SECURITY
ACCESS AND DATA FLOW CONTROL IN
NETWORKS
Therefore, our recommendation to businesses and organizations is to introduce state of the art security mechanisms into their networks. Using network security solutions provided by NIL brings the following benefits:
Since it significantly increases the usability and value of business information systems, networking within the information systems and between them proves indispensable these days. Modern methods of working and doing business, as well as high market competitiveness all require a fast and reliable flow of large amounts of data to which users can access via different devices such as PC, tablet PC, or smartphone.
Such interconnection of devices and systems may only be provided through high-performance, reliable and secure networks. Security risks (intrusion, interference with the functioning, etc.) inevitably brought with the interconnectedness of modern information and communication systems, can only be tackled by using appropriate mechanisms.
NIL has more than 15 years of experience in designing and implementing security solutions and systems in the most complex and demanding environments, such as financial and government institutions, the army and the police, public administration and public institutions, international corporations and other institutions.
Within the IT-organizations' infrastructure we plan, conduct and manage the access control systems, such as edge authentication and compliance (802.1x, NAC, NAP), firewalls, IPS and content control systems (e.g. e-mail content and Web access).
ability to operate in high risk environments;
by introducing appropriate security mechanisms you can also use high risk environments in your business (e.g. internet or other public network infrastructures);
affordable investment in network technology to reduce risks;
since they include no unnecessary security countermeasures, NIL's environment-customised solutions prove cost-optimal;
greater risk reduction compared to generic solutions;
addressing specific environments, NIL's solutions bring significant improvement in risk management compared to generic solutions;
our solutions apply to a wide range of environments;
our network security solutions can be
implemented in a variety of environments ranging from conventional to modern virtualised network infrastructures (e.g. private or hybrid cloud).
In implementing the security solu-tions NIL is taking network secu-rity planning approaches that have already been proven, and techno-logical blocks provided by Cisco Systems, IBM, F5, RSA. Acronis and Palo Alto, all confirmed by following certifications:
• Cisco Advanced Borderless Network Architecture Specialization • Cisco ATP – Identity Services Engine
• Cisco Advanced Security Specialization
• RSA SecurWorld Solution Partner • F5 UNITY Partner Program • IBM Advanced Business Partner • Acronis Autorized Partner • Palo Alto Networks Gold Partner
RISK REDUCTION
SCOPE SOLUTION / TECHNOLOGY PARTNERS
Focused protection of systems and applications against network intrusions
Designing and construction of network firewalls including intrusion prevention systems, and content and transaction monitoring systems. These include firewalls (provided by Cisco ASA, Cisco ASAv, Palo Alto), attack detection and prevention systems (Cisco Firepower), network content viewing systems (Cisco Email and Web Security, Cisco AMP, Palo Alto), web application protecting systems (F5), identity management systems (Cisco ACS, Cisco ISE, Cisco CDA), and centralised tools for data collection, analysis, communication, and reporting (IBM QRadar). Cisco IBM Palo Alto F5 Protection of sensitive, confidential and personal information during transfer through untrustworthy networks
Detailed planning of powerful and reliable solutions for cryptographic transfer security, based on Cisco IOS, Cisco ASA, and Cisco AnyConnect technologies
Cisco
Secure solutions for remote mobile users Mobile device management solutions
User-friendly solutions for remote access and work from remote locations based on the integrated SSL VPN solutions provided by Cisco Systems, and strong authentication systems by RSA Security. We enable centralised management for user mobile devices based on MobileIron system.
Cisco RSA MobileIron
RISK REDUCTION
SCOPE SOLUTION / TECHNOLOGY PARTNERS
Detection of intrusion and suspicious
activities within the entire communication and information system infrastructure
Environment-adjusted safety information management systems based on IBM Qradar technology.
IBM
Consolidation of underlying network infrastructure
Solutions for implementation and verification of security controls within the core network infrastructure. Service provided by NIL Secure network multi-tenancy
Tailored solutions for coexistence of several
organizations on the same network infrastructure. provided by Service NIL
Monitoring of access to networks and ensuring of network members' compliance
Manageable and scalable access control solutions based on 802.1x, NAC, NAP and Cisco ISE technologies for wired, wireless and VPN network access.
FOCUSED PROTECTION OF SYSTEMS AND APPLICATIONS AGAINST NETWORK INTRUSIONS
The solutions to prevent systems and applications from intrusions from network form one of the basic groups of network security solutions.
Traditionally, these solutions are implemented together with firewall systems to execute the following mechanisms:
• network access minimisation
according to security policy, for which the conventional traffic analysis technologies on OSI levels 2-7 are used. These firewall blocks are designed and implemented by NIL, mostly by using Cisco ASA, F5 Big-IP, and Cisco IOS technologies;
• detection and prevention of the known intrusions
through the mechanisms of detection for signatures of attacks and traffic anomalies on IPS blocks (Intrusion Prevention System). Firewall blocks are planned and implemented by NIL, largely by using Cisco FirePower;
• data flow control
by analysing the data and minimising the flow, or by searching for known sensitive or harmful data. Through these, for example, systems may be prevented from unwanted (e.g. e-mail), dangerous, or busi-ness or ethically inappropriate content. Furthermore, any intentional or unintentional leakage of data from the organization can also be prevented (DLP - Data Leakage Prevention). These firewall blocks are de-signed and implemented by NIL, mostly by using Cisco Email and Web Security technologies;
• application-tailored web security services
by using methods for verifying the accuracy and minimising the application data based on F5 burden dis-tribution technologies and data firewalls;
• protection against various attacks on service barring (DoS – Denial of Service)
These firewall blocks are designed and implemented by NIL, mostly by using Cisco ASA, F5 Big-IP, and Cisco IOS technologies.
