Victor BerenshteynSystems / Network Engineer

MCSE: Security 2003

Kaspersky Specialist

http://nz.linkedin.com/in/vberenshteyn

Overview

The presentation highlights accomplished projects and results achieved in the role of Systems / Network Engineer and IT Team leader at GosNIIAS, Avionics Department.

Company profile 150 employees Software development and testing for Aviation Industry Contractor of Rockwell Collins, USA; Smiths Industries,

USA; Thales, UK.

Server rooms – 1/3 Situation

outdated comms room without proper physical infrastructure, power and air-conditioning

no racks, equipment on tables per-server low-capacity UPS-es cabling mess company’s plans for

○ multi-floor extension○ double hiring○ update and increase the number of servers

Task design and implement a project of a central server room and per-

floor comms rooms

Server rooms – 2/3 Action

selected a vendor for physical infrastructure solutions, APC learnt technologies, product lines, equipment features : vendor’s

seminars, online study communicated with vendor’s consultants: defined solutions,

created specifications, negotiated costs designed, presented and discussed with the company’s

management 3 possible solutions with different ratio of cost, reliability and scalability

communicated with and supervised the builders, electricians and air-conditioning engineers

managed procurement of the equipment designed and planned installation, goal: minimise downtime trained IT team performed installation

Server rooms – 3/3 Result - well-organised, completely redundant, fully

monitored and remotely managed secure server rooms with total space decrease by 25%server racks, IP KVM, colour-coded SCS2 independent power lines terminating at two 5kVA UPS-

es to provide redundant power supply; RPS for 1-PSU units

air conditioning with redundancyenvironment monitoring and pro-active alerting (power,

temperature, humidity)managed shutdown in the case of emergency, no data lossdocumentation and change management

Virtualisation – 1/2

Situationincreased demand for new servicesrequirements for

○ service isolation○ service availability

no budget

Taskimplement server virtualisation without additional

expenses

Virtualisation – 2/2 Action (time: 2007)

selected free solution, Microsoft Virtual Server 2005 R2 extensively learnt (online, vendor’s conferences) created an essential documentation designed and implemented with security emphasis

Result 40% of servers are virtual server availability service continuity effective use of hardware, rack space, and AC power

Follow-up piloted Hyper-V 2.0 implementation and migration

Volume licensing Continuous action

learning volume licensing from various vendorsplanningprocurement license managementusage monitoringSAM (Software Asset Management)

Resultdecreased expenses for software (approx. 20%) flexible license distributioncontrolled software installations

Unified desktop environment – 1/2 Situation

high PC rotation rateconstantly increasing number of employeesrepeatedly deploying a limited set of softwarerequests to re-install a PC after testing a new

software or new development release

Taskcreate an efficient, fast and simple procedure to

deploy or restore a PC

Unified desktop environment – 2/2 Action

standardised desktop software configurationscreated a procedure to rollout unified desktop

environmentcreated associated documentation and

conducted training for IT staff

Resultdeployment or complete restore of a fully

customized PC takes 15-25 minutes

Enterprise Security – 1/2 Task

implement network anti-malware solution with centralised management and pro-active alerting

Actiondesigned and deployed corporate anti-malware solution –

Kaspersky Enterprise Space Securitymaintained and supported the solutiontrained IT staff, delegated activities and supervised

Resultwith 150 workstations, only 4 local incidents within 8 years

Enterprise Security – 2/2 Task

implement a continuous security monitoring Action

learnt threat detection tools, selected MaxPatrol by Positive Technologies

created and documented a procedure of periodic security scanning

implemented security monitoring from both outside and all segments inside of the network

Resultno single penetration within yearsno single service compromised

Network re-design – 1/3 Situation

unmanaged, undocumented reactive growth of the network

running-out of physical capacitybandwidth bottleneckslack of security

Taskre-design the network in terms of scalability,

manageability, performance and security, using existing equipment and purchasing new as necessary

