Network Security. Ensuring Information Availability. Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Network Security. Ensuring Information Availability. Security"

Transcription

1 Ensuring Information Availability Security

2 - Ensuring Information Availability Introduction The advent of the Internet and the huge array of connected devices has led to an insatiable demand for access to information when and where we need it. This has also changed the way we do business, with an ever increasing reliance on Information Technology resources and applications. The security of these resources has become a principal concern for network administrators to ensure maximum availability of the corporate network and Internet access. The deployment of switched networks in the Enterprise provides high-speed access to applications and the sharing of information. Security on these switches is as important as that of servers and end user computer equipment. The switches are as integral to maintaining network security as they are to forwarding data. There are a number of ways that the switching infrastructure maintains security in the modern network. industry leading switching technology provides a comprehensive security suite and supports a multi-layered approach to safeguarding the network, users, and business critical information. First, we will consider four areas where switches can help ensure a reliable and secure network infrastructure, and then look at some common network attacks and how they are mitigated. Multi-layered security Providing a secure environment for the sharing of corporate information and broader online access requires a considered approach. When security is cohesively implemented in the ) Network Infrastructure ) Switch Management 3) Features 4) Network Access the outcome is a resilient and reliable environment for access to online resources. ) Network Infrastructure The underlying network design is the starting point, providing a solid platform on which further switch features can secure network access and specific applications. Dividing the LAN up into Virtual LANs (VLANs) reduces broadcast traffic on the network and simplifies management. VLANs group subsets of ports into virtual broadcast domains which are isolated from each other. This provides a scalable solution as the network grows, while limiting unnecessary traffic from using precious network bandwidth. It also allows management of network access, and application use to be controlled for different groups of users, who do not need to be located together physically. As data packets are marked as belonging to a specific VLAN, we can separate traffic into independent domains and the switch can manage it appropriately. As IP networking has found its way into an increasingly wide array of scenarios, VLAN implementation has kept pace with advanced features to meet the security needs of different market segments. Private VLANs Private VLANs block traffic between hosts in that VLAN. This is perfect, for example, in a Hotel environment where guests in each room can be provided with Internet access, while traffic between rooms is disallowed for security. In conjunction with other advanced security features, private VLANs can be used to tightly manage Layer security in a switched environment. Nested VLANs Nested VLANs are used to overlay a private Layer network over a public Layer network. This allows a customer s LAN to spread to multiple locations in a city, as a second VLAN identifier is used to isolate customer traffic as it is tunnelled through the network Service Provider s infrastructure. Page

3 Virtual customer networks over shared Ethernet infrastructure is another solution facilitated by Nested VLANs, as shown in figure. In a multi-tenant building, each tenant can have their own VLAN structure overlaid on the physical network, and utilizing a high-speed resilient ring topology around the building provides exceptional performance. Each tenant s data runs within its own tunnel, completely separated from anyone else s data, with no possibility of cross-over from one virtual network to another. secure switches allow building management companies to make additional services available to tenants, such as a centralised Data Center and Internet access. The tenant s VLAN structure is encapsulated in a single QinQ VLAN for secure high speed access across their own virtual network to other office space, the data center and Internet. VLAN A Management VLAN Sales B VLAN C Service VLAN 3 x900-4xt Tenant 3 VLAN 3 x900-4xt VLAN Tenant VLAN Tenant VLAN 3 Tenant 3 x600-4ts VLAN 4 Tenant 4 SwitchBlade x908 Data Center Tenant Tenant Tenant 3 Tenant 4 AR750S Router Internet Figure : Virtual customer networks over shared Ethernet infrastructure Page 3

4 - Ensuring Information Availability " security features provide a safe environment for sharing information" ) Secure Switch Management On top of a securely designed environment is the need to manage the various devices that constitute the overall network. switches have a number of secure management options. An out of band Ethernet management port is provided to separate management access from network traffic. When remotely logging in to monitor or manage a switch, Secure Shell (SSH) access provides confidentiality and integrity of data. Switches can be further secured by disabling unused access services, for example, HTTP server and Telnet server. Network management systems use Simple Network Management Protocol (SNMP) to communicate with network switches and other devices. support of SNMPv3 provides secure access with authentication and encryption of management data. Additionally, the Graphical User Interface (GUI) utilises SNMPv3 for protected access when using this visual tool for monitoring and management. To provide a detailed audit trail in the event of a suspected security breach, or other problem, a Syslog server can be configured so switch log messages are stored in a central network repository. 3) Features switches provide numerous security features to enable a safe environment for sharing information. Let s have a look at a few of these: Port Security The ability to limit the number of workstations that are able to connect to specific ports on the switch is managed with Port Security. If these limits are breached, or access from unknown workstations is attempted, the port can do any or all of the following - drop the untrusted data, notify the network administrator, or disable the port. Further to this, specific ports can be set to only allow network access at specific times of day. For example, as shown in figure, a school can keep tight control over network access and application availability for students. Servers x600 AR45 Internet Classroom 8000S Network access allowed between 8am and 4pm 8000S Computer Lab Gigabit link 0/00 link Link aggregation Advanced port security options allow this school to control the times of day that access to online resources and the Internet is available Figure : Port Security Page 4

