Network Security Fundamentals Steven Taylor President, Distributed Networking Associates, Inc. Publisher/Editor, Webtorials [email protected]Larry Hettick Vice President, Wireline Solutions Current Analysis [email protected]Thanks to the sponsor… This presentation is made possible in part due to the generous support of Nortel Networks.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Network SecurityFundamentals
Steven TaylorPresident, Distributed Networking Associates, Inc.
Applications to limit and control connectivity within network environmentsProvide both external access limitationsand internal resource protection
10
Wide Area Network
EthernetSwitch
Router
WirelessEthernetAccessPoint
Firewall
WAN Security
Common WAN ServicesPrivate line, frame relay and ATMPrivate IP VPNsInternet Backbone VPNs
IPSecSSL
11
Private Line, Frame Relay and ATM Security
Private lines provide dedicated bandwidth per circuit
TDM technologyFrame relay and ATM PVC / SVC addresses are set by network operations
SVC user controls connection, not address
At some point, you must trust the service provider(s)
Common issue for all netsEncryption is available, but not usually required
Private IP VPNsIP-based networks that are not based on the public Internet
“Closed User Group” for each enterpriseOften based on Multiprotocol Label Switching (MPLS)
LSPs (Virtual Circuits) automatically configured based on IP address
“Self-configuring” frame relay
Sometimes deployed as “Virtual Routers”Security issues similar toATM and frame relay
Router B
Router A Router C
Label-Switched Paths (LSPs)
12
ISP #4
ISP #3
Internet Backbone VPNsUses IP as the “UNI” to the networkAny-to-Any connectivityNo inherent security
ISP #1 ISP #2Internet
ISP #4
ISP #3
Internet Backbone VPNsUses IP as the “UNI” to the networkAny-to-Any connectivityNo inherent securityMultiple ISPs connected at “Peering Points”
ISP #1 ISP #2
Peering Point
13
Network A Network B Network C
IPSec VPNs
Internet transport layer
Network A Network B Network C
IPSec VPNs
Internet transport layer“Tunnels” through the Internet
14
What is IPSec?Encapsulation method that encrypts IP packets between two points inside another IP messageAuthenticates and secures VPNsover publicIP services
Internet
IPSec MessageIP packet
What is SSL?Similar to IPSec
Similar encryption algorithms
Browser basedAuthenticates between browser and server
Internet
15
Choosing a WAN Architecture
All methods “work”All methods can be secureOne size doesn’t fit allCorporate “religion” is a majordecision-making factor
Agenda
Overview of the problemVarious Vulnerabilities
WorkstationsLANs and SwitchesRouters and FirewallsWide Area Networks (WANs)
The Big Picture
16
Wide Area Network
EthernetSwitch
Router
WirelessEthernetAccessPoint
Firewall
This is Your Network
Wide Area Network
EthernetSwitch
Router
WirelessEthernetAccessPoint
Firewall
Who’s guarding the door?
17
Thank you!Summary
Overview of the problemVarious Vulnerabilities
WorkstationsLANs and SwitchesRouters and FirewallsWide Area Networks (WANs)
The Big PictureFor more information
Webtorialshttp://www.webtorials.com
Nortel NetworksSponsor of this presentationhttp://www.nortelnetworks.com