EAGLE EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port.

Slides:



Advertisements
Similar presentations
DNA-A212 / DNA-A213 ADSL 2+ Modem/Router
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Wi-Fi Structures.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Internet Protocol Security (IPSec)
M2M Gateway Features Jari Lahti, CTO
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network
Rail Switch RS2-4R  Fast Ethernet Switch For easy installation of medium to large sized networks For installation of high availability networks using.
NetComm Wireless VPN Functionality Feature Spotlight.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Course 201 – Administration, Content Inspection and SSL VPN
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
Scenario & Hands-on 7-1 VPN Configuration-PPTP
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
DSL-2544N Dual Band Wireless N600 Gigabit ADSL2+ Modem Router
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
EPipe 2344 Product Introduction. Protocols and Bandwidth Control Protocols TCP/IP, RIP, DHCP, TFTP, PPP, PPPoE, IPoE Bandwidth control (site-site) Multilink.
Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Virtuelne Privatne Mreže 1 Dr Milan Marković. VPN implementations  In the following sections we will discuss these popular VPN implementation methods,
Industrial Security Router LAN/WAN-Router (IE-SR-2GT-LAN) LAN/UMTS/3G-Router (IE-SR-2GT-UMTS-3G)
 Router › A router is the networking device that integrates two or more networks together, while controlling the data traffic over the entire network.
Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.
Chapter 7. Identifying Assets and Activities to Be Protected
CONNECTING TO THE INTERNET
Introducing To Networking
Server-to-Client Remote Access and DirectAccess
Virtual Private Network
Cisco networking CNET-448
Cengage Learning: Computer Networking from LANs to WANs
Presentation transcript:

EAGLE

EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port Serial Configuration Secure modem access Support of Autoconfigurations Adapter ACA11 Rest Button Reset Recovery Switch Eagle from Router mode to transparent mode

Redundant 24 V Power Supply (6-pin) Signaling Contact Din Rail mountable Operating temperature: 0°C - 60°C (temperature displayed in web interface) IP20, fanless redundant power supply 24 VDC indicator contact +24 V +24 V* EAGLE - Functionalities

Two Versions: EAGLE FW: Firewall EAGLE: Firewall w/VPN  Forwarding IP and ARP traffic only. Although it is possible to define multicasts statically, the nature of EthernetIP may render the Eagle unable to pass this traffic. EAGLE Family

Stateful Inspection Firewall Transparent Mode (multiclient & singleclient) Configurable Firewall Rules (95,000) Network Address Translation (IP Masquerading) 95,000 Rules can be created  Most often used rules shoule be defined first Plug-n-Play Operation EAGLE – Firewall Functionalities

Multipoint VPN VPN in transparent Mode IPsec DES Encryption IPsec 3DES Hardware Encryption with 168 bit AES Hardware Encryption with up to 256 bit Authentication with Pre-Shared Secret MD5, SHA-1 PPTP Point to Point Tunneling Protocol "Host to Host" & "Net to Net" tunnels using "Pre- Shared Secret" authentication methodology for "Eagle to Eagle" VPN's EAGLE – VPN Functionalities

"Host to Host" & "Net to Net" tunnels with X.509v3 Authentication certificates. Germany will provide X.509 certificates on request as well as providing secure storage of those certificates. L2TP/IPsec MS Windows VPN Client to Eagle Requires "Transport (L2TP Microsoft)" MS Windows VPN Client with Windows Update "L2TP/IPSec NAT-T" Requires "Transport (L2TP SSH Sentinel)" EAGLE – VPN Functionalities  Both of these methods also require the use of the X.509v3 Authentication certificates.

