lumension data security partner guide - cisco.com · this guide is part of a comprehensive data...
TRANSCRIPT
Using this Data Security Partner Guide
Using this Data Security Partner Guide
This document is for the reader who:
• HasreadtheCisco Smart Business Architecture (SBA) for Government Large Agencies—Borderless Networks Design Overview and the Cisco Data Security Deployment Guide
• WantstoconnectBorderlessNetworkstoaLumensiondatasecurityendpointsolution
• WantstogainageneralunderstandingoftheLumensiondatasecurityendpointsolution
• HasalevelofunderstandingequivalenttoaCCNA® certification
• Wantstopreventsensitivedata,includingintellectualpropertyandcustomerdata,fromleavingtheagencywithoutprotection
• Wantstosolvedatasecuritycomplianceandregulatoryproblems
• Ismandatedtoimplementdatasecuritypolicies
• Wantstheassuranceofavalidateddatasecuritysolution
Related Documents
Before reading this guide
Design Overview
InternetEdgeDeploymentGuide
InternetEdgeConfigurationGuide
DataSecurityDeploymentGuide
Lumension Data Security Partner Guide
Design Overview
Internet Edge Configuration Guide
Foundation DeploymentGuides
Network ManagementGuides
Data SecurityDeployment Guide
Design Guides Deployment Guides
You are Here
Supplemental Guides
Internet EdgeDeployment Guide
TableofContents
ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERSDISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA-TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICALOROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARYDEPENDINGONFACTORSNOTTESTEDBYCISCO.
AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)
©2010CiscoSystems,Inc.Allrightsreserved.
TableofContents
Overview of Cisco Borderless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Agency Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Lumension Device Control Deployment Overview . . . . . . . . . . . . . . . . . . . . . . . .3
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Appendix A: SBA for Large Agencies Document System . . . . . . . . . . . . . . . . . . 8
1OverviewofCiscoBorderlessNetworks
Overview of Cisco BorderlessNetworks
TheCiscoSBAforLargeAgencies—BorderlessNetworksofferspartnersandcustomersvaluablenetworkdesignanddeploymentbestpractices;helpsagenciestodeliversuperiorend-userexperiencesusingswitching,routing,securityandwirelesstechnologies;andincludescomprehensivemanagementcapabilitiesfortheentiresystem.CustomerscanusetheguidanceprovidedinthearchitectureanddeploymentguidestomaximizethevalueoftheirCisconetworkinasimple,fast,affordable,scalableandflexiblemanner.
Figure1.LumensionDataSecurityIntegratedintotheSBAforLargeAgencies—BorderlessNetworks
Modulardesignmeansthattechnologiescanbeaddedwhentheagencyisreadytodeploythem.Figure1showshowtheLumensiondatasecuritysolutionintegratesintotheBorderlessNetworksarchitecture.
This guide is part of a comprehensive data security system designed to solveagencies’operationalproblems,suchasprotectingintellectualprop-ertyandsensitivecustomerinformationassets,andmeetingcompliancerequirements.TheguidefocusesonCisco’spartnershipwithLumensiontodeliveraffordableendpointdevicecontrolasapartofCisco’sbroaderdatasecuritysystem.
2AgencyBenefits
AgencyBenefits
Dataisanagency’slifelineandagencieshavedatastoredeverywhere.Toenhanceproductivity,agenciesallowemployeesandpartnersaccesstodatafromalmostanywhere.Inaddition,manyemployeesareworkingremotely,thusrequiringaccessfromoutsidethenetwork.Butthepotentialimpactofdatalossisaveryrealconcern,beitaccidentalormalicious.Andremovabledevices(suchasUSBflashdrives)andmedia(suchasDVDs/CDs)areamongthemostcommondataleakageroutes,withnofilecopylimits,noencryption,noaudittrails,andnocentralmanagement.
