Tietoturvaesite
Security Solutions
What lurks?
Protect your network,
your data, your infrastructure,
and your personnel with
security solutions from Black Box.
Network and Cyber Security
Physical Security
» Network Access Control
» Biometric Access Control
» Internet Threat Protection
» Environmental Monitoring
» VPN Firewall
» Secure, Long-Distance Wireless
» Secure Switches
» Emergency Messaging
blackbox.eu
Why Security Is Important
Can your organization protect itself in this new digital age?
Corporate networks are routinely attacked tens of thousands
of times every day. Intellectual property is stolen. Records are
destroyed. Privacy is compromised.
What do you have that’s worth stealing?
Our ever-growing, ever-faster cyber world makes protecting your
network from intruders ever more difficult. Increased data storage
capability makes breaches even more devastating — terabytes
of information can be lost in the blink of an eye. More features
invariably provide more inroads for hackers.
And hackers are no longer just techies with a hobby.
Hackers are now often highly trained professionals in places
like eastern Europe, Russia, or China and they’re out to make
a profit on you.
Or the threat can be an
inside job, perpetrated
from within your
very organization.
38% of ID theft victims had their debit or credit card
number stolen with a $500 mean cost per victim.2
Ten biggest security threats.3
10. Zero-day exploits: 10.5%
9. Cyber espionage: 13.9%
8. Organized cyber crime networks: 20.1%
7. Internet works: 20.6%
6. Viruses: 21.2%
5. Phishing/social engineering: 22.5%
4. Trojans/information stealing keyloggers/fast flux botnets: 33%
3. Social networking threats: 34.4%
2. Internal threats: 35.9%
1. Data loss/breaches: 39.7%
10 20 30 40
Types of identity theft 4
Utilities
Fraud
18%
Hackers broke into the Virginia Health Professions
Database, a Web site used by pharmacists to track
prescription drug abuse. They deleted the records
of more than 8 million patients and replaced them
with a ransom note demanding $10 million.1
Bank Fraud
17%
Credit Card
Fraud
26%
Employment
Fraud
12%
Loan Fraud
5%
Government
Fraud
9%
Other
13%
Identity theft cost victims $54B in 2009.4
www.blackbox.eu
Why Security Is Important
Get protected.
Network and cyber security
Protect the flow of traffic on your network. Keep interlopers
out. Identify suspicious network activity, clamp down on
network bots, and ensure that private data stays private.
Network Access Control (NAC) . . . . . . . . . . . . . . . . . . . 4–5
Internet Threat Protection . . . . . . . . . . . . . . . . . . . . . . . 6–7
VPN Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8–9
Secure Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10–11
The average cost of a
data breach is $204 per
compromised record.5
Physical security
Protect your space and the physical components of your network.
Keep unauthorized people out of restricted areas and keep
a weather eye out for danger.
Biometric Access Control . . . . . . . . . . . . . . . . . . . . . . 14–15
The Heartland Payment System breach that compromised
the identity of 130 million customers has cost the company
$12.6 million in legal fees and fines.6
Environmental Monitoring . . . . . . . . . . . . . . . . . . . . . 16–17
Emergency Messaging . . . . . . . . . . . . . . . . . . . . . . . . 18–19
Considering your organization’s security needs
Every organization’s network security needs are different.
When you assess yours, these are factors you want to consider:
• Risk tolerance — What would you lose if your network
were breached? Keep in mind not only data risk, but also
risk to network components and your physical plant.
• Cost — What is a secure network worth in pure monetary terms?
Reports of hackers taking down the power grid
in Brazil were probably false. But the story inspired
hackers to break into the network of the Brazilian
power company.7
1. The Washington Post, May 4, 2009
2. Javelin Strategy & Research, 2009
3. CRN State of Technology: Security, September 2009
4. Federal Trade Commission Complaint Data, 2009
5. Wired, November 9, 2009; g1.globo.com, November 16, 2009
6. NetworkWorld, May 7, 2009
• Convenience — Good network security should inconvenience
network users as little as possible.
• Staffing — Network security should be within the capabilities
of your IT staff, both in time required and skills demanded.
• Regulatory compliance — Your organization may have
to comply with security requirements and record keeping
spelled out by standards such as PCI, GLBA, or HITECH.
Useful links
www.us-cert.gov
www.us-cert.gov/resources.html
www.us-cert.gov/ITSecurityEBK/
www.staysafeonline.org
www.onguardonline.gov
www.MSISAC.org
7. Bankinfosecurity, January 10, 2010
www.blackbox.eu
1
Network and Cyber Security
Deploy a mutilayered, integrated approach
to your network security strategy.
