Security Assessment Checklist

Similar documents
Security+ SY0-501 Study Guide Table of Contents

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

CompTIA Network+ Study Guide Table of Contents

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Simple and Powerful Security for PCI DSS

Future-ready security for small and mid-size enterprises

Chapter 5. Security Components and Considerations.

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Wireless and Network Security Integration Solution Overview

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Systrome Next Gen Firewalls

Ingate SIParator /Firewall SIP Security for the Enterprise

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Training UNIFIED SECURITY. Signature based packet analysis

Cisco Network Admission Control (NAC) Solution

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Exam: : VPN/Security. Ver :

Chapter 9. Firewalls

Security with Passion. Endian UTM Virtual Appliance

Huawei Cloud Fabric Data Center Security and Application Optimization Solution

SONICWALL SECURITY HEALTH CHECK SERVICE

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Venusense UTM Introduction

HikCentral V.1.1.x for Windows Hardening Guide

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Cisco Exam Questions & Answers

Next-Generation Firewall Series Datasheet

SONICWALL SECURITY HEALTH CHECK PSO 2017

Dynamic Datacenter Security Solidex, November 2009

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Copyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer

Cyber Security Audit & Roadmap Business Process and

HikCentral V1.3 for Windows Hardening Guide

NETWORK THREATS DEMAN

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Fundamentals of Network Security v1.1 Scope and Sequence

SONICWALL SECURITY HEALTH CHECK SERVICE

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

SAS and F5 integration at F5 Networks. Updates for Version 11.6

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

WE SEE YOUR VOICE. SecureLogix We See Your Voice

Payment Card Industry (PCI) Data Security Standard

AccessEnforcer Version 4.0 Features List

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Gigabit SSL VPN Security Router

CIS Controls Measures and Metrics for Version 7

The SonicWALL SSL-VPN Series

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

COMPUTER NETWORK SECURITY

CIS Controls Measures and Metrics for Version 7

Seqrite Endpoint Security

Internet Security: Firewall

PCI DSS Compliance. White Paper Parallels Remote Application Server

Cisco Self Defending Network

Chapter 11: It s a Network. Introduction to Networking

vshield Administration Guide

ISG-600 Cloud Gateway

Cisco SR 520-T1 Secure Router

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

COPYRIGHTED MATERIAL. Contents

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Chapter 11: Networks

Parallels Remote Application Server

Firewalls for Secure Unified Communications

Watson Developer Cloud Security Overview

ASA/PIX Security Appliance

Question No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.

Synchronized Security

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

BeOn Security Cybersecurity for Critical Communications Systems

Network Security. Thierry Sans

CTS2134 Introduction to Networking. Module 08: Network Security

Cyber Criminal Methods & Prevention Techniques. By

Networks with Cisco NAC Appliance primarily benefit from:

Data Center Network Infrastructure

CISNTWK-440. Chapter 5 Network Defenses

Medium / Large Enterprises Next-Generation UTM NU-850C

Angelo Gentili Head of Business Development, EMEA Region, PartnerNET

Syllabus: The syllabus is broadly structured as follows:

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Medium / Large Enterprises Next-Generation UTM NU-850C

Google Cloud Platform: Customer Responsibility Matrix. December 2018

SECURITY PRACTICES OVERVIEW

Evaluation criteria for Next-Generation Firewalls

CompTIA Security+ (Exam SY0-401)

CSE 565 Computer Security Fall 2018

"Charting the Course... MOC A Planning, Deploying and Managing Microsoft Forefront TMG Course Summary

Cyberoam. Unified Threat Management. Comprehensive Network Security

CSA for Mobile Client Security

UTM. (Unified Threat Manager) Support for signatures from Snort VRT and Emerging Threat.

Transcription:

Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment Checklist can help you quickly assess whether your current security framework is providing the necessary protection across your data center, network infrastructure, unified communications, data, applications and cloud services. For a detailed assessment of how your security stacks up, use the 10-point security checklist below, each security category to determine if these devices, software, services or capabilities exist in your environment and mark your answer. Once you complete the self-assessment checklist, contact your Westcon representative or reseller partner to explore solutions for your security concerns. Customer Information Company Name: Contact: Phone Number: Email: security.westcon

