SlideShare a Scribd company logo

Network security

Download as DOCX, PDF
Ashok Dwivedi
Ashok Dwivedi

engi

Design
1 of 8
Dell - Internal Use - Confidential ,Network Security Consultant – Critical IncidentTeam India NTT DATA plans to acquire Dell Services as announced on 28th March 2016. If you are selected for a Dell Services position and the transaction closes, your future employment will be with NTT DATA. Dell recruiters can provide you with additional information about any applicable changes upon request. People make Dell – so wherever in the world they work, everyone is rewarded for their contribution. Ready to develop your career in a truly global company? Within the Services at Dell, we are looking for a Network Security Consultant – Critical Incident Team to join our team in India. Dell provides end-to-end solutions that enable more affordable and accessible technology around the world, empowering people everywhere to do more. You will be part of a collaborative team that believes in honest communication, shares creativity and welcomes different perspectives. There is a winning culture built on a platform of integrity and a spirit of innovation. We will also provide the mentoring, training and opportunities for you to fulfil your ambitions and potential. Key Responsibilities The Critical Incident Consultant will be a member of a small elite team of highly trained and experienced technical leaders who will form a SWAT team, consisting of senior engineers and critical incident managers in the resolution of our most critical incidents across our portfolio of Dell Services infrastructure customers. This is a 24x7 eyes-on-glass operation, ready to receive escalations and quickly ramp up a team of experts at a moment’s notice, as well as escalate and communicate issues to customer and Dell executives, as well as account and tower leaders. This is a new strategic initiative with high visibility and executive expectations.  Support complex Network Security system configurations and standards for Network Security platforms  Support complex business requirements to progressive design solutions; oversee the transition to production  Present network related solutions to the client audience, develop detailed documentation  Perform service delivery skills in support of large scale Network Security projects  Respond to emergency calls when there are large Enterprise level issues Essential Requirements  Higher education required, technical degree is an advantage  10+ years Network Security design, integration and operation experience  Experience in security auditing and compliance assurance  Knowledge of data networking protocols, Active Directory and experience with Identity management tools and processes  High level knowledge of computer forensics tools, Firewalls and Proxies, SSH v2, IDS/IPS, NIDS/NIPS, A/V, NAC and PNAC, PCI, SOX, HIPAA regulations and compliance  Ability to analyze, design and collaborate multiple layer protection architectures and to research, recommend, and oversee implementation of new network security technology products  Excellent customer service skills, exceptional written and verbal skills including presentation skills Desirable Requirements  Knowledge and experience with remediation and vulnerability management
Dell - Internal Use - Confidential  Multi-vendor security product knowledge  CISSP and/or other industry recongnized certifications  Network/Availability Management Systems knowledge  Experience with handling cyber attacks Benefits Our people are the most critical component of our long-term success and their health and wellbeing are our priority. You will enjoy a comprehensive, locally competitive benefits package. Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Just like a proxy server or cache server, a proxy firewall acts as an intermediary between in-house clients and servers on the Internet. The difference is that in addition to intercepting Internet requests and responses, a proxy firewall also monitors incoming traffic for layer 7 protocols, such as HTTP and FTP. In addition to determining which traffic is allowed and which is denied, a proxy firewall uses stateful inspection technology and deep packet inspection to analyze incoming traffic for signs of attack. Proxy firewalls are considered to be the most secure type of firewall because they prevent direct network contact with other systems. (Because a proxy firewall has its own IP address, an outside network connection will never receive packets from the sending network directly.) Having the ability to examine the entire network packet, rather than just the network address and port number, also means that a proxy firewall will have extensive logging capabilities -- a valuable resource for security administrators who are dealing with security incidents. According to Marcus Ranum, who is credited with conceiving the idea of a proxy firewall, the goal of the proxy approach is to create a single point that allows a security-conscious programmer to assess threat levels represented by