The goal of network security
Network access control
Network security should ensure that authorized users get
convenient and easy access to information, while preventing
unauthorized access or tampering. This is often expressed
as confidentiality, integrity, and availability (CIA). Confidentiality
is preventing unauthorized personnel from getting private
information; integrity is preventing unauthorized personnel from
altering information; and availability is ensuring that information
is available to authorized personnel when it’s needed.
Network access control (NAC) prevents unauthorized devices
from connecting to your network. It keeps unwanted laptop
computers from connecting to an open port or breaking into
your wireless network. NAC totally eliminates the problem
of users plugging in unauthorized access points for their own
convenience and forgetting to secure them—just one rogue
access point can compromise the security of an entire network.
Network security means allowing the right people to access the
right information at the right time. It can be a fine balancing act
to protect data and keep out the unwanted while still enabling
your staff to get work done.
See pp. 4–5 for Veri-NAC.
Web traffic and Internet
application may be shaped,
prioritized, and/or filtered.
LAN
WAN
Secure Internet Gateway
Stateful Inspection
Firewall with VPN
Staff
Mobile Users
Internet Link
Switch
Training/Guest
LAPD Servers
Network Access Control
2
www.blackbox.eu
Network and Cyber Security
Secure Internet gateway
Stateful inspection firewall
Reduce Internet threats with a secure gateway that includes
bandwidth shaping and content filtering. Dynamic content
analysis identifies and shuts out connections from anonymous
proxies. Plus, Internet gateways block malware and viruses
with database matching and often feature spyware
removal capabilities.
A stateful inspection firewall actively examines all Internet
connections to make sure they’re valid. It examines not only
the header information, but also the contents of each data
stream, making decisions not just on individual packets,
but on context.
See pp. 6–7 for Optinet.
A firewall that also supports VPN enables remote users to establish
secure, encrypted tunnels to communicate with the network.
See pp. 8–9 for FireTunnel.
LAN
Stateful Inspection
Firewall with VPN
Dept 1
Switch
Internet
Dept 2
Switch
Internet Link
Dept 3
Switch
Dept 4
Switch
Network Access Control
www.blackbox.eu
3
Network Access Control
According to the CSI/FBI survey, 80% of all data breaches
come from inside the network.
Functions NAC systems may perform
• Simple network access —authenticating devices wishing to
access the network and granting or denying them access.
According to the Ponemon Institute, the average
network breach costs $6.75 million.
Network breaches don’t just happen in that place where your
network meets the Internet. Chances are, if you experience
a breach, it will come from inside your network.
Unauthorized devices joining the network through an open port
or a wireless network is a real threat. With an ever-increasing
number of mobile devices — laptop computers, notebooks,
smartphones, PDAs, even video game systems — network
managers are finding that portable devices are creating a real
security threat. Controlling access is what NAC is all about.
What’s NAC?
Network Access Control (NAC) is a method of ensuring that
only known devices are allowed to connect to your network
and that they meet your network’s requirements before they
are granted access.
This is NAC at its most basic level. However, today’s NAC is
usually also capable of dictating each user’s level of access
and of managing users’ access once they’re on the network.
Part of every complete security plan
• Limit network use — controlling where users can go and
what resources they can use once they get on the network,
based on identity, time of day, location, and application.
• Group users — segmenting users into groups—for instance,
trusted and untrusted or accounting and non-accounting.
• Policy enforcement — helping network devices meet
organizational standards — including software updates and
virus control — to make sure the network isn’t compromised
by problem devices.
• Quarantine— routing legitimate users who aren’t in
compliance to a separate restricted VLAN.
• Remediation — providing tools that enable users to bring
their devices into compliance.
• Monitor network activity — preventing suspicious activity,
potentially preventing zero-day attacks on vulnerabilities for
which patches are not yet available.
• Visibility — providing a real-time overview of what devices
are connected and what their status is.
• Regulatory compliance — keeping records to document
compliance with standards such as Sarbanes Oxley, HIPAA,
PCI, and ISO.
• Malware protection — helping to prevent infection from
viruses and other malware both by limiting network access
and by scanning the network for common vulnerabilities
and exposures (CVEs).
NAC has a special place in a network security plan because,
unlike a firewall, which offers perimeter protection, it monitors
the inside of your network. A firewall stops the hacker in Poland
from getting to your network through the Internet. NAC
stops the hacker inside your building or in the parking lot
from getting to your network through an Ethernet port or
a wireless access point.
Even though a NAC appliance may also monitor network
activity, enforce policies, control resources, and document
security, the core function of NAC is to authenticate trusted
devices and control who can access your network.
