1 / 14

Secure Computing Network

Glenn Allison Michael Ehrenhofer Dan Hoadley Joe Mathew Bryan Tabiadon Raj Varma. Secure Computing Network. Team Excel. Key Objective. Goal Create a secure computing platform which enhances collaboration across the enterprise Strategy

lmartine
Télécharger la présentation

Secure Computing Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Glenn Allison Michael Ehrenhofer Dan Hoadley Joe Mathew Bryan Tabiadon Raj Varma Secure Computing Network Team Excel

  2. Key Objective • Goal Create a secure computing platform which enhances collaboration across the enterprise • Strategy Provide wired and wireless network connectivity which is secure and easy to use • Tactics People – security awareness training Process – on-boarding, troubleshooting, escalation Technology – NAC, VPN, LDAP, WPA

  3. Business Requirements Business • Add visitor, customer, and competitor access • Use non-company laptops on corporate network for internet and internal application use • Visitor access to internet, VPN • Wireless access Security • Protect corporate Intellectual Property • Principle of least privilege • Patch and anti-virus required • Wireless access to internal network prohibited

  4. Technology Considerations

  5. Solution Overview • Physical security • Limit access via Electronic badge to single building • Active Directory Login (LDAP) • Required for Employee’s, Contractors, Customers • Not Required for Visitor access • Network Access Control • Implement at site level to prevent wandering • Use RADIUS authentication to integrate with Active Directory • Separate VLANs

  6. Solution (cont.) • Active Directory Groups • Create Site Contractor groups • Create Site Customer groups • Use with NAC to limit access to network • Use with Applications to limit access • Separate Visitors network for internet access • Separate wireless physical infrastructure • Eliminate network cables in conference rooms • Employee’s VPN into Corporate network • No login required

  7. Solution (cont.) • E-Mail Encryption • PKI certificates to support S/MIME • Encrypted 3DES e-mail for secure internal communications and external communications when required • Policy • Documented and updated twice annually • Initial training required and annual refresher • Procedures • Requires well documented troubleshooting steps • Help desk escalation • On and off-boarding must be accurate

  8. High Level Architecture Application Laptop (WiFi) AD/LDAP Wireless LAN NAC LAN PC Radius Printer

  9. Cost Analysis capital Existing staff will be leveraged to support solution, so solution will have no additional impact to administrative budget. Annual maintenance is forecasted to be 15% of equipment capital, forecasted to be approximately $175K/yr. NOTE: Solution is based on a single campus location with 1,692 employees. Based on $1.17M capital spend, and recurring cost of $175K per year, the average total cost per employee is $691/person (capital) and $103/person (expense).

  10. Risks • Risks • Additional cost for infrastructure required • Complex environment supported by different groups • Never completely eliminated • Mitigation • Implementation will require additional training • Documentation, troubleshooting steps, escalation • Senior level awareness • Keep security top-of-mind awareness

  11. Feasibility • People • Awareness training requirement • Change management • Process • Integration with existing process • Regular audits to validate compliance • Technology • Industry standard • Minimal customization

  12. Compliance Key Driver is PCI Compliance, and ongoing SOX compliance • Monitoring Compliance • Internal audits • External audits • Change Control • All changes to infrastructure reviewed and measured with formal change control

  13. Considerations • Solution can be adjusted for different level of risk industries • Confidentiality • Integrity • Availability • Authenticity

  14. Questions?

More Related