feasibility study nac for vanderlande industries
play

Feasibility Study NAC for Vanderlande Industries Network based NAC - PowerPoint PPT Presentation

Jan 20, 2023 •339 likes •522 views

Introduction NAC Components Organizational Processes Conclusion Feasibility Study NAC for Vanderlande Industries Network based NAC in a flexible environment Stefan Roelofs February 3, 2009 Stefan Roelofs Feasibility Study NAC for

  1. Introduction NAC Components Organizational Processes Conclusion Feasibility Study NAC for Vanderlande Industries Network based NAC in a flexible environment Stefan Roelofs February 3, 2009 Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  2. Introduction NAC Components Organizational Processes Conclusion Table of contents Introduction NAC Components Organizational Processes Conclusion Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  3. Introduction NAC Components Organizational Processes Conclusion Research Questions ◮ What is the best architecture for a NAC solution in this environment? ◮ What elements and services should be part of this architecture? ◮ What organizational processes should be in place for an introduction of this technique? ◮ Is network based NAC feasible technology for this situation? Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  4. Introduction NAC Components Organizational Processes Conclusion Company Introduction ◮ Project based company in material handling market ◮ Many different users: ◮ Employees ◮ External employees ◮ Subcontractors, partners (long term) ◮ Guests (short term) ◮ Locations: worldwide branches and customer locations ◮ Current infrastructure: collapsed core network with high portability of static IP devices ◮ Endpoints: PLC, SCADA, real-time (Unix based) OS, Windows ◮ IP Addresses: private, public and customer IP space Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  5. Introduction NAC Components Organizational Processes Conclusion Some false assumptions... ◮ Everybody is in our 10.0.0.0/8 network (detection) ◮ Everybody is running TCP/IP (inspection) ◮ Every endpoint runs Windows/Unix/Linux based OS (agent) ◮ Every endpoint is capable of DHCP assignment (enforcement) ◮ The physical location is under supervision of an administrative body (authentication) ◮ Every endpoint has a user controlling it (authentication) Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  6. Introduction NAC Components Organizational Processes Conclusion NAC Introduction ”Network Access Control (NAC) is a set of technologies and defined processes, which its aim is to control access to the network allowing only authorized and compliant devices to access and operate on a network” ◮ Goals: protect network or protect host itself ◮ Agent & agentless concepts Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  7. Introduction NAC Components Organizational Processes Conclusion NAC Components 1. Element detection 2. Registration & authentication 3. Policy enforcement 4. Pre-admission evaluation 5. Access classification 6. Post admission scanning Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  8. Introduction NAC Components Organizational Processes Conclusion Element Detection ◮ 802.1x: only 802.1x capable clients ◮ SNMP: dependable on MAC table entries ◮ Mapping of MAC - IP address static IP devices ◮ Inverse ARP ◮ ARP Table Layer 3 ◮ Port mirroring port ◮ Manual registration ◮ Practical verifications ◮ Gratuitous ARP to fill MAC table ◮ No core activity assured Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  9. Introduction NAC Components Organizational Processes Conclusion Registration & Authentication ◮ User based approach registration ◮ 802.1x: client support/configuration ◮ Captive portal: unified way and remediation instructions ◮ Static IP clients & no browser clients: pre-registration Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  10. Introduction NAC Components Organizational Processes Conclusion Policy Enforcement ◮ 802.1x ◮ ARP ◮ In-line devices ◮ DHCP ◮ Dynamic VLAN Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  11. Introduction NAC Components Organizational Processes Conclusion Dynamic VLAN ◮ Random VLAN ◮ Private VLAN ◮ Practical verifications: ◮ DHCP VLAN behavior Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  12. Introduction NAC Components Organizational Processes Conclusion Pre Admission Evaluation ◮ Evaluation time < 30 seconds ◮ Guest users: network threats ◮ Production users: also self-threats (administrative rights required) ◮ Vulnerability scanning ◮ Intrusion Detection System ◮ Practical verifications ◮ Vulnerability scanning time ◮ Snort on PLC/SCADA equipment Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  13. Introduction NAC Components Organizational Processes Conclusion Access Classification ◮ Remediation & authentication environment ◮ Guest environment ◮ Production environment Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  14. Introduction NAC Components Organizational Processes Conclusion Post Admission Evaluation ◮ No time boundary, continues scanning ◮ Different approach in guest VLAN and production VLAN ◮ Vulnerability scanning with application vulnerabilities ◮ Intrusion detection throughput Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  15. Introduction NAC Components Organizational Processes Conclusion Organizational Processes ◮ Registration & authentication limits ◮ Asset management ◮ Hardening clients ◮ Extra network equipment policy ◮ Management effort Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  16. Introduction NAC Components Organizational Processes Conclusion Conclusion ◮ What is the best architecture for a NAC solution in this environment? ◮ SNMP with dynamic VLAN, captive portal with IDS/Vulnerability scanning. ◮ What elements and services should be part of this architecture? ◮ Critical network services, authentication and web services, update (remediation) repositories, IDS and vulnerability scanning. Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  17. Introduction NAC Components Organizational Processes Conclusion Conclusion (continued) ◮ What organizational processes should be in place for an introduction of this technique? ◮ Client hardening, asset management, authentication & registration limits. ◮ Is network based NAC feasible technology for this situation? ◮ Yes but agent needed to provide administrative access. ◮ Future work ◮ Check patch level through scripting ◮ Project locations ◮ Wifi networks & VoIP services ◮ Inspection on IRT traffic Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

