Lucent VPN Firewall Security in x Wireless Networks

Size: px
Start display at page:

Download "Lucent VPN Firewall Security in 802.11x Wireless Networks"

Transcription

1 Lucent VPN Firewall Security in x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper addresses how to: Provide security on the wireless Ethernet network (802.11x) Authenticate the users on the network Secure the wired segment of the network Scan the data in order to protect the network

2 Contents Corporate Wireless Deployment Increasing, But Security is a Major Concern...3 WiFi Installations increase overall network vulnerability...3 The Wireless section needs to be secured...4 The Users need to be authenticated...6 The Wired segment needs to be secured...7 The Data needs to be scanned...9 Performance Monitoring...10 Summary...10 Lucent Security Products securing your Networks:

3 Corporate Wireless Deployment Increasing, But Security is a Major Concern As enterprises seek to reap the benefits of mobility, 64% of businesses intend to increase wireless local-area network (WLAN) deployment during the next 12 months, according to a new survey by Gartner 1. A total of 44% of respondents said the primary reason to deploy a WLAN was improving productivity with mobility. According to the Telecom Asia report 21% of respondents said the primary reason was to provide access to places not possible to wire, while 13% of respondents thought wireless networks were a less-expensive or simpler way to deploy LAN connectivity, or they considered using WLANs to improve efficiency in specific business processes or operations. 1 Corporate WLAN booming, but Security remains major concern says Gartner Telecom Asia report dated July 14, 2006 Although wireless LANs are not a new endeavor, interest in them is still growing. Wireless LANs are becoming a standard part of enterprise networks, covering entire facilities, not just meeting rooms, said Rachna Ahlawat, analyst at Gartner. However, as wireless LANs expand from conference rooms to the whole enterprise, concerns about security and network management are rising. We ve gone from thinking of offices as network nodes to considering each employee as a node on a wired network. Now, every major physical item the company owns is becoming a node on a wireless network. Security was considered to be among the top five concerns in adopting WLANs by 95% of respondents, and 60% of respondents do not believe they have adequate security for their wireless environment. The secondbiggest concern was the management of WLANs. This was more important for businesses that had already deployed networks than for those about to do so or still at the planning stage. Vendors should share best practices of securing and managing not just network components, but the devices connected to the wireless network, said Rachna Ahlawat. WiFi Installations increase overall network vulnerability Installing a wireless Ethernet network (802.11x) requires a security approach that secures the network and the data from end to end. The concerns involved with come in various forms as the data traverses the network. At one point the data is in radio format or wireless which has many vulnerabilities. When the wireless data reaches the Access Point it becomes wire-line data or Ethernet following any of a collection of IEEE standards. The data is then transported to the hosts on the network and likely to a WAN link to reach the public network. 3

4 Ethernet Switch Wired Wireless x To Network The Wireless portion needs to be secured. The Users need to be authenticated. The Wired portion needs to be secured. The Data needs to be scanned. Figure 1 Where to apply security on WiFi networks The Wireless section needs to be secured Securing the wireless portion of the network can be handled in a few different ways. Most wireless Access Point manufacturers provide a few tools to do this including; Wireless Equivalency Privacy (WEP), MAC address filtering and DHCP Server protocol. In every case each wireless segment must be scrutinized by a firewall before the data is passed onto the corporate network. 1. WEP, although not perfect and easily broken, does provide encryption from the workstation to the Access Point. Depending on how the data is handled downstream this may suffice. Another much more desirable option would be to use AES encryption or an IP Sec Client on all wireless PC s that will be allowed on the wireless segments. Again this is a very effective security measure but may be limiting in that this will only allow PC s with the client installed to enter the network. The method of using an IP Sec Client is the recommended way according to NIST (National Institute of Standards and Technology). By using the IP Sec Client the network will conform to FIPs (Federal Information Processing Standard). 2. MAC address filtering is a method by which an administrator enters all of the MAC addresses of the PC s that will be allowed on the network at the Access Point. The Access Point will then compare the inbound traffic MAC address with its MAC table and allow or block depending on if the MAC address is found in the table created by the administrator. This is a very effective method of security, but has its drawbacks from a network administration standpoint as it limits access to those known MAC addresses of the PC s. This is also not effective if other than corporate employees will be allowed onto the network as those MAC addresses won t be known by the administrator. 4

