SlideShare a Scribd company logo

White Paper Security and High Availability Concerns with Wide Area Networks

Download as DOCX, PDF
C
Christopher Lietz
1 of 7
How Your Wide Area Network is Putting Your Company at Risk Overview Thiswhite paperdetailssome importantissuesthatbusinessdecision-makersneed to know concerning the way Internet Service Providers and Telco Carriers are now engineering the configuration of Wide AreaNetworks. The issuesathandare not necessarilywithanyparticularproviderorservice,but rather very real concerns regarding security and high availability of a Wide Area Network. Background Over the course of 35 years building and managing every type of network, Internet and Wide Area Network available, a noticeable shift in prioritization has occurred. While security has always been a concern, cost, performance and reliability—in that order—were more important. (Cost -> Performance -> Reliability - > Security) Thisdynamichas nowchanged.Due to vastly increasedsecurityconcerns and dependency on access to digital information,securityand reliabilityhave jumpedtothe headof the line,followedby performance and then cost. (Security -> High Availability -> Performance -> Cost) CEO’s,usersand companypresidentsare not happy with this order of importance, but IT Professionals are more comfortable than ever sacrificing performance for security in today’s digital IT world. To understandwhythe networkscurrentlyengineeredbythe ISPsandTelco’sfall shortof today’sdigital IT demands, we have toput ourselvesintothe minds of the Internet Service Providers and Information Carriers. It’s important to realize that most of these providers are frankly still stuck in the old Telco world with a lack of understanding regarding today’s connectivity requirements. Withthat in mind, it’seasiertounderstand whyyourprovideristryingtosell you a network design that will neither protect you nor provide adequate reliability. ** Note:The use of the word “reliability” in this context is not meant to state the actual “up time” of the provider but more to address the modern understanding of “reliability” to mean “high availability.” Thisis because todaysITprofessionals(note the difference betweenITprofessionalsand Telco provider engineers) understandthatnomatterhow reliable aprovideris, “thingswillhappen!” Sowe’ll leavethe “up time” reliability for the providers to define in their SLA. Our concern for reliability has to do with high availability of the connections to our Wide Area Network. Now with an understanding of the difference in perspective between Internet providers and IT professionals, we can see why the provider’s recommendation for our Wide Area Network is not comprehensive enough for today’s digital IT security requirements.
Due to theirlimitedscope focused solely onnetworkconnectivity in the Telco world, they simply don’t have the knowledge orexperience tounderstandthe depthof engineeringrequiredtochange the Wide Area Dynamic from the old prioritization model (Cost -> Performance -> Reliability - > Security) to the modern one (Security -> High Availability -> Performance -> Cost). Creating High Availability With this background information, let’s take a quick look at the type of network connectivity the ISPs and carriers want to implement (or may have already implemented) for your business. (Reference Diagram A-1 below to see the physical layout) ISPs try to sell prospects on the fact that if their network is an MPLS, MaN (Metro Area Network) or Metro Ethernet Network, it’s a closed and private network. Therefore, the customer doesn’t need to consider any security at each location. They believe Vlan or packet routing is enough. The ISPs supply a connection with a router; typically a Cisco or Adtran. The network is directly connected to this device, which also provides DHCP and DNS services to your network elements (PC’s and phones in many cases). So with this configuration, the devices are completely dependent on this router, and all data processing (digital IT) is captive on this network. The problem here is if they go down….you go down. This configuration does not allow for any secondary, failover or “high availability” connectivity to the Internet or your core operations, which is typically at a data-center. This is known as “zero tolerance” to IT professionals. Evenmore alarmingis thisconfigurationprovidesnosecurity protection to the local network. Don’t be fooled by your ISP trying to explain that they have IPS and IDS systems in place. These are useless in protecting network assets from encrypted traffic and in containing local infections (i.e. an infected notebook connected to the network). This will be explained in the next section. Note:If you havea VoIPphonesystem,you’reeven moreexposed to an unreliable network as it pertains to high availability. Diagram A-1
The diagram above showsthe physical layout and limitations of a typical Wide Area Network provided by mostISP’s and Telcocarriers. Diagram A-2 will demonstrate acost-effective highlyavailable network that also offers the highest level of security protection to local digital IT assets. The focus here is not to displace the ISP or Telco. On the contrary, you need them to connect to the Internet,otherlocationsandyourcentral datacore. The goal isto offera cost-effectiveway to mitigate the limitations and security exposure of the ISP proposed network. Taking the modern prioritization model (Security -> High Availability -> Performance -> Cost) into consideration, the security solution that Data-Tech’s engineering team has selected is the Dell SonicWALL series of security appliances. Essentiallyoursolution istosimplyplace aSonicWALLsecurityappliance betweenyournetworkandthe router provided by your ISP. With this simple, cost-effective solution added to your network, we will modify the Telco dynamic (Cost -> Performance -> Reliability - > Security) into the modern accepted interpretation by today’s top IT professionals of (Security -> High Availability -> Performance -> Cost). Withthe SonicWALLsecurityappliance inplace, we can provide carrier-neutral DHCP and DNS services fromthe SonicWALL. Providingthese core network services from the SonicWALL is critical for our high availability plan. In order to leverage both carriers automatically, we need a carrier-neutral device to provide these core network services. This is the first step to achieve a highly available network. At thispointyou alreadyhave yourprimaryISPestablished. Now withthe SonicWALLinplace,youhave complete flexibilityforasecondaryproviderforbackupservices. Depending on your budget and needs, you can use a cable modem, T1, Metro-Ethernet and also 4g wireless connectivity. The SonicWALLappliance will automaticallyestablishaVPN connectionthroughthe backupcarrierif the primary carrier fails. This is instant; the connection will exist all the time and can actually be made available for manual load balancing if desired. Because the SonicWALL is providing core network services of DHCP and DNS, the failover for the endpoints will be relativelyseamless. (We use the term “relatively”because if the user is just accessing the Internet or email, he/she will never notice the failover. If, however, the user is working with a program that requiresa“persistent”connectionlike RDP, Citrix or 2X, he/she will notice a short blip in the connection. This is completely acceptable as opposed to the alternative, which is down time. This diagram shows the physical layout of a highly available network with a SonicWALL security appliance. Diagram A-2
Critical Network and Endpoint Security Ok,so we’ve nowclearly defined the essential advantage of creating a cost-effective, highly available networkbyinsertingaSonicWALLsecurityappliance atyourremote office locations. Now we’ll look at how this same appliance provides critical network and endpoint security to the endpoints at this location. Throughout this process, we’ll also get a clearer picture on why the Diagram A-1 network infrastructure does not provide this protection. There are literallybookswrittenonthe securityprotectionprovidedbya SonicWALL security appliance. However, we’ll focus on 3 top security initiatives of concern. 