5 Secure configuration of Spanning Tree Protocol (STP) STP is the most commonly used means of preventing loops in Layer networks. There are two protection mechanisms that should always be enabled to improve robustness, as STP has no inbuilt security. ) STP Root Guard prevents a malicious user being able to access inappropriate data on the network, by allowing the network administrator to securely enforce the topology of the spanning tree. ) BPDU Guard similarly increases the security of STP by allowing the network administrator to enforce the borders of the spanning tree, keeping the active topology predictable. Storm Protection Use storm protection to reduce adverse affects of any network loop that would potentially swamp the network. There are three facets that together protect the network from storms. ) Loop detection monitors traffic for a return of a loop detection probe packet and in the event of a problem can take a variety of actions including logging a fault, disabling a link, or disabling a port or VLAN. ) Thrash limiting detects a loop if certain device hardware addresses are being rapidly relearned on different ports. In the event of a problem similar actions to loop detection can be taken. Control Plane Prioritisation (CPP) CPP prevents the Control Plane from becoming flooded in the event of a network storm or Denial of Service (DoS) attack, ensuring critical network control traffic always reaches its destination. Denial of Service (DoS) attack prevention A DoS attack is an attempt to make online resources unavailable to users. There are a number of known DoS attacks that can be monitored, with detection options being to notify network administration and/or shut down the affected switch port. DHCP Snooping DHCP servers allocate IP addresses to clients, and the switch keeps a record of addresses issued on each port. IP Source Guard checks against this DHCP snooping database to ensure only clients with specific IP and/or MAC address can access the network. DHCP snooping can be combined with other features, like Dynamic ARP Inspection, to increase security in layer switched environments, and also provides a traceable history, which meets the growing legal requirements placed on Service Providers. Access Control Lists (ACLs) and Filters Managing traffic volume and the types of traffic allowed on the network is essential to ensure a high performance, guard against unwanted traffic, and provide continuous access to important data. powerful ACLs and filtering capability provide a mechanism for network traffic control, all handled in the switches' hardware so wire-speed performance is maintained. 3) Storm control limits the rate at which a port will forward broadcast, multicast or unknown unicast packets. This controls the level of traffic that a loop will cause to be flooded in the network. Page 5

6 - Ensuring Information Availability 4) Controlling Network Access The security issues facing enterprise networks have evolved over the years, with the focus moving from mitigating outward attacks to reducing internal breaches and the infiltration of malicious software. This internal defence requires significant involvement with individual devices on a network, which creates greater overhead on network administrators. lowers this overhead and provides an effective solution to internal network security by integrating advanced switching technology as a part of Network Access Control (NAC). In conjunction with NAC, Tri-authentication provides options for managing network access for all devices. Network Access Control (NAC) NAC allows for unprecedented control over user access to the network, in order to mitigate threats to network infrastructure. switches use 80.x port-based authentication in partnership with standards-compliant dynamic VLAN assignment, to asses a user s adherence to network security policies and either grant authentication or offer remediation. Furthermore, if multiple users share a port then multi-authentication can be used. Different users on the same port can be assigned into different VLANs, and so given different levels of network access. Additionally, a Guest VLAN can be configured to provide a catch-all for users who aren't authenticated. Tri-authentication Authentication options include alternatives to 80.x port based authentication, such as web authentication to enable guest access, and MAC authentication for end points that do not have an 80.x supplicant, as shown in figure 3. All three authentication methods - 80.x, MAC-based and Web-based, can be enabled simultaneously on the same port (tri-authentication). Strong Access Shield By providing Tri-authentication, and integrating with NAC, Allied Telesis switches constitute a secure wall around the edge of your LAN, allowing no infected or rogue devices to get network access. Policy and RADIUS Server 80.x authenticated device x600-4ts Tri-authentication capable switch Policy Decision Point Web authenticated device Policy Enforcement Point MAC authenticated device Access Requestor Figure 3: Tri-authentication Page 6