5 3. The third tool employed by most wireless Access Point vendors is a DHCP Server built into the Access Point. This DHCP Server will allow the administrator to assign a pool of addresses that will be used by all wireless PC s upon connection to the wireless segment. This can be a very useful tool as it categorizes the data that came in on the wireless segment or segments. By categorizing the data we can firewall accordingly downstream. A subnet for this pool should be in a space not found anywhere else on the corporate network. If the DHCP method is chosen it s important to note that all of the corporate servers or anything with sensitive data on it should be kept behind a firewall on the wired network. By choosing the DHCP method you are essentially making the wireless segment public. Another important note here is to make sure the Access Point chosen allows for a pool of addresses large enough to accommodate the number of PC s that you expect to use on this wireless segment. Also note that the DHCP tool can be used in conjunction with one of the encryption methods to further secure the wireless portion of the network. Yet another method by which to categorize the data is to assign a VLAN Tag so that the data can be differentiated by a firewall upon entering the wired network. Although most wireless Access Point vendors do not employ options for VLAN Tagging most Ethernet Switch vendors do. In this case the wireless Access Points would need to be connected to a switch for the VLAN Tags to be assigned. Wireless Segments Must be Scrutinized by a Firewall Figure 2 Firewall scanning wireless segments Regardless of the methodology or methodologies chosen the data from a WLAN needs to be processed through a firewall configured appropriately to allow the data onto the corporate network. 5

6 If you choose to use AES or an IP Sec Client, the tunnel end points can be at the wireless PC and at the firewall. This method will provide a high level of security throughout the wireless segment. The tunnel termination will happen at the firewall where the data will be de-encrypted, processed through a firewall or virtual firewall and passed onto the network, assuming that it is legitimate data allowed by the firewall. The Lucent VPN Firewall Brick appliances will provide this functionality along with the Lucent IP Sec Client. The Lucent Firewall Brick appliances will also be a good solution in the DHCP scenario, the VLAN scenario and also offer the option of a Local Presence address when using the IP Sec Client option. The local presence feature will assign an IP address to the wireless PC that is in a subnet range on the corporate network for ease of administration. As mentioned above VLAN tagging the data is a good way to categorize data coming from various wireless segments. Once the data is categorized it is easily administered and can be processed through the appropriate firewalls or virtual firewalls on the firewall appliance. The Lucent Firewall Brick appliances come standard with virtual firewall capabilities and can firewall the various wireless segments differently. For instance you may have one wireless segment used only by employees and others that are used by non-employees, maybe in a waiting area or meeting room. In that case you would want employees and the non-employees to have different access rights. This can be done using the virtual firewall capabilities of the Lucent VPN Firewall Brick appliances. The Users need to be authenticated Authentication, Authorization and Accounting are always critical functions on any network and certainly play a major part in wireless networks. The users must authenticate and be authorized to the appropriate resources prior to entering the network. Wireless Users Wireless Access Point Lucent Security Management Server Lucent Vital AAA RADIUS Authentification Server Lucent Firewall Brick Wireless Users Wireless Access Point Server Farm Figure 3 WiFi users authentication services 6