1. Application Controls 2. Wide Area Network Data Traffic Security Scanning 3. DPI-SSL (Deep Packet Inspection of Secure Socket Layer Data Packets) ApplicationControls allowyoutoblock,limitorcontrol access to Internet andwebapplicationsthatrun on yourcomputers. These controlsworkwithyourcurrentAD securitystructure soyousimply integrate your currently layered security into the SonicWALL protection scheme. Wide Area NetworkData Traffic Security isa recommendedfeature of the SonicWALLsecurity devices. By routing all data packets through the SonicWALL, you can be assured that if a PC was to become infected, the transmissionof infected packets would be stopped at the local security appliance. This is essential on Wide Area Networks where data packets can be destined for almost any other endpoint. DPI-SSL or Deep Packet Inspection of Secure Socket Layer Data Packets: Today, this is the most critical service asecurityappliance canprovide. SonicWALLdoes,mostdon’t. Simply ask your provider if their security includes DPI-SSL, and then verify it. So what is DPI-SSL? Well as we know, Google is trying to encrypt the universe. To that end, 80% of websiteshave been encrypted (https on port 443). While this initiative is successful in encrypting the connection—andthusthe datapackettransfer—betweenthe endpoint(yourPC) andthe website,ithas had unforeseen consequences. Hackers, being some of the smartest IT engineers in the world, quickly figured out that if the website connection to the PC is encrypted, all they needed to do was infect the website with downloadable malware (including Trojan horses, viruses, spyware, as well as the dreaded Ransomware (Crypto- Locker)). Because the connectionbetweenthe PCandthe website is encrypted, all firewalls (and most security appliances) can’t see the encrypted traffic. Thus the infected files pass uninhibited from the website to the PC. BAM…you’re infected. What’sworse, if youdon’thave a device toscan your local networktraffic (aka, a SonicWALL appliance) thenyourentire networkandserverswill soonbe infected.Game over,the PinkSlipVirus has just been delivered. At your next gig, you’d likely invest in a SonicWALL security appliance to scan all network traffic AND decrypt any encrypted traffic.
More Red Flags… How Was My Network Hacked? Do you have any notebook computers that connect to your network? Of course you do. So let’s say a userchecksin to a hotel andconnectsto a veryopenand veryunsecure network. More thanlikely,they will get a virus that will easily bypass the mediocre anti-virus program. What’s next? You guessed it…Infected. No big deal; it’s only their notebook computer, right? BUT what happens when they get back to the office and connect instantly to your wireless network (as most notebooks do)? If you don’t have a SonicWALLsecurityappliance scanningall of the data packetscomingoutof that notebookBEFOREthey hityour corporate network(orworse yet,yourunsecure Wide AreaNetwork)….that’sright,the PinkSlip Virus.(Thatcouldbe YOUR pinkslipwe’re talkingabout.) The restof yournetworkisencryptedwith the Crypto-Locker or current variant. Don’t Think it Can Happen to You? Keep Reading, it Gets Better….or Worse So youthinkbecause yourapplicationsare locatedinthe cloud and not on your local network that your security exposure is reduced. You couldn’t be more wrong. In fact, hackers are counting on it. As an illustration, let’s envision your remote office for an insurance agency or even a collision repair center. From your point of view, there are only 3 or 4 pc workstations and maybe a notebook computer. No server, no data. The users simply access a cloud application through the internet browser. Soyou’re not reallyworriedaboutahackertargetingthese assetsandtherefore don’twant to spend the money to secure this location (by money, we’re talking about $99 per month). Anyway, neither you nor your ISP sees a need for high-level network security at this location. So here’s what happens: Your user goes to a website that has been infected by a hacker. It may very well be the normal CloudServicessitethattheygoto everyday,buttodayit’sinfectedby a Trojan Horse virus. Thisparticularvirusis a “Key Logger.” As soon as the user opens this site in the browser the key loggerisautomaticallydownloadedandinstalled;ithappensinless than 30 seconds. A key logger virus or malware sitsquietlyonyourcomputerwithoutaffectingitsfunctionality;itssole purpose is to record all of the keystrokesandtake snapshotsof the computerscreeneveryfew seconds. Thisinformation is storedon yourlocal computerwhere asecondary function of the key logger transmits this information over the internet to the hacker’s servers. Now you’re curious…Why do this? Well your employee has done a few things this morning on the computer. 1. First, she went to her online banking website, logged in and checked her checking account balance. BAM…the hacker now has her bank, username and password. Note: the password is masked on the computer screen, but the key logger records the key strokes; so they have the password! 2. Second, this is your receptionist, so her second move is to log in to the corporate online banking OR credit card website. Again BAM…hackers have this information.
You still have no idea what’s going on. Now your receptionist starts taking payments from your customersandlogsintoyour online creditcardprocessingportal. Ok,thingsare now lookingreallybad. Your exposure has just transcended your organization to compromising your customer’s personal information. This goes on and on to include screen shots of your online application which has your customer’sname,address,phone number,email addressalongwithanyotherinformationstored here. Worried yet? So nowyoumightbe thinking:“Myusersdon’tgo to any “bad” websites.” How doyou know? You have no securitydevice monitoringyouruser’sactivity. What’sworse,itdoesn’tmatter–They don’thave to! True Story: As a test, a certain security engineer left a dozen USB keys scattered about a hotel. When inserted intoa computer, the user found no data on the USB; it appeared to be blank. However, in the 30 secondsit was plugged into the computer, a key logger and remote control program were installed on that computer and the user never knew it. How do we know this occurred? The remote control utility essentially “phoned home” when plugged into the computer. Here’sthe reallyinterestingpart:There were 12 USB drivesscatteredabout. However, we were able to observe over 24 different devices that “phoned home.” That means that after seeing nothing on the thumbdrive,the personjustleftitforthe nextinnocentbystandertoinfecthiscomputer.That’s human nature for you. Ok sothe picture shouldbe clearby now. You’re exposed to some really nasty stuff if you don’t have a SonicWALL security appliance at every remote location, no matter how big or small. The good newsisData-Techhas partneredwithDell SonicWALLtoprovide comprehensive cost-effective service planstoprotectyour users,data and network from the bad guys. Most remote locations can be totally protected from everything in this document and more starting as low as $99 per month. Monitoring, Reporting & Regulatory Compliance This document purposely excluded the requirements for regulatory compliance. Data-Tech and Dell SonicWALL are well versed on these requirements and can arrange a FREE security audit to determine your specific security compliance needs. Althoughthis may not seem incredibly important (depending on the nature of your business), ISPs do not have the ability to provide the necessary level of monitoring and reporting required to establish HIPAA and other regulatory compliance. SonicWALLhas putmillions of dollars into their Global Management System, not only to manage large enterprise distributed security but also to provide the necessary reporting for compliance.
Real World Example Why is it important to secure Online Banking Portals? A commonhackertool is phishing.Phishingiswhere yougetanemail thatasks you to reset your Online Banking Password (or other secure site). However this is a fake email made to look exactly like your BankingEmail with a Link to a website that looks exactly like your banking or Credit Card website. You cannot tell the difference.Howeverthe actual locationof the site is NOT the official URL of your Online Bankingor CreditCard. You will not know this but your SonicWALL Security Device will. That's because your official OnlineBankingPortal URLisapproved in the SonicWALL Security but the fake one is NOT!! So, if you change banks, add a new bank or portal or for some reason your bank actually changes it's secure URL the SonicWALL Security has to be updated by a certified SonicWALL Security Engineer to allow access. Thislevel of Cyber-Security protection can only be achieved with SonicWALL’s DPI / SSL Secure Packet InspectionTechnology.Don’tbe fooledbyyourISPwhooffersManagedSecurity. Simplyask them for a DPI / SSL Verification statement. If they can’t provide this…call Data-Tech for a SonicWALL Security solution. Conclusion So the bottom line is this: With one cost-effective appliance, you can achieve the security, reliability, compliance and performance that are essential to today’s critical digital IT requirements. Well thatabout coversit. Soundsexpensive? It’s not. With Data-Tech’s Firewall-as-a-Service, you can have this level of high availability and security protection for as low as $99 per month. Thank you and please contact us at Data-Tech for a free consultation with our certified security sales engineers. Chris Lietz President, Data-Tech Memberof the CyberCATS www.DataTechITP.com Important Links: DPI-SSLVideobyData-Tech:https://www.youtube.com/watch?v=gG1qW3XlNbQ Firewall-as-a-Service VideobyData-Tech:https://www.youtube.com/watch?v=hMbUZVPHDtM Firewall-as-a-Service Information: https://www.datatechitp.com/2015/07/it-as-a-service-part-2- firewall-as-a-service/

