1 / 21

Alcatel e-Business Networking Division

Network Security: Issues, Processes and Technologies. lawrence.chong@alcatel.com. Alcatel e-Business Networking Division. Agenda. Network Security Threats Need for Security Security Processes Security Policies Network Security Technologies Alcatel’s Strategy. Information Security is Key.

ocean-reilly
Download Presentation

Alcatel e-Business Networking Division

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security:Issues, Processes and Technologies lawrence.chong@alcatel.com Alcatel e-Business Networking Division

  2. Agenda • Network Security • Threats • Need for Security • Security Processes • Security Policies • Network Security Technologies • Alcatel’s Strategy

  3. Information Security is Key • Historically, information was controllable through good state-of-the-art-alarm systems and physical security • banks • R&D facilities • government complexes • airports • power grids • Today, traditional businesses and services are controlled electronically • information security has not kept up with the times • traditional secure environments are now wide open

  4. Network Security Threats • Identity interception • “discovery” of a valid user ID & password • stolen files • Masquerade • one user pretending to be another • address spoofing • Replay attack • login monitoring and playback • protocol analyzers • Data interception • intermediate capture of data • wiretaps and monitoring devices

  5. Threats (cont.) • Manipulation • unauthorized data change • virus • Integrity • doubts as to data origin • Macro viruses • application-specific viruses (Word & Excel) • Denial of service attacks • data flooding of servers consuming CPUs • Malicious mobile code • auto-executables via ActiveX or Java

  6. Privacy personal governmental Multilevel security classifications / need to know Anonymity commercial medical Authentication proof of identity / accuracy Integrity validity of data datum’s relationship to itself over time has the data been modified since creation Audit records / logs aids forensics Electronic currency credit / debit cards letters of credit digital cash Growing Needs for Security

  7. “Security is a process, not a product” - Bruce Schneier

  8. Network Security ProcessClosed Loop Corrective Action Evaluate • Policies / Processes • Design • Vulnerabilities Implement • Patches • New policies & designs • Authentication • Firewalls & VPNs • Content security • Intrusion detection Incident Response Team Improve • Training / Awareness • Adherence Monitor & Measure • Self • Service

  9. Elements of a Security Policy • Build a Security Team • skills and roles • Training and Awareness • explaining security • Physical Security • Monitoring • logs and analysis • Auditing • assess security posture • Prepare for an Attack • incident response team • Handling an Attack • Forensics • analyze data Attacker Response Forensics Watch Team General Employees

  10. Authentication Traditional Public Key Infrastructure Single Sign-On Layer 2 Firewalls packet filtering proxy stateful inspection VPNs / Cryptography Data Confidentiality Data Integrity Non-Repudiation NAT DNS Content Filtering virus URLs Intrusion Detection network & host Vulnerabilities network host Network Security Technologies

  11. ALcatel Security Solutions Strategy • Adding value to core eND platforms through embedded security • Delivering a full-function, standalone, security appliance family • Establishing partnerships with organizations that offer security solutions outside of Alcatel’s core business

  12. Controlling management / attacks Authenticated Switch Access - users Secure Switch Access - devices Denial of Service defenses Partitioned Management Alcatel Omni Switch FamilySecurity Features Security to the switch Secure Traffic Management • Firewall/NAT - embedded FW-1 • Secure Switch Access - devices • IP-based Access Control Lists • Authenticated-VLANs - users • Binding VLANs - devices • Port Mapping Security through the switch Privacy & Authentication • Secure VPN Gateways (external) • VPN on OA512 (1Q02) • Router Authentication (RIP/OSPF/BGP4) Security between switches

  13. Port-Binding VLANsDevice Authentication Example Rule: Port + IP protocol • Security at the switch port • Device “bound” by VLAN policy • port + MAC + protocol • port + MAC + IP address • port + MAC • port + protocol • port + IP address • MAC + IP address • Device fail authenticated if any policy element not met. • Violation results in SNMP trap • Applications • non-mobile systems (printers & servers) • reduces the likelihood of address spoofing IP DEC IP

  14. VLAN User AuthenticationUser Authentication at Layer 2 Authenticated User • Authenticates users at switch port • permissions to users, not devices • Leverages common auth systems • RADIUS • front-ends RSA ACE/Server, NT Domain, NDS, etc. • LDAP Directory Server • Moves user’s MAC from default VLAN to authorized VLAN(s) • based on Group Mobility technology • Once authenticated, operating at LAN speed • Ideal for mobile environment • campus • cybercafes • hospitals Switch Backbone Authentication Server

  15. Alcatel XOS-based Security 10.1.1.x network • Feature Overview • software-based flow control based • src/dst IP address • tcp/udp port numbers • icmp type • tied to layer-7 classifier implementation • standard software for the OmniAccess 512 • Applications • control communications between networks • basic packet filtering without typical cost • security embedded in device Src/dst = */* Action = deny Src = 10.1.1.x dst = 10.1.2.x type = http Action = allow HTTP 10.1.3.x network 10.1.4.x network 10.1.2.x network

  16. Alcatel XOS-based Security VPN on OmniAccess 512 Remote Office Remote Office • Feature Overview • add VPN to OA512 (1Q02) • switching/routing, LAN/WAN, VoIP, ACLs, compression in 1 unit • VPN as optional software module leveraging the OA512’s Hi/fn chip • Applications • full security feature support • provid provisioning platform for routing / switching / VoIP / VPN • 1 box vs 2 or 3 boxes • Interoperate with central gateway OA512 OA512 VPN Tunnel Internet Security Appliance Central Corporate

  17. Key Points Timestep - a first commercial VPN equipment provider Core group of security experts part of eND we own the technology and roadmap Successes U.S. Department of Defense and Federal Reserve (US) Westpac, INSNET (AU), etc. Compliance with standards IPSec ICSA (Trusecure.com) FIPS 140-1 Seamless support for PKI first VPN vendor to offer PKI support Product Set 713x Secure VPN Gateways Secure VPN Client 5630 Secure VPN Management suite Alcatel Secure VPN Solution

  18. Speed Touch Pro II • Speed Touch Pro II = • Enhanced platform as compared to Speed Touch Pro • Allows to integrate features of the Alcatel 713x Secure VPN Gateway onto this platform xDSL Ethernet Ethernet Speed Touch Pro Alcatel 713x SVG integration xDSL Ethernet Speed Touch Pro II

  19. Global Secure Remote Access and Branch Office Intranet Head office LAN Branch office LAN Alcatel 5631 Secure VPN Policy Manager and Entrust/PKI LDAP-compliantdirectory Internet Alcatel 7134 Secure VPN Gateway Firewall Alcatel 7137 Secure VPN Gateway Secure Unsecure InternetPOP InternetPOP Field agents Alcatel Secure VPN Client Alcatel Secure VPN Client

  20. Summarya true security solution VPN Client SO/HO RO/BO RO/BO Security Appliance • Edge / Core Switches • ACLs & embedded firewall/NAT • A-VLANs • Standalone appliances • 713x VPN gateways • VPN/FW/NAT appliance • VPN client software • Windows • Switch-embedded VPN • RO/BO – OmniAccess 512 • Hardened switch OS • Secure switch mgmt • device & user • Common management • standalone today • integrate with OmniVista with SecureView tomorrow DSL OA512 Internet VPN Tunnels Security Appliance OmniVista w/ SecureView OmniPCX Central Site

  21. Thank You Alcatel e-Business Networking Division

More Related