Website security

Posted on 2011-05-01
Last Modified: 2013-12-25
What security mechanisms are needed in order to prevent unauthorized use of systems from both employees and users accessing over the internet?

The site uses SNA from IBM and a mainframe that houses most applications connected through a Cisco 7000 router.
Question by:irenemichelle
    LVL 18

    Expert Comment

    Your question covers a lot of ground and there's not a lot of detail about how you're defining these terms.  It's easy to talk about defense-in-depth -- stateful firewalls, web-application firewalls, IPS monitoring, outbound web proxy and content control with inbound monitoring, A/V, AAA, network admission control, etc.  How many of these technologies fit your definition of "preventing unauthorized use" is probably up to you to decide.  If we understand more about your goals, maybe we can help you to get more specific about the mechanisms that can help.

    Author Comment

    I was looking for things such as javascript or verisign.
    LVL 18

    Accepted Solution

    Well, Verisign is certificates, which can be used to authenticate devices, so deploying a certificate-based authentication mechanism could help.  But it doesn't really deal with what those systems are doing or accessing.  Sounds a little like permissions (authorization) is more what you're talking about, but I'm not sure how that can really be applied to SNA.  I can't really address the javascript aspect.

    So, one question, when you say "Cisco 7000 router" do you mean a Nexus 7k?  One of the features supported on the 7k is a relatively new technology called TrustSec.  One of TrustSec's capabilities is the ability to restrict traffic through the network based on tagging rather than layer 3 ACLs.  Basically, you classify the user into a group (security group tag) and then filter at appropriate points in the network using security group ACLs (SGACLs) to control traffic from what groups that are allowed to pass through.  So you might have an SGACL sitting at the entrance to your finance server enclave that says only traffic from users with the "finance" security group tag is allowed into that enclave.

    Take a look at  The feature is pretty hardware specific, so most users don't have networks that can fully support this yet, but it's an interesting approach, and if you're actually using the Nexus, it's possible it could be of use to you.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Read about why website design really matters in today's demanding market.
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    This video teaches users how to migrate an existing Wordpress website to a new domain.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now