- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
Internet Security Tools for Defense In-Depth
- WhatWorks Home
- WhatWorks Poster - COSEC: Compliance through Security
- WALL 1: Proactive Software Assurance
- WALL 2: Blocking Attacks: Network Based
- WALL 3: Blocking Attacks: Host Based
- WALL 4: Eliminating Security Vulnerabilities
- WALL 5: Safely Supporting Authorized Users
- WALL 6: Tools to Manage Security and Maximize Effectiveness
This is a must for anyone that is considering taking the CISSP exam
-Leigh Lopez, CSUN
Check Them Out!
The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District
Defensive Wall 5: Summary
Solutions in this group help ensure that authorized users are not unduly impacted by security requirements while unauthorized individuals are blocked.
Defensive Wall 5: Safely Supporting Authorized Users
5.1 Identity and Access Management
Advanced IAM systems include workflow and provisioning capabilities to make sure access controls are consistent across applications.
Compliance Mandates: PCI DSS 8.5, 10.1,SOX DS5.3, DS5.4, HIPAA 164.312(a) and (d), FISMA AC-3, AC-17, AU-3, IA-2, IA-4, IA-5, ISO 27001/27002 10.9, 10.10.1, 11.2.3, 11.5.2
Tools:
Novell Identity Manager
Courion Account Courier and others
Oracle AccessManager & Identity Manager
Sun Identity Manager
5.2 Mobile Data Protection and Storage Encryption
Credit card information and other sensitive, private information would be a lot safer if it were encrypted. In addition, most breach disclosure laws do not require losses to be reported if the data was fully encrypted.
Compliance Mandates: PCI DSS Requirement 3, SOX A13.2 DS5.8 DS11.2, DS11.4, DS11.6, DS13.4, GLBA 16CFR Part 314.4(b) and (2), HIPAA 164.310(d)(1), 164.312(a)(2)(iv), FISMA AC-3, CP-9, MP-4; ISO 27001/27002 10.5.1, 11.7.1, 12.3.1, 12.3.2, 15.1.6
Tools:
CheckPoint Pointsec
GuardianEdge Data Protection Platform
PGP Mobile Encryption
Credant Mobile Guardian
5.3 Storage and Backup Encryption
Sensitive information has been lost on unencrypted back-up tapes and through unauthorized network penetration. Encryption appliances, or backup drives with built-in cryptography, encrypt data stored on those tapes or file systems.
Compliance Mandates: PCI DSS Requirement 3, SOX A13.2, DS5.8, DS11.2, DS11.4, DS11.6, DS13.4, GLBA CFR Part 314.4(b) and (2), HIPAA 164.310(d)(1), 164.312(a)(2)(iv), FISMA Ac-3, CP-9, MP-4, ISO 27001/27002 10.5, 12.3.1, 12.3.2, 15.1.6
Tools:
PGP NetShare
NetApp DataFort
EMC PowerPath
nCipher CryptoStor
5.4 Content Monitoring/Data Leak Prevention
Content monitoring and filtering tools are used to enforce acceptable-use policies, as well as detect information leakage. They inspect local storage and internal network traffic looking for sensitive information stored inappropriately or exiting the enterprise.
Compliance Mandates: PCI DSS Requirements 3, 4, SOX DS13.4, HIPAA 164.310(d)(1), 164.312(a)(2)(iv), FISMA SI-4, AU-2, ISO 27001/27002 12.5.4, 15.1.5
Tools:
Symantec Vontu DLP
McAfee Reconnex DLP
Vericept Protection and Monitor CAB
Verdasys Digital Guardian
5.5 Digital Rights Management
DRM applies persistent security policy to stored objects, generally using encryption. DRM requires mature public key management and enterprise directory capabilities in order to be effective.
Compliance Mandates: PCI DSS Requirement 3, SOX DS13.4, HIPAA 164.310(d)(1), 164.312(a)(2)(iv), FISMA AC-3, CP-9, MP-4, ISO 27001/27002 15.1.2
Tools:
Aladdin HASP SRM
SafeNet Sentinel RMS
EMC Documentum
5.6 Virtual Private Networks (VPNs)
VPNs save communication cost by enabling users to access their corporate networks through low-cost Internet connections, but they encrypt the data traveling over the network. VPNs should be used in conjunction with NAC to ensure the endpoints are secure. Most new installations are SSL VPNs. Increasingly businesses are applying transport encryption to all external network connections, such as MPLS.
Compliance Mandates: PCI DSS Requirement 4 8.3, SOX A13.2, DS5.8, DS5.10, DS5.11, GLBA 16CFR Part 314.4(b) and (2), HIPAA 164.312(e)(1), 164.312(a)(2)(iv), FISMA AC-3, AC-17, SC-23, SC-7, SC-9, ISO 27001/27002 10.6.2, 11.4.2, 11.7.1, 12.3.1, 12.3.2, 15.1.6
Tools:
CISCO ASA
CheckPoint VPN-1
Juniper Secure Access
F5 Firepass
Nortel VPN Gateway 3000
OpenVPN (free)
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy