Security

by Carissa Carissa No Comments

Spotlight On…


Note: An incorrect link was included in the February 2013 Newsletter – to view Monica’s profile, please click here.




Employee Owner: Jeff Starling

Jeff has over 30 years of experience in the Information Technology industry.
His professional experience spans an array of voice and data network environments in the automotive, chemical, education, manufacturing and military sectors and most recently, managing the networks of a global manufacturing company with data centers in the US, Europe and Asia. His roles have included network engineering and support for global wide-area voice and data networks, Cisco firewall and VPN implementations, network analysis, WAN optimization, PBX design and installation, Internet security, application performance enhancement, and network cost-containment strategies. He is a veteran of the U.S. Air Force, serving as Telecommunications Systems Specialist, primarily in Europe and the Middle East. He is a Senior Network Consultant.


Jeff’s certifications include: Cisco Certified Network Associate (CCNA), Cisco Certified Security Professional (CCSP), Accredited Integration Specialist – HP Procurve Networking, Accredited Systems Engineer – Procurve Campus LANs, Blue Coat Certified Proxy Administrator (BCCPA), Blue Coat Certified Proxy Professional (BCCPP), Blue Coat Certified Security SE.


He and his wife Cindy will be celebrating 25 years of marriage next May. They have 2 daughters, Kristi, a junior at IU and Rachel, a junior at Southridge HS. Fall is his busiest season. If he’s not driving an equipment truck for the Southridge Marching Band, he’s enjoying hunting season trying to do his part to keep venison in the freezer and deer off the highways.


Contact your Keller Schroeder Sr. Account Manager to learn more about Jeff and how you can leverage his experience and skills to benefit your organization.

by Carissa Carissa No Comments

Your Finger on the ThreatPulse of Security

– Jeff Starling, Sr. Networking Consultant


Traditionally, protecting web traffic and enforcing acceptable use policies (AUP) for an organization was a fairly straightforward process. End users at branch offices obtained their Internet access from the corporate office and the centralized solution for managing those flows was maintained within that single location. The architecture may have scaled up or down depending on the size of the organization, but the concept was consistently applied across a variety of different solution providers.


In the more modern view, though, the process has become considerably more complex. The proliferation of high-speed bandwidth at remote offices makes the process of collapsing all Internet access to a single main office seem like a less attractive alternative. The mobility of the workforce in terms of laptops and personal devices which connect to multiple networks that enter and exit the corporate environment makes enforcing policy more difficult. When one or more of these more complex security concerns becomes an issue for IT resources, cloud-based Web-Security may be an alternative worth considering as part of your overall approach to securing web traffic.


In a cloud-based service, such as ThreatPulse from BlueCoat, organizations can provide real-time web threat protection and control for all subscribed users, regardless of location. The protection can be provided to fixed sites or roaming users, all while being managed from a single web interface for policy management and reporting. The services offer dashboards and drill-down reporting just like the traditional appliance-based offerings that organizations are used to maintaining, without the requirements to either deploy multiple physical boxes or to force all internet traffic out a single link.


Solutions such as ThreatPulse can make business sense for smaller organizations looking to offload the administrative and maintenance overhead of filtering software installed on appliances, to allow for support of a more mobile or remote workforce, and could align well with other SaaS offerings that businesses have already embraced. For larger enterprises, the solutions can be appealing to support distributed operations, remote offices, and roaming users. They also allow for expedited implementation without the need to deploy on-premise equipment or rely on local expertise.


The benefits and applicability of a cloud-based web security solution vary greatly depending on an organization’s networking architecture, the locations of users, and the levels of acceptable risk. In an increasing number of cases, the case for moving those services to a hosted solution is becoming more compelling. As you consider how your organization is prepared to handle the increasing complexity of securing your end-users’ web traffic, contact your Senior Account Manager to schedule a time to talk in more detail about whether current on-premise or cloud-based solutions may be beneficial to your environment.


Contact your Keller Schroeder Account Manager for more information or a demonstration of this product and how you, together with Keller Schroeder, can benefit your environment.

by Carissa Carissa No Comments

Spotlight On…

Employee Owner: Warren Swingle

WarrenSwingle

Warren has over 16 years of experience in designing, installing and troubleshooting networks. He has extensive knowledge of data networking, including years of significant experience on voice networks. He has led or played critical technical and project management roles in numerous deployments of Cisco Unified Communications at clients ranging from local businesses to international organizations. His work also includes being the lead network architect in redesigning a secure and stable network for a large financial institution, including a robust business continuity plan. Warren is a Senior Network Consultant.


