We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJude Brunton
Modified over 2 years ago
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal solution for retail chains
© 2012 – Teldat GmbH – All rights reserved Port Based Security One private IP subnet (= one IP broadcast domain) in each branch Static IP addresses on the LAN (no DHCP) Allow POS transactions to HQ Customer card transactions via IP connected card machines Mobile phone topup tranactions and lottery transactions Remote maintance of the POS equipment Remote maintance of other IP connected equipment in the branch by 3rd parties The requirments of the „Payment Card Industry Data Security Standard (PCI)” must be met. To fulfil these requirements, the network topology at the branch office LAN must be changed (IP subnetting / VLANs). A change to the Network topology in hundreds or thousands of branches is both expensive and logistically prohibitive Situation: in the branch sites
© 2012 – Teldat GmbH – All rights reserved Port Based Security R1202 Switch IP-Subnet 10.0.0.0/220.127.116.11.18.104.22.168„M2M/ Lottery/ etc“ „Card Terminal“ VPN-Gateway Problem: How can I prevent access between equipment without extensive modification of network topology? VPN „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security The Challange: ●Virtual separation of the network components WITHOUT removing equipment from the common IP subnet ●Although the network components are in a common IP broadcast domain ensure they CAN NOT DIRECTLY communicate with each other... ●......but to allow communication via the router, which can control the access between network components via its existing Layer 3 features (firewall, ACL)
© 2012 – Teldat GmbH – All rights reserved.1 Port Based Security "Drop-In Mode" - also known as "transparent mode" R1202 Switch IP-Subnet 10.0.0.0/22.214.171.124.3.8.7„M2M/ Lottery/ etc“ „Card terminal“ VPN-Gateway „Drop-In-Router“ Solution: Access is via the "drop in" router with firewall / ACL rules „CRM“
© 2012 – Teldat GmbH – All rights reserved Port Based Security ●Physical separation of network components with the help of separate LAN ports on the router (optionally VLAN also possible) ●The IP broadcast domain extends above it to the entire Ethernet network ●Within each physical (virtual) “Zone“ the direct communication with each other continues to be permitted ●The „Drop-In-Router“ can now control all the traffic ●betweeen the „Zones“ („Intra-Domain-Routing“) ●Between the IP-Broadcast-Domain and other Networks the Layer-3 features control and regulate this The solution: "Drop-In Mode" - also known as "transparent mode"
© 2012 – Teldat GmbH – All rights reserved Port Based Security The advantages of the "drop-in mode" Solution No complex changes to the network topology are required Requests between the network components can reliably be controlled via the router security features (firewall, ACL) No VLAN segmentation is required, however optionally VLAN is also possible. Easy configuration in the branch router in just a few steps ( Go & Protect ) Ethernet port configuration is identical in all stores... small number of branch-specific parameters... Therefore little effort... in installation and maintenance Compared to other solutions only ONE VPN tunnel to the central office required Less administrative work More Performance Better stablity Central site solution needs only minimul adjustment
© 2012 – Teldat GmbH – All rights reserved „Drop In Mode“ – Transparent Mode
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
Common Devices Used In Computer Networks
LTEC 4560 Summer 2012 Justin Kappel Networking Components.
Networking Components Christopher Biles LTEC Assignment 3.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Network Components Kortney Horton LTEC October 20, 2013 Assignment 3.
Networking Components James Rouse LTEC Network Administration March 15, 2014 Assignment 3.
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
Chapter 8: Virtual LAN (VLAN)
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
1 Fall 2005 Layer 3 Switches and VLANs Qutaibah Malluhi CSE Department Qatar University.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
© 2017 SlidePlayer.com Inc. All rights reserved.