Recommended

Week 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitWeek 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitDavid Nesbit II
 
Sdwan webinar
Sdwan webinarSdwan webinar
Sdwan webinarpmohapat
 
Network data
Network dataNetwork data
Network datanetworkdata2018
 
NewStar NIMS Profile
NewStar NIMS ProfileNewStar NIMS Profile
NewStar NIMS ProfilePraveen_Annubhukta
 
Public Internet WAN
Public Internet WANPublic Internet WAN
Public Internet WANClaudio Bolla, CISM
 
The Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White PaperThe Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White PaperAerohive Networks
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAPMelvin Dickerson
 
Top 10 Reasons Enterprises Prefer Juniper Wireless
Top 10 Reasons Enterprises Prefer Juniper WirelessTop 10 Reasons Enterprises Prefer Juniper Wireless
Top 10 Reasons Enterprises Prefer Juniper WirelessJuniper Networks
 

Recommended

Week 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitWeek 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitDavid Nesbit II
 
Sdwan webinar
Sdwan webinarSdwan webinar
Sdwan webinarpmohapat
 
Network data
Network dataNetwork data
Network datanetworkdata2018
 
NewStar NIMS Profile
NewStar NIMS ProfileNewStar NIMS Profile
NewStar NIMS ProfilePraveen_Annubhukta
 
Public Internet WAN
Public Internet WANPublic Internet WAN
Public Internet WANClaudio Bolla, CISM
 
The Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White PaperThe Network Impact of 802.11ac White Paper
The Network Impact of 802.11ac White PaperAerohive Networks
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAPMelvin Dickerson
 
Top 10 Reasons Enterprises Prefer Juniper Wireless
Top 10 Reasons Enterprises Prefer Juniper WirelessTop 10 Reasons Enterprises Prefer Juniper Wireless
Top 10 Reasons Enterprises Prefer Juniper WirelessJuniper Networks
 
Draft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareDraft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareSelena829218
 
Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01aghacrom
 
Network proposal ppt
Network proposal pptNetwork proposal ppt
Network proposal pptFrankNitty II
 
Ranks ITT Profile Presentation
Ranks ITT Profile PresentationRanks ITT Profile Presentation
Ranks ITT Profile PresentationRubaiath Rahman
 
Chapter i
Chapter iChapter i
Chapter iDonTiburcio
 
From SDN to Cloud Networking
From SDN to Cloud NetworkingFrom SDN to Cloud Networking
From SDN to Cloud NetworkingJuniper Networks
 
Decoding SDN
Decoding SDNDecoding SDN
Decoding SDNJuniper Networks
 
Automatic Detection of Stronger Wi-Fi Networks
Automatic Detection of Stronger Wi-Fi NetworksAutomatic Detection of Stronger Wi-Fi Networks
Automatic Detection of Stronger Wi-Fi NetworksIRJET Journal
 
Advanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksAdvanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksIJNSA Journal
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpnShradha Maheshwari
 
Enterprise network end to end solution
Enterprise network end to end solutionEnterprise network end to end solution
Enterprise network end to end solutionSantanu Mukhopadhyay
 
Completed+Presentation+Capstone
Completed+Presentation+CapstoneCompleted+Presentation+Capstone
Completed+Presentation+Capstonecarl1968
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentationRajesh Thakur
 
Jayeed 062424056 Ete605 Sec 2
Jayeed 062424056 Ete605 Sec 2Jayeed 062424056 Ete605 Sec 2
Jayeed 062424056 Ete605 Sec 2mashiur
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)Shreyank Gupta
 
Implementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportImplementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportJatin Singh
 
Capstone Powerpoint
Capstone PowerpointCapstone Powerpoint
Capstone PowerpointChris Riccio
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET Journal
 
מונחים טכנולוגים למנהלי הדרכה באמדוקס
מונחים טכנולוגים למנהלי הדרכה באמדוקסמונחים טכנולוגים למנהלי הדרכה באמדוקס
מונחים טכנולוגים למנהלי הדרכה באמדוקסSamuel Dratwa
 
Ism
IsmIsm
IsmRavi Foods Pvt. Ltd. (DUKES)
 
Logm investor presentation q3 2015
Logm investor presentation q3 2015Logm investor presentation q3 2015
Logm investor presentation q3 2015irlogmein
 
Opusing Presentation
Opusing PresentationOpusing Presentation
Opusing PresentationEva Weber
 

More Related Content

What's hot

Draft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareDraft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareSelena829218
 
Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01aghacrom
 
Network proposal ppt
Network proposal pptNetwork proposal ppt
Network proposal pptFrankNitty II
 
Ranks ITT Profile Presentation
Ranks ITT Profile PresentationRanks ITT Profile Presentation
Ranks ITT Profile PresentationRubaiath Rahman
 
From SDN to Cloud Networking
From SDN to Cloud NetworkingFrom SDN to Cloud Networking
From SDN to Cloud NetworkingJuniper Networks
 
Automatic Detection of Stronger Wi-Fi Networks
Automatic Detection of Stronger Wi-Fi NetworksAutomatic Detection of Stronger Wi-Fi Networks
Automatic Detection of Stronger Wi-Fi NetworksIRJET Journal
 
Advanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksAdvanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksIJNSA Journal
 
Enterprise network end to end solution
Enterprise network end to end solutionEnterprise network end to end solution
Enterprise network end to end solutionSantanu Mukhopadhyay
 
Completed+Presentation+Capstone
Completed+Presentation+CapstoneCompleted+Presentation+Capstone
Completed+Presentation+Capstonecarl1968
 
Jayeed 062424056 Ete605 Sec 2
Jayeed 062424056 Ete605 Sec 2Jayeed 062424056 Ete605 Sec 2
Jayeed 062424056 Ete605 Sec 2mashiur
 
Implementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportImplementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportJatin Singh
 
Capstone Powerpoint
Capstone PowerpointCapstone Powerpoint
Capstone PowerpointChris Riccio
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET Journal
 
מונחים טכנולוגים למנהלי הדרכה באמדוקס
מונחים טכנולוגים למנהלי הדרכה באמדוקסמונחים טכנולוגים למנהלי הדרכה באמדוקס
מונחים טכנולוגים למנהלי הדרכה באמדוקסSamuel Dratwa
 

What's hot (20)

Draft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareDraft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | Slideshare
 
Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01Expl sw chapter_07_wireless rev.01
Expl sw chapter_07_wireless rev.01
 
Network proposal ppt
Network proposal pptNetwork proposal ppt
Network proposal ppt
 
Ranks ITT Profile Presentation
Ranks ITT Profile PresentationRanks ITT Profile Presentation
Ranks ITT Profile Presentation
 
Chapter i
Chapter iChapter i
Chapter i
 
From SDN to Cloud Networking
From SDN to Cloud NetworkingFrom SDN to Cloud Networking
From SDN to Cloud Networking
 
Decoding SDN
Decoding SDNDecoding SDN
Decoding SDN
 
Automatic Detection of Stronger Wi-Fi Networks
Automatic Detection of Stronger Wi-Fi NetworksAutomatic Detection of Stronger Wi-Fi Networks
Automatic Detection of Stronger Wi-Fi Networks
 
Advanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet NetworksAdvanced Security Management in Metro Ethernet Networks
Advanced Security Management in Metro Ethernet Networks
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Enterprise network end to end solution
Enterprise network end to end solutionEnterprise network end to end solution
Enterprise network end to end solution
 
Completed+Presentation+Capstone
Completed+Presentation+CapstoneCompleted+Presentation+Capstone
Completed+Presentation+Capstone
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
Jayeed 062424056 Ete605 Sec 2
Jayeed 062424056 Ete605 Sec 2Jayeed 062424056 Ete605 Sec 2
Jayeed 062424056 Ete605 Sec 2
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
Implementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- reportImplementation of intelligent wide area network(wan)- report
Implementation of intelligent wide area network(wan)- report
 
Capstone Powerpoint
Capstone PowerpointCapstone Powerpoint
Capstone Powerpoint
 
IRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private NetworksIRJET- A Survey of Working on Virtual Private Networks
IRJET- A Survey of Working on Virtual Private Networks
 
