Embed Size (px)
Citation preview
Prescosys GmbH
• To establish common understanding and allow the produc9on of standardiza9on of architectural func9onal by providing safe and secure networks.
• Many networks are designed around control-‐loops and protocols that are hidden within the protocol. These implicit control-‐loops should be re-‐engineered into explicit iden9ty control-‐loops
• PrescoSys provides a comprehensive approach to informa9on security management issues. – Holis9c approach considering people, processes and technology – Partnering with technology vendors throughout the informa9on security
management life cycle we created our own security management system.
wanr1
4
3750
access1 access2
2960 2960
1
2
3
Broadview T164.115.125.200/29
All Ports are Auto MDI/MDI-X
Link/Activity
Duplex
Link/Activity
Duplex Power
3C16487
Baseline Switch 2824-SFP Plus
13 14 15 16 17 18 19 20 24232221
Module PresentPort Status
121 2 3 4 5 6 7 8 9 10 11
121 2 3 4 5 6 7 8 9 10 11
13 14 15 16 17 18 19 20 21 22 23 24
Flash = Activity, Duplex : On = Full, Off = HalfLink/Activity : Green = 1000M, Yellow = 10/1000M,
23
24
21
22
All Ports are Auto MDI/MDI-X
Link/Activity
Duplex
Link/Activity
Duplex Power
3C16487
Baseline Switch 2824-SFP Plus
13 14 15 16 17 18 19 20 24232221
Module PresentPort Status
121 2 3 4 5 6 7 8 9 10 11
121 2 3 4 5 6 7 8 9 10 11
13 14 15 16 17 18 19 20 21 22 23 24
Flash = Activity, Duplex : On = Full, Off = HalfLink/Activity : Green = 1000M, Yellow = 10/1000M,
23
24
21
22
All Ports are Auto MDI/MDI-X
Link/Activity
Duplex
Link/Activity
Duplex Power
3C16487
Baseline Switch 2824-SFP Plus
13 14 15 16 17 18 19 20 24232221
Module PresentPort Status
121 2 3 4 5 6 7 8 9 10 11
121 2 3 4 5 6 7 8 9 10 11
13 14 15 16 17 18 19 20 21 22 23 24
Flash = Activity, Duplex : On = Full, Off = HalfLink/Activity : Green = 1000M, Yellow = 10/1000M,
23
24
21
22
Netgear hub
64.115.125.202
10.10.10.3
Intellinet
Intellinet
Intellinet
Omega169.254.0.4
Terminal Server169.254.0.6
Mail Server169.254.0.10
VM Server
Temporary uplink
Verizon Router
VLAN 169
Core1VLAN 10
edge4edge3
Gi1/0/48
IBM Blade Server Chassis are connected to Catalyst 3750 switches using 1Gbps trunks. These chassis’ utilize integrated Cisco 3120 switches to interconnect the individual blades to the network. VTP Domain VTP V2 VTP Transparent edge1 – Bridge Priority 32770 edge2 – Bridge Priority 32771
3
Access switches provide L2 connectivity only. These switches provide port density in addition to the Core VTP Domain VTP V2 VTP Transparent VTP Pruning access1 – Bridge Priority 32768 access2 – Bridge Priority 32769
2
3750
access1 access2
2960 2960
1
2
3
3750
edge4edge3
edge1 edge2
Omega169.254.0.4
Terminal Server169.254.0.6
Mail Server169.254.0.10
Virtual Servers
Broadview T1 – 10Mb (future)64.115.125.200/29
64.115.125.202
VLA
N 10
10.10.10.3
10.10.10.5
172.16.10.1/29
172.16.10.3/29
WWW3389443
5631
wanr1
ASA
Gi1/0/48
IBM Blade Center
VLA
N 1
0
General Web BrowsingWWW
443
Verizon rtr
Verizon 50Mb71.190.247.0/24
Gi1/0/48
10.10.10.1
1
5
Baseline Switch
3C16477A8
4 1
5
Baseline Switch
3C16477A8
4
Core2
NetApp1-2 NetApp3-4
Telecom/IP Office
isci
isci
mgt
mgt
netapp1
Gi1/0/37
Gi1/0/13-14
Gi1/0/13-14
edge
1Gi1/0/9-12
edge
2Gi1/0/9-12
edge
3Gi1/0/25-28
edge
4Gi1/0/25-28
Gi1/0/1-4
Gi1/0/20
Telecom/VM
Gi1/0/20
44
3
5
6
6
netapp3Gi1/0/38
netapp4Gi1/0/38
netapp2
Gi1/0/37
netapp1
Gi1/0/39
netapp3Gi1/0/40
Core1
netapp2
Gi1/0/39
netapp4Gi1/0/40
IBM Blade Server Chassis are connected to Catalyst 3750 switches using 4 1Gbps trunks configured as a channel for a total of 4000Mbps. These chassis’ utilize integrated Cisco 3120 switches to interconnect the individual blades to the network. The Virtual community lives here.
