1 / 10

Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure

Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure. July 2014 Ed Koehler - Avaya. Why should you listen?. Because folks want to attack you!!! Critical Business information Personal and Credit data Just for the heck of it!

ermin
Download Presentation

Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stealth Networks-Private and Secure NetworkingforCritical Assets & Infrastructure July 2014 Ed Koehler - Avaya

  2. Why should you listen? • Because folks want to attack you!!! • Critical Business information • Personal and Credit data • Just for the heck of it! • These folks are serious and they are well equipped with sophisticated tools • It’s no longer kids looking for kicks or prestige • Avaya’s Fabric Connect provides for services that, when properly implemented CANNOT be attacked! • This creates a ‘Stealth Shield’ over the network that makes it invisible!

  3. Privacy in a Virtualized World • Network and Service Virtualization have transformed the IT industry • Cloud Services • Software Defined Networking • BYOD and Mobility • Security and privacy concerns are being expressed by many risk and security analysts • Regulatory compliance in a virtualized environment can be a difficult bar to reach • Examples are, PCI Compliance, HIPAA, Process flow and control (SCADA) environments (NERC/CIP), Video Surveillance

  4. What makes this so difficult? • Traditional networking approaches utilize IP as a utility protocol to establish service paths • These paths are prone to IP scanning techniques that are used to: • Discover network topology • Identify key attack vectors • Using traditional approaches for privacy and separation are costly and complex • Inadvertent Routed Black Holes • Poor resiliency • High Cap/Ex and Op/Ex • Using IP as the utility for establishing paths means that they have to be visible. This creates a ‘catch 22’ which in turn creates complexity and cost

  5. Avaya’s Fabric Connect is truly Stealth! • Fabric Connect is not dependent upon IP to establish the service path • Service Paths are established by the use of SPB Ethernet Switched Paths within Fabric Connect • As a result, path behaviors are established on a completely different plane • ESP’s are ‘invisible to IP’

  6. The definition of a “Stealth” Network • Any network that is enclosed and self contained with no reachability into and/or out of it. It also must be mutable in both services and coverage characteristics • Avaya’s Fabric Connect based on IEEE 802.1aq provides for fast and nimble private networking circuit based capabilities that are unparalleled in the industry • Based on I-SID’s - NOT like MPLS IP VPN or VRF Lite! • Simple not complex • “Stealth” Networks are private ‘dark’ networks that are provided as services within the Fabric Connect cloud • L2 Stealth • A non-IP addressed L2 VSN environment • L3 Stealth • A L3 VSN IP VPN environment

  7. Data Protection: Segmentation comes first!Dark Reading™ recommendations… • Security includes all people, processes and technology • Validation on ‘where’ Private Data exists • Trace processes and systems • Develop flow diagrams of interacting systems & Private Data • Develop documented penetration testing specific to the Private environment • ‘Hack Attack’ methodologies • Ongoing evaluation of threats/vulnerabilities/risk • The more technologies involved in the private environment the more engineering & penetration testing required! • Fabric Connect used end to end eliminates most if not all other network technologies! • Fabric Connect (IEEE 802.1aq) • Can significantly reduce ACL requirements and enhance data flow validation! • Firewalls/IDS – are collapsed into a virtualized security demarcation perimeter • Servers/Storage – resides in encrypted virtualized storage hidden by stealth services • Authentication/Authorization - Identity Engines! • Management applications!** Important consideration to ‘lock down’ the management environment. If it manages a system in the private environment. It is part of it!

  8. Modularity and sampling concept ‘End to end Stealth’ Data Center Systems Storage Systems Compute Systems Firewall/IDS Security Demarcation Network Distribution Systems Remote site systems App/OS Switch/Network Secure Single Port Private Application (Server) Private Application (Client) Data Center Core Distribution Fabric Connect Cloud VRF VRF I-SID FW/IDS VLAN VLAN Subnet A Subnet B IDE Secure L3 “Stealth” Network (IP VPN) Secure L2 “Stealth” Networks

  9. In Conclusion… • While IP Virtual Private Networks are nothing new, Avaya takes the concept to a new level with Fabric Connect • Flexible and nimble service extensions lend itself to an incredibly mobile secure networking paradigm • “Stealth” Networking – Fast, nimble and invisible • “Stealth” Networks can be used to facilitate traditional privacy concerns such as PCI and HIPAA compliance • Next generation private network requirements such as mobility for emergency response, military and/or field based operations • Avaya’s Fabric Connect can deliver all modes of secure private connectivity • Layer 2 Stealth requirements • Layer 3 Stealth requirements • Mobile Stealth requirements

More Related