IF-MAP Overview. Jan Ursi Technical Director EMEA Infoblox Inc. All Rights Reserved.
|
|
- Aron Wilson
- 8 years ago
- Views:
Transcription
1 IF-MAP Overview Jan Ursi Technical Director EMEA
2 IF-MAP: A Powerful New Standard IF-MAP = Interface to Metadata Access Points An open protocol standard published (free) by the Trusted Computing Group Available since April, 2008 Version 2.0 released August, 2010 Pub/sub database - Like Facebook for IP devices and systems Supports a wide array of applications: Multi-Vendor Network Security (NAC) Compliance Management Asset Management Smart Grid Network Automation / Cloud Computing Could do for data sharing what IP did for connectivity
3 The Integration Challenge Supply Chain Mgmt Smart Grid CMDB AAA SIEM Network Location Switches Routers ERP Building Controls Factory Controls Infrastructure Management Network Security DNS, DHCP Asset Mgmt IPAM CRM HR Applications SNMP, Syslog, Netflow Custom Integration API s, Scripts Complex Costly Brittle High Maintenance 2010 Infoblox Inc. All Rights Reserved.
4 From Integration to Orchestration with IF-MAP Supply Chain Mgmt Smart Grid CMDB SIEM Switches AAA Routers Network Location ERP Building Controls Factory Controls Infrastructure Management Network Security DNS, DHCP Asset Mgmt IPAM CRM HR IF-MAP Protocol (Publish, Subscribe, Search) Applications IF-MAP Server Automatically aggregates, correlates, and distributes data to and from different systems, in real time 2010 Infoblox Inc. All Rights Reserved.
5 Today, Systems Share the IP Network, But Don t Share Data Network Security Physical Security Network Location Provisioning, Visualization & Analytics (Management) Decisions (Control) Sensors & Actuators
6 IF-MAP Doesn t Replace Existing Systems & Applications It Enables Them to Easily Share Data Network Security Physical Security Network Location Provisioning, Visualization & Analytics (Management) IF-MAP Server Decisions (Control) Sensors & Actuators
7 Many New Applications are Emerging Just the Tip of the Iceberg Physical Network Security Cyber/Physical Security IT Automation (CyPhy) Provisioning, Convergence Visualization & Analytics Don t allow users Track the location and status of all IT assets to connect to the (Management) MAP network if they haven t badged Database into the building Decisions Don t allow a (Control) wireless device to connect if its located outside of the building (IPs, MACs, devices, hardware, VMs, apps, users, etc.) in real time Allocate assets on the fly, dynamically reprovision data centers Asset Management Cloud Computing Federate authentication and authorization status across private & public clouds Move computing workloads to the cloud when prices drop Sensors & Actuators
8 Vendor Support for IF-MAP is Growing Vendor Product/Function IF-MAP Client IF-MAP Server Byre Security SCADA Security X Now Great Bay Endpoint Discovery X Now Hirsch Electronics Physical Access Control X Now Infoblox DHCP Server (NIOS) X Now Infoblox Orchestration Server (IBOS) X Now Juniper Infranet Controller (Policy Server) X X Now Logisense Registration Portal, Billing System X Now Lumeta Network Discovery & Leak Detection X Now Mikado NAC Solution X H1-11 NCP VPN Client X H1-11 Open Source IF-MAP Client Stack (PERL) X Now Open Source IF-MAP Client Stack (C++) X Q1-11 Open Source IF-MAP Server (Omapd, Irond) X Now Open Source SNMP/IF-MAP Bridge X Now Q1 Labs SIEM X Q1-11 Avail
9 Some Infoblox IF-MAP Projects Large Aircraft Manufacturer (In Production) Security for factory control (SCADA) traffic over wireless factory network Firewall configurations loaded dynamically from IF-MAP server Uses firewall/vpn gateways from Byres Security (Tofino) Software Development Company (In Production) Network access control without software agents on endpoints Uses Infoblox DHCP server, Juniper UAC, Juniper firewalls Las Vegas Hotel and Casino (In Production) Differentiated IP services for every room (3000 Juniper firewalls) Uses Infoblox DHCP, Juniper UAC and firewalls (3000), Logisense registration/billing portal Global Bank (Starting Rollout) Dynamic, secure desktops deploying to 8000 users Uses QIP DHCP, Juniper UAC and firewalls JANET - National ISP for Higher Education in UK (Pilot) Federation of authentication data for EDUROAM service Uses IF-MAP federation Real-Time CMDB (Pilot) Real-time discovery of devices joining the network Uses Infoblox DHCP, IF-MAP client and OneCMDB (Open Source CMDB)