מונחים טכנולוגים למנהלי הדרכה באמדוקס
מונחים טכנולוגים למנהלי הדרכה באמדוקסמונחים טכנולוגים למנהלי הדרכה באמדוקס
מונחים טכנולוגים למנהלי הדרכה באמדוקס
 
Ism
IsmIsm
Ism
 

Viewers also liked

Logm investor presentation q3 2015
Logm investor presentation q3 2015Logm investor presentation q3 2015
Logm investor presentation q3 2015irlogmein
 
Opusing Presentation
Opusing PresentationOpusing Presentation
Opusing PresentationEva Weber
 
White Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksWhite Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksChristopher Lietz
 
A Rhett Williams Resume
A Rhett Williams ResumeA Rhett Williams Resume
A Rhett Williams ResumeRhett Williams
 
WorldLoop Annualreport_2013
WorldLoop Annualreport_2013WorldLoop Annualreport_2013
WorldLoop Annualreport_2013Barbara Toorens
 
Why analytics projects fail
Why analytics projects failWhy analytics projects fail
Why analytics projects failDr. Bülent Dal
 

Viewers also liked (14)

Logm investor presentation q3 2015
Logm investor presentation q3 2015Logm investor presentation q3 2015
Logm investor presentation q3 2015
 
Opusing Presentation
Opusing PresentationOpusing Presentation
Opusing Presentation
 
CV-Martin Majzlan-ENG
CV-Martin Majzlan-ENGCV-Martin Majzlan-ENG
CV-Martin Majzlan-ENG
 
White Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area NetworksWhite Paper Security and High Availability Concerns with Wide Area Networks
White Paper Security and High Availability Concerns with Wide Area Networks
 
The Dell Way
The Dell WayThe Dell Way
The Dell Way
 
Joel_2015
Joel_2015Joel_2015
Joel_2015
 
A Rhett Williams Resume
A Rhett Williams ResumeA Rhett Williams Resume
A Rhett Williams Resume
 
Joel_2015
Joel_2015Joel_2015
Joel_2015
 
Vaibhav Pandya-best-2
Vaibhav Pandya-best-2Vaibhav Pandya-best-2
Vaibhav Pandya-best-2
 
WorldLoop Annualreport_2013
WorldLoop Annualreport_2013WorldLoop Annualreport_2013
WorldLoop Annualreport_2013
 
Why analytics projects fail
Why analytics projects failWhy analytics projects fail
Why analytics projects fail
 
Logitech G930 No Audio Feed
Logitech G930 No Audio FeedLogitech G930 No Audio Feed
Logitech G930 No Audio Feed
 
LSM Resume 16 online
LSM Resume 16 onlineLSM Resume 16 online
LSM Resume 16 online
 
res
resres
res
 

Similar to White Paper Security and High Availability Concerns with Wide Area Networks

Telus - Network as a service
Telus - Network as a serviceTelus - Network as a service
Telus - Network as a serviceGavin M Amos.
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecurity Gen
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecurity Gen
 
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...SecurityGen1
 
White Paper smaller
White Paper smallerWhite Paper smaller
White Paper smallerJonny Sharp
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
How to Re-evaluate Your MPLS Service Provider
How to Re-evaluate Your MPLS Service ProviderHow to Re-evaluate Your MPLS Service Provider
How to Re-evaluate Your MPLS Service ProviderIdan Hershkovich
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationSymantec
 
The definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networksThe definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networksAerohive Networks
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-ITIdan Hershkovich
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfBoney Maundu Slim
 
"Islands of Connectivity" are harming profitability and slowing growth
"Islands of Connectivity" are harming profitability and slowing growth"Islands of Connectivity" are harming profitability and slowing growth
"Islands of Connectivity" are harming profitability and slowing growthMestizo Enterprises
 
GETTING YOUR BUSINESS ULTRA-CONNECTED
GETTING YOUR BUSINESS ULTRA-CONNECTEDGETTING YOUR BUSINESS ULTRA-CONNECTED
GETTING YOUR BUSINESS ULTRA-CONNECTEDMallory Zemelis
 

Similar to White Paper Security and High Availability Concerns with Wide Area Networks (20)

5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
Telus - Network as a service
Telus - Network as a serviceTelus - Network as a service
Telus - Network as a service
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
 
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
 
White Paper smaller
White Paper smallerWhite Paper smaller
White Paper smaller
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
 
How to Re-evaluate Your MPLS Service Provider
How to Re-evaluate Your MPLS Service ProviderHow to Re-evaluate Your MPLS Service Provider
How to Re-evaluate Your MPLS Service Provider
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN OptimizationTECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
TECHNICAL WHITE PAPER: NetBackup Appliances WAN Optimization
 
The definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networksThe definitive guide for evaluating enterprise WLAN networks
The definitive guide for evaluating enterprise WLAN networks
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT
 
En35793797
En35793797En35793797
En35793797
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
 
Matrix
MatrixMatrix
Matrix
 
"Islands of Connectivity" are harming profitability and slowing growth
"Islands of Connectivity" are harming profitability and slowing growth"Islands of Connectivity" are harming profitability and slowing growth
"Islands of Connectivity" are harming profitability and slowing growth
 
SDWAN.pdf
SDWAN.pdfSDWAN.pdf
SDWAN.pdf
 
GETTING YOUR BUSINESS ULTRA-CONNECTED
GETTING YOUR BUSINESS ULTRA-CONNECTEDGETTING YOUR BUSINESS ULTRA-CONNECTED
GETTING YOUR BUSINESS ULTRA-CONNECTED
 

More from Christopher Lietz

Consumption Marketing Strategy - The New Rules of Marketing
Consumption Marketing Strategy - The New Rules of MarketingConsumption Marketing Strategy - The New Rules of Marketing
Consumption Marketing Strategy - The New Rules of MarketingChristopher Lietz
 
