270 likes | 387 Views
Selling in the Telco sector. JOSE GRANDMOUGIN EMEA SENIOR CONSULTANT . 26. 11. 2009. Security Solutions for Service Providers. MOBILE NETWORK. Two discrete solutions for Service Providers. 2. 1. Protecting the Service Provider’s Infrastructure.
E N D
Selling in the Telco sector • JOSE GRANDMOUGIN • EMEA SENIOR CONSULTANT 26. 11. 2009
Security Solutions for Service Providers MOBILE NETWORK Two discrete solutions for Service Providers 2 1 Protecting the Service Provider’s Infrastructure Protecting the customer (Managed Security Service Provider) Subscriber Network Subscriber Network Subscriber Network RADIUS SERVER SGSN GGSN
Traditional CPE / Client Based MSS Internet NOC/SOC 4
Virtualized Services Per Customer Virtual Domain Application Control Web Filtering AntiVirus / AntiSpyware Data Leak Prevention AntiSpam Intrusion Protection VPN (IPSec / SSL) Firewall Dynamic Routing 5
Security Processing Modules ADM-XE2 and ASM-CE4 Intrusion Prevention Offloading Inspects traffic traversing network interfaces for network-based attacks Provides protocol anomaly and signature-based inspection Multi-Gigabit performance Firewall Offloading Inspects traffic traversing network interfaces and blocks/allows according to firewall policy Line-Rate performance IP Multicast Offloading Accelerates and routes IP Multicast traffic Contributes to improved performance of video, voice, and other IP Multicast applications ASM-CE4 ADM-XE2
NP4 Based Dual Wide AMC Module Compatible with 5001A/3810A Firewall and IPSec offload 4 x 10G SFP+ Interfaces Includes 2xSR SFP+ transceivers 20G Firewall Processing 8G IPSec VPN Processing ADM-XD4 7
Value Added Internet Access Services Customer 1 Customer 2 Customer 3 Internet COMPETITION • Juniper • CrossBeam • Cisco WINNING FACTORS • Protection Profiles and Virtualization • Routing flexibility • Hardware scalability 8
Value Added RAS Client Internet Internet CPE WINNING FACTORS • Features Integration, IPSec, SSL VPN Antivirus, Web Filtering • Self Service Management Portal COMPETITION • Cisco • Juniper 9
3G High-Performance VAS Internet 3G Network COMPETITION • Cisco • Juniper WINNING FACTORS • Features Integration, Fast Antivirus services • Self Service Management Portal • 10Gb real throughput 10
Management Interfaces in the Cloud Network Provisioning Billing XML API / GUI Device Group CUSTOMERS MGMT JSON API Self ServicePortal XML API Device Group LOG / ARCHIVE QUARANTINE GUI CLI / SNMP / GUI Troubleshooting Monitoring NOC / SOC 11
FortiManager Portal User Portal Customization Development Toolkit Provides a full set of customization options Function, content, and branding Secondary database interfaces Consumer Portal Simplified option set Uses Development Toolkit Targets consumer opportunities Linked with Dynamic Profile Featureon FortiOS Carrier
Virtualized Management Multiple Administrative Domains • Administrative Domain (ADOM) • Per Customer / Device Group Policy Management • Per Customer / Device Report Generation • Supports VDOM groups and physical device groupsin any combination Admin 1 Device Group 1 Admin 2 Device Group 2 Customer 1 Customer 2
Applies to two key target service provider markets Managed Security and Mobile Allows user “Self-Service” automation RADIUS Accounting Record attributes used to create a context for a source IP address Context can associate IP address with any other RADIUS attribute Username, MSISDN, Service Name Protection Profile also extracted from the RADIUS record Assumes an authentication event has occurred within the Carriers network Typical in both fixed (DSL) and mobile environments Dynamic Security Profiles PORTALSERVER RADIUSSERVER Radius Accounting Message Portal Provisioning Dynamic Policy Created DYNAMIC SECURITY PROFILES
