Building the 21st Century Manufacturing Network

1

• Building the 21st Century Manufacturing Network
• Presented by Neil A. Rosenberg
• CCDA, MCP, CISSP
• President CEO
• Quality Technology Solutions, Inc.

2
A House is only as good as its Foundation
3
Who is QTS?

• Network Integrator Solution Provider for 10
  Years, Microsoft Partner since 1st program
• Worry Free Networking
• Network Uptime, Redundancy Reliability
• Network Management
• Security Services
• Solution Suite based on Best of Class Products
• We build the Foundation of the House

4
How Important is Information Technology to your
Business?
5
On a Scale of 0-10 (10Critical, cant be in
business without it, 5Important and Disruptive,
1Not Important), Rate

• File Sharing Centralized Data Storage/Data
• Web Browsing
• Email
• MRP/ERP/Accounting System
• Customer Relationship Management System
• Sales/Customer Prospect Databases
• B2B Commerce Capability
• B2C Commerce Capability
• Telephone System (Converged?)

6
SoHow Important is Information Technology to
your Business?
7
Three Key Elements

• Redundancy (Fault Tolerance)
• Security
• Disaster Recovery

8
Redundancy

• A Chain is only as strong as its Weakest Link

9
What Are the Links?

• Internet Connection
• Firewall
• Servers
• Switches/Hubs and Wiring
• Computers
• WAN Links
• Wireless

10
Internet Connection

• What is impacted?
• Email
• Browsing
• Web Site Access?
• Commerce?
• Redundancy Options
• MARO
• Dial-Backup

11
Firewall

• Single Point of Failure for Internet Connection?
• Options
• Cold Spare
• Hot Failover
• Spare-In-The-Air coverage for Firewall
• Note Apply Content Filtering Antivirus here

12
File Application Servers

• Server Fault Tolerance
• Disk Mirroring Duplexing, RAID 5
• Power Protection
• Tape Backup (including offsite rotation DR
  Option)
• Antivirus Malicious Code Protection IDS
• Server Redundancy
• Clustering
• Load Balancing
• Cold Spare
• Use Same Hardware, ability to swap parts

13
Switches/Hubs Wiring

• Utilize redundant wiring for key connections,
  utilize Spanning Tree Protocol for blocking
• Utilize Redundant Switch(es) for backbone, hot or
  cold failover for backbone (Core Layer)
• NIC Teaming on the Server, utilize Fast
  EtherChannel for teaming multiple 100MBPS
  connections (performance fault tolerance)

14
Computers

• Ensure data is stored on server, or synchronized
  to server, for centralized backup
• Utilize Disk Imaging for deployment, and
  re-deployment
• Consider Terminal Services for centralized
  management and speed of deployment

15
WAN Links

• Utilize ISDN Dial Backup for Leased Line and
  Frame Relay WAN Links
• Partially Mesh Frame Relay Connections
• Spare-In-The-Air coverage on routers, and keep a
  spare when possible

16
Wireless

• Create overlap in coverage zones, so Access Point
  failure does not create gaps in coverage
• Utilize centralized authentication, rather than
  WEP, to enhance security and force authentication
  before IP access to the network is allowed
• Use Directional Antennas to control coverage zones

17
Security

• Security is keeping anyone from doing things
  you do not want them to do, with, on, or from
  your computers or any peripheral devices
• William Cheswick and Steven Bellovin,
  Firewalls and Internet Security - Repelling the
  Wily Hacker

18
What is Security?

• Intrusion Detection/Response?
• Confidentiality Protection Encryption?
• Single Sign-On?
• Network Firewall Configuration?
• Training Awareness?
• Secure Email?
• Virus Protection?
• Access Control?
• Electronic Records Management?
• eBusiness?
• Remote Access?
• Virtual Private Networks?
• Certificate Management?