7 Mitigating common network attacks Network security is significantly increased with ' superior multi-layer security suite that we ve described. However, due to increased mobility and the wide availability of various hacking tools, attacks can still occur from within the LAN itself. Let s consider some of the more common information stealing and denial of service attacks and how the switch security suite protects your LAN, preserving the safety of both your mission-critical applications and your productivity. MAC flooding attack Information stealing can be facilitated using a MAC flooding attack, which provides a source of accessible data. A malicious host sends packets from thousands of different bogus source MAC addresses, which fills the forwarding database. Once full, legitimate traffic is flooded and becomes widely accessible, as the switch does not have room to learn any more specific destination addresses in the forwarding database. switches provide two security measures which guard against a MAC flooding attack. The first is host authentication, where authenticating ports will only accept traffic from the MAC addresses of authenticated hosts. The second is port security, which controls how many MAC addresses can be learnt on a specific port, as shown in the diagrams below. Configurable options when limits are breached are to drop the un-trusted data, notify the network administrator, or disable the port. Address Resolution Protocol (ARP) spoofing attacks Another form of information stealing attack is ARP spoofing. A malicious host sends a bogus reply to a network server, claiming to be a genuine host desiring information. Once the switch has an incorrect entry in its ARP table, the malicious host starts to receive data intended for the genuine recipient. switches use DHCP Snooping with ARP Security to protect your network from ARP spoofing attacks. All ARP replies from un-trusted ports are checked to ensure they contain legitimate network addressing information, safeguarding your network and ensuring online information reaches its intended destination. Traffic generated with bogus source MAC addresses 3 Traffic destined for B is also visible to C Traffic flooded Port 3 C B A B A B A Port Port Traffic flooded MAC flooding attack The switch s MAC table is full of bogus MAC addresses. No room to learn any more, so all packets are treated as unknown destination MAC and flooded Configure a MAC learn limit on the switch s edge ports C 3 Traffic destined for B is no longer flooded Port 3 B A A B Port Port MAC flooding defence When the MAC limit is reached, packets from any further MACs are dropped Page 7

8 - Ensuring Information Availability VLAN hopping attacks VLANs aim to provide a degree of network security via user segmentation. A malicious host wishing to gain access to an unauthorised VLAN sends a tagged packet into the network with the VLAN identifier of the target VLAN, which typically the switch will forward to that VLAN. A variation on the VLAN attack is to send a double-tagged packet with the outer tag of the originating VLAN and an inner tag of the target VLAN. The switch will strip off the outer tag and pass the packet on to the target VLAN identified by the inner tag. switches eliminate basic and double-tagged VLAN hopping attacks by using Ingress Filtering to drop all tagged packets, since workstations attached to edge ports should not send tagged packets into the network, as shown in the diagrams below. Spanning Tree Protocol (STP) Attack STP prevents loops in Layer networks, while allowing path redundancy. Switch ports are designated as being either in a forwarding state or a blocked state. If a path becomes unavailable, the network responds by unblocking a previously blocked path to allow traffic to flow. In an STP attack, a malicious user sends an STP message (BPDU) which attempts to compromise the network topology, by forcing it to reconfigure. switches prevent spanning tree attacks by using BPDU guard on all edge ports, preventing bogus STP messages originating from a workstation. Double-tagged packets sent with an outer tag of the local VLAN, and inner tag of the target VLAN Victim 80.q, 80.q Trunk 80.q, Frame Frame Target VLAN Attacker The switch strips off the first tag and sends back out Double-tag VLAN hopping attack Configure the switch s edge ports with ingress filtering to accept ONLY untagged packets Victim Attacker Trunk 80.q, 80.q 3 Target VLAN Tagged packets are dropped Double-tagged packets sent with an outer tag of the local VLAN, and inner tag of the target VLAN Double-tag VLAN defence Page 8