Dell - Internal Use - Confidential application protocols and put error detection, attack detection and validity checking in place. The added security offered by a proxy firewall has its drawbacks, however. Because a proxy firewall establishes an additional connection for each outgoing and incoming packet, the firewall can become a bottleneck, causing a degradation of performance or becoming a single point of failure. Additionally, proxy firewalls may only support certain popular network protocols, thereby limiting which applications the network can support. Network intrusion can occur in a number of ways, and there are consequently a number of ways to handle it. Firewalls are a typical security measure, good for on-point security on a computer-by-computer basis. However, proxy servers can help manage networks on an entire network scale. Firewalls reflect a direct management of connections, while proxy servers reflect a control and routing of connections. And while both function in different ways, both can function separately or together as network security solutions. Handling Traffic When working with a home or business network that handles personal data, a primary concern is security, and this means controlling the flow of incoming and outgoing Web traffic. Two ways to maintain network security are to block traffic coming from or going to specific Internet Protocoladdresses on the Web. Another way is to set up a computer, or proxy, to intercept and handle particular types of communications based on the protocol they're using, such as HTTP for Web pages and File Transfer Protocol. Proxy Servers A proxy server is a computer situated at the access point between a local network and the Internet, or between two different parts of a network. This means that traffic entering and leaving the network must go through the proxy server. Furthermore, the proxy server might handle traffic using only certain communication protocols, such as Web traffic (HTTP) or direct FTP. Home wired or wireless routers often act, or can act, like primitive proxy servers. Firewalls A firewall enables you or the security administrator to set up rules that allow or disallow traffic from specific communication protocols or even specific Web addresses. Furthermore, a firewall can block certain ports, or points of connection, so that external computers can't connect to your computer without your knowing. Firewalls can exist as software packages that run on your computer or as hardware
Dell - Internal Use - Confidential installations in such devices as network routers. Unlike proxy servers, firewalls are designed more as traffic controls than guidance. Advantages and Implementations Both a proxy server and a firewall can function as part of a network security solution. For a direct security measure, either on a computer or on a network server, a firewall enables the highest level of immediate security on the device. Firewalls also often come packaged with major operating systems such as Mac OS, Linux and Windows. When managing a large network, a proxy server will enhance your security by disallowing direct connection to the network. Working in tandem, you can secure your network with a proxy server that controls traffic to computers with firewalls that maintain secure traffic on each computer. Sponsored Links SSHprotocol, version 2 SSHprotocol, version 1 Separate transport, authentication, and connection protocols One monolithic protocol Strong cryptographic integrity check Weak CRC-32 integrity check; admits an insertion attack in conjunction with some bulk ciphers. Supports password changing N/A Any number of session channels per connection (including none) Exactly one session channel per connection (requires issuing a remote command even when you don't want one) Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key Negotiates only the bulk cipher; all others are fixed Encryption, MAC, and compression are negotiated separately for each direction, with independent keys The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm's design demands that keys not be reused)
Dell - Internal Use - Confidential Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability Fixed encoding precludes interoperable additions User authentication methods:  publickey (DSA, RSA*, OpenPGP)  hostbased  password  (Rhosts dropped due to insecurity) Supports a wider variety:  public-key (RSA only)  RhostsRSA  password  Rhosts (rsh-style)  TIS  Kerberos Use of Diffie-Hellmankey agreement removes the need for a server key Server key used for forwardsecrecy on the session key Supports public-key certificates N/A User authentication exchange is more flexible, and allows requiring multiple forms of authentication for access. Allows for exactly one form of authentication per session. hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc. (though this is not currently implemented). RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness. periodic replacement of session keys N/A * Not all SSH-2 implementations support RSA yet for user authentication or host keys, since it's a relatively recent addition. The RSA algorithm was originally omitted from the protocol due to its patent status, but that patent has since expired. etwork intrusion detection systems[edit] Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert
Dell - Internal Use - Confidential can be sent to the administrator. An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. Ideally one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. OPNET and NetSim are commonly used tools for simulation network intrusion detection systems. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. When we classify the designing of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS. On-line NIDS deals with the network in real time. It analyses the Ethernet packets and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not.[1] 1. Network-based intrusion prevention system (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity. 2. Wireless intrusion prevention systems (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols. 3. Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations. 