security.westcon Page 2 of 10

1 Perimeter Security Firewall Permits traffic based on acceptable use policy Performs NAT for inside network Reacts to Denial of Service attacks Can be deployed as a Virtual Appliance Unified Communications SIP Enabled Firewall Provides session border control functionality for terminating SIP trunks Provides protection against tolll fraud, intrusion, unauthorized access and eavesdropping Provides demarcation and control at the enterprise edge Provides threat protection for SIP/VoIP Provides Network, User, Device, Media, Application, Routing, SIP Signaling, Device and ToD-based policy control Isolates attacks and compromised devices Business Continuity - Firewall High Availability VRRP (Virtual Router Redundancy Protocol mirroring) Allowance for firewall groupingg (SRC/DST/Protocol) HA Failover Support for Multivendor FWs FW Load Balancing VPN Concentrator Creates IPSEC-based tunnels Tunnels established over multiple links &/or Gateways HA of VPN tunnels Uses 3DES / AES encryption User Policy-Authentication SSL Gateway Combined IPSec and SSL VPN solution FIPS 140-1 Level 3 compliant End-to-End encryption Application-layer proxy features for SSL Extranet deployments allow secure remote access to enterprise applications without installing software clients Connect mobile employees using a non-enterprise device, such as public PC in an Internet café or airport kiosk User Policy-Authentication Page 3 of 10

1 Perimeter Security Cont Wireless/Mobilee Infrastructure Wireless Firewall Allows Wireless LAN Infrastructure Virtualization Wireless Threat Detection Rogue Access Point Detection Encryption User Policy-Authentication Public Access Management Secure Roaming Endpoint Security - User Policy-Management Policy Based Remote Access Controls Device Control/Policy Enforcement- (provides visibility into and continuous enforcement of security configurations and patches) Encryption (disk & data) Endpoint Defense(protects against viruses, worms, Trojans, spyware, bots, zero-day threats and root kits) Compliance (ability to create & enforce minimum security requirements for all remotely connected PCs and other devices) Authentication - Token Servers/Tokens Authentication & Federation Services (contains authorization information for a user or group to control access to securable objects and to control the ability of a user to perform various system-related operations on a local computer) Administration and Authentication of User Access to Web-based Applications & Services Certificate-Based Authenticators (ensuring that a user is who he claims to be) Provides Compliance (with security regulations including HIPAA, HSPD- 12, SOX, GLBA, FFIEC, Basel II, PCI and HITECH) TACACS+ / RADIUS Servers Strong Authentication Services (using industry standard protocols and user databases) Page 4 of 10

2 Physical Security IP Video Surveillance Multi Level Security (including restriction of setup, management, live and recorded viewing, PTZ control & operation, motion detection, access to layouts, facility maps, and rules) View Live and Recorded Video from Anywhere on the Internet, Network or Using a Smart Phone or Tablet Integrates with Existing Network Security & User Authentication Systems Access Control Door Access Control Systems/Keypads (thatt integrate with existing network security & user authentication systems) 3 Network Core Security Secure Routing, Switching and WAN Provides Layer 2, Layer 3, and Layer 4 (TCP/UDP) service protection Provides protection features against rogue services, including ICMP requests, DHCP snooping, ARP inspection, and IP source protection to prevent IP and MAC layer spoofing, as well as validating DHCP services Provides security features thatt protect the network infrastructure from being attacked by malicious or accidental users Encrypts Network Traffic Logs System Information Port Based Authentication Network Device Change Management Intrusion Detection/Preventionn Segments Networks Into Security Zones Isolates Attacks and Compromised Devices Can be Deployed as a Virtual Appliance Multi-Homing Stops inbound ICMP requests Prevents IP Spoofing Logs system information Highly available links with transparent failover Optimal content routing (policy/proximity) Secure Wirelesss Switching Rogue access point detection Public access management Port based authentication Page 5 of 10

3 Network Core Security Cont Business Continuity Load balancing Multi-homing Service Assurance (QoS) Can be Deployed as a Virtual Appliance Traffic Management Provides network and protocol-level security and filters application attacks Flow Management of specific traffic to specific antivirus/filtering device Content Filtering farm bypass for traffic thatt does not require inspection Can be Deployed as a Virtual Appliance 4 Server Security Virtualization Protects virtualized servers/hypervisors (VMware, etc..) Server Security can be deployed as a Virtual Appliance Protects Virtualized Unified Communications servers Protects Virtualized SAN Servers Protects Virtualized File Servers Protects Virtualized Web Servers (SOA/Web Services) Protects Virtualized Application Servers Protects Virtualized Database Servers Protects VDI Servers Provides Compliance for Virtualized Servers Provides Disaster Recovery for Virtualized Servers Dataa Integrity Change Management Malicious Code Detection Encryption User Policy-Authentication Malicious Code -Virus Monitoring Monitors for Malicious codes, viruses and SPAM Provides real time protection and alerts Stops viruses at the SMTP, HTTP, and FTP server gateway Page 6 of 10

