1. Dell - Internal Use - Confidential
,Network Security Consultant – Critical IncidentTeam
India
NTT DATA plans to acquire Dell Services as announced on 28th March 2016.
If you are selected for a Dell Services position and the transaction closes, your future employment will
be with NTT DATA. Dell recruiters can provide you with additional information about any applicable
changes upon request.
People make Dell – so wherever in the world they work, everyone is rewarded for their contribution.
Ready to develop your career in a truly global company? Within the Services at Dell, we are looking
for a Network Security Consultant – Critical Incident Team to join our team in India.
Dell provides end-to-end solutions that enable more affordable and accessible technology around the
world, empowering people everywhere to do more. You will be part of a collaborative team that
believes in honest communication, shares creativity and welcomes different perspectives. There is a
winning culture built on a platform of integrity and a spirit of innovation. We will also provide the
mentoring, training and opportunities for you to fulfil your ambitions and potential.
Key Responsibilities
The Critical Incident Consultant will be a member of a small elite team of highly trained and
experienced technical leaders who will form a SWAT team, consisting of senior engineers and critical
incident managers in the resolution of our most critical incidents across our portfolio of Dell Services
infrastructure customers. This is a 24x7 eyes-on-glass operation, ready to receive escalations and
quickly ramp up a team of experts at a moment’s notice, as well as escalate and communicate issues
to customer and Dell executives, as well as account and tower leaders. This is a new strategic
initiative with high visibility and executive expectations.
Support complex Network Security system configurations and standards for Network Security
platforms
Support complex business requirements to progressive design solutions; oversee the transition to
production
Present network related solutions to the client audience, develop detailed documentation
Perform service delivery skills in support of large scale Network Security projects
Respond to emergency calls when there are large Enterprise level issues
Essential Requirements
Higher education required, technical degree is an advantage
10+ years Network Security design, integration and operation experience
Experience in security auditing and compliance assurance
Knowledge of data networking protocols, Active Directory and experience with Identity
management tools and processes
High level knowledge of computer forensics tools, Firewalls and Proxies, SSH v2, IDS/IPS,
NIDS/NIPS, A/V, NAC and PNAC, PCI, SOX, HIPAA regulations and compliance
Ability to analyze, design and collaborate multiple layer protection architectures and to research,
recommend, and oversee implementation of new network security technology products
Excellent customer service skills, exceptional written and verbal skills including presentation skills
Desirable Requirements
Knowledge and experience with remediation and vulnerability management
2. Dell - Internal Use - Confidential
Multi-vendor security product knowledge
CISSP and/or other industry recongnized certifications
Network/Availability Management Systems knowledge
Experience with handling cyber attacks
Benefits
Our people are the most critical component of our long-term success and their health and wellbeing
are our priority. You will enjoy a comprehensive, locally competitive benefits package.
Dell is committed to the principle of equal employment opportunity for all employees and to providing
employees with a work environment free of discrimination and harassment. All employment decisions
at Dell are based on business needs, job requirements and individual qualifications, without regard to
race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age,
physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or
expression, marital, civil union or domestic partnership status, past or present military service, family
medical history or genetic information, family or parental status, or any other status protected by the
laws or regulations in the locations where we operate. Dell will not tolerate discrimination or
harassment based on any of these characteristics.
Just like a proxy server or cache server, a proxy firewall acts as an
intermediary between in-house clients and servers on the Internet. The
difference is that in addition to intercepting Internet requests and
responses, a proxy firewall also monitors incoming traffic for layer
7 protocols, such as HTTP and FTP. In addition to determining which traffic
is allowed and which is denied, a proxy firewall uses stateful
inspection technology and deep packet inspection to analyze incoming
traffic for signs of attack.
Proxy firewalls are considered to be the most secure type of firewall
because they prevent direct network contact with other systems. (Because
a proxy firewall has its own IP address, an outside network connection will
never receive packets from the sending network directly.) Having the ability
to examine the entire network packet, rather than just the network address
and port number, also means that a proxy firewall will have extensive
logging capabilities -- a valuable resource for security administrators who
are dealing with security incidents. According to Marcus Ranum, who is
credited with conceiving the idea of a proxy firewall, the goal of the proxy
approach is to create a single point that allows a security-conscious
programmer to assess threat levels represented by
3. Dell - Internal Use - Confidential
application protocols and put error detection, attack detection and validity
checking in place.
The added security offered by a proxy firewall has its drawbacks, however.
Because a proxy firewall establishes an additional connection for each
outgoing and incoming packet, the firewall can become a bottleneck,
causing a degradation of performance or becoming a single point of failure.
Additionally, proxy firewalls may only support certain popular network
protocols, thereby limiting which applications the network can support.
Network intrusion can occur in a number of ways, and there are consequently a number of ways to
handle it. Firewalls are a typical security measure, good for on-point security on a computer-by-computer
basis. However, proxy servers can help manage networks on an entire network scale. Firewalls reflect a
direct management of connections, while proxy servers reflect a control and routing of connections. And
while both function in different ways, both can function separately or together as network security
solutions.
