Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

W&M 2009 – HP ProCurve Unified Wireless and Wired Networks

301
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
301
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • As organizations deal with threats they are also struggle with an increased push for efficiency and a demand by CEO’s to lower their cost of IT per employee. Managing this trade-off can be a very difficult task as the objectives seem to go in orthogonal directions. Security professionals must be able to provide security for their business within the context of these declining budgets. The complex system approaches of the past lead to both an increased number of devices and service contract requirements that drive costs up.
  • As network connections increase between customers and suppliers, businesses continue to deliver solutions as services over the network with perimeters which protect the organization from threats that are no longer secure. Organized crime has found ways to skirt perimeter defenses and leverage insiders knowingly and unknowingly to gain access to your critical information. As a result, organizations muct protect against internal and external threats.
  • Each user has been placed in an access policy group (APG) by the administrator. When a user is authenticated IDM looks at the rules for the user’s access policy group. The rules are based on time, location, Device ID, and client integrity status.When a rule match is found then an associated ‘Access Profile’ is invoked that sets a policy on the user’s port that can include ACL’s, VLANs, QoS and Bandwidth limitations.Access Control Lists (ACL’s) and client integrity checking are the new features.Access Controls Lists are filters on users enforced at the port or AP that allows or denies access to protocols, destination IP addresses, or destination TCP/UDP ports. The addresses (TCP/UDP or IP) may also be specified in ranges as well as individual addresses.Client integrity is an indicator sent to IDM from a 3rd party client integrity agent like Sygate, Zonelabs, etc. When IDM sees the client status indicator IDM can send a ‘dirty’ client to a remediation VLAN or server.
  • Microsoft® Network Access Protection is a policy enforcement technology built into the Windows Vista® and Windows® Server 2008 operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft’s Network Access Protection technology is available with Windows Vista and Windows Server 2008 and will be available with Windows XP SP3.ProCurve IDM provides network administrators with the ability to centrally define and apply policy-based network access rights that allow the network to automatically adapt to the needs of users and devices as they connect, thereby enforcing network security while providing appropriate access to network users and devices.
  • Transcript

