INFOSEC
End Point Security
End Point endpoint security solutions include data security, network security, advanced threat prevention, forensics and remote access VPN for complete endpoint protection. To simplify security administration, our endpoint suite products can be managed using a single console.
Endpoint security systems operate on a client–server model with the security program controlled by a centrally managed host server pinned with a client program which is installed on all the network drives. There is yet another model called the software-as-a-service (SaaS), the security programs and the host server are maintained remotely by the merchant. The contribution from both the delivery model is that the server program verifies and authenticates the user login credentials and performs a device scan to check if it complies with a designated corporate security standard prior to permit network access.
Network Security
"Network security" refers to any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.
Network Security is an organization’s strategy and provisions for ensuring the security of its assets and of all network traffic. Network security is manifested in an implementation of security hardware, and software. For the purposes of this discussion, the following approach is adopted in an effort to view network security in its entirety:
· Policy
· Enforcement
Policy
The IT Security Policy is the principle document for network security. Its goal is to outline the rules for ensuring the security of organizational assets. Employees today utilize several tools and applications to conduct business productively. Policy that is driven from the organization’s culture supports these routines and focuses on the safe enablement of these tools to its employees. The enforcement and auditing procedures for any regulatory compliance an organization is required to meet must be mapped out in the policy as well.
Enforcement
Most definitions of network security are narrowed to the enforcement mechanism. Enforcement concerns analyzing all network traffic flows and should aim to preserve the confidentiality, integrity, and availability of all systems and information on the network. These three principles compose the CIA triad:
· Confidentiality - involves the protection of assets from unauthorized entities
· Integrity - ensuring the modification of assets is handled in a specified and authorized manner
· Availability - a state of the system in which authorized users have continuous access to said assets.
Strong enforcement strives to provide CIA to network traffic flows. This begins with a classification of traffic flows by application, user, and content. As the vehicle for content, all applications must first be identified by the firewall regardless of port, protocol, evasive tactic, or SSL. Proper application identification allows for full visibility of the content it carries. Policy management can be simplified by identifying applications and mapping their use to a user identity while inspecting the content at all times for the preservation of CIA.
The concept of defense in depth is observed as a best practice in network security, prescribing for the network to be secured in layers. These layers apply an assortment of security controls to sift out threats trying to enter the network:
· Access control
· Identification
· Authentication
· Malware detection
· Encryption
· File type filtering
· URL filtering
· Content filtering
Data Centre Security
Data center security is the pursuit of practices that make a data center more secure from a range of different kinds of threats and attacks. The data center, as a major primary resource for companies, deserves this kind of dedicated security effort.
Data centers are integral repositories for business data. Typically, these central IT infrastructures are served by sophisticated networking equipment and resources. They will take in business data from diverse places, and store it for eventual use. Complex designs may use IT tools called middleware to usher data to and from a data center or otherwise guide it within the system. Data center security aims to make that data less accessible to hackers or anyone else who may seek unauthorized access.
One type of data center security is physical security. Experts may recommend various kinds of facilities or site security such as setbacks, landscaping, thick walls, and other aspects of a building that will create physical barriers around the data center. Another main component of data center security is essentially network security. Because data centers are served by networks, security engineers need to plan adequate protections into those network trajectories that run to a data center. That may mean installing firewalls, anti-virus programs, or anything that prevents data breaches or other security issues.
Data center security may also vary according to the type of data center in question. For example, identifying a data center according to one of four tiers shows how fault tolerant that system is and what kind of security it may need. Generally, a lot of experts tend to recommend redundant utilities for data centers, such as multiple power sources, multiple environmental controls and more. Adequate security for a data center may also depend on the level of network virtualization that is used, or on other aspects of complex IT setups.
Security as Policy
Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.