Warren is a Southern Illinois native and has made Evansville his home since 1998. He and his wife Jennifer have 2 boys, Jack (age 9) and Ethan (age 8). He is a Cub Scout Den leader and helps coach his boys’ baseball and football teams. When he has free time, he enjoys bike riding, fishing, and geocaching with the family.


Contact your Keller Schroeder Sr. Account Manager to learn more about Warren and how you can leverage his experience and skills to the benefit of your organization.


Warren’s Certifications include:
CCNA, Cisco Certified Design Associate (CCDA), Cisco Certified Voice Professional (CCVP), Cisco Wireless LAN Specialist (CWLAN)

by Carissa Carissa No Comments

Keller Schroeder Security Practice

– Brad Mathis, Sr. Information Security Consultant


Keller Schroeder has a Security Practice? Tell Me More…


Since the launch of our Security Practice in early 2011, Keller Schroeder has been performing ongoing security assessments at organizations throughout the Midwest. Apparently, we’ve been so busy performing security assessments that we may have failed to adequately spread the word of our Security Practice to our entire client base. This came to our attention recently when a long-time client emailed us and asked if we had recommendations for companies that offer security services such as vulnerability assessments and penetration testing. Whoops!!


Based upon the client’s initial email, it was possible they didn’t realize we offered those services. Our immediate response to the client was: (client contact information removed for privacy)

(Client),

I was forwarded your email regarding Security Assessment companies. I wasn’t sure if you were aware of our security practice at Keller Schroeder. We have been quite successful and have kept a rather full calendar in 2011 focused purely on security.

To quickly introduce myself, I was brought in early last year to run with the Keller Schroeder Security Practice. That being said, my sole focus has been providing Security Services consisting of security assessments. These assessments have included internal and external vulnerability assessments, penetration testing, wireless security assessments, compliance and best practice reviews, configuration reviews, and the like. Since Spring of 2011, we performed security assessments at twenty-four (24) different client locations throughout the Midwest; some of these consisting of multiple engagements.

I have attached my Keller Schroeder mini-bio, which highlights my security certifications and career experience.

If you can fill me in on what your specific security assessment needs and requirements are, I will try to help get you pointed in the right direction. Most of what was listed in your email are things we should be able to help with. However, we have an external security partner we could work with as well, should your scope call for it.

As a past security assessment services consumer, I have worked with many of the larger security assessment companies out there. I learned that I often paid a large price, but received little value in return. In building our security practice, I have tried to build a blend of fair cost to the client with a better return on their investment. So far, so good. Satisfaction has been high.

Let me know if you would like to discuss further. If you determine Keller Schroeder’s Security Practice is not the right fit, we can definitely set up a conference call with our external security partner.

Let me know if you have any questions.

Thanks,

Brad Mathis, CISSP, CGEIT, CRISC, GPEN
Senior Consultant, Infrastructure Security
Phone: (812) 492-7377
Fax: (812) 474-6835
bmathis@kellerschroeder.com
www.www.kellerschroeder.com


As we feared, our assumptions were correct. An excerpt of the client’s response is below:

Thanks for the e-mail. I was not aware Keller offered this service. Let me get with (internal contact) when he gets back and see if this can be an option. He is due to return on the ….


Are you just now finding out that Keller Schroeder has a Security Practice? Contact your Keller Schroeder Account Manager for more information and to discuss opportunities that we can assist with to help identify your infrastructure security strengths and opportunities.

by Carissa Carissa No Comments

Spotlight On…

Employee Owner: Corey Ainscough

CoreyAinscough

Corey has over 13 years of experience in the Information Technology field. Prior to his role with Keller Schroeder, his experiences came from the Educational environment where his focus was primarily on support of workstations for facility and staff. Corey then spent nearly seven years with Old National Bank supporting and managing projects involving development and migration of over 3,500 workstations in six states, server builds/migrations for acquired banks along with daily support of backups, messaging and nearly 400 additional applications. His most recent efforts focus around security architecture and implementation as well as Microsoft server and messaging technologies for various sized clients including a Global Nutrition Company. With over 100 locations in 30+ countries, this client utilized Corey where he spent the better part of six months traveling globally in order to support phases of a complex project including site conversions in Europe and Asia.


