1 / 13

Unified Endpoint Security Solution

Unified Endpoint Security Solution. D-Link International , February 2008. Agenda. Products’ P ortfolio Application Awards Traditional Security v s . “End-point” Security Unified “End-point” Security Security Method: User Certification Client’s Quarantine Access Control.

aysha
Télécharger la présentation

Unified Endpoint Security Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unified Endpoint Security Solution D-Link International, February 2008

  2. Agenda • Products’ Portfolio • Application • Awards • Traditional Security vs. “End-point” Security • Unified “End-point” Security • Security Method: • User Certification • Client’s Quarantine • Access Control

  3. Wired LANProducts UTM / Firewall Products Wired LAN Security: Management Function WAN Security: Management Function • 802.1X user certification • VLAN authentication • Web user authentication • MAC address authentication • IP-MAC-Port Bind • 802.1X based quarantine • Web based quarantine • ZoneDefense, etc • Firewall • IPS invasion detection・defense • VPN • Anti-virus • Traffic quarantine • Web content filter • Application control • Illegal traffic detection • ZoneDefense, etc Wireless LAN security: Management Function • 802.1X user authentication • AP authentication • Web user authentication • MAC address authentication • AP centralized management • Illegal AP detect • Ad-hoc detection • Wireless channel • Automatic setup • Wireless output automatic setup • Virtual AP • AP road balance • DoS attack detection, etc Wireless LAN products Unified Endpoint Security & Management Solution – Products’ Portfolio Click

  4. Server Farm Illegal AP detection D-Link DWL-8500AP D-Link DWL-8500AP Unified Endpoint Security & Management Solution - Application Security border between Internal and External network Internal Network Infrastructure D-Link UTM/ Firewall ZoneDefense activated!!! DGS-3600 Series Physical Stacking Rogue AP blocked!!! 10G Link Link Aggregated Unified Wireless Switch Management Wireless Switch DWS-3000 Series D-Link DGS-3400 Series D-Link DGS-3200 Series Security border to the LAN users Virus Click 802.1x Authentication 802.1x Authentication Web-based Authentication

  5. DGS-3400 series L2+10 Gigabit Switch DGS-3200-10 L2+ compact Secure Gigabit Switch INTEROP TOKYO 2006 Asia division Special Award INTEROPTOKYO 2007 Asia division Grand Prize DGS-3200-10 L2+ Gigabit Switch 10/100/1000BASE-T 10 portsSFP combo 2 ports D-Link Security Switch Award inINTEROP TOKYO EXPO DGS-3426 L2+ 10 Gigabit Switch 10/100/1000 BASE-T 24 ports SFP combo 4 ports10Gb Ethernet 2 slots DGS-3426P L2+ 10 Gigabit PoE switch 10/100/1000 BASE-T PoE 24 ports SFP combo 4 ports 10Gb Ethernet 2 slots DGS-3427 L2+ 10 Gigabit Switch 10/100/1000 BASE-T 24 ports SFP combo 4 ports 10Gb Ethernet 3 slots DGS-3450 L2+ 10 Gigabit Switch 10/100/1000 BASE-T 48 ports SFP combo 4 ports 10Gb Ethernet 2 slots Click

  6. Security in most common network architecture Security is applied to the core switch at the backbone Impossible to control network traffics Result: Bad performance of network and endangerment of all users in the network as the switch is unable to control LAN access of illegitimate users from accessing the network without authentication, exposing them to risks such as: DoS attack Virus infection Worm, etc Security in D-Link networks Security is applied to the endpoint switch Effective prevention of illegal users from accessing the network as all users attempting to access the network will be checked for its integrity and will require to be authenticated by the switch according to selected method Result: Risk of security threat from illegitimate user is substantially minimized, and firm network security is actualized. File server File server Office LAN DGS-3400 Office LAN Secured switch Unsecured Switch Secured switch Unsecured Switch DGS-3200-10 Illegal user Authorized User Authorized User Authorized User Authorized User Authorized User Authorized User Illegal user Traditional Security vs.“Endpoint” Security More secure at the endpoint LAN Endpoint Click

