Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Computing Network

Similar presentations


Presentation on theme: "Secure Computing Network"— Presentation transcript:

1 Secure Computing Network
Glenn Allison Michael Ehrenhofer Dan Hoadley Joe Mathew Bryan Tabiadon Raj Varma Secure Computing Network Team Excel

2 Key Objective Goal Strategy Tactics
Create a secure computing platform which enhances collaboration across the enterprise Strategy Provide wired and wireless network connectivity which is secure and easy to use Tactics People – security awareness training Process – on-boarding, troubleshooting, escalation Technology – NAC, VPN, LDAP, WPA

3 Business Requirements
Add visitor, customer, and competitor access Use non-company laptops on corporate network for internet and internal application use Visitor access to internet, VPN Wireless access Security Protect corporate Intellectual Property Principle of least privilege Patch and anti-virus required Wireless access to internal network prohibited

4 Technology Considerations
Pro Con Electronic badge Limits access to buildings and certain rooms Auditing is available Once in a building, access is open to most areas Physical access to network available in empty offices, etc LDAP login Limits access to domain Occurs after network access is granted DHCP address granted to anyone Active Directory groups Allows or restricts access to specific applications Easy to maintain Auditing available Can be easy to get added to a group Separate networks Limits access to subnet and specific IP’s and ports May require additional authentication Requires additional infrastructure Firewall rules can be complex Network Access Control Prevents access to network without authentication Policy-based access can limit access anywhere at a site Cost Complex support Blocking valid users Encryption Prevents reading data even if disclosed Requires infrastructure Support issues

5 Solution Overview Physical security Active Directory Login (LDAP)
Limit access via Electronic badge to single building Active Directory Login (LDAP) Required for Employee’s, Contractors, Customers Not Required for Visitor access Network Access Control Implement at site level to prevent wandering Use RADIUS authentication to integrate with Active Directory Separate VLANs

6 Solution (cont.) Active Directory Groups
Create Site Contractor groups Create Site Customer groups Use with NAC to limit access to network Use with Applications to limit access Separate Visitors network for internet access Separate wireless physical infrastructure Eliminate network cables in conference rooms Employee’s VPN into Corporate network No login required

7 Solution (cont.) E-Mail Encryption Policy Procedures
PKI certificates to support S/MIME Encrypted 3DES for secure internal communications and external communications when required Policy Documented and updated twice annually Initial training required and annual refresher Procedures Requires well documented troubleshooting steps Help desk escalation On and off-boarding must be accurate

8 High Level Architecture
Application Laptop (WiFi) AD/LDAP Wireless LAN Radius NAC LAN PC Printer

9 Cost Analysis capital Existing staff will be leveraged to support solution, so solution will have no additional impact to administrative budget. Annual maintenance is forecasted to be 15% of equipment capital, forecasted to be approximately $175K/yr. NOTE: Solution is based on a single campus location with 1,692 employees. Based on $1.17M capital spend, and recurring cost of $175K per year, the average total cost per employee is $691/person (capital) and $103/person (expense).

10 Risks Risks Mitigation Additional cost for infrastructure required
Complex environment supported by different groups Never completely eliminated Mitigation Implementation will require additional training Documentation, troubleshooting steps, escalation Senior level awareness Keep security top-of-mind awareness

11 Feasibility People Process Technology Awareness training requirement
Change management Process Integration with existing process Regular audits to validate compliance Technology Industry standard Minimal customization

12 Compliance Key Driver is PCI Compliance, and ongoing SOX compliance
Monitoring Compliance Internal audits External audits Change Control All changes to infrastructure reviewed and measured with formal change control

13 Considerations Solution can be adjusted for different level of risk industries Confidentiality Integrity Availability Authenticity

14 Questions?


Download ppt "Secure Computing Network"

Similar presentations


Ads by Google