Table1.LumensionDeviceControlOverview
Capability Benefit
Centrallymanagessecuritypoliciesforremovabledevicesandmediausingawhitelist,default-denypolicyapproach
• Eliminatesamajordataleakagepaththroughautomatedcontrolofportsandremovablestorage
• Enablesoperationalproductivitywhileenhancingorganizationalsecurity
• Reducesmanagementandmaintenanceneedsinanever-changingITenvironment
Enforcesencryptionpolicieswhencopyingdatatoremov-abledevicesormedia
• Protectsvaluablecorporateandcustomerdata
• Provides“safeharbor”protectionincaseofdataexfiltration
Preventsmalwareintrusionviaremovabledevicesormedia • Addsalayerofprotectiontoyournetwork
• Reducesthreatofself-replicating,self-propagatingmalware(suchasConficker)
Providesin-depthreportingandalerting,includingsyslogintegration
• Offersforensicsandreportingtoolstodemonstratecompliancewithapplicablelaws
• Allowsforreal-timereactiontoendpointevents
• Improvesunderstandingofinter-relatedevents
Infact,theproblemofdataleakageduetotheaccidentalorsometimesmalicioususeofremovabledevicesand/orremovablemediahasreachedalarminglevels:over85%ofprivacyandsecurityprofessionalsreportedatleastonebreachandalmost64%reportedmultiplebreachesthatrequirednotification.1Thecostsforrecoveryofdataandlostbusinessarerapidlyrisingaswell,withtheaverageperincidentcostnowestimatedtobe$6.75million.2
LumensionDeviceControlenforcesagency-wideusagepoliciesforremov-abledevices,removablemedia,anddata,includingread/writeaccessrightsandencryptionenforcement.TheproductfeaturesaresummarizedinTable1.
1 Deloitte&ToucheandPonemonInstitute,Enterprise@Risk:2007Privacy&DataProtection Survey,December20072 PonemonInstitute,2009AnnualStudy:CostofaDataBreach,February2010
3LumensionDeviceControlDeploymentOverview
LumensionDeviceControlDeploymentOverview
Step 1: Installing Lumension Device Control on your network
LumensionDeviceControlsupportscontrolsonanyportsanddevicesrec-ognizedbyWindows,includingallPlug-and-Playanduser-defineddevices.Table2liststhesupportedportsanddevices:
Table2.LumensionDeviceSupport
Physical Interfaces
Wireless Interfaces Device Types
• USB
• FireWire
• PCMCIA
• ATA/IDE
• SCSI
• LPT/Parallel
• COM/Serial
• PS/2
• WiFi
• Bluetooth
• IrDA
• WirelessNICs
• RemovableStorageDevices
• ExternalHardDrives
• DVD/CDDrives
• FloppyDrives
• TapeDrives
• Printers
• Modems/SecondaryNetworkAccessDevices
• PDAsandotherhandhelds
• ImagingDevices(Scanners)
• BiometricDevices
• WindowsPortableDevices
• SmartCardReaders
• PS/2Keyboards
• User-DefinedDevices
Successfulinstallationrequiresyoutoinstallthefollowingcomponents:
1. InstalltheDatabase.LumensionDeviceControlusesMicrosoftSQLServer2005(standardorExpresseditions)orMicrosoftSQLServer2008(standardorExpresseditions).
2. Generateandsaveapublicandprivatekeypair.Lumensionstronglyrecommendstheuseofapublic-privatekeypairtoprovidethehighestlevelofsecurity.
3. InstalltheApplicationServer(s).LumensionDeviceControlisdesignedtouseoneormoreApplicationServers.Eachoftheseactsasaninter-mediarybetweentheendpointclientandthedatabase,anddistributesthelistofdevicesandsoftwarepermissionsforeveryendpointonyournetwork.
4. InstalltheManagementConsole,whichisusedtoconfigureLumensionDeviceControlandenablesadministratorstoperformarangeofday-to-dayadministrativetasks.
5. Installanddeploytheendpointclient(SK),whichisalow-levelkerneldriverthatcontrolsaccesstodevicesontheprotectedendpoint.TheSKsupportsMicrosoftXPProfessional,Vista,Windows7,Server2003,Server2008,Server2008R2,andmanyothers,includingvirtualplatforms.
Step 2: Setting up Lumension Device Control
LumensionDeviceControlgrantsdeviceaccessbyapplyingpermissionsrulestoeachdevicetype,includingfloppydiskdrives,CDandDVDdrives,serialandparallelports,USBdevices,hotswappableandinternalharddrives,andsoon.BasedontheLeastPrivilegePrinciple,accesstoanydeviceisprohibitedbydefaultforallusers.Tograntaccess,theadministra-torassociatesusersorusergroupstospecificdevicesorcompletedeviceclasses.Thisapproachisunliketraditionalsecuritysolutionsthatuseblackliststospecifydevicesthatcannotbeused.
4LumensionDeviceControlDeploymentOverview
SettingupLumensionDeviceControlrequiresyoutoperformthefollowingtasksthroughthemanagementGUI:
1 . Discover:Identifyallremovabledevicesthatconnecttoyourend-pointsusinglearningmodetocollectinformationwithoutdisruptingoperations.