It’s important to keep in mind that NAC is only part of a security
plan, not a complete security measure. It doesn’t take the place
of a firewall and won’t protect against data leaving through
e-mail, printouts, or USB flash drives.
4
According to the Ponemon Institute, 80% of healthcare
organizations have had a breach.
www.blackbox.eu
Network Access Control
Harden your network and cover your assets with ironclad network
access control and vulnerability management.
Control who gets on your network
• One-box vulnerability management and
network access control (NAC).
• Non-inline design provides rock-solid security
in an easy-to-deploy appliance.
• No infrastructure upgrade needed — works with existing switches.
• Works with both wired and wireless devices.
• Protects your network from vulnerabilities
that firewalls can’t defend against.
Veri-NAC only lets computers and devices onto your network
that you deem as trusted. Veri-NAC assembles a profile of each
device and only lets known, trusted devices on the network.
It can even detect and stop a machine trying to get in under
a spoofed MAC address.
Smart access control
Veri-NAC can also check to make sure each connected machine
complies with your standards, including up-to-date operating
system, patch management, and hardened configurations. If a
machine isn’t up to snuff, it can be locked out of the network
except for the resources the user needs to bring the device into
compliance.
No-hassle setup
Veri-NAC is easy to install—it requires no agents and no
equipment upgrades. In just a few minutes you can have it
up and running.
NAC setup
Remote operations
Device
Status
Threat
Potential
CVE Audit
Status
3
3
Corporate
Description
Corporate Office
Main Campus
Sales Offices
N.A. Sales
Mfg. Group
Assembly Sites
Device
3
3
3
3
3
Pittsburgh
Dallas
San Jose
Third-party evaluations
“Full dynamic access control and auditing of network devices.”
– Peter Stephenson
SC Magazine Product Rating
Features
Ease of Use
Performance
Documentation
Support
Value for Money
Overall Rating
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
For: Full dynamic access control and auditing of network devices.
Against: None that we found.
Verdict: A solid suite of hardcore NAC products with a clear
focus on keeping unauthorized systems and users off the
network. We give Veri-NAC our Recommended this month.
www.blackbox.eu
5
Internet Threat Protection
Misuse of the Internet costs corporations billions every year.
What’s going on between your network
and the Internet?
The Internet is the genie that won’t go back into the bottle.
You can’t live without it, and now you can’t live with it.
Audio and video use tremendous amounts of bandwidth. Your
users are downloading entire movies from the Internet. Does
that leave bandwidth for vital applications hosted elsewhere?
Just what are those users downloading anyway? How can
you be sure your resources aren’t being used for porn?
And how much time is going to social networking sites?
How many games are your employees addicted to?
Aside from general misuse of the Internet at your site, what
kind of malware is trying to get into your network from the
Internet? Can you trust the firewall to catch everything?
It’s enough to make you want to shut off the Internet altogether.
Too bad you can’t live without it.
Internet
Threat Protection
Gateway
Network
Content filtering —
eliminating the naughty bits
Where are your network users going on the Internet? Obviously,
you don’t want the liability of having your network used for
pornography, on-line gambling, or worse.
But beyond the issue of users visiting inappropriate sites, there’s
the issue of “fun” sites that interfere with productivity. Most
organizations feel that some personal e-mailing, shopping, and
social networking is permissible, but don’t want personnel
spending hours chatting and playing games.
The key is smart content filtering that doesn’t allow access to
inappropriate sites and throttles access to harmless sites. Users
find that social networking and shopping sites load slowly, even
when plenty of network bandwidth is available.
Smart content filtering includes the ability to detect users trying
to bypass network controls by using anonymous proxy servers.
Bandwidth management —
the key to optimal network performance
With the explosive growth of audio and video on the Internet,
it’s no wonder you seem to need ever more bandwidth.
But adding more bandwidth is never a permanent solution
to performance issues.
The solution is to manage bandwidth so vital applications get
priority over recreational or non-time-sensitive Internet use.
Malware blocking —
keeping the creepy crawlies out
The creators of malware get more creative all the time.
Malware can come through trusted sites and even lurk in
encrypted traffic.
Malware blocking should include matching possible threats
against an up-to-date database and the ability to remove spyware.
Bandwidth on your network can be controlled by a bandwidth
manager, sometimes referred to as a traffic shaper. A bandwidth
manager enables you to control communications providing
more bandwidth to high-priority traffic than applications with
a lower priority status. This ensures that business-critical applications
such as e-commerce transactions always take priority.
6
www.blackbox.eu
Internet Threat Protection
Control bandwidth costs, increase employee productivity,
and reduce Internet threats.
