SECURITY

LANDSCAPE

I NF O

RM

AT

I ON

TE

CH

NO

L OG

Y,

NO

RT

H A

ME

RI C

A

AGENDA

1) The Perimeter

2) The Interior

3) The Security Policy

4) Workstation & Server Standards

5) Questions

PERIMETER

FIREWALLS• Checkpoint UTM for site-to-site

VPN with UK• Checkpoint UTM for ATG / IS data

center• Palo Alto for Atlanta Data Center

(DMZ), internet browsing, and disaster recovery

PERIMETER

FIREWALLS• Juniper for VPN infrastructure• ISA for perimeter applications

and reverse proxy

PERIMETER

REMOTE ACCESS• Nortel Extranet- Client based• Juniper- Clientless• ActiveSync• BES

PERIMETER

APPLICATIONS• SendIt file transfer• FTP / Box.Net• Web Security • E-mail Anti-virus / anti-malware /

anti-spam

PERIMETER

APPLICATIONS• DNS and domain registration• Public security (SSL) certificates• DNS Caching• Various server support

INTERNAL

APPLICATIONS• Patch management- WSUS and

Altiris• Computer anti-virus and anti-

malware• ADRMS• Internal PKI• Wireless

INTERNAL

APPLICATIONS• IAS- Radius authentication• Password auditing• SIEM• ADFS

POLICY AND PROCEDURE

• Password change every 90 days• Complex password• IT installs all software• All software stored in secure

location

POLICY AND PROCEDURE

• Periodic software audits• Data backups • Incident Management• Security Awareness• Least privilege

WORKSTATION STANDARDS

• Anti-virus / management agent• IE7• Windows XP SP3• Automated process to remove

unused workstations from the domain

WORKSTATION STANDARDS

• Local administrative privilege allowed by exception

• Guest and administrator account disabled

• Administrator account renamed• No windows firewall• No pop-up blocker

WORKSTATION STANDARDS

• Unused computers are removed from the domain

• Other policies as recommended in Microsoft Baseline Security Configuration Manager

• Variety of IE settings• Altiris workstation images

SERVER STANDARDS

• Anti-virus / management agent• Windows 2003 R2 or higher• Redundant hardware / UPS to

protect against data loss

SERVER STANDARDS

• Regular backup with offsite storage to ensure data availability

• Encryption and secure protocols• Other policies as recommended in

Microsoft Baseline Security Configuration Manager

• Altiris server images

VISION

• Vulnerability management• Full Disk Encryption• Intrusion prevention• Desktop Security• Mobile Device Management• Segregate confidential systems-

HR, Financial, and application development

Questions?Thank you for your attention.