3
The final WAN solution will incorporate redundancy and fault-tolerance. Broadview’s 10Mbps will support production Application access from the Internet while Verizon’s 50Mbps circuit will be used for General Web Browsing by the user community. Outbound web-browsing Redundancy will be supported using Cisco’s IP SLA and Policy Based Routing.
3750
access1 access2
2960 2960
1
2
3
3750
edge4edge3
edge1 edge2
Omega169.254.0.4
Terminal Server169.254.0.6
Mail Server169.254.0.10
Virtual Servers
Verizon 50Mb71.190.247.0/24
71.190.247.1
VLA
N 10
10.10.10.1
10.10.10.6
172.16.10.1/29
172.16.10.3/29
wanr1
Gi1/0/48
IBM Blade Center
VLA
N 1
0
Verizon rtr
Broadview T1 – 10Mb (future)64.115.125.200/29
1
5
Baseline Switch
3C16477A8
4 1
5
Baseline Switch
3C16477A8
4
Core2
NetApp1-2 NetApp3-4
Telecom/IP Office
isci
isci
mgt
mgt
netapp1
Gi1/0/37
Gi1/0/13-14
Gi1/0/13-14
edge
1Gi1/0/9-12
edge
2Gi1/0/9-12
edge
3Gi1/0/25-28
edge
4Gi1/0/25-28
Gi1/0/1-4
Gi1/0/20
Telecom/VM
Gi1/0/20
44
3
5
6
6
netapp3Gi1/0/38
netapp4Gi1/0/38
netapp2
Gi1/0/37
netapp1
Gi1/0/39
netapp3Gi1/0/40
Core1
netapp2
Gi1/0/39
netapp4Gi1/0/40
PRI
MARY
ASA
10.10.10.3
172.16.10.11/29
64.115.125.202
172.16.10.9/29
10.10.10.7Gi1/0/48
SECONDARY
STATE
LAN Failover
NAT translation NAT translation
Access rulesAccess rules
ASA
77
STATE
LAN Failover
1
Access switches provide L2 connectivity to the User communities (Partners, Gen Pop, Clients). These switches provide port density and access to WAN, Printers, Servers, Voice, etc.
2
5
6
The NetApp provides proprietary computer storage and data management.
Voice Services are split up between an IP Office Server and a VM Server providing Voice Mail functionality.
Firewall is configured for Active/Failover. Access-Lists are located here.
7
Most of the network’s intelligence resides here. The Catalyst 3750 switches are the Core L3 devices responsible for moving packets between the WAN, Edge, Access Layer via 2 – 4 Gbps Ether-channel connections. HSRP, Spanning Tree are two of the fault-tolerant technologies employed here.