One box for exquisite network management
• Provides unparalleled visibility of gateway traffic,
giving both dashboard and granular detail.
• Enables comprehensive Web traffic monitoring
and lets you see exactly how your employees
use the Internet.
• Enables you to set appropriate policies
and restrictions for Web use, and automatically
enforce those restrictions.
• Enables bandwidth management, reporting,
and application prioritization.
• Blocks malware and viruses with advanced
database matching and client spyware removal.
• SSL filtering makes it possible to apply content
filtering to secure sockets layer (SSL) traffic.
Optinet integrates content filtering, bandwidth management,
and threat elimination. It’s the answer to getting both security
and performance. Optinet delivers a higher value to your
organization than standard content filtering or simple bandwidth
management approaches. It improves employee productivity
by eliminating inappropriate use of the Internet, minimizes
non-critical browsing activity, and protects employees from
inappropriate content.
Use easy-to-view, on-demand graphical reports to ensure
critical applications have the resources they need.
www.blackbox.eu
Optinet speeds up your organization through application control
and bandwidth shaping and prioritization. Critical traffic gets
the resources it needs because Optinet adjusts bandwidth
resources dynamically, often eliminating the need to upgrade
bandwidth. It also minimizes delays caused by non-critical
traffic, prioritizes bandwidth for critical Web sites, provides
more resources to important users, and adjusts for periods
of heavy network use.
Optinet complements your firewall by providing filter avoidance
updates and dynamic content analysis that identifies and shuts
out access to dangerous anonymous proxies. Plus, Optinet
blocks malware and viruses with advanced database matching
and client spyware removal capabilities.
7
VPN Firewall
Every size organization needs top firewall security.
Firewall type
There are three main types of firewalls — packet filtering,
application layer, and stateful inspection.
A packet filtering firewall is older technology operating in only
the first three OSI layers. It examines each packet for compliance
to packet-filtering rules and forwards or discards the packet
accordingly. This kind of firewall treats each packet individually
with no regard to stream of traffic. Firewalls that rely only on
packet filtering are regarded as inadequate by today’s standards.
There are firewalls and there are firewalls. Just because a device
or software package is called a firewall, doesn’t mean it’s enough
to secure your network. Too often, the inexpensive firewalls
affordable to small businesses are lacking in important features.
When comparing firewalls, there are a number of features to look
for that will ensure you get the most protection for your money.
Firewalls that add application filtering are slightly more advanced.
These firewalls recognize certain applications and protocols
and can accept or reject packets depending on what application
they belong to.
The modern firewall — and the only kind to consider for full firewall
protection — is the stateful inspection firewall. The statefulinspection firewall tracks the entire data stream rather than just
individual packets. It can tell whether a packet is the start of a
new connection, part of an existing connection, or an invalid
packet. Because this kind of firewall uses connection awareness
in addition to packet awareness, it can guard against attacks
that use existing connections, as well as denial-of-service attacks.
VPN
A firewall that supports virtual private networks (VPNs) is crucial
for any organization that has remote offices that connect to the
main office over the Internet. A VPN uses encryption to create a
private “tunnel” across a private network or the Internet, enabling
two nodes to communicate as if they were on a private network,
unreadable to anyone else. A VPN is often used to connect sites
together over the Internet or for traveling employees to communicate securely from their laptop to the corporate network.
Redundant connections
If an Internet connection is vital to your business, redundant
Internet connections are a must to maintain vital e-mail and
other services if an Internet connection goes down. Because a
firewall lives between your network and the Internet, you need
a firewall with dual WAN connections that support two Internet
connections. Load balancing spreads Internet traffic across both
connections. If one link goes down, the other takes up the slack
until the first link is back.
8
www.blackbox.eu
VPN Firewall
Enterprise-class firewall features for less than $350.
• Full stateful inspection firewall with denial of service
(DoS) prevention and filtering.
• E-mail alert service notifies you when attacks occur.
• Support for VPN, enabling you to establish
up to 30 encrypted tunnels across the Internet
for secure remote data access.
• Load balancing across two WAN connections
with automatic failover for high Internet availability,
optimal bandwidth sharing, and network redundancy.
This capable Internet appliance is ideal for small- to mid-sized
organizations with high security requirements and tight budgets.
Because it’s virtually plug-an-play, it’s an ideal solution for
organizations without a dedicated IT staff.
This capable firewall offers features usually seen only in larger,
more expensive, enterprise-class firewalls. In addition to being a
state-of-the-art stateful inspection firewall, FireTunnel 30 enables
you to establish up to 30 secure VPN tunnels across the Internet,
plus it offers dual WAN connections with load balancing.