    • 1.
    • 2. HP ProCurve NetworkingHow to Integrate Wired and Wireless LANs
      Lars Koelendorf
      Category Manager, Wireless
      HP Networking, EMEA
      Email: lars@hp.com
    • 3. 3
      21 May 2009
      Agenda
      Mobility Market Highlights
      The challenges
      WLAN Evolution
      Unified wired and wireless
      Integration options
      Improved user experience
      Advanced security
      Simplified management
      • Conclusion
    • 4
      21 May 2009
      Mobility Market Highlights
      Increasing number and diversity of clients
      Persistent wireless coverage
      Reduced cost
      Dramatic improvements in technology
      Business critical applications via wired or wireless
    • 4. Business Needs Driving everywhere Wireless Access
      Collaboration of
      mobile workforce
      Access from Anywhere
      Secure guest access
      IMPROVED PRODUCTIVITY
      Wireless
      Asset tracking
      Physical security
      Converged voice and data over WiFi
      5
    • 5. The business challenge
      6
      21 May 2009
      With access to the network coming from any device you need a centralized
      approach to wired and wireless management to streamline device configuration and enable network monitoring and response to wired and wireless network threats.
      Build an agile security aware network that support all types of users and devices – not barriers to entry
      IT
      • Ensure compliance
      • 6. Limit disruptions
      • 7. Protect existing investments
      • 8. Monitor network
      • 9. Do more with less staff
      Business
      • Reduce costs
      • 10. Improve productivity
      • 11. Manage risk intelligently
      • 12. Flexible access
    • The Network Administrator Challenge
      Need a wireless solution that can be managed easily, and integrated with wired infrastructure and existing user policies – not another administrative burden
      Single management solution
      Wireless network management
      Policy coordination
      Wired network management
    • 13. The Security challenge
      What is the activity inside the network ?
      How to protect against internal threats ?
      How to deal with an increasingly mobile and fragmented workforce ?
      How to meet new regulatory compliance requirements ?
      …….Within the (declining?) IT budget ?
    • 14. WLAN Evolution and unification
    • 15. WLAN Evolution
      10
      21 May 2009
      Next
      Generation
      Converged WLAN
      Architecture
    • 16. 11
      Wired & Wireless Integration Options
    • 17. Key Components Development over time
      12
      21 May 2009
      Time
    • 18. Commandfrom the Center
      Unified network:Wired and wireless is just two was of accessing it
      Increased productivity: Consistent user experience Seamless access to business applications
      Servers
      WirelessClients
      IntelligentEDGE
      Interconnect
      Fabric
      Ease of management: Single management platform with common tools, optimization
      Intelligent
      Switches
      Clients
      Intelligent
      Switches
      Clients
      Security:
      One user identity, and system for access control
      One system for network threat management
      EdgePortal
      WirelessAccess Points
      EdgeNetwork
      Internet
      WirelessClients
    • 19. Security policies
    • 20. External and internal threats
      15
      21 May 2009
      98% uses Firewall
      to protect the perimeter
      Internal represents
      80% of the threat
    • 21. Importance of factors when adding wireless to the network
      Need to meet increased mobility
      3,5
      requirements
      Ability to define single user
      3,9
      based network security policy
      Management of security across
      4,4
      network
      Desire to use new technology to
      3,4
      the full
      Ave score out of 5
      3,4
      Time required to deploy
      Ongoing mantenance/ support
      3,7
      costs
      3,7
      Cost of initial purchase
      0
      0,5
      1
      1,5
      2
      2,5
      3
      3,5
      4
      4,5
      5
      2008
    • 22. Security is a process
      17
      21 May 2009
      Validation and Monitoring
      Policies
      Trusted Network
      Infrastructure
    • 23. Users rights policy
      Unified strategy
      Overlay strategy
      What’s my policy?
      Wired
      Unified wired and wireless
      Different security solutions
      Same security at any entry point:
      • Same policies
      • 24. Same password
      • 25. Same rights
      • 26. Same security solutions
      Wireless
      What are the user’s rights?
    • 27. Policy management – wired and wireless
      19
      21 May 2009
      • Use a tool that allows network administrators to efficiently manage the users and devices connecting to their network
      • 28. A way to virtualize the network versus the user
      Easy creation and management of user policy groups
      • Dynamically apply security, access and performance settings at port level based on policies
      • 29. Network Reports and Logs based on Users for Audit
      Authenticating and Provisioning
      Client
      Integrity Status
      Location
      Based on =>
      Time
      Device ID
      User/Group
      ACLs per user /
      Packet filtering FW
      Set =>
      Bandwidth
      Limit
      I/O port
      VLAN
      QoS
    • 30. How it works
      Access only to Internetat 2 Mbps
      Guest
      Access to Internet and corp. servers
      Employee
      Access to financial information
      Employee
      finance
      Networkadministrator
      Conference room
      Internet
      1. Sets up role based access policy groups & assigns rules and access profiles:
      2. Put users in appropriate access policy group
      Access
      policy
      server
      Enterprise WLAN/LAN
      Corporate
      server
      Finance server
      20
    • 39. Client integrity check - The joint solution
      21
      21 May 2009
      Boundary Zone
      Internet
      Network Access Protection and HP ProCurve
      Policy-based solution that:
      • Validates whether computers meet health policies
      • 40. Limits access for noncompliant computers
      • 41. Automatically remediates noncompliant computers
      • 42. Continuously updates compliant computers to maintain health state
      • 43. Dynamically allocates network resources
      Solution Highlights
      • Standards-based
      • 44. Plug-and-play
      • 45. Works with most devices
      • 46. Supports multiple antivirus solutions
      • 47. based on policies you define
      Employees , Partners, Vendors
      Customers
      Partners
      Remote Employees
    • 48. Regulatory Compliance Assistance
      • Central management and monitoring of security policies provides immediate visibility and assistance with regulatory compliance on the unified network
      22
      • Current credentials report
      • 49. Security policy action report
      • 50. Security events history report
      • 51. Security heat map report
      • 52. Offenders tracking report
      • 53. User unsuccessful login report
      • 54. User session history
      • 55. User MAC address report
      • 56. Reports for HIPAA, PCI, Sarbanes-Oxley, Gramm-Leach-Bliley, and DoD Directive 1800.2
      • 57. Ability to custom define report content
      • 58. Device security history report
      • 59. Device access security report
      • 60. Port access security report
      • 61. Password policy compliance
    • Conclusion
    • 62. One Network Wired & Wireless Unified and Secure
      Real OPEX Savings
      Reduced network management
      administration costs
      Improved Security
      Consistent policies, applied once, removes error
      Improved End-User Experience
      Network follows the user from work site to work site
    • 63. Conclusion
      25
      21 May 2009
      Unified Networking Equals
      10/
      11/
      Mbps
      54/
      100/
      300/
      600/
      450/
      10000
      1000/
      With
      Single management and consistent policy