9 Dynamic Host Configuration Protocol (DHCP) attacks DHCP servers allocate IP network addresses to hosts, allowing them to access resources on the network. Two forms of DHCP attack can compromise user s network access. ) DHCP Starvation Attack A malicious user inundating the DHCP server with countless requests from different bogus MAC addresses, results in the server running out of IP addresses. Genuine users are unable to gain a network address and therefore network access. switches use port security to stop malicious users sending multiple MAC addresses to the DHCP server, as shown in the diagrams below. Options are available for corrective action including notifying the network administrator and/or disabling the switch port of the offender. ) DHCP Rogue Server Attack A malicious user disguises himself as a DHCP server and responds to DHCP requests with a bogus network address, compromising the network access of genuine users. switches avoid DHCP rogue server attacks using DHCP Snooping to designate which ports may accept DHCP server response packets. If a rogue server is attached to an 'untrusted' port, its response packets will be dropped, rendering it useless. Denial of Service (DoS) attacks Keeping productivity high requires reliable network access, and there are a number of DoS attacks that can threaten to thwart information availability. Some of these target devices, causing them to reduce performance, while others attempt to send a storm of data at a specific victim, or consume online resources. switches are capable of mitigating all of these attacks using DoS defence, which for the majority of these attacks is implemented in the switch s hardware, so does not affect network performance. Attacker sends many different DHCP requests with many source MACs Port Server runs out of IP addresses to allocate to valid users Port DHCP Server Port 3 DHCP starvation attack Configure MAC learn limit on switch s edge ports Port Attacker sends many different DHCP requests with many source MACs Port DHCP Server Port 3 3 When the learn limit is reached, packets from any further MACs are dropped DHCP starvation defence Page 9

10 Summary switches guarantee a reliable and secure network infrastructure. The fully featured security suite safeguards the network, as well as mitigating threats that would compromise user s access to business critical resources and applications. Network administrators can rest assured that the network is resilient and reliable, and business owners can expect reduced expense along with increased productivity. network security ensuring information availability. About Inc. is a world class leader in delivering IP/Ethernet network solutions to the global market place. We create innovative, standards-based IP networks that seamlessly connect you with voice, video and data services. Enterprise customers can build complete end-to-end networking solutions through a single vendor, with core to edge technologies ranging from powerful 0 Gigabit Layer 3 switches right through to media converters. also offer a wide range of access, aggregation and backbone solutions for Service Providers. Our products range from industry leading media gateways which allow voice, video and data services to be delivered to the home and business, right through to high-end chassis-based platforms providing significant network infrastructure. ' flexible service and support programs are tailored to meet a wide range of needs, and are designed to protect your investment well into the future. Visit us online at. USA Headquarters 9800 North Creek Parkway Suite 00 Bothell WA 980 USA T: F: European Headquarters Via Motta Chiasso Switzerland T: F: Asia-Pacific Headquarters Tai Seng Link Singapore 5348 T: F: Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C RevA

Solutions for LAN Protection

Solutions for LAN Protection Solutions Guide Solutions for LAN Protection Allied Telesis security features safeguard networks and mitigate attacks Introduction The increasing number of connected devices in today s networks has created

More information

Allied Telesis provide virtual customer networks

Allied Telesis provide virtual customer networks Solutions Network Virtualization Allied Telesis provide virtual customer networks over shared Ethernet infrastructure Solutions Network Virtualization Today s building management companies can derive revenue

More information

Case Study Ministry of Agriculture, France

Case Study Ministry of Agriculture, France Case Study Ministry of Agriculture, France The Ministry of Agriculture and Fishing in France selects Allied Telesis for their new network solution in the central Paris offices, providing the strong network

More information

Solutions Guide. Education Networks

Solutions Guide. Education Networks Solutions Guide Education Networks Education needs and objectives Modern education networks are complex, and serve a rapidly developing set of requirements, some of which challenge the technology and its

More information

Solution Network Virtualization. Allied Telesis - delivering value with Network Virtualization

Solution Network Virtualization. Allied Telesis - delivering value with Network Virtualization Solution Network Virtualization Allied Telesis - delivering value with Network Virtualization Solution Delivering value with Network Virtualization Virtualization is a central theme in current IT development

More information

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise Solutions Guide Ethernet-based Network Virtualization for the Enterprise Introduction The concept of Tunnelling Layer 2 and Layer 3 connections across a shared Layer 2 network used to be the preserve of

More information

VCStack - Powerful Simplicity. Network Virtualization for Today's Business

VCStack - Powerful Simplicity. Network Virtualization for Today's Business Network Virtualization for Today's Business Introduction Today's enterprises rely on Information Technology resources and applications, for accessing business-critical information and for day-to-day work.

