SlideShare une entreprise Scribd logo

Physical/Network Access Control

J
jwpiccininni

Make presence in a building or area a policy in accessing network resources by integrating physical and network access through the Trusted Computing Group's IF-MAP communications standard.

BusinessTechnologie
1  sur  9
Télécharger pour lire hors ligne
Securing the Enterprise in a Networked World Standards-Based Physical/Network Access Control Integration
Introduction Technology has changed the nature of the enterprise and how enterprises protect themselves from threats and manage risk. Assets once were things that could be “secured” with walls, alarms, keys and guards. Security systems were purchased and operated by a security department, monitored after hours by a contract central station and very localized. Today, an organization’s most valuable assets may be invisible – data and information about its customers, technology, business plans and financial assets. And instead of locking these assets away, we now make them accessible to our staff, customers and business partners from their desktops, laptops and mobile devices, often far away from the walls of protection we have built, and sometimes in locations where network access is offered as a marketing convenience to accompany a refreshing cup of coffee. And while the nature of business demands that we make data accessible everywhere all the time, government imposed regulatory environments have increased, and the cost in time, money and damage to brand as a result of a security breach or data hack is, at best, expensive, and may be fatal. Organizations now realize that security is no longer a department, but an integral component of the management of the enterprise. It is not something that is purchased or bolted on, but something that must be woven into the very fabric of the business. Effective security and risk management now touches and must include human resource policies, identity management, physical security, cyber security, network security, credentialing, logical access, surveillance, compliance initiatives, reporting and forensics. Connecting the dots across all of those disciplines has been the challenge. This whitepaper discusses a standards-based enterprise solution that allows disparate systems to share unstructured data across unstructured relationships and to act upon this information in accordance with organizational policies, providing a cohesive security management framework that ties it all together. The Physical/Cyber Security Gap In most enterprises, physical security and cyber security efforts are distinct disciplines, with distinct missions, departments and management structures. Therein lies the problem. Between those silos lie gaps in process, policy and practices that may be exploited by attackers inside and outside the organization. Most organizations have deployed some type of physical access control system that requires the use of access cards, PIN numbers and/or biometric verification to enter buildings and specific areas within those buildings. Most have also implemented some type of network access control environment, and the majority of those rely on
user name password for network authentication and access. And since each of those systems is generally under the control of a different department with a different mission, almost none have integrated the two. Each system seems to fulfill its individual mission, which can create a false sense of security, or worse, create conditions that may lead to serious security breaches. As an example, consider the following company, whose physical security and IT security departments have established the following rules:  All employees must use their access card at all building entry points  All employees must use network passwords that contain at least 8 characters, which must include at least one capital letter, one number and one other special character. Passwords cannot be a dictionary word. Passwords are case sensitive, must be changed every 60 days, and may not be reused Both are good, strong security policies. But in the real world, what will happen?  Employees will hold the door open for their co-workers who arrive together  While strong passwords provide additional protection against password hack attempts (the most common password in unrestricted environments is My password: xYhwpn57*b “password”), strong password policies almost guarantee that the employee will write down his new secure password and keep it in his desk drawer So let’s see what can happen when an employee travels to visit a company site in another city. He arrives at the remote site, and uses his access card to enter the door, and his access is recorded as a normal event in that site’s access control system. Back at HQ, someone has found the sticky note on which the employee has written his very strong password, and has logged onto the system under that employee’s name and has been granted access to all the traveling employee can see, and all activity will be logged to the traveler’s IT account. The network access control system validated the user name, password – even the status of the virus protection of the computer logging onto the network, and all conditions were successfully met. In this case, both systems did what they were supposed to do. No physical security alarm was generated, no network anomaly reported. But a serious breach occurred. In an integrated world, a person’s presence in a building or specific area would be one of the factors the network security system considers before it allows access to critical network resources. This would not only enhance network access security, but improve physical security, as employees would be less likely to tailgate in behind each other, even if the door is held open by another polite, but security policy violating person. Once the technical aspects of physical/network access control integration are in place, additional policies may evolve. Readers may be placed at physical points of egress from the building, and employees would need to use their access credential to leave the building, which disables their local
