We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJude Brunton
Modified over 4 years ago
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal solution for retail chains
© 2012 – Teldat GmbH – All rights reserved Port Based Security One private IP subnet (= one IP broadcast domain) in each branch Static IP addresses on the LAN (no DHCP) Allow POS transactions to HQ Customer card transactions via IP connected card machines Mobile phone topup tranactions and lottery transactions Remote maintance of the POS equipment Remote maintance of other IP connected equipment in the branch by 3rd parties The requirments of the „Payment Card Industry Data Security Standard (PCI)” must be met. To fulfil these requirements, the network topology at the branch office LAN must be changed (IP subnetting / VLANs). A change to the Network topology in hundreds or thousands of branches is both expensive and logistically prohibitive Situation: in the branch sites
© 2012 – Teldat GmbH – All rights reserved Port Based Security R1202 Switch IP-Subnet 10.0.0.0/220.127.116.11.18.104.22.168„M2M/ Lottery/ etc“ „Card Terminal“ VPN-Gateway Problem: How can I prevent access between equipment without extensive modification of network topology? VPN „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security The Challange: ●Virtual separation of the network components WITHOUT removing equipment from the common IP subnet ●Although the network components are in a common IP broadcast domain ensure they CAN NOT DIRECTLY communicate with each other... ●......but to allow communication via the router, which can control the access between network components via its existing Layer 3 features (firewall, ACL)
© 2012 – Teldat GmbH – All rights reserved.1 Port Based Security "Drop-In Mode" - also known as "transparent mode" R1202 Switch IP-Subnet 10.0.0.0/22.214.171.124.3.8.7„M2M/ Lottery/ etc“ „Card terminal“ VPN-Gateway „Drop-In-Router“ Solution: Access is via the "drop in" router with firewall / ACL rules „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security ●Physical separation of network components with the help of separate LAN ports on the router (optionally VLAN also possible) ●The IP broadcast domain extends above it to the entire Ethernet network ●Within each physical (virtual) “Zone“ the direct communication with each other continues to be permitted ●The „Drop-In-Router“ can now control all the traffic ●betweeen the „Zones“ („Intra-Domain-Routing“) ●Between the IP-Broadcast-Domain and other Networks the Layer-3 features control and regulate this The solution: "Drop-In Mode" - also known as "transparent mode"
© 2012 – Teldat GmbH – All rights reserved Port Based Security The advantages of the "drop-in mode" Solution No complex changes to the network topology are required Requests between the network components can reliably be controlled via the router security features (firewall, ACL) No VLAN segmentation is required, however optionally VLAN is also possible. Easy configuration in the branch router in just a few steps ( Go & Protect ) Ethernet port configuration is identical in all stores... small number of branch-specific parameters... Therefore little effort... in installation and maintenance Compared to other solutions only ONE VPN tunnel to the central office required Less administrative work More Performance Better stablity Central site solution needs only minimul adjustment
© 2012 – Teldat GmbH – All rights reserved „Drop In Mode“ – Transparent Mode
Identifying MPLS Applications
LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
1 Fall 2005 Layer 3 Switches and VLANs Qutaibah Malluhi CSE Department Qatar University.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Internet Protocol Security (IPSec)
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
© 2018 SlidePlayer.com Inc. All rights reserved.