User:Eric D Sternberg

SECURITY IMPLEMENTATION PROJECTS

Security Architecture:  Primary security architect for three-tier DMZ datacenters The external tier-internet browsing uses Lancope Stealtwatch, an Anomaly-Behavior based IDS system and Bluecoat Proxies. The inner tiers are being monitored by a combination of Network Signature-based Intrusion detection sensors Mcafee hosts-based intrusion detection systems centrally managed by the McAfee ePolicy Orchestrator. The network-tier utilizes netflow collectors to monitor all traffic from routers and Layer3 switches.

Endpoint Security: Led a Proof of Concept project to evaluate Data Leakage vendors. The finalists were (Websense) Port Authority, Mcafee DLP and (Symantec) Vontu. The eventual vendor chosen was Vontu which was later purchased by Symantec. Our current implementation monitors multiple global egress points, scanning both SMTP and Web browsing traffic. Our endpoint solution covers 40,000 desktop and laptop systems. We also utilize Symantec for our compliance and are in the process of integrating Vontu with the CCS compliance suite.

Compliance and Vulnerability Management Involved in ADP’s recent ISO 270001 certification. Implemented a corporate-wide governance compliance infrastructure utilizing Symantec ESM-CCS This involved designing security controls and hardening guidelines for: Web applications IIS, and Apache, Windows operating systems and applications, DNS systems, Red Hat Linux, Suse Linux, AIX, Solaris and Oracle. Scheduled compliance audits, to coincide with our Qualys security scans and Patch Management installations.

Incidence Response and Log Management: Developed a proactive remediation strategy which enabled us to avert a variety of recent attacks including DNS Cache Poisoning attacks. Some of our primary sources of information are Deepsite and RSA  Deepsite is a portal based system which allows us to create custom alerts through xml feeds tailored to our particular systems and applications. Lead security analyst on all of recent Microsoft out-of band patch releases.

Malware Analysis Management: Coordinated Monthly Patch Management meeting to coincide with the Microsoft “Patch Tuesday” releases. Prior to meeting, was responsible for analyzing, documenting all listed vulnerabilities and providing assistance to Server and Desktop groups regarding the severity of specific vulnerabilities and recommended actions. Involved in ADP’s ISO 270001 certification. Implemented a corporate-wide governance compliance infrastructure utilizing Symantec ESM-CCS This involved designing security controls and hardening guidelines for: Web applications IIS, and Apache, Windows operating systems and applications, DNS systems, Red Hat Linux, Suse Linux, AIX, Solaris and Oracle. Scheduled compliance audits, to coincide with our Qualys security scans and Patch Management installations.