Network Security. Ensuring Information Availability. Security
|
|
- Lee Hill
- 8 years ago
- Views:
Transcription
1 Ensuring Information Availability Security
2 - Ensuring Information Availability Introduction The advent of the Internet and the huge array of connected devices has led to an insatiable demand for access to information when and where we need it. This has also changed the way we do business, with an ever increasing reliance on Information Technology resources and applications. The security of these resources has become a principal concern for network administrators to ensure maximum availability of the corporate network and Internet access. The deployment of switched networks in the Enterprise provides high-speed access to applications and the sharing of information. Security on these switches is as important as that of servers and end user computer equipment. The switches are as integral to maintaining network security as they are to forwarding data. There are a number of ways that the switching infrastructure maintains security in the modern network. industry leading switching technology provides a comprehensive security suite and supports a multi-layered approach to safeguarding the network, users, and business critical information. First, we will consider four areas where switches can help ensure a reliable and secure network infrastructure, and then look at some common network attacks and how they are mitigated. Multi-layered security Providing a secure environment for the sharing of corporate information and broader online access requires a considered approach. When security is cohesively implemented in the ) Network Infrastructure ) Switch Management 3) Features 4) Network Access the outcome is a resilient and reliable environment for access to online resources. ) Network Infrastructure The underlying network design is the starting point, providing a solid platform on which further switch features can secure network access and specific applications. Dividing the LAN up into Virtual LANs (VLANs) reduces broadcast traffic on the network and simplifies management. VLANs group subsets of ports into virtual broadcast domains which are isolated from each other. This provides a scalable solution as the network grows, while limiting unnecessary traffic from using precious network bandwidth. It also allows management of network access, and application use to be controlled for different groups of users, who do not need to be located together physically. As data packets are marked as belonging to a specific VLAN, we can separate traffic into independent domains and the switch can manage it appropriately. As IP networking has found its way into an increasingly wide array of scenarios, VLAN implementation has kept pace with advanced features to meet the security needs of different market segments. Private VLANs Private VLANs block traffic between hosts in that VLAN. This is perfect, for example, in a Hotel environment where guests in each room can be provided with Internet access, while traffic between rooms is disallowed for security. In conjunction with other advanced security features, private VLANs can be used to tightly manage Layer security in a switched environment. Nested VLANs Nested VLANs are used to overlay a private Layer network over a public Layer network. This allows a customer s LAN to spread to multiple locations in a city, as a second VLAN identifier is used to isolate customer traffic as it is tunnelled through the network Service Provider s infrastructure. Page
3 Virtual customer networks over shared Ethernet infrastructure is another solution facilitated by Nested VLANs, as shown in figure. In a multi-tenant building, each tenant can have their own VLAN structure overlaid on the physical network, and utilizing a high-speed resilient ring topology around the building provides exceptional performance. Each tenant s data runs within its own tunnel, completely separated from anyone else s data, with no possibility of cross-over from one virtual network to another. secure switches allow building management companies to make additional services available to tenants, such as a centralised Data Center and Internet access. The tenant s VLAN structure is encapsulated in a single QinQ VLAN for secure high speed access across their own virtual network to other office space, the data center and Internet. VLAN A Management VLAN Sales B VLAN C Service VLAN 3 x900-4xt Tenant 3 VLAN 3 x900-4xt VLAN Tenant VLAN Tenant VLAN 3 Tenant 3 x600-4ts VLAN 4 Tenant 4 SwitchBlade x908 Data Center Tenant Tenant Tenant 3 Tenant 4 AR750S Router Internet Figure : Virtual customer networks over shared Ethernet infrastructure Page 3
4 - Ensuring Information Availability " security features provide a safe environment for sharing information" ) Secure Switch Management On top of a securely designed environment is the need to manage the various devices that constitute the overall network. switches have a number of secure management options. An out of band Ethernet management port is provided to separate management access from network traffic. When remotely logging in to monitor or manage a switch, Secure Shell (SSH) access provides confidentiality and integrity of data. Switches can be further secured by disabling unused access services, for example, HTTP server and Telnet server. Network management systems use Simple Network Management Protocol (SNMP) to communicate with network switches and other devices. support of SNMPv3 provides secure access with authentication and encryption of management data. Additionally, the Graphical User Interface (GUI) utilises SNMPv3 for protected access when using this visual tool for monitoring and management. To provide a detailed audit trail in the event of a suspected security breach, or other problem, a Syslog server can be configured so switch log messages are stored in a central network repository. 