Post on 04-Jun-2018
Session IV: Asia-PacificSeptember 2008Nortel Networks Confidential
2
Securing the Hyperconnected Enterprise
Somnuk SoonthonpetpanSales Engineer Team Leader EnterpriseSomnuk@nortel.com
Session IV: Asia-PacificSeptember 2008Nortel Networks Confidential
Agenda
• Introduction
• Nortel Security Blueprint
• Nortel Security Architecture
• Endpoint Security
• Perimeter Security
• Secures Communications
• Core Network Security
• Security Management
4
Hyperconnectivity
• Will put staggering loads on enterprise networks
• Brings complexity/cost— diversity of services and devices and density of traffic
• Accelerates the need for True Broadband and Communication Enabled Applications
• Makes us fundamentally rethink how we build applications, services and networks
A foundational catalyst that is driving change in the communications world
Enterprises must be prepared for the disruptions and opportunities presented by this catalyst
Number of People on Network
Hyper-Connectivity: Addressing the Challenge of Density and Diversity
Number of Network
Devices / Connections
PC
Cell
Laptop
PDA
PCCellLaptopPDA SensorsIP phoneGamingSecurity cameras
PCCellLaptopPDA SensorsIP phoneGamingSecurity camerasiPOD phone
PCCell LaptopPDA SensorsIP PhoneGamingSecurity camerasiPOD phoneSmart buildingsHome networks
PC
Cell
PDA PC
Cell
The Hyperconnected Enterprise
BusinessOptimised
Networking
Nortel delivers the key steps to optimise your network for Hyperconnectivity
Building blocks to optimise the transformed enterprise
BUSINESS OPTIMISED NETWORKING
SECURE & MANAGE
your Infrastructure
Business Optimised Networking
CONVERGEand scale your core
around resilient
IP/Ethernet
EXTEND
and simplify
converged access
across the enterprise
MOBILISE
your enterprise
with ubiquitous
access to all users
ACCELERATE
and optimise your
applications
8
Unified CommunicationsSecurity Issues
• Adds new access points to the corporate network
• Adds new devices that can be attacked or used to launch attacks
• Adds new, complex protocols
• Exposes voice conversations to same threats as data networks
• Traffic is very quality sensitive
• Toll fraud and authorised access still an issue
9
The Security Environment
• Global issue
• Motives will continue
• Increased connectivity
• Growing range of threats and attacks
• Convergence
• Potential losses are multi-faceted
Source: 2007 CSI Crime and Security Survey
10
Security is Strategic if You…
• Recently experienced significant downtime
• Are concerned with business continuity
• Have a large remote and/or mobile workforce
• Want/ do not want WLAN access
• Are deploying a converged network
• Offer online business services
10
Do you trust your network?
Nortel Security Blueprint
Unified Security Framework considers all aspects of network security – the people, processes and technologies
Customer blueprint for deploying world class security architectures
• Leverages strengths of industry leading vendors and standards
• Simplifies integration and deployment
• Adapts to tomorrow’s needs and threats
• Enables customer choice
• Complete, tested and compatible security implementations
“Open” Security Philosophy
Best of Breed Strategic Partnerships
13
Nortel Security Architecture Layered Defense Model
Endpoint SecurityEnsuring the connected devices meet security requirements
Secure CommunicationsEnsuring data is protected from unauthorised discovery over the network
Perimeter SecurityKeeping the “good stuff” in and the “bad stuff” out, over all media types at any entry point
Core Network SecurityKeeping watch for malicious software or traffic anomalies, and enforcing network policy.
Layered Defense Architecture
14
Endpoint Security Solutions
Enterprises need:
• Device authentication• Security and software configuration compliance
Nortel solutions provide:• Policy based access control• Software configuration enforcement
and remediation• Management Simplicity• Higher productivity through mobility
“Who are you and are you allowed to be here?”