More information

x900 Switch Access Requestor

x900 Switch Access Requestor Network Security Solutions Implementing Network Access Control (NAC) Tested Solution: Protecting your network with Microsoft Network Access Protection (NAP) and Switches Today s networks increasingly require

More information

Securing end devices

Securing end devices Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch TL-SL5428E

24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch TL-SL5428E ACL, 802.1X Authentication, Port Security, IP Filtering, Storm control, DHCP Snooping, IP Source Guard and DoS Defend provide you robust security strategy Single-IP-Management supports virtual stack of

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Network Access Control (NAC)

Network Access Control (NAC) Solutions Network Access Control (NAC) Allied Telesis provides advanced edge security for Enterprise networks Security Issues The security issues facing Enterprise networks have evolved over the years,

More information

Solutions Guide. High Availability IPv6

Solutions Guide. High Availability IPv6 Solutions Guide High Availability IPv6 Introduction The Internet has forever changed contemporary society, with online access an integral part of our 21st century lifestyles. Finding out what movie is

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Solutions Guide. Resilient Networking with EPSR

Solutions Guide. Resilient Networking with EPSR Solutions Guide Resilient Networking with EPSR Introduction IP over Ethernet is now a well-proven technology in the delivery of converged services. Ethernet-based Triple-Play services have become an established

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

HARTING Ha-VIS Management Software

HARTING Ha-VIS Management Software HARTING Ha-VIS Management Software People Power Partnership HARTING Management Software Network Management Automation IT - with mcon Switches from HARTING With the Ha-VIS mcon families, HARTING has expanded

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

AlliedWare TM OS How To. Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks. Introduction. Related How To Notes

AlliedWare TM OS How To. Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks. Introduction. Related How To Notes AlliedWare TM OS How To Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks Introduction When you use DHCP servers to allocate IP addresses to clients on a LAN, you can also configure DHCP

More information

Solution Profile. i-net Infrastructure

Solution Profile. i-net Infrastructure Solution Profile i-net Infrastructure Executive Overview Traditionally, network infrastructures are built using unmanaged, Layer 2, Layer 2+ or Layer 3 network elements embedded in an architecture to offer

More information

TP-LINK. 24-Port Gigabit L2 Managed Switch with 4 SFP Slots. Overview. Datasheet TL-SG5428. www.tp-link.com

TP-LINK. 24-Port Gigabit L2 Managed Switch with 4 SFP Slots. Overview. Datasheet TL-SG5428. www.tp-link.com TP-LINK TM 24-Port Gigabit L2 Managed Switch with 4 SFP Slots Overview Designed for workgroups and departments, from TP-LINK provides full set of layer 2 management features. It delivers maximum throughput

More information

Network security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network.

Network security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network. By: Ziad Zubidah CCNP Security IT Security Officer National Information Technology Center Network security includes the detection and prevention of unauthorized access to both the network elements and

More information

This How To Note describes one possible basic VRRP configuration.

This How To Note describes one possible basic VRRP configuration. AlliedWare TM OS How To Configure VRRP (Virtual Router Redundancy Protocol) Introduction VRRP is a popular protocol for providing device redundancy, for connecting redundant WAN gateway routers or server

More information

TP-LINK 24-Port Gigabit L2 Managed Switch with 4 SFP Slots

TP-LINK 24-Port Gigabit L2 Managed Switch with 4 SFP Slots NEW TP-LINK 24-Port Gigabit L2 Managed Switch with 4 SFP Slots TM NEW Overview Designed for workgroups and departments, from TP-LINK provides full set of layer 2 management features. It delivers maximum

More information

AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability

AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability Introduction Increasingly we see the deployment of switched networks in the Enterprise and the use of switches in

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Cisco Nexus 1000V Switch for Microsoft Hyper-V Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.

More information

Campus LAN at NKN Member Institutions

Campus LAN at NKN Member Institutions Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 1/7/2015 3 rd Annual workshop 1 Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and

More information

Network Security Solutions Implementing Network Access Control (NAC)

Network Security Solutions Implementing Network Access Control (NAC) Network Security Solutions Implementing Network Access Control (NAC) Tested Solution: Protecting a network with Sophos NAC Advanced and Switches Sophos NAC Advanced is a sophisticated Network Access Control

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

AT-S63 and AT-S63 NE Version 1.0.0 Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes

AT-S63 and AT-S63 NE Version 1.0.0 Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes AT-S63 and AT-S63 NE Version 1.0.0 Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes Supported Platforms Please read this document before you begin to

More information

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need

More information

VLAN and QinQ Technology White Paper

VLAN and QinQ Technology White Paper VLAN and QinQ Technology White Paper Issue 1.01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any

More information

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business

More information

AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability

AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability Introduction Increasingly we see the deployment of switched networks in the Enterprise and the use of switches in

More information

Configure A Secure School Network Based On 802.1x

Configure A Secure School Network Based On 802.1x How To Configure A Secure School Network Based On 802.1x The problem Schools offer a unique set of challenges to network designers. As well as all the usual requirements of modern network users high bandwidth,

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL5428E. www.tp-link.com

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL5428E. www.tp-link.com TP-LINK 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch Overview TP-LINK JetStream L2 managed switch provides high performance, enterprise-level QoS, advanced security strategies and rich layer 2