3) Features switches provide numerous security features to enable a safe environment for sharing information. Let s have a look at a few of these: Port Security The ability to limit the number of workstations that are able to connect to specific ports on the switch is managed with Port Security. If these limits are breached, or access from unknown workstations is attempted, the port can do any or all of the following - drop the untrusted data, notify the network administrator, or disable the port. Further to this, specific ports can be set to only allow network access at specific times of day. For example, as shown in figure, a school can keep tight control over network access and application availability for students. Servers x600 AR45 Internet Classroom 8000S Network access allowed between 8am and 4pm 8000S Computer Lab Gigabit link 0/00 link Link aggregation Advanced port security options allow this school to control the times of day that access to online resources and the Internet is available Figure : Port Security Page 4
5 Secure configuration of Spanning Tree Protocol (STP) STP is the most commonly used means of preventing loops in Layer networks. There are two protection mechanisms that should always be enabled to improve robustness, as STP has no inbuilt security. ) STP Root Guard prevents a malicious user being able to access inappropriate data on the network, by allowing the network administrator to securely enforce the topology of the spanning tree. ) BPDU Guard similarly increases the security of STP by allowing the network administrator to enforce the borders of the spanning tree, keeping the active topology predictable. Storm Protection Use storm protection to reduce adverse affects of any network loop that would potentially swamp the network. There are three facets that together protect the network from storms. ) Loop detection monitors traffic for a return of a loop detection probe packet and in the event of a problem can take a variety of actions including logging a fault, disabling a link, or disabling a port or VLAN. ) Thrash limiting detects a loop if certain device hardware addresses are being rapidly relearned on different ports. In the event of a problem similar actions to loop detection can be taken. Control Plane Prioritisation (CPP) CPP prevents the Control Plane from becoming flooded in the event of a network storm or Denial of Service (DoS) attack, ensuring critical network control traffic always reaches its destination. Denial of Service (DoS) attack prevention A DoS attack is an attempt to make online resources unavailable to users. There are a number of known DoS attacks that can be monitored, with detection options being to notify network administration and/or shut down the affected switch port. DHCP Snooping DHCP servers allocate IP addresses to clients, and the switch keeps a record of addresses issued on each port. IP Source Guard checks against this DHCP snooping database to ensure only clients with specific IP and/or MAC address can access the network. DHCP snooping can be combined with other features, like Dynamic ARP Inspection, to increase security in layer switched environments, and also provides a traceable history, which meets the growing legal requirements placed on Service Providers. Access Control Lists (ACLs) and Filters Managing traffic volume and the types of traffic allowed on the network is essential to ensure a high performance, guard against unwanted traffic, and provide continuous access to important data. powerful ACLs and filtering capability provide a mechanism for network traffic control, all handled in the switches' hardware so wire-speed performance is maintained. 3) Storm control limits the rate at which a port will forward broadcast, multicast or unknown unicast packets. This controls the level of traffic that a loop will cause to be flooded in the network. Page 5
6 - Ensuring Information Availability 4) Controlling Network Access The security issues facing enterprise networks have evolved over the years, with the focus moving from mitigating outward attacks to reducing internal breaches and the infiltration of malicious software. This internal defence requires significant involvement with individual devices on a network, which creates greater overhead on network administrators. lowers this overhead and provides an effective solution to internal network security by integrating advanced switching technology as a part of Network Access Control (NAC). In conjunction with NAC, Tri-authentication provides options for managing network access for all devices. Network Access Control (NAC) NAC allows for unprecedented control over user access to the network, in order to mitigate threats to network infrastructure. switches use 80.x port-based authentication in partnership with standards-compliant dynamic VLAN assignment, to asses a user s adherence to network security policies and either grant authentication or offer remediation. Furthermore, if multiple users share a port then multi-authentication can be used. Different users on the same port can be assigned into different VLANs, and so given different levels of network access. Additionally, a Guest VLAN can be configured to provide a catch-all for users who aren't