...Enterprise Security Network Access Control: User and Device Authentication August 2005 Intel IT is piloting new security methods to provide network access control by authenticating devices as well as users. Since networking has evolved to support both wired and wireless access, securing corporate networks from attack has become ever more essential. Therefore, to effectively enforce network access control policies in a proactive manner, we are developing a method to authenticate users and devices before they connect to the network. Network Access Control at Intel • Over 90,000 employees worldwide • 80 percent of knowledge workers are mobile and unwired • Over 50,000 remote access users Background As a global corporation, Intel IT supports more than 90,000 employees and contractors all over the world, and 80 percent of our knowledge workers are mobile and unwired. Network access depends more and more upon wireless LANs and WANs, as well as virtual private network (VPN) remote access. All of these technologies have the potential to open our network perimeter to threats. When we considered the threat of viruses and worms, it was evident that we needed additional controls to secure the enterprise network and its information assets from unauthorized devices and unauthorized people. Figure 1 shows how we could authenticate devices and users as part of the authentication pyramid. Figure 1. Authentication pyramid Info Use Auditing Access Control User Device Authentification...
Words: 1319 - Pages: 6
...Why Cisco for Security At-A-Glance Why Cisco for Security Security is more critical to your network than ever before. As threats and risks persist, security is necessary for providing business continuity, protecting valuable information, maintaining brand reputation, and adopting new technology. A secure network enables your employees to embrace mobility and securely connect to the right information. It allows your customers and partners to more easily conduct business with you. No organization understands network security like Cisco does. Cisco’s market leadership, superior threat protection and prevention, innovative products, and longevity make us the right vendor for your security needs. Cisco Security: Investment • $100 million spent on dynamic research and development • Unmatched network and security expertise with more than 350 CISSPs and more than 1400 CCIEs • Cisco Security Intelligence Operations (SIO) Threat Operations team of 500 analysts across the globe • Industry-recognized Technical Assistance Center (TAC) providing 24x7, world-class security support throughout the globe • More than 20 top-tier global security data centers providing security services • Security provider for the largest banks , ISPs, governments, and military organizations in the world • Guaranteed Cisco IPS coverage for enhanced peace of mind • Validated security industry designs and architectures, including PCI, SAFE, Data Center, and Unified Communications Cisco Security:...
Words: 766 - Pages: 4
...Layered Security in Plant Control Environments Ken Miller Senior Consultant Ensuren Corporation KEYWORDS Plant Controls, Layered Security, Access Control, Computing Environment, Examination, Detection, Prevention, Encryption, Compartmentalization ABSTRACT Process control vendors are migrating their plant control technologies to more open network and operating environments such as Unix, Linux, Windows, Ethernet, and the Internet Protocol. Migrating plant controls to open network and operating environments exposes all layers of the computing environment to unauthorized access. Layered security can be used to enhance the level of security for any computing environment. Layered security incorporates multiple security technologies in each computing layer to provide resistance to unauthorized intrusion, while reducing the risk of failure from a single technology. Layered security requires acceptance of a model, development of an access control plan, compartmentalization of the network, and implementation of core security products that address examination, detection, prevention, and encryption. Layered security is considered a “best practice” in any computing environment, and should be widely used in critical control environments. INTRODUCTION Plant control environments have traditionally been built on proprietary technology. This proprietary technology provided a reasonable level of security from unauthorized access due to its “closed” nature, and lack of connection...
Words: 2711 - Pages: 11
...resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals; issues relative to having multi-site facilities; and employee accountability for protecting the company assets and network operations. Introduction XYZ Energy, a nuclear-powered generating company, has various locations throughout the United States. With 50 fully operational plants, only two locations serve as backup cold facility sites. The...
Words: 1790 - Pages: 8
...track inventory, make sure all financial transactions are safe in both the store and online location, and to make sure the website is PCI compliant so the customers will not put the consumer’s identity in danger of theft. In an effort to make the necessary changes, team A has reviewed the physical security section, access control section, the network security section of the security policy, and the security of information systems. Physical Security Physical Security viewpoints remain concerned with measures designed to deny or provide access to individuals from a physical access point for Underground HipHop.com. This can stand as simple as a locked door or as complex as a biometric entrance into the facility. Additional steps will have signs posted clearly defining rules and regulations simplified of the company’s physical security policy, without providing specific information about the security division for the company stands located within the building. The company will make sure that there is not a point of failure to compromise the security of Underground HipHop.com. The goal of physical security is to ward off potential security risks of an intruder gaining access to the facility. Physical properties can stand restricted within a...
Words: 1687 - Pages: 7
...insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to the desk for wired clients * Inline power requirements for all IP phone users in the branch office * Security, and manageability considerations ...
Words: 726 - Pages: 3
...VPN access control model for a large scale company. * This policy will support remote access control for systems, applications, and data access. Remote access Defined Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings. The following diagram shows the VPN server that provides remote access VPN connections. Domain/Network Config: For each employee that is allowed VPN access: * The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy. * The user account is added to the VPN_Users group in Active Directory. To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS): * Policy name: Remote Access VPN Clients * Conditions: * NAS Port Type is set to Virtual (VPN) * Windows Groups is set to VPN_Users * Calling Station ID is set to 207.209.68.1 * Permission is set to Grant access. NPS policy settings: * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2 Access control model/ policy: This model would support Role based access controls and allow mandatory access control to be...
Words: 339 - Pages: 2
...Leonardo Journal of Sciences ISSN 1583-0233 Issue 13, July-December 2008 p. 7-21 Network Security: Policies and Guidelines for Effective Network Management Jonathan Gana KOLO, Umar Suleiman DAUDA Department of Electrical and Computer Engineering, Federal University of Technology, Minna, Nigeria. jgkolo@gmail.com, usdauda@gmail.com Abstract Network security and management in Information and Communication Technology (ICT) is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password. This...
