Cisco Mcs
Technologies Used To Secure Data And Network In The Organization
In this document I have discussed various technologies which can be used for improving security in the organization.
They are
1.Window AD Authentication
2.DLP Solution
3.File/HDD Encryption
4.Antivirus
5.Token/Biometric Access System
6.VPN/IPSEC
7.NAC
8.CSA
DLP Solution-
DLP is Data Loss Prevention. The DLP comprises of identifying, monitoring and protecting the data. The data can be in use (e.g. endpoint), in motion (e.g. network) and
Can be at rest (e.g. SAN-Storage Area Network).The DLP can find out the sensitive data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.). The DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential (sensitive) information.
a.Network DLP
These are the systems usually installed near to the Internet connection of the organizations network and analyze network traffic for sensitive information transmission. That includes email, Chat, FTP,IM, HTTP, HTTPS. These can also work as a Storage DLP systems
b.Host DLP
These systems run on end user workstations and servers in the organization. They can be used to control the information flow between groups or types of users. They can also be used to control email and other forms of communication. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities e.g. pendrives) and in some cases can access information before it has been encrypted.
[removed]// <![CDATA[
google_ad_client = "pub-9660294620365746";
/* 468x15, created 3/18/10 */
google_ad_slot = "7686415076";
google_ad_width = 468;
google_ad_height = 15;
// ]]>[removed]
[removed]
[removed]
[removed][removed]
[removed][removed]
[removed]// <![CDATA[
google_protectAndRun("ads_core.google_render_ad", google_handleError, google_render_ad);
// ]]>[removed]
Windows AD environment
All the hosts connected will have a domain environment which gives flexibility, scalability, security to the network and to the users. Windows uses robust Kerberos based authentication which is difficult to break. The network gives manageability as the rights management becomes easy. The rights can be assigned to individual users or group of users. Also severalauthentication methods like biometric or token based systems can be directly integrated with the AD system.
File/HDD encryption
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
It can be mainly of two types
a. File Encryption
b. Disk Encryption
File Encryption- It is the process used to encrypt the files. The owner will encrypt the files and keep it in an encrypted form. If the data gets stolen or in the wrong hands the stealer will not be able to find out what the real content of the file is.
Disk Encryption-It's also called as Volume Encryption. In this type of encryption the data on the whole disk is encrypted with a specific algorithm. The encryption will be transparent to the user i.e. the user will not be able to make out whether the data is getting encrypted or not. If the disk gets stolen the thief will not be able to get the contents as the whole disk will be encrypted.
Antivirus
Antivirus can be of two types a. Signature based Antivirus, b. Behavior based Antivirus
a. Signature based Antivirus- These AV's detect the viruses based on the signatures given to them by the database system. These databases get updated but if any signature is missing then the virus/ worm will be active up to that time.
b. Behavior based Antivirus- These AV's detect the behavior of the application and if it finds the behavior as suspicious then it marks it as a virus and takes appropriate action. These type of AV's can be used to prevent zero day attacks for which the solution has not been released by the AV vendor yet.
[removed]// <![CDATA[
google_ad_client = "pub-9660294620365746";
/* 468x15, created 3/18/10 */
google_ad_slot = "7686415076";
google_ad_width = 468;
google_ad_height = 15;
// ]]>[removed]
[removed]
[removed]
[removed]// <![CDATA[
google_protectAndRun("ads_core.google_render_ad", google_handleError, google_render_ad);
// ]]>[removed]
Token/Biometric Based Authentication
Security tokens are used to prove one's identity electronically. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. It can be abiometric based token e.g. a token with fingerprints
There are four types of tokens:
1. Static Password. 2. Synchronous Dynamic Password
3. Asynchronous Password
4. Challenge Response
In these Challenge Response and Synchronous Dynamic Password are bit difficult to hack.These are also called dual factor authentications as the user will have to give what he is having (a token) and what he knows ( a password). This type of security gives an edge over the other technologies.
