK and NACK of Programming

MTA_98-366_Vindicator930

QUESTION BANK EVEN SEMESTER

TECHNICAL INTRODUCTION...2 BRIEF TECHNICAL INTRODUCTION...2 SUPPORTED PROTOCOLS...2 High-Level Protocols...2 Low-Level Protocols...2 REQUIREMENTS...

Securing Access to Network Devices

Lecture 3 Protocol Stacks and Layering

Recognised competency courses by the industry leader

Chapter 2 Networking Standards and the OSI Model

Typical Network Uses

Chapter 4: Networking and the Internet

Information Technology General Control Review

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Standards-based Labelling: The Key to Effective Network Cabling Plan. Lin Huanyu Market Development, Regional Manager Brother International Singapore

QCF Level 3: BTEC Specialist Credit value: 10 Guided learning hours: 60. Aim and purpose. Unit introduction

Maximising Energy Efficiency and Validating Decisions with Romonet s Analytics Platform. About Global Switch. Global Switch Sydney East

Read addressing table and network map

Preview Test: cis191_chap1_quiz

SYSTEMS ADMINISTRATION USING CISCO (315)

Transcription:

The Service Oriented Approach How the physical infrastructure can impact service delivery and security? 6 th BICSI South East Asia Conference 2008, Singapore Guest Speaker: Ronald van Kleunen CEO / Managing Director Globeron Pte Ltd / Globeron Security Certified: CISSP, Wireless#, CWNA, CWSP, CWNT IRCA ISO/IEC 20000 ITSMS, ITILv2 and ITILv3 IRCA ISO/IEC 27001 ISMS CSOEP (DataCentre, Infrastructure, Process Security, Management) Copyright Globeron 2008 Page - 1 Agenda The Service Oriented Approach How the physical infrastructure can impact service delivery and security? Find out best practices in driving data centre design from service perspective Session ROI Return of Investment: Examples of good and bad data center design Tips on planning data centre physical infrastructure to ensure security, business continuity and effective management How to plan for sustainable growth Copyright Globeron 2008 Page - 2 Printed: 2008 Page - 1

Our relationship with Bicsi Bicsi recognition (worldwide) Bicsi recognises the CSOEP 5-day bootcamp (Certified Service Oriented Enterprise Professional) for CEC (Continuing Education Credits) RCDD NTS OSP WD Installer/ Technician RES Certified Trainer 35 35 35 35 Page - 3 CEO Accountability Accountable for & comply to: - Business & IT Governance & regulations - Telecommunications Act - Computer Misuse Act - International Standards - Wireless Service Availability (and Reliability) 99.999% - Wireless Service Performance - Wireless Service Security - Wireless Service Integration - Wireless Service Management & Processes Copyright Globeron 2008 Page - 4 Printed: 2008 Page - 2

IT is integrated in every Sector to support the Business Industries: IT & Telecommunications Manufacturing Financial / Banking / Legal Energy Transport & Logistics Government Bio / Hospitality / Healthcare Education Media Copyright Globeron 2008 Page - 5 Globeron s Service Oriented Enterprise (Certified Service Oriented Enterprise Professional) YOUR Organization Serving YOUR Customers (Internal and External) Business Processes and Procedures Service Delivery / Service Support Service Management Managed IT Infrastructure Services, Serving the IT Organization, High Available, Reliable Applications, Servers, Network, Storage Managed Data Center Environmentsi Serving the IT Organization,High Available, Reliable, Facilities, Power,Batteries, Generator, Aircon., Temperature, Cabling Service Security Page - 6 Printed: 2008 Page - 3

CEO / Customer Service needs Top Down Requirements Planning Organization and Requirements Applications Business Driven Services to a Service Oriented Enterprise (SOE) Heterogeneous Server and Storage Infrastructure Network + Telecom Infrastructure Data Centre Infrastructure Page - 7 Bottom Up IT Services / DataCenter Design Implementation/Migration and Management Organization and Requirements Applications Builders Driven Services to a Service Oriented Enterprise (SOE) Heterogeneous Server and Storage Infrastructure Network + Telecom Infrastructure Data Centre Infrastructure Page - 8 Printed: 2008 Page - 4

Typical IT Service Line Conceptual Connectivity Overview 3D View Mapping to the DataCenter MainFrame Webservers Database / Servers Firewall External Router Switch Switch Switch Firewall Firewall Applications Servers Office / Branch Page - 9 IT Service Line Segmentation Service Oriented Network Tier 1 Tier 2 Tier 3 Note: Services are separated and can be Secured separately. Services are managed by Service Managers SERVICE 1 SERVICE 2 SERVICE 3 Access Network Distribution Network Core Network Management Network (sometimes separated Security Management Network) Storage Network (Sometimes called: Back Up Network) Page - 10 Printed: 2008 Page - 5