10 IF-MAP Protocol Overview
11 Unique Characteristics Cited by IF-MAP Supporters 1. Open, standard protocol 2. Lightweight, easy to implement 3. No global schema supports emergent structures 4. Pub/sub paradigm
12 IF-MAP Components IF-MAP Client(s) IF-MAP Server employeeattribute = active User Name = John Doe distinguishedname = C=US, O=myco, OU=people, CN=12534 Department = Sales failed-login-attempts = 3, login-status = allowed role = access-finance-serverallowed 3 MAP Client Operations: Publish Subscribe Search 3 MAP Server Objects: Identifiers Links Metadata
13 IF-MAP Access Operations Publish: Tell others that <metadata > Clients store metadata into MAP for others to see Example: Authentication server publishes when a user logs in (or out) Search: Tell me if match(metadata pattern) Clients retrieve published metadata associated with a particular identifier and linked identifiers Example: An application can request the current physical location of the user Subscribe: Tell me when match(metadata pattern) Clients request asynchronous results for searches that match when others publish new metadata Example: Tell me when any user s status goes from employee to terminated
14 IF-MAP Server Objects Identifiers Links All objects are represented by unique identifiers Connote relationships between pairs of identifiers Metadata Attributes attached to Identifiers or Links Typical Data Types: Identifiers: Identity, IP address, MAC address, Session ID, Device Metadata: AAA info (authenticated, role, capabilities/policies) Device info (AV running, OS level, screen size, etc.) Event info (unauthorized access attempt, etc.), Layer 2 info (port, VLAN), location, etc. Many others, plus user-defined
15 Basic Components of MAP Content Identifiers Metadata Link
16 IF-MAP Use cases
17 Use Case Solution for Policy-Based Remote Access User= John Windows 802.1X Client 00:11:22:33:44:55 1- Endpoint plugs-in 2- SW sends EAP Start 3- Supplicant sends credentials 9- SW opens port Endpoint requests DHCP 14- Endpoint generates traffic Infobox HA Pair DHCP/DNS Appliance 11-DHCP sends MAC-IP metadata to MAP identity = John MAP Database Accessrequestmac MAC = 00:11:22: 33:44:55 IP-MAC Cisco 3750 Switch 8- UAC sends RADIUS accept to SW Juniper SSG Firewall 4- SW sends RADIUS Credential to UAC 13- UAC activates L3 access on FW. Private Applications Juniper IC 4000 UAC 5- UAC does Auth. Lookup IF-MAP 6- UAC publishes To MAP Infobox HA Pair MAP Server 7- UAC subscribes to MAP 12-MAP sends IP- MAC to UAC AAA Authenticatedas CHANGE? CHANGE! Accessrequest = 113:3 Capability = access-privateapplications IP=
18 Use Case Integrated Network / Physical Security Solution Secure Zone 1 Zone 2 location = Zone 12 MAP Database Access Request Hirsch System (Physical Sensor) Publish: John in Zone 1 Publish: John in Zone 2 identity = John authenticated Cisco 3750 Switch Juniper SSG Firewall Policy Violation: Access Cut Off Classified Network Grants Access Request Juniper IC 4000 UAC Appliance Infoblox MAP Server Publish: John is Authenticated; Session ID 113:3 Subscribe: Changes to Session 113:3 Subscription Update: John in Zone 2 Publish (delete): John is Authenticated Hirsch UAC Employee Card MAP publishes Subscribes grants reader updates system (John) requests connects leaves access publishes firewall UAC to the to enters Zone the the for about to update policy the 1, access MAP zone to while corporate the update classified to the server to 1 location the to still MAP block the to MAP logged the network server access change MAP in CHANGE? CHANGE! Accessrequest = 113:3
19 Use Case: Real-Time CMDB MANAGED NETWORK MAC = 00:11:22: 33:44:55 IP-MAC DISCOVERY SENSORS / AGENTS Infoblox DHCP Server Publish IP= IP= IP-MAC Discovery Engine Topology Builder CMDB SERVER Discovery Results Update CMDB Invoke Discovery CMDB MAP Client Infoblox MAP Server MAP Database MAC = 00:11:AA: 33:44:55 IP-MAC MAC = 00:11:11: 33:44:55 IP=
20 Use Case: SCADA Security IP-based industrial control traffic shares the general IT network in the factory Endboxes provide VPN/firewall security Endbox configurations dynamically loaded from MAP server based on user, role, etc. Provisioning Client