authenticated. Tri-authentication Authentication options include alternatives to 80.x port based authentication, such as web authentication to enable guest access, and MAC authentication for end points that do not have an 80.x supplicant, as shown in figure 3. All three authentication methods - 80.x, MAC-based and Web-based, can be enabled simultaneously on the same port (tri-authentication). Strong Access Shield By providing Tri-authentication, and integrating with NAC, Allied Telesis switches constitute a secure wall around the edge of your LAN, allowing no infected or rogue devices to get network access. Policy and RADIUS Server 80.x authenticated device x600-4ts Tri-authentication capable switch Policy Decision Point Web authenticated device Policy Enforcement Point MAC authenticated device Access Requestor Figure 3: Tri-authentication Page 6
7 Mitigating common network attacks Network security is significantly increased with ' superior multi-layer security suite that we ve described. However, due to increased mobility and the wide availability of various hacking tools, attacks can still occur from within the LAN itself. Let s consider some of the more common information stealing and denial of service attacks and how the switch security suite protects your LAN, preserving the safety of both your mission-critical applications and your productivity. MAC flooding attack Information stealing can be facilitated using a MAC flooding attack, which provides a source of accessible data. A malicious host sends packets from thousands of different bogus source MAC addresses, which fills the forwarding database. Once full, legitimate traffic is flooded and becomes widely accessible, as the switch does not have room to learn any more specific destination addresses in the forwarding database. switches provide two security measures which guard against a MAC flooding attack. The first is host authentication, where authenticating ports will only accept traffic from the MAC addresses of authenticated hosts. The second is port security, which controls how many MAC addresses can be learnt on a specific port, as shown in the diagrams below. Configurable options when limits are breached are to drop the un-trusted data, notify the network administrator, or disable the port. Address Resolution Protocol (ARP) spoofing attacks Another form of information stealing attack is ARP spoofing. A malicious host sends a bogus reply to a network server, claiming to be a genuine host desiring information. Once the switch has an incorrect entry in its ARP table, the malicious host starts to receive data intended for the genuine recipient. switches use DHCP Snooping with ARP Security to protect your network from ARP spoofing attacks. All ARP replies from un-trusted ports are checked to ensure they contain legitimate network addressing information, safeguarding your network and ensuring online information reaches its intended destination. Traffic generated with bogus source MAC addresses 3 Traffic destined for B is also visible to C Traffic flooded Port 3 C B A B A B A Port Port Traffic flooded MAC flooding attack The switch s MAC table is full of bogus MAC addresses. No room to learn any more, so all packets are treated as unknown destination MAC and flooded Configure a MAC learn limit on the switch s edge ports C 3 Traffic destined for B is no longer flooded Port 3 B A A B Port Port MAC flooding defence When the MAC limit is reached, packets from any further MACs are dropped Page 7
8 - Ensuring Information Availability VLAN hopping attacks VLANs aim to provide a degree of network security via user segmentation. A malicious host wishing to gain access to an unauthorised VLAN sends a tagged packet into the network with the VLAN identifier of the target VLAN, which typically the switch will forward to that VLAN. A variation on the VLAN attack is to send a double-tagged packet with the outer tag of the originating VLAN and an inner tag of the target VLAN. The switch will strip off the outer tag and pass the packet on to the target VLAN identified by the inner tag. switches eliminate basic and double-tagged VLAN hopping attacks by using Ingress Filtering to drop all tagged packets, since workstations attached to edge ports should not send tagged packets into the network, as shown in the diagrams below. Spanning Tree Protocol (STP) Attack STP prevents loops in Layer networks, while allowing path redundancy. Switch ports are designated as being either in a forwarding state or a blocked state. If a path becomes unavailable, the network responds by unblocking a previously blocked path to allow traffic to flow. In an STP attack, a malicious user sends an STP message (BPDU) which attempts to compromise the network topology, by forcing it to reconfigure. switches prevent spanning tree attacks by using BPDU guard on all edge ports, preventing bogus STP messages originating from a workstation. Double-tagged packets sent with an outer tag of the local VLAN, and inner tag of the target VLAN Victim 80.q, 80.q Trunk 80.q, Frame Frame Target VLAN Attacker The switch strips off the first tag and sends back out Double-tag VLAN hopping attack Configure the switch s edge ports with ingress filtering to accept ONLY untagged packets Victim Attacker Trunk 80.q, 80.q 3 Target VLAN Tagged packets are dropped Double-tagged packets sent with an outer tag of the local VLAN, and inner tag of the target VLAN Double-tag VLAN defence Page 8
