Lucent VPN Firewall Security in x Wireless Networks

Size: px
Start display at page:

Download "Lucent VPN Firewall Security in 802.11x Wireless Networks"

Transcription

1 Lucent VPN Firewall Security in x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper addresses how to: Provide security on the wireless Ethernet network (802.11x) Authenticate the users on the network Secure the wired segment of the network Scan the data in order to protect the network

2 Contents Corporate Wireless Deployment Increasing, But Security is a Major Concern...3 WiFi Installations increase overall network vulnerability...3 The Wireless section needs to be secured...4 The Users need to be authenticated...6 The Wired segment needs to be secured...7 The Data needs to be scanned...9 Performance Monitoring...10 Summary...10 Lucent Security Products securing your Networks:

3 Corporate Wireless Deployment Increasing, But Security is a Major Concern As enterprises seek to reap the benefits of mobility, 64% of businesses intend to increase wireless local-area network (WLAN) deployment during the next 12 months, according to a new survey by Gartner 1. A total of 44% of respondents said the primary reason to deploy a WLAN was improving productivity with mobility. According to the Telecom Asia report 21% of respondents said the primary reason was to provide access to places not possible to wire, while 13% of respondents thought wireless networks were a less-expensive or simpler way to deploy LAN connectivity, or they considered using WLANs to improve efficiency in specific business processes or operations. 1 Corporate WLAN booming, but Security remains major concern says Gartner Telecom Asia report dated July 14, 2006 Although wireless LANs are not a new endeavor, interest in them is still growing. Wireless LANs are becoming a standard part of enterprise networks, covering entire facilities, not just meeting rooms, said Rachna Ahlawat, analyst at Gartner. However, as wireless LANs expand from conference rooms to the whole enterprise, concerns about security and network management are rising. We ve gone from thinking of offices as network nodes to considering each employee as a node on a wired network. Now, every major physical item the company owns is becoming a node on a wireless network. Security was considered to be among the top five concerns in adopting WLANs by 95% of respondents, and 60% of respondents do not believe they have adequate security for their wireless environment. The secondbiggest concern was the management of WLANs. This was more important for businesses that had already deployed networks than for those about to do so or still at the planning stage. Vendors should share best practices of securing and managing not just network components, but the devices connected to the wireless network, said Rachna Ahlawat. WiFi Installations increase overall network vulnerability Installing a wireless Ethernet network (802.11x) requires a security approach that secures the network and the data from end to end. The concerns involved with come in various forms as the data traverses the network. At one point the data is in radio format or wireless which has many vulnerabilities. When the wireless data reaches the Access Point it becomes wire-line data or Ethernet following any of a collection of IEEE standards. The data is then transported to the hosts on the network and likely to a WAN link to reach the public network. 3

4 Ethernet Switch Wired Wireless x To Network The Wireless portion needs to be secured. The Users need to be authenticated. The Wired portion needs to be secured. The Data needs to be scanned. Figure 1 Where to apply security on WiFi networks The Wireless section needs to be secured Securing the wireless portion of the network can be handled in a few different ways. Most wireless Access Point manufacturers provide a few tools to do this including; Wireless Equivalency Privacy (WEP), MAC address filtering and DHCP Server protocol. In every case each wireless segment must be scrutinized by a firewall before the data is passed onto the corporate network. 1. WEP, although not perfect and easily broken, does provide encryption from the workstation to the Access Point. Depending on how the data is handled downstream this may suffice. Another much more desirable option would be to use AES encryption or an IP Sec Client on all wireless PC s that will be allowed on the wireless segments. Again this is a very effective security measure but may be limiting in that this will only allow PC s with the client installed to enter the network. The method of using an IP Sec Client is the recommended way according to NIST (National Institute of Standards and Technology). By using the IP Sec Client the network will conform to FIPs (Federal Information Processing Standard). 2. MAC address filtering is a method by which an administrator enters all of the MAC addresses of the PC s that will be allowed on the network at the Access Point. The Access Point will then compare the inbound traffic MAC address with its MAC table and allow or block depending on if the MAC address is found in the table created by the administrator. This is a very effective method of security, but has its drawbacks from a network administration standpoint as it limits access to those known MAC addresses of the PC s. This is also not effective if other than corporate employees will be allowed onto the network as those MAC addresses won t be known by the administrator. 4