access privileges, and enables remote and VPN network access. Doing so provides a more accurate accounting of who is in the building or area at any given time. IT Meets Physical Security For several years, the buzz in the physical security world has been the convergence of physical and cyber security. The problem was that “convergence” meant different things to different physical security system and device vendors. To some, it simply meant adding a terminal server in front of a serial device and connecting it to an IP network pipe. To others, it meant developing custom integrations through API’s, SNMP, syslog, etc. And to many in the IT space, convergence with physical security was not even on their radar screen. The security threat that organizations face, however, is very much converged. Organizations must have strong physical and cyber security environments, as weaknesses in either will be exploited by enemies who don’t care how they get in. To truly meet the challenge and vision of convergence, cyber and physical security efforts, systems, policies and data must be coordinated and interoperable. Standards and Trust To obtain interoperability between disparate systems, two elements are necessary – a standard way to communicate, and trust between the parties and systems doing the communicating so that each party can validate the identity of the other with a very high level of assurance. While the IT community has long embraced standards, the physical security industry has been slow to follow suit. Some standards are emerging in physical security but, when it comes to securing data at rest and in transit, the IT industry has already tackled the challenge. In particular the 100+ member Trusted Computing Group has developed an open architecture and suite of protocols designed to allow high levels of interoperability, yet increase the security of data and protect the operational integrity of the devices that are connected to the IP network. The architecture is referred to as the Trusted Network Connect (TNC). Among its protocols, the IF-MAP (interface for Metadata Access Point) provides a secure, open and flexible approach for communicating or sharing data between trusted applications, devices and systems. IF-MAP has several components that provide both standards-based interoperability and high degrees of trust, all of which are widely embraced by the IT industry. Specifically, this protocol suite includes: • Mutual Certificate-Based Authentication - establishes trust between devices / systems that share information • Encrypted Communications (protects data while in transit) • Simple Object Access Protocol Bindings - SOAP is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. In other words, it provides a basic messaging framework upon which web
services can be built. It relies on eXtensible Markup Language (XML) as its message format • XML Metadata Exchange - a widely used and endorsed schema for communicating data between devices and applications in a common manner. XML based protocol consists of three parts: an envelope - which defines what is in the message and how to process it - a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing procedure calls and responses More specifically, IF-MAP defines a protocol and associated database used by applications and systems to publish information, subscribe to changes in information and interest, and search for relevant data. This publish, subscribe and search model allows compliant devices to seamlessly share information without requiring individual, custom integration efforts. All compliant devices publish events and status to the Metadata server, and other compliant devices can choose which information and systems they wish to subscribe to. This is very much like social media for networks. In essence, we go from a complex, brittle and expensive myriad of point to point custom integrations that ends up looking something like this: To a more streamlined, efficient and effective network environment that allows various network components to share date with others, even though those relationships and data may be unstructured. The IF-MAP protocol provides such an environment, which looks more like this:
Images Courtesy of Infoblox IF-MAP Converges Physical and Cyber Access Control Physical access control systems like those provided by Hirsch typically control movements through doors, parking gates, and other physical portals and barriers. Authorized personnel authenticate themselves at those portals using a credential, which may be an access card, a PIN number, a biometric element (finger, iris, etc), or some combination of those components. These systems protect physical assets like buildings, equipment, personnel by insuring that only the right people access sensitive areas, and assist with governance and compliance activities through role-based permission assignment and by building an audit trail of all activities. Recognizing the impact of physical security on the cyber and IT security worlds, Hirsch is a member of the Trusted Computing Group and has adopted the IF-MAP communications protocol as an option for their Velocity™ physical access control system. Hirsch has labeled their IF-MAP enabled communications option the Hirsch PACE™ Gateway. Threats to an organization include network and cyber attacks, which force organizations to implement highly restrictive network environments and processes that make it difficult and inefficient for trusted users to gain access to network assets that may be critical for them to complete their tasks. The Hirsch Velocity PACE IF-MAP implementation solves this problem by giving organizations the ability to have a dynamic and flexible network access control policy (NAC) based on “presence” in an area. One of the initial use cases of Hirsch PACE Gateway is the linking of physical presence in an area or facility to network access privileges. In this case, Hirsch Electronics, Infoblox and Enterasys teamed to provide end to end physical and network access control integration. The Hirsch Velocity™ Physical