This coffee shop has it all: frothy cappuccino,
delectable pastries, comfy seating, and a secure network.
A regional chain of coffee shops has what the Germans call
Gemütlichkeit, providing a comfortable, cozy, just plain pleasant
place to hang out, have a cup of coffee, catch up on the morning
paper, and browse the Internet.
But behind each coffee shop’s richly coffee-scented atmosphere
is a sophisticated computer network protected by security solutions
from Black Box. Let’s look at how network security works in one
of this chain’s coffee shops:
The wall at the edge of the network
Because the coffee shop’s network is connected to the Internet,
it has the Black Box FireTunnel 30, a capable stateful-inspection
firewall to keep hackers and malware out of its network. Since
FireTunnel 30 also offers VPN capabilities, the coffee shop
is ensured a secure connection for “calls home” across the
Internet to send sensitive company data to the main office.
Control of who gets what
The coffee shop installed Optinet to manage network bandwidth,
ensuring that business operations always get network priority
over customer Internet access. Optinet provides the ability to
“throttle” customers downloading massive files, keeping them
from hogging the Internet connection. As an added bonus,
Optinet prevents customers from accessing porn.
www.blackbox.eu
A network that must allow public access while also
keeping private information secure presents special
security problems.
Public stays separate from private
Because the coffee shop’s network supports both public
Wi-Fi® Internet access and private financial transactions, the
Veri-NAC network access appliance lets customers’ computers
access only the wireless network and the Internet, while locking
down the wired network the coffee shop uses for business
and credit-card transactions. Only authorized users and
authorized devices connect to the wired side.
9
Secure Switches
When maximum security isn’t an option.
When it absolutely, positively must stay secret
Types of secure switches
Even with the best precautions, no network is totally secure if it
has any connection at all to another network. But it’s often the
case that a person with access to a highly secure network also
requires access to a less secure network, including the least
secure network of all — the Internet.
Secure switches enable a user to switch easily from one network to another while creating an impenetrable physical barrier
between the networks — this includes protection from electrical
signals “leaking” from one network to the other. The two types
of advanced secure switches are the secure KVM switch and
the manual fiber switch.
One way to keep these networks totally separated is to provide
the user with two PCs — one connected to each network — so the user has two monitors, two keyboards, and two mice,
each set accessing a separate network.
But there are more convenient ways to achieve the same level
of security and network separation — this is the realm of the
secure switch.
A secure KVM switch switches between two or more PCs, each
with its own network connection, enabling the user to access
multiple PCs through one keyboard, monitor, and mouse.
Because this method preserves separation not just between
networks, but also between PCs on the networks, it’s impossible
for a user to deliberately or accidentally transfer data from the
private network to the public network.
The manual fiber switch uses internal mirrors to enable one PC
to switch between two or more network connections. Air-gap
isolation provides a physical break in the circuit connection.
Uses of secure switches
Secure switches are ideal for government, healthcare, financial,
or other applications where a private, data-sensitive network
intersects with a publicly accessible network. With a secure
switch, what’s on one network can never cross onto the other.
Secure switches enable connections to two or more
isolated networks without allowing electronic “leaks”
between the networks.
10
www.blackbox.eu
Secure Switches
Choose secure switches to create the ultimate network privacy zone.
ServSwitch™ Secure
Fiber Optic Switches
• Provides control and separation of up to four computers
or servers connected to both secure and unsecure
networks through just one keyboard, monitor,
and mouse.
• No optical-to-electrical conversion between fiber
connections. Instead, these switches use technology
that‘s trusted and time tested!
• Nonupgradable ROM for security.
• Channel-to-channel crosstalk isolation protects against
signal snooping.
• Available for DVI or VGA and PS/2 or USB PCs.
®
• Coming soon: EAL4+ certified models.
*The Black Box ServSwitch Secure is TEMPEST approved.
TEMPEST pertains to technical security countermeasures,
standards, and instrumentation that prevent or minimize the
exploitation of vulnerable data communications equipment
by technical surveillance or eavesdropping.
Any device with a microchip generates an electromagnetic field,
often called a “compromising emanation” by security experts.
The ServSwitch Secure prevents electronic signals from one PC
from “leaking” into the other.
• For reliable switching in mission-critical environments,
the micro-mirrors are bonded to precise positioning
servos.
• Serial remote control and other custom configurations
are also available.
Black Box Fiber Optic Switches are ideal for government,
healthcare, financial, or other applications where a private,
data-sensitive network connects to a publicly accessible network.
