Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managed Gigabit Switch with Denial of Service (DoS) Attack Protection

Published byHolly Pierce Modified over 6 years ago

Similar presentations

Presentation on theme: "Managed Gigabit Switch with Denial of Service (DoS) Attack Protection"— Presentation transcript:

1 Managed Gigabit Switch with Denial of Service (DoS) Attack Protection
AT-9424 Product Overview Managed Gigabit Switch with Denial of Service (DoS) Attack Protection

2 Allied Telesyn AT-9424 Gigabit Ethernet Switch for the Edge
First security focused gigabit switch for the access edge Detects and protects against 6 DoS attack variants Classifies and ACLs provide additional customizable security Also offers a competitive base feature set outside of security Available Now 24 10/100/1000 ports and 2 SFPs or GBICs in 1 RU Part Number: AT-9424T/SP-10 & AT-9424T/GB-10

3 Newest Addition to Extensive Switch Portfolio
SwitchBlade 9900 Series Enterprise and Service Providers needing: Large network applicability High degree of traffic manipulation and management Multiple redundancy options Customizable script based actions for network management and security 8924 8800 Family Layer 3 9800 Family 8600 Family Power over Ethernet 9624 TBD 9400 Family Small to Medium Enterprise needing: Simplified management VoIP optimization Security Layer 2 Plus 8500 Family Power over Ethernet 8400 Modular Chassis Small to Medium Business needing: Low cost Simple management Connectivity for less than 1,000 users 8300 Stackable Family Layer 2 8000 Family Workgroup Wiring Closet NSP Backbone Enterprise NSP

4 These organizations need gigabit and DoS attack protection
AT-9424 – Target Markets Traditional Enterprise LAN Traditional Enterprise LAN Education Institutions Traditional Enterprise LAN Service-provisioned Leased Offices or MTUs These organizations need gigabit and DoS attack protection Have users that bring laptops in and out of the network making the network susceptible to hosting DoS attacks

5 AT-9424 the Gig Switch of Choice for:
Security Conscious Medium to Small organizations ( users) The 9424 is the only switch in its class with attack detection and suppression 54% of respondents to the Network Computing Reader Survey plan to invest more in security than in anything else SMEs and SMBs moving towards Gig-to-the-desk Cost effective and more secure SMEs seeking a simple server aggregation switch Rich quality of service (QoS) capabilities SMEs who want to eliminate distribution tier bottlenecks Wirespeed gigabit switching in a compact formfactor

6 The Denial of Service Threat
A denial of service attack is a network infrastructure attack that is targeted towards: Network equipment (routers, switches) Services ( , file servers) Computers group (PCs) Today IT attempts to address this issue in their WAN facing security hardware, but since this attack is coming from the inside the traffic is already clogging the network End Points LAN WAN Edge Internet An infected internal computer becomes a zombie host to for the denial of service attack. The zombie then sends continuous server requests to the target system All requests from the zombie have false return addresses, so the server can't find the user when it tries to respond The server waits, sometimes more than a minute, before closing the connection. When these attacks hit unprotected systems they can tie them up indefinitely X Host systems are often infected by spam , web browsing and laptops used outside of the network. Excess phony traffic from the DoS zombie clogs the network If the attack is successful it is a liability to the host network company

7 AT-9424 – Service Highlights
L2-L4 Intelligent Services Redundancy Advanced Security Rate Limiting (Ingress & Egress) 8 hardware queues per port 802.1p for MAC-based QoS Layer 2, 3 and 4 classifiers DiffServ for IP-based Qos CoS to DSCP remarking QoS ACLs 802.1w Rapid STP 802.1s Multiple STP 802.1D Spanning Tree Redundant Power Supply Option 802.3ad Link Aggregation (LACP) Attack Detection / Suppression MAC Address Lockdown Radius/ TACACS+ SSHv2 & SSL Port Security 802.1x

8 AT-9424’s Layer 2-4 Intelligence
Layer 2 – 4 intelligence is: Looking deep into the packet layer and using classifiers to take action. Using Layer 2-4 Intelligence for security The ability to allow and disallow access to networks and network resources based on: -L2: MAC Address Source/Destination or both -L3: IP Address Source/Destination or both -L4: TCP and UDP port number Using Layer 2-4 Intelligence for QoS The ability to prioritize and/or rate limit traffic based on: Using Layer 2-4 Intelligence for management The ability to mirror traffic based on:

