Corporate Presentation Template March 2006
Download
Report
Transcript Corporate Presentation Template March 2006
Selling in the Telco sector
JOSE GRANDMOUGIN
EMEA SENIOR CONSULTANT
26. 11. 2009
Security Solutions for Service Providers
• Two discrete solutions for Service Providers
1
2
Protecting the customer
(Managed Security Service Provider)
Protecting the Service Provider’s
Infrastructure
RADIUS SERVER
SGSN
GGSN
Subscriber
Network
Subscriber
Network
Subscriber
Network
MOBILE
NETWORK
Managed Security Services
Traditional CPE / Client Based MSS
Internet
NOC/SOC
4
Virtualized Services
• Per Customer Virtual Domain
• Application Control
• Web Filtering
• AntiVirus / AntiSpyware
• Data Leak Prevention
• AntiSpam
• Intrusion Protection
• VPN (IPSec / SSL)
• Firewall
• Dynamic Routing
5
Security Processing Modules
ADM-XE2 and ASM-CE4
• Intrusion Prevention Offloading
• Inspects traffic traversing network interfaces
for network-based attacks
• Provides protocol anomaly and signaturebased inspection
• Multi-Gigabit performance
ASM-CE4
• Firewall Offloading
• Inspects traffic traversing network interfaces
and blocks/allows according to firewall policy
• Line-Rate performance
• IP Multicast Offloading
• Accelerates and routes IP Multicast traffic
• Contributes to improved performance of video,
voice, and other IP Multicast applications
ADM-XE2
NP4 Based Dual Wide AMC Module
• Compatible with 5001A/3810A
• Firewall and IPSec offload
• 4 x 10G SFP+ Interfaces
• Includes 2xSR SFP+ transceivers
• 20G Firewall Processing
• 8G IPSec VPN Processing
ADM-XD4
7
Value Added Internet Access Services
Customer 1
Customer 2
Internet
Customer 3
COMPETITION
WINNING FACTORS
• Juniper
• CrossBeam
• Cisco
• Protection Profiles and Virtualization
• Routing flexibility
• Hardware scalability
8
Value Added RAS
Client
Internet
Internet
CPE
COMPETITION
WINNING FACTORS
• Cisco
• Features Integration, IPSec, SSL VPN
• Juniper
Antivirus, Web Filtering
• Self Service Management Portal
9
3G High-Performance VAS
3G Network
Internet
COMPETITION
WINNING FACTORS
• Cisco
• Juniper
• Features Integration, Fast Antivirus services
10
• Self Service Management Portal
• 10Gb real throughput
Management Interfaces in the Cloud
Provisioning
Billing
XML API / GUI
Device Group
CUSTOMERS
MGMT
JSON API
Self Service
Portal
Network
XML API
LOG / ARCHIVE
QUARANTINE
Device Group
GUI
CLI / SNMP / GUI
Troubleshooting
NOC / SOC
11
Monitoring
FortiManager Portal User
• Portal Customization
• Development Toolkit
• Provides a full set of customization options
• Function, content, and branding
• Secondary database interfaces
• Consumer Portal
• Simplified option set
• Uses Development Toolkit
• Targets consumer opportunities
• Linked with Dynamic Profile Feature
on FortiOS Carrier
Virtualized Management
Multiple Administrative Domains
• Administrative Domain (ADOM)
• Per Customer / Device Group Policy Management
• Per Customer / Device Report Generation
• Supports VDOM groups and physical device groups
in any combination
Admin 1
Device Group 1
Admin 2
Customer 1
Customer 2
Device Group 2
Dynamic Security Profiles
Dynamic Security Profiles
RADIUS
SERVER
Radius Accounting Message
PORTAL
SERVER
Portal Provisioning
Dynamic Policy Created
Applies to two key target service provider markets
• Managed Security and Mobile
Allows user “Self-Service” automation
• RADIUS Accounting Record attributes used to create a context for a source IP address
• Context can associate IP address with any other RADIUS attribute
• Username, MSISDN, Service Name
• Protection Profile also extracted from the RADIUS record
• Assumes an authentication event has occurred within the Carriers network
• Typical in both fixed (DSL) and mobile environments
DYNAMIC
SECURITY PROFILES
Dynamic Security Profiles
In Home Parental Control*
Provides an authenticated bypass of the Service Restrictions
Within a domestic environment