These proven optical switches perform as promised year after
year. They are extremely reliable because they use micro-mirrors
instead of electronics to route data signals from one fiber optic
port to the next. And unlike conventional electronic switches,
there are no complex and vulnerable electronic circuits
to monitor and protect from intrusion, component failure,
or interference.
Manual Fiber Switch
Secure KVM Switch
Secure Network
Secure Network
Fiber Optic Cable
Non-Secure Network
Workstation
Non-Secure Network
Secure
Network Switch
USB/DVI
Cable
USB/DVI
Cable
Public Access
Network Switch
PC with
Fiber Optic NIC
TCP/IP
Secure Network
(SIPRNet)
www.blackbox.eu
TCP/IP Non-Secure
Network
(NIPRNet)
11
Physical Security
Deploy an integrated, outside-the-box approach
to your physical security strategy.
The goal of physical security
To protect your network, your premises, and your personnel, the
first layer of security is always physical security. Where once this
meant heavy locks and security guards, today’s physical security
is more high tech and more secure. It also encompasses a much
bigger umbrella of strategies and solutions.
Dome
Cameras
Encrypted Access
Verification
A comprehensive strategy includes many or all of the following:
•Access control
Remote Office
•Environmental monitoring
•Video surveillance via long-distance wireless •Emergency messaging
The physical access problem
Access
Control
Unrestricted physical access to a computer or a network
is your number one security threat. If a hacker has physical
access to your network, stealing information is easy.
There is virtually no end to ways people with malicious intent
can damage your equipment or steal data if they have simple
physical access.
LAN
User PC with
Browser
Networked is best
Physical security works best across your network because
it provides a central way to manage and control all the
necessary components.
Often there are worries about what happens if the network
goes down. In this case, many systems will continue to do
their job and reconnect with the network when it comes back.
Even in the case of a power outage, integral battery backup
or a separate UPS keeps your security up and running.
But remember that network-based physical security comes
with its own vulnerabilities, so don’t neglect network security.
Access control
Environmental monitoring
Biometric access control provides smart, secure access — no
more “borrowed” access cards or lost keys. The system “reads”
fingerprints, but doesn’t store actual images, so privacy is never
an issue.
Guards your buildings and IT equipment against physical threats
by providing complete environmental monitoring over your
network. Detects and reports temperature, humidity, airflow,
motion, door openings, and more. You can even integrate
security cameras into the system.
12
www.blackbox.eu
Physical Security
Wireless Ethernet Extender
with Directional Antenna
PT Dome
Camera
Communication
to Door Lock
Digital Signage
Publisher
Biometric
Controller
Temperature
Sensor
Environmental
Monitoring Hub
Remote Office
Water Sensor
Dry-Contact Sensor
Emergency
Message
Water Sensor
La s e r L i n k
Secure wireless transmissions
Secure wireless links from LAN-to-LAN or
for video surveillance
Laser based Free Space Optics (FSO) transmission operate within a
narrow beam, that can hardly be attacked by hackers. Use this
technology for secure LAN-LAN links when a cable way is no
option or to attacg remote securtiy cameras.
www.blackbox.eu
Emergency messaging
Eye-catching digital signage doubles as an emergency-notification
system that can complement existing notification systems
or function by itself to alert employees or students of chemical
spills, fires, or other emergencies. You can even activate the
system with a smartphone.
13
Biometric Access Control
The first step to security is the lock.
The best choice in locks is biometric.
Door locks
Biometric access systems
The first thing you should do to secure your network is to put
equipment behind a securely locked door. Server rooms, data
centers, and wiring closets should be securely locked as a matter
of course. Equipment located in office areas should be kept
in a locked cabinet. And, if practical, access to the entire building
should be controlled.
Electronic access systems using cards, tokens, or biometrics are
the most popular door-lock systems for securing IT areas. An
electronic access system tracks each user individually and creates
a log showing who gained or requested access to the room.
Additionally, these systems enable you to customize access, so
that each person can enter different areas within your facility.
Door locks fall mainly into two categories — the old-fashioned
mechanical lock and electronic locks.
The most secure kind of door lock, by far, is the biometric
access system. Biometrics is a technology that measures
physiological characteristics, such as fingerprints, irises, voices,
faces, and hands for authentication purposes.
Even though mechanical locks are simple, straightforward
to use, and often difficult to pick, they usually aren’t the first
choice for door locks in equipment areas. Keys can be lost
or stolen, and many keys can be easily duplicated at the local
hardware store. Additionally, unlike electronic locking systems,
mechanical locks and keys don’t generate audit trails, so you
don’t know who had access to your equipment and when they
were there.
Biometric authentication is becoming a popular way to ID
people for security purposes because it has the advantage
of being both more secure and more convenient than traditional
card readers—no one forgets their finger at home.