EAGLE – Management Basic Configuration via User Interface Web Interface Via HTTPS (Secure/encrypted Web page) SNMP v3 Encrypted Interaction Remote access is blocked by default and must be explicitly unlocked for access from the unsecured port. Save and load configuration both locally and remotely The relay state is a MIB variable. After a change of the relay state the Eagle send out a trap HiDiscovery Protocol DHCP Client or Server Time synchronization

Logins and passwords LoginPasswordSNMPv1SNMPv3 userpublicroro adminprivaterwrw IP configuration by Local via terminal or ACA HiDiscovery DHCP  Note: configurations are effective immediately! EAGLE – Basic Configuration

RS-232 unlock as third port explicitely Configure firewall rules for modem port Access to inner network only Maximum data rate:57,6 kbd EAGLE – Remote Access via Modem/RS-232

Update Via HTTPS Reset Afterwards: Press "R" Key for 1.5 seconds till status LED turns Yellow Web-Reboot The configuration is kept but new features are available EAGLE – Software Update

EAGLE – Limitations No Support for Rapid Spanning Tree No Support for VLAN's (Tagged packets Discarded) No Support for Prioritization No Support for X.509v3 Authentication Certificates Etherent IP multicasts not yet supported IGMP to be implemented

EAGLE - Models

EAGLE – FW Models

All packets forwarded to processor Only IP and ARP - depending on filters - forwarded Secure (trusted) net Transparent Mode

EAGLE needs IP address for management access from external (untrusted) network Limitation: no VPN in Multi Transparent Mode Secure (trusted) net Multi-Client Transparent Mode

Production cell as trusted net Access via dial-in per phone network - firewall only as protection network (remote access) trusted net Modem   Telecom network (remote access) DSL-Modems   Internet Production cell as trusted network Access via Internet - with VPN and firewall for protection trusted net Remote Diagnostics

2nd EAGLE as "dongle", with pre-shared secrets offering a simple solution n EAGLE's with identical secrets possible "dongle" Maintenance technician gets IP assigned via DHCP IP, IP per NAT mapped to trusted network DHCP IP trusted net network (untrusted) network (untrusted) Local Diagnostics

Application: Maintenance in Network Maintenance within a production network i.e. remote management of devices of the production cell EAGLE functions: DHCP server firewall Additional functions virus scanner should be installed on laptop production network Service PC service port firewall functions

Application: Separation Production from Backbone Separate production against office network and backbone office network firewall functions production network

Application: Secure Connection within Network 1 Secure connection between two production cells within a network Used function: VPN VPN – IPSec 3DES production network office network

Application: Secure Connection within Network 2 Secure connection between two production cells within a network Used function: firewall to production backbone firewall functions production network office network

Problem RSTP RSTP is not supported! EAGLE

Automation Network Internet risks Espionage - bugging of data Manipulation of data Interception of data Unauthorized Access to Network Remote User PC with Access to the Internet IP: xxx.yyy.zzz.ccc Robot IP: aaa.bbb.ccc.ddd Unsecure Remote Maintenance

Automation Network EAGLE Internet measures: VPN in Routermode mechanism: PPPoE DES 3DES AES Remote User Solution – Secure remote maintenance

Automation Network EAGLE Internet Remote User risks: Espionage Manipulation of data Unsecure access to automation network

Automation Network EAGLE Internet measure: Firewall mechanism: Access Rules Robot IP: aaa.bbb.ccc.ddd Remote User PC with Access to Internet IP: xxx.yyy.zzz.ccc Solution: Authorized access to end device

Factory 1 VPN Tunnel Internet Factory 2 Secure coupling of locations

Automation Network Office Network VPN Firewall Functions Secure coupling of production cells

Office Network Firewall Functions Automation Network Secure cell seperation

Automation Network Service PC Risk: Espionage - bugging of data Manipulation of data Unauthorized access - misuse External maintenance activity- Unsecure access to network

Automation Network Service PC Service Port with EAGLE measure: Firewall - Transparent Mode Mechanism: Access Rules Robot IP: aaa.bbb.ccc.ddd IP: sss.fff.bbb.ttt. Solution: Secure service port