4 Server Security Cont.. Antivirus & Filtering Traffic Management Antivirus & Filtering Farm Aggregation Multivendor AV/Filtering Support HA and transparent failover of AV/Filtering Solution Flow Management of specific traffic to specific antivirus/filtering device High Availability Load balancing Clustering Virtual Machine Migration Intrusion Detection/Protection Systems Provides real time intrusion detection/protection and alerts Analyzes both inbound and outbound network traffic Watches for unusual activity on Web server Monitors access to Operating System Works on signature matches and anomalies Has scheduled database updates Check what has changed (files, system, etc..) Server Management Accesss -Authentication Two-Factor Authentication Multi-level Administrator Policy Management 5 SAN Security Storage Network/FCoE Security Physical Device Security - theftt of disk drives, loss of backup tapes during transport, and security breaches from inside firewalls Data at Rest/Storage Media Encryption FCoE Data in Movement Encryption Administrative Controls and Policies Fibre Channel Device Access TCP/ /IP Vulnerabilities Management Access Controls Page 7 of 10

6 Endpoint Security Intrusion Detection/Protection Systems Provides real time intrusion detection/protection and alerts Can be deployed for desktop and all remotely connected PCs and other devices Analyzes both inbound and outbound network traffic Watches for unusual activity on Web server Monitors access to Operating System Works on signature matches and anomalies Provides scheduled database updates Check what has changed (files, system, etc..) Secure Client Access Management (Allows network administrators to manage access based on the configuration of remote end points) Provides AV updates to Host endpoints Device Control/Policy Enforcement/DLP - Provides Data & Leakage Control (port control, visibility into and continuous enforcement of security configurations and patches) Encryption (disk & data) Endpoint Defense/ /protects against viruses, worms, Trojans, spyware, bots, zero-day threats and root kits Compliance ability to create & enforce minimum security requirements for all remotely connected PCs and other devices Provides Real Time Protection and Alerts Stops viruses at the SMTP, HTTP, and FTP server gateway Works on Mobile Devices Malicious Code Anti Spam Monitors for SPAM Provides real time protection and alerts Stops SPAM at the server gateway User Policy-Authentication Two-Factor Authentication User Policy Management Security Policy Compliance Define and disseminate corporate security policies Ensure compliance with privacy and security regulations Test employee understanding of security policies Audit employee acceptance of security policies Visual Policy Editor Tool to develop and distribute security policy Page 8 of 10

7 Application/Web 2.0 Security Applications - High Availability Aggregation of IDS/IPS destined traffic to IDS Farm Multivendor IDS Support HA and transparent failover of IDS Flow Management of specific traffic to specific IDS IDS Bypass for traffic that does not require inspection Inspection of SSL traffic Application Firewall / Inspection of Web 2.0 Traffic Web Applications/ /Content- Fine-Grained Policy Management and Enforcement Capabilities 8 Data Security Dataa Protection At-Rest/In-Motion Server Disk Encryption Server Data/File Encryption - can be integrated at the database, application, drive, folder, or file level Endpoint Disk Encryption Endpoint Data/File Encryption Endpoint Port Control Data-in-Motion Security Backup/Duplication/Disaster Recovery Site Access/Authentication/Security Tokens/PKI/ /Key Management Logging, Auditing, and Reporting Policy Management 9 Messaging Security Messaging Security Provides Acceptable Use Policy Monitors E-mail and Communications Activities Antivirus/SPAM/Phishing/Malware Policy & Control Identity Policy & Control Password Policy & Control Encryption policy & Control Remote Access Policy & Control Provides Content Management & Control Provides Encryption Data & Leakage Control (DLP) Page 9 of 10

10 VoIP/SIP Security Communications Security Voice, Unified Communications Firewall and Intrusion Prevention System (IPS supports and unifies TDM and VoIP security) Protects Communications Resources from Telephony-based Attack, Fraud and Abuse Provides Session Border Control (SBC) Functionality for Terminating SIP Trunks Logs, Monitors, and Controls all Inbound/Outbound Voice Network Activity Prevents Abusive or Malicious Use of Voice Resources by Internal or External Callers Extends Data Leakage Protection (DLP) to Voice Lines and Communications Integrates with Softphones, Wi-Fi and Dual Mode Phones, e-mail, Voice, Video, Instant Messaging and Presence Provides Encryption The Ability to Apply Security Policies on UC Traffic Notes: Westcon Group and Westcon are registered trademarks and trademarks of Westcon Group, Inc. Copyright 2011 Westcon Group, Inc. All Rights Reserved. DocRef: 071 /Sep11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback