Uploaded by The NebularGamer

IT Infrastructure & Data Center Designs

advertisement
IT Infrastructure & Data Center Designs
Baker College – ITS 4910
Krystal Faulk
IT Infrastructure & Data Center
1. Protecting communication and transmission of data from unauthorized external access
Component
Firewall
Network Access Control
VPN
Vendor
Check Point
OPSWAT
Haltdos
Description
The Check Point 28000 Quantum Security Gateway
provides 60 security services with telcro-grade
hardware reliability and expandability. It also
features the highest port density in the industry,
modular expansion up to 16 x 100 GbE, over double
the power efficiency of other vendors, and unified
policy management.
The Quantum 28000 gateway provides a 3U form
factor, as well as 3 PSUs and 2 480GB SSDs for
redundancy. The 28000 gateway can be scaled up to
1.5 Tera-bps of threat prevention.
OPSWAT MetaAccess NAC uses agentless device
identification and profiling along with endpoint
assessments to ensure devices follow the
organization’s Acceptable Use Policies and
regulatory requirements before accessing the
network. Devices are also continuously checked in
real-time to ensure they remain compliant as they
move across the network. Users can be
authenticated with many methods and protocols,
including credential-based EAP-PEAP, machine-based
EAP-PEAP, certificate-based EAP-TLS, domain SSO,
and 802.1X SSO. The Guest Self-Registration feature
allows for different access levels and processes to be
created for guests, vendors, and other parties that
may need temporary access to the network.
MetaAccess NAC also collects information such as
username, IP address, MAC address, role, location,
time, ownership, and compliance status to allow for
informed decisions. A reporting interface provides
30 days of detailed device information and 6 months
of historical information. Reports can be
automatically created on a schedule or created on
demand.
Haltdos Remote Access Gateway provides secure
remote access to networks to devices running
Windows, Mac, Unix, iOS, and Android. User identity
is determined using hardware checks and identifiers.
The SSL or TLS protocols are used to provide a secure
VPN connection with end-to-end encryption to
protect transmitted data.
2. Protecting internal IT network infrastructure from unauthorized external access
Firewall
Check Point
IDS/IPS
Trend Micro
Access Management System
HashiCorp
Monitoring Software
Code42
The Check Point 28000 Quantum
Security Gateway provides 60 security
services with telcro-grade hardware
reliability and expandability. It also
features the highest port density in
the industry, modular expansion up to
16 x 100 GbE, over double the power
efficiency of other vendors, and
unified policy management.
The Quantum 28000 gateway provides
a 3U form factor, as well as 3 PSUs and
2 480GB SSDs for redundancy. The
28000 gateway can be scaled up to 1.5
Tera-bps of threat prevention.
Trend Micro TippingPoint uses
preemptive threat prevention, insight,
prioritization, and real-time
enforcement and remediation to
detect and block attacks. TippingPoint
features flexible deployment options
that can be set up and managed
through a central interface. The payas-you-grow licensing model allows
performance and security
requirements to easily scale.
HashiCorp Vault provides an identitybased secrets and encryption
management system to manage,
control, and audit access to secrets
and sensitive data. Clients are
validated and authorized before they
are given access to secrets and stored
data. Vault can also encrypt and
decrypt data without storing it.
HashiCorp Vault helps to keep
passwords, API keys, and credentials
secured in a single location. It also
provides an easy method to encrypt
and decrypt data. To top it off, access
to Vault requires clients to be
validated and authorized.
Code42 Incydr monitors and detects
the movement of files outside the
trusted environment, allowing you to
detect when files are sent to personal
accounts and unmanaged devices.
This helps to manage insider threats.
Incydr also uses watchlists, along with
over 120 risk indicators, to protect
data from employees that are most
likely to leak or steal files.
Risk Assessment
SecurityStudio
Data Classification Software
Netwrix
Backup & Recovery Software
IBM
Incydr also makes it easy to document
and retain evidence, as well as create
reports for incidents.
SecurityStudio is a risk management
tool that identifies threats, risks, and
creates reports. The risk assessment
features three levels of maturity,
prioritized visibility of most urgent
risks, as well as compliance with NIST,
ISO, CMMC, HIPAA, PCI, CSA, FFIEC,
FTC, CJIS, IRS p 1075, and others.
The S2Score risk scoring can be
tracked over time and reports can be
automatically generated for specific
frameworks. An interactive
remediation roadmap helps to suggest
the next steps to move towards
compliance.
Netwrix Data Classification identifies
and classifies data across the
organization, allowing for
prioritization of systems containing
sensitive information. This helps to
mitigate risk of data breach while
minimizing expenses. Data
classification also allows for the
deletion of redundant and obsolete
data, reducing the attack surface.
IBM Storage Protect provides data
resilience for physical file servers,
virtual environments, and
applications. A single Storage Protect
server can manage up to 4 petabytes
of data and ingest up to 100 terabytes
of new or changed client data per day.
Incremental forever backups,
compression, and deduplication
provide storage efficiency. The storage
environment is protected with two
key authorization for administrator
commands, encryption, security
notifications, and support for tape and
immutable object storage. IBM
Storage Protect also features built-in
cloud integration on environments
including IBM Cloud, IBM Cloud
Object Storage, Amazon S3, Google
Cloud Storage, Microsoft Azure Blob
storage, and other S3 object storage
services. Flexible policy rules use
existing backup data to satisfy
retention requirements.
References
Check Point. (2023). Data Center Firewall Security. Retrieved from Check Point Software:
https://www.checkpoint.com/quantum/next-generation-firewall/data-center-enterprisesecurity/#specs
Code42 Software, Inc. (2023). Incydr Product Demos. Retrieved from Code42:
https://www.code42.com/incydr-product-demos/
Haltdos. (2023). Remote Access Gateway Solution. Retrieved from Haltdos:
https://www.haltdos.com/products/remote-access-gateway/
HashiCorp. (2023). What is Vault? Retrieved from HashiCorp Developer:
https://developer.hashicorp.com/vault/docs/what-isvault?utm_source=xp&utm_medium=blog&utm_campaign=content
IBM Corporation. (2023). IBM Storage Protect. Retrieved from IBM:
https://www.ibm.com/products/storage-protect
Netwrix Corporation. (2023). Data Classification Software from Netwrix. Retrieved from Netwrix:
https://www.netwrix.com/data_classification_software.html
OPSWAT, Inc. (2023). NAC Solution. Retrieved from OPSWAT:
https://www.opswat.com/products/metaaccess/nac
Security Studio. (2023). Risk Management Software for Information Security. Retrieved from Security
Studio: https://securitystudio.com/
Trend Micro, Inc. (2023). TippingPoint Threat Protection System. Retrieved from Trend Micro:
https://www.trendmicro.com/en_us/business/products/network/intrusion-prevention/tippingpoint-threat-protection-system.html
Download