• Identification Authentication?
• Packet Filters?
• Vulnerability Reduction?
• Disaster Recovery?
• Denial of Service Attacks?
• Risk Assessment?
• Quality of Service?
• Network Directory Service?
• Audits/Reviews?
• Policy-Based Management?
• Secure Messaging and Collaboration?
• Authentication Digital Identity

19
What is the Value of your Data?
20
What are the Threats?

• Hackers
• Denial of Service Attacks
• Corporate Espionage
• Former Employees
• SPAM and Junk E-Mail
• Viruses, Trojan Horses, Worms
• Java, ActiveX and Script Vandals
• Your Current Employees!

21
Viruses

• 4-5 new viruses are created every day do you
  update your antivirus signatures every day?
• Do you have email-specific antivirus and content
  filtering software
• Are your signature files auto-updated every day?
• What are your scanning/configuration options?
• How responsive is the manufacturer? How
  proactive?

22
Blended Threats

• Blended Threats combine virus, worm and other
  elements of attack.
• NIMDA infected over 2.2 million servers and PCs
  in its first 24 hours and cost over 531 million
  to clean
• Code Red cost 1.1 billion to clean, and 1.5
  billion in related damage
• How many of you know people that were impacted by
  NIMDA or Code Red?

23
Hackers Crackers

• The threat is not always specific to you modern
  attacks are not just based on identity
• Denial of Service, and Distributed DOS, attacks
  dont break into your network they take it away
  from you.
• Your network can be a springboard for attacking
  others, with associated liability. Not
  protecting your network can be negligence.

24
Internal Security

• 60 of all security breaches occur from within
  the network
• How strong is your password security?
• Shoulder Surfing
• How strong is your physical security?
• How are your access controls?
• Dumpster Diving
• Social Engineering

25
Why dont customers manage risks?

• Customer reasons for not managing security

According to the Computer Security Institute
26
Security A Physical Analogy
SecurityCamera
Traditional Locks
Security Office
Guard
27
How Much Security Do I Need?

• The strength of ones computer security
  defenses should be proportional to the threat
  from that arena
• William Cheswick and Steven Bellovin,
  Firewalls and Internet Security - Repelling the
  Wily Hacker

28
LDAP Directory Integration
Centralized Management
SSL eCommerce
Penetration Attack Testing
Wireless Access Control
Network IDS
Vulnerability Assessment
PKI Digital Certificates
Access Controls
MultiFactor Authentication
Content Management Malicious Code
Single Sign-On
Security Audit
Host IDS
Strong Authentication
Desktop Firewall/IDS
Directory Services
Antivirus
Security Policy
VPN
FIREWALL
29
QTS Model Solution
30
Solution Components

• Cisco PIX Firewall, VPN Concentrator
• RSA ACE/Server and SecurID Tokens
• Cisco or Symantec Intrusion Detection
• Citrix MetaFrame and NFuse
• Symantec Norton Antivirus Corporate Edition
• Microsoft Windows 2000, IIS, SQL Server,
  Exchange, SharePoint Portal Server

31
Secure Network Design
32

• Security is a business process requiring
  continuous improvement and automation...

2) Secure
3) Monitor and Respond
5) Manage and Improve
1) Security Policy
4) Test/Assess
33
Ciscos Top 10 Security Tips

• Require employees to choose non-obvious passwords
• Require employees to change passwords every 90
  days
• Make sure your virus protection subscription is
  current
• Educate staff about the security risks of email
  attachments
• Implement a comprehensive network security
  solution
• Assess your security posture regularly
• When an employee leaves the company, remove the
  employees network access, and all user IDs,
  immediately
• If you allow people to work from home, provide a
  secure, centrally managed environment for remote
  traffic
• Update your Web server software regularly
• Do not run any unnecessary network services

34
Disaster Recovery

• Are you Ready?