21 Use Case: Federated IF-MAP Servers for UK EDUROAM Service Enables login at remote universities / research centers using home login credentials Serves 1.9 million users across 850 locations Enabled today using RADIUS Proxy Service provider (JANET) maintains database of roaming activity Univ A JANET Univ B Bbaker, Roaming from University D OK! Radius Server Radius Server Radius proxy Radius Server Radius Server Univ C Roaming Users Jsmith@univB.edu Bbaker@univD.edu Univ D
22 IF-MAP Federation for Next Gen EDUROAM Service Local RADIUS servers replaced by RADSEC servers RADSEC servers communicate directly no need for proxy JANET no longer sees RADIUS transactions, no view of who is roaming IF-MAP Federation provides a solution: -Local RADSEC servers publish user/location data to local MAP server -JANET s central MAP server subscribes to changes on university MAP servers Univ A Univ B Jjames, Roaming from University B OK! RADSEC IF-MAP Client Jjames@ Jjames@ univb.edu univb.edu JANET Local IF-MAP Server RADSEC RADSEC RADSEC Univ C Local IF-MAP Server Central IF-MAP Server Federation Subscriptions Local IF-MAP Server Univ D
23 IF-MAP has Applications in Cloud Computing and IT Orchestration Infrastructure 2.0 Working Group has been discussing the impact of virtualization & cloud computing on the network Members include equipment vendors, cloud providers and end users Infoblox, Cisco, Google, Microsoft, F5, Citrix, Bechtel, Boeing, NASA Developing an inter-cloud registry service based on IF-MAP Ongoing project at Open Cloud Consortium in Chicago Co-sponsored by Cisco CTO s office and UCS group More info at
24 Inter-Cloud Registry Helps Cloud Providers and Users to Match Workload Needs with Cloud Assets member of Cloud member of member of Virtual Network member of Virtual Network assigned to Virtual Machine Virtual Machine assigned to assigned to MAC Address IP Address assigned to assigned to Virtual Machine runs on assigned to MAC Address IP Address MAC Address IP Address
25 The Vision: IF-MAP Supports Data Exchange Among Infoblox, and Other Vendors Products Visibility Applications Infoblox DDI Provide DDI service Detect IPs Core Services DNS / DHCP / IPAM IF-MAP Orchestration Communicate / Take Action Closed Loop Automation Infoblox NCCM Check Infrastructure Infrastructure Recognize change 25
26 Resources
27 Infoblox NIOS Appliances Support IF-MAP Dynamically updates IF-MAP server when IPs are allocated, renewed, or released by NIOS DHCP server Infoblox NIOS Appliance Other systems can subscribe to updates and take action in realtime (e.g. discovery, configuration, scanning, open/close ports, etc.) Unique to the Infoblox DHCP server (today) DHCP Lease Information (IP, MAC, Start, Duration, etc.) IF-MAP Server
28 Infoblox Orchestration Server (IBOS): The World s Most Powerful IF-MAP Server Fully compliant with TCG standard Proven interoperability with other IF-MAP compliant products Unique Infoblox capabilities IF-MAP 2.0 compliant Lossless HA Fine-grained client authorization Data browser, extensive logging IF-MAP Federation Custom Identifiers Infoblox Orchestration Server Network Security Physical Security Network Location IF-MAP Client Systems
29 Resources Documentation & Freeware 3 minute video on IF-MAP on Orchestration/IF-MAP Solutions page on infoblox.com IF-MAP community Web site Includes links to open source IF-MAP servers and other resources Information about Infranet Controller: us/en/products-services/security/uac/#overview Complete protocol specs, information on TPM, TNC, Trusted Storage and related topics Infoblox IF-MAP Starter Kit: Free for 90 days, $995 in the US for perpetual license, 18% annual support VMware IF-MAP appliance Client simulator Open-source client stacks (PERL, java, C++) Open-source SNMP-MAP Bridge
IF-MAP Use Cases: Real-Time CMDB, and More
IF-MAP Use Cases: Real-Time CMDB, and More Richard Kagan EVP / General Manager Orchestration Systems Business Unit IF-MAP: A Powerful New Standard IF-MAP = Interface to Metadata Access Points An open protocol
More informationSecurity Coordination with IF-MAP
Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP?
More informationOrchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer
Orchestrated Security Network Automated, Event Driven Network Security Ralph Wanders Consulting Systems Engineer Orchestrated Security Network! " TCG/ TNC Architecture! " IF-MAP! " Use cases of IF-MAP!
More informationSecurity Orchestration with IF-MAP
Security Orchestration with IF-MAP Gary Holland, Lumeta/IMRI 2 November 2011 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Trusted Network Connect Explanation of IF-MAP
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationUnified Security TNC EVERYWHERE. Wireless security. Road Warrior. IT Security. IT Security. Conference Room. Surveillance.
Corporate Governance Employee Cube Road Warrior Surveillance Surveillance IT Security Data Center IT Security Conference Room Wireless security Manufacturing and Control TNC EVERYWHERE Unified Security
More informationTNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group
TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?
More informationARCHITECT S GUIDE: Mobile Security Using TNC Technology
ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org
More informationNetwork Access Control (NAC) and Network Security Standards
Network Control (NAC) and Network Security Standards Copyright 2011 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #1 Agenda Goals of NAC Standards What
More informationWHITE PAPER. Infoblox IPAM Integration with Microsoft AD Sites and Local Services
WHITE PAPER Infoblox IPAM Integration with Microsoft AD Sites and Local Services Infoblox IPAM Integration with Microsoft AD Sites and Local Services Today s enterprise infrastructure is dynamic, with
More informationInfoblox vnios Software for CISCO AXP
Summary Infoblox vnios for Cisco consolidates core network services such as DNS, DHCP and IPAM and others onto the Cisco Integrated Services Router (ISR) running the Application Extension Platform (AXP)
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationMANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013
MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY EMEA Webinar July 2013 Protecting the Enterprise Full Footprint Mobile user Application access management & Application security Enterprise headquarters
More informationIF-MAP Driving IT Agility through an Infrastructure Revolution
IF-MAP Driving IT Agility through an Infrastructure Revolution COMPANY OVERVIEW OVERVIEW AT A GLANCE IF-MAP does for coordination & collaboration what IP has done for connectivity. Effective use of information
More informationSOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect Nate.Isaacson@cdw.com
SOSPG2 Implementing Network Access Controls Nate Isaacson Security Solution Architect Nate.Isaacson@cdw.com Offer Pa Agenda The BYOD Challenges NAC terms The Big Picture NAC Solutions and Deployment What
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More informationMobile Secure Network Connectivity for Industrial Control Systems
Mobile Secure Network Connectivity for Industrial Control Systems Peaceful Coexistence in Mixed Control System / IT Environments Steven C. Venema Associate Technical Fellow Architecture & Networked Systems
More informationNetwork Access Security It's Broke, Now What? June 15, 2010
Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's
More informationUNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT
UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT John Stone CTO Cisco Systems Internetworking Ireland jstone@cisco.com 2005 Cisco Systems, Inc. All rights reserved.
