Network Security - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Network Security

Description:

LDAP Directory Server. Moves user's MAC from default VLAN to authorized VLAN(s) ... hospitals. 15. Alcatel XOS-based Security. Feature Overview. software-based ... – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 22
Provided by: lawrenc97
Category:
Tags: network | security

less

Transcript and Presenter's Notes

Title: Network Security


1
Network SecurityIssues, Processes and
Technologies
lawrence.chong_at_alcatel.com
Alcatel e-Business Networking Division
2
Agenda
  • Network Security
  • Threats
  • Need for Security
  • Security Processes
  • Security Policies
  • Network Security Technologies
  • Alcatels Strategy

3
Information Security is Key
  • Historically, information was controllable
    through good state-of-the-art-alarm systems and
    physical security
  • banks
  • RD facilities
  • government complexes
  • airports
  • power grids
  • Today, traditional businesses and services are
    controlled electronically
  • information security has not kept up with the
    times
  • traditional secure environments are now wide open

4
Network Security Threats
  • Identity interception
  • discovery of a valid user ID password
  • stolen files
  • Masquerade
  • one user pretending to be another
  • address spoofing
  • Replay attack
  • login monitoring and playback
  • protocol analyzers
  • Data interception
  • intermediate capture of data
  • wiretaps and monitoring devices

5
Threats (cont.)
  • Manipulation
  • unauthorized data change
  • virus
  • Integrity
  • doubts as to data origin
  • Macro viruses
  • application-specific viruses (Word Excel)
  • Denial of service attacks
  • data flooding of servers consuming CPUs
  • Malicious mobile code
  • auto-executables via ActiveX or Java

6
Growing Needs for Security
  • Privacy
  • personal
  • governmental
  • Multilevel security
  • classifications / need to know
  • Anonymity
  • commercial
  • medical
  • Authentication
  • proof of identity / accuracy
  • Integrity
  • validity of data
  • datums relationship to itself over time
  • has the data been modified since creation
  • Audit
  • records / logs
  • aids forensics
  • Electronic currency
  • credit / debit cards
  • letters of credit
  • digital cash

7
Security is a process, not a product - Bruce
Schneier
8
Network Security ProcessClosed Loop Corrective
Action
  • Evaluate
  • Policies / Processes
  • Design
  • Vulnerabilities
  • Implement
  • Patches
  • New policies designs
  • Authentication
  • Firewalls VPNs
  • Content security
  • Intrusion detection

Incident Response Team
  • Improve
  • Training / Awareness
  • Adherence
  • Monitor
  • Measure
  • Self
  • Service

9
Elements of a Security Policy
  • Build a Security Team
  • skills and roles
  • Training and Awareness
  • explaining security
  • Physical Security
  • Monitoring
  • logs and analysis
  • Auditing
  • assess security posture
  • Prepare for an Attack
  • incident response team
  • Handling an Attack
  • Forensics
  • analyze data

Attacker
Response
Forensics
Watch Team
General Employees
10
Network Security Technologies
  • Authentication
  • Traditional
  • Public Key Infrastructure
  • Single Sign-On
  • Layer 2
  • Firewalls
  • packet filtering
  • proxy
  • stateful inspection
  • VPNs / Cryptography
  • Data Confidentiality
  • Data Integrity
  • Non-Repudiation
  • NAT
  • DNS
  • Content Filtering
  • virus
  • URLs
  • Intrusion Detection
  • network host
  • Vulnerabilities
  • network
  • host

11
ALcatel Security Solutions Strategy
  • Adding value to core eND platforms through
    embedded security
  • Delivering a full-function, standalone, security
    appliance family
  • Establishing partnerships with organizations that
    offer security solutions outside of Alcatels
    core business

12
Alcatel Omni Switch FamilySecurity Features
  • Controlling management / attacks
  • Authenticated Switch Access - users
  • Secure Switch Access - devices
  • Denial of Service defenses
  • Partitioned Management

Security to the switch
  • Secure Traffic Management
  • Firewall/NAT - embedded FW-1
  • Secure Switch Access - devices
  • IP-based Access Control Lists
  • Authenticated-VLANs - users
  • Binding VLANs - devices
  • Port Mapping

Security through the switch
  • Privacy Authentication
  • Secure VPN Gateways (external)
  • VPN on OA512 (1Q02)
  • Router Authentication (RIP/OSPF/BGP4)