Biometric devices consist of:
• A reader or scanning device
Biometric
Access Control
Applications:
Command Centers
Comm Closets
Data Centers
Main Building Entrances
Network Operations Centers
Remote Buildings
Research Labs
Security Areas
Server Rooms
Wiring Closets
14
• Software to convert the scanned data into digital form
and compare it to a database
• A database that stores data for comparison
Biometric data is encrypted after it’s gathered. When a finger
is scanned, the software identifies specific data points and
converts them to a numerical value using a set algorithm.
Then the software compares this value with a number stored
in the database to approve or deny access. Because the database
stores a numerical value rather than an actual fingerprint,
a biometric system does not create privacy issues.
www.blackbox.eu
Biometric Access Control
The complete, secure,
biometric door-access system.
• Two-part architecture provides superior security.
• Eliminates the need for keys and access cards.
• Enhanced biometric security with dual-factor authentication.
• Full audit trail provides detailed entry logs.
• Simplifies access by using logical groups for users and doors.
• Anti-spoof and anti-tamper circuitry.
• Integrates with fire alarm and environmental monitoring systems.
• Battery backup ensures access during power failures.
Total security
Fully manageable
Biometric access control provides one of the best security
options available. The unique two-part architecture of Intelli-Pass
makes it even more secure than many other biometric access
methods on the market.
Intelli-Pass keeps a full audit trail to track who’s coming and going
and when. Plus, the time-banding feature enables you to control
access by time. You can even group users and doors together to
make management simple.
It’s all about the print
Enrolling users couldn’t be easier — just scan the user’s finger.
Never worry about privacy, because the system doesn’t store
fingerprint images and can’t be used to create an image
of the original print.
SC Magazine Product Rating
Features
Ease of Use
Performance
Documentation
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
The Intelli-Pass actually looks for “life” in the finger and rejects
pictures or silicon imprints of a finger. It also has a duress
feature, which allows people forced to enter a room against
their will to activate an alarm.
Support
Unlike some systems, the Intelli-Pass reader and
controller units are separate. Connection to the
door strike is via the controller unit, which resides
in the secured area, protected from hackers.
Against: None that we found.
Intelli-Pass™ Reader
www.blackbox.eu
Intelli-Pass™ Controller
Value for Money
Overall Rating
For: Split-architecture design to provide solid security in access
control and security.
Verdict: Excellent product with a solid security architecture.
It gets our Recommended rating.
Non-Secure Architecture
(competitor's unit) combines reader
and controller in one unit
15
Environmental Monitoring
Guard your mission-critical IT equipment against physical threats — from temperature extremes to water damage.
Beyond virus protection
What is an environmental system?
It has become almost automatic to protect your data center by
backing up your servers, installing firewalls and virus protection,
and keeping the firewall and virus protection up-to-date.
An environmental monitoring system enables you to actively
monitor the conditions in your rack, server room, data center,
or anywhere else you need to protect critical assets. Conditions
monitored include extreme temperatures, humidity, power
spikes and surges, water leaks, smoke, and chemical materials.
With proper environmental monitoring, you’re alerted to any
conditions that could have an adverse effect on your missioncritical equipment. Environmental monitoring products can
also alert you to potential damage from human error, hacking,
or prying fingers. Many systems can be combined with video
monitoring so you can keep an eye on your equipment as well
as monitor conditions.
But what about more tangible threats? Do you have hot
spots in your racks? If the cooling system shuts down, how
will you know when temperatures climb out of control? Are
you alerted to humidity changes or water leaks that threaten
your equipment?
Planning for the unexpected is a critical task because there are
more systems performing mission-critical functions than ever
before. These systems are often deployed without the proper
environmental infrastructure to support them. Equipment density
is increasing constantly, which is creating more stress on ventilation
and power.
Environmental monitoring detects:
• Hot spots in racks
• Cooling system failures in data centers
• Water leaks
• Changes in humidity
• Open doors to rooms or server cabinets
• Smoke
• Power surges
• Fan failure
• Unauthorized personnel in restricted areas
The top three IT risks:
• And more!
1. Environmental disruption.
The number one cause of downtime for remote locations,
environmental problems go beyond fires and floods and affect
as much as 30% of a company’s mission-critical infrastructure.
Cooling and power are key points of exposure and increase
as equipment density does.
2. Unnecessary risk.
When systems are housed in less-than-optimal settings,
or are in remote and unsupervised locations, even a minor error
can cause downtime.
3. Sabotage.
Terrorism is now something each of us must plan for. Your systems can also be brought down from within if the proper security safeguards are not in place.