2 . Assess:Definerulesatbothglobalandmachine-specificlevelsforgroupsandindividualuserstodefinedeviceaccessbyclass,modelorspecificID,anduniquelyidentifyandauthorizespecificmedia.ThesepermissionscanbelinkedtouserandusergroupinformationfromMicrosoftActiveDirectoryorNovelleDirectory.
3 . Implement:Enforcedeviceanddatausagepolicies,andcentrallyenforcetheencryptionofdatabeingmovedontoremovabledevicesand/ormedia;applythesepermissionstospecificendpoints,ports,devicesandusers,orentiregroups.
4 . Monitor:Continuouslymonitortheeffectivenessofdeviceanddatausagepoliciesinrealtimeandidentifypotentialsecuritythreatsbyloggingalldeviceconnections,recordingallpolicychangesandadministratoractivitiesandtrackingallfiletransfersbyfilenameandcontenttype.YoucanevenkeepacopyofeveryfilethatistransferredtoorfromaremovabledeviceusingLumension’spatentedbi-direc-tionalshadowingtechnology.
5 . Report: Createbothstandardandcustomizedreportsonalldeviceanddataactivityshowingallowedandblockedevents,whichcanbesavedintoarepository,sharedviaemail,orimportedintothirdpartyapplications.Detailedforensicreportsandcomprehensiveauditingcapabilitiesenableorganizationstodemonstratecompliancewithgovernmentrequirements(suchasSOX,GLBA,HIPAA,HITECH,andothers),industryregulations(suchasNERC,PCIDSSandothers)andtheirowninternalsecuritypolicies.
Reader Tip
ImplementLumensionDeviceControlin“learning”modefirst,andcol-lectinformationondeviceusageinyournetworkwithoutblocking,untilyouhaveagoodideaofwhoisusingwhatandwhy.Besuretocollectinformationoverasufficientlengthoftime,onewhichcoversimportantperiodsofhighactivity,suchasmonth-endcloseintheaccountingdepartment,orincreasedsalesactivityattheendofaquarter.
Reader Tip
Deployanynewenforcementpolicyinphases.Startsmall,thentest,monitorandadjust.Afterthingshavestabilized,moveontothenextphase.
Working with Cisco AnyConnect and RSA DLP Endpoint
LumensionDeviceControlworksseamlesslywithRSAdatalossprevention(DLP)productsandtheCiscoAnyConnectclienttoprovidepolicy-basedcontrolforsensitivedataonremovablemedia.AcombinationofRSADLPEndpointandLumensionDeviceControlpoliciesallowsagenciestocontroldatainuse.ThroughpartnershipwithRSA,LumensionwillusetherobustclassificationtechnologyandcomprehensivepolicylibrariescontainedintheRSADLPSDKtoscandocumentsandcomparethemagainstRSApoli-cies,andthenrestrictorencryptthesensitivedatabasedonuseraccessandcorporatepolicy.CiscoAnyConnectprovidesthesecuretransmissionofdatainmotionfromtheendpoint.
ThiscombinationofLumensionDeviceControlwithCiscoAnyConnectVPNandRSADLPEndpointallowsagenciestoeffectivelycontrolsensitivedatatransferredtoremovablemedia,encryptdataonremovablemedia,andsecuredeliveryofdatainmotion.
Getting Value from Lumension Device Control
LumensionDeviceControlprovidesdeep,granularcontrolofallport,device,andmediausageonyournetwork.Someofthecapabilitieswhichcanbeincorporatedintoyoursecuritypolicyinclude:
• Per-Device Permissions:Usegranularpermissionstocontrolaccessatdeviceclass(forexample,allUSBflashdrives),devicegroup,devicemodelorevenuniqueIDlevels;forinstance,restrictaccessrightstoaspecificdeviceofaagency-approvedmodel.
• Default-Deny Whitelist: Assignpermissionsforauthorizedremov-abledevices,suchasUSBsticks,andmedia,suchasDVDsorCDs,toindividualusersorusergroups;bydefault,anythingthatisnotexplicitlyauthorizedisdenied.
• Read-Only Access:Defineanydeviceasread-only;otherdeviceper-missionsincludewriteaccess,andencrypt/decryptrestrictions.
5LumensionDeviceControlDeploymentOverview
• 256-bit AES Encryption:Usecentralsecuritypolicytoforce256-bitAESencryptionofallremovabledevicesandmediaacrossallendpointsonnetwork;optionsinclude:centralized(byadminonly)vs.decentralized(byend-user),andnon-portable(networkaccessibleonly)vs.portable(accessibleoutsidethenetwork).
