UC Security Roadshow 2011
Upcoming SlideShare
Loading in...5
×
 

UC Security Roadshow 2011

on

  • 1,367 views

 

Statistics

Views

Total Views
1,367
Views on SlideShare
1,367
Embed Views
0

Actions

Likes
0
Downloads
31
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

UC Security Roadshow 2011 UC Security Roadshow 2011 Presentation Transcript

  • UC SecurityRoadshow 2011Madrid, 15 de Marzo de 2011 Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • UC Security SolutionsAurelio MartínSiemens Enterprise Communications Group Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Our Customers and the Industry want … UC Unified Communications Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Planning for todays business challengesBusiness trends Communications trends Tightened spending due Open standards, SIP, SOA to difficult economy Cloud computing and SaaS emerging Green Enterprise mandates are emerging “Anywhere” seamless mobility Continued highly distributed Software-driven communications organizations UC approaching mainstream Blurring of work-life boundaries Ubiquitous, affordable secure Speed and collaboration are essential network infrastructures Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Se demanda … UC Unified Communications … Fiable y Segguro ! Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • OpenScape Unified Commmunications Open Architecture for Integration OpenSOAOpenScape and more …Applications OpenScale UC Integration Services OpenScale IT Service Management OpenScape OpenScape OpenScape OpenScape OpenScape OpenScape Voice* Video Messaging UC Application Mobility Contact Center and more … OpenScape Unified Communications Server OpenScale SecuritySoftwareFoundation SIP Session Federated QoS Session Detail Administration Availability Control Presence Management Reporting & Licensing Management UC Network Aware Application Interface Network Services & Management and more… Service Performance Embedded Endpoint Alarm and Config AAA Services Availability Management Security Location Service Management NetworkInfrastructure Real time Communications Mobility Network Data Infrastructure Infrastructure Infrastructure Center (Gateways, SBCs) (Wireless LAN) (Switches, Routers) Infrastructure Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • UC Integration Services & SolutionsEnterprise Grade Service Level Offerings The OpenScape UC Integration Accessories deliver pre-packaged UC enhancements for the OpenScape UC Application OpenScape UC Based on the Siemens OpenSoA approach the Integration UC Integration Solutions provide the realization Accessories of customer-specific UC solutions UC OpenScape UC The UC Deployment Solutions supports varied Deployment UC Security customer-specific infrastructure environments Solutions Solutions Application V3.1 The UC Security Solutions address all relevant security requirements in UC solutions Customized UC Integration Solutions The Professional Services Suite for UC offers all relevant professional services for realization UC projects based on the OpenScape UC Application. Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Security Challenges from a UC Perspective UC Security Challenges … Examples …. The Impact … Maintain or increase service Increased productivity Service availability availability within a converged and revenue voice and data infrastructure Maintain integrity and Prevent loss of Integrity & confidentiality of corporate valuable data and confidentiality data and communications information, reputation Operational Maintain security while Reduced operational reducing operating cost / efficiency costs Automate administration tasks Fulfill legal and regulatory Corporate image, fraud Compliance prevention requirements Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Customers will demand solutions and services tomitigate risks in Unified Communications Infrastructure Applications Business & Protocols & Users Processes Flooding Attacks (i.e. Spam Absence of parser, DNS blocking, ID Theft Risk management message flows attacks) VOMIT* strategy Denial of service attacks Denial of service Business continuity planning Eavesdropping SQL injection Disaster recovery (poor) Authentication Bad software strategy misuse Inconsistency of user Incident Manipulation data management Fraud Authentication misuse Ignore compliance SPIT Social engineering issues Lack of security No Independent security awareness assessments Mitigate risks of Unified Communications * voice over misconfigured internet telephones Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Security defense in a UC environment is a layeredapproach Security measures to consider Business Processes Security Policies Asset Business Information Security & Processes Classification Continuity Management Security Audits – Security Testing Application Antivirus & Data Loss OpenScape Security Antimalware Prevention Applications Backup & Disaster Recovery (DNS,web server, databases) Supporting Services Security Event Management (SIEM) Identity Access Single-Sign Certificate Infrastructure Management Management On Security Information & OpenScape SIP Security VPN UC Server (TLS/SRTP) (IPSec/TLS) Session Border Network Authentication