Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya.

Slides:

Advertisements

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Advertisements

May 2 nd, 2001, page n° 1 The Invisible Network. May 2 nd, 2001, page n° 2 List of contents Introduction The invisible network: an example Some trends.

Identifying MPLS Applications

Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

© 2014 Avaya Inc. Avaya – Confidential & Proprietary Do not duplicate, publish or distribute further without the express written permission of Avaya. #AvayaATF.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 5 Switches.

1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

© 2006 Cisco Systems, Inc. All rights reserved. Lesson 1.2: Describing Converged Network Requirements Module 1: Converged Network Connectivity Requirements.

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

Abstraction and Control of Transport Networks (ACTN) BoF

COPYRIGHT © 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED. COMMUNICATIONS DRIVERS & TRENDS FOR SMART GRIDS Istanbul April 29-30

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Subsidiaries and affiliates of AT&T.

Chapter 1: Hierarchical Network Design

Cloud Computing. 2 A division of Konica Minolta Business Solutions USA Inc. What is Cloud Computing? A model for enabling convenient, on-demand network.

Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.

Intranet, Extranet, Firewall. Intranet and Extranet.

IP Ports and Protocols used by H.323 Devices Liane Tarouco.

The Virtualized Enterprise MORE FUNCTIONALITY AND REDUCED IT SPEND Speaker: Frank Grillo EVP of Marketing CYPRESS COMMUNICATIONS.

Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

IT Infrastructure Chap 1: Definition

VeriFlow: Verifying Network-Wide Invariants in Real Time

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS.

Chapter 8: Virtual LAN (VLAN)

LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

TeraPaths TeraPaths: Establishing End-to-End QoS Paths through L2 and L3 WAN Connections Presented by Presented by Dimitrios Katramatos, BNL Dimitrios.

Firewall Security.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 5 Switches.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

5/18/2006 Department of Technology Services Security Architecture.

1 | © 2015 Infinera Open SDN in Metro P-OTS Networks Sten Nordell CTO Metro Business Group

MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.

SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.

Chapter 1: Explore the Network

6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 5 Switches.

Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.

Introduction to Avaya’s SDN Architecture February 2015.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

“Your application performance is only as good as your network” (4)

Security fundamentals

Chapter 1: Explore the Network

Wireless Ethernet Programming

Campus Communications Fabric

Chapter 1: Explore the Network

Cloud Testing Shilpi Chugh.

Company Overview MegaPath is a leading provider of managed IP communications services in North America Business Founded in 1996 HQ in Pleasanton, CA 1,000+

Presentation transcript:

Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya

© 2012 Avaya Inc. All rights reserved. 22 Why should you listen?  Because folks want to attack you!!! –Critical Business information –Personal and Credit data –Just for the heck of it!  These folks are serious and they are well equipped with sophisticated tools –It’s no longer kids looking for kicks or prestige  Avaya’s Fabric Connect provides for services that, when properly implemented CANNOT be attacked!  This creates a ‘Stealth Shield’ over the network that makes it invisible!

© 2012 Avaya Inc. All rights reserved. 33 Privacy in a Virtualized World  Network and Service Virtualization have transformed the IT industry –Cloud Services –Software Defined Networking –BYOD and Mobility  Security and privacy concerns are being expressed by many risk and security analysts  Regulatory compliance in a virtualized environment can be a difficult bar to reach  Examples are, PCI Compliance, HIPAA, Process flow and control (SCADA) environments (NERC/CIP), Video Surveillance

© 2012 Avaya Inc. All rights reserved. 44 What makes this so difficult?  Traditional networking approaches utilize IP as a utility protocol to establish service paths  These paths are prone to IP scanning techniques that are used to: –Discover network topology –Identify key attack vectors  Using traditional approaches for privacy and separation are costly and complex –Inadvertent Routed Black Holes –Poor resiliency –High Cap/Ex and Op/Ex  Using IP as the utility for establishing paths means that they have to be visible. This creates a ‘catch 22’ which in turn creates complexity and cost

© 2012 Avaya Inc. All rights reserved. 55 Avaya’s Fabric Connect is truly Stealth!  Fabric Connect is not dependent upon IP to establish the service path  Service Paths are established by the use of SPB Ethernet Switched Paths within Fabric Connect  As a result, path behaviors are established on a completely different plane  ESP’s are ‘invisible to IP’

© 2012 Avaya Inc. All rights reserved. 66 The definition of a “Stealth” Network  Any network that is enclosed and self contained with no reachability into and/or out of it. It also must be mutable in both services and coverage characteristics  Avaya’s Fabric Connect based on IEEE 802.1aq provides for fast and nimble private networking circuit based capabilities that are unparalleled in the industry  Based on I-SID’s - NOT like MPLS IP VPN or VRF Lite! –Simple not complex  “Stealth” Networks are private ‘dark’ networks that are provided as services within the Fabric Connect cloud –L2 Stealth –A non-IP addressed L2 VSN environment –L3 Stealth –A L3 VSN IP VPN environment

© 2012 Avaya Inc. All rights reserved. 77 Data Protection: Segmentation comes first! Dark Reading™ recommendations…  Security includes all people, processes and technology  Validation on ‘where’ Private Data exists –Trace processes and systems –Develop flow diagrams of interacting systems & Private Data  Develop documented penetration testing specific to the Private environment –‘Hack Attack’ methodologies –Ongoing evaluation of threats/vulnerabilities/risk  The more technologies involved in the private environment the more engineering & penetration testing required!  Fabric Connect used end to end eliminates most if not all other network technologies! –Fabric Connect (IEEE 802.1aq) –Can significantly reduce ACL requirements and enhance data flow validation! –Firewalls/IDS – are collapsed into a virtualized security demarcation perimeter –Servers/Storage – resides in encrypted virtualized storage hidden by stealth services –Authentication/Authorization - Identity Engines! –Management applications!** Important consideration to ‘lock down’ the management environment. If it manages a system in the private environment. It is part of it!

© 2012 Avaya Inc. All rights reserved. 88 VLAN I-SID Secure L3 “Stealth” Network (IP VPN) Subnet A Subnet B VRF Fabric Connect Cloud Secure L2 “Stealth” Networks Core DistributionData Center Private Application (Client) Private Application (Server) Secure Single Port Modularity and sampling concept ‘End to end Stealth’ Remote site systems App/OS Switch/Network Network Distribution Systems Firewall/IDS Security Demarcation Data Center Systems Compute Systems Storage Systems FW/IDS IDE

© 2012 Avaya Inc. All rights reserved. 99 In Conclusion…  While IP Virtual Private Networks are nothing new, Avaya takes the concept to a new level with Fabric Connect  Flexible and nimble service extensions lend itself to an incredibly mobile secure networking paradigm –“Stealth” Networking – Fast, nimble and invisible  “Stealth” Networks can be used to facilitate traditional privacy concerns such as PCI and HIPAA compliance  Next generation private network requirements such as mobility for emergency response, military and/or field based operations  Avaya’s Fabric Connect can deliver all modes of secure private connectivity –Layer 2 Stealth requirements –Layer 3 Stealth requirements –Mobile Stealth requirements