IS4680 Security Auditing for Compliance

Slides:



Advertisements
Similar presentations
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.
Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Security Controls – What Works
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Module 5: Configuring Access for Remote Clients and Networks.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
Information Systems Security
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 7 VPN Fundamentals.
IS3220 Information Technology Infrastructure Security
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.
Security fundamentals
CSCI 465 Data Communications and Networks Lecture 26
IS4680 Security Auditing for Compliance
Module 9: Configuring Network Access
Virtual Private Networks
SECURING NETWORK TRAFFIC WITH IPSEC
Securing the Network Perimeter with ISA 2004
IS4680 Security Auditing for Compliance
Module 8: Securing Network Traffic by Using IPSec and Certificates
IS4550 Security Policies and Implementation
IS4550 Security Policies and Implementation
IS4550 Security Policies and Implementation Unit 5 User Policies
* Essential Network Security Book Slides.
Server-to-Client Remote Access and DirectAccess
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
Firewalls Routers, Switches, Hubs VPNs
IS4680 Security Auditing for Compliance
Module 8: Securing Network Traffic by Using IPSec and Certificates
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
Introduction to Network Security
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

IS4680 Security Auditing for Compliance Unit 8 Compliance Within the Remote Access Domain

Class Agenda 8/8/16 Covers Chapter 13 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulation Discussion on Project.

Learning Objective Describe information security systems compliance requirements within the Remote Access Domain.

Key Concepts Compliance-law requirements and business drivers for Remote Access Domain Devices and components found in the Remote Access Domain Virtual private network (VPN) tunneling and performance and validating Remote Access Domain configuration

Key Concepts (Continued) Remote Access Domain—policies, standards, procedures, and guidelines Best practices for Remote Access Domain compliance requirements

EXPLORE: CONCEPTS

Compliance Law and Business Drivers The Remote Access Domain contains the components that can bring the distributed environment together and make resources available and useful to remote users. The organization provides the Remote Access Domain service, which enables remote users to operate more effectively and efficiently without physically present at your main location.

Compliance Law and Business Drivers (Continued) The Remote Access Domain capability is a benefit to users who are geographically separated from your physical resources either permanently or temporarily.

Compliance Law and Business Drivers (Continued) The necessary steps need to be taken to secure the data being transmitted to and from the organization, and hence show compliance especially if your organization has a Health Insurance Portability and Accountability Act (HIPPA), of a Professional Certified Investigator (PCI) requirement.

Components in Remote Access Domain Remote user Remote users connect to an organization’s resources by using non trusted networks Remote users often use public computers or terminals Remote users can be sloppy, moreover a strong remote access acceptable use policy (AUP) in place that sets standards for how remote users handle data

Devices in Remote Access Domain Remote workstation or laptop Smartphone

VPN Tunneling and Performance Although most VPN encrypts all the traffic transported through the VPN tunnel, and the encryption is an option and not a part of the VPN itself. The “private” part of VPN refers to private addressing and not data privacy. You can monitor a lot with respect to remote access, but the best place to start is by identifying and validating who is using remote access.

VPN Tunneling and Performance (Continued) There are at least three activities of interest you should be monitoring: Creation of VPN connection Remote access connection Remote computer logon

EXPLORE: PROCESSES

Validating Remote Access Domain Configuration Step 1 Verify that all traffic flowing along your VPN is encrypted at both ends. Step 2 Configure routers so that it do not accept data without Internet Protocol Security (IPsec) encryption. Step 3 Validate that the packets flowing through your VPN are encrypted. Step 4 Set a schedule to check these processes to ensure that no misconfigurations have been made.

Monitoring VPN Tunneling Step 1 Use a higher level of Open Systems Interconnection (OSI) and encapsulate data by using IPsec protocol. Step 2 Monitor the data for modification while in transit. Step 3 Check for secure data transmission when data enters the organizational network. Step 4 Use a proxy filter to monitor and control data based on the settings of the proxy filter. Step 5 Log the data when decrypted from IPsec, which helps to monitor the data.

EXPLORE: ROLES

Roles and Responsibilities Senior Managers Responsible for support and funding approval. Information technology (IT) Managers Overall IT function leadership and support.

Roles and Responsibilities (Continued) IT Auditors Remote Access Domain control auditors. Data Owners Grant access to data remotely.

Roles and Responsibilities (Continued) System Administrators Monitor servers for anomalies. Network Administrators Monitor network VPN and remote access devices for anomalies.

EXPLORE: CONTEXTS

Creation of Information Systems Security (ISS) Compliance Validating compliance in the Remote Access Domain includes validating the controls that satisfy compliance requirements. Most compliance concerns focus on data privacy because it is important to evaluate all controls and ensure that all three properties of the availability, integrity, and confidentiality (A-I-C) triad are satisfied.

Creation of ISS Compliance (Continued) The Remote Access Domain has the following three main areas of concern: Client-side configuration Server-side configuration Configuration-management verification Each area focuses on a slightly different component of the Remote Access Domain.

Best Practices for Remote Access Domain The following best practices can be used to develop a plan for Remote Access Domain compliance: Map your proposed remote access architecture, including redundant and backup connections. Install at least one firewall between your VPN endpoint and your internal network.

Best Practices for Remote Access Domain (Continued) Select a VPN provider that your clients can easily access. Use global user accounts whenever possible. Create a limited number of administrative accounts with permissions for remote administration.

Best Practices for Remote Access Domain (Continued) Monitor VPN traffic for performance and suspicious content. Require encryption for all communication in the Remote Access Domain.

EXPLORE: RATIONALE

Validating Remote Access Domain Configuration The same process is used in a large organization must be used in small organizations. However, the small organization requires lower costs of ownership and less devices to monitor. The size of the organization has nothing to do with the validation process.

Adhering to Policies, Standards, Procedures, and Guidelines Each organization has different needs, and organizations use different controls to ensure functionality and security in the Remote Access Domain.

Summary In this presentation, the following were covered: Devices and components in Remote Access Domain and VPN tunneling Process to validate Remote Access Domain configuration and monitor VPN tunneling Roles and responsibilities associated with Remote Access Domain compliance Creation of information systems security compliance and best practices for Remote Access Domain compliance requirements Need for validating Remote Access Domain configuration and adhering to policies, standards, procedures, and guidelines

Assignment and Lab Discussion 8.1 Virtual Private Network (VPN) Tunneling and Performance Lab 8.2 Auditing the Remote Access Domain for Compliance Assignment 8.3 Best Practices for Remote Access Domain Compliance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.