Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus.

Slides:



Advertisements
Similar presentations
M A Wajid Tanveer Infrastructure M A Wajid Tanveer
Advertisements

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
External perimeter of secure network public Internet SNMPdata transaction data control commands July 2003 Firewall Network Processor™: basic concept and.
Presented by Serge Kpan LTEC Network Systems Administration 1.
IS Network and Telecommunications Risks
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
A Guide to major network components
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Understanding Active Directory
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Data Center Network Redesign using SDN
Intranet, Extranet, Firewall. Intranet and Extranet.
LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Common Devices Used In Computer Networks
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
Automatic Software Testing Tool for Computer Networks ADD Presentation Dudi Patimer Adi Shachar Yaniv Cohen
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Module 4: Designing Routing and Switching Requirements.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Hierarchical Network Design – a Review 1 RD-CSY3021.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
Computer networks Internet, Intranet, Extranet, Lan, Wan, characteristics and differences.
Security fundamentals Topic 10 Securing the network perimeter.
SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.
Windows ® Azure ™ Platform. Network Architecture Packet Filtering Built-In Firewalls Connect Service SSL WCF Security Agenda.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Chapter 3 Selecting the Technology. Agenda Internet Technology –Architecture –Protocol –ATM IT for E-business –Selection Criteria –Platform –Middleware.
Rehab AlFallaj.  Network:  Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and do specific task.
Cisco Discovery 3 Chapter 1 Networking in the Enterprise JEOPARDY.
Central Management of 300 Firewalls and Access-Lists Fabian Mauchle TNC 2012 Reykjavík, 21-May-2012.
Chapter 1: Explore the Network
CompTIA Security+ Study Guide (SY0-401)
CONNECTING TO THE INTERNET
Implementing Network Access Protection
Planning and Troubleshooting Routing and Switching
Computer Data Security & Privacy
CompTIA Security+ Study Guide (SY0-401)
Goals Introduce the Windows Server 2003 family of operating systems
Virtual Private Network
By Seferash B Asfa Wossen Strayer University 3rd December 2003
Presentation transcript:

Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus.

Firewall Network Processor: core concept and solutions 2 Content Introduction: business value and technology trend Introduction: business value and technology trend Seeking decision: concept of secure network environment and intelligent “wire” Seeking decision: concept of secure network environment and intelligent “wire” FNP as a patented capability to keeping network infrastructure secure FNP as a patented capability to keeping network infrastructure secure technical aspects functionality business solution Summary Summary

Firewall Network Processor: core concept and solutions 3 Key issues many companies : spend millions of dollars each year investing in business systems to make information available to authorized persons and customers spend millions of dollars each year investing in business systems to make information available to authorized persons and customers seeing business value in access to Internet information infrastructure to improve employee performance seeing business value in access to Internet information infrastructure to improve employee performance … and seeking technology that can to give employees new functionality without opening the door to attacks and unauthorized access to securing sensitive business data seeking technology that can to give employees new functionality without opening the door to attacks and unauthorized access to securing sensitive business data

Firewall Network Processor: core concept and solutions 4 Introduction best-effort service (no internal QoS mechanism) best-effort service (no internal QoS mechanism) simple authentication model ( trust network environment ) simple authentication model ( trust network environment ) Basic Internet principal and security issue: Comments: To enjoy Internet as a business media people must take control of traffic content in the many forms (VLAN,VPN, VoIP,…) and channels (IP, P2P..) A deep understanding of how employees use Internet recourses requires effective security and management solution.

Firewall Network Processor: core concept and solutions 5 Network infrastructure: are any “right places” for investment with low risks and expense? Network access policy communication lines Set of “intelligent” nodes - applications Business in a form of “applications” – Benephisheries: ASP, banks, electronic commerce companies, GRID computing, etc Business in a form of “packet traffic”, connectivity, and bandwidth Benephisheries: hardware and software suppliers, ISP, Telco, e-PTN Service level Low Expense “border” Packet processes Low Risk “border” Comments: business opportunity is close to service and access “border” customers will deploy the security solution that suits their existing environment.

Firewall Network Processor: core concept and solutions 6 Solution examples Technology added “value”Income E-commerce wide access turnover up E-commerce wide access turnover up VPN remote office outsourcing VPN remote office outsourcing Access Management Single Sign-on employee Access Management Single Sign-on employee productivity productivityComments: the best investments - reduction of business expenses The best innovations - reduction of technology risks

Firewall Network Processor: core concept and solutions 7 Internet as a service media: Intellectual services (DB, CAD, PDM, routing, switching,) belongs to the network nodes; Telco service measures - bandwidth and delay Comment: There is “Gap” in the network service space - no “intelligent ” service processing on wire level Is this gap” become the business opportunity? User needs - Applications ASP keeps Servers ISP controls IP Routers Telco provides wire grid Application Port/MAC/IP n MAC/IP i Application port/IP/MAC 1 Application IP/MAC 2