16
www.blackbox.eu
Environmental Monitoring
Real-time monitoring to protect your sensitive IT equipment.
AlertWerks environmental monitoring
• Intelligent hubs and sensors form a complete environmental monitoring system.
• Operates across any IP network.
• The clear, easy-to-use graphical interface is accessible through your Web browser.
• Notifies you of alarms in a variety of ways, including e-mail, SNMP, and text messages.
• Optional video monitoring.
The AlertWerks™ Environmental Monitoring System guards
against physical threats such as water, humidity, heat, and fire.
It operates across any IP network—including the Internet. The
new ServSensor V4E even provides real-time video monitoring
and alerting in addition to environmental monitoring. AlertWerks
Environmental Monitoring consists of three main elements:
ServSensor Hubs, Intelligent Sensors, and network connectivity
and integration. The ServSensor Hubs have ports for connecting
Intelligent Sensors. The AlertWerks System includes remote
configuration and graphing software.
Data collecting and graphing
Airflow Sensor
ServSensor Hub
Switch
Dome
Camera
Router
Internet
Intelligent
Sensors
Workstation
Workstation
with E-mail
LAN
ServSensor Hub
Security Sensor/Contact
SMS
(Short Message Service)
Temperature Sensors
www.blackbox.eu
17
Emergency Messaging
When an emergency happens,
how do you get the word out?
Digital signage: everyday communications
plus emergency notifications
Digital signage is the ideal solution for:
Set up a high-visibility, real-time communications system for
distributing critical information to everyone on your premises.
Digital signage can also be used for emergency notification,
enabling you to issue instructions and evacuation orders instantly.
• Government offices.
Today’s digital signage systems are smarter than ever, enabling
you to instantly update your message through your PC or
even your smartphone.
• Hotels and restaurants.
Eye-catching digital signage informs, educates,
notifies, or alerts.
Digital signage systems are often used for streaming
real-time information such as weather forecasts, news,
and announcements.
• Corporate campuses.
• Schools and universities.
• Healthcare.
• Retail and entertainment.
Instantly upload an emergency
notification to your digital signage
system through your smartphone.
18
www.blackbox.eu
Emergency Messaging
iCOMPEL digital signage delivers the right message
at the right time—including emergency alerts.
The all-in-one communications solution
• The iCOMPEL™ system is an easy-to-use solution
that puts professional digital signage within
the range of any organization.
No other medium makes it possible to deliver compelling
content at the right location at the right time for maximum
impact. It works whether your goal is to:
• Provides instant emergency notification
throughout your campus.
•Increase sales and profits.
• Includes powerful content-layout tools and ready-made
layouts for professional-looking presentations.
•Encourage certain behavior.
• Gets you up and running with minimal training.
•Inform, educate.
•Satisfy customers or employees.
•Improve business processes.
• Easily managed from any browser-based connection.
•Or all of the above.
• Provides everything you need upfront, so you’re
not nickel-and-dimed year after year with ongoing
licensing or SaaS fees.
• Integrates seamlessly into your network.
A typical multisite digital-signage application
Publisher
Local
Customization
Subscriber
Splitter
LAN
Internet
Remote
Location 2
Splitter
Central Control
FTP Server
Remote
Location 1
LAN
Subscriber
www.blackbox.eu
19
Award-Winning Security Solutions
*
*
SC Magazine Product Rating
Features
Ease of Use
Performance
Documentation
Support
Value for Money
Overall Rating
SC Magazine Product Rating
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
Features
Ease of Use
Performance
Documentation
Support
Value for Money
Overall Rating
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
HHHHH
About Black Box
Black Box (NASDAQ: BBOX) is the world’s largest technical services company dedicated to designing, building, and maintaining today’s
complicated data and voice infrastructure systems. Black Box services more than 175,000 clients in 141 countries with 194 offices
throughout the world. To learn more, visit the Black Box Web site at www.blackbox.eu.
Black Box offers a complete range of networking, infrastructure, and security products, including cabinets, racks, cables, KVM, power,
and many other video, audio, and data solutions.
© Copyright 2010. All rights reserved. Black Box Corporation. Black Box® and the Double Diamond logo are registered trademarks, and Veri-NAC™, Optinet™, FireTunnel™,
Intelli-Pass™, AlertWerks™, LongSpan™, and iCOMPEL™ are trademarks, of BB Technologies, Inc. CVE®† is a registered trademark of the Mitre Corporation. Any third-party
trademarks appearing in this brochure are acknowledged to be the property of their respective owners.
†The CVE® Program is funded by the U.S. Department of Homeland Security.
www.blackbox.eu
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement