GHEM Secure Access Control



Similar documents
Advanced LCR (Least Cost Router) With SIP Proxy Server

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

Managed VoIP platform for delivering business class features to your clients. Deliver reliable Voice Over IP service without licensing costs

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

The IDG 9074 Remote Access Controller

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

SapphireIMS 4.0 BSM Feature Specification

Chapter 1 - Web Server Management and Cluster Topology

QRadar Security Intelligence Platform Appliances

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Lab Configure IOS Firewall IDS

Virtualized Open-Source Network Security Appliance

Secure VoIP for optimal business communication

Securing Networks with PIX and ASA

Routing Security Server failure detection and recovery Protocol support Redundancy

Huawei One Net Campus Network Solution

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

PATROL Console Server and RTserver Getting Started

Cisco Unified Communications Remote Management Services

Access Mediation: Preserving Network Security and Integrity

WHITE PAPER. The Business Benefits of Upgrading Legacy IP Communications Systems.

VitalPBX. Hosted Voice That Works. For You

mbits Network Operations Centrec

Opengear Technical Note

Managed File Transfer

CARRIER GRADE TECHNOLOGY FOR ENTREPRENEURS. DELIVER RELIABLE VOICE OVER IP SERVICE WITHOUT HEFTY LICENSING COSTS.

Business Case for the Brocade Carrier Ethernet IP Solution in a Metro Network

SapphireIMS Business Service Monitoring Feature Specification

JumpCloud is your Directory-as-a-Service. A fully managed directory to rule your infrastructure whether on-premise or in the cloud.

State of Texas. TEX-AN Next Generation. NNI Plan

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

1 Product. Open Text is the leading fax server vendor in the world. *

ehealth and VoIP Overview

SIP Trunking with Microsoft Office Communication Server 2007 R2

A More Secure and Cost-Effective Replacement for Modems

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

SIP Trunking Guide: Get More For Your Money 07/17/2014 WHITE PAPER

Exporting IBM i Data to Syslog

Leveraging Asterisk to Deliver Large Scale VoIP Services in a Carrier Environment. JR Richardson

SolarWinds Log & Event Manager

Virtualizing Open Text Fax Server with Realtime Fax over IP and Open Text Fax Gateway

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Oracle Net Services for Oracle10g. An Oracle White Paper May 2005

TORNADO Solution for Telecom Vertical

- Introduction to PIX/ASA Firewalls -

AWITEL solution and services for PTTs:

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

GE Measurement & Control. Cyber Security for NEI 08-09

axsguard Gatekeeper Internet Redundancy How To v1.2

Opengear Application Note

F-Secure Messaging Security Gateway. Deployment Guide

Remote Vendor Monitoring

KISUMU LAW COURTS: SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION. Page 54 of 60

SCS3205/4805 Quick Start Guide

Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB

How Small Businesses Can Use Voice over Internet Protocol (VoIP) Internet Technology for Voice Communications

Cisco Advanced Services for Network Security

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

74% 96 Action Items. Compliance

Cisco Virtual Office Unified Contact Center Architecture

Payment Card Industry Data Security Standard

Mida TerraFaxPro. Overview. Why Deploy a Fax Server

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

nexvortex VOIP DISASTER RECOVERY BUSINESS SOLUTION

Information Technology Cluster

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Cisco Networking Professional-6Months Project Based Training

Security and the Mitel Teleworker Solution

Deployment Guide for Citrix XenDesktop

Building Voice VPN with Simton IPX

CTS2134 Introduction to Networking. Module Network Security

FOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Network Management and Monitoring Software

Information Technology Security Procedures

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary

The Comprehensive Guide to PCI Security Standards Compliance

Brochure. Dialogic BorderNet Session Border Controller Solutions

Levelling the Playing Field

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

How To Use Ibm Tivoli Monitoring Software

Associate in Science Degree in Computer Network Systems Engineering

Inter-Tel 5000 Network Communications Solutions

Infoblox vnios Software for CISCO AXP

NET ACCESS VOICE PRIVATE CLOUD

CorreLog Alignment to PCI Security Standards Compliance

ReplixFax Fax over IP (FoIP) Technical Overview and Benefits

Cisco Active Network Abstraction 4.0

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Technical Proposition. Security

Transcription:

White Paper Copyright 2013. Valbrea Technologies Inc. All rights reserved.

Table of Contents Contents Executive Summary 3 Background 3 Price of a Security Breach 3 Cost of Neglect 4 Solution 4 Manage Access to Network Elements 4 Monitor Network Elements 5 Audit Features 5 Connectivity 5 Scalability and Failover 5 Implementation Scenarios 5 Traditional Telco 6 CLEC Competitive Local Exchange Carrier 6 Additional Features 7 Caller ID on TV Module 7 Remote Alerting and Console Control System (RACCS) 8 Benefits 9 Specifications 9 Copyright 2013. Valbrea Technologies Inc. All rights reserved.

Executive Summary Companies spend an enormous amount of money and time monitoring and securing access to critical network elements across the enterprise. If not judiciously managed, security holes creep into the network. The result from security breaches creates a financial toll and loss of trust in the company. In addition to security holes, improperly trained administrators can take down critical parts of the network or inadvertently introduce new security holes. GHEM Secure Access Control is a secure remote access application that provides strict access and real-time monitoring to disparate network elements across the enterprise. All administrative traffic to a network element is routed through a GHEM server making it an administrative gateway to all critical network elements. GHEM Secure Access Control controls access and can limit commands to a network element by user or group. The system classifies ports giving automated systems or select users priority access to specific ports. In addition, GHEM Secure Access Control supports aliases so network elements can be searched by other names such as CLLI codes. Authentication protocols such as LDAP and Active Directory are integrated into the system to make user administration a snap. With a user-friendly, web front-end, GHEM Secure Access Control makes it easy for administrators to globally view all port and monitor user activity across the enterprise. In addition, GHEM Secure Access Control provides a web terminal so end-users do not have to install or maintain additional emulators. Having implemented the application at small, medium and large telecommunications customers across the globe, GHEM Secure Access Control is the manageable secure solution for your telecommunications network. Background Telecommunication companies have a large quantity and variety of critical network elements to support their telecommunications infrastructure. The variety of equipment requires multiple communication protocols and custom logon scripts to maintain the equipment. This equipment is normally dispersed over a large geographical footprint making it uneconomical to maintain equipment locally. Companies managing telecommunication networks require efficient, standard, and secure means to remotely administer all of their equipment. Companies prefer a solution that uses commodity hardware, leverages existing authentication systems, that doesn t require additional software dependencies or technical expertise to operate. Price of a Security Breach Access to the network gives unauthorized users ability to perform malicious attacks and steal proprietary information. The average cost to a company for a security breach in 2011 was over 5 million dollars. Therefore, the liability for a telecommunication company handling thousands of organizations is in the billions of dollars. Valbrea Technologies Page 3

Cost of Neglect In addition, today s economy puts demands on fewer resources to maintain the constantly changing network infrastructure. Fewer resources with additional work and/or relying on improperly trained resources turn into neglect. According to the Ponemon Institute, thirty nine percent of organizations say that negligence was the root cause of the data breaches. Solution With decades of experience in the software, security, and telecommunications industry, Valbrea teamed with partners to deliver an economical, yet very robust security application called GHEM Secure Access Control. GHEM Web provides a user-friendly, web front-end to GHEM. GHEM, Global Host Element Manager, is a command-line based system that manages all of the security features of the network application. The diagram below shows how GHEM Secure Access Control is configured within a network. Secure Connection GHEM Web Server GHEM Servers Network Elements Command-Line Users Automated Tasks INTERNET VPN SSH FIREWALL GHEM Server Telephone Switch Users INTERNET VPN HTTP FIREWALL GHEM Web Server GHEM Server Server Users LDAP Server Router All administration traffic is routed through GHEM Servers by statically connecting ports (or nailing-up ports) from the network elements to the GHEM servers. This prevents other devices from attaching to the network elements. (An option is provided for dynamically connecting ports but is not recommended.) The system highlights are as follows: Manage Access to Network Elements Restrict User Access by Individual or Group Limit User Commands by individual or Group Optimize Access (one side-effect of static ports if waiting on a port to become available. GHEM Secure Access Control allows users to log them in as soon as the port becomes available) Automatic Port Timeouts to Clear Inactive Sessions Single Sign On (SSO) for all Network Elements (Supports LDAP and Active Directory) Designate Priority Access to Ports using Port Classification (for automated tasks or super users) Valbrea Technologies Page 4