Access Control Ssystem (PACS) processes access control entry and exit transactions and publishes those events (including person and location metadata) to the Infoblox IF-MAP Server. That person’s location status becomes one of the parameters the Enterasys Network Access Controller considers before granting that person access to network resources. If that person should leave the area, local privileges may be disabled, etc. A similar network access control solution is available with Juniper Networks Universal Network Access Control products. The security benefits of such a convergence include:  Enhance the physical security environment o Minimize the likelihood of physical access “tailgating” at doors. Persons who neglect to present their credential to designated door entry readers may be denied access to all or selected network resources o Encourage the use of “EXIT” readers. While we cannot lock people inside of areas, it is often desirable to know which persons are actually in which areas at any time. If all persons badge “in” and “out” of areas or buildings, we can get an accurate accounting of who is where, which can be helpful when arming alarm systems and in emergency evacuation situations. With the IF-MAP network security integration, leaving an area and using an exit reader can disable local network privileges and enable remote VPN access privileges.  Enhance the network security environment o Minimize the likelihood of internal password hacks. Even if a co-worker compromises a fellow employees’ password, that password would not work if that target employee was not physically in the area or building o Minimize the possibility of downloads of controlled information by unauthorized individuals o Eliminate simultaneous network connections from multiple locations o Enforce log-off policies. While most organizational policies require employees to log off their desktops when they leave their area, not all do. If the employee uses his access card at another reader or at an exit reader, the NAC controller will pick that up and auto log off that user
o Increase remote access security. Persons who have badged in the building can be denied remote, VPN or even wireless access  Enhance compliance efforts. o This type of integration can help organizations comply with separation of duties and desktop security requirements under Sarbanes Oxley, HIPAA privacy regulations, DCID and ICD secure facility specifications, GLBA privacy concerns and more. More importantly, as part of an overall policy-driven enterprise security program, measures like this can be effective in preventing the kinds of data breaches than can ruin an organization’s reputation and credibility o Ensure consistent de-provisioning in network and physical security environments upon employee separation An especially compelling feature of this kind of integration is that it does not care what type of credential is used to identify persons, so does not require rebadging of employees or the introduction of a PKI infrastructure. Proximity cards, PIN codes, biometrics – whatever the organization is using now for physical security purposes can still be used. User name and password may still be used at the desktop, etc. The above applications tend to rely on physical presence of an individual as becoming a policy for network access or denial. A next-step logical expansion of this application is to have the Hirsch physical access control system subscribe to events and perform actions based on activity published by other IF- MAP compliant systems and devices on the network. For example, Hirsch Velocity could subscribe to Active Directory events (disable, enable, delete, lock) and, accordingly, create/enable/disable and delete physical credentials and privileges, insuring complete and accurate physical/logical and network access provisioning and de-provisioning. As additional TCG members adopt the IF-MAP standard, there will be other applications and opportunities for PACE, including integration with wireless access controllers, SCADA and network security and event management (SIEM) systems. Summary As the threat organizations face becomes more sophisticated, and budgets tighten, organizations must take creative and effective measures to protect their people, their assets and their data. The lines between physical security, identity management, provisioning, network security and logical security are blurring, and managing risk is now a C-Level imperative. By adopting IF-MAP, Hirsch has placed itself squarely in the IT camp that is driving trusted, scalable, standards-based interoperability and data sharing not just in the security space, but throughout the IT ecosystem. InfoBlox, Enterasys Systems, Juniper Networks and Hirsch are all members of the Trusted Computing Group. http://www.trustedcomputinggroup.org. For more information on the Hirsch PACE Gateway, please visit http://www.hirsch- identive.com/products-services/converged-security/pac-nac-integration.
Hirsch Identive 1900B Carnegie Avenue Santa Ana, CA 92705 U.S.A. www.hirsch-identive.com Author: John Piccininni October 2011 Copyright© 2011 This document is provided for informational purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. Hirsch Electronics, Velocity, ScramblePad and PACE Gateway are registered trademarks of Hirsch Electronics, LLC. Other names may be trademarks of their respective owners.

