1 / 21

NetScreen Technologies

NetScreen Technologies. Innovative Technologies Applied for Network Security. Agenda. Application scenarios High speed Internet Firewall and VPN Central Site Medium Enterprise Large Enterprise Enterprise Data Centre Internet Data Centre Multi Security Innovation Unique Architectures

azize
Download Presentation

NetScreen Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NetScreen Technologies Innovative Technologies Applied for Network Security

  2. Agenda • Application scenarios • High speed Internet • Firewall and VPN Central Site • Medium Enterprise • Large Enterprise • Enterprise Data Centre • Internet Data Centre • Multi • Security Innovation • Unique Architectures • Threats and Responses • VPN leadership • Total cost of ownership • VPN and Security Management

  3. Agenda • Application scenarios • High speed Internet • Firewall and VPN Central Site • Medium Enterprise • Large Enterprise • Enterprise Data Centre • Internet Data Centre • Multi Department Security • Campus Security • VPN and Security Management

  4. Complete VPN Functionality Cost effective remote site VPN • Complete range of HW • Hub & Spoke or Full Mesh VPN • NAT Traversal • VPN Dial backup Comprehensive Authentication Support • PKI (versign,… • Radius • LDAP • XAUTH • SecureID Complete RA VPN Support • Remote VPN client • Security Client – Personal FW + VPN • ANG for centralized & user auth • Certificate & smart card support • Compatibility w/ Certicom PDA client Robust connectivity for major Sites • Active-Active HA • Redundant Gateway VPN tunnels • VPN Monitoring • Full Mesh • OSPF & BGP Routing • Virtual Systems • 3DES & AES encryption w/ ASIC acceleration • Traffic management • FIPs & ICSA Certified Internet Easy deployment & NW integration • NAT, NAT-T, Transparent Mode • Device or policy based management • NAT, DHCP, PPPoE • Integrated Firewall Comprehensive Mgmt • Policy Based Mgmt • VPN Monitoring • Detailed reporting & trending Global PRO

  5. Firewall with High Speed Internet Internet Private Network Firewall • Private Network perceived as “secure” • RAS for mobile / home office • WAN access multiple T1s (>1.5Mbps) • Promotional Web site • All employees “trusted” can access all parts of the network PSTN (1-800) Corp HQ RAS DMZ • NetScreen delivers • Increased Security / Easier Support / Higher Performance & Scalability / Cost effective solution

  6. VPN Intranet & Central Site Firewall Internet Remote Access VPN • Private & dial network replaced by VPN intranet • Remote VPN devices provide additional security because they are also Firewalls • Central Firewall turns on VPN • Central Site VPN Acceleration • Central Firewall unable to handle VPN traffic needs acceleration • NetScreen device used for VPN termination • Leverage advanced features eg Hub & Spoke Corp HQ • Firewall/VPN consolidation • NetScreen replaces existing firewall due to unnecessary duplication of costs (maintenance, admin, and support) NetScreen-Global PRO

  7. Medium Enterprise Serious Traffic (web) and VPN Requirements Internet Integrated VPN, FW and Traffic Mgmt • VPN • No Special Licenses or Additional Hardware • >100 Remote Sites or RA Users • Class leading VPN for Central Site • 1000 tunnels & 185M 3DES • Firewall • Stateful Inspection FW, NAT, PPPoE and DHCP client, server & relay • Class Leading FW for Central Site • 100K+ sessions & 19K ramp rate • Traffic Management • Reduce BW for non-business critical traffic • Better utilize / reduce expensive WAN BW • High Availability • Stateful fail over FW & VPN T1, SDSL, etc DMZ Web & Email Servers NetScreen-Global PRO

  8. Large Enterprise Very High Traffic and VPN Requirements Branch Office Regional Office Integrated VPN, FW and Traffic Mgmt • VPN • No Special Licenses or Hardware • Thousands of Remote Sites or RA Users • Class leading VPN for Central Site • 10K tunnels & 250M 3DES • Firewall • Stateful Inspection FW, NAT, PPPoE and DHCP client, server & relay • Class Leading FW for Central Site • 250K sessions & 22K ramp rate • Traffic Management • Reduce BW for non-business critical traffic • Better utilize / reduce expensive WAN BW • High Availability – Active-Active • Stateful fail over FW & VPN Small Office Internet DMZ Web & Email Servers NetScreen-Global PRO

  9. Multi-Department Security Internet Traditional Solution • Multiple Firewalls required to provide internal security Corp HQ • NetScreen-500 Solution • Virtual Systems employed to provide departmental security • Can also be used for additional DMZs, security domains and for extranets • Trust limited to “Need to know” employees DMZs Finance Dept Engineering Dept M & A Group

  10. Finance Vsys Multi-Department with remote users • Firewall • Traffic sent to the Finance dept is firewall-ed by the Finance Vsys • Finance SOHO worker firewall-ed from the Internet • VPN • Remote finance workers VPN connections terminate in the Finance Virtual System • Essentially extending the finance intranet to include those workers Internet Finance Dept remote worker Finance Dept mobile worker Corp HQ DMZs Finance Dept