Monitor Network Elements Monitor and Control Any User s Session in Real-Time. Ability to Override User Commands or Disconnect User in Real-Time. Real-Time View of Every Port (administrator can see all activity across the enterprise) Audit Features Logs connections and all user commands to a host Creates Session Files that allow administrators to replay a user s entire session. Connectivity Supports the following methods of connectivity for network devices: telnet, SSH, Modem Ports, and X.25. Manages ports to throughput. Therefore, since many central office port cards are set to different baud rates for input and output port speeds, GHEM will manage this appropriately. GHEM natively supports legacy IBM X.25 cards (AIX). X.25 is port dependent on the TP4 (i.e. 64 port/128 port connections); therefore, utilizing existing or same type port master cards would provide the smoothest transition. Scalability and Failover To successfully secure a large telecommunications network, the solution had to scale and be fault tolerant. The simplicity of GHEM Secure Access Control makes it easy to scale by adding additional hardware. For small to medium-sized customers, adding memory and disk space handles most scalability issues. Larger customers would add additional servers. Failover requires additional servers. Below is a sequence of diagrams to illustrate how GHEM handles failover. 1 2 3 Implementation Scenarios GHEM Secure Access Control can be implemented in any size telecommunications environment using a variety of configurations. Typical implementation scenarios are within the telecom industry and are shown below: Valbrea Technologies Page 5

Traditional Telco CLEC Competitive Local Exchange Carrier Cloud VOD server Set Top Box TV User Access Cisco ASR IAD Configuration Management System GHEM VOIP Switch Cisco CRS Cisco ASR Cisco CRS Performance Management System PSTN GHEM provides managed access, including real time command monitoring and restrictions, for users and systems accessing any command line base systems including Cisco IOS based devices, such as CRS (Carrier Routing System), ASR (Aggregation Services Router) VoIP (Voice over IP) switches MTSO (Mobile Telephone Switching Offices) Wireline Switches Wireline Swtich MTSO Cell Tower Smart Phone Tablet Valbrea Technologies Page 6

Additional Features Since GHEM already contains technology to communicate within the telecom network, GHEM has the capability to perform additional tasks Caller ID on TV Module In this scenario, GHEM is used to display caller id information on a subscriber s television. Landline Caller Wireless Caller TDM Phone Network LIDB AIN gets calling name (if avail) AIN Telcordia SPACE (r) CO Switch AIN Trigger on Subscriber s phone sends calling and called numbers to AIN Subscriber s Phone w/ AIN Trigger AIN sends calling and called numbers, plus calling name to GHEM TV channel display + Caller ID on TV Set top box GHEM GHEM formats and send caller ID data to the Set top box server Set top box server. Provides IPTV channels and other services, such as caller id on TV Subscriber s TV Valbrea Technologies Page 7

Remote Alerting and Console Control System (RACCS) RACCS is an alarm management and console control system for specific network elements, such as the GTD5, DMS100, and 5ESS. Utilizing GHEM Secure Access Control or similar secure access systems, RACCS provides authorized remote access to the master console ports such as the GTD5 RCDT, DMS100 MAP, and 5EESS MTTY consoles. The master console port provides visibility into the log of recent alarms. Alarms on each of these consoles are summarized and displayed via a web interface which can be tuned with filtering, sorting, and searching capabilities of recent alarms.. MTTY RACCS w/ GHEM Everett Mediation Device BlackBox Modem Splitter 5ESS 5ESS Configuration Modem splitter spits the MTTY port Allows remote viewing and control of MTTY COAMN Private IP Network LCDT RCDT Port Mediation Device GTD5 GTD5 Configuration RCDT port attached to mediation device LCDT operates normally RACCS w/ GHEM Ft Wayne MAP MAP Port Mediation DMS100 Device DMS-100 Configuration Attach any MAP port to mediation device Valbrea Technologies Page 8

Benefits GHEM Secure Access Control has been successfully implemented in small, medium and large telecommunication companies in several countries. The system s design and functionality deliver results that include: Proven Technology Ease of Implementation Requires Minimal Training Runs on Standard, Commodity Hardware Leverages existing user authentication systems such as LDAP or Active Directory Does not require the expense of a database or database administrator Specifications Below is a list of current specifications required for GHEM Secure Access Control: Currently supported on AIX or Linux 32-bit platforms. Other Unix variants are possible providing that variant supports the GNU C compiler. GHEM currently relies on hardware solutions for application failover and redundancy. Server sizing must be determined based on the user load, data storage, and number of X.25 ports required for a particular server. Since X.25 is a required technology, we recommend the use of IBM servers which support the built-in X.25 card. GHEM currently supports this card up to AIX version 5.2. Later versions of AIX are possible, but further testing would be required to certify the drivers for the X.25 card. GHEM also supports, although testing for specific devices would be required, external IP-to-X.25 mediation devices should the customer prefer this hardware option. In this case either AIX or Linux would be supported. GHEM stores all data in flat files locally on the application server; therefore, the system has no database or storage provider requirements. Valbrea Technologies Page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information