Global travel was a fun experience for Corey who grew up in the small southern Indiana town of Odon (population 1,400). Corey moved to Evansville in 1997 for college where he later met his wife Megan in 2006. They now live in Newburgh with their two sons Reid (23 months) and Carson (12 weeks). When he is not playing trains or reading books to his sons, Corey enjoys renovating investment properties and training for half marathons. He is a Senior Consultant.


Contact your Keller Schroeder Sr. Account Manager to learn more about Corey and how you can leverage his experience and skills to the benefit of your organization.


Corey’s Certifications include:
Global Information Assurance Certified in Security (GSEC), Microsoft Certified Systems Engineer + Security (MCSE + Security), Microsoft Certified Technology Specialist – Windows Server 2008 (MCTS 2008 Server), Comptia Security+, Comptia Network+, Certified Novell Administrator (CNA)

by Carissa Carissa No Comments

Spotlight On….

Employee Owner: Tim Deem

TimDeem

Tim has over 25 years of experience in the Networking arena, including experience in managing Bristol-Myers’ Global Network, and managing a regionally-based Internet Service Provider operations center. He has been directly involved in designing, planning, implementing and troubleshooting Wide Area Network (WAN) and Network Security projects for International companies, large enterprises and small businesses. In addition, his recent experience he been as the technical lead for deploying secure and robust Unified Communications (voice) solutions for enterprises with both US and International locations. He is a Senior Network Consultant.

Tim is a home grown, Evansville native and a graduate of the University of Southern Indiana. His wife, Diane, and two sons, Nathan and Joshua, live on the west side of town (Go Reitz!) and he can often be found tapping his foot to his substantial eclectic collection of music or focusing behind the lens of his Nikon D90 capturing people, landscapes, buildings and other area sights.

Contact your Keller Schroeder Sr. Account Manager to learn more about Tim and how you can leverage his experience and skills to the benefit of your organization.

by Carissa Carissa No Comments

LogRhythm & Blues

– Jeff Gorman, Business Unit Director

Many organizations simply do not have a reliable method for collecting log and event data from key systems within their infrastructure. Historically, systems that collect that comprehensive logging data have either produced a volume of data that made them unrealistic to use for extracting relevant data or have been so expensive to implement in terms of resources and staff that few organizations could justify the investment.

In today’s environment, several organizations face regulatory requirements for log management, event management, file integrity and privileged user monitoring. Whatever the driver – PCI-DSS, SOX, HIPAA, FISMA, NERC CIP, GLBA, GCSx, GPG13, or simply a desire to more proactively plan and track events within the infrastructure, organizations face challenges in meeting these requirements easily, efficiently, and affordably. The cost of acquisition, deployment and ongoing management of disparate solutions, even if they are offered by one vendor, can be substantial.

No matter what the reason for implementing a log management or information monitoring solution, the complexity of installation, operation and ongoing management will go a long way toward determining its success. A solution that can’t be deployed, learned and operated without requiring major resources can become more of a problem than a solution. IT executives need to be assured that what they invest in today will accommodate their immediate organizational needs and those in the future.

Because of these requirements, more businesses are looking for Security Information Event Management (SIEM) systems to improve their business proposition both in terms of value and efficiency.

Distinct from legacy SIEM solutions, LogRhythm fully integrates traditionally separate log management and security event management functions to collect, analyze and correlate log data – with a single console for operating and administering all components. Collecting data from any source, LogRhythm’s SIEM 2.0 platform builds on an advanced data management structure with extensive data enrichment to analyze all log data in real-time. Automated risk-based prioritization, powerful forensics, advanced visualization and alerting in a simple-to-use GUI empowers organizations to gain unprecedented visibility and control over their enterprise IT environment.

A wealth of valuable information can be derived from log data – whether it originates in applications, databases, servers, network devices or endpoint systems. By automating the collection, organization, analysis, archiving and reporting of all log data, LogRhythm enables organizations to easily meet specific requirements, whether driven by internal best practices or one of many compliance regulations. LogRhythm delivers valuable, timely and actionable insights into security, availability, performance and audit-related issues.