5 3. The third tool employed by most wireless Access Point vendors is a DHCP Server built into the Access Point. This DHCP Server will allow the administrator to assign a pool of addresses that will be used by all wireless PC s upon connection to the wireless segment. This can be a very useful tool as it categorizes the data that came in on the wireless segment or segments. By categorizing the data we can firewall accordingly downstream. A subnet for this pool should be in a space not found anywhere else on the corporate network. If the DHCP method is chosen it s important to note that all of the corporate servers or anything with sensitive data on it should be kept behind a firewall on the wired network. By choosing the DHCP method you are essentially making the wireless segment public. Another important note here is to make sure the Access Point chosen allows for a pool of addresses large enough to accommodate the number of PC s that you expect to use on this wireless segment. Also note that the DHCP tool can be used in conjunction with one of the encryption methods to further secure the wireless portion of the network. Yet another method by which to categorize the data is to assign a VLAN Tag so that the data can be differentiated by a firewall upon entering the wired network. Although most wireless Access Point vendors do not employ options for VLAN Tagging most Ethernet Switch vendors do. In this case the wireless Access Points would need to be connected to a switch for the VLAN Tags to be assigned. Wireless Segments Must be Scrutinized by a Firewall Figure 2 Firewall scanning wireless segments Regardless of the methodology or methodologies chosen the data from a WLAN needs to be processed through a firewall configured appropriately to allow the data onto the corporate network. 5

6 If you choose to use AES or an IP Sec Client, the tunnel end points can be at the wireless PC and at the firewall. This method will provide a high level of security throughout the wireless segment. The tunnel termination will happen at the firewall where the data will be de-encrypted, processed through a firewall or virtual firewall and passed onto the network, assuming that it is legitimate data allowed by the firewall. The Lucent VPN Firewall Brick appliances will provide this functionality along with the Lucent IP Sec Client. The Lucent Firewall Brick appliances will also be a good solution in the DHCP scenario, the VLAN scenario and also offer the option of a Local Presence address when using the IP Sec Client option. The local presence feature will assign an IP address to the wireless PC that is in a subnet range on the corporate network for ease of administration. As mentioned above VLAN tagging the data is a good way to categorize data coming from various wireless segments. Once the data is categorized it is easily administered and can be processed through the appropriate firewalls or virtual firewalls on the firewall appliance. The Lucent Firewall Brick appliances come standard with virtual firewall capabilities and can firewall the various wireless segments differently. For instance you may have one wireless segment used only by employees and others that are used by non-employees, maybe in a waiting area or meeting room. In that case you would want employees and the non-employees to have different access rights. This can be done using the virtual firewall capabilities of the Lucent VPN Firewall Brick appliances. The Users need to be authenticated Authentication, Authorization and Accounting are always critical functions on any network and certainly play a major part in wireless networks. The users must authenticate and be authorized to the appropriate resources prior to entering the network. Wireless Users Wireless Access Point Lucent Security Management Server Lucent Vital AAA RADIUS Authentification Server Lucent Firewall Brick Wireless Users Wireless Access Point Server Farm Figure 3 WiFi users authentication services 6

