120 likes | 127 Views
Safeguard your data center with the TippingPoint SSL Appliance 1500S, offering seamless SSL traffic inspection and encryption off-loading. Protect against encrypted attacks while ensuring optimal performance and regulatory compliance.
E N D
Agenda • Market Situation • SSL Appliance 1500S • Features and Benefits • Deployment Scenarios • Data Center Protection • Core Controller Deployment • Management • Technical Specifications
The SSL Conundrum Catch 22: • Encryption is necessary to protect data and ensure its integrity • But attackers use encryption to bypass security infrastructure and launch attacks • Encryption use is on the rise - can be up to 90% of all traffic for some Data Centers • Especially in web facing Data Centers • Encrypted traffic cannot be analyzed by most Enterprise security infrastructure And what’s worse:
TippingPoint’s SSL Appliance High-performance, transparent SSL off-loading and bridging for IPS traffic inspection 000100101010011110100100101010101010110101010101010001110101010101 SSL Appliance 101010101010101010101010101010101001000001101001010011010 Clean Encrypted Traffic -OR- Clean Un-Encrypted Traffic JOHNSONAMY>TEL21251>NUMBER0338-2934-051 QUE€2532.90>DOB09/19/ Dirty Encrypted Traffic IPS Platform • Key Benefits • Increased Web server and application security • Virtually no traffic bottlenecks or application performance penalty • Carrier-class reliability delivers high-availability / up-time • Contributes to regulatory compliance efforts • Reduced server utilization in off-loading configuration October 28, 2019 4
SSL Appliance Features • Dedicated SSL Appliance • 1U Appliance • 2 Segments Inspection • 8 x 10/100/1000 BaseT ports • SSL Off-Loading: decrypt only • SSL Bridging: decrypt and re-encrypt • Unencrypted SSL traffic passed to IPS • Performance (all ciphers) • 2Gbps Traffic pass-through • 1Gbps SSL off-loading • 500Mbps SSL bridging • SSL Application Support • HTTPS • Advanced Cipher Support • RC4 - AES • DES - 3DES • SSL Key Exchange • RSA (up to 2K) • Key Management • Server keys stored on SSL Appliance • Encrypted in hidden file system • Hardware tamper detection • Detects opened chassis even when powered off • Wipe command to destroy server keys • High-Availability • Dual power supplies • Zero power high availability (ZPHA) bypass built-in • IPS bypass when IPS link-down detected • Link-down synchronization enables network HA • Management • Web-based GUI • Policy-based SSL flow decryption
Deployment Scenarios Internet Internet SSL Off-Loading Encrypted SSL Traffic Un-Encrypted SSL Traffic SSL Bridging Encrypted SSL Traffic
1500S Deployment ScenariosData Center protection Internet VPN Protect Web Apps & Servers Access DMZ Remote Office Aggregation Distribution Switch VPN Concentrator IPS IPS Web Servers IPS Data Center Core Office LAN Access Switch IPS Wireless Campus IPS Distribution Switch Access Switch Protect Apps, Servers & Data Shared Storage Shared Tape 10Mbps – 1Gbps 1Gbps – 10Gbps nx1Gbps – nx10Gbps
Securing Private/Public Data Centers Attack Traffic Attack Surface Data at Rest Web Apps Blocks Attacks in Encrypted Flows Vulnerability Scanning Protects Web App Vulnerabilities Clean Encrypted Traffic Dirty Encrypted Traffic 111010101010101000001111110101000010011101010100101010101010101010000111101010100000001011111101010100 111010101010101000001111110101000010011101010100101010101010101010000111101010100000001011111101010100 Enterprise Apps IPS Platform Operating Systems Network Devices
SSL Appliance with Core ControllerHighly Scalable Data Center Solution • Key Benefits • Manage traffic flows by IP address or CIDR block • “Pay-as-you-grow” SSL capacity • Expand IPS and SSL capacity separately to meet demands • Non-encrypted server traffic bypasses the SSL Appliance saving off-loading capacity • Increased redundancy delivers increased up-time • Virtually no traffic bottlenecks or application performance penalty Core Controller 10Gb 10Gb • Encrypted Server Traffic SSL Appliance(s) Non-Encrypted Server Traffic IPS Platform(s)
SSL Appliance Management Interface • User Interfaces • Web User Interface • Command Line • SMS Management • SMS integration to follow
TippingPoint SSL ApplianceTechnical specifications 1. Actual throughput depends on traffic mix. 2. Performance data for 1500S is based on 2 types of traffic: SSL decrypt / SSL decrypt and re-encrypt Strictly Confidential