Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Security Group Project-Smart Pay

    Încărcat de

    Yuvraj
    20 vizualizări34 pagini
    This document provides an overview of the security measures and policies in place at SmartPay. It discusses the company's mission to provide superior customer service and implement cutting-edge security technology. It then describes SmartPay's organizational structure and technical support teams. Sensitive customer and financial information is encrypted and stored on secure servers. The network security implements firewalls, intrusion detection systems, and VPN encryption. Access control manages authentication and restrictions. Physical security protects the building and equipment. Risk management identifies threats and policies to address security risks. The document estimates the costs of hardware, software, and infrastructure needed to support SmartPay's security systems.

    Descriere originală:

    Secured Smart Payment Gateway Implementation

    Titlu original

    Final Presentation

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    This document provides an overview of the security measures and policies in place at SmartPay. It discusses the company's mission to provide superior customer service and implement cutting-edge security technology. It then describes SmartPay's organizational structure and technical support teams. Sensitive customer and financial information is encrypted and stored on secure servers. The network security implements firewalls, intrusion detection systems, and VPN encryption. Access control manages authentication and restrictions. Physical security protects the building and equipment. Risk management identifies threats and policies to address security risks. The document estimates the costs of hardware, software, and infrastructure needed to support SmartPay's security systems.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    20 vizualizări34 pagini

    Security Group Project-Smart Pay

    Încărcat de

    Yuvraj
    This document provides an overview of the security measures and policies in place at SmartPay. It discusses the company's mission to provide superior customer service and implement cutting-edge security technology. It then describes SmartPay's organizational structure and technical support teams. Sensitive customer and financial information is encrypted and stored on secure servers. The network security implements firewalls, intrusion detection systems, and VPN encryption. Access control manages authentication and restrictions. Physical security protects the building and equipment. Risk management identifies threats and policies to address security risks. The document estimates the costs of hardware, software, and infrastructure needed to support SmartPay's security systems.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 34

    Security Group

    Project- Smart Pay

    SmartPay
    Introduction in Brief
    What we do?
    How we do?
    Our targeted segment of users

    Company Information
    History
    Initiation
    Startup

    Mission
    - Best recognized solution
    - Strong ties with developers & shopping carts
    - Implement cutting edge technology
    - Superior customer service
    - Shop with confidence

    Size
    Employee
    IT(30)
    Software Developers
    R&D
    Dev Environment
    Accounts & Finance(15)

    Tech Support(25)
    Registration
    Purchases
    Delivery
    Disputes
    Marketing & Sales(20)
    HR(10)

    Customers
    500 customers
    Corporate, Private, professionals
    Traffic of 900 transactions per month
    Corporate Special Plans

    Sensitive Information
    Customer
    Financial and personal information
    SSL layers
    Encryption
    SmartPay Servers

    Sensitive Information
    Trade Secrets
    Email authentication
    Identity Thefts
    Security Tools
    Disputes

    Computer & Info. Security


    -Yuvraj

    Network Security
    Why do we need security?

    - Vital info. & resources protection


    Common security attacks and countermeasures
    Firewalls penetration(Application proxy server)
    TCP Attacks
    ( IP security using better authentication)
    Packet Sniffing( Encryption and VPN usage)
    Intrusion Detection Systems (Snort IDS)
    Open source IDS No cost

    Internal/External Attacks

    Internet

    DMZ
    Web server,
    SMTP server,
    File server, etc
    Firewall

    Firewall

    Intranet

    Network Structure

    Web Security:
    Website: www.smartpay.com
    Usage of https(HTTP over SSL)
    Combination of HTTP+TCL
    Encrypted communication
    Secured identification of network web server
    Public key certification by server Admin

    Web gateway application


    Web malware protection at low cost
    In-depth and centralized reporting
    Data monitoring
    Prevention of potential infection(Cross-site
    scripting) & data loss
    Identify and block dynamic threats

    Application Control:
    POS check control by McAfee

    Real time tracking of application processes


    Monitoring of active directories, servers,
    DBs & N/W configurations
    Works on
    a. Change search
    b. Ticket reconciliation

    c. System reporting
    d. Notification thr email & dashboard
    e. Enforcements & policy (Access lock out)

    Pos Check Supported by PCIDSS


    File integration supported OS: Windows,
    Linux, Unix & AS 400

    Access Control:
    Process of enforcement access
    Configuration of access list over
    Workstations, laptops & servers
    Identification of group and user
    Usage of EX Series Ethernet Switches
    Packet passing control (Egression & Ingression)
    Telecom closet (Data wire tapping)
    Guest identification (Account restriction)
    Authentication & endpoint assessment(disabling
    account)
    Security over risk mitigation

    Unified Access control network Flow

    Risk Management Plan

    - By Divya Mohan

    Risk
    Identify potential threat

    Likelihood of occurrence

    Bring down the organization

    Action To Address

    Types Of Security Risks


    Merchant Interface
    Financial Institution Interface
    Consumer Interface
    Operations Management & Planning interface
    IT security risks
    Downloads from Web Sites
    Diversionary Tactics
    Renaming Documents
    Security Based Policy Risks