Recommandé

Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 

Recommandé

Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTForescout Technologies Inc
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Nac market
Nac marketNac market
Nac marketSumit Bhat
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForescout Technologies Inc
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Frost & Sullivan Report
Frost & Sullivan ReportFrost & Sullivan Report
Frost & Sullivan ReportForescout Technologies Inc
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to SecurityPriyanka Aash
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)Andris Soroka
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation 2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation MedCouncilCan
 

Contenu connexe

Tendances

What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? Forescout Technologies Inc
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to SecurityPriyanka Aash
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)Andris Soroka
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 

Tendances (20)

What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Nac market
Nac marketNac market
Nac market
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 
How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Frost & Sullivan Report
Frost & Sullivan ReportFrost & Sullivan Report
Frost & Sullivan Report
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility Solutions
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- Insurance
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 

En vedette

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation 2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation MedCouncilCan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 
Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800David Sweigert
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCloudIDSummit
 
MESA workshop ARC Europe Industry Forum 2016
MESA workshop ARC Europe Industry Forum 2016MESA workshop ARC Europe Industry Forum 2016
MESA workshop ARC Europe Industry Forum 2016Valentijn de Leeuw
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1Andris Soroka
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)Jackson Shaw
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsBharath Rao
 
Why NAC and Why Not NAC
Why NAC and Why Not NACWhy NAC and Why Not NAC
Why NAC and Why Not NACdigitallibrary
 
ASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemples
ASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemplesASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemples
ASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemplesCyber Security Alliance
 
Report to the NAC
Report to the NACReport to the NAC
Report to the NACLarry Smarr
 
NAC - Network Acess Control
NAC - Network Acess ControlNAC - Network Acess Control
NAC - Network Acess ControlGionni Lúcio
 

En vedette (20)

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
 
2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation 2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
Network security
Network securityNetwork security
Network security
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
 
Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
MESA workshop ARC Europe Industry Forum 2016
MESA workshop ARC Europe Industry Forum 2016MESA workshop ARC Europe Industry Forum 2016
MESA workshop ARC Europe Industry Forum 2016
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
 
Physical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal ControlsPhysical and logical access controls - A pre-requsite for Internal Controls
Physical and logical access controls - A pre-requsite for Internal Controls
 
Why NAC and Why Not NAC
Why NAC and Why Not NACWhy NAC and Why Not NAC
Why NAC and Why Not NAC
 
PACE-IT: Network Access Control
PACE-IT: Network Access ControlPACE-IT: Network Access Control
PACE-IT: Network Access Control
 
ForeScout: Our Approach
ForeScout: Our ApproachForeScout: Our Approach
ForeScout: Our Approach
 
ASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemples
ASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemplesASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemples
ASFWS 2011 : CAS, OpenID, SAML concepts, différences et exemples
 
Report to the NAC
Report to the NACReport to the NAC
Report to the NAC
 
NAC - Network Acess Control
NAC - Network Acess ControlNAC - Network Acess Control
NAC - Network Acess Control
 

Similaire à Physical/Network Access Control

Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxtoltonkendal
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsCSantosConleyha
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsCAbbyWhyte974
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412Hai Nguyen
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case studyashu6
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxtoltonkendal
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
 
5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computing5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computingAlexander Decker
 
5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computing5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computingAlexander Decker
 

Similaire à Physical/Network Access Control (20)

Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
 
Security policy case study
Security policy case studySecurity policy case study
Security policy case study
 
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docxRunning head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
Running head NETWORK INFRASTRUTCTURE AND SECURITYNETWORK INFR.docx
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docx
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computing5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computing
 
5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computing5.[40 44]enhancing security in cloud computing
5.[40 44]enhancing security in cloud computing
 

Dernier

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseribangash
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 

Dernier (20)

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 

Physical/Network Access Control

  • 1. Securing the Enterprise in a Networked World Standards-Based Physical/Network Access Control Integration
  • 2. Introduction Technology has changed the nature of the enterprise and how enterprises protect themselves from threats and manage risk. Assets once were things that could be “secured” with walls, alarms, keys and guards. Security systems were purchased and operated by a security department, monitored after hours by a contract central station and very localized. Today, an organization’s most valuable assets may be invisible – data and information about its customers, technology, business plans and financial assets. And instead of locking these assets away, we now make them accessible to our staff, customers and business partners from their desktops, laptops and mobile devices, often far away from the walls of protection we have built, and sometimes in locations where network access is offered as a marketing convenience to accompany a refreshing cup of coffee. And while the nature of business demands that we make data accessible everywhere all the time, government imposed regulatory environments have increased, and the cost in time, money and damage to brand as a result of a security breach or data hack is, at best, expensive, and may be fatal. Organizations now realize that security is no longer a department, but an integral component of the management of the enterprise. It is not something that is purchased or bolted on, but something that must be woven into the very fabric of the business. Effective security and risk management now touches and must include human resource policies, identity management, physical security, cyber security, network security, credentialing, logical access, surveillance, compliance initiatives, reporting and forensics. Connecting the dots across all of those disciplines has been the challenge. This whitepaper discusses a standards-based enterprise solution that allows disparate systems to share unstructured data across unstructured relationships and to act upon this information in accordance with organizational policies, providing a cohesive security management framework that ties it all together. The Physical/Cyber Security Gap In most enterprises, physical security and cyber security efforts are distinct disciplines, with distinct missions, departments and management structures. Therein lies the problem. Between those silos lie gaps in process, policy and practices that may be exploited by attackers inside and outside the organization. Most organizations have deployed some type of physical access control system that requires the use of access cards, PIN numbers and/or biometric verification to enter buildings and specific areas within those buildings. Most have also implemented some type of network access control environment, and the majority of those rely on
  • 3. user name password for network authentication and access. And since each of those systems is generally under the control of a different department with a different mission, almost none have integrated the two. Each system seems to fulfill its individual mission, which can create a false sense of security, or worse, create conditions that may lead to serious security breaches. As an example, consider the following company, whose physical security and IT security departments have established the following rules:  All employees must use their access card at all building entry points  All employees must use network passwords that contain at least 8 characters, which must include at least one capital letter, one number and one other special character. Passwords cannot be a dictionary word. Passwords are case sensitive, must be changed every 60 days, and may not be reused Both are good, strong security policies. But in the real world, what will happen?  Employees will hold the door open for their co-workers who arrive together  While strong passwords provide additional protection against password hack attempts (the most common password in unrestricted environments is My password: xYhwpn57*b “password”), strong password policies almost guarantee that the employee will write down his new secure password and keep it in his desk drawer So let’s see what can happen when an employee travels to visit a company site in another city. He arrives at the remote site, and uses his access card to enter the door, and his access is recorded as a normal event in that site’s access control system. Back at HQ, someone has found the sticky note on which the employee has written his very strong password, and has logged onto the system under that employee’s name and has been granted access to all the traveling employee can see, and all activity will be logged to the traveler’s IT account. The network access control system validated the user name, password – even the status of the virus protection of the computer logging onto the network, and all conditions were successfully met. In this case, both systems did what they were supposed to do. No physical security alarm was generated, no network anomaly reported. But a serious breach occurred. In an integrated world, a person’s presence in a building or specific area would be one of the factors the network security system considers before it allows access to critical network resources. This would not only enhance network access security, but improve physical security, as employees would be less likely to tailgate in behind each other, even if the door is held open by another polite, but security policy violating person. Once the technical aspects of physical/network access control integration are in place, additional policies may evolve. Readers may be placed at physical points of egress from the building, and employees would need to use their access credential to leave the building, which disables their local
