1 / 29

Secure Applications Management

Secure Applications Management. Paul Compton Nortel Security Product Marketing EMEA comptonp@nortel.com 6 th October 2006. Agenda. Today’s Business Environment Nortel Security Strategy Secure Applications Management Solution Secure Applications Management Components

nicholas-phelps
Télécharger la présentation

Secure Applications Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Applications Management Paul Compton Nortel Security Product Marketing EMEA comptonp@nortel.com 6th October 2006

  2. Agenda Today’s Business Environment Nortel Security Strategy Secure Applications Management Solution Secure Applications Management Components Secure Applications Management Case Study Why Nortel? Conclusion, Questions & Answers

  3. The Environment We Collectively Face • Global issue • Increased connectivity • Good for business and enjoyment • Yet increases risk and speed of attacks • Threats to Applications • Motives will continue • Potential losses are multi-faceted • Productivity • Revenue • Risk mitigation • Customer confidence and loyalty • Brand image It’s the new business environment Source: 2006 CSI/FBI Crime and Security Survey

  4. Security through Network Intelligence Securing communications, information and applications anywhere, anytime • Nortel’s strategy for securing customer networks of any size • Addresses current and emerging security issues • Encompasses people, processes and technology • Leverages Network Intelligence on different levels: • Intelligent Products • Intelligent Solutions • Intelligent Partnerships

  5. Security through Network Intelligence Nortel’s Security Strategy Security Solutions Layered Defence Architecture Unified Security Framework Minimising TCO Strategic Partnerships Secure LAN Secure Remote Access Secure Wireless LAN Proactive Threat Protection Secure IPT and Multimedia Secure Applications Management

  6. Nortel Security Architecture Layered Defence Model Layered Defence Architecture Endpoint Security Ensuring the connected devices meet security requirements Secure Communications Ensuring data is protected from unauthorised discovery over the network Perimeter Security Keeping the “good stuff” in and the “bad stuff” out, over all media types at any entry point Core Network Security Keeping watch for malicious software or traffic anomalies, and enforcing network policy.

  7. > Security through Network Intelligence Secure Applications Management

  8. Customer Issues And ValueSecure Applications Management Customer Value • Improves productivity and business continuity • Protects and prioritises business-critical traffic • Allows new applications to be deployed securely • Improves network planning and understanding • Lowers Total Cost of Ownership Customer Issues • Performance and availability of critical applications • Application-layer attacks • User experience • Network traffic complexity and management • Illegal/personal use of network Protect your mission-critical applications without compromising performance

  9. Business CaseSecure Applications Management • CAPEX & OPEX savings from improved server utilisation • Utilisation increased to over 75% • CAPEX savings from extended server life • Up to twice normal life cycle • Enables server purchase with optimum Price-Performance • OPEX savings and Revenue protection from application and network High Performance/ Availability • On-line business example: Airline reservations €90k/hour* • Increased employee productivity through performance and availability improvements • Up to €100 per employee per year • CAPEX & OPEX savings from multiple integrated features • WAN Link Load Balancing, SSL acceleration etc. *Source: Nortel Networks, except * Fibre Channel Association

  10. Key FeaturesSecure Applications Management • Intelligent Traffic Management to control network traffic • Server Load-balancing for performance and availability • Wire-speed Deep Packet Inspection • Application-layer firewalling • Threat-signature filtering • Automated Intrusion Prevention • DoS attack protection Application Switch, Switched Firewall, Threat Protection System

  11. Solution ArchitectureSecure Applications Management Internet Intrusion Sensor Defense Center Core Network Web-apps Users Switched Firewall DMZ Application Switch Data Center PartnerNetwork Intrusion Sensors Applications&Services

  12. Nortel Threat Protection SystemAdaptive Defence Using the TPS Portfolio Attack Attack Attack Attack & Worms & Worms & Worms & Worms Anomalous Anomalous Anomalous Anomalous Behaviour Behavior Behavior Behavior Asset Asset Asset Asset Adaptive Defence Contextualise based on asset info Profiles Profiles Profiles Profiles Prioritise based on impact Security Events Vulnerabilities Vulnerabilities Vulnerabilities Vulnerabilities Alerts: email, SYSLOG, SNMP Flexible Remediation Firewalls, Routers, Switches Network Network Network Network Changes Changes Changes Changes Policy Policy Policy Policy Violations Violations Violations Violations TPS Intrusion Sensors TPS RTI Sensors TPS Defence Center Remediation on Nortel Switched Firewall Application Switches

  13. SecureXL EAL-4 Nortel Switched Firewall 5100 and 6000 Series • Multi-Gigabit performance perimeter/internal firewall • Secured by Check Point Firewall-1/VPN-1 with Application Intelligence • VPN-1 Acceleration options • Optimised for IP Telephony • OPSEC, ICSA and Common Criteria EAL-4* Certifications • 5100 series for small/medium sites • 6000 series for large sites or data centres • Uniquely scalable, switch-based, two component architecture • Accelerator + Director *6000 series only

  14. Availability Performance Security Nortel Application Switch 2000 and 3000 Series • A high performance intelligent LAN Switch • Performs Layer 4-7 switching to balance, accelerate and secure traffic • Delivers application Availability, Performanceand Security • Give IT Managers control over network usage • Intelligent, versatile feature set • Choice of five platforms • Integrated SSL acceleration and IPSec/SSL VPN option Application Availability, Performance and Security