Controllers / Firewalls (802.1x / NAC) Network Infrastructure Network Intrusion Security prevention Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Why Siemens Enterprise Communications? No single-vendor lock-in Complete voice + UC software Portfolio No proprietary technology stacks Complete mobility + wireless Portfolio Driven by your goals, not our agenda Complete networks + security Portfolio Complete global services portfolio Open Only provider offering the choice of complete end-to-end, software-driven unified communications, based on open, secure interoperable standards Drive cost reduction Solution layers can be multi-vendor Increase productivity Integrates with Cisco, IBM, Microsoft Faster decision making and Open Source solutions Improved collaboration Synergies from our end-to-end solution Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Live Demo Copyright © Siemens Enterprise Communications GmbH & Co. KG 2008. Alle Rechte vorbehalten. 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licenseeder Siemens AG ist Markenlizenznehmer of Siemens AG.
  • Prepacked and customized security solutionsto secure a UC environment Security measures to consider Business Processes Security Policies Asset Business Information Security & Processes Classification Continuity for UC Management Security Audits – Security Testing Application Antivirus & Data Loss OpenScape Security Antimalware Prevention Applications Backup & Disaster Recovery IP Network Services for UC Event Management (SIEM) Certificate Services for UC OpenScape Identity Access OpenScape & Lifecycle Assistant Management SignOn Security Information & OpenScape SIP Security VPN UC Server (TLS/SRTP) (IPSec/TLS) Secure Communication OpenScape Location and Infrastructure Identity Assurance Network Infrastructure Network Intrusion Security Prevention Prepackaged Solutions & Services Customizing Solutions & Services Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Automated user administration using OpenScape Identity Lifecycle Assistant Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Automation of user administration usingOpenScape Identity Lifecycle Assistant Solution Description Simplifies user administration within an OpenScape Voice environment and complements the administration via the Common Management Portal Initial load of user information by connecting to an authoritative HR data source (HR system, LDAP service, ODBC database, etc.) Continuous update of user information if user status changes (e.g., leaves company, moves to other department) Supply OpenScape Voice with additional information for billing purposes (e.g. cost center of the organizational unit) Delivers a fast an easy implemented phone book that is accessed via Web or LDAP Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • OpenScape Identity Lifecycle Assistant –Customer Benefits Relieves IT from duplicate administration of userIncrease employee Reduce informationproductivity by providing Grow Operating Automates administrationautomated, fast access to Revenue tasks (e.g. automaticcommunication services Costs subscriber provisioning) Superior SecurityReuse existing userinformation within systems Ensure automaticinstead of recreating it Increase Enhance withdrawal of assets and(e.g. collect informationfrom HR for billing Asset Corporate access rights (e.g. user changes role or leavespurposes) Efficiency Excellence company) Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • One-click for all application logon using OpenScape SignOn Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • One-click for all application logon usingOpenScape SignOn Solution Description OpenScape SignOn improves usability, and security and reduces administration effort for UC applications that rely on OpenScape Voice or Hipath platforms. OpenScape SignOn: Facilitates access to applications and usability Provides a single login for most voice applications and access to voice platforms from SEN Possibility to automatically generate and renew passwords for applications on behalf of the user Supports strong authentication for access to sensitive applications Provides central audit capability that simplifies compliance reporting Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • OpenScape SignOn –Customer BenefitsIncrease employeeproductivity by enhancing Reduceuser convenience (one- Grow Reduce help desk calls Operatingclick application access, Revenue related to password resetsautomated password Costsrenewal) Superior SecurityConsolidated audit trail for Automatically enforceapplication access in one password policy (nosingle location Increase Enhance password on a sticky note)Leverage strong Asset Corporate Simplify complianceauthentication Efficiency Excellence reporting by providing central audit trail formechanisms for a varietyof additional applications application access Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Keeping track of moving targets using the OpenScape Location and Identity Assurance Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Keeping track of moving targets using thesolution OpenScape Location and Identity Assurance Solution Description NAC Manager Physical Hipath DLS Infrastructure The solution OpenScape