final nit presentation
TRANSCRIPT
-
8/2/2019 Final Nit Presentation
1/30
NETWORK SECURITYMAHINDRA SATYAM
-
8/2/2019 Final Nit Presentation
2/30
-
8/2/2019 Final Nit Presentation
3/30
MAHINDRASATYAM LTD. HAS SET UP A STATE OF
THE ART DATACENTRE AT HYDERABAD FOR ITSSAP PRODUCTION ENVIRONMENT.
- THE INFORMATION BEING EXCHANGED IS HIGHLY
CRITICAL AND IN NATURE.
THE DATA CENTRE
-
8/2/2019 Final Nit Presentation
4/30
ATTHE COMPANY
-
8/2/2019 Final Nit Presentation
5/30
NETWORK SECURITY
-THEAREA OF NETWORK SECURITY CONSISTS OF THE PROVISIONS
AND POLICIES ADOPTED BY THE NETWORK ADMINISTRATOR TO PREVENT AND
MONITOR UNAUTHORIZED ACCESS, MISUSE, MODIFICATION, OR DENIAL OF
THE COMPUTER NETWORK AND NETWORK-ACCESSIBLE RESOURCES.
-INVOLVES THE AUTHORIZATION OF ACCESS TO DATA IN A NETWORK,WHICH IS
CONTROLLED BY THE NETWORK ADMINISTRATOR.
-USERS ARE ASSIGNED AN IDAND PASSWORD OR OTHER AUTHENTICATING
INFORMATION THAT ALLOWS THEM ACCESS TO INFORMATION AND PROGRAMS
WITHIN THEIR AUTHORITY.
-
8/2/2019 Final Nit Presentation
6/30
CHALLENGES
-
8/2/2019 Final Nit Presentation
7/30
CHALLENGES FOR MAHINDRASATYAM-NEEDS TO UPGRADE SAPAPPLICATION FROM R/3 4.72 E TO ERP 6.0
-UPGRADE OF SAP APPLICATION REQUIRES UPGRADE & RE- WORKING OF :1. INFRASTRUCTURE
2. SERVERS
3. STORAGE
4. NETWORKING
5. SECURTIY INFRASTRUCTURE
- UPGRADATION OF EXISTING CISCO NETWORK EQUIPMENT
-
8/2/2019 Final Nit Presentation
8/30
THE OBJECTIVES
-
8/2/2019 Final Nit Presentation
9/30
ENSURE THAT USERS CONNECTING TO
SATYAMSDATA CENTRE/DR CENTRE ARE
ABLE TO ACCESS ONLY AUTHORIZED
APPLICATIONS,DATABASES, ETC.AND NOT
ABLE TO PERFORM ANY UNAUTHORISED
ACTIVITIES.
KEY OBJECTIVE
-
8/2/2019 Final Nit Presentation
10/30
-IMPROVE USER EXPERIENCE BY PROVIDING FUNCTIONALITIES LIKE
REVERSE PROXY
-SAFEGUARD THE NETWORK FROM ANY POSSIBLE COMPROMISE DUE TODIRECT CONNECTIVITY OF THE USERS WITH THE SERVERS RESIDING IN
SATYAMS INFRASTRUCTURE.
-CONSOLIDATE THE LOGS OF FIREWALLS, INTRUSION PREVENTION
SYSTEM (IPS), ANTI-VIRUS,
MAIL SERVER, ROUTERS, SWITCHES, ETC.
OTHER
-
8/2/2019 Final Nit Presentation
11/30
WHAT TASKS ?
-
8/2/2019 Final Nit Presentation
12/30
TASKS-Correlate various security events
-Presenting a Consolidated report
-Event prioritization.
-Mitigating the Risks
-
8/2/2019 Final Nit Presentation
13/30
THE NETW
ORKUPGRADATION
-
8/2/2019 Final Nit Presentation
14/30
THE NETWORKARCHITECTURE
COMPONENTS
SECURITY
-
8/2/2019 Final Nit Presentation
15/30
1. ARCHITECTURE
-
8/2/2019 Final Nit Presentation
16/30
NETWORK ARCHITECTURE
-
8/2/2019 Final Nit Presentation
17/30
2. COMPONENTS
-
8/2/2019 Final Nit Presentation
18/30
-2 Cisco ACE 4710 Load Balancers with 2 Gbps License
- 4 WS-X6748-GE-TX cards to be inserted in existing Cisco 6500 switches.
-LMS 3.2 to replace existing LMS of CISCO, to be installed on a server
-4 Catalyst 2960 switches
VARIOUS COMPONENTS
-
8/2/2019 Final Nit Presentation
19/30
Maximize application availability
Accelerated application performance
Secured data center and applications
Facilitates data center consolidation through fewer servers, load balancers,and data center firewalls
CISCO LOAD BALANCERACE 4710
-
8/2/2019 Final Nit Presentation
20/30
-Provide unprecedented services flexibility, modular scalability,
feature extensibility, and lower deployment and operations
costs.
-Purpose-built solutions that integrate world-class firewall, unified
communications, security, VPN, intrusion prevention (IPS),and content security services in a unified platform.
CISCO ASA
-
8/2/2019 Final Nit Presentation
21/30
1. Intelligent features at the network edge, such as
sophisticated access control lists (ACLs) and enhancedsecurity.
2.Auto configuration for specialized applications using Smartports.
3. Easy network configuration, upgrades, and
troubleshooting using Cisco Network Assistant software
CISCO 2960 SWITCHES
-
8/2/2019 Final Nit Presentation
22/30
3. SECURITY
-
8/2/2019 Final Nit Presentation
23/30
STEPS
. Implementing Reverse Proxy functionality:
2. Intrusion Prevention System (IPS)
3. Security Information Management solution:
-
8/2/2019 Final Nit Presentation
24/30
REVERSE PROXY
- PROXY SERVER THAT IS INSTALLED WITHIN THE
NEIGHBOURHOOD OF ONE OR MORE SERVERS.
-CONNECTIONS COMING FROM THE INTERNET ADDRESSED TO
ONE OF THE WEB SERVERS ARE ROUTED THROUGH THE PROXY
SERVER,WHICH MAY EITHER DEAL WITH THE REQUEST ITSELF ORPASS THE REQUEST WHOLLY OR PARTIALLY TO THE MAIN WEB SERVERS.
-
8/2/2019 Final Nit Presentation
25/30
REVERSE PROXY SERVER
-
8/2/2019 Final Nit Presentation
26/30
REVERSE PROXY
SERVER AT THE COMPANYBluecoat Proxy SG
-Helps in security,encryption, load distribution , compression, spoon feeding
- Protects web servers
-Accelerates web content
-Simplifies operations
-Controls user access
-Uses intelligent OS, to distinguish between contents and connections.
-
8/2/2019 Final Nit Presentation
27/30
FIREWALL SYSTEM ATTHE COMPANY
The Juniper Networks ISG 1000 is fully integrated firewall/VPN system that
provides:
Multi-gigabit performance
Modular architecture
Rich virtualization capabilities
-
8/2/2019 Final Nit Presentation
28/30
JUNIPERS IDS & IPS
-Searchable database
-
-Visually correlating the host, attack source and attack type
-
-User friendly reporting module
-Satyam implements IDPmodule of Juniper ISG-2000 toprotect internal segments ofthe network.
-
8/2/2019 Final Nit Presentation
29/30
UPGRADED INFRASTRUCTURE
-
8/2/2019 Final Nit Presentation
30/30
THANK YOU