Network re-design – 2/3 Action

network re-design smooth implementation, no downtime introducing VLANs configuring link aggregation raising security level and implementing RBAC introducing 1Gb-to-workplace with the new equipment (Dell),

while preserving old 100Mb equipment (3Com, Cisco) for lower-demands users

configuring monitoring and alerting (SNMP, email, Dell OpenManage)

establishing network documentation and change control training IT staff

Network re-design – 3/3 Result

predictive readiness for network growth in size and complexity

keeping the growth controlled and smoothchange managementVLANs

○ increased security and performance for management segment of the network

○ simple physical port reassignment at the access level link aggregation provided the network with performance,

redundancy and stabilitykeeping awareness of the network statedelegation monitoring and basic control activities to IT staff

Cisco ASA 5520 – 1/2

Situationoutdated all-in-one network edge solution for

firewall, proxy- and email- server

Taskimplement dedicated firewall solution with IPS

and VPN capabilitiesmove proxy- and email- services into DMZ

Cisco ASA 5520 – 2/2

Actionselected Cisco ASA, extensively learnt the

solutionre-designed network edgeextensively tested, piloted, launched,

conducted post-production testing

Resultstrengthened network securityflexible network design

Microsoft SQL Server 2005 – 1/2 Situation

multiple database engines with default configuration spread across the network

after project completion, production databases remained on developers’ PCs

no backup

Taskimplement secure deployment of centralised

database server

Microsoft SQL Server 2005 – 2/2 Action

configured hardware for optimum performancedeployed MS SQL Server 2005 with security

emphasismigrated production databases to the new serverestablished backup procedure

Resultdedicated server with highly secured environmentfast and reliable data accessseparated test and production environments;precise and controlled permissions for data accesssupported business continuity with current backups

Microsoft infrastructure upgrade Situation

Windows NT domain connected with VAX mainframe

Windows 2000 forest

Actionupgraded the infrastructure to Windows Server

2003 level and configure forest trustspreserved mainframe connectionincluded complete testing in a virtual environment

Hardware monitoring

Actiondeployed Dell OpenManage and HP SIM

Resultkeeping business continuity by pro-active health

monitoring and awareness of the entire network’s state and every single system in it

Backup Action

designed and implemented backup solutions (Acronis True Image)

Resultquick and flexible backupease, precise and minutes-long restoressafety of configuration changes

Follow-updeveloped dedicated backup plans for Active

Directory and SQL Server services

Remote access Situation

requirements for network access from home involving partner companies in joint work

Task implement remote access solution

Action deployed RAS on Windows Server 2003 VPN: PPTP, MSCHAPv2, very strong passwords with short life

term IP port filtering VPN users buffer subnetwork

Result simple yet secure VPN for remote access

Code/change managementDeployed with advanced security: Microsoft Visual SourceSafe Subversion (SVN, incl. Apache) Telelogic (IBM Rational) software

SynergyChangeDOORS

Microsoft SharePoint Services Situation

SVN usage for storing not only code but also documentation projects' and other documentation spread across multiple

shares on the network requirements for convenient collaboration system

Action learnt Microsoft SharePoint Services technology presented the technology to the management deployed Microsoft SharePoint Services and sample portals for

documentation management and Help Desk ticketing Result

Efficient web-portal environment at no cost

File and Print Servers

Actiondeployed File and Print Servers with WinSrv2003

R2-extended management features

Resulteffective, flexibly-quoted use of disk spacepro-active monitoringdecrease of administrative overhead

Inventory

Situationscattered and incomplete inventory information

on both hardware and software

Actiondeployed hardware and software inventory

system (Total Network Inventory by SoftInventive)

Resultstructured comprehensive up-to-date inventory

Summary – 1/2 Accomplished projects developed company’s network into a

well-established up-to-date, efficient, flexible, stable and secure IT infrastructure

The value created for the company was defined by saved budgets for the equipment by using existing one with

virtualisation technologies decreasing expenses for software by SAM saved space for server rooms fast deployment and recovery efficient threat management analysing and improving IT processes within the organisation by

introducing new technologies keeping business continuity training IT staff

Summary – 2/2 The achievements were backed up by

sound Systems and Network knowledge concentrating on business value and service delivery strong ability to plan and implement IT-projects within

scope, budget and schedule great communication skills at all levels strong multitasking, time-management and organisational

skills dedication for learning with passion for IT