  15. Application Switching Capabilities Application Optimisation Connection Pooling Cache App Intelligence Streaming Media Advanced Filtering Layer 2-7 Attributes VLAN Filtering, Accept, Deny, NAT, Redirect Content Intelligence Layer 7 Inspect Cookie, URL, HTTP Header, User Agent (PDA, Browser) Server Load Balancing Application LB Application Health Checks, High Availability Global Load Balancing Disaster Recover WAN Links Site Health Checks Persistence Support Source IP Cookies SSL Identifier Network Services NAT, VLAN Tagging Trunking, Layer 2/3 Compression/ Pooling Embedded Security Svcs DoS Attack Prevention Application Abuse Protection SSL Acceleration & VPN Application Availability, Performance and Security

  16. Intelligent Traffic ManagementNetwork Optimisation for Application Performance • Inspects, classifies, controls and reports application traffic • Ability to analyse each flow at Layer 2 to Layer 7 to identify the application • Licenced Feature • Benefits • Improves network efficiency • Enables QoS for different traffic types • Reduces costs by conserving bandwidth • Controls un-wanted application traffic e.g. P2P • Protects against DoS and Application-layer attacks • Enables effective management, monitoring and detailed network planning Inspect Report Enforce Gives the Operator FULL control over their network traffic

  17. Symantec Intelligent Network Protection • Specialised Network Intrusion Prevention System running on the Nortel Application Switch as part of Intelligent Traffic Management • Annual subscription • Goal is to protect the network from critical and severe attacks • Provides intrusion prevention (IPS) of most immediate threats • Backed by Symantec’s Security Alert Team • Covers the gapbetweenvulnerabilityandpatch

  18. File Virus Code Red Blaster Sasser Witty Worm The Patch Race • Time between vulnerability and exploits diminishes • Patches may have new bugs or vulnerabilities 4 mos. 3 mos. Time to automated exploit 2 mos. 1 mos. Weeks Zero Day 1992 June 2004

  19. Key Application PartnersImproved Application Performance and Reliability Windows Terminal Services Live Communications Server (LCS) Softricity SoftGrid Oracle Enterprise Manager 10g Application Server plug-in Siebel 7.7 server cluster IBM Workload Manager (WLM) BEA WEBlogic server cluster Others in progress… … 3rd Party Applications certified to work with the Nortel Application Switch

  20. Case Study – AquantaWeb-based Telecomms Services • Challenges • Transform business and expand customer base to include enterprise and consumer customers • Support hundreds of thousands SIP sessions without impacting performance • Secure SIP-enabled application delivery to provide a solid future-proof foundation for business growth, with 99.999% reliability demanded by customers • Solution • Nortel Web Switch, Nortel Switched Firewall • Benefits • Successful launch of SIP-based VoIP Internet service for enterprise and consumer customers • 99.999% reliability and effective client differentiation • Pay-as-you-grow scalability

  21. Why Nortel?Secure Applications Management • Complete security strategy and vision • High security without compromising performance • Pricing, investment protection and scalability • Up to three layers of security involving four different best-of-breed vendors • Invented application switching under the former Alteon brand • Intelligent Traffic Management with Symantec INP • Check Point Firewall-1/VPN-1 with Application Intelligence • Snort-based intrusion detection • Convergence-ready solution from convergence leader • Intelligent integration with Nortel and 3rd party solutions

  22. Security through Network IntelligenceDelivering secure communications, information and applications, anywhere, anytime

  23. Back-Up Slides

  24. Further Information • Security through Network Intelligence • www.nortel.com/total-security-stni • Nortel Products • http://products.nortel.com/go/product_index.jsp • Nortel Customer eSeminars • http://www2.nortel.com/go/event_index.jsp • Nortel Enterprise Security News • http://www.nortel.com/corporate/global/emea/dialogue/ent_news/index.html • Nortel Direct Touch and Channel Partner representatives

  25. Nortel Security Products • Nortel Application Switch • Versatile intelligent traffic management and security in the data centre • Nortel Switched Firewall • Accelerated external and internal perimeter security with Check Point Firewall-1/VPN-1 • Nortel Threat Protection System • Intelligent intrusion detection and prevention against known and unknown threats • Nortel VPN Gateway • Secure remote access via SSL and optional IPSec VPN • SSL acceleration • Nortel VPN Router • Secure remote access and site-to-site access via IPSec • Optional integrated firewall and SSL VPN remote access • Nortel Secure Router • Routing, security and QoS for the converged network • Nortel Secure Network Access Switch • Security policy enforcement for LAN access • Nortel WLAN 2300 • Secure WLAN access with seamless roaming • Nortel Secure Multimedia Controller • Multimedia server DoS protection and secure signalling

  26. Layered Defence Closed Loop Policy Management Lower TCO Security Ecosystems Secure Converged Communications People and Processes Securing Network Operations Customer blueprint for deploying world class security architectures Nortel Security Blueprint Unified Security Frameworkconsiders all aspects of network security – the people, processes and technologies Unified Security Framework

  27. Minimising TCO Understanding the Value of Security • Improving operational efficiency • Minimise losses by proactively detecting new threats • Solutions that drive productivity by maintaining user quality of experience • Critical applications and services are prioritised and protected Simplicity, Efficiency and Proactive Response

  28. Best of Breed Technology Partnerships “Open” Security Philosophy • Leverages strengths of industry leading vendors and standards • Simplifies integration and deployment • Adapts to tomorrow’s needs and threats • Enables customer choice • Complete, tested and compatible security implementations

  29. Nortel Application Switch Portfolio Application Switch 3408E 12 ports from: 8x 1000BaseT +8x GBIC DC option available Application Switch 2424-SSL E Application Switch 2424E 24x 100BaseT +4x GBIC DC option available Feature/Performance Application Switch 2216E 16x 100BaseT +2x GBIC Application Switch 2208E 8x 100BaseT +2x GBIC Web Switching Module Price

More Related