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL3428. www.tp-link.com

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL3428. www.tp-link.com TP-LINK TM 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch Overview TP-LINK JetStream TM gigabit L2 managed switch provides 24 10/100Mbps ports. The switch provides high performance, enterprise-level

More information

DCS-3950-52C Fast Ethernet Intelligent Access Switch Datasheet

DCS-3950-52C Fast Ethernet Intelligent Access Switch Datasheet DCS-3950-52C Fast Ethernet Intelligent Access Switch Datasheet DCS-3950-52C Product Overview DCS-3950-52C switch is Fast Ethernet intelligent security access switch for carrier and MAN networks. It supports

More information

Building Secure Network Infrastructure For LANs

Building Secure Network Infrastructure For LANs Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives

More information

TP-LINK L2 Managed Switch

TP-LINK L2 Managed Switch NEW TP-LINK L2 Managed Switch TM NEW TL-SL3428/TL-SL3452 Overview TP-LINK JetStream TM L2 managed switch TL-SL3428/TL-SL3452 provides 24/48 10/100Mbps ports, the switch provide high performance, enterprise-level

More information

24-port 10/100 + 4-port Gigabit

24-port 10/100 + 4-port Gigabit 24-port 10/100 + 4-port Gigabit Managed Switch IP Clustering supports virtual stack of 32 units L2/L3/L4 QoS, Voice VLAN, and IGMP snooping/filtering optimize voice and video application ACL, 802.1x, IP

More information

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What

More information

Juniper / Cisco Interoperability Tests. August 2014

Juniper / Cisco Interoperability Tests. August 2014 Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper

More information

ALLNET ALL8944WMP Layer 2 Management 24 Port Giga PoE Current Sharing Switch

ALLNET ALL8944WMP Layer 2 Management 24 Port Giga PoE Current Sharing Switch ALLNET ALL8944WMP Layer 2 Management 24 Port Giga PoE Current Sharing Switch 24-Port Giga PoE Current Sharing Pv6 and IPv4 Dual Protocol SNMP v1/v2c/v3 SSH version 2.0 Authentication TACACS+ Jumbo Frames

More information

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH) IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH) COURSE OVERVIEW: Implementing Cisco Switched Networks (SWITCH) v2.0 is a five-day instructor-led training course developed to help students prepare for

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

Solution Profile. Branch in a Box

Solution Profile. Branch in a Box Solution Profile Branch in a Box Executive Overview Today s networks have evolved from mere data connectivity sources to business enablers supporting mission critical applications which form an integral

More information

Configure Policy-based Routing

Configure Policy-based Routing How To Note How To Configure Policy-based Routing Introduction Policy-based routing provides a means to route particular packets to their destination via a specific next-hop. Using policy-based routing

More information

configure WAN load balancing

configure WAN load balancing How To configure WAN load balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect of this requirement

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

20 GE + 4 GE Combo SFP + 2 10G Slots L3 Managed Stackable Switch

20 GE + 4 GE Combo SFP + 2 10G Slots L3 Managed Stackable Switch GTL-2691 Version: 1 Modules are to be ordered separately. 20 GE + 4 GE Combo SFP + 2 10G Slots L3 Managed Stackable Switch The LevelOne GEL-2691 is a Layer 3 Managed switch with 24 x 1000Base-T ports associated

More information

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009 Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results May 1, 2009 Executive Summary Juniper Networks commissioned Network Test to assess interoperability between its EX4200 and EX8208

More information

Product VioCall Express Connect. VioCall Express Connect VoIP Solution for SMB/SME Market

Product VioCall Express Connect. VioCall Express Connect VoIP Solution for SMB/SME Market Product VioCall Express Connect VioCall Express Connect VoIP Solution for SMB/SME Market Products VioCall Express Connect VioCall Express Connect VoIP Solution for SMB/SME Market Allied Telesyn s new Voice

More information

Cisco SPS208G 8-Port 10/100 + 2-Port Gigabit SP Switch Cisco Small Business Gigabit SP Switches

Cisco SPS208G 8-Port 10/100 + 2-Port Gigabit SP Switch Cisco Small Business Gigabit SP Switches Cisco SPS208G 8-Port 10/100 + 2-Port Gigabit SP Switch Cisco Small Business Gigabit SP Switches Service Provider Focused Metro Access Solution Suited for MTU/MDU Applications Highlights Cost-effective

More information

Tested Solution: Network Configuration and Inventory Management using Upgrade Manager

Tested Solution: Network Configuration and Inventory Management using Upgrade Manager Network Management Solutions Tested Solution: Network Configuration and Inventory Management using Upgrade Manager Upgrading the operating system images across a set of network nodes is an irregular event.