7 The Lucent Firewall Brick appliances have several options when it comes to authentication. The Lucent VPN Firewall Brick appliances interface directly to RADIUS or AAA servers, they can perform Local Authentication at the Lucent Security Management Server and they interface to RSA token based authentication servers. The Lucent VPN Firewall Brick appliances also support combinations of these options. The Lucent Technologies award winning VitalSuite AAA radius software provides superior authentication and policy creation for networks of all types including wireless, voice, video, data and advanced IP services. This technology easily integrates with the Lucent VPN Brick Firewall appliances and the Lucent Security Management Server (SMS). If practical in your situation the IP Sec Tunnel approach in which the tunnel is originated at the client PC and terminated at the firewall would be the most secure method. By using a client the data remains secure over the wireless segment and authentication is handled prior to tunnel setup and before any data is passed through the tunnel onto the network. The Lucent IP Sec Client is a light and flexible client that would reside on the PC acting as the tunnel endpoint for the user end as well as handling all of the encryption and de-encryption of the data. The Lucent IP Sec Client also provides each user with their own personal firewall to protect their PC. The Wired segment needs to be secured Given all of the options discussed in this paper with regard to securing the wireless segments of the network it s wise to view the wireless portion as less secure than the wired portions of the network. If you leave the wireless segments totally unsecured than they should be treated as a public network and all of the precautions that you would take with your internet connection should be used here as well. All wireless segments should either connect directly to a firewall or through a switch then to the firewall. The firewall rules should be established based on what type of users, internal or external are expected to use the wireless segment. Different wireless segments may need to have different rules in the firewalls these are things that should be discussed and drawn up prior to the installation of any wireless segments. Regardless of what the firewall rule sets are for the wireless segments the firewall should also be securing the wired network from any threats like DOS or DDOS attacks that could originate on the wireless segments. Scanning for worms and viruses should also be taken into consideration. Remember that by their very nature wireless networks are used by mobile workers with laptops and other mobile devices. Not knowing where those devices have been should at the very least present a concern. If you have categorized or differentiated the wireless data in a way that it can be identified by the firewall then setting up the firewall or virtual firewalls within the appliance will be relatively easy. You will at that point be able to apply other features of the firewall like application filters for various types of data or bandwidth management to create differentiated service levels. Categorization as discussed on pages 5 and 6 of this document can be done in several ways including by subnet through the use of the DHCP protocol or by VLAN tagging at the access point or at the Ethernet switch. 7

8 In the case of DHCP host groups would then be set up on the firewall so that the wireless users are treated as a group, series of groups or embedded groups within a larger group. These host groups can then be used to simplify the rule set up to match your security policies. In the case of VLAN tagging all of data coming into the firewall can be routed to the appropriate virtual firewall. So for instance data coming in with a VLAN tag of 101 can be routed to and filtered by firewall rule set 101, data with a tag of 102 will go through firewall 102 and so forth. Another thought in preparation for wireless networks will be to determine what types of data you will allow on your network. For instance are the wireless segments for employees only, non-employees but partners or the general public? What resources should the users in each category be allowed to access and what protocols will you allow verses not allow through your firewalls? With a flexible firewall you will be able to achieve whatever access and protocols you set out to achieve. You will also be able to modify and add to the rules or policies later. Examples of things to think about are if you want to allow protocols like SIP to enter your network and if so where is it allowed to go? With the advent of dual mode phones and UMA (Unlicensed Mobile Access) services you will see SIP on your wireless segments as cell phones hand off to the service for least cost purposes. To a service provider this may be a desirable thing, to an enterprise that doesn t use VoIP this should probably be blocked at the firewall in order to keep your network utilization at controllable levels. Flexibility in your firewall will be an important consideration when planning for wireless networks. Firewalls should be chosen carefully and should include at least the features listed below. Strong DOS and DDOS protection Strong Authentication features Interface to AAA and Token Based Authentication Application filters for at least the following protocols: DHCP Relay, DNS, SIP, FTP, H.323, GTP 0 & 1, SMTP, TFTP, SQL Bandwidth Management (QoS) (TOS and DiffServ) at the session level IP Sec Client Tunnel Termination VLAN s Virtual Firewalls AES encryption Rules Based Routing Host Groups and Embedded Host Groups Service Groups and customizable Service Groups The Lucent VPN Firewall Brick appliances support all of these features and many more. 8

