• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 425
  • Last Modified:

Website security

What security mechanisms are needed in order to prevent unauthorized use of systems from both employees and users accessing over the internet?

The site uses SNA from IBM and a mainframe that houses most applications connected through a Cisco 7000 router.
0
irenemichelle
Asked:
irenemichelle
  • 2
1 Solution
 
jmeggersCommented:
Your question covers a lot of ground and there's not a lot of detail about how you're defining these terms.  It's easy to talk about defense-in-depth -- stateful firewalls, web-application firewalls, IPS monitoring, outbound web proxy and content control with inbound monitoring, A/V, AAA, network admission control, etc.  How many of these technologies fit your definition of "preventing unauthorized use" is probably up to you to decide.  If we understand more about your goals, maybe we can help you to get more specific about the mechanisms that can help.
0
 
irenemichelleAuthor Commented:
I was looking for things such as javascript or verisign.
0
 
jmeggersCommented:
Well, Verisign is certificates, which can be used to authenticate devices, so deploying a certificate-based authentication mechanism could help.  But it doesn't really deal with what those systems are doing or accessing.  Sounds a little like permissions (authorization) is more what you're talking about, but I'm not sure how that can really be applied to SNA.  I can't really address the javascript aspect.

So, one question, when you say "Cisco 7000 router" do you mean a Nexus 7k?  One of the features supported on the 7k is a relatively new technology called TrustSec.  One of TrustSec's capabilities is the ability to restrict traffic through the network based on tagging rather than layer 3 ACLs.  Basically, you classify the user into a group (security group tag) and then filter at appropriate points in the network using security group ACLs (SGACLs) to control traffic from what groups that are allowed to pass through.  So you might have an SGACL sitting at the entrance to your finance server enclave that says only traffic from users with the "finance" security group tag is allowed into that enclave.

Take a look at http://www.cisco.com/en/US/partner/solutions/collateral/ns170/ns896/guide_c07-608226.html.  The feature is pretty hardware specific, so most users don't have networks that can fully support this yet, but it's an interesting approach, and if you're actually using the Nexus, it's possible it could be of use to you.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now