Such protection is often performed at transition points between private and public networks, often because security layers allow building a more reliable security system, even within the stratified private networks of organizations.
PROTECTION OF SENSITIVE, CONFIDENTIAL AND PERSONAL INFORMATION DURING TRANSFER THROUGH UNTRUSTWORTHY NETWORKS
Today's communication is often running via networks uncontrolled by the information-exchanging organizations. Although it has in various forms been in use for thousands of years, cryptographic data transmitting protection is still vulnerable to human error, complicated to use, and sensitive to technological shortcomings.
In the area of data protection while being transmitted over untrustworthy networks, NIL provides network infrastructure solutions that protect cryptographic data independently from the user, medium and communication mode. Using IP security protocols and IPsec, VPN, EasyVPN, DMVPN, and GET VPN technologies supported by Cisco Systems equipment we have set up a wide range of solutions for data transfer security on the international level. They are all designed according to clients' expectations on long-term reliability and security.
SECURE REMOTE ACCESS FOR MOBILE USERS
Since at the same time information systems are getting increasingly intertwined and the access to them is allowed to both controlled and uncontrolled devices and users, our goal is to maintain high user productivity while reducing security risks related to access.
NIL's solutions for secured remote access to organizations' sensitive resources are intended for different users (employees, partners, customers,...) and different devices (laptop, Tablet PC, or phone). They are based on Cisco Systems' SSL VPN solutions and integrated into our own solutions, firewall systems, and strong authentication solutions provided by RSA SecurID.
DETECTION OF INTRUSION AND SUSPICIOUS ACTIVITIES IN THE ENTIRE COMMUNICATION AND INFORMATION SYSTEM'S INFRASTRUCTURE
For the most widespread and effective detection of security incidents we integrate our network security solutions into overarching security information managing systems (SIM/ SIEM). Also, we implement the SIEM solutions ourselves or assist with optimising the settings and management of security incidents.
CONSOLIDATION OF UNDERLYING NETWORK INFRASTRUCTURE
Today, the basic network infrastructure (i.e. switches, routers, or wireless access points) is a block whose reliability and security tasks are crucial in supporting business processes. Failure in its functioning or an invasion into such a crucial device may allow attackers to access network applications or hinder their performance, often affecting a great proportion of the organization's network.
However, when tackling security risks, this infrastructure often remains forgotten. When connecting to external networks, organizations do invest in protection, but tend to forget the "soft" core of their own network infrastructure, which is available to any attacker able either to bypass the physical security controls within the organization or, as in the case of wireless networks, only to approach them physically.
In addition to assessments of network infrastructure security, we also provide consolidation services for existing infrastructure and consolidated initial infrastructure installation where required.
In the context of consolidating the infrastructure we plan and perform the following categories of security controls:
• protection of network devices from intrusion;
• protection of network devices from denial of service attacks;
• protection of network connections from attacks on their service denial; • protection of switching and routing protocols;
• protection of management protocols and processes.
SECURED MULTI-TENANCY WITHIN THE NETWORK INFRASTRUCTURE
Multi-tenancy is an infrastructure property supporting the coexistence of multiple logically separated infrastructures on the same physical infrastructure. During the construction of modern elastic infrastructures (e.g. Private IaaS Cloud), the coexistence can even be carried over into the core network LAN and WAN infrastructure. For such a separation, organizations opt for several reasons:
• to separate their own different service networks; due to different levels of trust, these need to be easily separated from each other;
• to host other entities' resources (e.g. organizations or partners) within the organization's network.
Separation of NIL's multi-tenancy solutions within the network infrastructure is usually based on VLAN, MPLS VPN and VRF technologies and supported by Cisco Systems equipment.
MONITORING OF ACCESS TO NETWORKS AND ENSURING NETWORK MEMBERS' COMPLIANCE
To increase the productivity of partners and guests, and, indirectly for the benefit of their own business, organizations are more and more often opening their internal wired or wireless networks to these. At the same time the opening may turn out to be quite risky. The entry of a non-compliant and therefore often infected or even malicious user in the network may lead to serious security incidents ranging from partial overload of the network to intrusion into sensitive systems.
On the other hand, organizations are finding that their own network (user) infrastructure is increasingly difficult to protect from unauthorized physical access. Therefore, they are looking for ways to introduce additional controls to provide a "multi-layer" kind of security in cases where the basic countermeasures fail.
Solutions provided by NIL to control user access to wired and wireless networks enable organizations to reliably identify and authenticate the users at the edge of their network and categorise them according to level of confidence and level of access required. Though the IEEE 802.1x technology we enable the organizations to keep a centralised monitoring of identities within the wired and wireless network, strong two-way authentication for network access, and simple integration of authentication with the existing systems such as Active Directory.
With the active references of IEEE 802.1x solutions within large environments and performance monitoring mechanisms integrated in the NIL Monitor solution we can implement the access control services into large and complex environments.
Solutions for ensuring customer systems' compliance with local security policies prior to entering the wired, wireless or VPN network serve to upgrade network access control solutions. The network access solutions are upgraded by Cisco NAC, Microsoft NAP, and Cisco ISE technologies for which we also have active references in large networks on the international level.
NIL Ltd. [email protected] nil.com