New Datacenter Model
Nokia
HP Blade Chasis
MPLS
provent a provent a
provent a provent a
F5F5
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
VDC1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
ATT
Nokia
VDC2
Core3 Core4
dist1 dist2
Nokia Nokia
HP Blade Chasis
IDS/IPS IDS/IPS
20b (existing)
20a (new space)
Internap SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
IDS/IPSIDS/IPS
(Virtual)
(Virtual)
(Virtual)
(Virtual)
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
MGMT3 MGMT4
MGMT1 MGMT2
dist5 dist6
F5F5
Mid-Tier Private
RaritanCoradiant
CISCO ASA 5540
POWER STATUS ACTIVE VPN FLASH
Adaptive Security Appliance
SERIESCISCO ASA 5540
POWER STATUS ACTIVE VPN FLASH
Adaptive Security Appliance
SERIES
ASA ASA
Core2Core1
(pass thru) (pass thru)
AT&TMPLS
dist4
(pass thru) (pass thru)
Solaris Windows
Oracle
VMware VMWare
App
F5F5
ASA
F5F5
Public
W2k3
Directory Svcs
NT
idmz
directory svcs
W2k3
SMTP
W2k3 NT
Directory Svcs
W2k3
SMTP
dist3
VLANs
edmz
management
internet
Intranet/backend
fast
oracle
apps
web
LEGEND1 Gbps10GbpsTrunks
1
2
3
4
2
3
4
EIGRP 10 NETWORKS10.20.x.x10.22.x.x
EIGRP 2010.60.10.0/30
EIGRP 2010.60.10.8/30
STATIC ROUTES10.30.0.0/1610.75.0.0/16
10.81.175.0/24
STATIC ROUTES10.30.0.0/1610.75.0.0/16
10.81.175.0/24
10.20.254.232/29 10.20.254.240/29
10.60.10.4/30
Internet
10.20.254.248/29
.234 .235
Vlan 30
0Vlan 300
.233
T2/1
E1/1
T2/1
E1/2
T3/2
T3/1
T3/2
T3/1
g8/5
g1/0/19
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
g8/5
g1/0/19
g8/1g8/1
Vlan 1000gi7/48
mgmt0
dist2dist1
Core1PROD
mgmt1
mgmt2
HP_Array1edge1-4
HP_Array3edge5-8
E1/9
E1/10
E1/9
E1/10
.242 .243T2/1 T2/1
Vlan 30
1Vlan 301
.241E1/1 E1/2
Core2PROD
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
g8/1g8/1
mgmt3
mgmt4
HP_Array2Edge9-12
HP_Array4Edge13-16
g8/5
g8/5T3/2
T3/1
T3/2
T3/1dist4dist3
g1/0/19
g1/0/19
g0/48
g0/23
Vlan 1000
mgmt0
Vlan 302.249 .250
Vlan 303.1
.2Vlan 305
.9
.10
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
Core3CORP
Vlan 304
.5 .6
PROD
PROD
PROD
PROD
CORP
CORP
Core4CORP
1 2 3 4
1 2
Right-side Left-side
21st fl
3560G2
Core2
20a
Core2
20a
Core1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
21st fl
3560G1
Core1
e2/46e2/45
g0/2g0/1
intrcnct1 intrcnct2
e2/48
e2/47
g0/4
g0/3
g0/21
7/1 Only one connection from 20a to 20b currently
e2/46e2/45
g0/2g0/1
e2/48
e2/47
g0/4
g0/3
g/28
g/27
g/23 24311
310
310 311
g/28
g/27
g/2324
to be moved from 21
HP_Array4Edge13-16
HOT Segment
MPLS
DMZ
Idf2-idc-sha2960
idf1-idc-sha2960
INTERNET
ATT MPLS
ltm1
ltm2
fw1 fw2
HP_Array1edge1-2
W2k3 NT
Svcs
WEB
Seg
men
t
2Mb MPLS Rtr
Int Rtr Int Rtr
Raritan(console)
Thin Client
Management
ASA5505
provent a
IDS/IPS
L2EXT/OUT
L2EXT/OUT
Riverbed
SPLA
T
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
ASA’
s
Solaris Windows
OracleCo
rpor
ate
Cust
omer
Fac
ing
Prod
OOB
VMware Win/Lin/Unix
App & Back up
Inbandmgmt1-idc-sha2960 Mgmt2-idc-sha
2960
GTMATT Datacenter
1
2
3
4
5
6
7
89
1011
12
20B
21
20A
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
SYST RPS
STRT DUPLXSPEEDUTIL
MODE
Catalyst 2950SERIES3
4
5
6
7
8
9
10
1
2
11
12
13
14
15
16
19
20
21
22
23
24
25
26
17
18
27
28
29
30
31
32
35
36
37
38
39
40
41
42
33
34
43
44
45
46
47
48
2
1
FIBER CABLING (MULTIPLE STRANDS)
FIB
ER
