We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJude Brunton
Modified over 2 years ago
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal solution for retail chains
© 2012 – Teldat GmbH – All rights reserved Port Based Security One private IP subnet (= one IP broadcast domain) in each branch Static IP addresses on the LAN (no DHCP) Allow POS transactions to HQ Customer card transactions via IP connected card machines Mobile phone topup tranactions and lottery transactions Remote maintance of the POS equipment Remote maintance of other IP connected equipment in the branch by 3rd parties The requirments of the „Payment Card Industry Data Security Standard (PCI)” must be met. To fulfil these requirements, the network topology at the branch office LAN must be changed (IP subnetting / VLANs). A change to the Network topology in hundreds or thousands of branches is both expensive and logistically prohibitive Situation: in the branch sites
© 2012 – Teldat GmbH – All rights reserved Port Based Security R1202 Switch IP-Subnet 10.0.0.0/220.127.116.11.18.104.22.168„M2M/ Lottery/ etc“ „Card Terminal“ VPN-Gateway Problem: How can I prevent access between equipment without extensive modification of network topology? VPN „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security The Challange: ●Virtual separation of the network components WITHOUT removing equipment from the common IP subnet ●Although the network components are in a common IP broadcast domain ensure they CAN NOT DIRECTLY communicate with each other... ●......but to allow communication via the router, which can control the access between network components via its existing Layer 3 features (firewall, ACL)
© 2012 – Teldat GmbH – All rights reserved.1 Port Based Security "Drop-In Mode" - also known as "transparent mode" R1202 Switch IP-Subnet 10.0.0.0/22.214.171.124.3.8.7„M2M/ Lottery/ etc“ „Card terminal“ VPN-Gateway „Drop-In-Router“ Solution: Access is via the "drop in" router with firewall / ACL rules „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security ●Physical separation of network components with the help of separate LAN ports on the router (optionally VLAN also possible) ●The IP broadcast domain extends above it to the entire Ethernet network ●Within each physical (virtual) “Zone“ the direct communication with each other continues to be permitted ●The „Drop-In-Router“ can now control all the traffic ●betweeen the „Zones“ („Intra-Domain-Routing“) ●Between the IP-Broadcast-Domain and other Networks the Layer-3 features control and regulate this The solution: "Drop-In Mode" - also known as "transparent mode"
© 2012 – Teldat GmbH – All rights reserved Port Based Security The advantages of the "drop-in mode" Solution No complex changes to the network topology are required Requests between the network components can reliably be controlled via the router security features (firewall, ACL) No VLAN segmentation is required, however optionally VLAN is also possible. Easy configuration in the branch router in just a few steps ( Go & Protect ) Ethernet port configuration is identical in all stores... small number of branch-specific parameters... Therefore little effort... in installation and maintenance Compared to other solutions only ONE VPN tunnel to the central office required Less administrative work More Performance Better stablity Central site solution needs only minimul adjustment
© 2012 – Teldat GmbH – All rights reserved „Drop In Mode“ – Transparent Mode
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
Common Devices Used In Computer Networks
LTEC 4560 Summer 2012 Justin Kappel Networking Components.
Networking Components Christopher Biles LTEC Assignment 3.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Network Components Kortney Horton LTEC October 20, 2013 Assignment 3.
Networking Components James Rouse LTEC Network Administration March 15, 2014 Assignment 3.
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
Chapter 8: Virtual LAN (VLAN)
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
1 Fall 2005 Layer 3 Switches and VLANs Qutaibah Malluhi CSE Department Qatar University.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Network Troubleshooting CT NWT NameTP No. Gan Pei ShanTP Tan Ming FattTP Elamparithi A/L ThuraisamyTP Tan Ken SingTP
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Threaded Case Study for Phoenix, AZ. School District Sunny Slope & Sunset Elementary present by Todd Thousand, Bill Siepel, and Jeff Moore.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
Internet Protocol Security (IPSec)
Interconnecting Cisco Networking Devices Part 1 Pass4sureusa Pass4sure.
Mr C Johnston ICT Teacher G055 - Lecture 03 Local and Wide Area Networks.
PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 4: Managing LAN Traffic
LAN Segmentation Virtual LAN (VLAN).
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES Establish secure topologies. Secure.
Hierarchical Network Design – a Review 1 RD-CSY3021.
Networking Components By: Michael J. Hardrick. HUB A low cost device that sends data from one computer to all others usually operating on Layer 1 of.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Guide to Network Defense and Countermeasures Second Edition
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
IUT– Network Security Course 1 Network Security Firewalls.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2017 SlidePlayer.com Inc. All rights reserved.