More information

Virtual PortChannels: Building Networks without Spanning Tree Protocol

Virtual PortChannels: Building Networks without Spanning Tree Protocol . White Paper Virtual PortChannels: Building Networks without Spanning Tree Protocol What You Will Learn This document provides an in-depth look at Cisco's virtual PortChannel (vpc) technology, as developed

More information

DCS-3950-28CT-POE fully loaded AT PoE Switch Datasheet

DCS-3950-28CT-POE fully loaded AT PoE Switch Datasheet DCS-3950-28CT-POE fully loaded AT PoE Switch Datasheet DCS-3950-28CT-POE Product Overview DCS-3950-28CT-POE is fully loaded PoE switch for carrier and enterprises. It supports comprehensive QoS, enhanced

More information

INDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) 2576 8800 (DR)

INDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) 2576 8800 (DR) Item CORE SWITCH: 24 Ports Item Description 1)General requirements: Switch- modular operating system, non-blocking wire speed performance. Switch solution-capable of providing complete redundancy by using

More information

EX 3500 ETHERNET SWITCH

EX 3500 ETHERNET SWITCH PRODUCT SPEC SHEET EX 3500 ETHERNET SWITCH EX 3500 ETHERNET SWITCH EQUIPPED THE WIRED ETHERNET SWITCH FOR UNIFIED WIRED-WIRELESS NETWORKS GET ALL THE WIRED NETWORKING FEATURES YOU NEED, PLUS THE SIMPLICITY

More information

Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs

Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs How To Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs Introduction In a large network where internal users cannot be trusted, it is nearly impossible to stop a host from

More information

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin Exploiting First Hop Protocols to Own the Network Rocket City TakeDownCon 2015 Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin www.dynetics.com V## Goes Here 1 OSI and TCP/IP Model OSI

More information

Network-in-a-Box Solution. Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks

Network-in-a-Box Solution. Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks Network in a Box Network-in-a-Box Solution Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks Network-in-a-Box Solution The switch

More information

Universal Network Access Policy

Universal Network Access Policy Universal Network Access Policy Purpose Poynton Workmens Club makes extensive use of network ed Information Technology resources to support its research and administration functions and provides a variety

More information

CHAPTER 10 LAN REDUNDANCY. Scaling Networks

CHAPTER 10 LAN REDUNDANCY. Scaling Networks CHAPTER 10 LAN REDUNDANCY Scaling Networks CHAPTER 10 10.0 Introduction 10.1 Spanning Tree Concepts 10.2 Varieties of Spanning Tree Protocols 10.3 Spanning Tree Configuration 10.4 First-Hop Redundancy

More information

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access. Solutions Guide Secure Remote Access Allied Telesis provides comprehensive solutions for secure remote access. Introduction The world is generating electronic data at an astonishing rate, and that data

More information

S5700S-LI Series Gigabit Enterprise Switches

S5700S-LI Series Gigabit Enterprise Switches HUAWEIENTERPRI SEUSA,I NC. S5700S-LI Series Gigabit Enterprise Switches Product Overview The S5700S-LI series gigabit enterprise switches (S5700S-LI for short) are next-generation energy-saving switches

More information

Reducing the burden of network management

Reducing the burden of network management White Paper Reducing the burden of network management Introduction Ethernet networking has developed at an immense rate in the last 20 years. Not long ago, an Ethernet network consisted of a length of

More information

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1 Local Area Networks LAN Security and local attacks TDC 363 Winter 2008 John Kristoff - DePaul University 1 Overview Local network attacks target an internal network Some attacks can be launched remotely

More information

Chapter 3. Enterprise Campus Network Design

Chapter 3. Enterprise Campus Network Design Chapter 3 Enterprise Campus Network Design 1 Overview The network foundation hosting these technologies for an emerging enterprise should be efficient, highly available, scalable, and manageable. This

More information

Software Defined Networking

Software Defined Networking White Paper Software Defined Networking Introduction Software Defined Networking (SDN) is a concept that is generating a lot of interest right now. As the complexity and performance expectations of Ethernet

More information

Christ s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology

Christ s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology Case Study Christ s College Christ s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology Case Study: Christ s College, Canterbury

More information

Apply Firewall Policies And Rules

Apply Firewall Policies And Rules How To Apply Firewall Policies And Rules Introduction This How To Note describes some of the more subtle aspects of dealing with firewall policies and how to apply rules to various traffic flows when using