Versa Communicator VaaS Feature Matrix
Versa Communicator VaaS Feature MatrixVersa Communicator VaaS Feature Matrix
Versa Communicator VaaS Feature MatrixChristopher Lietz
 
Data-Tech's Customer Promise Narrative
Data-Tech's Customer Promise NarrativeData-Tech's Customer Promise Narrative
Data-Tech's Customer Promise NarrativeChristopher Lietz
 
Dynamic Resource Allocation Strategy CL 12-16-2014
Dynamic Resource Allocation Strategy CL 12-16-2014Dynamic Resource Allocation Strategy CL 12-16-2014
Dynamic Resource Allocation Strategy CL 12-16-2014Christopher Lietz
 
Micro Cheetah Cloud Station Solution Brief
Micro Cheetah Cloud Station Solution BriefMicro Cheetah Cloud Station Solution Brief
Micro Cheetah Cloud Station Solution BriefChristopher Lietz
 

More from Christopher Lietz (6)

Consumption Marketing Strategy - The New Rules of Marketing
Consumption Marketing Strategy - The New Rules of MarketingConsumption Marketing Strategy - The New Rules of Marketing
Consumption Marketing Strategy - The New Rules of Marketing
 
2016 Letter from Rick Scott
2016 Letter from Rick Scott2016 Letter from Rick Scott
2016 Letter from Rick Scott
 
Versa Communicator VaaS Feature Matrix
Versa Communicator VaaS Feature MatrixVersa Communicator VaaS Feature Matrix
Versa Communicator VaaS Feature Matrix
 
Data-Tech's Customer Promise Narrative
Data-Tech's Customer Promise NarrativeData-Tech's Customer Promise Narrative
Data-Tech's Customer Promise Narrative
 
Dynamic Resource Allocation Strategy CL 12-16-2014
Dynamic Resource Allocation Strategy CL 12-16-2014Dynamic Resource Allocation Strategy CL 12-16-2014
Dynamic Resource Allocation Strategy CL 12-16-2014
 
Micro Cheetah Cloud Station Solution Brief
Micro Cheetah Cloud Station Solution BriefMicro Cheetah Cloud Station Solution Brief
Micro Cheetah Cloud Station Solution Brief
 

