We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHayden Hebden
Modified about 1 year ago
Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya
© 2012 Avaya Inc. All rights reserved. 22 Why should you listen? Because folks want to attack you!!! –Critical Business information –Personal and Credit data –Just for the heck of it! These folks are serious and they are well equipped with sophisticated tools –It’s no longer kids looking for kicks or prestige Avaya’s Fabric Connect provides for services that, when properly implemented CANNOT be attacked! This creates a ‘Stealth Shield’ over the network that makes it invisible!
© 2012 Avaya Inc. All rights reserved. 33 Privacy in a Virtualized World Network and Service Virtualization have transformed the IT industry –Cloud Services –Software Defined Networking –BYOD and Mobility Security and privacy concerns are being expressed by many risk and security analysts Regulatory compliance in a virtualized environment can be a difficult bar to reach Examples are, PCI Compliance, HIPAA, Process flow and control (SCADA) environments (NERC/CIP), Video Surveillance
© 2012 Avaya Inc. All rights reserved. 44 What makes this so difficult? Traditional networking approaches utilize IP as a utility protocol to establish service paths These paths are prone to IP scanning techniques that are used to: –Discover network topology –Identify key attack vectors Using traditional approaches for privacy and separation are costly and complex –Inadvertent Routed Black Holes –Poor resiliency –High Cap/Ex and Op/Ex Using IP as the utility for establishing paths means that they have to be visible. This creates a ‘catch 22’ which in turn creates complexity and cost
© 2012 Avaya Inc. All rights reserved. 55 Avaya’s Fabric Connect is truly Stealth! Fabric Connect is not dependent upon IP to establish the service path Service Paths are established by the use of SPB Ethernet Switched Paths within Fabric Connect As a result, path behaviors are established on a completely different plane ESP’s are ‘invisible to IP’
© 2012 Avaya Inc. All rights reserved. 66 The definition of a “Stealth” Network Any network that is enclosed and self contained with no reachability into and/or out of it. It also must be mutable in both services and coverage characteristics Avaya’s Fabric Connect based on IEEE 802.1aq provides for fast and nimble private networking circuit based capabilities that are unparalleled in the industry Based on I-SID’s - NOT like MPLS IP VPN or VRF Lite! –Simple not complex “Stealth” Networks are private ‘dark’ networks that are provided as services within the Fabric Connect cloud –L2 Stealth –A non-IP addressed L2 VSN environment –L3 Stealth –A L3 VSN IP VPN environment
© 2012 Avaya Inc. All rights reserved. 77 Data Protection: Segmentation comes first! Dark Reading™ recommendations… Security includes all people, processes and technology Validation on ‘where’ Private Data exists –Trace processes and systems –Develop flow diagrams of interacting systems & Private Data Develop documented penetration testing specific to the Private environment –‘Hack Attack’ methodologies –Ongoing evaluation of threats/vulnerabilities/risk The more technologies involved in the private environment the more engineering & penetration testing required! Fabric Connect used end to end eliminates most if not all other network technologies! –Fabric Connect (IEEE 802.1aq) –Can significantly reduce ACL requirements and enhance data flow validation! –Firewalls/IDS – are collapsed into a virtualized security demarcation perimeter –Servers/Storage – resides in encrypted virtualized storage hidden by stealth services –Authentication/Authorization - Identity Engines! –Management applications!** Important consideration to ‘lock down’ the management environment. If it manages a system in the private environment. It is part of it!
© 2012 Avaya Inc. All rights reserved. 88 VLAN I-SID Secure L3 “Stealth” Network (IP VPN) Subnet A Subnet B VRF Fabric Connect Cloud Secure L2 “Stealth” Networks Core DistributionData Center Private Application (Client) Private Application (Server) Secure Single Port Modularity and sampling concept ‘End to end Stealth’ Remote site systems App/OS Switch/Network Network Distribution Systems Firewall/IDS Security Demarcation Data Center Systems Compute Systems Storage Systems FW/IDS IDE
© 2012 Avaya Inc. All rights reserved. 99 In Conclusion… While IP Virtual Private Networks are nothing new, Avaya takes the concept to a new level with Fabric Connect Flexible and nimble service extensions lend itself to an incredibly mobile secure networking paradigm –“Stealth” Networking – Fast, nimble and invisible “Stealth” Networks can be used to facilitate traditional privacy concerns such as PCI and HIPAA compliance Next generation private network requirements such as mobility for emergency response, military and/or field based operations Avaya’s Fabric Connect can deliver all modes of secure private connectivity –Layer 2 Stealth requirements –Layer 3 Stealth requirements –Mobile Stealth requirements
© 2014 Avaya Inc. Avaya – Confidential & Proprietary Do not duplicate, publish or distribute further without the express written permission of Avaya. #AvayaATF.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.
SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
COPYRIGHT © 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED. COMMUNICATIONS DRIVERS & TRENDS FOR SMART GRIDS Istanbul April 29-30
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal.
Introduction to Networks v5.1 Chapter 1: Explore the Network.
© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Subsidiaries and affiliates of AT&T.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline Precursor to MPLS MPLS Definitions The Forwarding Process MPLS VPN MPLS Traffic.
Intranet, Extranet, Firewall. Intranet and Extranet.
Introduction to Avaya’s SDN Architecture February 2015.
5/18/2006 Department of Technology Services Security Architecture.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Copyright © 2005 Rockwell Automation, Inc. All rights reserved. Ethernet Switch Features Important to EtherNet/IP.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.
© 2006 Cisco Systems, Inc. All rights reserved. Lesson 1.2: Describing Converged Network Requirements Module 1: Converged Network Connectivity Requirements.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Copyright © 2008 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 MPLS in the Data Center Achieve “Carrier-class” Network Dependability.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS Concepts Identifying MPLS Applications.
Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
The Virtualized Enterprise MORE FUNCTIONALITY AND REDUCED IT SPEND Speaker: Frank Grillo EVP of Marketing CYPRESS COMMUNICATIONS.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.
The role of networking in the Dynamic Data Center Niels Friis-Hansen Senior IT Specialist, CCIE IBM Communication & Collaboration.
1 UTC-N Overview of Campus NetworksDesign. 2 Overview n Read Chapter 1 for further information and explanations n Much of the information in this chapter.
Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Cloud Computing. 2 A division of Konica Minolta Business Solutions USA Inc. What is Cloud Computing? A model for enabling convenient, on-demand network.
TeraPaths TeraPaths: Establishing End-to-End QoS Paths through L2 and L3 WAN Connections Presented by Presented by Dimitrios Katramatos, BNL Dimitrios.
Mark Abraham Magumba. The Evolution of IT Infrastructure During the first years IT infrastructures were relatively simple With the advent of more advanced.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
Virtual Links: VLANs and Tunneling CS 4251: Computer Networking II Nick Feamster Spring 2008.
Mobilizing our Sales Force via Paperless In-Store Selling.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
External perimeter of secure network public Internet SNMPdata transaction data control commands July 2003 Firewall Network Processor™: basic concept and.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
© 2017 SlidePlayer.com Inc. All rights reserved.