IT Infrastructure & Data Center Designs Baker College – ITS 4910 Krystal Faulk IT Infrastructure & Data Center 1. Protecting communication and transmission of data from unauthorized external access Component Firewall Network Access Control VPN Vendor Check Point OPSWAT Haltdos Description The Check Point 28000 Quantum Security Gateway provides 60 security services with telcro-grade hardware reliability and expandability. It also features the highest port density in the industry, modular expansion up to 16 x 100 GbE, over double the power efficiency of other vendors, and unified policy management. The Quantum 28000 gateway provides a 3U form factor, as well as 3 PSUs and 2 480GB SSDs for redundancy. The 28000 gateway can be scaled up to 1.5 Tera-bps of threat prevention. OPSWAT MetaAccess NAC uses agentless device identification and profiling along with endpoint assessments to ensure devices follow the organization’s Acceptable Use Policies and regulatory requirements before accessing the network. Devices are also continuously checked in real-time to ensure they remain compliant as they move across the network. Users can be authenticated with many methods and protocols, including credential-based EAP-PEAP, machine-based EAP-PEAP, certificate-based EAP-TLS, domain SSO, and 802.1X SSO. The Guest Self-Registration feature allows for different access levels and processes to be created for guests, vendors, and other parties that may need temporary access to the network. MetaAccess NAC also collects information such as username, IP address, MAC address, role, location, time, ownership, and compliance status to allow for informed decisions. A reporting interface provides 30 days of detailed device information and 6 months of historical information. Reports can be automatically created on a schedule or created on demand. Haltdos Remote Access Gateway provides secure remote access to networks to devices running Windows, Mac, Unix, iOS, and Android. User identity is determined using hardware checks and identifiers. The SSL or TLS protocols are used to provide a secure VPN connection with end-to-end encryption to protect transmitted data. 2. Protecting internal IT network infrastructure from unauthorized external access Firewall Check Point IDS/IPS Trend Micro Access Management System HashiCorp Monitoring Software Code42 The Check Point 28000 Quantum Security Gateway provides 60 security services with telcro-grade hardware reliability and expandability. It also features the highest port density in the industry, modular expansion up to 16 x 100 GbE, over double the power efficiency of other vendors, and unified policy management. The Quantum 28000 gateway provides a 3U form factor, as well as 3 PSUs and 2 480GB SSDs for redundancy. The 28000 gateway can be scaled up to 1.5 Tera-bps of threat prevention. Trend Micro TippingPoint uses preemptive threat prevention, insight, prioritization, and real-time enforcement and remediation to detect and block attacks. TippingPoint features flexible deployment options that can be set up and managed through a central interface. The payas-you-grow licensing model allows performance and security requirements to easily scale. HashiCorp Vault provides an identitybased secrets and encryption management system to manage, control, and audit access to secrets and sensitive data. Clients are validated and authorized before they are given access to secrets and stored data. Vault can also encrypt and decrypt data without storing it. HashiCorp Vault helps to keep passwords, API keys, and credentials secured in a single location. It also provides an easy method to encrypt and decrypt data. To top it off, access to Vault requires clients to be validated and authorized. Code42 Incydr monitors and detects the movement of files outside the trusted environment, allowing you to detect when files are sent to personal accounts and unmanaged devices. This helps to manage insider threats. Incydr also uses watchlists, along with over 120 risk indicators, to protect data from employees that are most likely to leak or steal files. Risk Assessment SecurityStudio Data Classification Software Netwrix Backup & Recovery Software IBM Incydr also makes it easy to document and retain evidence, as well as create reports for incidents. SecurityStudio is a risk management tool that identifies threats, risks, and creates reports. The risk assessment features three levels of maturity, prioritized visibility of most urgent risks, as well as compliance with NIST, ISO, CMMC, HIPAA, PCI, CSA, FFIEC, FTC, CJIS, IRS p 1075, and others. The S2Score risk scoring can be tracked over time and reports can be automatically generated for specific frameworks. An interactive remediation roadmap helps to suggest the next steps to move towards compliance. Netwrix Data Classification identifies and classifies data across the organization, allowing for prioritization of systems containing sensitive information. This helps to mitigate risk of data breach while minimizing expenses. Data classification also allows for the deletion of redundant and obsolete data, reducing the attack surface. IBM Storage Protect provides data resilience for physical file servers, virtual environments, and applications. A single Storage Protect server can manage up to 4 petabytes of data and ingest up to 100 terabytes of new or changed client data per day. Incremental forever backups, compression, and deduplication provide storage efficiency. The storage environment is protected with two key authorization for administrator commands, encryption, security notifications, and support for tape and immutable object storage. IBM Storage Protect also features built-in cloud integration on environments including IBM Cloud, IBM Cloud Object Storage, Amazon S3, Google Cloud Storage, Microsoft Azure Blob storage, and other S3 object storage services. Flexible policy rules use existing backup data to satisfy retention requirements. References Check Point. (2023). Data Center Firewall Security. Retrieved from Check Point Software: https://www.checkpoint.com/quantum/next-generation-firewall/data-center-enterprisesecurity/#specs Code42 Software, Inc. (2023). Incydr Product Demos. Retrieved from Code42: https://www.code42.com/incydr-product-demos/ Haltdos. (2023). Remote Access Gateway Solution. Retrieved from Haltdos: https://www.haltdos.com/products/remote-access-gateway/ HashiCorp. (2023). What is Vault? Retrieved from HashiCorp Developer: https://developer.hashicorp.com/vault/docs/what-isvault?utm_source=xp&utm_medium=blog&utm_campaign=content IBM Corporation. (2023). IBM Storage Protect. Retrieved from IBM: https://www.ibm.com/products/storage-protect Netwrix Corporation. (2023). Data Classification Software from Netwrix. Retrieved from Netwrix: https://www.netwrix.com/data_classification_software.html OPSWAT, Inc. (2023). NAC Solution. Retrieved from OPSWAT: https://www.opswat.com/products/metaaccess/nac Security Studio. (2023). Risk Management Software for Information Security. Retrieved from Security Studio: https://securitystudio.com/ Trend Micro, Inc. (2023). TippingPoint Threat Protection System. Retrieved from Trend Micro: https://www.trendmicro.com/en_us/business/products/network/intrusion-prevention/tippingpoint-threat-protection-system.html