  18. Introduction NAC Components Organizational Processes Conclusion Discussion ◮ Questions? Stefan Roelofs Feasibility Study NAC for Vanderlande Industries

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VI. The Feasibility Study VI. The Feasibility Study What is a feasibility study? What is a

VI. The Feasibility Study VI. The Feasibility Study What is a feasibility study? What is a

Basi di Dati e Sistemi Informativi II VI. The Feasibility Study VI. The Feasibility Study What is a feasibility study? What is a feasibility study? What to study and conclude? What to study and conclude? Benefits and costs Benefits and costs

838 views • 34 slides
FEASIBILITY STUDY ON DEPLOYMENT OF FEASIBILITY STUDY ON DEPLOYMENT OF THE FIRST UNIT OF RUTA-

FEASIBILITY STUDY ON DEPLOYMENT OF FEASIBILITY STUDY ON DEPLOYMENT OF THE FIRST UNIT OF RUTA-

International Conference on Non-Electric Applications of Nuclear Power: Seawater Desalination, Hydrogen Production and other Industrial Applications 16 19 April 2007, Oarai, Japan FEASIBILITY STUDY ON DEPLOYMENT OF FEASIBILITY STUDY ON

431 views • 21 slides
FULLER FARLEY Pre-Feasibility Study Pursuant to the Fuller-Farley pre-feasibility study

FULLER FARLEY Pre-Feasibility Study Pursuant to the Fuller-Farley pre-feasibility study

FULLER FARLEY Pre-Feasibility Study Pursuant to the Fuller-Farley pre-feasibility study initial findings, prepared by architectural firm bh+a, and in conjunction with preliminary enrollment projections provided by the New England School

476 views • 28 slides
HEIDELBERG SPORTS VILLAGE FEASIBILITY STUDY GOALS OF THE FEASIBILITY STUDY: 1. DEVELOP A STATE

HEIDELBERG SPORTS VILLAGE FEASIBILITY STUDY GOALS OF THE FEASIBILITY STUDY: 1. DEVELOP A STATE

HEIDELBERG SPORTS VILLAGE FEASIBILITY STUDY GOALS OF THE FEASIBILITY STUDY: 1. DEVELOP A STATE OF THE ART SOCCER SPECIFIC STADIUM WITH THE TACOMA DEFIANCE AS THE ANCHOR TENANT. 2. ASSESS THE POTENTIAL FOR MIXED USE DEVELOPMENT ON THE SITE FOR

639 views • 44 slides
New Paltz, NY INTERMODAL FEASIBILITY STUDY New Paltz, NY INTERMODAL FEASIBILITY STUDY Public

New Paltz, NY INTERMODAL FEASIBILITY STUDY New Paltz, NY INTERMODAL FEASIBILITY STUDY Public

New Paltz, NY INTERMODAL FEASIBILITY STUDY New Paltz, NY INTERMODAL FEASIBILITY STUDY Public Presentation May 7, 2015 New Paltz Community Center New Paltz, NY INTERMODAL FEASIBILITY STUDY Thank you for coming this evening! Tonights

949 views • 57 slides
DC Public Bank Feasibility Study Feasibility Study Overview The District is evaluating the

DC Public Bank Feasibility Study Feasibility Study Overview The District is evaluating the

