Requirements of a Network

Slides:



Advertisements
Similar presentations
Presented by Brad Jacobson The Publisher on the Web Exploiting the new online sales channels.
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Mission Statement SC Height Modernization Status In the NGS Database (Height Mod Project) In progress Proposed.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Phishing – Read Behind The Lines Veljko Pejović
A Guide to major network components
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
 2013, Infotecs ViPNet Technology Advantages.  2013, Infotecs GmbH In today’s market, along with the ViPNet technology, there are many other technologies.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Mission Statement SC Height Modernization Status In the NGS Database (Height Mod Project) In progress Proposed.
Network Operating Systems versus Operating Systems Computer Networks.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
CIS 450 – Network Security Chapter 3 – Information Gathering.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Requirements of a Network  Good working relationship with IT  Secure location for antenna and receiver  Uninterrupted power  Capability to log on.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Page ADP Technology Training. 2 Page2 Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All.
Kevin Watson and Ammar Ammar IT Asset Visibility.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
ArcGIS for Server Security: Advanced
Getting Connected to NGS while on the Road…
Application Layer Functionality and Protocols Abdul Hadi Alaidi
VMware ESX and ESXi Module 3.
Chapter 7. Identifying Assets and Activities to Be Protected
Chapter 1 Introduction to Networking
2 March 2017 Jevgenija Sevcova, EIFL Programmes and events coordinator
Virtual Private Networks (VPN)
Working at a Small-to-Medium Business or ISP – Chapter 8
Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.
Configuring and Troubleshooting DHCP
Internet and Intranet.
Virtual Private Networks (VPN)
Introduction to Computers
Lecture 6: TCP/IP Networking By: Adal Alashban
Introducing To Networking
Introduction to Networking
Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4 Exam NSE4-5.4 Dumps PDF.
Hiding Network Computers Gateways
NET323 D: Network Protocols
Internet and Intranet.
6.6 Firewalls Packet Filter (=filtering router)
IS4550 Security Policies and Implementation
Unit 27: Network Operating Systems
Chapter 27: System Security
Welcome and thank you for choosing SharkGate
Virtual Private Network
NET323 D: Network Protocols
Getting Connected to NGS while on the Road…
Internet and Intranet.
Chapter 3 VLANs Chaffee County Academy
AbbottLink™ - IP Address Overview
Chapter 10: Advanced Cisco Adaptive Security Appliance
Cybersecurity and Cyberhygiene
Designing IIS Security (IIS – Internet Information Service)
What’s new ArcGIS 10.1 for Server The Server Framework
The Internet and Electronic mail
Internet and Intranet.
How to install and manage exchange server 2010 OP Saklani.
Presentation transcript:

Requirements of a Network Good working relationship with IT Secure location for antenna and receiver Uninterrupted power Capability to log on remotely

The SC RTN We manage the accounts in-house We have a user fee We have one type of subscription Have application and user agreement online

The South Carolina Real Time Network NCSP NCHE NCSH NC77 NCMR NCPO NCRO NCLU NCWH NCSL GACC Built in 2006/2007. We are in the third generation of software. We are using our second set of servers. Operate using VMWare and virtual servers. SC Real Time GPS Network (SC RTN) SC RTN comprises 53 base stations continuously collecting and transmitting GPS data SC RTN provides real-time corrections, via cell phones, to users in the field operating GPS equipment Users in the field provided with real-time coordinates and elevations accurate to + 0.1 foot 471 Subscribers to the SC Real Time Network include, but are not limited to: Registered Professional Land Surveyors and Engineers Geographic Information System (GIS) Professionals Federal, State, County and Municipal Planners SCDOT and SCDOT Contractors using GPS Machine Control for Road Construction The Army Corps of Engineers SCHA Legend HEIGHT MODERNIZATION STATION Located at non-SCDOT site SCEB HEIGHT MODERNIZATION STATION Located at SCDOT site PROPOSED SITE

The SC DOT Thirty six receivers All assigned an internal 10. address Data streams to the SCDOT headquarters SLA between the two offices VPN between SCDOT and ORS server farm

Other Locations Educational facilities Municipal Buildings Colleges, Technical Colleges Municipal Buildings Court Houses, Public Works facilities, Pump Houses, State Port Authority, State Offices Fire Departments Each facility was unique. Some use inhouse IT. Others, like the Fire Departments, have contracted ISP and IT services.

Network Configuration First Generation We are using virtual servers, VMWare. Probably one of the first to do this in the US back in 2006/2007. Was cheaper for us and more flexible.

Network Configuration Second Generation

Receiver Trimble NetR9

Firewalls and Protection Servers are not in the same domain as the rest of the SCGS and ORS. The DMZ was set up to operate as a Workgroup. In the first generation, there were three non-SC DOT sites operating with public IP addresses. With the transition to the second generation, IT as those sites either changed or became more diligent and the addresses were NATed (Network address translation). The firewall has permissions established for the NATed address and the port. The permission allows two way communication since the servers on our end initiate the “call” for data from the reference stations. This is made from one server, the GPStream. In the first generation, each of the three servers initiated a call for data, thus three times the traffic on the network. From the SCGS end, the system administrators have access provided to the network using vSphere Client. If I perform system updates or load firmware after hours, I use a Cisco application to establish a secure link to the ORS intranet, and remotely log onto my workstation at my office. Here I am able to log onto each of the servers, or, to the GPStream server and then to each of the reference stations.

Static IP Address For security reasons, we need to have DHCP turned off. Firewalls are configured for a specific address which may not be provided with a power loss and DHC reassigning a new address to the device.

IO and HTTP Some IT administrators will not allow you to have a web server operating on http using port 80. Here you can assign a port and enable https. Firewall permissions for the data are allowed for a specific IP address and port.

Password Protection

The Situation SCGS was contacted by an  IT contractor working for a municipality that hosts one of our base stations. The IT contractor had received an email from the IT service provider stating that a device, identified by our specific IP address, had been used to create false requests for data. The “requests” appeared to be from the target of a cyber-attack but were actually generated through the NTP server of the GNSS receiver. The small amount of data used to create the requests in turn generates an exponentially larger amount of data directed at the target. Upon notification from the IT provider, the IT contractor disconnected our device from the municipality’s network. SCGS remotely disabled the NTP server at one of our functioning base stations. SCGS has learned that the affected receivers were identified and exploited by a malicious search program. All SCGS receivers are now operating as NTP client only with the NTP server disabled. 

First true Security problem we have encountered

Closing The security of a network goes back to having a great cooperation with your local IT department.  Building that alliance is instrumental in offsetting type of cyber attack to a network.  The idea here is that attacks happen 24 hours a day on a network. 

South Carolina Geodetic Survey Thank-you! Matt Wellslager South Carolina Geodetic Survey 5 Geology Rd Columbia, SC 29212 803-896-7715 matt.wellslager@scgs.sc.gov