4. Host-based intrusion prevention system (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic) An intrusion detection system (IDS) is software that runs on a server or network device to monitor and track network activity. By using an IDS, a network administrator can configure the system to monitor network activity for suspicious behavior that can indicate unauthorized access attempts. IDSs can be configured to evaluate system logs, look at suspicious network activity, and disconnect sessions that appear to violate security settings. IDSs can be sold with firewalls. Firewalls by themselves will prevent many common attacks, but they don't usually have the intelligence or the reporting capabilities to monitor the entire network. An IDS, in conjunction with a firewall,allows both a reactive posture with the firewall and a preventive posture with the IDS. In response to an event, the IDS can react by disabling systems, shutting down ports, ending sessions, deception (redirect to honeypot), and even potentially shutting down your network. Anetwork-based IDS that takes active steps to halt or prevent an intrusion is called a network intrusion prevention system (NIPS). When operating in this mode, they are considered active systems. A few years ago, NAC solutions tried to accomplish goals for locking down networks. Most of my customers hated NAC. It added a layer of complexity that made the network
Dell - Internal Use - Confidential behave unnatural and harder to support. It used a variety of ports, protocols, and physical boxes to implement. In short, it was complicated. NAC supported networks broke down often, causing nightmares for those legitimate users trying to get access and the people supporting those networks. What are people doing to support port lockdown today at the Department of Defense and other large enterprise organizations? Surprisingly, the solution has been around for a long time to help secure wireless networks. It is called 802.1x. Historically, 802.1x has worked great on wireless networks and has always been a little troublesome on the wired ports. But things have changed with enterprise policy servers (Cisco Identity Services) that make the connection more easily configurable on modern day operating systems such as Mac OS X Mountain Lion and Windows 8. How does 802.1x work? According to Wikipedia,IEEE 802.1X is an IEEE Standard for port- based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. It is part of the IEEE 802.1 group of networking protocols.
Dell - Internal Use - Confidential PCI-DSS refers to the Payment Card Industry Data Security Standard,an information securitystandard for organizations thathandle branded creditcards from the major creditcard companies (such as Visa,MasterCard, American Express,and Discover). This standard is mandated bythe major creditcard companies and administered through the PCISecurity Standards Council.The purpose ofthe standard was to increase security controls in organizations to reduce credit card fraud and limitcardholder data through such exposure.Validation of compliance atUTD is performed on annual basis through the use ofSelf-AssessmentQuestionnaires (SAQs) to validate security controls are both in place and continue to maintain the PCI Standards.Because the University acts as a “merchant” and departments and business do creditcard transactions from designated terminals and software applications on computer systems,the Universityis required to be complaintwith this standard. The Gramm Leach BlileyAct of 1999 applies to financial institutions,or companies thatdo business similar to that of a financial institution,such as making loans.Since some business processes atUTD may fall under definition of a “financial institution”,the University is required to follow the compliance statutes ofGLBA. The compliance sections ofGLBA refer to both the Privacy Rules regarding protecting consumer information and Safeguard Rules which dictates thatinformation securityprograms and securitycontrols be developed to protect financial data.Since the University already complies with FERPA, the Federal Trade Commission has ruled that the Privacy Rule does notapply, and only the Safeguard Rule applies. The general difference between PCI-DSS and GLBA is that PCI is an industry standard setform by the credit card industryfor compliance.While it is not a legal requirement,failure to comply with the standard when fraud or breaches ofcard information occur maybring financial penalties to the University by the credit card industry. GLBA is a Federal law that dictates that any business thatfalls under the definition ofa financial institution is required to follow the Privacy and Safeguard rule stipulations when applicable.Failure to comply with GLBA may resultin sanctions,fines and/or imprisonmentofofficials. Which do I need to comply with? Both PCI-DSS and GLBA apply to UT Dallas.Any departmentthatprocesses creditcards as a merchant is subjectto PCI-DSS. Any departmentthat provides financial services similar to those ofa financial institution is subjectto GLBA. HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted August 21, 1996. Title II of HIPAA includes the Administrative Simplification Act, which requires improved efficiency in healthcare delivery by standardizing electronic data interchange (EDI) and mandating the protection of patient confidentiality (privacy) and the security of health data through the setting and enforcing of standards. HIPAA Title II requires:  Standardization of electronic patient health, administrative, and financial data.  Unique identifiers for employers, health plans, and health care providers.  Standards protecting the privacy and security of individually identifiable health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