Protecting Your Financial Interests DC Public Bank Feasibility Study Feasibility Study Overview The District is evaluating the feasibility of establishing a public bank. If feasible, a public bank could enhance the Districts fiscal

131 views • 12 slides
I-345 Feasibility Study Public Meeting December 11, 2012 I-345 Bridge Feasibility Study

I-345 Feasibility Study Public Meeting December 11, 2012 I-345 Bridge Feasibility Study

I-345 Feasibility Study Public Meeting December 11, 2012 I-345 Bridge Feasibility Study December 11, 2012 1 Feasibility Study Team TxDOT Dallas

285 views • 24 slides
Route 28 Corridor Feasibility Study . Public Information Meeting Project Team and Study

Route 28 Corridor Feasibility Study . Public Information Meeting Project Team and Study

September 7, 2017 Route 28 Corridor Feasibility Study . Public Information Meeting Project Team and Study Committees Route 28 Corridor Feasibility Study Agency Involvement The study is fully funded by the Northern Virginia Transportation

930 views • 48 slides
Shared Services/Merger Feasibility Study Feasibility Study Town and Village of North Collins,

Shared Services/Merger Feasibility Study Feasibility Study Town and Village of North Collins,

Shared Services/Merger Feasibility Study Feasibility Study Town and Village of North Collins, NY Prepared by the Center for Governmental Research, Inc. This presentation

439 views • 26 slides
Agenda Leftfield Introduction MSBA feasibility study deliverables Review conceptual feasibility

Agenda Leftfield Introduction MSBA feasibility study deliverables Review conceptual feasibility

Elbridge Gerry Feasibility Study May 11, 2017 Gerry School Building Committee Meeting Agenda Leftfield Introduction MSBA feasibility study deliverables Review conceptual feasibility schedule MSBA designer selection process Review designer

544 views • 25 slides
ASX Release Carrapateena Pre-Feasibility Study successfully demonstrates viability This

ASX Release Carrapateena Pre-Feasibility Study successfully demonstrates viability This

18 AUGUST 2014 ASX Release Carrapateena Pre-Feasibility Study successfully demonstrates viability This announcement should be read in conjunction with the attached Management Summary of the Carrapateena Pre-Feasibility Study Report and the

1.25k views • 81 slides
Wellington Public Transport Spine Study Study purpose Feasibility study Options for a

Wellington Public Transport Spine Study Study purpose Feasibility study Options for a

Wellington Public Transport Spine Study Study purpose Feasibility study Options for a high quality, high frequency PT system Key action from Ngauranga to Airport Corridor Plan (2008) Long-term outlook Study area

438 views • 26 slides
Feasibility Study Report of Potential Licensing Proposal for the Potter Valley Project June 5,

Feasibility Study Report of Potential Licensing Proposal for the Potter Valley Project June 5,

Feasibility Study Report of Potential Licensing Proposal for the Potter Valley Project June 5, 2020 Overview of Feasibility Study Report Prepare Feasibility Study Regional Entity Project Plan Fisheries Restoration Plan

214 views • 8 slides
Key Findings Presentation Pre-K Feasibility Study Partners The Pre-K Priority is a coalition of

Key Findings Presentation Pre-K Feasibility Study Partners The Pre-K Priority is a coalition of

Pre-K Feasibility Study Key Findings Presentation Pre-K Feasibility Study Partners The Pre-K Priority is a coalition of community Forsyth Futures studies our community to inform organizations and individuals committed to action by providing

484 views • 27 slides
WARRAWOONA GOLD PROJECT WARRAWOONA GOLD PROJECT PRE PRE - FEASIBILITY STUDY FEASIBILITY STUDY

WARRAWOONA GOLD PROJECT WARRAWOONA GOLD PROJECT PRE PRE - FEASIBILITY STUDY FEASIBILITY STUDY

WARRAWOONA GOLD PROJECT WARRAWOONA GOLD PROJECT PRE PRE - FEASIBILITY STUDY FEASIBILITY STUDY DERISKING OUR PATH TO GOLD PRODUCTION PRESENTATION JULY 2019 ASX:CAI DISCLAIMER DISCLAIMER This presentation does not constitute investment

521 views • 18 slides
WELCOME US 380 Collin County Feasibility Study DALLAS DISTRICT PUBLIC MEETING OCTOBER 4

WELCOME US 380 Collin County Feasibility Study DALLAS DISTRICT PUBLIC MEETING OCTOBER 4