Location and Import Synchronization Identity Assurance provides several Database enhancements for an OpenScape or NAC Appliance Hipath environment that facilitate and automate operations and improve enterprise security. Core Network 1 Supports adaptation and automation of OpenScape configuration tasks based on location Voice information (e.g. configuring speed dial Mobile User 2 3 lists, emergency numbers, site security) User moves Mobile User Is able to automatically assign QoS Mobile Users parameters and security profiles (ACLs, VLAN, Policies) via NAC Provides automated inventory and detection of non-compliant end devicesSecure Networks NAC Features Facilitates troubleshooting of end devices Access & Control Establish & Enforce Detect & Locate Respond & Remediate by providing one consistent view Policy Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • OpenScape Location and Identity Assurance –Customer Benefits Reduce time to localize IPEnhance employee Reduce phones within enterpriseproductivity by reducing Grow Operating networknetwork downtime and Revenueoutages Costs Save administrative cost for troubleshooting Superior Security Reliable and high-qualityLeverage existing operation of real-timeinformation of network application throughmanagement and Increase Enhance automatically assignedcommunications Asset Corporate QoS- and security profilesmanagement systems Reduces risk and down- Efficiency Excellence time due to automatic assignment of security settings Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • The glue between UC applications and your network infrastructureIP Network Services for UC Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • The glue between UC applications and networkinfrastructure Solution Description Provides IP network services (DNS, DHCP, NTP) that are crucial for UC applications like most other business critical applications run within the enterprise Assures availability requirements expected for a UC datacenter deployment Provides fault tolerance for IP network services in branch offices DNS/DHCP as a service are essential for plug&play installation Automated IP address management with a real-time view on the IP addresses Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • IP Network Services –Customer Benefits Consolidate servers from branch officesImprove performance of all Reduceapplications (email, Web, Enhance Reduce capital andVoiP/UC, Intranet..) Operating administration cost ProductivityEliminate DNS latency Costs Simplify troubleshooting Automate monitoring Superior Security Reduced network outagesLeverage existinginfrastructure from Cisco Increase Fast and reliable update Enhanceor Riverbed in branches Asset Automated failover in case Availability of services disruption Efficiency Secure and reliable hard & software platform Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • The Swiss-Knife for solving connectivity and security issues within OpenScape Session Border Controllers Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Solving connectivity and security issues inOpenScape UC environments Solution Description Protects OpenScape UC from being overloaded by rate limiting traffic Protects OpenScape UC against attacks or PSTN malfunctioning (e.g. Denial-of-Service) Provides access control for internet connected uses Session VoiP Border Network topology hiding and dynamic pin- Controller Provider holing for RTP/SRTP traffic Solves connectivity issues in customer networks with overlapping IP addresses Data Ensure privacy when connecting the WAN Center enterprise to a SIP services provider Provides interworking capabilities for SIP aware NAT adaptation heterogeneous vendor environments protocol adaption when connecting to SIP services providers LAN TLS/SRTP termination on network borders without TLS/SRTP support (SIP provider) Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Session Border Controllers –Customer Benefits Consolidate PSTN trunks and move to SIP trunkingSupport of mobility Reduce servicesscenarios increases skilled Grow Operating Economically and flexiblyemployee availability and Revenue integrate internetproductivity Costs connected voip users Superior SecurityLeverage existing internet Protect UC infrastructureconnections by extending against threatsthem with SIP services Increase Enhance Enhance availability of UCProvide interworkingcapabilities to Asset Corporate serviceseconomically integrate Efficiency Excellence Enable voip migration intoacquisitions Next Generation Networks services Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Creating a secure & more agile businessCertificate Services forUnified Communications Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Professional Services for Identity & Access:Certificate Services for Unified Communications Service Description Secure authentication and encryption based on certificates is the most important way to protect a UC solution. Conversations on the phone stay confidential and services, servers and endpoints are being protected from manipulation. Certificate services for UC are key portfolio elements, wherever customers attempt to implement their own certificate infrastructure for their UC solution. Four