9 The Data needs to be scanned Given the mobile nature of wireless data and wireless devices there should be a concern with things like viruses and worms. What you don t want to happen is to have an infected device enter your network, even though legitimate, and infect your other assets on the wired network. Depending on how you have secured your wireless segments you would consider them to be secure, public or somewhere in between. As discussed wireless segments must be connected to and filtered by a firewall. You should also consider scanning the data in order to protect the rest of the network. In all likelihood you are already scanning traffic from the internet and therefore already have the appropriate scanning equipment on your network. One of the firewall features mentioned on the previous page is Rules Based Routing, a feature found in the Lucent VPN Brick Firewall appliance that allows you to route data based on the source port number in the TCP header of each packet. With Rules Based Routing you can route your data at any rule in the firewall to your existing scanning equipment. This should be done with any of the internet protocols (HTTP, SMTP, FTP) so that the data entering the wired network is scrubbed prior to entering the wired network as shown in figure four. The data will be filtered at the firewall, routed to the scanning devices for scanning, then passed onto the network or if you choose can be routed back to the firewall for further filtering or routing. Some protocols like internal applications won t need to be scanned and can be passed directly onto the network. Virus Scanning and URL Filtering Lucent Firewall Brick Wireless Access Point HTTP Wireless User Environment Data not necessary to scan SMTP & FTP Virus Scanning URL Filtering Wired User Environment Figure 4 Scanning traffic content on WiFi networks 9

10 Performance Monitoring Another consideration that should be taken for any network is performance monitoring. Performance monitoring can act as an early warning sign for many issues or problems on the network. As performance issues can be magnified in wireless environments the need for performance management and effective reporting on network and device performance, including trending information, is critical in this environment. The Lucent VitalSuite Network Performance Management software along with Lucent VitalART Advanced Reporting Toolkit provides exactly the solution necessary in wireless networking environments. Summary Wireless networks can be tricky to secure, but certainly not impossible to secure. The main focus is to understand that the corporate network and the data on the network are two of the largest assets to the company and must be secured from any outside influence. Secure the wireless segments, Firewall the wired network, Authenticate the users, Scan the Data and Monitor the network. These are the keys to success in the x arena. A Secure Network Lucent Firewall Brick Wireless Access Point Lucent IP Sec Client Virus Scanning URL Filtering Scanning based on protocol Corporate Wired Network Lucent Security Management Server Lucent VitalSuite AAA Lucent VitalSuite Lucent Vital Art Figure 5 - A secure network view 10

11 Lucent Security Products securing your Networks: Lucent VPN Brick Portfolio of Firewalls Lucent Security Management Server Lucent IP Sec Client Software Lucent VitalSuite AAA Software Lucent VitalSuite Network Performance Management Software Lucent VitalART Advanced Reporting Toolkit To learn more about our comprehensive portfolio, please contact your Lucent Technologies Sales Representative or visit our web site at This document is for informational or planning purposes only, and is not intended to create, modify or supplement any Lucent Technologies specifications or warranties relating to these products or services. Information and/or technical specifications supplied within this document do not waive (directly or indirectly) any rights or licenses including but not limited to patents or other protective rights of Lucent Technologies or others. Specifications are subject to change without notice. Copyright 2006 Lucent Technologies Inc. All rights reserved Security v VPN Firewall Brick and VitalSuite are registered trademarks of Lucent Technologies. All other trademarks, registered trademarks, service names, products or brand names are the sole property of their respective owners.

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007 ProCurve Wireless Edge Services xl Module v.2 Software NPI Technical Training NPI Technical Training Version: 1.5 12 June 2007 2007 Hewlett-Packard Development Company, L.P. The information contained herein

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet

More information

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Hosted Voice. Best Practice Recommendations for VoIP Deployments Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband

More information

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones

More information

Edgewater Routers User Guide

Edgewater Routers User Guide Edgewater Routers User Guide For use with 8x8 Service Version 1.0, March 2011 Table of Contents EdgeMarc 200AE1-10 Router Overview...3 EdgeMarc 4550-15 Router Overview...4 Basic Setup of the 200AE1 and

More information

Ranch Networks for Hosted Data Centers

Ranch Networks for Hosted Data Centers Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Technical Note. ForeScout CounterACT: Virtual Firewall

Technical Note. ForeScout CounterACT: Virtual Firewall ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...