IPSEC VPN
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. IPsec can be used for protecting any application traffic across the Internet or any private network. Applications need not be specifically designed to use IPsec.
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
a. A security association (SA) set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption andauthentication keys to be used by IPsec.
b. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
c. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
NAC –Network Admission Control
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. It attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or systemauthentication and network security enforcement so that the access to the network and other resources gets restricted from hackers.
Goals of NAC
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
CSA-Cisco Security Agent
CSA is an endpoint intrusion prevention system software which is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack.
CSA uses a two or three-tier client-server architecture. The Management Center 'MC' (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.
In this document I have discussed various technologies which can be used for improving security in the organization.
They are
1.
Window AD Authentication
2.
DLP Solution
3.
File/HDD Encryption
4.
Antivirus
5.
Token/Biometric Access System
6.
VPN/IPSEC
7.
NAC
8.
CSA
DLP Solution
-
DLP is Data Loss Prevention. The DLP comprises of identifying, monitoring and protecting the data. The data can be in use (e.g. endpoint), in motion (e.g. network) and
Can be at rest (e.g. SAN-Storage Area Network).The DLP can find out the sensitive data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.). The DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential (sensitive) information.
a.Network DLP
These are the systems usually installed near to the Internet connection of the organizations network and analyze network traffic for sensitive information transmission. That includes email, Chat, FTP,IM, HTTP, HTTPS. These can also work as a Storage DLP systems
b.Host DLP
These systems run on end user workstations and servers in the organization. They can be used to control the information flow between groups or types of users. They can also be used to control email and other forms of communication. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities e.g. pendrives) and in some cases can access information before it has been encrypted.
[removed]// <![CDATA[
google_ad_client = "pub-9660294620365746";
/* 468x15, created 3/18/10 */
google_ad_slot = "7686415076";
google_ad_width = 468;
google_ad_height = 15;
// ]]>[removed]
[removed]
[removed]
[removed][removed]
[removed][removed]
[removed]// <![CDATA[
google_protectAndRun("ads_core.google_render_ad", google_handleError, google_render_ad);
// ]]>[removed]
Windows AD environment
All the hosts connected will have a domain environment which gives flexibility, scalability, security to the network and to the users. Windows uses robust Kerberos based authentication which is difficult to break. The network gives manageability as the rights management becomes easy. The rights can be assigned to individual users or group of users. Also severalauthentication methods like biometric or token based systems can be directly integrated with the AD system.
File/HDD encryption
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
It can be mainly of two types
a. File Encryption
b. Disk Encryption
File Encryption- It is the process used to encrypt the files. The owner will encrypt the files and keep it in an encrypted form. If the data gets stolen or in the wrong hands the stealer will not be able to find out what the real content of the file is.
Disk Encryption-It's also called as Volume Encryption. In this type of encryption the data on the whole disk is encrypted with a specific algorithm. The encryption will be transparent to the user i.e. the user will not be able to make out whether the data is getting encrypted or not. If the disk gets stolen the thief will not be able to get the contents as the whole disk will be encrypted.
Antivirus
Antivirus can be of two types a. Signature based Antivirus, b. Behavior based Antivirus
a. Signature based Antivirus- These AV's detect the viruses based on the signatures given to them by the database system. These databases get updated but if any signature is missing then the virus/ worm will be active up to that time.
b. Behavior based Antivirus- These AV's detect the behavior of the application and if it finds the behavior as suspicious then it marks it as a virus and takes appropriate action. These type of AV's can be used to prevent zero day attacks for which the solution has not been released by the AV vendor yet.
[removed]// <![CDATA[
google_ad_client = "pub-9660294620365746";
/* 468x15, created 3/18/10 */
google_ad_slot = "7686415076";
google_ad_width = 468;
google_ad_height = 15;
// ]]>[removed]
[removed]
[removed]
[removed]// <![CDATA[
google_protectAndRun("ads_core.google_render_ad", google_handleError, google_render_ad);
// ]]>[removed]
Token/Biometric Based Authentication
Security tokens are used to prove one's identity electronically. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. It can be abiometric based token e.g. a token with fingerprints
There are four types of tokens:
Static Password.
