We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHayden Hebden
Modified about 1 year ago
Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya
© 2012 Avaya Inc. All rights reserved. 22 Why should you listen? Because folks want to attack you!!! –Critical Business information –Personal and Credit data –Just for the heck of it! These folks are serious and they are well equipped with sophisticated tools –It’s no longer kids looking for kicks or prestige Avaya’s Fabric Connect provides for services that, when properly implemented CANNOT be attacked! This creates a ‘Stealth Shield’ over the network that makes it invisible!
© 2012 Avaya Inc. All rights reserved. 33 Privacy in a Virtualized World Network and Service Virtualization have transformed the IT industry –Cloud Services –Software Defined Networking –BYOD and Mobility Security and privacy concerns are being expressed by many risk and security analysts Regulatory compliance in a virtualized environment can be a difficult bar to reach Examples are, PCI Compliance, HIPAA, Process flow and control (SCADA) environments (NERC/CIP), Video Surveillance
© 2012 Avaya Inc. All rights reserved. 44 What makes this so difficult? Traditional networking approaches utilize IP as a utility protocol to establish service paths These paths are prone to IP scanning techniques that are used to: –Discover network topology –Identify key attack vectors Using traditional approaches for privacy and separation are costly and complex –Inadvertent Routed Black Holes –Poor resiliency –High Cap/Ex and Op/Ex Using IP as the utility for establishing paths means that they have to be visible. This creates a ‘catch 22’ which in turn creates complexity and cost
© 2012 Avaya Inc. All rights reserved. 55 Avaya’s Fabric Connect is truly Stealth! Fabric Connect is not dependent upon IP to establish the service path Service Paths are established by the use of SPB Ethernet Switched Paths within Fabric Connect As a result, path behaviors are established on a completely different plane ESP’s are ‘invisible to IP’
© 2012 Avaya Inc. All rights reserved. 66 The definition of a “Stealth” Network Any network that is enclosed and self contained with no reachability into and/or out of it. It also must be mutable in both services and coverage characteristics Avaya’s Fabric Connect based on IEEE 802.1aq provides for fast and nimble private networking circuit based capabilities that are unparalleled in the industry Based on I-SID’s - NOT like MPLS IP VPN or VRF Lite! –Simple not complex “Stealth” Networks are private ‘dark’ networks that are provided as services within the Fabric Connect cloud –L2 Stealth –A non-IP addressed L2 VSN environment –L3 Stealth –A L3 VSN IP VPN environment
© 2012 Avaya Inc. All rights reserved. 77 Data Protection: Segmentation comes first! Dark Reading™ recommendations… Security includes all people, processes and technology Validation on ‘where’ Private Data exists –Trace processes and systems –Develop flow diagrams of interacting systems & Private Data Develop documented penetration testing specific to the Private environment –‘Hack Attack’ methodologies –Ongoing evaluation of threats/vulnerabilities/risk The more technologies involved in the private environment the more engineering & penetration testing required! Fabric Connect used end to end eliminates most if not all other network technologies! –Fabric Connect (IEEE 802.1aq) –Can significantly reduce ACL requirements and enhance data flow validation! –Firewalls/IDS – are collapsed into a virtualized security demarcation perimeter –Servers/Storage – resides in encrypted virtualized storage hidden by stealth services –Authentication/Authorization - Identity Engines! –Management applications!** Important consideration to ‘lock down’ the management environment. If it manages a system in the private environment. It is part of it!
© 2012 Avaya Inc. All rights reserved. 88 VLAN I-SID Secure L3 “Stealth” Network (IP VPN) Subnet A Subnet B VRF Fabric Connect Cloud Secure L2 “Stealth” Networks Core DistributionData Center Private Application (Client) Private Application (Server) Secure Single Port Modularity and sampling concept ‘End to end Stealth’ Remote site systems App/OS Switch/Network Network Distribution Systems Firewall/IDS Security Demarcation Data Center Systems Compute Systems Storage Systems FW/IDS IDE
© 2012 Avaya Inc. All rights reserved. 99 In Conclusion… While IP Virtual Private Networks are nothing new, Avaya takes the concept to a new level with Fabric Connect Flexible and nimble service extensions lend itself to an incredibly mobile secure networking paradigm –“Stealth” Networking – Fast, nimble and invisible “Stealth” Networks can be used to facilitate traditional privacy concerns such as PCI and HIPAA compliance Next generation private network requirements such as mobility for emergency response, military and/or field based operations Avaya’s Fabric Connect can deliver all modes of secure private connectivity –Layer 2 Stealth requirements –Layer 3 Stealth requirements –Mobile Stealth requirements
Virtual Links: VLANs and Tunneling CS 4251: Computer Networking II Nick Feamster Spring 2008.
ViPNt ViPNet Product Presentation Infotecs GmbH 2008.
System Development Life Cycle (SDLC) Introduction SDLC is the process by which systems analysts, software engineers and programmers build systems. It is.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 1 1 Chapter 1: Routing Services CCNP ROUTE: Implementing IP Routing.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enabling Cloud with SDN/Virtual.
Virtual Private Networks (VPNs) VPNs allow secure, remote, connections… but they don’t protect you from a compromised remote PC.
OVERVIEW Virtualization Defined Server Virtualization Current Network Diagram Virtualized Diagram Cost of not Virtualizing Benefits and Cost Savings of.
Copyright © 2005 Rockwell Automation, Inc. All rights reserved. Ethernet Switch Features Important to EtherNet/IP.
Logical IT Security By Prashant Mali.
Requirements (selected from Ian Sommerville slides for “Software Engineering”)
What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS Concepts Identifying MPLS Applications.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.
International Telecommunication Union IP NGN Security Framework Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia ITU-T Workshop.
Digital Object Architcture An open approach to Information Management on the Net Bibliotheca Alexandrina Dr. Robert E. Kahn Corporation for National Research.
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
Introduction to computer networking Objective: To be acquainted with: The definitions of networking Network topology Network peripherals, hardware and.
All content in this presentation is protected – © 2009 APC by Schneider Electric Core | Business Overview | Rev 0 Data Center Business Overview Our commitment.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
Copyright 2011 John Wiley & Sons, Inc Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons, Inc.
Enterprise Architecture Rapid Assessment Colin Wheeler – Principal Consultant 2009.
An Introduction to Object Modeling An Introduction to Object Modeling The approach of using object modeling during systems analysis and design is called.
1 Designing a future Internet: Architecture and requirements David Clark MIT CSAIL August 2008.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
OS Organization Continued Andy Wang COP 5611 Advanced Operating Systems.
PCI Boot Camp Presented by the PCI Compliance Task Force.
Introduction to Access Control. Access control systems allow the free movement of authorized personnel while restricting unauthorized intrusion. A device.
© 2016 SlidePlayer.com Inc. All rights reserved.