• Temporary/Scheduled Access: Grant users temporary access to removabledevicesandmedia,foralimitedperiod.Also,limitdeviceusageduringspecifictimeperiods.
• Offline Enforcement: Permissions and restrictions remain effective even whentheendpointisoffline;thesecanbethesameaswhenthedeviceonline,ordifferent.
• Uniquely Identify and Authorize Specific Media: AuthorizeandmanageDVDandCDcollectionsbygrantingaccesstospecificusersorusergroupsandencryptingremovablemediawithuniqueIDs.
• Context-Sensitive Permissions: Applydifferentpermissionsandrestric-tionsdependingonnetworkconnectivitystatus.Forexample,youcanenableordisablewirelesscardsonlaptops,dependingonwhethertheyareconnectedtoawirednetworkornot.
• Offline Updates: Update permissions of remote endpoints that cannot establishanetworkconnection.Newpermissionsaresavedtoafilethatisimportedandinstalledontotheclientcomputer.
• Device Management: Detectandmanagealldevices,includingPlug-and-Playandnon-standarddevices,atthetimetheyareinsertedintotheendpoint.
• File Type Filtering: Restrictandmanagethetypesoffilesthatcanbemovedtoandfromremovabledevicesandmedia;combinewithforcedencryptionforaddedprotection.
• Data Copy Restriction: Restrictthedailyamountofdatacopiedtoremovabledevicesandmediaonaper-userbasis;canalsolimitusagetospecifictimeframesanddays(forexample,onlyduringnormalworkinghoursonweekdays).
Generating Reports from Lumension Device Control
LumensionDeviceControlcomeswithintegratedreporting.Reportscanbecustomizedandsavedintoarepository,sharedviaemail,orimportedintothirdpartyapplications..Adminscanlogandcreatestandardandcustom-izedreportsonalldeviceanddataactivityshowinguserpermissions,forexample.Figure2showsthereport-generatinginterface.
Figure2.LumensionReportInterface
Reports can show:
• Usageofports,devices,andmediaacrossallendpoints
• Allallowedorblockedevents
• Policychangesandadministratoractivities
• Filetransfersbyfilenameandcontenttype
6LumensionDeviceControlDeploymentOverview
Inaddition,event,auditanddiagnosticlogscanbesentassyslogmes-sages,allowingadministratorstotakeadvantageofexistinginfrastructureandintegratedeventmanagement.Thisallowsforeventcorrelationwithothersystemlogsforcentralizedforensics,andaddsmoreoptionsforalertingandreporting.
Maintaining Lumension Device Control
MinimalmaintenanceisrequiredforLumensionDeviceControl.TheadministratorcaneasilycleanupoldlogfilesintheSQLdatabasefromtheManagementConsole.Inaddition,alllogentriescanbeeasilymanagedandexportedtocomma-separatedvalue(CSV)files,whichcanthenbeimportedintothird-partyloganalyzertools.
Securitypoliciesalsorequireoccasionalmaintenance.Asagenciesmonitordeviceusageanddataflowsovertime,thelistofalloweddevicescanbetightened,especiallyasnewdevicesareintroduced,asnewpeoplejoinandothersleave,andagencyneedsevolve.Lumension’swhitelist-basedpolicyapproachallowsnewdevicestobeadjustedastheneedarises.
Reader Tip
Startbycreatingasfewgeneralizedpermissionsetsaspossible.Theseshouldincludeasmanyhigh-levelrulesaspossible,withasfewexceptionsaspossible.DefinerulesatbothDefault(orUniversal)andMachine-Specificlevelsforgroupsandindividualusers.Thepolicyruleswillgrowmorecomplicatedovertime,sostartsimplyandaddexceptionsasneeded.
Lumension Device Control in Action
AsUSBdevicesgrowlargerincapacity,smallerinsize,andcheaperincost,akeyquestionformanyagenciesis:HowdoIcontrolwhatremovabledevicesemployeescanuseatwork?
ThefirststepinansweringthisistouseLumensionDeviceControl’slearn-ingmodetodiscoverwhatdevicesarebeingusedonyournetwork.Thiscanrevealasurprisingnumberandvarietyofdevicesinuseontheendpointsinyournetwork.Thedevicesarecategorizedbasedonhowtheyregister
themselveswithWindows,downtomakesandmodelsandevenspecificdeviceIDs.Herearesomeexamplesofhowthisinformationcanbeapplied:
• The Device Class level .Youcanassignread,read/write,ordenypermissionstoaccessaspecifictypeofdevice(forexample,allremov-ablestoragedevices).