9 Dynamic Host Configuration Protocol (DHCP) attacks DHCP servers allocate IP network addresses to hosts, allowing them to access resources on the network. Two forms of DHCP attack can compromise user s network access. ) DHCP Starvation Attack A malicious user inundating the DHCP server with countless requests from different bogus MAC addresses, results in the server running out of IP addresses. Genuine users are unable to gain a network address and therefore network access. switches use port security to stop malicious users sending multiple MAC addresses to the DHCP server, as shown in the diagrams below. Options are available for corrective action including notifying the network administrator and/or disabling the switch port of the offender. ) DHCP Rogue Server Attack A malicious user disguises himself as a DHCP server and responds to DHCP requests with a bogus network address, compromising the network access of genuine users. switches avoid DHCP rogue server attacks using DHCP Snooping to designate which ports may accept DHCP server response packets. If a rogue server is attached to an 'untrusted' port, its response packets will be dropped, rendering it useless. Denial of Service (DoS) attacks Keeping productivity high requires reliable network access, and there are a number of DoS attacks that can threaten to thwart information availability. Some of these target devices, causing them to reduce performance, while others attempt to send a storm of data at a specific victim, or consume online resources. switches are capable of mitigating all of these attacks using DoS defence, which for the majority of these attacks is implemented in the switch s hardware, so does not affect network performance. Attacker sends many different DHCP requests with many source MACs Port Server runs out of IP addresses to allocate to valid users Port DHCP Server Port 3 DHCP starvation attack Configure MAC learn limit on switch s edge ports Port Attacker sends many different DHCP requests with many source MACs Port DHCP Server Port 3 3 When the learn limit is reached, packets from any further MACs are dropped DHCP starvation defence Page 9
10 Summary switches guarantee a reliable and secure network infrastructure. The fully featured security suite safeguards the network, as well as mitigating threats that would compromise user s access to business critical resources and applications. Network administrators can rest assured that the network is resilient and reliable, and business owners can expect reduced expense along with increased productivity. network security ensuring information availability. About Inc. is a world class leader in delivering IP/Ethernet network solutions to the global market place. We create innovative, standards-based IP networks that seamlessly connect you with voice, video and data services. Enterprise customers can build complete end-to-end networking solutions through a single vendor, with core to edge technologies ranging from powerful 0 Gigabit Layer 3 switches right through to media converters. also offer a wide range of access, aggregation and backbone solutions for Service Providers. Our products range from industry leading media gateways which allow voice, video and data services to be delivered to the home and business, right through to high-end chassis-based platforms providing significant network infrastructure. ' flexible service and support programs are tailored to meet a wide range of needs, and are designed to protect your investment well into the future. Visit us online at. USA Headquarters 9800 North Creek Parkway Suite 00 Bothell WA 980 USA T: F: European Headquarters Via Motta Chiasso Switzerland T: F: Asia-Pacific Headquarters Tai Seng Link Singapore 5348 T: F: Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C RevA
Solutions for LAN Protection
Solutions Guide Solutions for LAN Protection Allied Telesis security features safeguard networks and mitigate attacks Introduction The increasing number of connected devices in today s networks has created
More informationAllied Telesis provide virtual customer networks
Solutions Network Virtualization Allied Telesis provide virtual customer networks over shared Ethernet infrastructure Solutions Network Virtualization Today s building management companies can derive revenue
More informationCase Study Ministry of Agriculture, France
Case Study Ministry of Agriculture, France The Ministry of Agriculture and Fishing in France selects Allied Telesis for their new network solution in the central Paris offices, providing the strong network
More informationSolutions Guide. Education Networks
Solutions Guide Education Networks Education needs and objectives Modern education networks are complex, and serve a rapidly developing set of requirements, some of which challenge the technology and its
More informationSolution Network Virtualization. Allied Telesis - delivering value with Network Virtualization
Solution Network Virtualization Allied Telesis - delivering value with Network Virtualization Solution Delivering value with Network Virtualization Virtualization is a central theme in current IT development
More informationSolutions Guide. Ethernet-based Network Virtualization for the Enterprise
Solutions Guide Ethernet-based Network Virtualization for the Enterprise Introduction The concept of Tunnelling Layer 2 and Layer 3 connections across a shared Layer 2 network used to be the preserve of
More informationVCStack - Powerful Simplicity. Network Virtualization for Today's Business
Network Virtualization for Today's Business Introduction Today's enterprises rely on Information Technology resources and applications, for accessing business-critical information and for day-to-day work.