White Paper Security and High Availability Concerns with Wide Area Networks

  • 1. How Your Wide Area Network is Putting Your Company at Risk Overview Thiswhite paperdetailssome importantissuesthatbusinessdecision-makersneed to know concerning the way Internet Service Providers and Telco Carriers are now engineering the configuration of Wide AreaNetworks. The issuesathandare not necessarilywithanyparticularproviderorservice,but rather very real concerns regarding security and high availability of a Wide Area Network. Background Over the course of 35 years building and managing every type of network, Internet and Wide Area Network available, a noticeable shift in prioritization has occurred. While security has always been a concern, cost, performance and reliability—in that order—were more important. (Cost -> Performance -> Reliability - > Security) Thisdynamichas nowchanged.Due to vastly increasedsecurityconcerns and dependency on access to digital information,securityand reliabilityhave jumpedtothe headof the line,followedby performance and then cost. (Security -> High Availability -> Performance -> Cost) CEO’s,usersand companypresidentsare not happy with this order of importance, but IT Professionals are more comfortable than ever sacrificing performance for security in today’s digital IT world. To understandwhythe networkscurrentlyengineeredbythe ISPsandTelco’sfall shortof today’sdigital IT demands, we have toput ourselvesintothe minds of the Internet Service Providers and Information Carriers. It’s important to realize that most of these providers are frankly still stuck in the old Telco world with a lack of understanding regarding today’s connectivity requirements. Withthat in mind, it’seasiertounderstand whyyourprovideristryingtosell you a network design that will neither protect you nor provide adequate reliability. ** Note:The use of the word “reliability” in this context is not meant to state the actual “up time” of the provider but more to address the modern understanding of “reliability” to mean “high availability.” Thisis because todaysITprofessionals(note the difference betweenITprofessionalsand Telco provider engineers) understandthatnomatterhow reliable aprovideris, “thingswillhappen!” Sowe’ll leavethe “up time” reliability for the providers to define in their SLA. Our concern for reliability has to do with high availability of the connections to our Wide Area Network. Now with an understanding of the difference in perspective between Internet providers and IT professionals, we can see why the provider’s recommendation for our Wide Area Network is not comprehensive enough for today’s digital IT security requirements.
  • 2. Due to theirlimitedscope focused solely onnetworkconnectivity in the Telco world, they simply don’t have the knowledge orexperience tounderstandthe depthof engineeringrequiredtochange the Wide Area Dynamic from the old prioritization model (Cost -> Performance -> Reliability - > Security) to the modern one (Security -> High Availability -> Performance -> Cost). Creating High Availability With this background information, let’s take a quick look at the type of network connectivity the ISPs and carriers want to implement (or may have already implemented) for your business. (Reference Diagram A-1 below to see the physical layout) ISPs try to sell prospects on the fact that if their network is an MPLS, MaN (Metro Area Network) or Metro Ethernet Network, it’s a closed and private network. Therefore, the customer doesn’t need to consider any security at each location. They believe Vlan or packet routing is enough. The ISPs supply a connection with a router; typically a Cisco or Adtran. The network is directly connected to this device, which also provides DHCP and DNS services to your network elements (PC’s and phones in many cases). So with this configuration, the devices are completely dependent on this router, and all data processing (digital IT) is captive on this network. The problem here is if they go down….you go down. This configuration does not allow for any secondary, failover or “high availability” connectivity to the Internet or your core operations, which is typically at a data-center. This is known as “zero tolerance” to IT professionals. Evenmore alarmingis thisconfigurationprovidesnosecurity protection to the local network. Don’t be fooled by your ISP trying to explain that they have IPS and IDS systems in place. These are useless in protecting network assets from encrypted traffic and in containing local infections (i.e. an infected notebook connected to the network). This will be explained in the next section. Note:If you havea VoIPphonesystem,you’reeven moreexposed to an unreliable network as it pertains to high availability. Diagram A-1
  • 3. The diagram above showsthe physical layout and limitations of a typical Wide Area Network provided by mostISP’s and Telcocarriers. Diagram A-2 will demonstrate acost-effective highlyavailable network that also offers the highest level of security protection to local digital IT assets. The focus here is not to displace the ISP or Telco. On the contrary, you need them to connect to the Internet,otherlocationsandyourcentral datacore. The goal isto offera cost-effectiveway to mitigate the limitations and security exposure of the ISP proposed network. Taking the modern prioritization model (Security -> High Availability -> Performance -> Cost) into consideration, the security solution that Data-Tech’s engineering team has selected is the Dell SonicWALL series of security appliances. Essentiallyoursolution istosimplyplace aSonicWALLsecurityappliance betweenyournetworkandthe router provided by your ISP. With this simple, cost-effective solution added to your network, we will modify the Telco dynamic (Cost -> Performance -> Reliability - > Security) into the modern accepted interpretation by today’s top IT professionals of (Security -> High Availability -> Performance -> Cost). Withthe SonicWALLsecurityappliance inplace, we can provide carrier-neutral DHCP and DNS services fromthe SonicWALL. Providingthese core network services from the SonicWALL is critical for our high availability plan. In order to leverage both carriers automatically, we need a carrier-neutral device to provide these core network services. This is the first step to achieve a highly available network. At thispointyou alreadyhave yourprimaryISPestablished. Now withthe SonicWALLinplace,youhave complete flexibilityforasecondaryproviderforbackupservices. Depending on your budget and needs, you can use a cable modem, T1, Metro-Ethernet and also 4g wireless connectivity. The SonicWALLappliance will automaticallyestablishaVPN connectionthroughthe backupcarrierif the primary carrier fails. This is instant; the connection will exist all the time and can actually be made available for manual load balancing if desired. Because the SonicWALL is providing core network services of DHCP and DNS, the failover for the endpoints will be relativelyseamless. (We use the term “relatively”because if the user is just accessing the Internet or email, he/she will never notice the failover. If, however, the user is working with a program that requiresa“persistent”connectionlike RDP, Citrix or 2X, he/she will notice a short blip in the connection. This is completely acceptable as opposed to the alternative, which is down time. This diagram shows the physical layout of a highly available network with a SonicWALL security appliance. Diagram A-2
  • 4. Critical Network and Endpoint Security Ok,so we’ve nowclearly defined the essential advantage of creating a cost-effective, highly available networkbyinsertingaSonicWALLsecurityappliance atyourremote office locations. Now we’ll look at how this same appliance provides critical network and endpoint security to the endpoints at this location. Throughout this process, we’ll also get a clearer picture on why the Diagram A-1 network infrastructure does not provide this protection. There are literallybookswrittenonthe securityprotectionprovidedbya SonicWALL security appliance. However, we’ll focus on 3 top security initiatives of concern. 