9 AT-9424’s Attack Detection and Suppression
AT-9424’s DoS-Attack Protection Feature A firewall supplement not a firewall replacement It is a cost-effective additional layer of security It handles attacks that come from the inside and prevents them from clogging the network and affecting other services like VoIP End Points LAN WAN Edge Internet

10 Primary Application Example Gigabit-to-the-Desk
End Points LAN WAN Edge Internet Supporting Features 802.1x VLANs by MAC/Protocol/Subnet ACLs Rate limiting Advanced QoS Wire speed s Attack detection and suppression GARP / GVRP Broadcast storm control Port Security (MAC Lockdown) IGMP Snooping

11 Other Application Examples Server Aggregation
End Points LAN WAN Edge Internet Servers Supporting Features Rapid reconvergence (802.1w) Automatic port fail-over Link aggregation (LACP) Optional Redundant Power Supply QoS SFPs s Attack detection and suppression VLANs by MAC/Protocol/Subnet ACLs Rate limiting Broadcast storm control

12 Other Application Examples Access Switch Aggregation
End Points LAN WAN Edge Internet Supporting Features Attack detection and suppression, Multiple STP, CoS to DSCP remarking Rapid reconvergence (802.1w) Link aggregation (LACP) QoS, s SFPs, Optional Redundant Power Supply ACLs Rate limiting Broadcast storm control

13 Other Application Examples Small Business Mini-core
End Points LAN WAN Edge Internet Supporting Features Wirespeed Gigabit QoS link aggregation, Optional Redundant Power Supply Broadcast storm control s Attack detection and suppression VLANs by MAC/Protocol/Subnet ACLs Rate limiting Bad cable detection

14 Most Compelling L2-4 Gigabit Switch
AT-9424 Everything you expect and more… Attack detection and suppression Advanced QoS capabilities L2-4 intelligence for custom security, management and QoS control

15 Available SFP Modules Product Name Speed Distance Ports AT-SPSX
Gigabit 500m MM Fiber AT-SPLX10 10km SM Fiber AT-SPLX40 40km AT-SPLX40/1550 AT-SPZX80/xxxx xxxx = Wavelengths: 1470, 1490, 1510, 1530, 1550, 1570, 1590, 1610 80km

16 Available GBIC Modules
Product Name Speed Distance Ports AT-G8T Gigabit 100m Copper AT-G8SX-01 500m MM Fiber AT-G8LX10 10km SM Fiber AT-G8LX25 25km AT-G8LX40 40km AT-G8LX70 70km

17 Redundant Power Supply Option
AT-RPS3204

18 AT-9424 Feature Summary Security QoS Management and Monitoring
Attack detection and suppression (6 DoS variants) 802.1x Port security TACACS+ RADIUS Authentication and Accounting ACLs by: packet type, IP address, protocol, port number, MAC address and VLAN Unknown unicast/multicast blocking QoS 802.1p Class of service Strict Priority and Weighted Round Robin ToS DiffServ CoS to DSCP mapping / remarking Ingress and egress rate limiting by port and flow RFC 2236 IGMP Snooping (Ver. 2.0) RFC 1112 IGMP Snooping (Ver. 1.0) Management and Monitoring Web, CLI, Telnet, Serial SNMP v1, v2c, v3 RMON 1 (Groups: 1, 2, 3, 9) Port-Mirroring ASCII-based config file Event Log RFC951 BOOTP RFC 1350 TFTP Redundancy 802.1D Spanning Tree Protocol 802.1w Rapid Spanning Tree 802.3ad Link-Aggregation (LACP) Bad Cable Detection Broadcast Storm Control 802.1s Multiple STP (compatible with PVST+) Scalability Switch cluster management 8-ports per trunk group VLANs Port-based VLAN (4096) GARP/ GVRP IEEE 802.1v VLAN Classification by Protocol / IP Subnet Upstream forwarding only VLANs 802.1Q VLAN bridge 802.3ac VLAN 802.3x flow control tagging extensions Find out what we mean about TACACS+ Check with Fawsi on the RMON issue What do we mean by BootP? Check on upstream forwarding.