More informationx900 Switch Access Requestor
Network Security Solutions Implementing Network Access Control (NAC) Tested Solution: Protecting your network with Microsoft Network Access Protection (NAP) and Switches Today s networks increasingly require
More informationNetwork Access Control (NAC)
Solutions Network Access Control (NAC) Allied Telesis provides advanced edge security for Enterprise networks Security Issues The security issues facing Enterprise networks have evolved over the years,
More informationSecuring end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
More information24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch TL-SL5428E
ACL, 802.1X Authentication, Port Security, IP Filtering, Storm control, DHCP Snooping, IP Source Guard and DoS Defend provide you robust security strategy Single-IP-Management supports virtual stack of
More informationSolutions Guide. Resilient Networking with EPSR
Solutions Guide Resilient Networking with EPSR Introduction IP over Ethernet is now a well-proven technology in the delivery of converged services. Ethernet-based Triple-Play services have become an established
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationSolutions Guide. High Availability IPv6
Solutions Guide High Availability IPv6 Introduction The Internet has forever changed contemporary society, with online access an integral part of our 21st century lifestyles. Finding out what movie is
More informationManagement Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.
Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationTP-LINK. 24-Port Gigabit L2 Managed Switch with 4 SFP Slots. Overview. Datasheet TL-SG5428. www.tp-link.com
TP-LINK TM 24-Port Gigabit L2 Managed Switch with 4 SFP Slots Overview Designed for workgroups and departments, from TP-LINK provides full set of layer 2 management features. It delivers maximum throughput
More informationAlliedWare TM OS How To. Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks. Introduction. Related How To Notes
AlliedWare TM OS How To Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks Introduction When you use DHCP servers to allocate IP addresses to clients on a LAN, you can also configure DHCP
More informationNetwork security includes the detection and prevention of unauthorized access to both the network elements and those devices attached to the network.
By: Ziad Zubidah CCNP Security IT Security Officer National Information Technology Center Network security includes the detection and prevention of unauthorized access to both the network elements and
More informationNetwork Security Solutions Implementing Network Access Control (NAC)
Network Security Solutions Implementing Network Access Control (NAC) Tested Solution: Protecting a network with Sophos NAC Advanced and Switches Sophos NAC Advanced is a sophisticated Network Access Control
More informationSolution Profile. i-net Infrastructure
Solution Profile i-net Infrastructure Executive Overview Traditionally, network infrastructures are built using unmanaged, Layer 2, Layer 2+ or Layer 3 network elements embedded in an architecture to offer
More informationThis How To Note describes one possible basic VRRP configuration.
AlliedWare TM OS How To Configure VRRP (Virtual Router Redundancy Protocol) Introduction VRRP is a popular protocol for providing device redundancy, for connecting redundant WAN gateway routers or server
More informationTP-LINK 24-Port Gigabit L2 Managed Switch with 4 SFP Slots
NEW TP-LINK 24-Port Gigabit L2 Managed Switch with 4 SFP Slots TM NEW Overview Designed for workgroups and departments, from TP-LINK provides full set of layer 2 management features. It delivers maximum
More informationAlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability
AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability Introduction Increasingly we see the deployment of switched networks in the Enterprise and the use of switches in
More informationHARTING Ha-VIS Management Software
HARTING Ha-VIS Management Software People Power Partnership HARTING Management Software Network Management Automation IT - with mcon Switches from HARTING With the Ha-VIS mcon families, HARTING has expanded
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationAlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability
AlliedWare Plus OS How To Configure Switches for Maximum Security and Network Stability Introduction Increasingly we see the deployment of switched networks in the Enterprise and the use of switches in
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationTP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL5428E. www.tp-link.com