Handling Traffic
When working with a home or business network that handles personal data, a primary concern is
security, and this means controlling the flow of incoming and outgoing Web traffic. Two ways to maintain
network security are to block traffic coming from or going to specific Internet Protocoladdresses on the
Web. Another way is to set up a computer, or proxy, to intercept and handle particular types of
communications based on the protocol they're using, such as HTTP for Web pages and File Transfer
Protocol.
Proxy Servers
A proxy server is a computer situated at the access point between a local network and the Internet, or
between two different parts of a network. This means that traffic entering and leaving the network must go
through the proxy server. Furthermore, the proxy server might handle traffic using only certain
communication protocols, such as Web traffic (HTTP) or direct FTP. Home wired or wireless routers often
act, or can act, like primitive proxy servers.
Firewalls
A firewall enables you or the security administrator to set up rules that allow or disallow traffic from
specific communication protocols or even specific Web addresses. Furthermore, a firewall can block
certain ports, or points of connection, so that external computers can't connect to your computer without
your knowing. Firewalls can exist as software packages that run on your computer or as hardware
4. Dell - Internal Use - Confidential
installations in such devices as network routers. Unlike proxy servers, firewalls are designed more as
traffic controls than guidance.
Advantages and Implementations
Both a proxy server and a firewall can function as part of a network security solution. For a direct
security measure, either on a computer or on a network server, a firewall enables the highest level of
immediate security on the device. Firewalls also often come packaged with major operating systems such
as Mac OS, Linux and Windows. When managing a large network, a proxy server will enhance your
security by disallowing direct connection to the network. Working in tandem, you can secure your network
with a proxy server that controls traffic to computers with firewalls that maintain secure traffic on each
computer.
Sponsored Links
SSHprotocol, version 2 SSHprotocol, version 1
Separate transport, authentication, and
connection protocols
One monolithic protocol
Strong cryptographic integrity check
Weak CRC-32 integrity check; admits
an insertion attack in conjunction
with some bulk ciphers.
Supports password changing N/A
Any number of session channels per
connection (including none)
Exactly one session channel per
connection (requires issuing a remote
command even when you don't want
one)
Full negotiation of modular cryptographic
and compression algorithms, including
bulk encryption, MAC, and public-key
Negotiates only the bulk cipher; all
others are fixed
Encryption, MAC, and compression are
negotiated separately for each direction,
with independent keys
The same algorithms and keys are
used in both directions (although RC4
uses separate keys, since the
algorithm's design demands that keys
not be reused)
5. Dell - Internal Use - Confidential
Extensible algorithm/protocol naming
scheme allows local extensions while
preserving interoperability
Fixed encoding precludes
interoperable additions
User authentication methods:
publickey (DSA, RSA*, OpenPGP)
hostbased
password
(Rhosts dropped due to insecurity)
Supports a wider variety:
public-key (RSA only)
RhostsRSA
password
Rhosts (rsh-style)
TIS
Kerberos
Use of Diffie-Hellmankey agreement
removes the need for a server key
Server key used for forwardsecrecy
on the session key
Supports public-key certificates N/A
User authentication exchange is more
flexible, and allows requiring multiple
forms of authentication for access.
Allows for exactly one form of
authentication per session.
hostbased authentication is in principle
independent of client network address,
and so can work with proxying, mobile
clients, etc. (though this is not currently
implemented).
RhostsRSA authentication is
effectively tied to the client host
address, limiting its usefulness.
periodic replacement of session keys N/A
* Not all SSH-2 implementations support RSA yet for user authentication or host
keys, since it's a relatively recent addition. The RSA algorithm was originally
omitted from the protocol due to its patent status, but that patent has since expired.
etwork intrusion detection systems[edit]
Network intrusion detection systems (NIDS) are placed at a strategic point or points within the
network to monitor traffic to and from all devices on the network. It performs an analysis of
passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the
library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert
6. Dell - Internal Use - Confidential
can be sent to the administrator. An example of an NIDS would be installing it on the subnet
where firewalls are located in order to see if someone is trying to break into the firewall. Ideally
one would scan all inbound and outbound traffic, however doing so might create a bottleneck that
would impair the overall speed of the network. OPNET and NetSim are commonly used tools for
simulation network intrusion detection systems. NID Systems are also capable of comparing
signatures for similar packets to link and drop harmful detected packets which have a signature
matching the records in the NIDS. When we classify the designing of the NIDS according to the
system interactivity property, there are two types: on-line and off-line NIDS. On-line NIDS deals
with the network in real time. It analyses the Ethernet packets and applies some rules, to decide
if it is an attack or not. Off-line NIDS deals with stored data and passes it through some
processes to decide if it is an attack or not.[1]
1. Network-based intrusion prevention system (NIPS): monitors the entire network for
suspicious traffic by analyzing protocol activity.
2. Wireless intrusion prevention systems (WIPS): monitor a wireless network for
suspicious traffic by analyzing wireless networking protocols.
3. Network behavior analysis (NBA): examines network traffic to identify threats that
generate unusual traffic flows, such as distributed denial of service (DDoS) attacks,
certain forms of malware and policy violations.