19 Thank You

20 Competitive Positioning
AT-9424

21 Competitive Landscape
3com SuperStack 3 Switch 3824 3com SuperStack 3 Switch 3870 Cisco Catalyst 2970G-24TS  HP ProCurve Switch 2824 Foundry EdgeIron 24GS (FES2402CF) Enterasys Matrix C1G124-24 

22 Selling Against 3com SuperStack 3 Switch 3824
24 10/100/1000 ports 4 SFP combo slots Their Deficiencies Compared to Allied Telesyn No attack detection & suppression No MAC address based VLANs No VLAN classification by protocol or subnet Not PVST+ compatible No 802.1s support No redundant power supply option No access control lists No SSL or SSH for management No RADIUS accounting No strict priority queuing No rate limiting No Telnet No BootP support

23 Selling Against 3com SuperStack 3 Switch 3870
24 10/100/1000 ports 4 SFP slots Their Deficiencies Compared to Allied Telesyn No attack detection & suppression No MAC address based VLANs No VLAN classification by protocol or subnet Not PVST+ compatible No 802.1s support Limited ACL capabilities No CoS to DSCP mapping / remarking No flow based rate limiting No BootP support

24 Selling Against Cisco 2970G-24TS
24 10/100/1000 ports 4 SFP slots Their Deficiencies Compared to Allied Telesyn They are priced at a premium No attack detection & suppression No MAC address based VLANs No RADIUS accounting

25 Selling Against HP ProCurve Switch 2824
20 10/100/1000 ports 4 SFP/TX combo ports Their Deficiencies Compared to Allied Telesyn No attack detection & suppression No CoS to DSCP mapping / remarking No MAC address based VLANs No VLAN classification by protocol or subnet No WRR queuing No access control lists No rate limiting Not PVST+ compatible

26 Selling Against Foundry EdgeIron 24GS (EIF24G-A)
24 10/100/1000 ports 4 SFP combo slots Their Deficiencies Compared to Allied Telesyn Priced at a premium No attack detection & suppression No MAC address based VLANs No VLAN classification by protocol or subnet No 802.1s support No access control lists No RADIUS accounting No rate limiting No NTP or SNTP support No redundant power supply option

27 Selling Against Enterasys Matrix C1G124-24
24 10/100/1000 ports 4 SFP combo slots Their Deficiencies Compared to Allied Telesyn No attack detection & suppression No MAC address based VLANs No VLAN Classification by Protocol / IP Subnet Not PVST+ No 802.1s (Multiple STP) No switch cluster management No RADIUS accounting Limited ACL capabilities No TACACS+ No CoS to DSCP Mapping / Remarking No flow based rate limiting No NTP or SNTP No BootP support FLOW BASED RATE LIMITING Check out cluster management for this.

28 Exceeding Expectations
Allied Telesyn AT-9424 Managed 24-port Gigabit Switch + 2 SFPs Attack Protection Advanced QoS Layer 2-4 Intelligence 24 x 10/100/1000 auto-sensing ports 2 unpopulated combo SFP slots (mini GBICs) Wirespeed, non-blocking performance 48-Gbps switching capacity 35.7-Mpps forwarding rate 1 Rack-mount Unit (RU) high form-factor allows for rack space optimization 8 hardware queues RJ45 Consol port Ingress and egress rate limiting Exceeding Expectations

29 Thank You

30 IEEE 802.1s (Multiple Spanning Tree)
Old Spanning Tree 802.1D – STP Allow all or block all VLANs coming from a port Slow Convergence 802.1w – RSTP Non standard-based PVST Consumes too much CPU time and network bandwidth (with control traffic) 802.1s advantages: Eliminates all limitations mentioned above Image Source: NetworkWorldFusion, ‘802.1s solves architecture issues’ 08/04/03

31 IEEE 802.1s as Ethernet Services
802.1s with VLAN Services Alternative to the Transparent LAN Services (aka Private Line Services) Ethernet is cheaper and more bandwidth efficient compared to TDM or ATM-based TLS Enables large “Flat” switched network for university campuses Department has offices around “Access Ring #1” only: vlan RED Department has offices around “Access Ring #1” & “Core Ring”: vlan BLUE Department has offices spanning across “All Rings”: vlan BLACK Campus Core Ring Access Ring #1 Access Ring #2