7 The Lucent Firewall Brick appliances have several options when it comes to authentication. The Lucent VPN Firewall Brick appliances interface directly to RADIUS or AAA servers, they can perform Local Authentication at the Lucent Security Management Server and they interface to RSA token based authentication servers. The Lucent VPN Firewall Brick appliances also support combinations of these options. The Lucent Technologies award winning VitalSuite AAA radius software provides superior authentication and policy creation for networks of all types including wireless, voice, video, data and advanced IP services. This technology easily integrates with the Lucent VPN Brick Firewall appliances and the Lucent Security Management Server (SMS). If practical in your situation the IP Sec Tunnel approach in which the tunnel is originated at the client PC and terminated at the firewall would be the most secure method. By using a client the data remains secure over the wireless segment and authentication is handled prior to tunnel setup and before any data is passed through the tunnel onto the network. The Lucent IP Sec Client is a light and flexible client that would reside on the PC acting as the tunnel endpoint for the user end as well as handling all of the encryption and de-encryption of the data. The Lucent IP Sec Client also provides each user with their own personal firewall to protect their PC. The Wired segment needs to be secured Given all of the options discussed in this paper with regard to securing the wireless segments of the network it s wise to view the wireless portion as less secure than the wired portions of the network. If you leave the wireless segments totally unsecured than they should be treated as a public network and all of the precautions that you would take with your internet connection should be used here as well. All wireless segments should either connect directly to a firewall or through a switch then to the firewall. The firewall rules should be established based on what type of users, internal or external are expected to use the wireless segment. Different wireless segments may need to have different rules in the firewalls these are things that should be discussed and drawn up prior to the installation of any wireless segments. Regardless of what the firewall rule sets are for the wireless segments the firewall should also be securing the wired network from any threats like DOS or DDOS attacks that could originate on the wireless segments. Scanning for worms and viruses should also be taken into consideration. Remember that by their very nature wireless networks are used by mobile workers with laptops and other mobile devices. Not knowing where those devices have been should at the very least present a concern. If you have categorized or differentiated the wireless data in a way that it can be identified by the firewall then setting up the firewall or virtual firewalls within the appliance will be relatively easy. You will at that point be able to apply other features of the firewall like application filters for various types of data or bandwidth management to create differentiated service levels. Categorization as discussed on pages 5 and 6 of this document can be done in several ways including by subnet through the use of the DHCP protocol or by VLAN tagging at the access point or at the Ethernet switch. 7

8 In the case of DHCP host groups would then be set up on the firewall so that the wireless users are treated as a group, series of groups or embedded groups within a larger group. These host groups can then be used to simplify the rule set up to match your security policies. In the case of VLAN tagging all of data coming into the firewall can be routed to the appropriate virtual firewall. So for instance data coming in with a VLAN tag of 101 can be routed to and filtered by firewall rule set 101, data with a tag of 102 will go through firewall 102 and so forth. Another thought in preparation for wireless networks will be to determine what types of data you will allow on your network. For instance are the wireless segments for employees only, non-employees but partners or the general public? What resources should the users in each category be allowed to access and what protocols will you allow verses not allow through your firewalls? With a flexible firewall you will be able to achieve whatever access and protocols you set out to achieve. You will also be able to modify and add to the rules or policies later. Examples of things to think about are if you want to allow protocols like SIP to enter your network and if so where is it allowed to go? With the advent of dual mode phones and UMA (Unlicensed Mobile Access) services you will see SIP on your wireless segments as cell phones hand off to the service for least cost purposes. To a service provider this may be a desirable thing, to an enterprise that doesn t use VoIP this should probably be blocked at the firewall in order to keep your network utilization at controllable levels. Flexibility in your firewall will be an important consideration when planning for wireless networks. Firewalls should be chosen carefully and should include at least the features listed below. Strong DOS and DDOS protection Strong Authentication features Interface to AAA and Token Based Authentication Application filters for at least the following protocols: DHCP Relay, DNS, SIP, FTP, H.323, GTP 0 & 1, SMTP, TFTP, SQL Bandwidth Management (QoS) (TOS and DiffServ) at the session level IP Sec Client Tunnel Termination VLAN s Virtual Firewalls AES encryption Rules Based Routing Host Groups and Embedded Host Groups Service Groups and customizable Service Groups The Lucent VPN Firewall Brick appliances support all of these features and many more. 8