Recommended

Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Chaitanya chandra sekhar
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage PreventionMicrosoft TechNet - Belgium and Luxembourg
 
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Private Cloud
 
The Greenway Bank Presentation
The Greenway Bank PresentationThe Greenway Bank Presentation
The Greenway Bank PresentationSherrod Butler
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
ITT - Tech CNS Captstone Project
ITT - Tech CNS Captstone ProjectITT - Tech CNS Captstone Project
ITT - Tech CNS Captstone Projectvegasgirl1
 

Recommended

Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021Chaitanya chandra sekhar
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage PreventionMicrosoft TechNet - Belgium and Luxembourg
 
Microsoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Forefront - Exchange Hosted Services Whitepaper
Microsoft Forefront - Exchange Hosted Services WhitepaperMicrosoft Private Cloud
 
The Greenway Bank Presentation
The Greenway Bank PresentationThe Greenway Bank Presentation
The Greenway Bank PresentationSherrod Butler
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
ITT - Tech CNS Captstone Project
ITT - Tech CNS Captstone ProjectITT - Tech CNS Captstone Project
ITT - Tech CNS Captstone Projectvegasgirl1
 
ITT CNS Capstone Project
ITT CNS Capstone ProjectITT CNS Capstone Project
ITT CNS Capstone ProjectKyle Montoya
 
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health MonitorNagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health MonitorNagios
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for TabletSymantec
 
IT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowIT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowRochester Software Associates
 
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET Journal
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent HaubeinKent Haubein
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015Mike Spaulding
 
Network Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping QuarterNetwork Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping Quarterrichlan421
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of ThingsDeris Stiawan
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Khalid Kamal
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Capstone Presentation For Five Rivers Medical Centers
Capstone Presentation For Five Rivers Medical CentersCapstone Presentation For Five Rivers Medical Centers
Capstone Presentation For Five Rivers Medical Centersdjackson134
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 

More Related Content

What's hot

ITT CNS Capstone Project
ITT CNS Capstone ProjectITT CNS Capstone Project
ITT CNS Capstone ProjectKyle Montoya
 
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health MonitorNagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health MonitorNagios
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for TabletSymantec
 
IT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowIT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowRochester Software Associates
 
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET Journal
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent HaubeinKent Haubein
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015Mike Spaulding
 
Network Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping QuarterNetwork Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping Quarterrichlan421
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of ThingsDeris Stiawan
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Khalid Kamal
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Capstone Presentation For Five Rivers Medical Centers
Capstone Presentation For Five Rivers Medical CentersCapstone Presentation For Five Rivers Medical Centers
Capstone Presentation For Five Rivers Medical Centersdjackson134
 

What's hot (20)

ITT CNS Capstone Project
ITT CNS Capstone ProjectITT CNS Capstone Project
ITT CNS Capstone Project
 
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health MonitorNagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for Tablet
 
IT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowIT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to Know
 
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
IRJET- Security Analysis and Improvements to IoT Communication Protocols ...
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubein
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015PaloAlto Ignite Conference 2015
PaloAlto Ignite Conference 2015
 
Network Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping QuarterNetwork Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping Quarter
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of Things
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak prevention
 
Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015Resume-Khalid_Kamal-SA-2015
Resume-Khalid_Kamal-SA-2015
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Capstone Presentation For Five Rivers Medical Centers
Capstone Presentation For Five Rivers Medical CentersCapstone Presentation For Five Rivers Medical Centers
Capstone Presentation For Five Rivers Medical Centers
 

Similar to Network security

en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfaquazac
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfBoney Maundu Slim
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
What is a Firewall_ The Different Firewall Types.pptx
What is a Firewall_ The Different Firewall Types.pptxWhat is a Firewall_ The Different Firewall Types.pptx
What is a Firewall_ The Different Firewall Types.pptxAneenaBinoy2
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 

Similar to Network security (20)

en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobility
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
Firewall
FirewallFirewall
Firewall
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdf
 
Case study
Case studyCase study
Case study
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
What is a Firewall_ The Different Firewall Types.pptx
What is a Firewall_ The Different Firewall Types.pptxWhat is a Firewall_ The Different Firewall Types.pptx
What is a Firewall_ The Different Firewall Types.pptx
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
2010fall ch31 naymka
2010fall ch31 naymka2010fall ch31 naymka
2010fall ch31 naymka
 