Synchronous Dynamic Password
Asynchronous Password
Challenge Response
In these Challenge Response and Synchronous Dynamic Password are bit difficult to hack.These are also called dual factor authentications as the user will have to give what he is having (a token) and what he knows ( a password). This type of security gives an edge over the other technologies.
IPSEC VPN
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. IPsec can be used for protecting any application traffic across the Internet or any private network. Applications need not be specifically designed to use IPsec.
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
a. A security association (SA) set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption andauthentication keys to be used by IPsec.
b. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
c. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
NAC –Network Admission Control
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. It attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or systemauthentication and network security enforcement so that the access to the network and other resources gets restricted from hackers.
Goals of NAC
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
CSA-Cisco Security Agent
CSA is an endpoint intrusion prevention system software which is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack.
CSA uses a two or three-tier client-server architecture. The Management Center 'MC' (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.
About the Author
Nityanand Parab is working as Technical Lead at Avi Electronics and Networks Pvt. Ltd.
He works on technologies like Networking, Virtualization, Security etc.He can be reached at http://nityasworld.com
 |
 CISCO MCS 7825 H1 MCS 7800 34GHz 2GB RAM 160GB HD  US $1,295.00
|
 Cisco 7800 MCS 7825H3 K9 CMB1 213 Ghz CPU W 2Gb Of Ram 320 Gb US $999.99
|
 Cisco MCS 7835 H1 2 X 34GHZ 4gb RAM 2 X 73 HDD US $999.00
|
642-373 Free Demo
642-373 Exam
Cisco Express Foundation for Systems Engineers
Exam Number/Code : 642-373
Exam Name : Cisco Express Foundation for Systems Engineers
Questions and Answers : 65 Q&As
Update Time: 2010-03-20
Price: $ 89.00
These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-373 Exam:100% Guarantee to Pass Your Others exam and get your Others Certification.
Exam : Cisco 642-373
Title : Cisco Express Foundation for Systems Engineers
1. In the plan phase, network readiness assessment addresses which customer need?
A. an assessment of the preparedness of the customer's existing system infrastructure to support a proposed solution
B. a comprehensive design that has been customized based on the operations processes, network management processes, and tools of its system
C. an in-depth assessment of the operational environment required to support the operation of both the current and planned solutions
D. the optimal technologies for supporting its business requirements and objectives
Answer: A
2. Which Cisco security tool can best determine if a Cisco ISR router is properly secured?
A. Cisco SDM Security Audit
B. Cisco Security MARS
C. Cisco Security Agent MC
D. Cisco Security IntelliShield
E. CAN
Answer: A
Testinside 642-373 PDF is the world's most favorite readable format. We have adopted this style providing cross platform and device portability for our Cisco 642-373 Questions & Answers with Explanations. TestInside Cisco 642-373 practice tests and Answers with Explanations are downloadable anywhere anytime for you. You can not only use TestInside 642-373 Practice Questions & Answers with Explanations on your PC but can also use it on any PDF reader device easily.
If you are having problems in passing your Cisco 642-373 Certification Exam or you want to pass 642-373 exam by Using Testinside. Testinside have the right solutions for you to pass your Cisco 642-373 Exam with confidence. We have the most advanced Cisco 642-373 Training Tools and 642-373 Study Materials including Cisco 642-373 Practice Test, 642-373 Sample Questions and Cisco 642-373 Free demo that will help you pass your 642-373 Exam.
Related exams:
920-173 Nortel Contact Center Rls. 7.0 Technical Support
920-807 Nortel Unified Communications Solutions
920-808 Real-Time Networking Technologies
922-101 Communication Server 1000 Linux Platform Architecture
9A0-090 Adobe Dreamweaver CS4 ACE Exam
About the Author