Presentation is loading. Please wait.

Presentation is loading. Please wait.

Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal.

Published byJude Brunton Modified over 10 years ago

Similar presentations

Presentation on theme: "Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal."— Presentation transcript:

1 Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal solution for retail chains

2 © 2012 – Teldat GmbH – All rights reserved Port Based Security  One private IP subnet (= one IP broadcast domain) in each branch  Static IP addresses on the LAN (no DHCP)  Allow POS transactions to HQ  Customer card transactions via IP connected card machines  Mobile phone topup tranactions and lottery transactions  Remote maintance of the POS equipment  Remote maintance of other IP connected equipment in the branch by 3rd parties  The requirments of the „Payment Card Industry Data Security Standard (PCI)” must be met.  To fulfil these requirements, the network topology at the branch office LAN must be changed (IP subnetting / VLANs).  A change to the Network topology in hundreds or thousands of branches is both expensive and logistically prohibitive Situation: in the branch sites

3 © 2012 – Teldat GmbH – All rights reserved Port Based Security R1202 Switch IP-Subnet 10.0.0.0/24.1.2.9.5.3.8.7„M2M/ Lottery/ etc“ „Card Terminal“ VPN-Gateway Problem: How can I prevent access between equipment without extensive modification of network topology? VPN „CRM“

4 © 2012 – Teldat GmbH – All rights reserved Port Based Security The Challange: ●Virtual separation of the network components WITHOUT removing equipment from the common IP subnet ●Although the network components are in a common IP broadcast domain ensure they CAN NOT DIRECTLY communicate with each other... ●......but to allow communication via the router, which can control the access between network components via its existing Layer 3 features (firewall, ACL)

5 © 2012 – Teldat GmbH – All rights reserved.1 Port Based Security "Drop-In Mode" - also known as "transparent mode" R1202 Switch IP-Subnet 10.0.0.0/24.2.9.5.3.8.7„M2M/ Lottery/ etc“ „Card terminal“ VPN-Gateway „Drop-In-Router“ Solution: Access is via the "drop in" router with firewall / ACL rules „CRM“

6 © 2012 – Teldat GmbH – All rights reserved Port Based Security ●Physical separation of network components with the help of separate LAN ports on the router (optionally VLAN also possible) ●The IP broadcast domain extends above it to the entire Ethernet network ●Within each physical (virtual) “Zone“ the direct communication with each other continues to be permitted ●The „Drop-In-Router“ can now control all the traffic ●betweeen the „Zones“ („Intra-Domain-Routing“) ●Between the IP-Broadcast-Domain and other Networks the Layer-3 features control and regulate this The solution: "Drop-In Mode" - also known as "transparent mode"

7 © 2012 – Teldat GmbH – All rights reserved Port Based Security The advantages of the "drop-in mode" Solution  No complex changes to the network topology are required  Requests between the network components can reliably be controlled via the router security features (firewall, ACL)  No VLAN segmentation is required, however optionally VLAN is also possible.  Easy configuration in the branch router in just a few steps ( Go & Protect )  Ethernet port configuration is identical in all stores...  small number of branch-specific parameters...  Therefore little effort... in installation and maintenance  Compared to other solutions only ONE VPN tunnel to the central office required  Less administrative work  More Performance  Better stablity  Central site solution needs only minimul adjustment

8 © 2012 – Teldat GmbH – All rights reserved „Drop In Mode“ – Transparent Mode

Download ppt "Haga clic para modificar el estilo de subtítulo del patrón © 2012 – Teldat GmbH – All rights reserved „Port Based Security“ – „Drop-In-Mode“ The ideal."

Similar presentations

LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
1 Fall 2005 Layer 3 Switches and VLANs Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Layer 3 Switches and VLANs Qutaibah Malluhi CSE Department Qatar University.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.

Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Similar presentations

Ads by Google