9 The Data needs to be scanned Given the mobile nature of wireless data and wireless devices there should be a concern with things like viruses and worms. What you don t want to happen is to have an infected device enter your network, even though legitimate, and infect your other assets on the wired network. Depending on how you have secured your wireless segments you would consider them to be secure, public or somewhere in between. As discussed wireless segments must be connected to and filtered by a firewall. You should also consider scanning the data in order to protect the rest of the network. In all likelihood you are already scanning traffic from the internet and therefore already have the appropriate scanning equipment on your network. One of the firewall features mentioned on the previous page is Rules Based Routing, a feature found in the Lucent VPN Brick Firewall appliance that allows you to route data based on the source port number in the TCP header of each packet. With Rules Based Routing you can route your data at any rule in the firewall to your existing scanning equipment. This should be done with any of the internet protocols (HTTP, SMTP, FTP) so that the data entering the wired network is scrubbed prior to entering the wired network as shown in figure four. The data will be filtered at the firewall, routed to the scanning devices for scanning, then passed onto the network or if you choose can be routed back to the firewall for further filtering or routing. Some protocols like internal applications won t need to be scanned and can be passed directly onto the network. Virus Scanning and URL Filtering Lucent Firewall Brick Wireless Access Point HTTP Wireless User Environment Data not necessary to scan SMTP & FTP Virus Scanning URL Filtering Wired User Environment Figure 4 Scanning traffic content on WiFi networks 9

10 Performance Monitoring Another consideration that should be taken for any network is performance monitoring. Performance monitoring can act as an early warning sign for many issues or problems on the network. As performance issues can be magnified in wireless environments the need for performance management and effective reporting on network and device performance, including trending information, is critical in this environment. The Lucent VitalSuite Network Performance Management software along with Lucent VitalART Advanced Reporting Toolkit provides exactly the solution necessary in wireless networking environments. Summary Wireless networks can be tricky to secure, but certainly not impossible to secure. The main focus is to understand that the corporate network and the data on the network are two of the largest assets to the company and must be secured from any outside influence. Secure the wireless segments, Firewall the wired network, Authenticate the users, Scan the Data and Monitor the network. These are the keys to success in the x arena. A Secure Network Lucent Firewall Brick Wireless Access Point Lucent IP Sec Client Virus Scanning URL Filtering Scanning based on protocol Corporate Wired Network Lucent Security Management Server Lucent VitalSuite AAA Lucent VitalSuite Lucent Vital Art Figure 5 - A secure network view 10

11 Lucent Security Products securing your Networks: Lucent VPN Brick Portfolio of Firewalls Lucent Security Management Server Lucent IP Sec Client Software Lucent VitalSuite AAA Software Lucent VitalSuite Network Performance Management Software Lucent VitalART Advanced Reporting Toolkit To learn more about our comprehensive portfolio, please contact your Lucent Technologies Sales Representative or visit our web site at This document is for informational or planning purposes only, and is not intended to create, modify or supplement any Lucent Technologies specifications or warranties relating to these products or services. Information and/or technical specifications supplied within this document do not waive (directly or indirectly) any rights or licenses including but not limited to patents or other protective rights of Lucent Technologies or others. Specifications are subject to change without notice. Copyright 2006 Lucent Technologies Inc. All rights reserved Security v VPN Firewall Brick and VitalSuite are registered trademarks of Lucent Technologies. All other trademarks, registered trademarks, service names, products or brand names are the sole property of their respective owners.

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007 ProCurve Wireless Edge Services xl Module v.2 Software NPI Technical Training NPI Technical Training Version: 1.5 12 June 2007 2007 Hewlett-Packard Development Company, L.P. The information contained herein

More information

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Hosted Voice. Best Practice Recommendations for VoIP Deployments Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

Installation of the On Site Server (OSS)

Installation of the On Site Server (OSS) Installation of the On Site Server (OSS) rev 1.1 Step #1 - Initial Connection to the OSS Having plugged in power and an ethernet cable in the eth0 interface (see diagram below) you can connect to the unit

More information

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 ( UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Secure Voice over IP (VoIP) Networks

