We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHayden Hebden
Modified over 2 years ago
Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya
© 2012 Avaya Inc. All rights reserved. 22 Why should you listen? Because folks want to attack you!!! –Critical Business information –Personal and Credit data –Just for the heck of it! These folks are serious and they are well equipped with sophisticated tools –It’s no longer kids looking for kicks or prestige Avaya’s Fabric Connect provides for services that, when properly implemented CANNOT be attacked! This creates a ‘Stealth Shield’ over the network that makes it invisible!
© 2012 Avaya Inc. All rights reserved. 33 Privacy in a Virtualized World Network and Service Virtualization have transformed the IT industry –Cloud Services –Software Defined Networking –BYOD and Mobility Security and privacy concerns are being expressed by many risk and security analysts Regulatory compliance in a virtualized environment can be a difficult bar to reach Examples are, PCI Compliance, HIPAA, Process flow and control (SCADA) environments (NERC/CIP), Video Surveillance
© 2012 Avaya Inc. All rights reserved. 44 What makes this so difficult? Traditional networking approaches utilize IP as a utility protocol to establish service paths These paths are prone to IP scanning techniques that are used to: –Discover network topology –Identify key attack vectors Using traditional approaches for privacy and separation are costly and complex –Inadvertent Routed Black Holes –Poor resiliency –High Cap/Ex and Op/Ex Using IP as the utility for establishing paths means that they have to be visible. This creates a ‘catch 22’ which in turn creates complexity and cost
© 2012 Avaya Inc. All rights reserved. 55 Avaya’s Fabric Connect is truly Stealth! Fabric Connect is not dependent upon IP to establish the service path Service Paths are established by the use of SPB Ethernet Switched Paths within Fabric Connect As a result, path behaviors are established on a completely different plane ESP’s are ‘invisible to IP’
© 2012 Avaya Inc. All rights reserved. 66 The definition of a “Stealth” Network Any network that is enclosed and self contained with no reachability into and/or out of it. It also must be mutable in both services and coverage characteristics Avaya’s Fabric Connect based on IEEE 802.1aq provides for fast and nimble private networking circuit based capabilities that are unparalleled in the industry Based on I-SID’s - NOT like MPLS IP VPN or VRF Lite! –Simple not complex “Stealth” Networks are private ‘dark’ networks that are provided as services within the Fabric Connect cloud –L2 Stealth –A non-IP addressed L2 VSN environment –L3 Stealth –A L3 VSN IP VPN environment
© 2012 Avaya Inc. All rights reserved. 77 Data Protection: Segmentation comes first! Dark Reading™ recommendations… Security includes all people, processes and technology Validation on ‘where’ Private Data exists –Trace processes and systems –Develop flow diagrams of interacting systems & Private Data Develop documented penetration testing specific to the Private environment –‘Hack Attack’ methodologies –Ongoing evaluation of threats/vulnerabilities/risk The more technologies involved in the private environment the more engineering & penetration testing required! Fabric Connect used end to end eliminates most if not all other network technologies! –Fabric Connect (IEEE 802.1aq) –Can significantly reduce ACL requirements and enhance data flow validation! –Firewalls/IDS – are collapsed into a virtualized security demarcation perimeter –Servers/Storage – resides in encrypted virtualized storage hidden by stealth services –Authentication/Authorization - Identity Engines! –Management applications!** Important consideration to ‘lock down’ the management environment. If it manages a system in the private environment. It is part of it!
© 2012 Avaya Inc. All rights reserved. 88 VLAN I-SID Secure L3 “Stealth” Network (IP VPN) Subnet A Subnet B VRF Fabric Connect Cloud Secure L2 “Stealth” Networks Core DistributionData Center Private Application (Client) Private Application (Server) Secure Single Port Modularity and sampling concept ‘End to end Stealth’ Remote site systems App/OS Switch/Network Network Distribution Systems Firewall/IDS Security Demarcation Data Center Systems Compute Systems Storage Systems FW/IDS IDE
© 2012 Avaya Inc. All rights reserved. 99 In Conclusion… While IP Virtual Private Networks are nothing new, Avaya takes the concept to a new level with Fabric Connect Flexible and nimble service extensions lend itself to an incredibly mobile secure networking paradigm –“Stealth” Networking – Fast, nimble and invisible “Stealth” Networks can be used to facilitate traditional privacy concerns such as PCI and HIPAA compliance Next generation private network requirements such as mobility for emergency response, military and/or field based operations Avaya’s Fabric Connect can deliver all modes of secure private connectivity –Layer 2 Stealth requirements –Layer 3 Stealth requirements –Mobile Stealth requirements
© 2014 Avaya Inc. Avaya – Confidential & Proprietary Do not duplicate, publish or distribute further without the express written permission of Avaya. #AvayaATF.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Chapter 1: Hierarchical Network Design
SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.
COPYRIGHT © 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED. COMMUNICATIONS DRIVERS & TRENDS FOR SMART GRIDS Istanbul April 29-30
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal.
Chapter 1: Explore the Network
© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Subsidiaries and affiliates of AT&T.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline Precursor to MPLS MPLS Definitions The Forwarding Process MPLS VPN MPLS Traffic.
Intranet, Extranet, Firewall. Intranet and Extranet.
Introduction to Avaya’s SDN Architecture February 2015.
5/18/2006 Department of Technology Services Security Architecture.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Ethernet Switch Features Important to EtherNet/IP
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
© 2017 SlidePlayer.com Inc. All rights reserved.