 |
 |
|
Network Security Solutions - Call PBM IT at (888) 233-6471Excellent, comprehensive service and support is important to the long-term success of any network solution. Cisco SMB Support Assistant is designed to meet the needs of small and medium-sized businesses. It is an easy-to-use, cost-effective support program that resolves issues typically encountered by SMBs, ensuring the network stays available and secure. Businesses can get timely diagnostic and troubleshooting tips and advance replacement of parts. A key component to the program is the Cisco SMB Support Assistant Portal, an online secure portfolio of tools that allows customers to recover passwords, access support documentation, perform network health checks, download software patches, and open technical support cases when needed. Cisco IronPort Email Security Appliances (1) Fight spam, viruses, and blended threats to protect organizations of all sizes with industry-leading security capabilities (2) Prevent data leaks, enforces compliance, and protects reputation and brand assets, (3) Reduces downtime, simplifies administration of corporate mail systems, and eases the technical support burden, and (4) Is currently deployed by eight of 10 largest ISPs and more than 40 percent of the world's largest enterprises Cisco Virtual Office (1) Extends highly secure, rich, and manageable network services to employees working outside the traditional work environment, (2) Is a cost-effectively scales to deployment requirements through standard or express versions, (3) Includes remote site and head-end systems, remote site aggregation, and services from Cisco and approved partners, and (4) Delivers an office-caliber experience to staff wherever they're located with full IP phone, wireless, data, and video services. In order to provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks. A number of terms specific to firewalls and networking are used: (1) Bastion host. A general-purpose computer used to control access between the internal (private) network (intranet) and the Internet (or any other untrusted network). Typically, these are hosts running a flavor of the Unix operating system that has been customized in order to reduce its functionality to only what is necessary in order to support its functions. Many of the general-purpose features have been turned off, and in many cases, completely removed, in order to improve the security of the machine, (2) Router. A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing , or managing the traffic on the networks they connect, (3) Access Control List (ACL). Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network, (4) Demilitarized Zone (DMZ). The DMZ is a critical part of a firewall: it is a network that is neither part of the untrusted network, nor part of the trusted network. But, this is a network that connects the untrusted to the trusted. The importance of a DMZ is tremendous: someone who breaks into your network from the Internet should have to get through several layers in order to successfully do so. Those layers are provided by various components within the DMZ, and (4) Proxy. This is the process of having one host act in behalf of another. A host that has the ability to fetch documents from the Internet might be configured as a proxy server , and host on the intranet might be configured to be proxy clients . In this situation, when a host on the intranet wishes to fetch the web page, for example, the browser will make a connection to the proxy server, and request the given URL. The proxy server will fetch the document, and return the result to the client. In this way, all hosts on the intranet are able to access resources on the Internet without having the ability to direct talk to the Internet. Important terms used for describing how data is stored, processed or transmitted to other locations: (1) Confidentiality, in terms of selecting who or what is allowed access to data and systems. This is achieved through encryption and access control systems. Even knowledge of the existence of data, rather than the information that it contains, may be of significant value to an eavesdropper, (2) The integrity of data, where modification is allowed only by authorized persons or organizations. The modifications could include any changes such as adding to, selectively deleting from, or even changing the status of a set of data, (3) The freshness of data contained in messages. An attacker could capture part or all of a message and re-use it at a later date, passing it off as a new message. Some method of incorporating a freshness indicator (e.g. a time stamp) into messages minimizes the risk of this happening, (4) The authentication of the source of information, often in terms of the identity of a person as well as the physical address of an access point to the network such as a workstation, and (5) The availability of network services, including security procedures, to authorized people when they are needed. Security testing is an essential component of improving the security posture of your organization. Organizations that have an organized, systematic, comprehensive, on-going, and priority driven security testing regimen are in a much better position to make prudent investments to enhance the security posture of their systems. Vulnerability involves bugs or mis-configurations or special sets of circumstances that could result in an exploitation of that vulnerability. A vulnerability could be exploited directly by an attacker, or indirectly through automated attacks such as Distributed Denial of Service (DDOS) attacks or by computer viruses. The standard one-time password dictionary from RFC 1760 helps maintain backwards compatibility with the various deployed systems, however, support for hexadecimal format passwords will also be mandatory to implement. The standard might specify pass phrase quality checks for the secret pass phrase. The standard will be specified so as to eliminate any possible conflict with the Bellcore trademark on the term S/Key. The Cisco Intrusion Prevention System (1) Identifies, classifies, and stops malicious traffic, including worms, spyware, adware, viruses, and application abuse, (2) Delivers high-performance, intelligent threat detection and protection over a range of deployment options, (3) Uses reputation filtering and global inspection to give businesses actionable intelligence and prevent threats with confidence, and (4) Promotes business continuity and helps businesses meet compliance needs. he Cisco Works Network Compliance Manager (NCM) is a possible solution for Cisco based network (commercial, not free). NCM tracks compliance with a broad variety of regulatory, IT, corporate governance, and technology best practices. It has a sophisticated search capability. |