More informationTrust: When Physical and Logical Security Worlds Collide
Trust: When Physical and Logical Security Worlds Collide Bob Beliles VP. Enterprise Business Development Hirsch Electronics Copyright 2009 Trusted Computing Group Copyright 2009 Trusted Computing Group
More informationChallenges in Deploying Public Clouds
WHITE PAPER Ensuring Enterprise-grade Network Services for AWS Infoblox DDI for AWS increases cloud agility, supports consistent network policies across hybrid deployments, and improves visibility of public
More informationEnabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches
print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your
More informationHOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES
HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES Brian Levy CTO SERVICE PROVIDER SECTOR EMEA JUNIPER NETWORKS CIO DILEMA IT viewed as cost center
More informationWeb Authentication Application Note
What is Web Authentication? Web Authentication Application Note Web authentication is a Layer 3 security feature that causes the router to not allow IP traffic (except DHCP-related packets) from a particular
More informationXenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series
XenMobile Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction... 3 What Is the Cisco TrustSec System?...
More informationOneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT
DATA SHEET OneFabric Connect Extend the OneFabric architecture to 3rd party applications BUSINESS ALIGNMENT Embrace BYOD by mixing and matching managed and unmanaged devices on the same infrastructure
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationWhatsUpGold. v3.0. WhatsConnected User Guide
WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected
More informationPulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published: 2015-02-10
Pulse Policy Secure RADIUS Server Management Guide Product Release 5.1 Document Revision 1.0 Published: 2015-02-10 2015 by Pulse Secure, LLC. All rights reserved iii Pulse Secure, LLC 2700 Zanker Road,
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationSimplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014
Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow
More informationTechnical Note. ForeScout CounterACT Endpoint Detection & Inspection Methods
ForeScout CounterACT Endpoint Contents Introduction.... 3 Overview of ForeScout CounterACT... 3 Overview of Discovery and Inspection... 4 Host & Network Device Discovery... 4 Endpoint Detection & Inspection
More informationCisco UCS Central Software
Data Sheet Cisco UCS Central Software Cisco UCS Manager provides a single point of management for an entire Cisco Unified Computing System (Cisco UCS) domain of up to 160 servers and associated infrastructure.
More information"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary
Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with
More informationUsing Cisco UC320W with Windows Small Business Server
Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following
More informationCNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills
More informationWHITE PAPER. Automating Network Provisioning for Private Cloud
WHITE PAPER Automating Network Provisioning for Private Cloud Executive Summary Roughly 80 percent of all enterprise IT today is virtualized. Virtualization is a key enabler in deploying private clouds
More informationMDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series
MDM Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction.... 3 What Is the Cisco TrustSec System?...
More informationNAC Guest. Lab Exercises
NAC Guest Lab Exercises November 25 th, 2008 2 Table of Contents Introduction... 3 Logical Topology... 4 Exercise 1 Verify Initial Connectivity... 6 Exercise 2 Provision Contractor VPN Access... 7 Exercise
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationConfiguring Infoblox DHCP
Copyright 2008 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in retrieval system, or transmitted, in any form or by any means electronic, mechanical, photocopying,
More informationRIDE THE SDN AND CLOUD WAVE WITH CONTRAIL
RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationInstalling and Using the vnios Trial
Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM
More informationGMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management
GMI CLOUD SERVICES Deployment, Migration, Security, Management SOLUTION OVERVIEW BUSINESS SERVICES CLOUD MIGRATION Founded in 1983, General Microsystems Inc. (GMI) is a holistic provider of product and
More informationSimplifying Private Cloud Deployments through Network Automation
WHITE PAPER Simplifying Private Cloud Deployments through Network Automation Build and Manage Agile, Scalable, and Reliable Private Clouds with Minimal Management Overhead Simplifying Private Cloud Deployments
More informationWiNG5 CAPTIVE PORTAL DESIGN GUIDE
WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated
More informationAbout the VM-Series Firewall
About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/
More informationCisco Knowledge Network
Cisco Knowledge Network Creating New Service Opportunities With TR-069 Steve Gorretta, Product Manager Network Management Technology Group December 5, 2012 C97-698002-00 2012 Cisco and/or its affiliates.
More informationTrusted Network Connect (TNC)
Trusted Network Connect (TNC) Open Standards for Integrity-based Network Access Control and Coordinated Network Security April 2011 Trusted Computing Group 3855 SW 153rd Drive, Beaverton, OR 97006 Tel
More informationReliable DNS and DHCP for Microsoft Active Directory
WHITEPAPER Reliable DNS and DHCP for Microsoft Active Directory Protecting and Extending Active Directory Infrastructure with Infoblox Appliances Microsoft Active Directory (AD) is the distributed directory
More informationPassTest. Bessere Qualität, bessere Dienstleistungen!