More information

Edgewater Routers User Guide

Edgewater Routers User Guide Edgewater Routers User Guide For use with 8x8 Service May 2012 Table of Contents EdgeMarc 250w Router Overview.... 3 EdgeMarc 4550-15 Router Overview... 4 Basic Setup of the 250w, 200AE1 and 4550... 5

More information

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication Feature Brief Quality of Service April 2007 Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication Protecting

More information

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX NOTE: This is an advisory document to be used as an aid to resellers and IT staff looking to use the Edgewater 4550 in conjunction with

More information

Installation of the On Site Server (OSS)

Installation of the On Site Server (OSS) Installation of the On Site Server (OSS) rev 1.1 Step #1 - Initial Connection to the OSS Having plugged in power and an ethernet cable in the eth0 interface (see diagram below) you can connect to the unit

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Deploying ACLs to Manage Network Security

Deploying ACLs to Manage Network Security PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

V310 Support Note Version 1.0 November, 2011

V310 Support Note Version 1.0 November, 2011 1 V310 Support Note Version 1.0 November, 2011 2 Index How to Register V310 to Your SIP server... 3 Register Your V310 through Auto-Provision... 4 Phone Book and Firmware Upgrade... 5 Auto Upgrade... 6

More information

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution

More information

Configuring Routers and Their Settings

Configuring Routers and Their Settings Configuring Routers and Their Settings When installing a router on your home network the routers settings are usually defaulted to automatically protect your home, and simplify setup. This is done because

More information

Wireless Security and VPN. Why VPN is Essential for Protecting Today s Networks

Wireless Security and VPN. Why VPN is Essential for Protecting Today s Networks Wireless Security and VPN Why VPN is Essential for Protecting Today s 802.11 Networks Contents Poised for Growth 2 Abstract 2 Wireless Security Today 3 What is wireless networking? 3 Security measures

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

CompTIA Network+ (Exam N10-005)

CompTIA Network+ (Exam N10-005) CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

White Paper. Debunking the WLAN Switch: Intelligent Access Points Provide a Superior Wireless LAN Solution for the Enterprise

White Paper. Debunking the WLAN Switch: Intelligent Access Points Provide a Superior Wireless LAN Solution for the Enterprise White Paper Debunking the WLAN Switch: Intelligent Access Points Provide a Superior Wireless LAN Solution for the Enterprise 71 Second Avenue, 3 rd Floor Waltham, MA 02451 781-684-0001 www.colubris.com

More information

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract

More information

Microsoft Windows Server System White Paper

Microsoft Windows Server System White Paper Introduction to Network Access Protection Microsoft Corporation Published: June 2004, Updated: May 2006 Abstract Network Access Protection, a platform for Microsoft Windows Server "Longhorn" (now in beta

More information

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Copyright 2005, Meru Networks, Inc. This document is an unpublished work protected by the United States copyright laws and

More information

EXINDA NETWORKS. Deployment Topologies

EXINDA NETWORKS. Deployment Topologies EXINDA NETWORKS Deployment Topologies September 2005 :: Award Winning Application Traffic Management Solutions :: :: www.exinda.com :: Exinda Networks :: info@exinda.com :: 2005 Exinda Networks Pty Ltd.

More information

Secure VoIP for optimal business communication

Secure VoIP for optimal business communication White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product

More information

ZyWALL USG ZLD 3.0 Support Notes

ZyWALL USG ZLD 3.0 Support Notes 2012 ZyWALL USG ZLD 3.0 Support Notes CSO ZyXEL 2/1/2012 Scenario 1 - Reserving Highest Bandwidth Management Priority for VoIP Traffic 1.1 Application scenario In an enterprise network, there are various

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Evolving Network Security with the Alcatel-Lucent Access Guardian

Evolving Network Security with the Alcatel-Lucent Access Guardian T E C H N O L O G Y W H I T E P A P E R Evolving Network Security with the Alcatel-Lucent Access Guardian Enterprise network customers encounter a wide variety of difficulties and complexities when designing