Solution
SolutionSolution
Solution
 
Solution
SolutionSolution
Solution
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 

Recently uploaded

Call Girls Meghani Nagar 7397865700 Independent Call Girls
Call Girls Meghani Nagar 7397865700 Independent Call GirlsCall Girls Meghani Nagar 7397865700 Independent Call Girls
Call Girls Meghani Nagar 7397865700 Independent Call Girlsssuser7cb4ff
 
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai DouxDubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Douxkojalkojal131
 
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`dajasot375
 
306MTAMount UCLA University Bachelor's Diploma in Social Media
306MTAMount UCLA University Bachelor's Diploma in Social Media306MTAMount UCLA University Bachelor's Diploma in Social Media
306MTAMount UCLA University Bachelor's Diploma in Social MediaD SSS
 
Call Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full NightCall Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full Nightssuser7cb4ff
 
Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Rndexperts
 
(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一
(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一
(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一Fi sss
 
shot list for my tv series two steps back
shot list for my tv series two steps backshot list for my tv series two steps back
shot list for my tv series two steps back17lcow074
 
Introduction-to-Canva-and-Graphic-Design-Basics.pptx
Introduction-to-Canva-and-Graphic-Design-Basics.pptxIntroduction-to-Canva-and-Graphic-Design-Basics.pptx
Introduction-to-Canva-and-Graphic-Design-Basics.pptxnewslab143
 
Design Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryDesign Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryWilliamVickery6
 
定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一
定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一
定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一lvtagr7
 
Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一
办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一
办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一Fi L
 
WAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsWAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsCharles Obaleagbon
 
Call Girls Satellite 7397865700 Ridhima Hire Me Full Night
Call Girls Satellite 7397865700 Ridhima Hire Me Full NightCall Girls Satellite 7397865700 Ridhima Hire Me Full Night
Call Girls Satellite 7397865700 Ridhima Hire Me Full Nightssuser7cb4ff
 
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...babafaisel
 
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证nhjeo1gg
 

Recently uploaded (20)

Call Girls Meghani Nagar 7397865700 Independent Call Girls
Call Girls Meghani Nagar 7397865700 Independent Call GirlsCall Girls Meghani Nagar 7397865700 Independent Call Girls
Call Girls Meghani Nagar 7397865700 Independent Call Girls
 
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai DouxDubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
Dubai Call Girls Pro Domain O525547819 Call Girls Dubai Doux
 
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
Abu Dhabi Call Girls O58993O4O2 Call Girls in Abu Dhabi`
 
306MTAMount UCLA University Bachelor's Diploma in Social Media
306MTAMount UCLA University Bachelor's Diploma in Social Media306MTAMount UCLA University Bachelor's Diploma in Social Media
306MTAMount UCLA University Bachelor's Diploma in Social Media
 
Call Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full NightCall Girls Aslali 7397865700 Ridhima Hire Me Full Night
Call Girls Aslali 7397865700 Ridhima Hire Me Full Night
 
Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025
 
(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一
(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一
(办理学位证)埃迪斯科文大学毕业证成绩单原版一比一
 
shot list for my tv series two steps back
shot list for my tv series two steps backshot list for my tv series two steps back
shot list for my tv series two steps back
 
Introduction-to-Canva-and-Graphic-Design-Basics.pptx
Introduction-to-Canva-and-Graphic-Design-Basics.pptxIntroduction-to-Canva-and-Graphic-Design-Basics.pptx
Introduction-to-Canva-and-Graphic-Design-Basics.pptx
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
 
Design Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William VickeryDesign Portfolio - 2024 - William Vickery
Design Portfolio - 2024 - William Vickery
 
定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一
定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一
定制(RMIT毕业证书)澳洲墨尔本皇家理工大学毕业证成绩单原版一比一
 
Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Okhla Delhi 💯Call Us 🔝8264348440🔝
 
办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一
办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一
办理学位证(NUS证书)新加坡国立大学毕业证成绩单原版一比一
 
WAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsWAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past Questions
 
Call Girls Satellite 7397865700 Ridhima Hire Me Full Night
Call Girls Satellite 7397865700 Ridhima Hire Me Full NightCall Girls Satellite 7397865700 Ridhima Hire Me Full Night
Call Girls Satellite 7397865700 Ridhima Hire Me Full Night
 
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
Kala jadu for love marriage | Real amil baba | Famous amil baba | kala jadu n...
 
Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Mukherjee Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
young call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Service
young call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Service
young call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Service
 
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
 

Network security

  • 1. Dell - Internal Use - Confidential ,Network Security Consultant – Critical IncidentTeam India NTT DATA plans to acquire Dell Services as announced on 28th March 2016. If you are selected for a Dell Services position and the transaction closes, your future employment will be with NTT DATA. Dell recruiters can provide you with additional information about any applicable changes upon request. People make Dell – so wherever in the world they work, everyone is rewarded for their contribution. Ready to develop your career in a truly global company? Within the Services at Dell, we are looking for a Network Security Consultant – Critical Incident Team to join our team in India. Dell provides end-to-end solutions that enable more affordable and accessible technology around the world, empowering people everywhere to do more. You will be part of a collaborative team that believes in honest communication, shares creativity and welcomes different perspectives. There is a winning culture built on a platform of integrity and a spirit of innovation. We will also provide the mentoring, training and opportunities for you to fulfil your ambitions and potential. Key Responsibilities The Critical Incident Consultant will be a member of a small elite team of highly trained and experienced technical leaders who will form a SWAT team, consisting of senior engineers and critical incident managers in the resolution of our most critical incidents across our portfolio of Dell Services infrastructure customers. This is a 24x7 eyes-on-glass operation, ready to receive escalations and quickly ramp up a team of experts at a moment’s notice, as well as escalate and communicate issues to customer and Dell executives, as well as account and tower leaders. This is a new strategic initiative with high visibility and executive expectations.  Support complex Network Security system configurations and standards for Network Security platforms  Support complex business requirements to progressive design solutions; oversee the transition to production  Present network related solutions to the client audience, develop detailed documentation  Perform service delivery skills in support of large scale Network Security projects  Respond to emergency calls when there are large Enterprise level issues Essential Requirements  Higher education required, technical degree is an advantage  10+ years Network Security design, integration and operation experience  Experience in security auditing and compliance assurance  Knowledge of data networking protocols, Active Directory and experience with Identity management tools and processes  High level knowledge of computer forensics tools, Firewalls and Proxies, SSH v2, IDS/IPS, NIDS/NIPS, A/V, NAC and PNAC, PCI, SOX, HIPAA regulations and compliance  Ability to analyze, design and collaborate multiple layer protection architectures and to research, recommend, and oversee implementation of new network security technology products  Excellent customer service skills, exceptional written and verbal skills including presentation skills Desirable Requirements  Knowledge and experience with remediation and vulnerability management
  • 2. Dell - Internal Use - Confidential  Multi-vendor security product knowledge  CISSP and/or other industry recongnized certifications  Network/Availability Management Systems knowledge  Experience with handling cyber attacks Benefits Our people are the most critical component of our long-term success and their health and wellbeing are our priority. You will enjoy a comprehensive, locally competitive benefits package. Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Just like a proxy server or cache server, a proxy firewall acts as an intermediary between in-house clients and servers on the Internet. The difference is that in addition to intercepting Internet requests and responses, a proxy firewall also monitors incoming traffic for layer 7 protocols, such as HTTP and FTP. In addition to determining which traffic is allowed and which is denied, a proxy firewall uses stateful inspection technology and deep packet inspection to analyze incoming traffic for signs of attack. Proxy firewalls are considered to be the most secure type of firewall because they prevent direct network contact with other systems. (Because a proxy firewall has its own IP address, an outside network connection will never receive packets from the sending network directly.) Having the ability to examine the entire network packet, rather than just the network address and port number, also means that a proxy firewall will have extensive logging capabilities -- a valuable resource for security administrators who are dealing with security incidents. According to Marcus Ranum, who is credited with conceiving the idea of a proxy firewall, the goal of the proxy approach is to create a single point that allows a security-conscious programmer to assess threat levels represented by