LogRhythm appliances come in a variety of models including High Availability solutions that support business continuity and information assurance for LogRhythm deployments. Because of LogRhythm’s distributed, incrementally scalable architecture, deployments can start with a single appliance and scale from there by simply adding appliances. Regardless of the performance, storage or geographic requirements, LogRhythm is architected for flexible and efficient expansion.

LogRhythm is an enterprise-class platform that seamlessly combines Log Management, SIEM, File Integrity Monitoring, and Network & User Monitoring into a single integrated solution. It is highly reliable and cost-effective, and can scale to fit the needs of any enterprise. With LogRhythm, you can invest in a single solution to address requirements and challenges throughout your organization, whether they are related to compliance, security or IT operations.

To learn more about how this product might benefit your environment, please contact your Keller Schroeder Senior Account Manager for more information or a demonstration.

by Carissa Carissa No Comments

What’s Lurking Around Your Network?

– Brad Mathis, Sr. Consultant

Have you ever walked into a dark house late at night and had a feeling that someone was lurking behind a door or waiting silently around the corner? How about when you go swimming at the beach? Have you ever drifted out too far and then felt you were about to become the tasty treat of a carnivorous ocean dweller? Why do we have these feelings of apprehension and fear? Could it be that awareness of true happenings such as these help us keep our guard up in order to prevent ourselves from becoming a statistic?

So why is it that we so often overlook intruders and attackers in our computer systems and networks? The news stories are there and the intrusions and attacks are very real. People often think it only happens to large organizations like Heartland Payment Systems (over 130,000,000 compromised records) or Sony (over 77,000,000 compromised records) and think it will never happen to them. Over the past 25 years, I have too frequently seen this pattern of thought. Security is overlooked and seen as either overhead or something that has to be done for an audit, only to be taken seriously after they become the victim of a security breach.

“So, what do I need to do to better protect my systems?”, you may be wondering. Ultimately, it is the data that is at risk. Compromised data is the equivalent of money to cybercriminals and those seeking to defraud you or your business. In the early days, the simple solution was to install a firewall. As Bob Dylan once sang, “Times They Are a Changin’.” There is no longer a definitive border to your network environment. No longer is there truly an “inside” and an “outside.” With advancements in technology and increased intelligence at the endpoint, every network attached device, whether it is a PC, laptop, printer, or even a PDA, is an entry point into the corporate network. Hackers no longer need to break in through your firewall if they can easily hitch a ride in malicious software that can attack your network’s weak spots from the inside.

If you want to be prepared for the cyber boogiemen and cyber sharks, proactive security practices are imperative. Security can no longer be an afterthought if you want to conduct business in today’s environment. Layered security and ongoing diligence will help you be better prepared and better protected. Effective layered security is not only antivirus, firewalls, internet content filtering, and intrusion detection. It is not only software patching and spam filtering. It includes information security policies and standards. It includes ongoing security assessments and monitoring. It includes ongoing security awareness. Most importantly, it includes focusing on and preparing for tomorrow’s threats while continuing to identify and protect against the threats of today.

The cost of a data breach has now been estimated to be $214 per record according to Dr. Larry Ponemon of the Ponemon Institute. How many records is your business responsible for?

To learn how the various services within Keller Schroeder’s Security Practice can benefit your organization, including demonstrations of several tools, contact your Keller Schroeder Sr. Account Manager.

by Carissa Carissa No Comments

Spotlight On…

Employee Owner: Brad Mathis

BradMathisBrad brings over 25 years of experience in the Information Technology and Security fields to Keller Schroeder. His experience encompasses several diverse industries, including, but not limited to, health care and financial services. From 2004 to 2011, Brad served as Vice President and Corporate Network Security Manager, as well as Network Information Security Officer, for Old National Bank. Prior to that, he provided IT consulting services for a leading Wall Street financial management company, Canada’s largest telecommunications company, as well as several smaller companies. For several years before that, he managed wide area network and security infrastructure services for a large multi-location health care organization.

He serves on the Program Advisory Committee for ITT Tech’s School of Information Technology. Brad recently completed a term on the state board of directors for the Indiana InfraGard Members Alliance; a private sector partnership with the FBI. He is actively involved with the Rotary Club of Warrick County and has held multiple leadership positions with them, including club President. Brad also volunteers his time to present (ISC)2’s Safe & Secure Online, a program that stresses Cyber Safety to area youth. In 2009, Brad was a guest speaker at the SANS Log Management Summit in Washington, D.C.

