Data - PowerPoint PPT Presentation

About This Presentation
Title:

Data

Description:

Exchange Ideas and Concerns about Risk, Security and Firewalls. NOT ... Deny. Established. Tiers. Layers. Zones. Vulnerabilities. Horizontal. Vertical. Development ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 63
Provided by: stevel85
Learn more at: https://web.stanford.edu
Category:
Tags: data | deny | escalation

less

Transcript and Presenter's Notes

Title: Data


1
(No Transcript)
2
Purpose
  • Present Drivers and Context for Firewalls
  • Define Firewall Technology
  • Present examples of Firewall Technology
  • Discuss Design Issues
  • Discuss Service and Support Issues
  • Exchange Ideas and Concerns about Risk, Security
    and Firewalls

3
NOT
  • An unveiling of a firewall service at SU
  • A definition of a firewall service
  • A forum for final decisions
  • An exhaustive technical presentation
  • A specific review of SU implementations

4
Data
5
Category A
6
Client
7
Access
8
Security
9
S 1/A
10
Remote
11
Wireless
12
Risk
13
Mitigation
14
Affiliation
15
Authentication
16
Authorization
17
Host
18
Firewall
19
Balance
20
Packet
21
Header
22
Source
23
Destination
24
Port
25
Firewall
26
Router
27
Classic
28
(No Transcript)
29
Rules
30
Permit
31
Deny
32
Established
33
Tiers
34
(No Transcript)
35
Layers
36
Zones
37
Vulnerabilities
38
Horizontal
39
Vertical
40
Development
41
Production
42
NOT
  • An unveiling of a firewall service at SU
  • A definition of a firewall service
  • A forum for final decisions
  • An exhaustive technical presentation
  • A specific review of SU implementations

43
Service
44
(No Transcript)
45
SPOC
46
Inventory
47
Questions
  • APPLICATION INVENTORY FOR FIREWALL
  • What is the name of the application?
  • What are the names, locations, OS types, and IP
    addresses of the computers that host the
    application? Include the TCP ports that the
    application uses.
  • Are there unique development and/or testing
    environments?
  • If yes to 3, will the application use http or
    https or both?
  • What measures of usage do you have? Are there
    peak periods of usage?
  • Is there a web server component to the
    application? If yes, on which computer will it
    be installed?
  • Is there a database component to the application?
    If yes, on which computer(s) will it be
    installed?
  • If yes to 7, is the data sensitive University
    data data that is protected by one of the
    Federal Privacy Acts?
  • If there a unique application layer that mediates
    between the web services and the database
    services? If yes, on which computer(s) will it
    be installed?
  • Who will install, upgrade and maintain the
    application? These are the application
    supporters.
  • Will the application supporters need direct
    access to the web, application and/or database
    server? Will Firewall Exceptions rules be needed
    to grant this access?
  • Are the application supporters Stanford employees
    or outside vendors/contractors?
  • How is change managed in the application? What
    are the maintenance windows?
  • Will the servers need AFS access?
  • Will the servers need NFS access?
  • Will the servers need Kerberos access?
  • How will the servers be backed up?
  • Will the servers need NTP access?

48
Pictures
49
Rules
50
Risk
51
Escalation
52
Moves
53
Acceptance
54
Troubleshooting
55
VPN
56
(No Transcript)
57
Monitoring
58
Audit
59
Costs
60
Numerator
61
Denominator
62
Risk Costs
Write a Comment
User Comments (0)
About PowerShow.com