security landscape presentation
DESCRIPTION
Presentation of an example security landscapeTRANSCRIPT
SECURITY
LANDSCAPE
I NF O
RM
AT
I ON
TE
CH
NO
L OG
Y,
NO
RT
H A
ME
RI C
A
AGENDA
1) The Perimeter
2) The Interior
3) The Security Policy
4) Workstation & Server Standards
5) Questions
PERIMETER
FIREWALLS• Checkpoint UTM for site-to-site
VPN with UK• Checkpoint UTM for ATG / IS data
center• Palo Alto for Atlanta Data Center
(DMZ), internet browsing, and disaster recovery
PERIMETER
FIREWALLS• Juniper for VPN infrastructure• ISA for perimeter applications
and reverse proxy
PERIMETER
REMOTE ACCESS• Nortel Extranet- Client based• Juniper- Clientless• ActiveSync• BES
PERIMETER
APPLICATIONS• SendIt file transfer• FTP / Box.Net• Web Security • E-mail Anti-virus / anti-malware /
anti-spam
PERIMETER
APPLICATIONS• DNS and domain registration• Public security (SSL) certificates• DNS Caching• Various server support
INTERNAL
APPLICATIONS• Patch management- WSUS and
Altiris• Computer anti-virus and anti-
malware• ADRMS• Internal PKI• Wireless
INTERNAL
APPLICATIONS• IAS- Radius authentication• Password auditing• SIEM• ADFS
POLICY AND PROCEDURE
• Password change every 90 days• Complex password• IT installs all software• All software stored in secure
location
POLICY AND PROCEDURE
• Periodic software audits• Data backups • Incident Management• Security Awareness• Least privilege
WORKSTATION STANDARDS
• Anti-virus / management agent• IE7• Windows XP SP3• Automated process to remove
unused workstations from the domain
WORKSTATION STANDARDS
• Local administrative privilege allowed by exception
• Guest and administrator account disabled
• Administrator account renamed• No windows firewall• No pop-up blocker
WORKSTATION STANDARDS
• Unused computers are removed from the domain
• Other policies as recommended in Microsoft Baseline Security Configuration Manager
• Variety of IE settings• Altiris workstation images
SERVER STANDARDS
• Anti-virus / management agent• Windows 2003 R2 or higher• Redundant hardware / UPS to
protect against data loss
SERVER STANDARDS
• Regular backup with offsite storage to ensure data availability
• Encryption and secure protocols• Other policies as recommended in
Microsoft Baseline Security Configuration Manager
• Altiris server images
VISION
• Vulnerability management• Full Disk Encryption• Intrusion prevention• Desktop Security• Mobile Device Management• Segregate confidential systems-
HR, Financial, and application development
Questions?Thank you for your attention.