Brad and his wife Lisa will be celebrating 26 years of marriage in 2011. An import from Southern Illinois, Brad has lived in the Evansville area since 1985. Their 22 year old daughter, Brittany, will be getting married in the fall. She will be graduating from USI in the spring with a Masters in Occupational Therapy. Their twin sons, Nick and Zack, 19, are freshman Engineering students at USI.

Contact your Keller Schroeder Sr. Account Manager to learn more about Brad and how you can leverage his experience and skills to the benefit of your organization.

by Carissa Carissa No Comments

Cisco ASA 8.3 OS

If you’ve interacted with Cisco OS and IOS levels before, a numeric increase to the right of the decimal historically indicates a minor upgrade, focused on resolving open caveats or simple enhancements to existing features.

Cisco’s release of the ASA security OS 8.3 has challenged that perception.  The changes in the configuration of Network (and Port) Address Translation and Access Control Lists alone are worthy of Calvin & Hobbes’ best efforts at transmogrification.

This article won’t presume to cover in detail all the differences or iterations, but will touch on a few specific examples that are critical to review prior to any planned upgrade to this version.

The word of the day is objects.


The following is an example of a pre-8.3 and 8.3 configuration of a simple STATIC NAT in preparation for allowing public Internet access to an internal web server (10.1.1.10) by referencing the public IP 192.0.0.10:

Pre-8.3 configuration:

static (inside,outside) 192.0.0.10 10.1.1.10 netmask 255.255.255.255

8.3 configuration:

object network PubWebServer

host 10.1.1.10

nat (inside,outside) static 192.0.0.10


Another example of a difference in pre-8.3 and 8.3 configuration is shown in the following basic DYNAMIC PAT (Port Address Translation) to hide an internal RFC addressed network (192.168.2.0/24) as a single public IP address (192.0.0.1) for Internet access:

Pre-8.3 configuration:

nat (inside) 1 192.168.2.0 255.255.255.0

global (outside) 1 192.0.0.1

8.3 configuration:

object network my-inside-net

subnet 192.168.2.0 255.255.255.0

nat (inside,outside) dynamic 192.0.0.1


From the above, you can see that although structured differently, the familiar configuration parameters referencing the interfaces, IP addressing and NAT/PAT method (STATIC and DYNAMIC) are still present.   Cisco states the benefit as an increased flexibility in administering and managing both simple and complex NAT scenarios.

The changes to the Access Control Lists are less visually dramatic, but nonetheless are still significant.  The primary changes include the following:

1.       ACLs now reference the real ip addressing (pre-nat) of the hosts & networks where historically the public ip addressing (post-nat) were referenced (specifically on public facing interfaces)

2.       A Global ACL now exists which now tails the end of any interface based ACL

3.       As a result of the Global ACL, the explicit deny we’ve all come to respect is non-existent on interface based ACLs and now exists only in the Global ACL

Visit the 8.3 Configuration Guide for more details regarding the NAT/PAT and ACL changes.

In addition, as you prepare or decide whether or not to upgrade to version 8.3 of the OS closely review the memory requirements (which vary by ASA model) .  The following table identifies those appliances that require additional memory for the 8.3 upgrade.

Standard Memory and Memory Requirements

ASA Model Default Internal Flash Memory Default DRAM Before Feb. 2010 Default DRAM After Feb. 2010 Required DRAM for 8.3
5505

128 MB

256 MB

512 MB

Unlimited Hosts License: 512MB1
Security Plus License with failover enabled: 512MB1
All other licenses: 256MB
5510

256 MB

256 MB

1 GB

1 GB1

5520

256 MB

512 MB

2 GB

2 GB1

5540

256 MB

1 GB

2 GB

2 GB1

5550

256 MB

4 GB

4 GB

4 GB

5580-20

1 GB

8 GB

8 GB

8 GB

5580-40

1 GB

12 GB

12 GB

12 GB

1 A DRAM upgrade may be required.

If you’d like to learn more or have a member of our Network Solutions Group (NSG) assist with the planning or execution of an upgrade, please contact your Keller Schroeder Account Manager today!

Top