Examples of IT Service lines Financial / Bank Online Internet Banking Service Trade Financial Service Electronic Bill Payment Services Telecommunication Online Payment Service SMS Service Online Voice Over IP Service Content Providers Online Gaming Service Page - 11 Example of a DataCenter Courtesy of Cari.net http://www.cari.net/carinet datacenters.html Page - 12 Printed: 2008 Page - 6

Data Center Service Grouping Rack Planning and Assignment Racks for Telco Equipment MDF, PABX Network Equipment Racks for Services, Scalability, etc. Page - 13 Data Center Rack Planning and Security? Rack Planning Patch Panel Planning Top or Bottom Rack! Power Supply Planning Cable Routing (Patch) inside Rack Outside Rack Depends on Cabling Page - 14 Printed: 2008 Page - 7

But how to ensure Security in a shared infrastructure? Shared access to Service Lines via the cable or wirelessly DataCentre cabling is pre-cabled by the installer without knowing the business needs (and IT Service Line needs). how to do the Security Architecture for the Service Oriented Solution House? 3-Tier Security Architecture compliance Access Layer Distribution Layer Core Layer What if the centralised switch is used? Does the DataCentre meet the Security needs of the business? Page - 15 IT Service Line flow end-to-end e.g. http://security.globeron.com Layer 7 Application Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 Physical Layer 3 Network Layer 2 Data Link Layer 1 Physical Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 Physical Network Webservers Page - 16 Printed: 2008 Page - 8

Service Line Security (all layers) ty Ser rvice Line Securi Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 Physical All application communication, E mail (SMTP, POP), Telnet, FTP, Web Services, HTTP, HTML, etc. Authentication mechanism > Userids, Passwords and other application information, authentication (application sniffers MSN, Spyware, Virus, etc.) Formats + Encryption to avoid compatibility errors on network layer > Authentication mechanisms Establishes, Manages, Terminates connection setups. > hijacking session, DoS connection setups, buffer overflow Flow Control of the session (Sliding Window Techniques, etc.) > packet injection, Denial Of Services DoS Network Protocols, IPv4, IPv6, Netbios, AppleTalk), Routers, L3 Switches, TCP/UDP, ICMP (Ping) > SYN, ACKs, NACKs, IP addresses, packet headers Ethernet, Token Ring, Hubs, (Wireless) Bridges, L2 Switches > Sniffing: MAC address, VLANs, VTP, STP, CDP, (R)ARP Cabling, Fiber, Coax, Wireless, Telephone lines, etc. > Eavesdropping Page - 17 IT Service & DataCentre Management Web Servers Applications Servers External Router Firewall Switch Firewall Switch Firewall Switch MainFrame Database / Servers Office / Branch Internal Users Media / Cabling Network System Storage Application Security Network + Security Device + System + Storage + Application (EXTERNAL) Monitoring Service (INTERNAL) Oriented Performance Infrastructure Monitoring (SOI) in the DataCenter - Copyright Globeron 2003- End User Experience Performance Monitoring 2006 Page - 18 Printed: 2008 Page - 9

Service needs in line with international standards (e.g. ISO/IEC 20000, ISO/IEC 27001, ITILv2, ITILv3) - Service Availability - Service Performance & Capacity - Service (Business) Continuity - Service Level Management & Reporting - Service Financial Management - Service & Security Incident Management - Service Problem Management - Service Change Management - Service Release Management - Service Configuration Management Page - 19 ISO/IEC 20000 ITSM Service Management Processes and Security Relationships to all other processes Page - 20 Printed: 2008 Page - 10

Security as part of the Security Framework ISO/IEC 27001- Structure Scope 11 Management Domains, 39 Objectives, 133 Controls Security Policy; Organization of information security; Asset management; Human resources security; Physical and environmental security; Communications and operations management; Access control; Information systems acquisition, development and maintenance; Information security incident management; Business Continuity Management; Compliance. Page - 21 How can Bicsi help your organisation? 12-16 January 2009 CSOEP 5-Day Bootcamp Bicsi recognises the CSOEP 5-day bootcamp (Certified Service Oriented Enterprise Professional) for CEC (Continuing Education Credits) RCDD NTS OSP WD Installer/ RES Certified Technician Trainer 35 35 35 35 Page - 22 Printed: 2008 Page - 11

Contact Details ronald@globeron.com Copyright Globeron 2008 Page - 23 Printed: 2008 Page - 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback