security landscape presentation
DESCRIPTION
Presentation of an example security landscapeTRANSCRIPT
![Page 1: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/1.jpg)
SECURITY
LANDSCAPE
I NF O
RM
AT
I ON
TE
CH
NO
L OG
Y,
NO
RT
H A
ME
RI C
A
![Page 2: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/2.jpg)
AGENDA
1) The Perimeter
2) The Interior
3) The Security Policy
4) Workstation & Server Standards
5) Questions
![Page 3: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/3.jpg)
PERIMETER
FIREWALLS• Checkpoint UTM for site-to-site
VPN with UK• Checkpoint UTM for ATG / IS data
center• Palo Alto for Atlanta Data Center
(DMZ), internet browsing, and disaster recovery
![Page 4: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/4.jpg)
PERIMETER
FIREWALLS• Juniper for VPN infrastructure• ISA for perimeter applications
and reverse proxy
![Page 5: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/5.jpg)
PERIMETER
REMOTE ACCESS• Nortel Extranet- Client based• Juniper- Clientless• ActiveSync• BES
![Page 6: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/6.jpg)
PERIMETER
APPLICATIONS• SendIt file transfer• FTP / Box.Net• Web Security • E-mail Anti-virus / anti-malware /
anti-spam
![Page 7: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/7.jpg)
PERIMETER
APPLICATIONS• DNS and domain registration• Public security (SSL) certificates• DNS Caching• Various server support
![Page 8: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/8.jpg)
INTERNAL
APPLICATIONS• Patch management- WSUS and
Altiris• Computer anti-virus and anti-
malware• ADRMS• Internal PKI• Wireless
![Page 9: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/9.jpg)
INTERNAL
APPLICATIONS• IAS- Radius authentication• Password auditing• SIEM• ADFS
![Page 10: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/10.jpg)
POLICY AND PROCEDURE
• Password change every 90 days• Complex password• IT installs all software• All software stored in secure
location
![Page 11: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/11.jpg)
POLICY AND PROCEDURE
• Periodic software audits• Data backups • Incident Management• Security Awareness• Least privilege
![Page 12: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/12.jpg)
WORKSTATION STANDARDS
• Anti-virus / management agent• IE7• Windows XP SP3• Automated process to remove
unused workstations from the domain
![Page 13: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/13.jpg)
WORKSTATION STANDARDS
• Local administrative privilege allowed by exception
• Guest and administrator account disabled
• Administrator account renamed• No windows firewall• No pop-up blocker
![Page 14: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/14.jpg)
WORKSTATION STANDARDS
• Unused computers are removed from the domain
• Other policies as recommended in Microsoft Baseline Security Configuration Manager
• Variety of IE settings• Altiris workstation images
![Page 15: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/15.jpg)
SERVER STANDARDS
• Anti-virus / management agent• Windows 2003 R2 or higher• Redundant hardware / UPS to
protect against data loss
![Page 16: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/16.jpg)
SERVER STANDARDS
• Regular backup with offsite storage to ensure data availability
• Encryption and secure protocols• Other policies as recommended in
Microsoft Baseline Security Configuration Manager
• Altiris server images
![Page 17: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/17.jpg)
VISION
• Vulnerability management• Full Disk Encryption• Intrusion prevention• Desktop Security• Mobile Device Management• Segregate confidential systems-
HR, Financial, and application development
![Page 18: Security Landscape Presentation](https://reader036.vdocuments.us/reader036/viewer/2022083000/5575bce4d8b42a312a8b4718/html5/thumbnails/18.jpg)
Questions?Thank you for your attention.