NORTEL LAYERED DEFENSE
Home office
L4-7 Application Switch
Switched
Firewall
Engineering
HR
Ethernet Switches
VLANs
VLANs
Wireless Security Switch
VPN Gateway/Router
Threat Protection System
Internet
Service Edge Router
Security Management
Communication Server
Remote End Point Security
Secure Communications
Secure Perimeters
Core Network Security
Internal End Point Security
Exposures and Risks
Email and Web-based mail
Instant Messaging
Internet Postings
FTP
Peer-to-Peer ( i.e. KaZaA and Limewire)
Chat rooms
Attachments
Web
hacking toolsSOURCE CODE
hacking toolsSOURCE CODE
Nortel Secure Network Access (NSNA)LAN Solution Components
Trusted
Corporate
Network
Remediation Server
Secure Network Access Switch (SNAS)
User and PC must be authenticated (Login).
Tunnel Guard applet pushed to the PC for compliance checking.
Tunnel Guard reports non-compliant PC to SNAS.
A PC tries to connect to the corporate network.
PC connects to the Red VLAN (untrusted).
After repair is complete,
Tunnel Guard reports to SNAS that the PC is now compliant.
SNAS moves PC to a
Green VLAN with appropriate access level to the corporate network.
SNAS moves the PC to the Yellow (quarantine) VLAN. PC downloads
patches for remediation.
Ethernet Routing Switch stack
Internet
• Port-based authentication controls (802.1x/EAP)
• Ethernet Routing Switch
• Secure Network Access (NSNA) – local Policy Enforcement
• VPN Tunnel Guard – remote access policy enforcement
• VPN Router and VPN Gateway
• Rogue AP detection, location
• Wireless LAN Security Switch (WLAN2300)
• User-based Policies
• Enterprise Policy Manager (EPS)
Endpoint SecurityEndpoint – Local, Wireless and Remote
Don’t talk to strangers!
18
Secure Communication Solutions
Enterprises need:• Secure remote access• Multi-client support• Configuration management
• Mobility solutions including VoIP and wireless
Nortel solutions provide:• Secure, reliable access anywhere
with IPSec and SSL• Transparent implementation• Multi-OS and platform VPN• QoS and VoIP/SIP compliance
• Wireless communication security
Eliminating the “Peeping Tom”
NORTEL LAYERED DEFENSE
Home office
L4-7 Application Switch
Switched
Firewall
Engineering
HR
Ethernet Switches
VLANs
VLANs
Wireless Security Switch
VPN Gateway/Router
Threat Protection System
Internet
Service Edge Router
Security Management
Communication Server
Remote End Point Security
Secure Communications
Secure Perimeters
Core Network Security
Internal End Point Security
Securing branch office multimediaWhat does it look like? How does it work?
Router
Web/FTP server
DMZ network
Branch Office
Secure router,
VPN and firewall
Threat Protection System
Enterprise WAN
Enterprise
Policy
Manager
IP Phone Corporate PC
CS 1000, 2100MCS 5100
SRG or
BCM
Ethernet Routing Switch 25xx,45xx55xx, 8x00
IP network
PSTN(Telco)
PSTN(Telco)
Encrypted secure tunnel
Home office
VPN Router
Secure RouterCorporate PC
VPN Router
Multi-Element
ManagerIP Phone
Secure Multimedia Controller 2450
Secure Multimedia Zone: Securing Services & Resources
Perimeter Firewall
Secure Multimedia
ZoneCallServer
IP Phones
SMC 2450SMC 2450
Multimedia Services
Media Gateways
Signaling Servers
Mgmt ContactCenter
UnifiedMessaging
EnterpriseNetwork
Threat Protection System (IDS/IPS)
Secure CommunicationsNortel VPN Appliance Portfolio
Solution Focus: Secure Routing
• Branch VPN routing / WAN protocols and I/O
• L3 networking designs/firewalls
• SOHO VPN & Employee VPN access
• SSL VPN upgrade option
Solution Focus: Secure Access
• Secure remote access (SSL/IPsec)
• Externalizing enterprise Intranets
Cross Platform Technology Sharing
Nortel VPN Gateway Family
3050
3070
Nortel VPN Router and Secure Router
VPNR
5000
VPNR
2700
VPNR
1750
• Secure partner extranets and web portals
• SSL acceleration, clustering, virtualization
SR1xxx
SR3120
SR4134
22
Secure Perimeter Solutions
Enterprises need:
• Tools to block spyware, point-to-point applications, viruses
• Application resilience• DoS protection• Wireless LAN protection