4. Host-based intrusion prevention system (HIPS): an installed software package which
monitors a single host for suspicious activity by analyzing events occurring within that
host.
NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic)
An intrusion detection system (IDS) is software that runs on a server or network device to
monitor and track network activity. By using an IDS, a network administrator can
configure the system to monitor network activity for suspicious behavior that can indicate
unauthorized access attempts. IDSs can be configured to evaluate system logs, look at
suspicious network activity, and disconnect sessions that appear to violate security
settings.
IDSs can be sold with firewalls. Firewalls by themselves will prevent many common
attacks, but they don't usually have the intelligence or the reporting capabilities to
monitor the entire network. An IDS, in conjunction with a firewall,allows both a reactive
posture with the firewall and a preventive posture with the IDS.
In response to an event, the IDS can react by disabling systems, shutting down ports,
ending sessions, deception (redirect to honeypot), and even potentially shutting down
your network. Anetwork-based IDS that takes active steps to halt or prevent an intrusion
is called a network intrusion prevention system (NIPS). When operating in this mode, they
are considered active systems.
A few years ago, NAC solutions tried to accomplish goals for locking down networks.
Most of my customers hated NAC. It added a layer of complexity that made the network
7. Dell - Internal Use - Confidential
behave unnatural and harder to support. It used a variety of ports, protocols, and physical
boxes to implement. In short, it was complicated. NAC supported networks broke down
often, causing nightmares for those legitimate users trying to get access and the people
supporting those networks.
What are people doing to support port lockdown today at the Department of Defense and
other large enterprise organizations? Surprisingly, the solution has been around for a
long time to help secure wireless networks. It is called 802.1x. Historically, 802.1x has
worked great on wireless networks and has always been a little troublesome on the wired
ports. But things have changed with enterprise policy servers (Cisco Identity Services)
that make the connection more easily configurable on modern day operating systems
such as Mac OS X Mountain Lion and Windows 8.
How does 802.1x work? According to Wikipedia,IEEE 802.1X is an IEEE Standard for port-
based Network Access Control (PNAC) that provides an authentication mechanism to
devices wishing to attach to a LAN or WLAN. It is part of the IEEE 802.1 group of
networking protocols.
8. Dell - Internal Use - Confidential
PCI-DSS refers to the Payment Card Industry Data Security Standard,an information securitystandard for
organizations thathandle branded creditcards from the major creditcard companies (such as Visa,MasterCard,
American Express,and Discover). This standard is mandated bythe major creditcard companies and
administered through the PCISecurity Standards Council.The purpose ofthe standard was to increase security
controls in organizations to reduce credit card fraud and limitcardholder data through such exposure.Validation
of compliance atUTD is performed on annual basis through the use ofSelf-AssessmentQuestionnaires (SAQs)
to validate security controls are both in place and continue to maintain the PCI Standards.Because the University
acts as a “merchant” and departments and business do creditcard transactions from designated terminals and
software applications on computer systems,the Universityis required to be complaintwith this standard.
The Gramm Leach BlileyAct of 1999 applies to financial institutions,or companies thatdo business similar to
that of a financial institution,such as making loans.Since some business processes atUTD may fall under
definition of a “financial institution”,the University is required to follow the compliance statutes ofGLBA. The
compliance sections ofGLBA refer to both the Privacy Rules regarding protecting consumer information and
Safeguard Rules which dictates thatinformation securityprograms and securitycontrols be developed to protect
financial data.Since the University already complies with FERPA, the Federal Trade Commission has ruled that
the Privacy Rule does notapply, and only the Safeguard Rule applies.
The general difference between PCI-DSS and GLBA is that PCI is an industry standard setform by the credit
card industryfor compliance.While it is not a legal requirement,failure to comply with the standard when fraud or
breaches ofcard information occur maybring financial penalties to the University by the credit card industry.
GLBA is a Federal law that dictates that any business thatfalls under the definition ofa financial institution is
required to follow the Privacy and Safeguard rule stipulations when applicable.Failure to comply with GLBA may
resultin sanctions,fines and/or imprisonmentofofficials.
Which do I need to comply with?
Both PCI-DSS and GLBA apply to UT Dallas.Any departmentthatprocesses creditcards as a merchant is
subjectto PCI-DSS. Any departmentthat provides financial services similar to those ofa financial institution is
subjectto GLBA.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted August 21, 1996.
Title II of HIPAA includes the Administrative Simplification Act, which requires improved efficiency in
healthcare delivery by standardizing electronic data interchange (EDI) and mandating the protection of
patient confidentiality (privacy) and the security of health data through the setting and enforcing of
standards. HIPAA Title II requires:
Standardization of electronic patient health, administrative, and financial data.
Unique identifiers for employers, health plans, and health care providers.
Standards protecting the privacy and security of individually identifiable health information.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the
American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote
the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act
addresses the privacy and security concerns associated with the electronic transmission of health
information, in part, through several provisions that strengthen the civil and criminal enforcement of the
HIPAA rules.