Secure Voice over IP (VoIP) Networks Secure Voice over IP (VoIP) Networks How to deploy a robust, secure VoIP solution that counters both external and internal threats and, at the same time, provides top quality of service. This White Paper:

More information

V310 Support Note Version 1.0 November, 2011

V310 Support Note Version 1.0 November, 2011 1 V310 Support Note Version 1.0 November, 2011 2 Index How to Register V310 to Your SIP server... 3 Register Your V310 through Auto-Provision... 4 Phone Book and Firmware Upgrade... 5 Auto Upgrade... 6

More information

Edgewater Routers User Guide

Edgewater Routers User Guide Edgewater Routers User Guide For use with 8x8 Service Version 1.0, March 2011 Table of Contents EdgeMarc 200AE1-10 Router Overview...3 EdgeMarc 4550-15 Router Overview...4 Basic Setup of the 200AE1 and

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

CompTIA Network+ (Exam N10-005)

CompTIA Network+ (Exam N10-005) CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Cisco IOS Firewall. Scenarios

Cisco IOS Firewall. Scenarios Cisco IOS Firewall Common Deployment Scenarios http://www.cisco.com/go/iosfirewall com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 Cisco IOS Firewall Feature Overview

More information

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX NOTE: This is an advisory document to be used as an aid to resellers and IT staff looking to use the Edgewater 4550 in conjunction with

More information

Edgewater Routers User Guide

Edgewater Routers User Guide Edgewater Routers User Guide For use with 8x8 Service May 2012 Table of Contents EdgeMarc 250w Router Overview.... 3 EdgeMarc 4550-15 Router Overview... 4 Basic Setup of the 250w, 200AE1 and 4550... 5

More information

VOIP Guide Using ZyXEL Switch

VOIP Guide Using ZyXEL Switch VOIP Guide Using ZyXEL Switch 2015/8/10 ZyXEL Communications Corporation Barney Gregorio Overview: This article will contain solutions on how to configure Voice over IP (VOIP). Two methods will be discussed:

More information

Ranch Networks for Hosted Data Centers

Ranch Networks for Hosted Data Centers Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Securing the Small Business Network. Keeping up with the changing threat landscape

Securing the Small Business Network. Keeping up with the changing threat landscape Securing the Small Business Network Keeping up with the changing threat landscape Table of Contents Securing the Small Business Network 1 UTM: Keeping up with the Changing 2 Threat Landscape RFDPI: Not

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments Centralized WLAN management and auto provisioning Manages up to 0 APs with granular access control Advanced RF management

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

Deploying a Secure Wireless VoIP Solution in Healthcare

Deploying a Secure Wireless VoIP Solution in Healthcare Deploying a Secure Wireless VoIP Solution in Healthcare Situation Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication Feature Brief Quality of Service April 2007 Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication Protecting

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access. Solutions Guide Secure Remote Access Allied Telesis provides comprehensive solutions for secure remote access. Introduction The world is generating electronic data at an astonishing rate, and that data

More information

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

Cisco IOS Advanced Firewall

Cisco IOS Advanced Firewall Cisco IOS Advanced Firewall Integrated Threat Control for Router Security Solutions http://www.cisco.com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 All-in-One Security

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008

More information

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business IREBOX X IREBOX X Firebox X Family of Security Products Comprehensive Unified Threat Management Solutions That Scale With Your Business Family of Security Products Comprehensive unified threat management

More information

Gigabit Multi-Homing VPN Security Router

Gigabit Multi-Homing VPN Security Router Gigabit Multi-Homing VPN Security Router Physical Port 1~2 x 10/100/1000 Base-T RJ-45, configurable with LAN 1 (Mirror Port) 3~4 x 10/100/1000 Base-T RJ-45, configurable with WAN 4 (WAN 4 / LAN2 / DMZ)

More information

Secure Voice over IP (VoIP) Solutions

Secure Voice over IP (VoIP) Solutions APPLICATION NOTE Secure Voice over IP (VoIP) Solutions Delivering a robust, secure VoIP solution that counters both external and internal threats while providing superior quality of service Abstract This

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

Technical Note. ForeScout CounterACT: Virtual Firewall

Technical Note. ForeScout CounterACT: Virtual Firewall ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...