    Security Based Policy Risks

    Account Freezing

    Consumer account security disputes


    Scam Insulation
    No refund
    Facilitators
    3 minute approval
    Safe
    Internal regulations
    No money market investment funds
    Business to consumer

    Contd.
    Composite Trust Index
    Multidimensional trust index
    Hierarchical Permission Tree
    Auditing
    Separation of duties
    Least privilege
    PCI Complaint
    - Build and Maintain a Secure Network
    - Protect Cardholder Data
    - Maintain a Vulnerability Management Program
    - Implement Strong Access Control Measures

    Physical Security

    - By Vijay

    Physical Security
    - Protection of building sites, equipments, information and
    software
    - From theft, natural disaster & accidental damage

    Building
    - Physically Sound Constructive
    - Continuous floor-to-ceiling walls
    - Delivery & Loading areas segregated from operations
    - Video Monitoring Equipments
    - Solid building construction, emergency preparation

    Outer Perimeter Security


    Inner Perimeter Security
    Interior Security
    Event of Fire
    - Extinguish fire
    - Fire too large
    - Call Local Fire Department
    - Inform Facilities manager, Local Police
    - Evacuate
    Natural calamities

    HR Policies
    - Policies and Procedures

    Training and education


    - Staff management
    - Infrastructure Services (IS) Global Delivery Network unit
    - Centralized Technical Support Desk (CTSD)
    - Incident and service request
    - Enterprise ID and Domain ID & passwords
    - Timesheet
    - Security policy information

    Accreditation and Acceptance forms

    A Plan for Disposal


    &
    Estimation of Cost for the Security System

    - By Sriteja Vunnam

    Plan for Disposal


    Information Disposal:
    - Data Encryption
    - Obsolete Data
    - Data Decentralization
    Hardware Disposal
    - System Outdating
    - Hardware Destruction

    Data Erasing
    Putting Your Data to Rest
    Disposing Data Storage Devices
    Data Erasing Software
    Data Erasing Hardware & Services
    Erasure Verification Services

    Estimation of Cost for the Security System


    Hardware & Software Costs

    Descriptoin

    Product

    IP Phones

    Nortel 6812

    VOIP PBX
    Backup Tape Drive

    Quantity

    Unit Costs

    Total Costs

    100

    176.99

    $17,699.00

    Nortel Communication Server 10000

    40,000.00

    $40,000.00

    Dell PowerVault TL2000

    7,699.00

    $7,699.00

    Backup Tapes

    LTO3 20 pack

    719.99

    $1,439.98

    Backup Software

    CommVault Galaxy

    20,000.00

    $20,000.00

    Laptop Broadband Cards (Sales people)

    Verizon PC5750/ 1 year at $50 a month each

    15

    600.00

    $9,000.00

    CAT6 Cabeling

    NetGuru Cable Contracting, 500 2 Cable Pulls

    50

    50.00

    $2,500.00

    Fiber Cable Run

    NetGuru Cable Contracting

    75.00

    $75.00

    Workstations

    Dell Optiplex 755 Workstations(w/ monitor, MS Office 07 Std.)

    100

    1,383.00

    $138,300.00

    Laptops

    Dell Precision M4400 Laptops (w/ MS Office 07 Std., Finger Print Scanner)

    15

    1,652.00

    $24,780.00

    Servers

    PowerEdge 900 Rack Mountable Servers

    6 11,916.00

    $71,496.00

    Switches

    Juniper EX 405 Switch

    3 3,514.99

    $10,544.97

    Wireless Access Point

    Cisco Aironet 1231G Wireless Access Point

    614.99

    $1,844.97

    Firewall

    Cisco PIX 515E Firewall

    2,449.99

    $2,449.99

    Email Sever Software

    Microsoft Exchange

    4,000.00

    $4,000.00

    Email User Licenses

    Microsoft Exchange, 5 License Packs

    100

    500.00

    $50,000.00

    AntiVirus

    Symantec Anti-Virus Corporate 250 User

    15,900.00

    $15,900.00

    POS Check

    Application control SW

    18,000.00

    $18,000.00

    B/W Printer

    HP LaserJet P3005dn

    10

    898.99

    $8,989.90

    Color Printer

    HP Color LaserJet 4700n

    1,348.99

    $5,395.96

    Server Software

    Microsoft 2003 Server Enterprise RC2 w/ 25 CALs

    3,999.00

    $3,999.00

    Server Client Access License

    Microsoft 2003, CAL 20-Pack

    15

    799.00

    $11,985.00

    ERP

    ERP Global Enterprise Resource Planning 100 User

    50

    4,000.00

    $200,000.00

    DS-3 lines

    Verizon DS-3/1 year at $4000 a month

    48,000.00

    $48,000.00
    $714,098.77

    Future Enhancements
    Forum
    Blog
    UK expansion

    Thank You

    S-ar putea să vă placă și