We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJude Brunton
Modified over 2 years ago
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal solution for retail chains
© 2012 – Teldat GmbH – All rights reserved Port Based Security One private IP subnet (= one IP broadcast domain) in each branch Static IP addresses on the LAN (no DHCP) Allow POS transactions to HQ Customer card transactions via IP connected card machines Mobile phone topup tranactions and lottery transactions Remote maintance of the POS equipment Remote maintance of other IP connected equipment in the branch by 3rd parties The requirments of the „Payment Card Industry Data Security Standard (PCI)” must be met. To fulfil these requirements, the network topology at the branch office LAN must be changed (IP subnetting / VLANs). A change to the Network topology in hundreds or thousands of branches is both expensive and logistically prohibitive Situation: in the branch sites
© 2012 – Teldat GmbH – All rights reserved Port Based Security R1202 Switch IP-Subnet / „M2M/ Lottery/ etc“ „Card Terminal“ VPN-Gateway Problem: How can I prevent access between equipment without extensive modification of network topology? VPN „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security The Challange: ●Virtual separation of the network components WITHOUT removing equipment from the common IP subnet ●Although the network components are in a common IP broadcast domain ensure they CAN NOT DIRECTLY communicate with each other... ●......but to allow communication via the router, which can control the access between network components via its existing Layer 3 features (firewall, ACL)
© 2012 – Teldat GmbH – All rights reserved.1 Port Based Security "Drop-In Mode" - also known as "transparent mode" R1202 Switch IP-Subnet / „M2M/ Lottery/ etc“ „Card terminal“ VPN-Gateway „Drop-In-Router“ Solution: Access is via the "drop in" router with firewall / ACL rules „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security ●Physical separation of network components with the help of separate LAN ports on the router (optionally VLAN also possible) ●The IP broadcast domain extends above it to the entire Ethernet network ●Within each physical (virtual) “Zone“ the direct communication with each other continues to be permitted ●The „Drop-In-Router“ can now control all the traffic ●betweeen the „Zones“ („Intra-Domain-Routing“) ●Between the IP-Broadcast-Domain and other Networks the Layer-3 features control and regulate this The solution: "Drop-In Mode" - also known as "transparent mode"
© 2012 – Teldat GmbH – All rights reserved Port Based Security The advantages of the "drop-in mode" Solution No complex changes to the network topology are required Requests between the network components can reliably be controlled via the router security features (firewall, ACL) No VLAN segmentation is required, however optionally VLAN is also possible. Easy configuration in the branch router in just a few steps ( Go & Protect ) Ethernet port configuration is identical in all stores... small number of branch-specific parameters... Therefore little effort... in installation and maintenance Compared to other solutions only ONE VPN tunnel to the central office required Less administrative work More Performance Better stablity Central site solution needs only minimul adjustment
© 2012 – Teldat GmbH – All rights reserved „Drop In Mode“ – Transparent Mode
Virtual Links: VLANs and Tunneling CS 4251: Computer Networking II Nick Feamster Spring 2008.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 VLANs LAN Switching and Wireless – Chapter 3.
Copyright 2011 John Wiley & Sons, Inc Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons,
LAN Segmentation Virtual LAN (VLAN). Network Segmentation Segmenting is the process of separating certain portions of network traffic, either for ◦ Performance,
ViPNt ViPNet Product Presentation Infotecs GmbH 2008.
NETWORKING COMPONENTS ASSIGNMENT 3 CREATED BY JANICE THOMPSON Instructor: James West Course: 4550.
Venkatesh Gopalakrishnan Group Program Manager Microsoft Corporation WSV305 Lambert Green Development Lead Microsoft Corporation.
1 Version Created by G.Wright CCNA 3 Module 9 Virtual Trunk Protocol.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
F ACULTY OF C OMPUTER S CIENCE & E NGINEERING Chapter 04.Wireless LAN Infrastructure Devices and Network Architecture.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 1 1 Chapter 1: Routing Services CCNP ROUTE: Implementing IP Routing.
Virtual Private Networks (VPNs) VPNs allow secure, remote, connections… but they don’t protect you from a compromised remote PC.
Scalable Security in a Multi-Client Environment - Private VLANs Designing VLANs in Networks.
COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 7 Networking: Computer Connections.
Computer networks Fundamentals of Information Technology Session 6.
Copyright © 2005 Rockwell Automation, Inc. All rights reserved. Ethernet Switch Features Important to EtherNet/IP.
Objectives: Chapter 7: Intranet LAN Design * Goals and considerations in LAN design * Understand the steps in systematic LAN design * Design issues associated.
Network Services for Enhanced Cloud Computing T. V. Lakshman Bell Labs (Jointly with F. Hao, S. Mukherjee, H. Song)
Introduction to computer networking Objective: To be acquainted with: The definitions of networking Network topology Network peripherals, hardware and.
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.
Computers Are Your Future Eleventh Edition Chapter 7: Networks: Communicating & Sharing Resources Copyright © 2011 Pearson Education, Inc. Publishing as.
Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Exercises and Solutions Lecture 1 Chapter 1 and Chapter 2.
An Introduction to the Max PVN. 2 Net2Phone Overview.
Network+ Guide to Networks, Fourth Edition Chapter 5 Networking Hardware.
Windows Server 2012: New Features. Administering Servers with Server Manager Using Server Manager, you can: Manage multiple servers from one instance.
There are many types of WAN technologies that can be used to solve the problems of users who need network access from remote locations. We will go through.
Presented by Darryn Smith AVC Group Business Development Manager.
Enabling Secure Internet Access with ISA Server. Enabling Secure Access to Internet Resources What Is Secure Access to Internet Resources? –Users can.
© 2016 SlidePlayer.com Inc. All rights reserved.