TP-LINK 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch Overview TP-LINK JetStream L2 managed switch provides high performance, enterprise-level QoS, advanced security strategies and rich layer 2
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
More informationTP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL3428. www.tp-link.com
TP-LINK TM 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch Overview TP-LINK JetStream TM gigabit L2 managed switch provides 24 10/100Mbps ports. The switch provides high performance, enterprise-level
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationCampus LAN at NKN Member Institutions
Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 1/7/2015 3 rd Annual workshop 1 Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and
More informationVLAN and QinQ Technology White Paper
VLAN and QinQ Technology White Paper Issue 1.01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More information24-port 10/100 + 4-port Gigabit
24-port 10/100 + 4-port Gigabit Managed Switch IP Clustering supports virtual stack of 32 units L2/L3/L4 QoS, Voice VLAN, and IGMP snooping/filtering optimize voice and video application ACL, 802.1x, IP
More informationTP-LINK L2 Managed Switch
NEW TP-LINK L2 Managed Switch TM NEW TL-SL3428/TL-SL3452 Overview TP-LINK JetStream TM L2 managed switch TL-SL3428/TL-SL3452 provides 24/48 10/100Mbps ports, the switch provide high performance, enterprise-level
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationConfigure A Secure School Network Based On 802.1x
How To Configure A Secure School Network Based On 802.1x The problem Schools offer a unique set of challenges to network designers. As well as all the usual requirements of modern network users high bandwidth,
More informationALLNET ALL8944WMP Layer 2 Management 24 Port Giga PoE Current Sharing Switch
ALLNET ALL8944WMP Layer 2 Management 24 Port Giga PoE Current Sharing Switch 24-Port Giga PoE Current Sharing Pv6 and IPv4 Dual Protocol SNMP v1/v2c/v3 SSH version 2.0 Authentication TACACS+ Jumbo Frames
More informationAT-S63 and AT-S63 NE Version 1.0.0 Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes
AT-S63 and AT-S63 NE Version 1.0.0 Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes Supported Platforms Please read this document before you begin to
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationConfigure Policy-based Routing
How To Note How To Configure Policy-based Routing Introduction Policy-based routing provides a means to route particular packets to their destination via a specific next-hop. Using policy-based routing
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationDCS-3950-52C Fast Ethernet Intelligent Access Switch Datasheet
DCS-3950-52C Fast Ethernet Intelligent Access Switch Datasheet DCS-3950-52C Product Overview DCS-3950-52C switch is Fast Ethernet intelligent security access switch for carrier and MAN networks. It supports
More informationBuilding Secure Network Infrastructure For LANs
Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More information20 GE + 4 GE Combo SFP + 2 10G Slots L3 Managed Stackable Switch
GTL-2691 Version: 1 Modules are to be ordered separately. 20 GE + 4 GE Combo SFP + 2 10G Slots L3 Managed Stackable Switch The LevelOne GEL-2691 is a Layer 3 Managed switch with 24 x 1000Base-T ports associated
More informationSolution Profile. Branch in a Box
Solution Profile Branch in a Box Executive Overview Today s networks have evolved from mere data connectivity sources to business enablers supporting mission critical applications which form an integral
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More informationSolutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.
Solutions Guide Secure Remote Access Allied Telesis provides comprehensive solutions for secure remote access. Introduction The world is generating electronic data at an astonishing rate, and that data
More informationCisco SPS208G 8-Port 10/100 + 2-Port Gigabit SP Switch Cisco Small Business Gigabit SP Switches
Cisco SPS208G 8-Port 10/100 + 2-Port Gigabit SP Switch Cisco Small Business Gigabit SP Switches Service Provider Focused Metro Access Solution Suited for MTU/MDU Applications Highlights Cost-effective
More informationTested Solution: Network Configuration and Inventory Management using Upgrade Manager
Network Management Solutions Tested Solution: Network Configuration and Inventory Management using Upgrade Manager Upgrading the operating system images across a set of network nodes is an irregular event.
More informationIMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)
IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH) COURSE OVERVIEW: Implementing Cisco Switched Networks (SWITCH) v2.0 is a five-day instructor-led training course developed to help students prepare for
More informationS5700S-LI Series Gigabit Enterprise Switches
HUAWEIENTERPRI SEUSA,I NC. S5700S-LI Series Gigabit Enterprise Switches Product Overview The S5700S-LI series gigabit enterprise switches (S5700S-LI for short) are next-generation energy-saving switches
More informationChapter 3. Enterprise Campus Network Design
Chapter 3 Enterprise Campus Network Design 1 Overview The network foundation hosting these technologies for an emerging enterprise should be efficient, highly available, scalable, and manageable. This
More informationDCS-3950-28CT-POE fully loaded AT PoE Switch Datasheet
DCS-3950-28CT-POE fully loaded AT PoE Switch Datasheet DCS-3950-28CT-POE Product Overview DCS-3950-28CT-POE is fully loaded PoE switch for carrier and enterprises. It supports comprehensive QoS, enhanced
More informationLocal Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1
Local Area Networks LAN Security and local attacks TDC 363 Winter 2008 John Kristoff - DePaul University 1 Overview Local network attacks target an internal network Some attacks can be launched remotely
More informationconfigure WAN load balancing
How To configure WAN load balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect of this requirement
More informationINDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) 2576 8800 (DR)
Item CORE SWITCH: 24 Ports Item Description 1)General requirements: Switch- modular operating system, non-blocking wire speed performance. Switch solution-capable of providing complete redundancy by using
More informationEX 3500 ETHERNET SWITCH
PRODUCT SPEC SHEET EX 3500 ETHERNET SWITCH EX 3500 ETHERNET SWITCH EQUIPPED THE WIRED ETHERNET SWITCH FOR UNIFIED WIRED-WIRELESS NETWORKS GET ALL THE WIRED NETWORKING FEATURES YOU NEED, PLUS THE SIMPLICITY
More informationNetwork-in-a-Box Solution. Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks
Network in a Box Network-in-a-Box Solution Services already integrated in the core switch Ideal concept for branch offices, schools or other small business networks Network-in-a-Box Solution The switch
More informationJuniper / Cisco Interoperability Tests. August 2014
Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper
More informationHow To Use An At9924 For A Long Distance Connection On A Powerline On A Ppltd Network (Powerline) On A Superfast Network (Networking) On An At 9924 (Powerplt) On The P
Case Study PLDT PLDT PLDT, the leading telecommunications provider in the Philippines, selects Allied Telesis advanced Gigabit switches for the layer 2 aggregation requirements of its Next Generation Network.
More informationExploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin
Exploiting First Hop Protocols to Own the Network Rocket City TakeDownCon 2015 Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin www.dynetics.com V## Goes Here 1 OSI and TCP/IP Model OSI
More informationSoftware Defined Networking
White Paper Software Defined Networking Introduction Software Defined Networking (SDN) is a concept that is generating a lot of interest right now. As the complexity and performance expectations of Ethernet
More informationUse MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs
How To Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs Introduction In a large network where internal users cannot be trusted, it is nearly impossible to stop a host from
More informationProduct VioCall Express Connect. VioCall Express Connect VoIP Solution for SMB/SME Market
Product VioCall Express Connect VioCall Express Connect VoIP Solution for SMB/SME Market Products VioCall Express Connect VioCall Express Connect VoIP Solution for SMB/SME Market Allied Telesyn s new Voice
More informationReducing the burden of network management
White Paper Reducing the burden of network management Introduction Ethernet networking has developed at an immense rate in the last 20 years. Not long ago, an Ethernet network consisted of a length of
More informationAlliedWare Operating System
Datasheet AlliedWare Operating System AlliedWare Layer 3 Fully Featured Operating System AlliedWare is ' feature-rich first generation operating system. It serves as the foundation for ' original Layer
More informationALLNET ALL-SG8926PM Layer 2 FULL Management 24 Port Giga PoE Current Sharing Switch IEEE802.3at/af
ALLNET ALL-SG8926PM Layer 2 FULL Management 24 Port Giga PoE Current Sharing Switch IEEE802.3at/af 24-Port Giga PoE Current Sharing 500W PoE Budget IPv6 and IPv4 Dual Protocol SNMP v1/v2c/v3 SSH version
More informationVirtual PortChannels: Building Networks without Spanning Tree Protocol
. White Paper Virtual PortChannels: Building Networks without Spanning Tree Protocol What You Will Learn This document provides an in-depth look at Cisco's virtual PortChannel (vpc) technology, as developed
