Filter
Top Products
Chapter 4. Armando Banking Brothers Corporation 87
cluster of IBM HTTP servers and WebSphere® Application Servers providing
Internet banking and other services to external users. Similarly, the
internal
application server
block represents multiple servers providing application
support for internal users.
4.3 Corporate business vision and objectives
The Armando Banking Brothers Corporation (ABBC) has already made a
significant investment toward securing their network infrastructure. Through the
combination of forward thinking by ABBC management and technology from IBM,
ABBC has been able to provide high availability of online banking services to its
customers while minimizing the effects of nefarious network and application
attacks.
ABBC is well aware that securing the network from external threats is only part of
the story. Their mid-term vision is the monitoring, management, and enforcement
of security policy compliance of its owned workstations used to access the
corporate network, through local connections as well as via remote VPN
technology. As a first step, ABBC deployed the IBM Security Compliance
Manager solution to all of its server systems; this deployment provided
monitoring and management of security compliance postures. Next, ABBC plans
to extend the IBM Security Compliance Manager down to the workstation level,
followed by the enforcement of security compliance postures through integration
with Network Admission Control–enabled network hardware.
4.3.1 Project layout and implementation phases
In any deployment or introduction of new technology, it is important to know the
goals and to properly set the expectation. Likewise there must be a way to
measure project status. In this section, we describe the major steps that we
cover in the banking scenario.
Defining the main security goals for the implementation, we shall assume:
Business and security enhancements: As part of the implementation strategy,
we present the additional business objectives and the security compliance–
based Network Admission Control benefits that each new step adds.
Pervasive security: The design principle includes making security part of the
environment without disrupting services or user experience. As this is a major
operational shift, the introduction of Network Admission Control technology
will
not be transparent to the end user. Therefore, the security goal is to
provide high-quality security without unneccessarily inconveniencing users.