Secure Computing Network

Slides:

Advertisements

Similar presentations

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.

Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

SL21 Information Security Board Mission, Goals and Guiding Principles.

A Secure Network for All Team Excel. Requirements Business Add visitor, customer, and competitor access Use non-company laptops onto corporate network.

Separate Domains of IT Infrastructure

The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Security Controls – What Works

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

Information Security in Real Business

CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Stephen S. Yau CSE , Fall Security Strategies.

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

Payment Card Industry (PCI) Data Security Standard

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Wireless Solution Training for the (Enterprise) Carpeted Office February 2004 Tina Herrera

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

© 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Ville Norpo Hewlett-Packard Oy

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Website Hardening HUIT IT Security | Sep

Clinic Security and Policy Enforcement in Windows Server 2008.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

CTS Wireless Service Quarterly Customer Meeting April 23, 2015.

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

70-411: Administering Windows Server 2012

Implementing Network Access Protection

Chapter 6 of the Executive Guide manual Technology.

Module 8: Configuring Network Access Protection

U of Maryland, Baltimore County Risk Analysis of Critical Process –Financial Aid Adapted STAR model –Focus on process and information flow –Reduced analysis.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Campus Network Development Network Architecture, Universal Access & Security.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Configuring Network Access Protection

INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.

Information Security tools for records managers Frank Rankin.

So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.

Implementing Network Access Protection

Contact Center Security Strategies

In the attack index…what number is your Company?

Presentation transcript:

Secure Computing Network Glenn Allison Michael Ehrenhofer Dan Hoadley Joe Mathew Bryan Tabiadon Raj Varma Secure Computing Network Team Excel

Key Objective Goal Strategy Tactics Create a secure computing platform which enhances collaboration across the enterprise Strategy Provide wired and wireless network connectivity which is secure and easy to use Tactics People – security awareness training Process – on-boarding, troubleshooting, escalation Technology – NAC, VPN, LDAP, WPA

Business Requirements Add visitor, customer, and competitor access Use non-company laptops on corporate network for internet and internal application use Visitor access to internet, VPN Wireless access Security Protect corporate Intellectual Property Principle of least privilege Patch and anti-virus required Wireless access to internal network prohibited

Technology Considerations Pro Con Electronic badge Limits access to buildings and certain rooms Auditing is available Once in a building, access is open to most areas Physical access to network available in empty offices, etc LDAP login Limits access to domain Occurs after network access is granted DHCP address granted to anyone Active Directory groups Allows or restricts access to specific applications Easy to maintain Auditing available Can be easy to get added to a group Separate networks Limits access to subnet and specific IP’s and ports May require additional authentication Requires additional infrastructure Firewall rules can be complex Network Access Control Prevents access to network without authentication Policy-based access can limit access anywhere at a site Cost Complex support Blocking valid users Encryption Prevents reading data even if disclosed Requires infrastructure Support issues

Solution Overview Physical security Active Directory Login (LDAP) Limit access via Electronic badge to single building Active Directory Login (LDAP) Required for Employee’s, Contractors, Customers Not Required for Visitor access Network Access Control Implement at site level to prevent wandering Use RADIUS authentication to integrate with Active Directory Separate VLANs

Solution (cont.) Active Directory Groups Create Site Contractor groups Create Site Customer groups Use with NAC to limit access to network Use with Applications to limit access Separate Visitors network for internet access Separate wireless physical infrastructure Eliminate network cables in conference rooms Employee’s VPN into Corporate network No login required

Solution (cont.) E-Mail Encryption Policy Procedures PKI certificates to support S/MIME Encrypted 3DES e-mail for secure internal communications and external communications when required Policy Documented and updated twice annually Initial training required and annual refresher Procedures Requires well documented troubleshooting steps Help desk escalation On and off-boarding must be accurate

High Level Architecture Application Laptop (WiFi) AD/LDAP Wireless LAN Radius NAC LAN PC Printer

Cost Analysis capital Existing staff will be leveraged to support solution, so solution will have no additional impact to administrative budget. Annual maintenance is forecasted to be 15% of equipment capital, forecasted to be approximately $175K/yr. NOTE: Solution is based on a single campus location with 1,692 employees. Based on $1.17M capital spend, and recurring cost of $175K per year, the average total cost per employee is $691/person (capital) and $103/person (expense).

Risks Risks Mitigation Additional cost for infrastructure required Complex environment supported by different groups Never completely eliminated Mitigation Implementation will require additional training Documentation, troubleshooting steps, escalation Senior level awareness Keep security top-of-mind awareness

Feasibility People Process Technology Awareness training requirement Change management Process Integration with existing process Regular audits to validate compliance Technology Industry standard Minimal customization

Compliance Key Driver is PCI Compliance, and ongoing SOX compliance Monitoring Compliance Internal audits External audits Change Control All changes to infrastructure reviewed and measured with formal change control

Considerations Solution can be adjusted for different level of risk industries Confidentiality Integrity Availability Authenticity

Questions?