PassTest Bessere Qualität, bessere Dienstleistungen! Q&A Exam : JN0-314 Title : Junos Pulse Access Control, Specialist (JNCIS-AC) Version : Demo 1 / 6 1.A customer wants to create a custom Junos Pulse
More informationPaul Cochran - Account Manager. Chris Czerwinski System Engineer
Paul Cochran - Account Manager Chris Czerwinski System Engineer Next-Generation NAC Fast and easy deployment No infrastructure changes or network upgrades No need for endpoint agents 802.1X is optional
More informationUSING THE DNS/DHCP ADMINISTRATIVE INTERFACE Last Updated: 2012-3-5
USING THE DNS/DHCP ADMINISTRATIVE INTERFACE TABLE OF CONTENTS When is registration needed? What about the zoned network?... 3 What about guests?... 3 Explaining split horizon DNS... 3 Accessing the DNS/DHCP
More informationUser Identification (User-ID) Tips and Best Practices
User Identification (User-ID) Tips and Best Practices Nick Piagentini Palo Alto Networks www.paloaltonetworks.com Table of Contents PAN-OS 4.0 User ID Functions... 3 User / Group Enumeration... 3 Using
More informationStanford SDN-Based Private Cloud. Johan van Reijendam (jvanreij@stanford.edu) Stanford University
Stanford SDN-Based Private Cloud (jvanreij@stanford.edu) Stanford University Executive Summary The Web and its infrastructure continue to make phenomenal progress, allowing the creation and scaling of
More informations@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]
s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationGood MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series
Good MDM Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Imran Bashir Date: December 2012 Table of Contents Mobile Device Management (MDM)... 3 Overview... 3
More informationBuilding the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems
Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems Brian McCarson Sr. Principal Engineer & Sr. System Architect, Internet of Things Group, Intel Corp Mac Devine
More informationCNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions
CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions Overview The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure,
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationCisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks
Cisco IT Article December 2013 End-to-End Security Policy Control Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Identity Services Engine is an integral
More informationAdRadionet to IBM Bluemix Connectivity Quickstart User Guide
AdRadionet to IBM Bluemix Connectivity Quickstart User Guide Platform: EV-ADRN-WSN-1Z Evaluation Kit, AdRadionet-to-IBM-Bluemix-Connectivity January 20, 2015 Table of Contents Introduction... 3 Things
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationBRINGING NETWORKS TO THE CLOUD ERA
BRINGING NETWORKS TO THE CLOUD ERA SDN enables new business models Aruna Ravichandran VICE PRESIDENT, MARKETING AND STRATEGY ARAVICHANDRAN@JUNIPER.NET SOFTWARE DEFINED NETWORKING (SDN), JUNIPER NETWORKS
More informationQuick Start Guide. for Installing vnios Software on. VMware Platforms
Quick Start Guide for Installing vnios Software on VMware Platforms Copyright Statements 2010, Infoblox Inc. All rights reserved. The contents of this document may not be copied or duplicated in any form,
More informationSOLARWINDS PUBLIC TRAINING CLASSES MODULES COVERED: NPM, SAM, NCM, NTA, IPAM & VNQM FEATURES & BENEFITS
SOLARWINDS PUBLIC TRAINING CLASSES MODULES COVERED: NPM, SAM, NCM, NTA, IPAM & VNQM SOLARWINDS ORION SUITE INTRODUCTION Loop1 Systems offers public training for Solarwinds products in a comfortable classroom
More informationThe self-defending network a resilient network. By Steen Pedersen Ementor, Denmark
The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationShifting Roles for Security in the Virtualized Data Center: Who Owns What?
