* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Slide 1
Survey
Document related concepts
Computer security wikipedia , lookup
Net neutrality law wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Wireless security wikipedia , lookup
Computer network wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Network tap wikipedia , lookup
Deep packet inspection wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Transcript
Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus . Firewall Network Processor: core concept and solutions Content Introduction: business value and technology trend Seeking decision: concept of secure network environment and intelligent “wire” FNP as a patented capability to keeping network infrastructure secure technical aspects functionality business solution Summary 2 Firewall Network Processor: core concept and solutions Key issues many companies : spend millions of dollars each year investing in business systems to make information available to authorized persons and customers seeing business value in access to Internet information infrastructure to improve employee performance … and seeking technology that can to give employees new functionality without opening the door to attacks and unauthorized access to securing sensitive business data 3 Firewall Network Processor: core concept and solutions Introduction Basic Internet principal and security issue: best-effort service (no internal QoS mechanism) simple authentication model ( trust network environment) Comments: •To enjoy Internet as a business media people must take control of traffic content in the many forms (VLAN,VPN, VoIP,…) and channels (IP, P2P..) •A deep understanding of how employees use Internet recourses requires effective security and management solution. 4 Firewall Network Processor: core concept and solutions Network infrastructure: are any “right places” for investment with low risks and expense? Service level Low Risk “border” Low Expense Packet processes “border” Set of “intelligent” nodes applications Business in a form of “applications” – Benephisheries: ASP, banks, electronic commerce companies, GRID computing, etc Business in a form of “packet traffic” , connectivity, Network access policy and bandwidth Benephisheries: communication hardware and software suppliers, ISP, Telco, e-PTN lines Comments: •business opportunity is close to service and access “border” •customers will deploy the security solution that suits their existing environment. 5 Firewall Network Processor: core concept and solutions Solution examples Technology added “value” E-commerce wide access turnover up VPN remote office outsourcing Access Management Single Sign-on employee Income productivity Comments: the best investments - reduction of business expenses The best innovations - reduction of technology risks 6 Firewall Network Processor: core concept and solutions Internet as a service media: User needs - Applications Application port/IP/MAC 1 ASP keeps Servers Application Port/MAC/IP n ISP controls IP Routers Application IP/MAC 2 Telco provides wire grid MAC/IP i Intellectual services (DB, CAD, PDM, routing, switching,) belongs to the network nodes; Telco service measures - bandwidth and delay Comment: There is “Gap” in the network service space - no “intelligent ” service processing on wire level Is this gap” become the business opportunity? 7 Firewall Network Processor: core concept and solutions “it_is_secure” wire infrastructure Application network IP/MAC 1 IP/MAC 2 IP logical space MAC grid MAC/IP n MAC/IP i “itiss” means : Merge existing packet switching technology and access management tools with innovative concept of “intelligent wire” - IP node preprocessor Find out the cost-effective decision to add intelligent feature to the wire infrastructure 8 Firewall Network Processor: core concept and solutions Fractel™ - Security Approach and Components & know-how Technical aspect: provides multilevel packet processing which retains current routing and access policies available in secure computer networks Decision & know how: “stealth” firewall network processor (FNP) that provides security functions “outside standard network nodes” (IPv4, IPv6, IPX,...) on the “wire level” Cost-effective platform for packet processing on MAC, IP, TCP and application levels 9 Firewall Network Processor: core concept and solutions Design Aspects: Deliver hardware level performance to software programmable device by: Asynchrony packet flow processing– “one hop many functions” (content and packet filtering) Scalable filtering performance – “one transport protocol many security applications” (web, ftp, sql, ..) 10 Aspect 1: Asynchrony traffic processing in “intelligent” wire Node m Node l router IP1 IP2 IP3 Link l Link l+1 process process process p1 p2 pn FNPi1 IP1 IP4 router IP2 IP3 FNPin IP4 Firewall Network Processor: core concept and solutions Aspect 2: One control mechanism for many applications content management Application1, application2 ….”Grid” of applications… … application n TCP/UDP TCP/UDP physical link packet buffer packet drops p2p virtual connection node 0 … node x node x+1 … node M 12 Firewall Network Processor: core concept and solutions Firewall NP (FNP) Design Principals Two types of network interfaces Filtering and Control functions Cost-effective platform Standard hardware and specific control software Flexible and scalable Management Industrial protocols (Active Directory, Open LDAP, WEB control interface) Innovative design Patented “address less” technology 13 Firewall Network Processor: core concept and solutions FNP Architecture incoming traffic 1 =F(1,2) Filtering module Stealth incoming interface(s) 2 Control interface External storage Service module authorization, UI daemon outgoing traffic Stealth outgoing interface(s) sockets Sf=F(2) SOpen s=F(2) source … … … OS kernel Cache hierarchy Local storage 14 Firewall Network Processor: core concept and solutions FNP Hardware Platform: 100/1000 Ethernet port (control interface) 100/1000 Ethernet ports LAN, DMZ, WAN (stealth mode) interfaces power switch 15 Firewall Network Processor: core concept and solutions Scenario 1: content switching (single-box deployment) Global Internet ISP network corporate network router or backbone switch Control Interface Administrative Segment with LDAP and FNP Logfiles DB Content switching FNP-1000/4 Web server end-user segment ftp servers 16 Firewall Network Processor: core concept and solutions Scenario 2: Solution for Data Center (protection environment for complex infrastructure) Global Internet switched network infrastructure 1 2 3 4 Metro WDM Ethernet switch Scalability FNP-1000/2 FNP-1000/2 FNP-1000/2 FNP-1000/2 Manageability Distinct VLAN segment Local Gigabit VLAN switches DC admin monitor Log DB internal network sensor Availability FNP-100/4S Local admin monitor control interfaces protected network segment stealth interfaces 17 public Internet VLAN segment admin and Log DB FNP-1000/4 Switch ta Firewall Network Processor: core concept and solutions Scenario 3: dynamic security control (… and third-party integration) fnp control interface Switch NAS-server Storage domain ftpserver Firewall rules are generated and dele automatically after W logon\logoff of the end user Windows Domain controller / Active Directory DNS 18 Firewall Network Processor: core concept and solutions Summary - FNP advantages : Based on patented architecture Delivers security appliance solutions for organizations of all types and sizes Support industrial standard and third-party integration within existing network infrastructure. Increase company’s productivity through the management of nonbusiness activities. Decreased bandwidth costs by limiting noncritical network traffic and blocking objectionable URLs and applications. Compatible with nearly every available cost-effective hardware platform 19