  11. Enterprise or Campus Backbone Building A Building B DMZs Web Bonded GE Links Dept Servers Email • Campus Gateway • Performance = LAN Speeds • Segmentation • Buildings, Departments, Servers & WLAN A/P’s • Multi-port • Up to 24 GE • Trunked links • Vsys & VLANs • Mapped to switch infrastructure • GigE DMZs • Web & Email • Dept Servers • High Availability Finance Engineering

  12. High Speed WAN access – OC12/GE 10,000s of VPN Connections Gigabits of VPN or or Millions of Hits • Massive # VPN Connections • 1000s of Remote/Branch office • Large BW single tunnel VPN connections • Fiber based metro services • Large consolidated Internet access • High Profile Public Presence • Sophisticated HA • Stateful FW & VPN

  13. Enterprise Data Center • High Density & Performance • Up to 72 FE & 6 GigE or 24 x GigE • Superior small packet performance • Internal attack prevention on every interface • Every interface a security zone /unique policy • Stateful High Availability • Bonded Links to Disaster Site • which can be Encrypted

  14. NS Remote, 5, 25, 200 Customer Access (VPN) Mirrored Data Center NetScreen 500 NetScreen 200 Front End Front End NetScreen 25 BackEnd or Low end dedicated BackEnd Internet Data Center • High performance multi-customer solution • Reduced Capital Cost • Rapid Deployment • Low support burden Customers www Access • Differentiated services • Customer site VPN • Additional Backend or Database security Internet • High Bandwidth FW and VPN without having load balanced security devices • Dedicated VPN and / or FW solution NS-5200 (Firewall & VPN) Internet Data Center Untrust Trust VLAN 4 VLAN 1 VLAN 2 VLAN 5 VLAN 3 Front End Front End Shared Hosting / Core Systems • High speed VPN between Data Centers BackEnd BackEnd Vsys # 1 Vsys # 3 Vsys # 2

  15. Anti-VirusNetScreen-Trend CSP Solution Internet NetScreen-Trend CSP 1: Email packet arrives at the NetScreen device; NetScreen begins hijacking the TCP connection 2: NetScreen buffers beginning of email session and creates CSP session with the InterScan server 3: Email data continues to flow in and is passed to InterScan via CSP 4: InterScan receives entire Email session including file and scans file and replies with scan result 5: NetScreen creates Email session with destination email gateway Legitimate traffic still allowed CSP InterScan

  16. Reporting Oracle DB Historical Report Server Data Collector(s) Monitoring Global PRO DeploymentsNetScreen-Global PRO Express & NetScreen-Global PRO Architecture Global PRO UI • Global PRO & Global PRO Express • Complete turnkey management solution • Configuration/policy management, real time monitoring • Integrated NetScreen-Remote VPN client management • Multi-admin/role-based admin • Pre-installed and configured on a Sun Netra Server • Global PRO • Sophisticated historical reporting • Log data correlation/reduction • Designed to scale to 10,000 devices • Extensible Web-based report templates; 3rd party report integration, i.e. HP/OV Configuration Monitoring Policy Manager server

  17. Global PRO DeploymentsPoint & Click Policy Management Small Offices / Branch Offices Regional Offices • Ability to add devices or users to network quickly & easily • All required VPN and firewall rules are created automatically • Allows for rapid response to attacks • Quickly create full mesh, hub & spoke, and site-to-site VPNs All boxes in VPN updated with new configurations Teleworkers Internet New device added to policy group Remote Users Web & Email Servers DMZ Firewall & VPN polices automatically applied to the new device NetScreen-Global PRO

  18. Improved in Global PRO 3.1 Global PRO DeploymentsManaging Remote Client VPN Policies Users authenticate to NetScreen-Global PRO Internet • Remote user launches NetScreen-Remote login to connect • User authenticates to NetScreen-Global PRO or NetScreen-Global PRO Express • External authentication servers may be queried • Users VPN policy securely downloaded to NetScreen-Remote client via SSL • VPN tunnels established to NetScreen devices • Upon logout, VPN policy and keys are purged from users PC • Add new users through RADIUS NetScreen-Remote Users VPN VPN tunnels established DMZ Private LAN SSL Web & Email Users policy retrieved RADIUS Server NT Domain NetScreen-Global PRO External authentication server queried

  19. Hacker Global PRO DeploymentsThreat Mitigation, Analysis & Response Branch Offices Regional Offices • Suspicious activity detected via NetScreen-Global PRO Real-time Monitor • Push appropriate “Deny” policy to all devices • Assess and analyze threat • Push out new or revised security policies Remote Offices Remote Users Internet Web & Email Servers DMZ NetScreen-Global PRO

  20. NetScreen’s Security Product Line * To be updated to Active-Active – 1HCY03 A/A = Active-Active High Availability A/P = Active-Passive High Availability

  21. NetScreenScalable Security Solutions

More Related