35
What is Business Impact?

• What are the capabilities and resources that need
  to be protected?
• Electronic Data Knowledge Business Resources
• Hard Copy Knowledge Resources and Intellectual
  Property
• Manufacturing Capacity Capability
• Key Customer, Partner, Supplier Info Resources
• What else?

36
Business Contingency Plan

• Created to prevent interruptions to normal
  business activity, and protect critical business
  processes from man-made or natural disasters.
• Should encompass
• LANs, WANs and Servers
• Telecomm and Data Communicatins Links
• Computers and Facilities
• Data and Applications Software
• Media Records Storage
• Staff Duties and Production Processes

37
Business Contingency Plan

• Four Main Elements
• Scope Plan Initiation
• Business Impact Assessment
• Business Continuity Plan Development
• Plan Approval Implementation

38
Disaster Recovery Plan

• Tactical, specific plan for systems recovery
• Protect the business from systems failure
• Minimize risk from delays/downtime
• Guarantee reliability of backup systems by
  testing in advance
• Minimize personnel decision making and risk
  during a disaster
• Provide pre-determined mechanism for
  communications with employees, customers, partners

39
What Do We Need?

• Data
• Computing Capacity (Servers)
• Access Devices (PCs/Terminals)
• Facility (Place To Work)
• Access (Connectivity)

40
Data

• Ensure Data is Available Offsite!
• Tape Rotation Warm or Cold Site
• Application Level Replication (SQL, Exchange)
  Hot Site
• Hardware Level Replication (SAN) Hot Site
• Define the data that is critical and its business
  value, then choose the appropriate solution
• Example Do you need all current emails from
  inboxes, or the ability to send/receive email in
  a disaster?

41
Computing Capacity (Servers)

• Need suitable hardware for the disaster recovery
  solution that is appropriate
• Ability to buy servers if you can wait a day or
  three
• Matching tape drive(s) and servers (cold site)
• Matching or different servers (app replication)
• Matching SAN (hardware-level replication)
• What is required level of performance, capacity,
  etc. in the event of Disaster Recovery? For how
  long?

42
Access Devices (PCs/Terminals)

• PCs or Terminals? Citrix Thin Client solution?
• How many users do I need?
• How many users can work remotely?

43
Facility (Place To Work)

• What are my space requirements?
• What are my computing requirements?
• Do I need dedicated space?
• How many users can be remote?
• What level of remote access to I need?

44
Access (Connectivity)

• What type of connection is suitable?
• What level of bandwidth?
• What level of reliability?
• What level of redundancy?

45
Levels of Recovery

• Hot Site
• A fully configured computing facility ready to
  go. Data is usually replicated to the site over
  a high-speed link
• Warm Site
• A partially configured computing facility needs
  work before it is ready to go
• Cold Site
• A facility that is not configured, but can be
  after servers and computers are purchased,
  configured, and made operational with data from
  tape backup

46
Conclusion Bringing ItAll Together!
47
For More Information Security

• www.QTSnet.com/security
• www.microsoft.com/security
• www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/
• gtoc.iss.net
• www.symantec.com
• www.checkpoint.com
• securityfocus.com
• www.cert.org
• www.sans.org
• www.securityportal.com

48
For More Information Disaster Recovery

• www.disaster-resource.com
• www.drplanning.org
• www.disaster-recovery-plan.com
• www.eweek.com/article/0,3658,s25237a21151,00.as
  p
• www.crisis-management-and-disaster-recovery.com/
• www.disasterplan.com

49
Upcoming Events

• May 22nd (QTS-NJ) and 23rd (Cisco-NY) Secure
  Remote Access seminar with Cisco, RSA Security
  and Citrix Systems
• See www.QTSnet.com/Seminars and
  www.QTSnet.com/Roundtables.

50
Questions AnswersQuality Technology
Solutions, Inc.76 South Orange AvenueSouth
Orange, NJ 07079(973)761-5400 x230Fax
(973)761-1881nrosenberg_at_QTSnet.com www.QTSnet.com