32 IEEE 802.1x (Port-Based Network Access Control)
Prevents unauthorized use of network resources, such as: Bandwidth and Servers “Multi-Supplicant” and “Authenticator” modes are supported to allow indirect and direct host attachments Verified with all popular 802.1x clients, such as: Win-XP, Aegis Meeting House 8500 offers “Tiered Security” with 802.1x authentication and DoS-attack protecttion

Download ppt "Managed Gigabit Switch with Denial of Service (DoS) Attack Protection"

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Chapter 7: Intranet LAN Design

Chapter 7: Intranet LAN Design
UTC-N Overview of Campus Networks Design.

UTC-N Overview of Campus Networks Design.
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
Www.planet.com.tw WGS3-5220 48-Port 10/100Mbps with 4G TP/SFP Layer 3 Managed Switch Copyright © PLANET Technology Corporation. All rights reserved.

WGS Port 10/100Mbps with 4G TP/SFP Layer 3 Managed Switch Copyright © PLANET Technology Corporation. All rights reserved.
Managed Ethernet Switch. Introduction  Product Features WSD-800 WSW-2401A WGSW-2840 WGSW-5240  Feature Functions  Comparison.

Managed Ethernet Switch. Introduction  Product Features WSD-800 WSW-2401A WGSW-2840 WGSW-5240  Feature Functions  Comparison.
Www.planet.com.tw Managed Ethernet Switch Copyright © PLANET Technology Corporation. All rights reserved.

Managed Ethernet Switch Copyright © PLANET Technology Corporation. All rights reserved.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ©2011 Hewlett-Packard.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ©2011 Hewlett-Packard.
24-Port 100/1000Base-X SFP + 4-Port 10G SFP+ L2/L4 Managed Metro Ethernet Switch MGSW-28240F.

24-Port 100/1000Base-X SFP + 4-Port 10G SFP+ L2/L4 Managed Metro Ethernet Switch MGSW-28240F.
48-Port 10/100/1000Base-T + 4-Port 1000X SFP Managed Gigabit Switch WGSW-52040.

48-Port 10/100/1000Base-T + 4-Port 1000X SFP Managed Gigabit Switch WGSW
Switch Layer 2 QoS MPLS PoE Ports Packet Buffer Counters Switch Fabric (internal) Flash SDRAM MAC address table L3 hosts (IPv4) L3 hosts (IPv6) L3 Routes.

Switch Layer 2 QoS MPLS PoE Ports Packet Buffer Counters Switch Fabric (internal) Flash SDRAM MAC address table L3 hosts (IPv4) L3 hosts (IPv6) L3 Routes.
NORTEL NETWORKS CONFIDENTIAL BayStack 380-24F Gigabit Switch - Customer Presentation Ramesh Bijor Product Marketing Manager Ethernet Switching Business.

NORTEL NETWORKS CONFIDENTIAL BayStack F Gigabit Switch - Customer Presentation Ramesh Bijor Product Marketing Manager Ethernet Switching Business.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.

Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
GSD-1002M 8-Port 10/100/1000Mbps + 2-Port 100/1000X SFP Managed Desktop Switch (PoE PD, External PWR)

GSD-1002M 8-Port 10/100/1000Mbps + 2-Port 100/1000X SFP Managed Desktop Switch (PoE PD, External PWR)
48-Port 10/100/1000Mbps with 4 Shared SFP Managed Ethernet Switch

48-Port 10/100/1000Mbps with 4 Shared SFP Managed Ethernet Switch
FSM7328S / FSM7352S Product Training Managed Layer 3 Stackable Switching at Layer 2 Pricing Demetrios Coulis March, 2005.

FSM7328S / FSM7352S Product Training Managed Layer 3 Stackable Switching at Layer 2 Pricing Demetrios Coulis March, 2005.
LION GES - Overview  Fast Ethernet Switch For easy installation of medium to large sized networks For installation of high availability networks using.

LION GES - Overview  Fast Ethernet Switch For easy installation of medium to large sized networks For installation of high availability networks using.

Similar presentations

Ads by Google