Shifting Roles for Security in the Virtualized Data Center: Who Owns What? SESSION ID: CSV-T07 Rob Randell, CISSP Director Systems Engineering Principal Security Architect VMware / NSBU Malcolm Rieke Director
More informationIP ADDRESS MANAGER 4.3 (IPAM)
REVIEWER S GUIDE IP ADDRESS MANAGER 4.3 (IPAM) REVIEWER S GUIDE CONTENTS Centralized IP address management 2 Automatic IPv4 subnet discovery 3 Active network scanning 4 IP address detail & history tracking
More informationInfoblox Grid TM. Automated Network Control for. Unifying DNS Management and Extending the Infoblox Grid TM to the F5 Global Traffic Manager
Key Differentiators Application Layer Availability Minimizes downtime and improves the user experience by determining health at the application layer for every user. Management Automation: Provides automated
More informationIBM 000-281 EXAM QUESTIONS & ANSWERS
IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of
More informationSECURE ACCESS TO THE VIRTUAL DATA CENTER
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
More informationHow to Set Up Automatic Subnet Scan Using SolarWinds IP Address Manager. Share:
How to Set Up Automatic Subnet Scan Using SolarWinds IP Address Manager Share: How to Set Up Automatic Subnet Scan Using SolarWinds IPAM? SolarWinds IP Address Manager (IPAM) allows you to perform scheduled
More informationCisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems
Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions
More informationEfficient and easy-to-use network access control and dynamic vlan management. Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom
Efficient and easy-to-use network access control and dynamic vlan management Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom 1 Connection to the enterprise LAN is often (too) easy
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationThe Importance of Standards to Network Access Control
White Paper The Importance of Standards to Network Access Control Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net Part Number:
More informationBYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center
More informationTECHNOLOGY WHITE PAPER. Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform
TECHNOLOGY WHITE PAPER Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform Abstract Enterprises are expanding their private clouds and extending
More informationSplunk: Using Big Data for Cybersecurity
Next Session Begins at 14:40 Splunk: Using Big Data for Cybersecurity Joe Goldberg Splunk Splunk: Using Big Data for Cybersecurity Joseph Goldberg Splunk Advanced Threats in the Headlines Cyber Criminals
More informationNetworking with Windows Server vb. Day(s): 5. Version: Overview
Networking with Windows Server vb Day(s): 5 Course Code: M10970 Version: B Overview Get hands-on instruction and practice implementing networking with Windows Server 2012 and Windows Server 2012 R2 in
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationSTARTER KIT. Infoblox DNS Firewall for FireEye
STARTER KIT Introduction Infoblox DNS Firewall integration with FireEye Malware Protection System delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks.
More informationKASEYA CLOUD SOLUTION CATALOG 2016 Q1. UPDATED & EFFECTIVE AS OF: February 1, 2016. Kaseya Catalog - 1 - Kaseya Copyright 2016. All rights reserved.
KASEYA CLOUD SOLUTION CATALOG 2016 Q1 UPDATED & EFFECTIVE AS OF: February 1, 2016 Kaseya Catalog - 1 - Overview of the Kaseya Cloud Subscription Solutions The Kaseya Cloud solutions are designed to meet
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More informationMicrosoft Windows Server System White Paper
Introduction to Network Access Protection Microsoft Corporation Published: June 2004, Updated: May 2006 Abstract Network Access Protection, a platform for Microsoft Windows Server "Longhorn" (now in beta
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationPOLICY SECURE FOR UNIFIED ACCESS CONTROL
White Paper POLICY SECURE FOR UNIFIED ACCESS CONTROL Enabling Identity, Role, and Device-Based Access Control in a Simply Connected Network Copyright 2014, Pulse Secure LLC 1 Table of Contents Executive
More informationActive Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge
Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge This paper will present a case study of Lumeta s participation in an open
More informationDeploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC
XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC Prepared by: Peter Bats Commissioning Editor: Linda Belliveau Version: 5.0 Last Updated:
More informationImplementing Microsoft Azure Infrastructure Solutions
Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently
More informationUser-ID Best Practices
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
More informationControl Tower for Virtualized Data Center Network
Control Tower for Virtualized Data Center Network Contents 1 Virtual Machine Network Environment Analysis...3 2 "Control Tower" Must Have an Overall Picture of the Network...4 3 Virtual Machine Migration
More informationIT Agility that Drives Business Forward
IT Agility that Drives Business Forward Richard Stiennon Chief Research Analyst Introduction There are six factors that drive the ever changing information technology space: Growth in Users Bandwidth Processing
More information