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

IEEE 802.1x, Radius and Dynamic VLAN Assignment

IEEE 802.1x, Radius and Dynamic VLAN Assignment inet-tr 06 - XI. "Türkiye'de İnternet" Konferansı Bildirileri 21-23 Aralık 2006 TOBB Ekonomi ve Teknoloji Üniversitesi, Ankara IEEE 802.1x, Radius and Dynamic VLAN Assignment Hüseyin Çotuk 1, Ahmet Ömercioğlu

More information

Securing the Small Business Network. Keeping up with the changing threat landscape

Securing the Small Business Network. Keeping up with the changing threat landscape Securing the Small Business Network Keeping up with the changing threat landscape Table of Contents Securing the Small Business Network 1 UTM: Keeping up with the Changing 2 Threat Landscape RFDPI: Not

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

RAP Installation - Updated

RAP Installation - Updated RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab

More information

Secure Voice over IP (VoIP) Networks

Secure Voice over IP (VoIP) Networks Secure Voice over IP (VoIP) Networks How to deploy a robust, secure VoIP solution that counters both external and internal threats and, at the same time, provides top quality of service. This White Paper:

More information

Cisco RV 120W Wireless-N VPN Firewall

Cisco RV 120W Wireless-N VPN Firewall Cisco RV 120W Wireless-N VPN Firewall Take Basic Connectivity to a New Level The Cisco RV 120W Wireless-N VPN Firewall combines highly secure connectivity to the Internet as well as from other locations

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

SOLO NETWORK (11) (21) (31) (41) (48) (51) (61)

SOLO NETWORK (11) (21) (31) (41) (48) (51) (61) (11) 4062-6971 (21) 4062-6971 (31) 4062-6971 (41) 4062-6971 (48) 4062-6971 (51) 4062-6971 (61) 4062-6971 Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure,

More information

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

WiNG5 CAPTIVE PORTAL DESIGN GUIDE WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated

More information

Configuring Security Solutions

Configuring Security Solutions CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

AOS Common Application Guide NetVanta 7100 Remote Phone over VPN

AOS Common Application Guide NetVanta 7100 Remote Phone over VPN AOS Common Application Guide NetVanta 7100 Remote Phone over VPN Overview With the release of AOS 15, new configuration options have been added to the menu of the NetVanta 7100 to accommodate remote phones

More information

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack Network Security Total solution for your network security With the growth of the Internet, malicious attacks are happening every minute, and intruders are trying to access your network, using expensive

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.

More information

Cisco IOS Firewall. Scenarios

Cisco IOS Firewall. Scenarios Cisco IOS Firewall Common Deployment Scenarios http://www.cisco.com/go/iosfirewall com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 Cisco IOS Firewall Feature Overview

More information

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance This article will easily explain how to configure your Apple ipad, iphone or ipod Touch

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

VPN Configuration Guide. Dell SonicWALL

VPN Configuration Guide. Dell SonicWALL VPN Configuration Guide Dell SonicWALL 2013 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied, in whole or in part, without the written consent of

More information

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) Question: how do packets actually get to their destination? IP routing tables: based on network addresses Ethernet physical interfaces only understand ethernet addresses

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud).

Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud). Sangoma VM SBC AMI at AWS (Amazon Web Services) SBC in a Cloud Based UC/VoIP Service. One of the interesting use cases for Sangoma SBC is to provide VoIP Edge connectivity between Soft switches or IPPBX's

More information

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments Centralized WLAN management and auto provisioning Manages up to 0 APs with granular access control Advanced RF management

More information

Network Security. Protective and Dependable. Pioneer of IP Innovation

Network Security. Protective and Dependable. Pioneer of IP Innovation Network Protective and Dependable Pioneer of IP Innovation Why PLANET Network Solution? With the growth of the threats, network security becomes the fundamental concerns of home and enterprise network.

