CPU - SDCC.vn | studyslide.com

CPU - SDCC.vn

Transcript CPU - SDCC.vn

Securing your Digital Assets
Gabriel Tan,
District Manager, South Asia
Nokia Enterprise Solutions
1
About Nokia
• World leader in mobile communications
• Frontrunner in providing mobile, broadband
and IP networks
• Sixth most valuable brand (Interbrand)
• One of the world’s most respected companies
(PriceWaterhouse & Financial Times)
• As mobility and Internet converge,
Nokia is committed to further enriching
the daily lives of people
2
Nokia Organisation
Customer and
Market Operations
Mobile
MultimediaNetworks
Phones
Technology
Platforms
Strategy, Research,
Venturing and Business
Infrastructure
Enterprise
Solutions
3
Top of mind issues for security
 Hardened for security
 Simple & manageable
 Reliable
 Cost
 Support multiple applications
…and something that adds more complexity
…securing wireless
4
Customers still want security appliances …
By 2007, 80% of all network security solutions will be
delivered via a dedicated appliance. - IDC
… and they want more from these appliances.
What is the primary driver behind
appliance-based security technology?
What Security Function are you likely to
deploy on a security appliance?
81%
Convergence (UTM)
Better
price/performance
Obtain higher level
of security
Simpler
manageability
5
52%
75%
74%
63%
60%
Web
Content
Application
Firewall
58%
73%
79%
IDP
Network
Firewall
Email
Security
Nokia Aligned With Market Preferences
In-Stat (2005)
• Set For Explosive Growth
Gartner (2005)
Suite/Single
Vendor, 11%
Forrester (2005)
• 50% of enterprises prefer separate
stand alone appliances
•14% prefer all-in-one
•28% prefer integrated
Multivendor
Integrated, 37%
Best of Breed,
52%
Source: Gartner (July 2005)
6
Nokia IP Security Platforms
Nokia IP2250
DataCenter
Service
Providers
Nokia IP1260
Nokia IP1220
Large
Enterprise
Price
Nokia IP710
Nokia IP560
Small to
Mid
Enterprise
Remote
Office
Branch
Office
Nokia IP380/IP385
Nokia IP350/IP355
Nokia IP260/IP265
Check Point VPN-1 Pro or
VPN-1 Express
Nokia IP40
Performance & Functionality
7
The Power of Two: The CheckPoint and Nokia
• Overview
•
•
8+, year partnership between Nokia and Check Point
Nokia and Check Point Provide Security to 92 out of Fortuner 100.
Check Point
•
•
•
No. 1 Internet Security Company: Built on Firewall Software Success
Award winning GUI
Patented Stateful Inspection
Nokia
•
•
•
•
•
•
300,000+
Installations
Internet Security Appliance Pioneer
Built to secure demanding traffic
Fastest performance Platform For Check Point (IPSO)
‘Audit’ Grade HW Build, OS and Management tools Enterprise and Carrier
The First and Leading HA Firewall Solution for Check Point
Global Support and Service
• Innovation
•
•
•
•
Check Point / Nokia
Installations
Patented security technologies
Jointly-developed acceleration technologies
Several IETF Reference Points (IPv6, VRRP) etc..
600+ security focused engineers
1998
8
2006
Nokia Security Firewall Appliances
• IPSO - Hardened OS designed
for security
• Simple procurement and
configuration
• Single support point for the entire
solution
• Comprehensive quality assurance
on complete hardware and
software solution
• Network-centric product
architecture
• First-Call, Final-Resolution support
Nokia IP2250
Nokia IP12xx
Nokia IP710
Nokia IP3xx
Nokia IP26x
Nokia IP40
9
Nokia IP Security Appliance Platforms
•
Hardware
•
Nokia Pioneered The IP Security Appliance, knows more about Security Appliances Than Any other Vendor
•
Nokia Designs and builds Entire Appliance Platform, down To Component Level, including boards etc…
•
Nokia Develops and QA’s all hardware driver software, with specialized toolsets and bench configurations
•
Nokia Provides Redundant hot swap power supplies
•
Nokia Provides Redundant hot swap Network Interface Cards
•
Nokia Provides Solid State and HDD based System Solutions
•
Nokia Delivers High Port Density, High Connectivity Solutions
•
Nokia IP Appliances are Built with Ease of Serviceability in mind
•
All Systems Quality Assured Under Ideal and ‘Real World’ Operational Environments
•
All ‘installed base’ hardware, operating system and application combinations QA’d together
•
Nokia Continues To Invest in Hardware Innovations – ADPs, Solid State Support, 10GigE
10
Nokia IP Security Operating System
•
Operating System – IP Security Operating System
•
Network Element Operating System, Optimised For Packet Forwarding
•
IPSO High Performance Forwarding based on Patented IP Switching Technology
•
ASIC Firewall Performance From Software Based Firewall, with no Restrictions on Flexibility
•
Built On Carrier Grade, ‘Battle’ Proven, IP Networking BSD IP Stack, used by Operators and ISPs
•
Nokia Hardened* Operating System IPSOTM
•
Early Implementation of Digitally Signed OS
•
Less Than 10 CERTs in 8+ Years of Field Deployments
•
Firewall acceleration pioneer, Nokia Patented IP Firewall Flows
•
The market leader and pioneer in integrated high availability firewall technology VRRP-MC to IP Clustering
•
World Class, well proven, standards adherent routing
•
Well proven IPv6 Implementation, deployed in ISP and Operator Networks for 5yrs+
•
Multiple OS Image Management for rollback and recovery operations
•
Powerful CLI, and Diagnostic Shells
•
Nokia Pioneered Web Interface For Security Appliance Management – Nokia Voyager Element Manager
•
Nokia Pioneered Security Appliance System Level Management – Nokia Horizon Manager
•
Do No Harm patch, upgrade and management technology for Entire Systems including Security Applications
•
Nokia Hardware and Software Asset Auditing tools
•
Nokia Brings F.C.A.P.S Best of Breed NMS to Security Appliance - Nokia Appliance Manager
11
What is A Secure Appliance Operating System?