More information

Configuring Security Solutions

Configuring Security Solutions CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Figure 41-1 IP Filter Rules

Figure 41-1 IP Filter Rules 41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features

More information

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...

More information

Unified Services Routers

Unified Services Routers High-Performance VPN Protocols IPSec PPTP L2TP SSL VPN Tunnels Up to 25 (DSR-250N) Up to 35 (DSR-500/500N) Up to 70 (DSR-1000/1000N) SSL VPN tunnels Up to 5 (DSR-250N) Up to 10 (DSR-500/500N) Up to 20

More information

Gigabit SSL VPN Security Router

Gigabit SSL VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

Cisco RV 120W Wireless-N VPN Firewall

Cisco RV 120W Wireless-N VPN Firewall Cisco RV 120W Wireless-N VPN Firewall Take Basic Connectivity to a New Level The Cisco RV 120W Wireless-N VPN Firewall combines highly secure connectivity to the Internet as well as from other locations

More information

Deploying ACLs to Manage Network Security

Deploying ACLs to Manage Network Security PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system

More information

Network Security. Protective and Dependable. Pioneer of IP Innovation

Network Security. Protective and Dependable. Pioneer of IP Innovation Network Protective and Dependable Pioneer of IP Innovation Why PLANET Network Solution? With the growth of the threats, network security becomes the fundamental concerns of home and enterprise network.

More information

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance This article will easily explain how to configure your Apple ipad, iphone or ipod Touch

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

LifeSize Video Communications Systems Administrator Guide

LifeSize Video Communications Systems Administrator Guide LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made

More information

RAP Installation - Updated

RAP Installation - Updated RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab

More information

VPN Configuration Guide. Dell SonicWALL

VPN Configuration Guide. Dell SonicWALL VPN Configuration Guide Dell SonicWALL 2013 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied, in whole or in part, without the written consent of

More information

APPENDIX 3 LOT 3: WIRELESS NETWORK

APPENDIX 3 LOT 3: WIRELESS NETWORK APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Abstract. Avaya Solution & Interoperability Test Lab

Abstract. Avaya Solution & Interoperability Test Lab Avaya Solution & Interoperability Test Lab Application Notes for Configuring Enterasys Wireless Access Point 3000 (RBT3K-AG) to Support Avaya IP Office, Avaya IP Wireless Telephones and Avaya Phone Manager

More information

EXINDA NETWORKS. Deployment Topologies

EXINDA NETWORKS. Deployment Topologies EXINDA NETWORKS Deployment Topologies September 2005 :: Award Winning Application Traffic Management Solutions :: :: www.exinda.com :: Exinda Networks :: info@exinda.com :: 2005 Exinda Networks Pty Ltd.

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Copyright 2005, Meru Networks, Inc. This document is an unpublished work protected by the United States copyright laws and

More information

Gigabit Multi-Homing VPN Security Router

Gigabit Multi-Homing VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband

More information

White Paper 230-1040-001. Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

White Paper 230-1040-001. Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012 Nomadix Service Engine Enterprise Guest Access Application Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012 30851 Agoura Road Suite 102 Agoura Hills, CA 91301 USA www.nomadix.com

More information

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack Network Security Total solution for your network security With the growth of the Internet, malicious attacks are happening every minute, and intruders are trying to access your network, using expensive

More information

Knowledgebase Solution

Knowledgebase Solution Knowledgebase Solution Goal Enable coexistence of a 3 rd -party VPN / Firewall with an EdgeMarc appliance. Describe characteristics and tradeoffs of different topologies. Provide configuration information

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Unified Services Routers

Unified Services Routers High VPN Performance Protocols IPSec PPTP LTP SSL Up to 5 (DSR-500/500N) or 70 (DSR-1000/1000N) VPN tunnels Up to 10 (DSR-500/500N) or 0 (DSR-1000/1000N) SSL VPN tunnels DES, DES, AES Encryption Main/

More information

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

Evolving Network Security with the Alcatel-Lucent Access Guardian

Evolving Network Security with the Alcatel-Lucent Access Guardian T E C H N O L O G Y W H I T E P A P E R Evolving Network Security with the Alcatel-Lucent Access Guardian Enterprise network customers encounter a wide variety of difficulties and complexities when designing

More information

Direct or Transparent Proxy?