CA
BLI
NG
(MU
LTIP
LE S
TRA
ND
S)
NEXUS-A NEXUS-B
WW-21A WW-21B
WW-20A-1 WW-20A-2
1
2
20B – 20A INTERCONNECT VLAN
20B – 21 INTERCONNECT VLAN
20B – 20A Interconnection: EIGRP 20 (VLAN 310)
10.60.10.17 – Nexus GLBP10.60.10.18 – Nexus A10.60.10.19 – Nexus B10.60.10.20 – 6509 HSRP10.60.10.21 – 20A-6509 B10.60.10.22 – 20A-6509 B
20B – 21 Interconnection: EIGRP 20 (VLAN 311)
10.60.10.25 – Nexus GLBP10.60.10.26 – Nexus A10.60.10.27 – Nexus B10.60.10.27 – 6509 HSRP10.60.10.28 – 21-6509 A10.60.10.29 – 21-6509 B
CORP. VDC
Two Catalyst 2960 Switches are connected together using four Copper Gigabit Ethernet trunk links in an Ether Channel bundle. The trunk carries only the two VLANs used to interconnect the cages. The switches also utilize four fiber uplinks (1Gbps). A pair of fiber uplinks carry one interconnect VLAN.
1
2 The fiber panels terminate multiple strands of fiber. Only Cage 20A is connected to more than one cage.
1
2
3
4
1
2
3
4
EIGRP 10 NETWORKS10.20.x.x10.22.x.x
EIGRP 2010.60.10.0/30
EIGRP 2010.60.10.8/30
STATIC ROUTES10.30.0.0/1610.75.0.0/16
10.81.175.0/24
STATIC ROUTES10.30.0.0/1610.75.0.0/16
10.81.175.0/24
10.20.254.232/29 10.20.254.240/29
10.60.10.4/30
Internet
10.20.254.248/29
10.20.10.16/29
10.20.10.48/28
INTERNET
4
65
6
63.240.8.0/24
10.20.10.248/29
32
10.20.10.32/28
1
2
1
10.20.10.8/29
20a 21
Right-side Left-side
Core switches in the existing data center will have redundant Layer 3 connections to the new infrastructure. The routing could either be static or dynamic.
There will be Layer 3 routing between the old and new infrastructure. This is accomplished using dynamic routing.
5
The routing between both VDCs of the Nexus control the logical separation of the firewall subnets. Firewalls that are meant to serve WW Corporate and satellite locations are kept separate from the PROD infrastructure. This will help reduce routing loops and make routing more deterministic. All Prod traffic to the Nexus’ and beyond will be via the LTM’s which serve routing functions in addition to their Load-Balancing duties.
4
The Corporate Firewalls will be provisioned with a new subnet to interconnect to the Nexus switches. This new subnet will connect the firewall cluster to the VDC that connects to the BACKOFFICE. This new subnet will have just enough IP addresses for 4 physical and 2 virtual devices.
3
The load balancer GTMs are in a DMZ logically connected to the firewalls clusters. This will allow for ultimate flexibility in their mode of deployment. They could be deployed as stand-alone LBs, a failover pair or as an active/active cluster. Health monitoring of LTMs is done via the internal WW network.
2
The Public Firewalls will be provisioned with two new subnets to interconnect to the Nexus switches. There will be two clusters with a total of 4 firewalls. These firewalls are on two separate clusters with two VIPs. Inbound Internet Traffic will traverse the FW Clusters, then the LTM Clusters on the way to their destinations through the Cores. Traffic will be routed back to their sources via SNAT configured on the LTM’s. Physically, the firewalls are deployed as pairs spread across either side of the cage. This will allow for ultra-high availability for internet-facing services.