  • 4. access privileges, and enables remote and VPN network access. Doing so provides a more accurate accounting of who is in the building or area at any given time. IT Meets Physical Security For several years, the buzz in the physical security world has been the convergence of physical and cyber security. The problem was that “convergence” meant different things to different physical security system and device vendors. To some, it simply meant adding a terminal server in front of a serial device and connecting it to an IP network pipe. To others, it meant developing custom integrations through API’s, SNMP, syslog, etc. And to many in the IT space, convergence with physical security was not even on their radar screen. The security threat that organizations face, however, is very much converged. Organizations must have strong physical and cyber security environments, as weaknesses in either will be exploited by enemies who don’t care how they get in. To truly meet the challenge and vision of convergence, cyber and physical security efforts, systems, policies and data must be coordinated and interoperable. Standards and Trust To obtain interoperability between disparate systems, two elements are necessary – a standard way to communicate, and trust between the parties and systems doing the communicating so that each party can validate the identity of the other with a very high level of assurance. While the IT community has long embraced standards, the physical security industry has been slow to follow suit. Some standards are emerging in physical security but, when it comes to securing data at rest and in transit, the IT industry has already tackled the challenge. In particular the 100+ member Trusted Computing Group has developed an open architecture and suite of protocols designed to allow high levels of interoperability, yet increase the security of data and protect the operational integrity of the devices that are connected to the IP network. The architecture is referred to as the Trusted Network Connect (TNC). Among its protocols, the IF-MAP (interface for Metadata Access Point) provides a secure, open and flexible approach for communicating or sharing data between trusted applications, devices and systems. IF-MAP has several components that provide both standards-based interoperability and high degrees of trust, all of which are widely embraced by the IT industry. Specifically, this protocol suite includes: • Mutual Certificate-Based Authentication - establishes trust between devices / systems that share information • Encrypted Communications (protects data while in transit) • Simple Object Access Protocol Bindings - SOAP is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. In other words, it provides a basic messaging framework upon which web
  • 5. services can be built. It relies on eXtensible Markup Language (XML) as its message format • XML Metadata Exchange - a widely used and endorsed schema for communicating data between devices and applications in a common manner. XML based protocol consists of three parts: an envelope - which defines what is in the message and how to process it - a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing procedure calls and responses More specifically, IF-MAP defines a protocol and associated database used by applications and systems to publish information, subscribe to changes in information and interest, and search for relevant data. This publish, subscribe and search model allows compliant devices to seamlessly share information without requiring individual, custom integration efforts. All compliant devices publish events and status to the Metadata server, and other compliant devices can choose which information and systems they wish to subscribe to. This is very much like social media for networks. In essence, we go from a complex, brittle and expensive myriad of point to point custom integrations that ends up looking something like this: To a more streamlined, efficient and effective network environment that allows various network components to share date with others, even though those relationships and data may be unstructured. The IF-MAP protocol provides such an environment, which looks more like this:
  • 6. Images Courtesy of Infoblox IF-MAP Converges Physical and Cyber Access Control Physical access control systems like those provided by Hirsch typically control movements through doors, parking gates, and other physical portals and barriers. Authorized personnel authenticate themselves at those portals using a credential, which may be an access card, a PIN number, a biometric element (finger, iris, etc), or some combination of those components. These systems protect physical assets like buildings, equipment, personnel by insuring that only the right people access sensitive areas, and assist with governance and compliance activities through role-based permission assignment and by building an audit trail of all activities. Recognizing the impact of physical security on the cyber and IT security worlds, Hirsch is a member of the Trusted Computing Group and has adopted the IF-MAP communications protocol as an option for their Velocity™ physical access control system. Hirsch has labeled their IF-MAP enabled communications option the Hirsch PACE™ Gateway. Threats to an organization include network and cyber attacks, which force organizations to implement highly restrictive network environments and processes that make it difficult and inefficient for trusted users to gain access to network assets that may be critical for them to complete their tasks. The Hirsch Velocity PACE IF-MAP implementation solves this problem by giving organizations the ability to have a dynamic and flexible network access control policy (NAC) based on “presence” in an area. One of the initial use cases of Hirsch PACE Gateway is the linking of physical presence in an area or facility to network access privileges. In this case, Hirsch Electronics, Infoblox and Enterasys teamed to provide end to end physical and network access control integration. The Hirsch Velocity™ Physical