Direct or Transparent Proxy? Direct or Transparent Proxy? Choose the right configuration for your gateway. Table of Contents Direct Proxy...3 Transparent Proxy...4 Other Considerations: Managing authentication made easier.....4 SSL

More information

Logical & Physical Security

Logical & Physical Security Building a Secure Ethernet Environment By Frank Prendergast Manager, Network Certification Services Schneider Electric s Automation Business North Andover, MA The trend toward using Ethernet as the sole

More information

VIA CONNECT PRO Deployment Guide

VIA CONNECT PRO Deployment Guide VIA CONNECT PRO Deployment Guide www.true-collaboration.com Infinite Ways to Collaborate CONTENTS Introduction... 3 User Experience... 3 Pre-Deployment Planning... 3 Connectivity... 3 Network Addressing...

More information

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway PLANET Product Guide 2011 Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your

More information

A Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

A Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No. A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G USB Network Adapter with RangeBooster User Guide Model No. WUSB54GR Copyright and Trademarks Specifications are subject to change without

More information

Security Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/

Security Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing

More information

ENHWI-N3. 802.11n Wireless Router

ENHWI-N3. 802.11n Wireless Router ENHWI-N3 802.11n Wireless Router Product Description Encore s ENHWI-N3 802.11n Wireless Router s 1T1R Wireless single chip can deliver up to 3x faster speed than of 802.11g devices. ENHWI-N3 supports home

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

ZyWALL USG ZLD 3.0 Support Notes

ZyWALL USG ZLD 3.0 Support Notes 2012 ZyWALL USG ZLD 3.0 Support Notes CSO ZyXEL 2/1/2012 Scenario 1 - Reserving Highest Bandwidth Management Priority for VoIP Traffic 1.1 Application scenario In an enterprise network, there are various

More information

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: 646-151 Doc Type: Q & A with Explanations Total Questions: 50

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: 646-151 Doc Type: Q & A with Explanations Total Questions: 50 Question: 1 Which network security strategy element refers to the deployment of products that identify a potential intruder who makes several failed logon attempts? A. test the system B. secure the network

More information

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration

More information

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.

More information

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) Question: how do packets actually get to their destination? IP routing tables: based on network addresses Ethernet physical interfaces only understand ethernet addresses

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper. NETGEAR May 2010 ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

More information

Com.X IP PBX The complete communications solution in a box

Com.X IP PBX The complete communications solution in a box IP PBX Utilising VPN security when extending PBX services to remote users Virtual Private Network It is not uncommon for a single company to occupy more than one set of premises. Individual users on geographically

More information

Best Practices for Controlling Skype within the Enterprise > White Paper

Best Practices for Controlling Skype within the Enterprise > White Paper > White Paper Introduction Skype is continuing to gain ground in enterprises as users deploy it on their PCs with or without management approval. As it comes to your organization, should you embrace it

More information

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution

More information

Configuring Routers and Their Settings

Configuring Routers and Their Settings Configuring Routers and Their Settings When installing a router on your home network the routers settings are usually defaulted to automatically protect your home, and simplify setup. This is done because

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

How Network Transparency Affects Application Acceleration Deployment

How Network Transparency Affects Application Acceleration Deployment How Network Transparency Affects Application Acceleration Deployment By John Bartlett and Peter Sevcik July 2007 Acceleration deployments should be simple. Vendors have worked hard to make the acceleration

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information