Firewall Network Processor: core concept and solutions 8 “it_is_secure” wire infrastructure “it_is_secure” wire infrastructure “itiss” means : management tools Merge existing packet switching technology and access management tools with innovative concept of “intelligent wire” - IP node preprocessor Find out the cost-effective decision to add intelligent feature to the wire infrastructure Application network IP logical space MAC grid MAC/IP n MAC/IP i IP/MAC 1 IP/MAC 2

Firewall Network Processor: core concept and solutions 9 Fractel™ - Security Approach and Components & know-how Technical aspect: provides multilevel packet processing which retains current routing and access policies available in secure computer networks Decision & know how: “stealth” firewall network processor (FNP) that provides security functions “outside standard network nodes” (IPv4, IPv6, IPX,...) on the “wire level” Cost-effective platform for packet processing on MAC, IP, TCP and application levels

Firewall Network Processor: core concept and solutions 10 Design Aspects: Asynchrony packet flow processing– “one hop many functions” (content and packet filtering) Asynchrony packet flow processing– “one hop many functions” (content and packet filtering) Scalable filtering performance – “one transport protocol many security applications” (web, ftp, sql,..) Scalable filtering performance – “one transport protocol many security applications” (web, ftp, sql,..) Deliver hardware level performance to software programmable device by:

Aspect 1: Asynchrony traffic processing in “intelligent” wire router FNP i1 router FNP in process p 1 process p 2 process p n Node l Node m IP 1 IP 2 IP 3 IP 4 IP 1 IP 2 IP 3 IP 4 Link l Link l+1

Firewall Network Processor: core concept and solutions 12 ….”Grid” of applications… node 0node xnode x+1node M … … p2p virtual connection packet physical link buffer packet drops TCP/UDP Application1, application2 TCP/UDP … application n Aspect 2: One control mechanism for many applications content management

Firewall Network Processor: core concept and solutions 13 Firewall NP (FNP) Design Principals Two types of network interfaces Two types of network interfaces Cost-effective platform Cost-effective platform Flexible and scalable Management Flexible and scalable Management Innovative design Innovative design Filtering and Control functions Standard hardware and specific control software control interface) Industrial protocols (Active Directory, Open LDAP, WEB control interface) Patented “address less” technology

Firewall Network Processor: core concept and solutions 14 FNP Architecture Filtering module Service module authorization, UI daemon Local storage External storage … … … Cache hierarchy incoming trafficoutgoing traffic Stealth incoming interface(s) Stealth outgoing interface(s) 1 2 S s =F( 2 ) S f =F( 2 )  =F( 1, 2 ) sockets Open source OS kernel Control interface

Firewall Network Processor: core concept and solutions 15 FNP Hardware Platform: 100/1000 Ethernet port (control interface) 100/1000 Ethernet ports LAN, DMZ, WAN (stealth mode) interfaces power switch

Firewall Network Processor: core concept and solutions 16 corporate network Global Internet Scenario 1: content switching (single-box deployment) ISP network router or backbone switch Web server ftp servers end-user segment FNP-1000/4 Control Interface Content switching Administrative Segment with LDAP and FNP Logfiles DB

Firewall Network Processor: core concept and solutions 17 Scenario 2: S olution for Data Center (protection environment for complex infrastructure) switched network infrastructure G l o b a l I n t e r n e t Scalability Metro WDM Ethernet switch FNP-1000/ Manageability Local Gigabit VLAN switches control interfaces internal network sensor Availability Distinct VLAN segment DC admin monitor Log DB FNP-100/4S protected network segment stealth interfaces Local admin monitor

Firewall Network Processor: core concept and solutions 18 Scenario 3: dynamic security control (… and third-party integration) ta fnp control interface Firewall rules are generated and deleted automatically after WDC logon\logoff of the end user Switch DNS ftp- server admin and Log DB Storage domain Windows Domain controller / Active Directory public Internet NAS-server VLAN segment FNP-1000/4

Firewall Network Processor: core concept and solutions 19 Summary - FNP advantages : Based on patented architecture Based on patented architecture Delivers security appliance solutions for organizations of all types and sizes Delivers security appliance solutions for organizations of all types and sizes Support industrial standard and third-party integration within Support industrial standard and third-party integration within existing network infrastructure. Increase company’s productivity through the management of non- business activities. Increase company’s productivity through the management of non- business activities. Decreased bandwidth costs by limiting noncritical network traffic Decreased bandwidth costs by limiting noncritical network traffic and blocking objectionable URLs and applications. and blocking objectionable URLs and applications. Compatible with nearly every available cost-effective hardware platform Compatible with nearly every available cost-effective hardware platform

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.