  7. Office LAN Server Farm Wireless Switch DWS-3026 AP Central Controller/ Management DGS-3200-10 LAN Endpoint IPv6 endpoint 802.1X authentication Wireless AP Wireless AP Illegal user Illegal user Illegal AP IPv4 Endpoint Web-based authentication Web-based authentication IPv4 Endpoint 802.1X authentication MAC address authentication Printer MAC address authentication 802.1X authentication Unified Endpoint Security Integrated security for the entire network (Combining Wired and Wireless LAN, IPv4 and IPv6) • Wired and wireless LAN combination is now a common network architecture • With Unified Switch, various security methods to authenticate clients accessing the network can be selected which provide robust features to enhance network security, and to prevent illegal access to the network • Wireless AP installed for personal use can also be detected and blocked using Rogue AP detection • Adaptable to future technology and supports IPv4 and IPv6 Click

  8. Virtual stacking with SIM (Single IP Management) LAN Endpoint User authentication with Web-based Authentication User authentication with MAC-based Authentication 802.1X user authentication Security Methods for a Unified Endpoint Security: User Certification • 802.1X authentication • Web-based authentication • MAC authentication • Combined authentication of all 3 at Endpoint Switch Click

  9. Illegal user Security Methods for a Unified Endpoint Security: Client’s Quarantine 802.1X Network Access Protection (NAP) Office VLAN Guest VLAN Office server Windows2008 NAP server • PC quarantine, for clients that do not meet health standard defined by the server This is done in collaboration with NAP (Network Access Protection) quarantine function, supported by Microsoft 2008 server and 802.1X function supported by D-Link xStack Switch. • Types of client supported is limited to Windows XP/Vista only • NAP Policy Enforcement checks the health status (example: firewall setting circumstance, update circumstance and Windows update setting circumstance of anti virus) of a client when it requests to access the network • Only clients that meet the health standard defined by the server are allowed to access the network, otherwise it will be directed to a restricted network (i.e. Guest VLAN) Office LAN DGS-3200-10 LAN Endpoint L2 Switch NAP not-corresponding Endpoint MAC-based Authentication Healthy XP Client NAP Quarantine checking passed Healthy XP Client NAP Quarantine checking passed Unhealthy Vista Client NAP Quarantine checking failed

  10. Economic Dept. VLAN Engineering Dept. VLAN General Affairs Office VLAN Public Finance Section VLAN Group of Servers which are being classified for each VLAN segment General affairs staff 802.1X authentication Move Public finance staff MAC authentication Technical staff Web-based authentication General Affairs Office VLAN Public Finance Section VLAN Engineering Dept. VLAN Economic staff Web-based authentication Public finance staff MAC authentication Public Finance Section VLAN Economic Dept. VLAN Security Methods for a Unified Endpoint Security: Access Control (1) Access control to the network is possible if using VLAN-ID which is allotted on the basis of user authentication. Access Control with Dynamic VLAN Office LAN DGS-3627 DGS-3200-10 DGS-3200-10 LAN Endpoint Even the client moves to another location, the VLAN that the client belongs to is still the same Employee transferred to Finance Div Click

  11. Virus infected client Security Methods for a Unified Endpoint Security: Access Control (2) ZoneDefense technology: A collaboration between D-Link UTM/ Firewall and D-Link xStack Switch • With real time anti-virus scanning and IPS of the UTM firewall, harmful traffics which come from internal users in the LAN can be detected. • In ZoneDefense technology, D-Link UTM/ Firewall cooperates with the switch where all clients are connected to. When it detects a malicious traffic, such as virus, worm, etc, in the network, it will shutdown the port where the virus is coming from, thus, increasing the security level. Firewall (DFL series) ① Inspection of abnormal traffic Inspecting any illegitimate communication by viruses using anti-virus engine/ IPS ② Shutdown of Switch Port When the firewall detects illegality at a port, it will inform the switch, and the switch will shutdown the port where the PC is transmitting the illegality Office LAN DGS-3200-10 DGS-3200-10 DGS-3200-10 DGS-3200-10 Click

  12. Questions & Answers

  13. Thank You! For complete information, please visit http://www.dlink-intl.com http://dpartner.dlink-intl.com 13

More Related