8/2/2019 Final Nit Presentation

1/30

NETWORK SECURITYMAHINDRA SATYAM

8/2/2019 Final Nit Presentation

2/30

8/2/2019 Final Nit Presentation

3/30

MAHINDRASATYAM LTD. HAS SET UP A STATE OF

THE ART DATACENTRE AT HYDERABAD FOR ITSSAP PRODUCTION ENVIRONMENT.

- THE INFORMATION BEING EXCHANGED IS HIGHLY

CRITICAL AND IN NATURE.

THE DATA CENTRE

8/2/2019 Final Nit Presentation

4/30

ATTHE COMPANY

8/2/2019 Final Nit Presentation

5/30

NETWORK SECURITY

-THEAREA OF NETWORK SECURITY CONSISTS OF THE PROVISIONS

AND POLICIES ADOPTED BY THE NETWORK ADMINISTRATOR TO PREVENT AND

MONITOR UNAUTHORIZED ACCESS, MISUSE, MODIFICATION, OR DENIAL OF

THE COMPUTER NETWORK AND NETWORK-ACCESSIBLE RESOURCES.

-INVOLVES THE AUTHORIZATION OF ACCESS TO DATA IN A NETWORK,WHICH IS

CONTROLLED BY THE NETWORK ADMINISTRATOR.

-USERS ARE ASSIGNED AN IDAND PASSWORD OR OTHER AUTHENTICATING

INFORMATION THAT ALLOWS THEM ACCESS TO INFORMATION AND PROGRAMS

WITHIN THEIR AUTHORITY.

8/2/2019 Final Nit Presentation

6/30

CHALLENGES

8/2/2019 Final Nit Presentation

7/30

CHALLENGES FOR MAHINDRASATYAM-NEEDS TO UPGRADE SAPAPPLICATION FROM R/3 4.72 E TO ERP 6.0

-UPGRADE OF SAP APPLICATION REQUIRES UPGRADE & RE- WORKING OF :1. INFRASTRUCTURE

2. SERVERS

3. STORAGE

4. NETWORKING

5. SECURTIY INFRASTRUCTURE

- UPGRADATION OF EXISTING CISCO NETWORK EQUIPMENT

8/2/2019 Final Nit Presentation

8/30

THE OBJECTIVES

8/2/2019 Final Nit Presentation

9/30

ENSURE THAT USERS CONNECTING TO

SATYAMSDATA CENTRE/DR CENTRE ARE

ABLE TO ACCESS ONLY AUTHORIZED

APPLICATIONS,DATABASES, ETC.AND NOT

ABLE TO PERFORM ANY UNAUTHORISED

ACTIVITIES.

KEY OBJECTIVE

8/2/2019 Final Nit Presentation

10/30

-IMPROVE USER EXPERIENCE BY PROVIDING FUNCTIONALITIES LIKE

REVERSE PROXY

-SAFEGUARD THE NETWORK FROM ANY POSSIBLE COMPROMISE DUE TODIRECT CONNECTIVITY OF THE USERS WITH THE SERVERS RESIDING IN

SATYAMS INFRASTRUCTURE.

-CONSOLIDATE THE LOGS OF FIREWALLS, INTRUSION PREVENTION

SYSTEM (IPS), ANTI-VIRUS,

MAIL SERVER, ROUTERS, SWITCHES, ETC.

OTHER

8/2/2019 Final Nit Presentation

11/30

WHAT TASKS ?

8/2/2019 Final Nit Presentation

12/30

TASKS-Correlate various security events

-Presenting a Consolidated report

-Event prioritization.

-Mitigating the Risks

8/2/2019 Final Nit Presentation

13/30

THE NETW

ORKUPGRADATION

8/2/2019 Final Nit Presentation

14/30

THE NETWORKARCHITECTURE

COMPONENTS

SECURITY

8/2/2019 Final Nit Presentation

15/30

1. ARCHITECTURE

8/2/2019 Final Nit Presentation

16/30

NETWORK ARCHITECTURE

8/2/2019 Final Nit Presentation

17/30

2. COMPONENTS

8/2/2019 Final Nit Presentation

18/30

-2 Cisco ACE 4710 Load Balancers with 2 Gbps License

- 4 WS-X6748-GE-TX cards to be inserted in existing Cisco 6500 switches.

-LMS 3.2 to replace existing LMS of CISCO, to be installed on a server

-4 Catalyst 2960 switches

VARIOUS COMPONENTS

8/2/2019 Final Nit Presentation

19/30

Maximize application availability

Accelerated application performance

Secured data center and applications

Facilitates data center consolidation through fewer servers, load balancers,and data center firewalls

CISCO LOAD BALANCERACE 4710

8/2/2019 Final Nit Presentation

20/30

-Provide unprecedented services flexibility, modular scalability,

feature extensibility, and lower deployment and operations

costs.

-Purpose-built solutions that integrate world-class firewall, unified

communications, security, VPN, intrusion prevention (IPS),and content security services in a unified platform.

CISCO ASA

8/2/2019 Final Nit Presentation

21/30

1. Intelligent features at the network edge, such as

sophisticated access control lists (ACLs) and enhancedsecurity.

2.Auto configuration for specialized applications using Smartports.

3. Easy network configuration, upgrades, and

troubleshooting using Cisco Network Assistant software

CISCO 2960 SWITCHES

8/2/2019 Final Nit Presentation

22/30

3. SECURITY

8/2/2019 Final Nit Presentation

23/30

STEPS

. Implementing Reverse Proxy functionality:

2. Intrusion Prevention System (IPS)

3. Security Information Management solution:

8/2/2019 Final Nit Presentation

24/30

REVERSE PROXY

- PROXY SERVER THAT IS INSTALLED WITHIN THE

NEIGHBOURHOOD OF ONE OR MORE SERVERS.

-CONNECTIONS COMING FROM THE INTERNET ADDRESSED TO

ONE OF THE WEB SERVERS ARE ROUTED THROUGH THE PROXY

SERVER,WHICH MAY EITHER DEAL WITH THE REQUEST ITSELF ORPASS THE REQUEST WHOLLY OR PARTIALLY TO THE MAIN WEB SERVERS.

8/2/2019 Final Nit Presentation

25/30

REVERSE PROXY SERVER

8/2/2019 Final Nit Presentation

26/30

REVERSE PROXY

SERVER AT THE COMPANYBluecoat Proxy SG

-Helps in security,encryption, load distribution , compression, spoon feeding

- Protects web servers

-Accelerates web content

-Simplifies operations

-Controls user access

-Uses intelligent OS, to distinguish between contents and connections.

8/2/2019 Final Nit Presentation

27/30

FIREWALL SYSTEM ATTHE COMPANY

The Juniper Networks ISG 1000 is fully integrated firewall/VPN system that

provides:

Multi-gigabit performance

Modular architecture

Rich virtualization capabilities

8/2/2019 Final Nit Presentation

28/30

JUNIPERS IDS & IPS

-Searchable database

-

-Visually correlating the host, attack source and attack type

-

-User friendly reporting module

-Satyam implements IDPmodule of Juniper ISG-2000 toprotect internal segments ofthe network.

8/2/2019 Final Nit Presentation

29/30

UPGRADED INFRASTRUCTURE

8/2/2019 Final Nit Presentation

30/30

THANK YOU