Secure Computing NetworkKey ObjectiveBusiness RequirementsTechnology ConsiderationsSolution OverviewSolution (cont.)Slide 7High Level ArchitectureCost AnalysisRisksFeasibilityComplianceConsiderationsSlide 14Secure Computing NetworkTeam ExcelGlenn AllisonMichael EhrenhoferDan HoadleyJoe MathewBryan TabiadonRaj VarmaKey Objective•GoalCreate a secure computing platform which enhances collaboration across the enterprise•StrategyProvide wired and wireless network connectivity which is secure and easy to use•TacticsPeople – security awareness trainingProcess – on-boarding, troubleshooting, escalationTechnology – NAC, VPN, LDAP, WPABusiness RequirementsBusiness•Add visitor, customer, and competitor access•Use non-company laptops on corporate network for internet and internal application use•Visitor access to internet, VPN•Wireless accessSecurity•Protect corporate Intellectual Property•Principle of least privilege•Patch and anti-virus required•Wireless access to internal network prohibitedTechnology ConsiderationsPro ConElectronic badge •Limits access to buildings and certain rooms•Auditing is available•Once in a building, access is open to most areas•Physical access to network available in empty offices, etcLDAP login•Limits access to domain•Occurs after network access is granted•DHCP address granted to anyoneActive Directory groups•Allows or restricts access to specific applications•Easy to maintain•Auditing available•Can be easy to get added to a groupSeparate networks•Limits access to subnet and specific IP’s and ports•May require additional authentication•Requires additional infrastructure•Firewall rules can be complexNetwork Access Control•Prevents access to network without authentication•Policy-based access can limit access anywhere at a site•Cost•Complex support•Blocking valid usersEncryption•Prevents reading data even if disclosed•Requires infrastructure•Support issuesSolution Overview•Physical security•Limit access via Electronic badge to single building•Active Directory Login (LDAP)•Required for Employee’s, Contractors, Customers•Not Required for Visitor access•Network Access Control•Implement at site level to prevent wandering•Use RADIUS authentication to integrate with Active Directory•Separate VLANsSolution (cont.)•Active Directory Groups•Create Site Contractor groups•Create Site Customer groups•Use with NAC to limit access to network•Use with Applications to limit access•Separate Visitors network for internet access•Separate wireless physical infrastructure•Eliminate network cables in conference rooms•Employee’s VPN into Corporate network•No login requiredSolution (cont.)•E-Mail Encryption•PKI certificates to support S/MIME •Encrypted 3DES e-mail for secure internal communications and external communications when required•Policy•Documented and updated twice annually•Initial training required and annual refresher•Procedures•Requires well documented troubleshooting steps• Help desk escalation•On and off-boarding must be accurateHigh Level ArchitectureAD/LDAPApplicationRadiusNAC LANPrinterPCWirelessLANLaptop(WiFi)Cost AnalysiscapitalExisting staff will be leveraged to support solution, so solution will have no additionalimpact to administrative budget. Annual maintenance is forecasted to be 15% of equipment capital, forecasted to be approximately $175K/yr. NOTE: Solution is based on a single campus location with 1,692 employees. Based on $1.17M capital spend, and recurring cost of $175K per year, the average total cost per employee is $691/person (capital) and $103/person (expense).Risks•Risks•Additional cost for infrastructure required•Complex environment supported by different groups•Never completely eliminated•Mitigation•Implementation will require additional training•Documentation, troubleshooting steps, escalation•Senior level awareness•Keep security top-of-mind awarenessFeasibility•People•Awareness training requirement•Change management•Process•Integration with existing process•Regular audits to validate compliance•Technology•Industry standard•Minimal customizationComplianceKey Driver is PCI Compliance, and ongoing SOX compliance•Monitoring Compliance•Internal audits•External audits•Change Control•All changes to infrastructure reviewed and measured with formal change controlConsiderations•Solution can be adjusted for different level of risk
View Full Document
Unlocking...