  • 7. Access Control Ssystem (PACS) processes access control entry and exit transactions and publishes those events (including person and location metadata) to the Infoblox IF-MAP Server. That person’s location status becomes one of the parameters the Enterasys Network Access Controller considers before granting that person access to network resources. If that person should leave the area, local privileges may be disabled, etc. A similar network access control solution is available with Juniper Networks Universal Network Access Control products. The security benefits of such a convergence include:  Enhance the physical security environment o Minimize the likelihood of physical access “tailgating” at doors. Persons who neglect to present their credential to designated door entry readers may be denied access to all or selected network resources o Encourage the use of “EXIT” readers. While we cannot lock people inside of areas, it is often desirable to know which persons are actually in which areas at any time. If all persons badge “in” and “out” of areas or buildings, we can get an accurate accounting of who is where, which can be helpful when arming alarm systems and in emergency evacuation situations. With the IF-MAP network security integration, leaving an area and using an exit reader can disable local network privileges and enable remote VPN access privileges.  Enhance the network security environment o Minimize the likelihood of internal password hacks. Even if a co-worker compromises a fellow employees’ password, that password would not work if that target employee was not physically in the area or building o Minimize the possibility of downloads of controlled information by unauthorized individuals o Eliminate simultaneous network connections from multiple locations o Enforce log-off policies. While most organizational policies require employees to log off their desktops when they leave their area, not all do. If the employee uses his access card at another reader or at an exit reader, the NAC controller will pick that up and auto log off that user
  • 8. o Increase remote access security. Persons who have badged in the building can be denied remote, VPN or even wireless access  Enhance compliance efforts. o This type of integration can help organizations comply with separation of duties and desktop security requirements under Sarbanes Oxley, HIPAA privacy regulations, DCID and ICD secure facility specifications, GLBA privacy concerns and more. More importantly, as part of an overall policy-driven enterprise security program, measures like this can be effective in preventing the kinds of data breaches than can ruin an organization’s reputation and credibility o Ensure consistent de-provisioning in network and physical security environments upon employee separation An especially compelling feature of this kind of integration is that it does not care what type of credential is used to identify persons, so does not require rebadging of employees or the introduction of a PKI infrastructure. Proximity cards, PIN codes, biometrics – whatever the organization is using now for physical security purposes can still be used. User name and password may still be used at the desktop, etc. The above applications tend to rely on physical presence of an individual as becoming a policy for network access or denial. A next-step logical expansion of this application is to have the Hirsch physical access control system subscribe to events and perform actions based on activity published by other IF- MAP compliant systems and devices on the network. For example, Hirsch Velocity could subscribe to Active Directory events (disable, enable, delete, lock) and, accordingly, create/enable/disable and delete physical credentials and privileges, insuring complete and accurate physical/logical and network access provisioning and de-provisioning. As additional TCG members adopt the IF-MAP standard, there will be other applications and opportunities for PACE, including integration with wireless access controllers, SCADA and network security and event management (SIEM) systems. Summary As the threat organizations face becomes more sophisticated, and budgets tighten, organizations must take creative and effective measures to protect their people, their assets and their data. The lines between physical security, identity management, provisioning, network security and logical security are blurring, and managing risk is now a C-Level imperative. By adopting IF-MAP, Hirsch has placed itself squarely in the IT camp that is driving trusted, scalable, standards-based interoperability and data sharing not just in the security space, but throughout the IT ecosystem. InfoBlox, Enterasys Systems, Juniper Networks and Hirsch are all members of the Trusted Computing Group. http://www.trustedcomputinggroup.org. For more information on the Hirsch PACE Gateway, please visit http://www.hirsch- identive.com/products-services/converged-security/pac-nac-integration.
  • 9. Hirsch Identive 1900B Carnegie Avenue Santa Ana, CA 92705 U.S.A. www.hirsch-identive.com Author: John Piccininni October 2011 Copyright© 2011 This document is provided for informational purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. Hirsch Electronics, Velocity, ScramblePad and PACE Gateway are registered trademarks of Hirsch Electronics, LLC. Other names may be trademarks of their respective owners.