• The Device Group level .Youcansub-classifydevices,groupingthemincoherentunitsandthenaddingspecificpermissionsandrulestoeachdevicegroup(forexample,allUSBflashdrives).
• The Device Model level . Youcandefineadevicemodelandapplypermissionsforit(forexample,allSanDiskCruzerTitanium8GBflashdrives).
• The device itself . Youcanmanagetheuseofuniquedevices(forexample,Fred’sCruzerflashdrivewithserialnumber1x23rty789).
Thenextstepistodefinepermissions.Basedonthedatacollectedandyoursecuritypolicy,youcandefinepermissionsfortheentireagency(global),fordifferentgroups(forexample,youmaywantdifferentpermissionsforthefinancegroupandthesalesgroup),orevenforspecificindividuals(forexample,theCEOmightbeaffordedspecialrights).Thesepermissionsmightincluderead/writeaccess,forcedencryption,ortime-basedaccess,andcanbesetforindividualorgroupsofusers,machines,portsanddevices
Aftergoingthroughtheeducationandactivationphase,youwillmonitordeviceusageanddataflows,andadaptyourpoliciesandprocedurestoaccommodatethereal-worldneedsofyourenduserswithoutcompromis-ingsecurity.Youwillwanttopublishperiodicreportstoauditcompliancewithinternalsecuritypolicy(andexternalregulation,ifapplicable),andtocontinuetounderstandthegapbetweenwhereyouareandwhereyouwanttobe.Thisinturnshoulddrivereassessmentsandupdatesofyouroverallsecuritypolicy.
Products Verified with Cisco SBA
LumensionEndpointSecurityV4.4.isvalidatedacrossCiscoSBAwithCiscoAnyConnect2.5.0.217.
7Summary
Summary
Thetrendtowardsgreatermobilityofworkersisacceleratingduetoincreasedproductivity,greaterconvenience,andreducedcosts.Withgreatermobilitycomestheneedforincreasedsecurityandprotectionofdataatallpointsinyournetwork.Alongwithworkforcemobility,agenciesarefacingagrowingandrapidlyevolvingsetofsecuritychallenges,including:IToutsourcing,cybercrime,Web2.0,anddatabreaches.
Lumensionprovidesoperationalendpointmanagementandsecuritysolutionsthathelpprotectyourvitalinformationandmanageyourcriticalriskacrossnetworkandendpointassets.LumensiondeliversVulnerabilityManagement,EndpointProtection,DataProtection,andComplianceandITRiskManagementSolution.LumensionDeviceControlenforcesagency-widepoliciesforremovabledevices,removablemedia,anddatasuchasread/writeandencryption.
FutureintegrationbetweenLumensionDeviceControlandCiscoAnyConnectVPNwillbringadditionalbenefitstoendpointsecurityinclud-ingadaptivesecuritypolicysettingswheretheclientwilladjustsecurityautomaticallybasedonthreatdetectionlevelsprovidedtotheclientthroughtheVPNconnection.
How to Contact US
End Users
• PleasecontactLumension,[email protected] foranyquestions.
• SubmitaninquiryaboutLumensionandtheCiscoSmartBusinessArchitectureforLargeAgencies—BorderlessNetworks.
Resellers
• [email protected] for any questions.
• FormoreinformationonhowtobecomeaLumensionreseller,pleasevisitthePartnerSectionofourwebsiteatwww.lumension.com/partners.
FormoreinformationontheLumensionandCiscoPartnership,pleasevisittheCiscoResourceCenter.
.
8AppendixA
AppendixA: SBAforLargeAgenciesDocumentSystem
Design Overview
IPv6 AddressingGuide
LAN DeploymentGuide
LAN Configuration Guide
WAN DeploymentGuide
WAN Configuration Guide
Internet EdgeDeployment Guide
Internet Edge Configuration Guide
SolarWinds Deployment Guide
Foundation DeploymentGuides
Network ManagementGuides
Wireless CleanAirDeployment Guide
Data SecurityDeployment Guide
Nexus 7000 Deployment Guide
ArcSight SIEM Partner Guide
LogLogic SIEM Partner Guide
nFx SIEM Partner Guide
RSA SIEM Partner Guide
Splunk SIEM Partner Guide
CREDANT Data Security Partner Guide
Lumension Data Security Partner Guide
SIEM DeploymentGuide
Design Guides Deployment Guides
You are Here
Supplemental Guides
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Americas HeadquartersCisco Systems, Inc.San Jose, CA
Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore
Europe HeadquartersCisco Systems International BVAmsterdam, The Netherlands
C07-641095-0002/11