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

ALLNET ALL-SG8926PM Layer 2 FULL Management 24 Port Giga PoE Current Sharing Switch IEEE802.3at/af

ALLNET ALL-SG8926PM Layer 2 FULL Management 24 Port Giga PoE Current Sharing Switch IEEE802.3at/af ALLNET ALL-SG8926PM Layer 2 FULL Management 24 Port Giga PoE Current Sharing Switch IEEE802.3at/af 24-Port Giga PoE Current Sharing 500W PoE Budget IPv6 and IPv4 Dual Protocol SNMP v1/v2c/v3 SSH version

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

AT-S63 Version 3.1.0 Management Software for the AT-9400 Basic Layer 3 Gigabit Ethernet Switches Software Release Notes

AT-S63 Version 3.1.0 Management Software for the AT-9400 Basic Layer 3 Gigabit Ethernet Switches Software Release Notes AT-S63 Version 3.1.0 Management Software for the AT-9400 Basic Layer 3 Gigabit Ethernet Switches Software Release Notes Please read this document before you begin to use the management software. Supported

More information

PLDT About the customer The customer network Redeveloping the network architecture

PLDT About the customer The customer network Redeveloping the network architecture Case Study PLDT PLDT PLDT, the leading telecommunications provider in the Philippines, selects Allied Telesis advanced Gigabit switches for the layer 2 aggregation requirements of its Next Generation Network.

More information

AT-S105 Version 1.2.0 Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches

AT-S105 Version 1.2.0 Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches AT-S105 Version 1.2.0 Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches Please read this document before you begin to use the management software. NOTE This

More information

Layer 3 Network + Dedicated Internet Connectivity

Layer 3 Network + Dedicated Internet Connectivity Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for

More information

Overview of Routing between Virtual LANs

Overview of Routing between Virtual LANs Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information

More information

State of Texas. TEX-AN Next Generation. NNI Plan

State of Texas. TEX-AN Next Generation. NNI Plan State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

ProCurve Networking. LAN Aggregation Through Switch Meshing. Technical White paper

ProCurve Networking. LAN Aggregation Through Switch Meshing. Technical White paper ProCurve Networking LAN Aggregation Through Switch Meshing Technical White paper Introduction... 3 Understanding Switch Meshing... 3 Creating Meshing Domains... 5 Types of Meshing Domains... 6 Meshed and

More information

Executive Summary. AUGUST 2002 Secure Use of VLANs: An @stake Security Assessment

Executive Summary. AUGUST 2002 Secure Use of VLANs: An @stake Security Assessment R e s e a r c h R e p o r t @stake consultants David Pollino and Mike Schiffman, CISSP, conducted the testing and analysis. Mr. Pollino is the Director of the Wireless Center of Excellence at @stake. He

More information

Troubleshooting an Enterprise Network

Troubleshooting an Enterprise Network Troubleshooting an Enterprise Network Introducing Routing and Switching in the Enterprise Chapter 9 Released under Creative Commons License 3.0 By-Sa Cisco name, logo and materials are Copyright Cisco

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

48 GE PoE-Plus + 2 GE SFP L2 Managed Switch, 375W

48 GE PoE-Plus + 2 GE SFP L2 Managed Switch, 375W GEP-5070 Version: 1 48 GE PoE-Plus + 2 GE SFP L2 Managed Switch, 375W The LevelOne GEP-5070 is an intelligent L2 Managed Switch with 48 x 1000Base-T PoE-Plus ports and 2 x 100/1000BASE-X SFP (Small Form

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

TP-LINK. JetStream 28-Port Gigabit Stackable L3 Managed Switch. Overview. Datasheet T3700G-28TQ. www.tp-link.com

TP-LINK. JetStream 28-Port Gigabit Stackable L3 Managed Switch. Overview. Datasheet T3700G-28TQ. www.tp-link.com TP-LINK JetStream 28-Port Gigabit Stackable L3 Managed Switch Overview TP-LINK s is an L3 managed switch designed to build a highly accessible, scalable, and robust network. The switch is equipped with

More information

Panasonic New Zealand Limited

Panasonic New Zealand Limited Success Story Panasonic New Zealand Limited Panasonic New Zealand Limited, located in Auckland, select an Allied Telesis network solution for their new premises. Panasonic choose Allied Telesis COMPANY

More information

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Implement Spanning Tree Protocols LAN Switching and Wireless Chapter 5 Explain the role of redundancy in a converged

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Technical Note. ForeScout CounterACT: Virtual Firewall

Technical Note. ForeScout CounterACT: Virtual Firewall ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...

More information