More information

Gigabit Multi-Homing VPN Security Router

Gigabit Multi-Homing VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband

More information

Virtual LAN Configuration Guide Version 9

Virtual LAN Configuration Guide Version 9 Virtual LAN Configuration Guide Version 9 Document version 96-1.0-12/05/2009 2 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing,

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008

More information

Best Practices for Deploying Wireless LANs

Best Practices for Deploying Wireless LANs Best Practices for Deploying Wireless LANs An overview of special considerations in WLAN implementations As wireless LANs (WLANs) continue to grow in popularity, particularly in enterprise networks, the

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

Unified Services Routers

Unified Services Routers High VPN Performance Protocols IPSec PPTP LTP SSL Up to 5 (DSR-500/500N) or 70 (DSR-1000/1000N) VPN tunnels Up to 10 (DSR-500/500N) or 0 (DSR-1000/1000N) SSL VPN tunnels DES, DES, AES Encryption Main/

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.

More information

Configuring a Simple Firewall

Configuring a Simple Firewall CHAPTER 8 The Cisco 850 and Cisco 870 series routers support network traffic filtering by means of access lists. The routers also support packet inspection and dynamic temporary access lists by means of

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single

More information

Cisco IOS Advanced Firewall

Cisco IOS Advanced Firewall Cisco IOS Advanced Firewall Integrated Threat Control for Router Security Solutions http://www.cisco.com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 All-in-One Security

More information

LifeSize Video Communications Systems Administrator Guide

LifeSize Video Communications Systems Administrator Guide LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

Com.X IP PBX The complete communications solution in a box

Com.X IP PBX The complete communications solution in a box IP PBX Utilising VPN security when extending PBX services to remote users Virtual Private Network It is not uncommon for a single company to occupy more than one set of premises. Individual users on geographically

More information

Funkwerk UTM Release Notes (english)

Funkwerk UTM Release Notes (english) Funkwerk UTM Release Notes (english) General Hints Please create a backup of your UTM system's configuration (Maintenance > Configuration > Manual Backup) before you start to install the software update.

More information

Using a VPN with Niagara Systems. v0.3 6, July 2013

Using a VPN with Niagara Systems. v0.3 6, July 2013 v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel

More information

Which of the following network tools would provide the information on what an attacker is doing to compromise a system? a. Proxy server b.

Which of the following network tools would provide the information on what an attacker is doing to compromise a system? a. Proxy server b. An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet? a. Antivirus

More information

Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers

Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

Clavister Security Gateway

Clavister Security Gateway Clavister Security Gateway Security with your business in mind Multiple DMZs and symmetric design Clavister firewall supports a high number of network interfaces. All of the appliances deploy real firewall

More information

Basic Network Configuration

Basic Network Configuration Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

VoIP Telephony Network Security Considerations TR41.4.4 01-11-018. Title: VoIP Telephone Network Security Architectural Considerations

VoIP Telephony Network Security Considerations TR41.4.4 01-11-018. Title: VoIP Telephone Network Security Architectural Considerations VoIP Telephony Network Security Considerations TR41.4.4 01-11-018 Standards Project: PN-3-4462-URV Title: VoIP Telephone Network Security Architectural Considerations Source: 170 West Tasman Dr. San Jose,

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Cloud Web Security with Cisco Integrated Services Router

Cloud Web Security with Cisco Integrated Services Router Design Guide Cloud Web Security with Cisco Integrated Services Router Design Guide September, 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 12 Contents

More information

Intelligent Infrastructure & Security

Intelligent Infrastructure & Security SYSTIMAX Solutions Intelligent Infrastructure & Security Using an Internet Protocol Architecture for Security Applications White Paper July 2009 www.commscope.com Contents I. Intelligent Building Infrastructure

More information

A Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

A Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No. A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G USB Network Adapter with RangeBooster User Guide Model No. WUSB54GR Copyright and Trademarks Specifications are subject to change without

More information

Network Design & Install Best Practices Revision 1.1 June 13, 2005

Network Design & Install Best Practices Revision 1.1 June 13, 2005 Network Design & Install Best Practices Revision 1.1 June 13, 2005 Aruba Networks 1322 Crossman Ave Sunnyvale, CA 94089 +1 408 227 4500 http://www.arubanetworks.com Table of Contents Network Design...3

More information

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunking with Microsoft Office Communication Server 2007 R2 SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY

More information

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication Feature Brief Policy-Based Server Load Balancing March 2007 Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication

More information