6
1
WEB FIREWALL CONTEXT
·∙ Transparent Firewall·∙ Active on 1st 6509 in Services block·∙ Multiple VLANs i.e. BVIs·∙ Failover with asymmetric routing
support
APPS FIREWALL CONTEXT
·∙ Transparent Firewall·∙ Active on 2nd 6509 in Services block·∙ Multiple VLANs i.e. BVIs·∙ Failover with asymmetric routing
support
PDA FIREWALL CONTEXT
·∙ Transparent Firewall·∙ Active on 2nd 6509 in Services block·∙ Multiple VLANs i.e. BVIs·∙ Failover with asymmetric routing
support
MGMT. FIREWALL CONTEXT
·∙ Transparent Firewall·∙ Active on 1st 6509 in Services block·∙ Multiple VLANs i.e. BVIs·∙ Can be used to secure management
traffic such that it resembles an OOB network (e.g no access from Mgmt. to servers’ subnets)
·∙ Failover with asymmetric routing support
1
2
3
4
5
VLAN ASSIGNMENT PER CONTEXT
x.x.x.
x/24Network Management
Server nameHardware
Cisco Devices
Firewall Consoleserver name
hardwareCheckPoint FireWalls
VLAN
90Te
rmina
l Serv
ers
Server ManagementServer name
HardwareiLOs, OOB etc.
MANAGEMENT NETWORK(iLOs, OOB Mgmt., MGMT.
NICs etc)
10.20.251.x/24, 10.20.253.x/24Cisco 2960
MGMT. SWITCHESVLAN 251, 253
CONSOLE CONNECTIONS
CORPORATE NETWORK
MANAGEMENT FIREWALLFWSM
Raritan
Cisco
6509
… designed and implemented solutions for small and large organizations.
Our solutions were based on the use of three main components: • Access Guardian, a home-grown network-based monitoring/logging tool. - This home-grown tool has been successfully sold and implemented at
large communications service providers and is now a full-fledge product.
• Network architecture design, this is based on each client´s specific needs.
• An automated system.
• An audit trail that provides complete logs of each user session. ü Enables follow-up for additional training and root cause analysis. ü Prevents errors, breaches and detects unauthorized access. ü Streamlined investigation, interactive analysis and response.
• A manager of traffic in and out of all applications and devices.
• An interface with human resource systems.
• An interface that ensures user profiles are continually updated.
• A password manager with single sign-on authentication.
• A record of all activity, stored off-site on a security logging host.
• A user access control to all IT Infrastructure and Applications.
• Off-site system wide logs. ü Comprehensive data collection and intelligent storage. ü Powerful correlation and analysis for identifying real threats.
• Strong user validation and authentication. ü Real-time monitoring for situational awareness, historical, trend and ad-hoc
reporting.
• Current employment, vendor and customer verification. • Connection logging. • Keystroke and mouse logging. • Internal system wide redundancy and disaster recovery. • Access control based on least privilege. • Working with third party software and appliances it correlates.
• Finds an available port for the users. ü Improves port availability by disconnecting idle sessions.
• Provides automatic fail over to other Access Guardian systems if a node fails. ü Searches for alternate connection method if primary transport fails.
• Requires authorization before connecting users to remote devices. ü Only Access Guardian can connect to remote devices, eliminating bypass.
• Records every character that passes between Access Guardian and the remote devices.
• Records the date, time, and user ID of every attempt to connect.
• Data collection (agents)
• Data storage (data warehouse)
• Analysis and cross-correlation engine and syslogs (data reduction, data normalization)
• Display interface
• Incident management workflow modules
• Reporting modules
• Framework Driven – Disciplined architecture process
• Model Driven – Separates the business from the technology – Applications and components are derived from the business activities – Platform independent functional and service components
• Component-Based – Isolates functionality – Supports many technology platforms – Promotes customization and personalization
• Solution Oriented – Focus on the Target description
• Keys to our success were:
ü Early upper-‐management buy-‐in into the business case
ü Systema9c integra9on with HR, Corporate, Legal and Compliance to define roles and policies
ü Clear decision regarding what data to collect and store and what controls to implement
ü Special aLen9on given to the fine-‐tuning of the event correla9on mechanisms and associated alerts
ü Development of a complete reference architecture to successfully integrate all components, vendors, etc. of the solu9on
• Increases productivity. • Improves customer service.
ü Expedited problem solving. • Improves performance against SLAs. • Efficient traffic management. • Effortless and efficient addition of new products.