  • 3. Dell - Internal Use - Confidential application protocols and put error detection, attack detection and validity checking in place. The added security offered by a proxy firewall has its drawbacks, however. Because a proxy firewall establishes an additional connection for each outgoing and incoming packet, the firewall can become a bottleneck, causing a degradation of performance or becoming a single point of failure. Additionally, proxy firewalls may only support certain popular network protocols, thereby limiting which applications the network can support. Network intrusion can occur in a number of ways, and there are consequently a number of ways to handle it. Firewalls are a typical security measure, good for on-point security on a computer-by-computer basis. However, proxy servers can help manage networks on an entire network scale. Firewalls reflect a direct management of connections, while proxy servers reflect a control and routing of connections. And while both function in different ways, both can function separately or together as network security solutions. Handling Traffic When working with a home or business network that handles personal data, a primary concern is security, and this means controlling the flow of incoming and outgoing Web traffic. Two ways to maintain network security are to block traffic coming from or going to specific Internet Protocoladdresses on the Web. Another way is to set up a computer, or proxy, to intercept and handle particular types of communications based on the protocol they're using, such as HTTP for Web pages and File Transfer Protocol. Proxy Servers A proxy server is a computer situated at the access point between a local network and the Internet, or between two different parts of a network. This means that traffic entering and leaving the network must go through the proxy server. Furthermore, the proxy server might handle traffic using only certain communication protocols, such as Web traffic (HTTP) or direct FTP. Home wired or wireless routers often act, or can act, like primitive proxy servers. Firewalls A firewall enables you or the security administrator to set up rules that allow or disallow traffic from specific communication protocols or even specific Web addresses. Furthermore, a firewall can block certain ports, or points of connection, so that external computers can't connect to your computer without your knowing. Firewalls can exist as software packages that run on your computer or as hardware
  • 4. Dell - Internal Use - Confidential installations in such devices as network routers. Unlike proxy servers, firewalls are designed more as traffic controls than guidance. Advantages and Implementations Both a proxy server and a firewall can function as part of a network security solution. For a direct security measure, either on a computer or on a network server, a firewall enables the highest level of immediate security on the device. Firewalls also often come packaged with major operating systems such as Mac OS, Linux and Windows. When managing a large network, a proxy server will enhance your security by disallowing direct connection to the network. Working in tandem, you can secure your network with a proxy server that controls traffic to computers with firewalls that maintain secure traffic on each computer. Sponsored Links SSHprotocol, version 2 SSHprotocol, version 1 Separate transport, authentication, and connection protocols One monolithic protocol Strong cryptographic integrity check Weak CRC-32 integrity check; admits an insertion attack in conjunction with some bulk ciphers. Supports password changing N/A Any number of session channels per connection (including none) Exactly one session channel per connection (requires issuing a remote command even when you don't want one) Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key Negotiates only the bulk cipher; all others are fixed Encryption, MAC, and compression are negotiated separately for each direction, with independent keys The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm's design demands that keys not be reused)
  • 5. Dell - Internal Use - Confidential Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability Fixed encoding precludes interoperable additions User authentication methods:  publickey (DSA, RSA*, OpenPGP)  hostbased  password  (Rhosts dropped due to insecurity) Supports a wider variety:  public-key (RSA only)  RhostsRSA  password  Rhosts (rsh-style)  TIS  Kerberos Use of Diffie-Hellmankey agreement removes the need for a server key Server key used for forwardsecrecy on the session key Supports public-key certificates N/A User authentication exchange is more flexible, and allows requiring multiple forms of authentication for access. Allows for exactly one form of authentication per session. hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc. (though this is not currently implemented). RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness. periodic replacement of session keys N/A * Not all SSH-2 implementations support RSA yet for user authentication or host keys, since it's a relatively recent addition. The RSA algorithm was originally omitted from the protocol due to its patent status, but that patent has since expired. etwork intrusion detection systems[edit] Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert
  • 6. Dell - Internal Use - Confidential can be sent to the administrator. An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. Ideally one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. OPNET and NetSim are commonly used tools for simulation network intrusion detection systems. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. When we classify the designing of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS. On-line NIDS deals with the network in real time. It analyses the Ethernet packets and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not.[1] 1. Network-based intrusion prevention system (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity. 2. Wireless intrusion prevention systems (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols. 3. Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations. 4. Host-based intrusion prevention system (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic) An intrusion detection system (IDS) is software that runs on a server or network device to monitor and track network activity. By using an IDS, a network administrator can configure the system to monitor network activity for suspicious behavior that can indicate unauthorized access attempts. IDSs can be configured to evaluate system logs, look at suspicious network activity, and disconnect sessions that appear to violate security settings. IDSs can be sold with firewalls. Firewalls by themselves will prevent many common attacks, but they don't usually have the intelligence or the reporting capabilities to monitor the entire network. An IDS, in conjunction with a firewall,allows both a reactive posture with the firewall and a preventive posture with the IDS. In response to an event, the IDS can react by disabling systems, shutting down ports, ending sessions, deception (redirect to honeypot), and even potentially shutting down your network. Anetwork-based IDS that takes active steps to halt or prevent an intrusion is called a network intrusion prevention system (NIPS). When operating in this mode, they are considered active systems. A few years ago, NAC solutions tried to accomplish goals for locking down networks. Most of my customers hated NAC. It added a layer of complexity that made the network
  • 7. Dell - Internal Use - Confidential behave unnatural and harder to support. It used a variety of ports, protocols, and physical boxes to implement. In short, it was complicated. NAC supported networks broke down often, causing nightmares for those legitimate users trying to get access and the people supporting those networks. What are people doing to support port lockdown today at the Department of Defense and other large enterprise organizations? Surprisingly, the solution has been around for a long time to help secure wireless networks. It is called 802.1x. Historically, 802.1x has worked great on wireless networks and has always been a little troublesome on the wired ports. But things have changed with enterprise policy servers (Cisco Identity Services) that make the connection more easily configurable on modern day operating systems such as Mac OS X Mountain Lion and Windows 8. How does 802.1x work? According to Wikipedia,IEEE 802.1X is an IEEE Standard for port- based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. It is part of the IEEE 802.1 group of networking protocols.
  • 8. Dell - Internal Use - Confidential PCI-DSS refers to the Payment Card Industry Data Security Standard,an information securitystandard for organizations thathandle branded creditcards from the major creditcard companies (such as Visa,MasterCard, American Express,and Discover). This standard is mandated bythe major creditcard companies and administered through the PCISecurity Standards Council.The purpose ofthe standard was to increase security controls in organizations to reduce credit card fraud and limitcardholder data through such exposure.Validation of compliance atUTD is performed on annual basis through the use ofSelf-AssessmentQuestionnaires (SAQs) to validate security controls are both in place and continue to maintain the PCI Standards.Because the University acts as a “merchant” and departments and business do creditcard transactions from designated terminals and software applications on computer systems,the Universityis required to be complaintwith this standard. The Gramm Leach BlileyAct of 1999 applies to financial institutions,or companies thatdo business similar to that of a financial institution,such as making loans.Since some business processes atUTD may fall under definition of a “financial institution”,the University is required to follow the compliance statutes ofGLBA. The compliance sections ofGLBA refer to both the Privacy Rules regarding protecting consumer information and Safeguard Rules which dictates thatinformation securityprograms and securitycontrols be developed to protect financial data.Since the University already complies with FERPA, the Federal Trade Commission has ruled that the Privacy Rule does notapply, and only the Safeguard Rule applies. The general difference between PCI-DSS and GLBA is that PCI is an industry standard setform by the credit card industryfor compliance.While it is not a legal requirement,failure to comply with the standard when fraud or breaches ofcard information occur maybring financial penalties to the University by the credit card industry. GLBA is a Federal law that dictates that any business thatfalls under the definition ofa financial institution is required to follow the Privacy and Safeguard rule stipulations when applicable.Failure to comply with GLBA may resultin sanctions,fines and/or imprisonmentofofficials. Which do I need to comply with? Both PCI-DSS and GLBA apply to UT Dallas.Any departmentthatprocesses creditcards as a merchant is subjectto PCI-DSS. Any departmentthat provides financial services similar to those ofa financial institution is subjectto GLBA. HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted August 21, 1996. Title II of HIPAA includes the Administrative Simplification Act, which requires improved efficiency in healthcare delivery by standardizing electronic data interchange (EDI) and mandating the protection of patient confidentiality (privacy) and the security of health data through the setting and enforcing of standards. HIPAA Title II requires:  Standardization of electronic patient health, administrative, and financial data.  Unique identifiers for employers, health plans, and health care providers.  Standards protecting the privacy and security of individually identifiable health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.