Both end-points (users) are behind the same NAT boundary
Clientless solution to differentiate access – no software to ‘hack’
Parental control is maintained
DSL
Home user 2
(Child)
DSL
Home user 1
(Adult)
*FortiOS Carrier 4.1
NAT
www.badsite.com
DYNAMIC
SECURITY PROFILES
Dynamic Security Profiles
End-Point customisation
• Per end-point Black / White List
• End points (users, MSISDN) can have their own black white list
• No requirement for end user to access FortiGate infrastructure
• Can be populated on Self Service Portal
• Dynamically configured on FortiGate as end points attach
• RADIUS VSA Extension, no fixed limit for URLs
Self Service
Portal
DSL+3G
DYNAMIC
SECURITY PROFILES
www.badsite.com
*FortiOS Carrier 4.2
Infrastructure protection
FortiOS Carrier 4.0 Highlights
Dynamic Profiles
Per user services via a RADIUS API
Protection Profile derived from RADIUS record
Session Initiation Protocol (SIP) Security
Stateful SIP tracking, Malicious SIP message protection , SIP Rate
Limitation
SIP Transparent or SIP NAT mode, IP Topology Hiding, RTP Pinholing
Geographical Redundancy, SIP Stateful High-Availability
Multimedia Message Service (MMS) Security
Antivirus, Antispam/Antifraud, Antiphising (via Web Filtering)
Sender and Admin notification
GPRS Tunneling Protocol (GTP) Firewall
3GPP 29.060 version 6.9.0, including Overbilling Protection
Protocol Anomaly Checks, IMSI/APN/IE filtering
FortiCarrier SIP Security
VOICE SECURITY
NGN Network Topology
- Call Control
- Routing
- Features
- Billing
- Hosted NAT Traversal
- Call Admission
- Interoperability
- Interworking (IWF)
- Media Pinholing and Policing
- SIP aware Firewall
- Denial of Service prevention
- Message Filtering
- Message rate limiting
- IPS detection and prevention
SIP
Softswitch
Application
Server (AS)
Session Border controller
Signalling
Control
(SIP)
Media
Control
(RTP)
SIP Firewall
SIP
Optional
RTP bypass
RTP
All Traffic – Access and Peering
20
SIP
RTP
Mobile Security
• FortiCarrier also provides:
• MMS Antivirus
• MM1/3/4/7
CONTENT
PROVIDER
MM3
MM7
• Monitor mode
MMSC
• Intercept, Archive, Quarantine, Block Actions
• Sender Notification and alerting
• MMS Antispam
• MM1/4
INTERNET
MM1
MM4
OTHER
OPERATOR
• Duplicate Message, Sender Flooding
• Admin Notification
MOBILE SECURITY
Cloud / Endpoint Managed Services
Global Service Offerings
• FortiGuard™ Global
Research Team provides
original security intelligence
via FortiGuard subscriptions
• Antivirus
• Intrusion Prevention
• Web Filtering
• Antispam
• FortiCare™ Support services
provides technical assistance
anywhere, anytime
• Multiple service levels to meet
customer requirements
FortiMail – Email Security
• Role Based Administrative Domain Management
• Thousands of domains
• LDAP Profiling
• Outsourced policy management / service enablement
• Inbound and Outbound Antivirus and Antispam
• Centralised Quarantine
• Multiple Operating Modes
• Server, Gateway/Relay and Transparent
• Unlimited License Model
• Not per mail box or domain
• Integrated with FortiManager and FortiAnalyzer
• Chassis Blade and Appliance Form Factor
24
FortiClient
Desktop Access to FortiGuard Services
• Antivirus & Antispyware
Protection
• Personal Firewall
• Content Filtering
• Windows Registry Monitor
• IPSec VPN Client
• Private Label Branding
• Microsoft MSI installer for rapid
deployment to many clients
• Client lockout to prevent
unauthorized configuration
• License Control
FortiMobile Security Client Software
•
Symbian Series 60
•
•
•
Windows Mobile
•
•
•
•
2nd Edition: v7.0s, V8.0a, v8.1a
3rd Edition: v9.1, v9.2, v9.3
2003 SE: Pocket PC, PPC Phone
5.x: Pocket PC, PPC Phone, Smartphone*
6.x: Professional, Standard, Classic
Capabilities include
•
•
•
•
•
•
Personal Firewall
VPN (IPSec, SSL)
Incoming Call Filter
SMS Antispam
Antivirus
Phone Security
•
•
(Contact / SMS / Call Log / Data Encryption)
Multi-Language Support
Smartphone support to be added in 4.3
Questions?