Dynamic Security ProfilesIn Home Parental Control* DSL DSL • Provides an authenticated bypass of the Service Restrictions • Within a domestic environment • Both end-points (users) are behind the same NAT boundary • Clientless solution to differentiate access – no software to ‘hack’ • Parental control is maintained Home user 2 (Child) NAT Home user 1(Adult) DYNAMIC SECURITY PROFILES www.badsite.com *FortiOS Carrier 4.1
Per end-point Black / White List End points (users, MSISDN) can have their own black white list No requirement for end user to access FortiGate infrastructure Can be populated on Self Service Portal Dynamically configured on FortiGate as end points attach RADIUS VSA Extension, no fixed limit for URLs Dynamic Security ProfilesEnd-Point customisation DSL+3G RADIUS Self ServicePortal DYNAMIC SECURITY PROFILES www.badsite.com *FortiOS Carrier 4.2
FortiOS Carrier 4.0 Highlights Dynamic Profiles Per user services via a RADIUS API Protection Profile derived from RADIUS record Session Initiation Protocol (SIP) Security Stateful SIP tracking, Malicious SIP message protection , SIP Rate Limitation SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing Geographical Redundancy, SIP Stateful High-Availability Multimedia Message Service (MMS) Security Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering) Sender and Admin notification GPRS Tunneling Protocol (GTP) Firewall 3GPP 29.060 version 6.9.0, including Overbilling Protection Protocol Anomaly Checks, IMSI/APN/IE filtering
FortiCarrier SIP Security VOICE SECURITY NGN Network Topology • Call Control • Routing • Features • Billing Softswitch SIP Application Server (AS) Session Border controller • Hosted NAT Traversal • Call Admission • Interoperability • Interworking (IWF) • Media Pinholing and Policing Signalling Control (SIP) Media Control (RTP) SIP Firewall • SIP aware Firewall • Denial of Service prevention • Message Filtering • Message rate limiting • IPS detection and prevention Optional RTP bypass RTP SIP SIP RTP All Traffic – Access and Peering • 20
Mobile Security FortiCarrier also provides: MMS Antivirus MM1/3/4/7 Monitor mode Intercept, Archive, Quarantine, Block Actions Sender Notification and alerting MMS Antispam MM1/4 Duplicate Message, Sender Flooding Admin Notification CONTENTPROVIDER INTERNET MM3 MM7 MMSC MM4 MM1 OTHEROPERATOR MOBILE SECURITY
Global Service Offerings FortiGuard™ Global Research Team provides original security intelligence via FortiGuard subscriptions Antivirus Intrusion Prevention Web Filtering Antispam FortiCare™ Support services provides technical assistance anywhere, anytime Multiple service levels to meet customer requirements
FortiMail – Email Security Role Based Administrative Domain Management Thousands of domains LDAP Profiling Outsourced policy management / service enablement Inbound and Outbound Antivirus and Antispam Centralised Quarantine Multiple Operating Modes Server, Gateway/Relay and Transparent Unlimited License Model Not per mail box or domain Integrated with FortiManager and FortiAnalyzer Chassis Blade and Appliance Form Factor 24
FortiClientDesktop Access to FortiGuard Services Antivirus & Antispyware Protection Personal Firewall Content Filtering Windows Registry Monitor IPSec VPN Client Private Label Branding Microsoft MSI installer for rapid deployment to many clients Client lockout to prevent unauthorized configuration License Control
FortiMobile Security Client Software Symbian Series 60 2nd Edition: v7.0s, V8.0a, v8.1a 3rd Edition: v9.1, v9.2, v9.3 Windows Mobile 2003 SE: Pocket PC, PPC Phone 5.x: Pocket PC, PPC Phone, Smartphone* 6.x: Professional, Standard, Classic Capabilities include Personal Firewall VPN (IPSec, SSL) Incoming Call Filter SMS Antispam Antivirus Phone Security (Contact / SMS / Call Log / Data Encryption) Multi-Language Support Smartphone support to be added in 4.3