1 / 19

Firewall Network Processor™: Technical Concept and Business Solutions

Firewall Network Processor™: Technical Concept and Business Solutions. FNP™ – is a trademark of Fractel Inc. December 2008 Columbus. Content. Introduction: business value and technology trend Seeking decision: concept of secure network environment and intelligent “wire”

leila-hebert
Download Presentation

Firewall Network Processor™: Technical Concept and Business Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall Network Processor™:Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus .

  2. Content • Introduction: business value and technology trend • Seeking decision: concept of secure network environment and intelligent “wire” • FNP as a patented capability to keeping network infrastructure secure technical aspects functionality business solution • Summary Firewall Network Processor: core concept and solutions

  3. Keyissues many companies : • spend millions of dollars each year investing in business systems to make information available to authorized persons and customers • seeing business value in access to Internet information infrastructure to improve employee performance … and • seeking technology that can to give employees new functionality without opening the door to attacks and unauthorized access to securing sensitive business data Firewall Network Processor: core concept and solutions

  4. Introduction Basic Internet principal and security issue: • best-effort service (no internal QoS mechanism) • simple authentication model ( trust network environment) Firewall Network Processor: core concept and solutions • Comments: • To enjoy Internet as a business media people must take control of traffic content in the many forms (VLAN,VPN, VoIP,…) and channels (IP, P2P..) • A deep understanding of how employees use Internet recourses requires effective security and management solution.

  5. Business in a form of “applications” – Benephisheries: ASP, banks, electronic commerce companies, GRID computing, etc Business in a form of “packet traffic” , connectivity, and bandwidth Benephisheries: hardware and software suppliers, ISP, Telco, e-PTN Network infrastructure: are any “right places” for investment with low risks and expense? Service level Set of “intelligent” nodes - applications Low Risk “border” Firewall Network Processor: core concept and solutions Low Expense “border” Network access policy Packet processes communication lines • Comments: • business opportunity is close to service and access “border” • customers will deploy the security solution that suits their existing environment.

  6. Solution examples Technology added “value” Income • E-commerce wide access turnover up • VPN remote office outsourcing • AccessManagementSingleSign-on employee productivity Comments: the best investments - reduction of business expenses The best innovations - reduction of technology risks Firewall Network Processor: core concept and solutions

  7. Application Port/MAC/IP n Application port/IP/MAC 1 MAC/IPi Application IP/MAC 2 Internet as a service media: User needs - Applications ASP keeps Servers ISP controls IP Routers Telco provides wire grid • Intellectual services (DB, CAD, PDM, routing, switching,) belongs to the network nodes; • Telco service measures - bandwidth and delay Comment: • There is “Gap” in the network service space - no “intelligent ” service processing on wire level • Is this gap” become the business opportunity? Firewall Network Processor: core concept and solutions

  8. MAC/IP n IP/MAC 1 MAC/IPi IP/MAC 2 “it_is_secure” wire infrastructure Application network IP logical space MAC grid “itiss” means: • Merge existing packet switching technology and access management tools with innovative concept of “intelligent wire” - IP node preprocessor • Find out the cost-effective decision to add intelligent feature to the wire infrastructure Firewall Network Processor: core concept and solutions

  9. Fractel™ - Security Approach and Components & know-how • Technical aspect:provides multilevel packet processing which retains current routing and access policies available in secure computer networks • Decision & know how: • “stealth” firewall network processor(FNP) that provides security functions “outside standard network nodes” (IPv4, IPv6, IPX,...) on the “wire level” • Cost-effective platform for packet processing on MAC, IP, TCP and application levels Firewall Network Processor: core concept and solutions

  10. Design Aspects: • Asynchrony packet flow processing– “one hop many functions” (content and packet filtering) Deliver hardware level performance to software programmable device by: Firewall Network Processor: core concept and solutions • Scalable filtering performance – “one transport protocol many security applications” (web, ftp, sql, ..)

  11. Aspect 1: Asynchrony traffic processing in “intelligent” wire Node m Nodel router IP1 IP2 IP3 IP4 Link l Link l+1 process p1 process p2 process pn FNPi1 FNPin router IP4 IP1 IP2 IP3

  12. ….”Grid” of applications… Application1, application2 … application n TCP/UDP TCP/UDP physical link packet buffer packet drops p2p virtual connection … node 0 node x node x+1 … node M Aspect 2: One control mechanism for many applications content management Firewall Network Processor: core concept and solutions

  13. Firewall NP (FNP) Design Principals • Two types of network interfaces • Cost-effective platform • Flexible and scalable Management • Innovative design Filtering and Control functions Standard hardware and specific control software Firewall Network Processor: core concept and solutions Industrial protocols (Active Directory, Open LDAP, WEB control interface) Patented “address less” technology

  14. incoming traffic outgoing traffic 1 =F(1,2) Stealth incoming interface(s) Stealth outgoing interface(s) 2 Sf=F(2) External storage Ss=F(2) … … … Cache hierarchy FNP Architecture Filtering module sockets Firewall Network Processor: core concept and solutions Control interface Service module authorization, UI daemon Open source OS kernel Local storage

  15. 100/1000 Ethernet ports LAN, DMZ, WAN (stealth mode) interfaces 100/1000 Ethernet port (control interface) power switch FNP Hardware Platform: Firewall Network Processor: core concept and solutions

  16. Global Internet ISP network corporate network router or backbone switch Control Interface Content switching Web server end-user segment Administrative Segment with LDAP and FNP Logfiles DB ftp servers Scenario 1: content switching(single-box deployment) Firewall Network Processor: core concept and solutions FNP-1000/4

  17. G l o b a l I n t e r n e t switched network infrastructure 1 2 3 4 FNP-1000/2 FNP-1000/2 FNP-1000/2 FNP-1000/2 Manageability DC admin monitor Distinct VLAN segment Log DB control interfaces internal network sensor Local Gigabit VLAN switches FNP-100/4S stealth interfaces Scenario 2: Solution for Data Center (protection environment for complex infrastructure) Metro WDM Ethernet switch Firewall Network Processor: core concept and solutions Scalability Availability protected network segment Local admin monitor

  18. public Internet VLAN segment FNP-1000/4 Switch admin and Log DB fnp control interface Firewall rules are generated and deleted automatically after WDC logon\logoff of the end user Storagedomain Switch ftp- server Windows Domain controller / Active Directory NAS-server DNS Scenario 3: dynamic security control (… and third-party integration) ta Firewall Network Processor: core concept and solutions

  19. Summary - FNP advantages : • Based on patented architecture • Delivers security appliance solutions for organizations of all types and sizes • Support industrial standard and third-party integration within existing network infrastructure. • Increase company’s productivity through the management of non-business activities. • Decreased bandwidth costs by limiting noncritical network traffic and blocking objectionable URLs and applications. • Compatible with nearly every available cost-effective hardware platform Firewall Network Processor: core concept and solutions

More Related