• “Applications cannot be more secure than the kernel functions they call”
• OS is the right place for security
Operating system security is fundamental to the security of every computing
system because operating systems are a critical point of failure for the entire
system. Unfortunately, attempts to secure computer systems continue to be
based on the flawed assumption that adequate security can be provided in
applications with the existing security mechanisms of mainstream operating
systems. The reality is that secure applications require secure operating
systems, and any effort to provide system security that ignores this premise is
doomed to fail. – NSA
12
Anatomy of A Secure Appliance Operating System
Enforces the Security
Policy
with a Security Model
implemented by kernel
components and by
kernel modularity
Identification and Authentication
User Data Protection including
Access Control
File integrity
Security Audit
Security
…
Function
s
Programming Techniques
Development Procedures
Security Hardening
Building
Secure
Software
System
Architecture
Common Criteria
ITSEC
FIPS 140
IS 17799
SAS-70
13
Independent
Validation &
Certifications
Deployment
Processes Secure Delivery
Digitally-Signed Binaries
Secure Lockdown
General Purpose Operating System Security
Solutions
Software Based
(Server Appliance)
Packet
Processing
Policy
CPU
Flexible but NOT fast
14
ASIC Based Security Solution
Hardware Based
(ASICs)
Policy
Packet
Processing
Fast but NOT flexible
15
Nokia IP Security Appliance
Nokia
Policy
CPU
CPU
CPU
CPU
API
CPU
CPU
NPU
CPU
Packet
Processing
Fast + Flexible
16
Nokia Unique Value Proposition
Nokia
Policy
Hardware Based
(ASICs)
Software Based
(Server Appliance)
CPU
CPU
CPU
CPU
Packet
Processing
Policy
Policy
API
CPU
Packet
Processing
CPU
CPU
NPU
CPU
Packet
Processing
Fast + Flexible
Fast but NOT flexible
17
Flexible but NOT fast
In Other People’s Words
"As a dedicated hardware platform, the Nokia IP260
offers some ferocious capabilities.“
Nokia IP2xx
Nokia IP3xx
-Network Computing Magazine
“This product shows how two companies can work
together to create a product better than the sum of
its parts”
-Secure Computing Magazine
“A versatile and flexible solution for the high
end of the market”
-Secure Computing Magazine
Nokia IP2250
18
IP Security Appliance Business
• Business Week, 28 Aug ‘02- Nokia's Security Connection
"force to be reckoned with... According to tech researcher IDC, Nokia is quickly
grabbing market share in the exploding market for firewall/VPN appliances“
• 25.6% of Asia Pacific Security Appliance Market Share
• Nokia with Check Point VPN-1/FireWall-1
has 62% VPN and 41% firewall market share
(Infonetics Research, VPN Hardware Market)
• Frost & Sullivan 2005 Firewall market share
for Vietnam, Nokia ranked #1
19
Nokia SSL VPN
Enables new mobile connectivity applications
Executive access
Internet
Business Continuity
20
Nokia IP VPN Gateways
• Fully-integrated, secure IPSec VPN gateways, with multiple
options, for fast, easy deployment in high-performance networks
• Advanced dynamic connectivity to mobile devices and other VPN
gateways through robust broadband and routing functionality
• Extreme system availability using diskless hardware, patented
clustering and patent-pending adaptive networking technologies
• Product targeted for government sales through planned industry
certification including FIPS-140-2, EAL4, ICSA and VPN Consortium
Large Office
Pric
e
Medium
Office
Remote
Office
Branch
Office
Nokia 50i
VPN Gateway
Nokia 100i
VPN Gateway
Nokia 5i and Nokia 10i
VPN Gateways
Performance
21
Nokia 500i *
VPN Gateway
* Available in 1H 2005
Nokia Mobile IP VPN Solution
Native Windows
L2TP/IPSec
client
Wireless Network
(GPRS, 3G)
Headquarters
Internet
Nokia 50i
Nokia 10i
Corporate
Wi-Fi
Nokia Mobile
VPN Client
Branch Office
Nokia VPN Mgr
(with Nokia SSM)
Site-to-Site Connectivity
22
Remote Access Connectivity
Mobile VPN
Client
Nokia Enterprise Solutions
ANY Mobile Device
Mobile
Devices
& PDAs
Nokia VPN
Manager / NHM
Employees on
enterprise device
IT Security
Infrastructure
IT Apps /
Assets
Nokia Firewall/VPN
Access
Network
Nokia SSL VPN
Internet
Nokia IP VPN
Employees on
non-enterprise device
Authentication & Encryption
Access Control
Intrusion Detection
Anti-Virus
23
Applications, Files,
Authentication, etc.