1. Application Controls 2. Wide Area Network Data Traffic Security Scanning 3. DPI-SSL (Deep Packet Inspection of Secure Socket Layer Data Packets) ApplicationControls allowyoutoblock,limitorcontrol access to Internet andwebapplicationsthatrun on yourcomputers. These controlsworkwithyourcurrentAD securitystructure soyousimply integrate your currently layered security into the SonicWALL protection scheme. Wide Area NetworkData Traffic Security isa recommendedfeature of the SonicWALLsecurity devices. By routing all data packets through the SonicWALL, you can be assured that if a PC was to become infected, the transmissionof infected packets would be stopped at the local security appliance. This is essential on Wide Area Networks where data packets can be destined for almost any other endpoint. DPI-SSL or Deep Packet Inspection of Secure Socket Layer Data Packets: Today, this is the most critical service asecurityappliance canprovide. SonicWALLdoes,mostdon’t. Simply ask your provider if their security includes DPI-SSL, and then verify it. So what is DPI-SSL? Well as we know, Google is trying to encrypt the universe. To that end, 80% of websiteshave been encrypted (https on port 443). While this initiative is successful in encrypting the connection—andthusthe datapackettransfer—betweenthe endpoint(yourPC) andthe website,ithas had unforeseen consequences. Hackers, being some of the smartest IT engineers in the world, quickly figured out that if the website connection to the PC is encrypted, all they needed to do was infect the website with downloadable malware (including Trojan horses, viruses, spyware, as well as the dreaded Ransomware (Crypto- Locker)). Because the connectionbetweenthe PCandthe website is encrypted, all firewalls (and most security appliances) can’t see the encrypted traffic. Thus the infected files pass uninhibited from the website to the PC. BAM…you’re infected. What’sworse, if youdon’thave a device toscan your local networktraffic (aka, a SonicWALL appliance) thenyourentire networkandserverswill soonbe infected.Game over,the PinkSlipVirus has just been delivered. At your next gig, you’d likely invest in a SonicWALL security appliance to scan all network traffic AND decrypt any encrypted traffic.
  • 5. More Red Flags… How Was My Network Hacked? Do you have any notebook computers that connect to your network? Of course you do. So let’s say a userchecksin to a hotel andconnectsto a veryopenand veryunsecure network. More thanlikely,they will get a virus that will easily bypass the mediocre anti-virus program. What’s next? You guessed it…Infected. No big deal; it’s only their notebook computer, right? BUT what happens when they get back to the office and connect instantly to your wireless network (as most notebooks do)? If you don’t have a SonicWALLsecurityappliance scanningall of the data packetscomingoutof that notebookBEFOREthey hityour corporate network(orworse yet,yourunsecure Wide AreaNetwork)….that’sright,the PinkSlip Virus.(Thatcouldbe YOUR pinkslipwe’re talkingabout.) The restof yournetworkisencryptedwith the Crypto-Locker or current variant. Don’t Think it Can Happen to You? Keep Reading, it Gets Better….or Worse So youthinkbecause yourapplicationsare locatedinthe cloud and not on your local network that your security exposure is reduced. You couldn’t be more wrong. In fact, hackers are counting on it. As an illustration, let’s envision your remote office for an insurance agency or even a collision repair center. From your point of view, there are only 3 or 4 pc workstations and maybe a notebook computer. No server, no data. The users simply access a cloud application through the internet browser. Soyou’re not reallyworriedaboutahackertargetingthese assetsandtherefore don’twant to spend the money to secure this location (by money, we’re talking about $99 per month). Anyway, neither you nor your ISP sees a need for high-level network security at this location. So here’s what happens: Your user goes to a website that has been infected by a hacker. It may very well be the normal CloudServicessitethattheygoto everyday,buttodayit’sinfectedby a Trojan Horse virus. Thisparticularvirusis a “Key Logger.” As soon as the user opens this site in the browser the key loggerisautomaticallydownloadedandinstalled;ithappensinless than 30 seconds. A key logger virus or malware sitsquietlyonyourcomputerwithoutaffectingitsfunctionality;itssole purpose is to record all of the keystrokesandtake snapshotsof the computerscreeneveryfew seconds. Thisinformation is storedon yourlocal computerwhere asecondary function of the key logger transmits this information over the internet to the hacker’s servers. Now you’re curious…Why do this? Well your employee has done a few things this morning on the computer. 1. First, she went to her online banking website, logged in and checked her checking account balance. BAM…the hacker now has her bank, username and password. Note: the password is masked on the computer screen, but the key logger records the key strokes; so they have the password! 2. Second, this is your receptionist, so her second move is to log in to the corporate online banking OR credit card website. Again BAM…hackers have this information.
  • 6. You still have no idea what’s going on. Now your receptionist starts taking payments from your customersandlogsintoyour online creditcardprocessingportal. Ok,thingsare now lookingreallybad. Your exposure has just transcended your organization to compromising your customer’s personal information. This goes on and on to include screen shots of your online application which has your customer’sname,address,phone number,email addressalongwithanyotherinformationstored here. Worried yet? So nowyoumightbe thinking:“Myusersdon’tgo to any “bad” websites.” How doyou know? You have no securitydevice monitoringyouruser’sactivity. What’sworse,itdoesn’tmatter–They don’thave to! True Story: As a test, a certain security engineer left a dozen USB keys scattered about a hotel. When inserted intoa computer, the user found no data on the USB; it appeared to be blank. However, in the 30 secondsit was plugged into the computer, a key logger and remote control program were installed on that computer and the user never knew it. How do we know this occurred? The remote control utility essentially “phoned home” when plugged into the computer. Here’sthe reallyinterestingpart:There were 12 USB drivesscatteredabout. However, we were able to observe over 24 different devices that “phoned home.” That means that after seeing nothing on the thumbdrive,the personjustleftitforthe nextinnocentbystandertoinfecthiscomputer.That’s human nature for you. Ok sothe picture shouldbe clearby now. You’re exposed to some really nasty stuff if you don’t have a SonicWALL security appliance at every remote location, no matter how big or small. The good newsisData-Techhas partneredwithDell SonicWALLtoprovide comprehensive cost-effective service planstoprotectyour users,data and network from the bad guys. Most remote locations can be totally protected from everything in this document and more starting as low as $99 per month. Monitoring, Reporting & Regulatory Compliance This document purposely excluded the requirements for regulatory compliance. Data-Tech and Dell SonicWALL are well versed on these requirements and can arrange a FREE security audit to determine your specific security compliance needs. Althoughthis may not seem incredibly important (depending on the nature of your business), ISPs do not have the ability to provide the necessary level of monitoring and reporting required to establish HIPAA and other regulatory compliance. SonicWALLhas putmillions of dollars into their Global Management System, not only to manage large enterprise distributed security but also to provide the necessary reporting for compliance.
  • 7. Real World Example Why is it important to secure Online Banking Portals? A commonhackertool is phishing.Phishingiswhere yougetanemail thatasks you to reset your Online Banking Password (or other secure site). However this is a fake email made to look exactly like your BankingEmail with a Link to a website that looks exactly like your banking or Credit Card website. You cannot tell the difference.Howeverthe actual locationof the site is NOT the official URL of your Online Bankingor CreditCard. You will not know this but your SonicWALL Security Device will. That's because your official OnlineBankingPortal URLisapproved in the SonicWALL Security but the fake one is NOT!! So, if you change banks, add a new bank or portal or for some reason your bank actually changes it's secure URL the SonicWALL Security has to be updated by a certified SonicWALL Security Engineer to allow access. Thislevel of Cyber-Security protection can only be achieved with SonicWALL’s DPI / SSL Secure Packet InspectionTechnology.Don’tbe fooledbyyourISPwhooffersManagedSecurity. Simplyask them for a DPI / SSL Verification statement. If they can’t provide this…call Data-Tech for a SonicWALL Security solution. Conclusion So the bottom line is this: With one cost-effective appliance, you can achieve the security, reliability, compliance and performance that are essential to today’s critical digital IT requirements. Well thatabout coversit. Soundsexpensive? It’s not. With Data-Tech’s Firewall-as-a-Service, you can have this level of high availability and security protection for as low as $99 per month. Thank you and please contact us at Data-Tech for a free consultation with our certified security sales engineers. Chris Lietz President, Data-Tech Memberof the CyberCATS www.DataTechITP.com Important Links: DPI-SSLVideobyData-Tech:https://www.youtube.com/watch?v=gG1qW3XlNbQ Firewall-as-a-Service VideobyData-Tech:https://www.youtube.com/watch?v=hMbUZVPHDtM Firewall-as-a-Service Information: https://www.datatechitp.com/2015/07/it-as-a-service-part-2- firewall-as-a-service/