Nortel solutions provide:• Policy based access and filtering• Advanced threat protection
• Malware detection and removal• Traffic identification • Application prioritization• Rogue wireless AP mitigation
Keeping the bad guys out
NORTEL LAYERED DEFENSE
Home office
L4-7 Application Switch
Switched
Firewall
Engineering
HR
Ethernet Switches
VLANs
VLANs
Wireless Security Switch
VPN Gateway/Router
Threat Protection System
Internet
Service Edge Router
Security Management
Communication Server
Remote End Point Security
Secure Communications
Secure Perimeters
Core Network Security
Internal End Point Security
23
Core Network Security Solutions
Enterprises need:
• Centralized management• Business continuity • Application Quality of Service• Traffic management
Nortel solutions provide:• High availability• Employment policy-based access
control• Control over known trojans/worms• Application level bandwidth mgt.• Manageability
Providing data center and critical network security
NORTEL LAYERED DEFENSE
Home office
L4-7 Application Switch
Switched
Firewall
Engineering
HR
Ethernet Switches
VLANs
VLANs
Wireless Security Switch
VPN Gateway/Router
Threat Protection System
Internet
Service Edge Router
Security Management
Communication Server
Remote End Point Security
Secure Communications
Secure Perimeters
Core Network Security
Internal End Point Security
Secure Perimeters and Core Network SecurityOptimization & Acceleration
DistributionData CenterData CenterData CenterData Center
Secure
Multimedia
Controller
HQHQHQHQ
SMZSMZSMZSMZ
Policy
Server
Switched Firewall
Application Switch
Intranet,Intranet,Intranet,Intranet,
InternetInternetInternetInternet
> Business continuity
> Scalability
> Optimized application delivery
> Application security
AC
L
DO
S
IPS
/Sym
an
tec
Ap
p I
nsp
ecti
on
Po
lic
y C
on
tro
l
Limited B/W
Guaranteed B/W
Wireless AP
WLAN
Controller DMZDMZDMZDMZ
IDS/IPS IDS/IPS
FCAPSManage
Faults
Configuration
Accounting
Performance
Security
• An ITU standard model for Enterprise Network Management
>FAULTS
>The domain where network issues are discovered & corrected. Steps taken to prevent them from occurring/recurring
>By doing so, the network remains operational & downtime minimised
>CONFIGURATION
>Where daily operations are monitored and controlled. All hardware & programming changes (new, modification, removal) are coordinated
>ACCOUNTING
>Devoted to determining how to optimally distribute resources. Helps minimise cost of operations.
>Also responsible for ensuring users are billed appropriately
>PERFORMACE
>Managing the overall performance of the enterprise network
>Potential problems are identified, throughput is maximised, bottlenecks are identified
>SECURITY
>Protecting the network from unauthorised users
>Also responsible for user authentication and authorisation
Enterprise Network Management System
• Network topology and event management for the converged network
Enterprise Switch Manager
• Simplified network-wide configuration and event management for the LAN
Enterprise Policy Manager
• Manages network bandwidth, traffic prioritisation and access policies to control QoS and strengthen security across the network
Network Resource Manager
• Centralised configuration and change management services for router-based networks
QRadar Network Security Management
• Security information and event management for multi-vendor networks
HP Opsware Network Automation System (NAS)
• Secure, centralised multi-vendor change and configuration control management
netIQ Proactive Voice Quality Management (PVQM)
• Voice quality management ensuring the overall quality of IP telephony deployments for end users
Nortel MANAGE PortfolioEnterprise Unified Management
27
Why Nortel for Security?
• Nortel has the right vision and focus on Security
• Benefit from the “open”approach to security and expertise in convergence security
• Design a Layered Defense with Nortel’s award-winning portfolio
• Consider security as part of every IT project