Nokia Service – First Call – Final Resolution
Nokia provides integrated single source, and single contract, support for
Check Point VPN-1, Nokia IP Security Platforms, interface cards, VPN
accelerator cards, HA software and routing protocols.
• Direct Access To Engineering
•Support
resources have a direct line to hardware engineering, software
engineering and QA teams – No company boundaries to span during resolution
• Three SCP Accredited TAC centers for follow the sun service
• Comprehensive support offerings available worldwide
•8x5 VAR fulfilled or Nokia fulfilled support
•8x5 onsite VAR fulfilled or Nokia fulfilled support
•24x7 VAR fulfilled or Nokia fulfilled support
•24x7 onsite VAR fulfilled or Nokia fulfilled support
24
Global Support Infrastructure
Finland
UK
Canada
USA
West
Mexico
Hungary
Germany
Italy
Spain
Belgium
Japan
USA
East
USA South
East
China
HK
Columbia
Taiwan
India
Singapore
Brazil
Malaysia
Argentina
Enterprise level technical support
delivered by
Global Technical Assistance
Centers
•
•
•
Nokia First Call-Final Resolution
Follow The Sun Support
Available 365x24x7
Hardware Repair and
Replacement Services
Networking Equipment
End User help desk support
delivered by 19 Customer Care
Centers globally
•
•
•
•
•
Mobile Devices
•
•
•
25
Field support in more than 2000 cities
Onsite Service Options: NBD, Same
Day
4 Hour Response, 2 Hour Response
Advanced Exchange
Return and Repair
Walk In Service
Set up assistance
Access to device specialists
>1000s of repair service points globally
Global TAC & Field Infrastructure
Technical Support:
Global 365x24x7 Nokia Technical Support (First Call – Final Resolution) through Follow the Sun Model.
Three regional Technical Assistance Centers (TACs) & four Product Line Support (PLS) Centers located with R&D.
(TACs) in Kanata, London, Singapore, India and Tokyo. (PLS) in Mountain View, Pittsburgh, India & Helsinki.
Advanced HW Replacement:
5 Global DHL Hosted Spares Depots in Cincinnati, Brussels, Singapore, Tokyo & Shanghai.
Same Day Shipping Globally & Next Day Delivery in the US, EU, Singapore, Japan & China.
On-Site HW Replacement:
Global Field Services Infrastructure for 5x8xNBD / 24x7x4h On-site HW Replacement.
2000 Field Service Locations Globally
26
Nokia Uniqueness in Unified Threat Management
Problem:
• Multiple discrete services x Multiple Locations = Security Trade-Offs
Nokia UTM:
• Unified secure mobility services x Multiple locations = Limited Trade-Offs
Firewall
Services
Access Control
Application
Control
Protocol
Validation
Enforcement
ID/P
Services
Broad Attack
Detection
Deep Packet
Inspection
Application Control
Real Time Response
Network AV
Services
Virus Mitigation
Spyware, Adware,
Malware Detection
and Control
Malicious Mobile
Code Mitigation
Security Appliances with a “tuned” Operating System
(Nokia appliances with IPSO Operating System)
Services
Resiliency, Performance, Policy Control, flow management,
Anomaly Detection, Regulatory Compliance, extensibility
27
Security and Mobility Unification
Nokia
Unified Threat Management Functions
Firewall
VPN (IP &/or SSL)
ID/P
• All-in-one secure mobility
architecture
• Ease of management,
integration, deployment
• Consolidated management framework
28
Email, PIM
Server
Directory Services
Email
VoIP
Directory
DNS
Nokia
Management
Center
(Admin Interface)
29