More informationCHAPTER 10 LAN REDUNDANCY. Scaling Networks
CHAPTER 10 LAN REDUNDANCY Scaling Networks CHAPTER 10 10.0 Introduction 10.1 Spanning Tree Concepts 10.2 Varieties of Spanning Tree Protocols 10.3 Spanning Tree Configuration 10.4 First-Hop Redundancy
More informationLayer 3 Network + Dedicated Internet Connectivity
Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for
More informationAT-S105 Version 1.2.0 Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches
AT-S105 Version 1.2.0 Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches Please read this document before you begin to use the management software. NOTE This
More informationExecutive Summary. AUGUST 2002 Secure Use of VLANs: An @stake Security Assessment
R e s e a r c h R e p o r t @stake consultants David Pollino and Mike Schiffman, CISSP, conducted the testing and analysis. Mr. Pollino is the Director of the Wireless Center of Excellence at @stake. He
More informationJuniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009
Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results May 1, 2009 Executive Summary Juniper Networks commissioned Network Test to assess interoperability between its EX4200 and EX8208
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationChrist s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology
Case Study Christ s College Christ s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology Case Study: Christ s College, Canterbury
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationAT-S63 Version 3.1.0 Management Software for the AT-9400 Basic Layer 3 Gigabit Ethernet Switches Software Release Notes
AT-S63 Version 3.1.0 Management Software for the AT-9400 Basic Layer 3 Gigabit Ethernet Switches Software Release Notes Please read this document before you begin to use the management software. Supported
More informationApply Firewall Policies And Rules
How To Apply Firewall Policies And Rules Introduction This How To Note describes some of the more subtle aspects of dealing with firewall policies and how to apply rules to various traffic flows when using
More informationThe top 3 network management challenges
White Paper The top 3 network management challenges BALANCING ACTS IN THE ENTERPRISE NETWORK Introduction Organizations rely heavily on their data network, yet the network goes unnoticed most of the time.
More informationTP-LINK. Gigabit L2 Managed Switch. Overview. Datasheet TL-SG3216 / TL-SG3424. www.tp-link.com
TP-LINK TM Gigabit L2 Managed Switch TL-SG3216 / TL-SG3424 Overview TP-LINK JetStream TM gigabit L2 managed switch 3 series family consists of two switches: TL-SG3216 with 16 10/100/1000Mbps ports and
More informationTroubleshooting an Enterprise Network
Troubleshooting an Enterprise Network Introducing Routing and Switching in the Enterprise Chapter 9 Released under Creative Commons License 3.0 By-Sa Cisco name, logo and materials are Copyright Cisco
More informationTop 14 best practices for building video surveillance networks
White Paper Top 14 best practices for building video surveillance networks Introduction The shift from analog to Internet Protocol (IP) surveillance cameras has changed the way that video surveillance
More informationObjectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Implement Spanning Tree Protocols LAN Switching and Wireless Chapter 5 Explain the role of redundancy in a converged
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
More informationDCRS-5650 Dual Stack Ethernet Switch Datasheet
DCRS-5650 Dual Stack Ethernet Switch Datasheet DCRS-5650-28C Product Overview DCRS-5650 series switch is L3 Fast Ethernet switch which meets the requirements of security and intelligent networks for education
More informationCisco Network Foundation Protection Overview
Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More information48 GE PoE-Plus + 2 GE SFP L2 Managed Switch, 375W
GEP-5070 Version: 1 48 GE PoE-Plus + 2 GE SFP L2 Managed Switch, 375W The LevelOne GEP-5070 is an intelligent L2 Managed Switch with 48 x 1000Base-T PoE-Plus ports and 2 x 100/1000BASE-X SFP (Small Form
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationUniversal Network Access Policy
Universal Network Access Policy Purpose Poynton Workmens Club makes extensive use of network ed Information Technology resources to support its research and administration functions and provides a variety
More informationCisco SLM2048 48-Port Gigabit Smart Switch Cisco Small Business Smart Switches
Cisco SLM2048 48-Port Gigabit Smart Switch Cisco Small Business Smart Switches Cost-Effective, Secure Switching with Simplified Management for Your Growing Business Highlights Easy-to-use web browser interface
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationProCurve Networking. Hardening ProCurve Switches. Technical White Paper
ProCurve Networking Hardening ProCurve Switches Technical White Paper Executive Summary and Purpose... 3 Insecure Protocols and Secure Alternatives... 3 Telnet vs. Secure Shell... 3 HTTP vs. HTTPS... 3
More information