Words: 3892 - Pages: 16
...SSCP Study Notes 1. Access Controls 2. Administration 3. Audit and Monitoring 4. Risk, Response, and Recovery 5. Cryptography 6. Data Communications 7. Malicious Code Modified version of original study guide by Vijayanand Banahatti (SSCP) Table of Content 1.0 ACCESS CONTROLS…………………………………………………………...... 03 2.0 ADMINISTRATION ……………………………………………………………... 07 3.0 AUDIT AND MONITORING…………………………………………………...... 13 4.0 RISK, RESPONSE, AND RECOVERY………………………………………....... 18 5.0 CRYPTOGRAPHY……………………………………………………………....... 21 6.0 DATA COMMUNICATIONS…………………………………………………...... 25 7.0 MALICIOUS CODE……………………………………………………………..... 31 REFERENCES………………………………………………………………………........ 33 1.0 ACCESS CONTROLS Access control objects: Any objects that need controlled access can be considered an access control object. Access control subjects: Any users, programs, and processes that request permission to objects are access control subjects. It is these access control subjects that must be identified, authenticated and authorized. Access control systems: Interface between access control objects and access control subjects. 1.1 Identification, Authentication, Authorization, Accounting 1.1.1 Identification and Authentication Techniques Identification works with authentication, and is defined as a process through which the identity of an object is ascertained. Identification takes place by using some form of authentication. Authentication Types Example Something you know...
Words: 17808 - Pages: 72
...Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance gone bad | Acceptable use Policy | Fire destroys primary data center | Disaster Recovery Policy | Communication circuit outages | Asset management Policy | Workstation OS has a known software vulnerability | Threat Assessment & Management Policy | Unauthorized access to...
Words: 1625 - Pages: 7
...the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities that exist in practically all computer systems and in the current security policies and controls that guard them. This ESP will focus on four (4)...
Words: 2085 - Pages: 9
...Software firewall: Firewall software has programs which are designed to monitor the data and also control the flow of traffic between the PC’s and the network. They are used to prevent unapproved access to PC’s or networks. The programs in firewall can allow, control access, encrypt, or substitute computer traffic based on settings. Advantages and disadvantages of software firewall: The advantage of firewall software is that it runs directly on the computer where it can also know about the network traffic along with what port it is using and where it is going. Firewall keeps in track about the programs that are trying to access internet and it identifies whether it is authorized or malicious. Depending on whether the access is authorized or not, it will allow sending and receiving data. If at all the firewall is not sure about the nature of the program then the user is urged to provide confirmation before the traffic is allowed to access (Pacchiano, 2011). The disadvantage of software firewall is that it only protects the machine where it is installed in. To protect multiple machine via firewalls you need to purchase multiple licensed copies and install and configure them individually in each system, which is expensive and difficult to manage (Pacchiano, 2011). Reference: Pacchiano, R. (June 09, 2011). Firewall Debate: Hardware vs. Software. Retrieved from http://www.smallbusinesscomputing.com/webmaster/article.php/3103431/Firewall-Debate-Hardware-vs-Software.htm Retrieved...
Words: 491 - Pages: 2
...identify the relations between company assets, threats and vulnerabilities that may lead to the loss of confidentiality, integrity, availability, authenticity, or accountability. The output of the risk assessment will determine the actions for managing security risks and for implementing the appropriate controls needed to protect the company assets. The risk assessment process consists of the following tasks: • “Identify business needs and changes to requirements that may affect overall IT and security direction. • Review adequacy of existing security policies, standards, guidelines and procedures. • Analyze assets, threats and vulnerabilities, including their impacts and likelihood (See sheet # 1) • Assess physical protection applied to computing equipment and other network components. • Conduct technical and procedural review and analysis of the network architecture, protocols and components to ensure that they are implemented according to the security policies. • Review and check the configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including the client Internet connection. • Review logical access and other authentication mechanisms. • Review current level of security awareness and commitment of staff within the organization. • Review agreements involving services or products from vendors and contractors. • Develop practical technical recommendations to address the vulnerabilities identified...
Words: 752 - Pages: 4
...[2] in 2006 by the main card brands in order to protect sensitive cardholder data stored online by merchants and other card processors. It followed on from the informal program started in 1999 by Visa and formalised in 2000 into the Cardholder Information Security Program [3]. It is designed to meet the problems of storing large amounts of credit card data stored online that may be compromised. The largest number of cards compromised so far is the TK Maxx case, where over 46 million cardholder details were stolen over a number of years [4]. The hackers used the common method of breaching insecure wireless networks from car parks outside the shops and installing malware to steal the card details. Many of the PCI DSS controls would have avoided or mitigated this attack. For example, networks must be protected from external intruders by adequate firewalls, and wireless networks must use a recent standard for protecting data such as WPA. Organisations are advised not to store card details for longer than...
Words: 4316 - Pages: 18
...INFORMATION RESOURCE GUIDE Computer, Internet and Network Systems Security An Introduction to Security i Security Manual Compiled By: S.K.PARMAR, Cst N.Cowichan Duncan RCMP Det 6060 Canada Ave., Duncan, BC 250-748-5522 sunny@seaside.net This publication is for informational purposes only. In no way should this publication by interpreted as offering legal or accounting advice. If legal or other professional advice is needed it is encouraged that you seek it from the appropriate source. All product & company names mentioned in this manual are the [registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement. The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization. ii T eofContent abl 1.0 INTRODUCTION........................................................................................................................................................... 2 1.1 BASIC INTERNET TECHNICAL DETAILS ........................................................................................................................ 2 1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol .........................................
Words: 134858 - Pages: 540