10/4/2018 US 380 FEASIBILITY STUDY CSJs: 0135-11-022, 0135-02-059, 0135-03-048, 0135-04- 032, 0135-05-026 Collin County October 4, 9, and 11 US 380 Feasibility Study Update October 4, 9, and 11 WELCOME US 380 Collin County Feasibility

590 views • 13 slides
Flask Marcin Jenczmyk Clearcode m.jenczmyk@clearcode.cc 27/05/2017 Marcin Jenczmyk Flask

Flask Marcin Jenczmyk Clearcode m.jenczmyk@clearcode.cc 27/05/2017 Marcin Jenczmyk Flask

requirements.txt Hello there! HTTP methods Templates Static files Flask Marcin Jenczmyk Clearcode m.jenczmyk@clearcode.cc 27/05/2017 Marcin Jenczmyk Flask requirements.txt Hello there! HTTP methods Templates Static files Overview

978 views • 29 slides
May 14-04 CyRIS Nathan Clague, Michael Krantz, Zach Patzwald, Max Philips, Micah Stevenson, David

May 14-04 CyRIS Nathan Clague, Michael Krantz, Zach Patzwald, Max Philips, Micah Stevenson, David

May 14-04 CyRIS Nathan Clague, Michael Krantz, Zach Patzwald, Max Philips, Micah Stevenson, David Vriezen Advisor: Dr. Manimaran Govindarasu Client: Brock Ascher The Video Wall, September Predominantly static content Lacking hardware to

438 views • 21 slides
EVV Overview for Behavior Analysis Powered By Agenda 1. What is EVV 2. Who is Tellus 3. Next

EVV Overview for Behavior Analysis Powered By Agenda 1. What is EVV 2. Who is Tellus 3. Next

EVV Overview for Behavior Analysis Powered By Agenda 1. What is EVV 2. Who is Tellus 3. Next Steps 2 Powered By AHCA Florida What is EVV? The EVV system must provide the following Mobile technology required by Floridas Agency for

399 views • 15 slides
Presentation to Cork City Council Morrisons Island Public Realm Project Being brought

Presentation to Cork City Council Morrisons Island Public Realm Project Being brought

Morrison's Island Public Realm Project Incorporating Integrated Flood Defences Presentation to Cork City Council Morrisons Island Public Realm Project Being brought Co-funded by forward as OPW/CCC advance contract through Part 8 (Circa

1.36k views • 25 slides
United States Court of Appeals for the Federal Circuit __________________________ 01 COMMUNIQUE

United States Court of Appeals for the Federal Circuit __________________________ 01 COMMUNIQUE

United States Court of Appeals for the Federal Circuit __________________________ 01 COMMUNIQUE LABORATORY, INC., Plaintiff-Appellant, v. LOGMEIN, INC., Defendant-Appellee. __________________________ 2011-1403 __________________________

326 views • 14 slides
DV4mini Dom DiClementi, N3DD DV4mini USB Digital Hotspot Similar to D-Star DVAP

DV4mini Dom DiClementi, N3DD DV4mini USB Digital Hotspot Similar to D-Star DVAP

DV4mini Dom DiClementi, N3DD DV4mini USB Digital Hotspot Similar to D-Star DVAP Incorporates a 70cm Transceiver ( 12mW) Developed in 2015 by 3 German Hams Helitron http://www.helitron.de Available in the US in November

464 views • 15 slides
QUALITY BRAND OFFICES T AILORED OFFICES FOR BUSINESS OF ALL SIZES. WORK YOUR WAY . PRIME

QUALITY BRAND OFFICES T AILORED OFFICES FOR BUSINESS OF ALL SIZES. WORK YOUR WAY . PRIME

QUALITY BRAND OFFICES T AILORED OFFICES FOR BUSINESS OF ALL SIZES. WORK YOUR WAY . PRIME LOCATION. We are located in the heart of the business area, just steps from endless lunch and happy hour spots. 100% DEDICATED SPACES. Your space

380 views • 10 slides
A couple billion lines of code later: static checking in the real world Andy Chou, Ben Chelf,

A couple billion lines of code later: static checking in the real world Andy Chou, Ben Chelf,

average commo n A couple billion lines of code later: static checking in the real world Andy Chou, Ben Chelf, Seth Hallem Scott McPeak, Bryan Fulton, Charles Henri-Gros, Ken Block, Anuj Goyal, Al Bessey Chris Zak &amp; many others

750 views • 72 slides

More recommend