Security between switches
13
Port-Binding VLANsDevice Authentication
  • Security at the switch port
  • Device bound by VLAN policy
  • port MAC protocol
  • port MAC IP address
  • port MAC
  • port protocol
  • port IP address
  • MAC IP address
  • Device fail authenticated if any policy element
    not met.
  • Violation results in SNMP trap
  • Applications
  • non-mobile systems (printers servers)
  • reduces the likelihood of address spoofing

Example Rule Port IP protocol
IP
DEC
IP
14
VLAN User AuthenticationUser Authentication at
Layer 2
Authenticated User
  • Authenticates users at switch port
  • permissions to users, not devices
  • Leverages common auth systems
  • RADIUS
  • front-ends RSA ACE/Server, NT Domain, NDS, etc.
  • LDAP Directory Server
  • Moves users MAC from default VLAN to authorized
    VLAN(s)
  • based on Group Mobility technology
  • Once authenticated, operating at LAN speed
  • Ideal for mobile environment
  • campus
  • cybercafes
  • hospitals

Switch
Backbone
Authentication Server
15
Alcatel XOS-based Security
  • Feature Overview
  • software-based flow control based
  • src/dst IP address
  • tcp/udp port numbers
  • icmp type
  • tied to layer-7 classifier implementation
  • standard software for the OmniAccess 512
  • Applications
  • control communications between networks
  • basic packet filtering without typical cost
  • security embedded in device

10.1.1.x network
Src/dst / Action deny Src 10.1.1.x dst
10.1.2.x type http Action allow
HTTP
10.1.3.x network
10.1.4.x network
10.1.2.x network
16
Alcatel XOS-based Security VPN on OmniAccess 512
  • Feature Overview
  • add VPN to OA512 (1Q02)
  • switching/routing, LAN/WAN, VoIP, ACLs,
    compression in 1 unit
  • VPN as optional software module leveraging the
    OA512s Hi/fn chip
  • Applications
  • full security feature support
  • provid provisioning platform for routing /
    switching / VoIP / VPN
  • 1 box vs 2 or 3 boxes
  • Interoperate with central gateway

Remote Office
Remote Office
OA512
OA512
VPN Tunnel
Internet
Security Appliance
Central Corporate
17
Alcatel Secure VPN Solution
  • Key Points
  • Timestep - a first commercial VPN equipment
    provider
  • Core group of security experts part of eND
  • we own the technology and roadmap
  • Successes
  • U.S. Department of Defense and Federal Reserve
    (US)
  • Westpac, INSNET (AU), etc.
  • Compliance with standards
  • IPSec
  • ICSA (Trusecure.com)
  • FIPS 140-1
  • Seamless support for PKI
  • first VPN vendor to offer PKI support
  • Product Set
  • 713x Secure VPN Gateways
  • Secure VPN Client
  • 5630 Secure VPN Management suite

18
Speed Touch Pro II
  • Speed Touch Pro II
  • Enhanced platform as compared to Speed Touch Pro
  • Allows to integrate features of the Alcatel 713x
    Secure VPN Gateway onto this platform

xDSL
Ethernet
Ethernet
Speed Touch Pro
Alcatel 713x SVG
integration
xDSL
Ethernet
Speed Touch Pro II
19
Global Secure Remote Access and Branch Office
Intranet
Branch office LAN
Head office LAN
Alcatel 5631 Secure VPN Policy Manager and
Entrust/PKI
LDAP-compliantdirectory
Internet
Alcatel 7134 Secure VPN Gateway
Firewall
Alcatel 7137 Secure VPN Gateway
Secure
Unsecure
InternetPOP
InternetPOP
Field agents
Alcatel Secure VPN Client
Alcatel Secure VPN Client
20
Summarya true security solution
RO/BO
VPN Client
SO/HO
  • Edge / Core Switches
  • ACLs embedded firewall/NAT
  • A-VLANs
  • Standalone appliances
  • 713x VPN gateways
  • VPN/FW/NAT appliance
  • VPN client software
  • Windows
  • Switch-embedded VPN
  • RO/BO OmniAccess 512
  • Hardened switch OS
  • Secure switch mgmt
  • device user

RO/BO
Security Appliance
DSL
OA512
Internet
VPN Tunnels
Security Appliance
OmniVista w/ SecureView
OmniPCX
Central Site
21
Thank You

Alcatel e-Business Networking Division
Write a Comment
User Comments (0)
About PowerShow.com