specific professional service elements ensure seamless integration in our customer’s certificate infrastructures and fulfill their policy requirements: • Scoping Workshop • Architecture and Design • Design Specification • Customizing and Implementing Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Certificate Services for UC –Customer BenefitsImprove the company’s Protection of the UCimage by ensuring a Reduce services against misuse,secure and trusted Grow fraud and manipulationbusiness communication Operating Revenue Ensuring the availability ofEstablish the company as Costs the communicationa trusted business partner services Superior Security Protection of confidentialCreate an best in class communication andsecurity level to protect the business content againstvalue of the companies Increase Enhance theftintellectual property Asset Corporate Take into account of allEnsure the reliability ofdigital assets and business Efficiency Excellence relevant legal policiesprocesses Allow easy and secure interworking with partners Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Business ContinuityManagement forUnified Communications Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Business Continuity Managementfor Unified Communications Service Description BCM Health Check for UC The aim of the service is to quickly and efficiently identify gaps in the existing Business Continuity provisions in relation to transforming to UC and produce an improvement programme BCM for UC Solutions This service combines a Business Impact Assessment and Plan Development to enable customers to have updated BCM plans that reflect the new technologies Incident Management Exercise for UC This service tests the Incident response readiness of the business to a communication failure. As well as testing the technical recovery it also tests the senior management response to managing an incident Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Business Continuity Management for UC –Customer BenefitsProvide reliable access to Ensure you are gettingsystems for staff and best value from yourcustomers Reduce suppliers GrowEnable resilient Operating Make sure incidents aredeployment of innovative Revenuetechnologies allowing Costs prepared for and handled with minimum disruptionflexibility of staff working and costspractices Superior Security Improve identificationEnsure the reliability and and mitigation of riskavailability of assets Increase Enhance Reassure customers thatImprove utilization of Asset Corporate you wont go under should there be a disasterresources and reduce Efficiency Excellencedowntime Handle incidents professionally Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • ¡Gracias!Visite nuestra nueva web: www.siemens-enterprise.com/esY nuestra cuenta en Twitter: @SiemensEnt_SP Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
  • Soluciones para EmpresasIgnacio Garcia Calderon – Enterprise Sales Manager
  • No somos estos!!!!Acme Packet Page Acme Packet Enterprise overview Acme Packet company Overview 37
  • Acme Packet en 2 Minutos• Creador categoría Session Border Controller (SBC).• Líder y Referencia del Mercado, Marketshare + 60% Revenue ($M) Revenue ($M) (Fuente: Infonetics)• +1100 clientes en 105 países. +de 300 en Enterprise• + 900 Operadores – Fija, Cable, Móvil – 91 de los 100 más grandes• + 300 Empresas & Contact Centers – 11 de la lista de Fortune 25 guidance EPS (non-GAAP) EPS (non-GAAP)• Empresa Pública (NASDAQ: APKT)• HeadQuarters en Boston, USA. +500 Empleados en Total $0,68• EMEA HQ: Madrid, 30 Empleados $0,35 – Laboratorio Interoperabilidad $0,27 – TAC EMEA – Training Center EMEA 2008 2009 2010 – Ventas Sur Europa y Benelux guidance Acme Packet Page Acme Packet Enterprise Overview Acme Packet 38
  • Acme Packet Enterprise & Contact CenterCustomers (Diciembre 2010) Finance/ Other Insurance 24% 18% Acme Packet customers Higher Ed 4% Government Professional 17% Services 10% %Technology Manufacturing 15 12% CONFIDENTIAL © 2010 Avaya Inc. All rightsAcme Packet reserved. Page
  • Algunos Clientes Enterprise MIT Northwestern MutualAcme Packet Page AcmeAcme Packet Enterprise OverviewONLY Packet Confidential - INTERNAL 40
  • Retos en Servicios IP Real Time Seguridad, Interoperabilidad, Continuidad de NegocioAcme Packet Enterprise Overview
  • Retos• 1: Universalizar Servicios IP Real Time – Problemas de Interoperabilidad (VoIP, Video). • De Protocolos (SIP-H.323). • De Transporte (TCP/UDP) • Entre Fabricantes y entre Fabricantes y Operadores – Problemas de Time to Market • Homologaciones Parciales de Verdors y Versiones en SP • Meses de Homologación • Pérdida de Agilidad 2: Asegurar SLAs, Calidad Servicio, Continuidad Negocio, - CAC. Medida QoS. Troubleshooting • Asegurar CAC, desde Red o en Cliente por varios Métodos, o Dinámico • Trabajar a Nivel Sesión en Soluciones HA/DRP con Load Balancing, Routing. • Si hay Problemas es Necesario un Elemento Externo que Audite la Red: Troubleshooting 3: Seguridad Especializada para VoIP en Cliente. - Seguridad en Casa del Cliente = Continuidad Negocio • Amenazas Específicas VoIP que Hay que Tratar de Forma Especializada • Intentos de Fraude Periódicos, Amenazas Internas Fortuitas • Es la VoIP Estratégica?. Protegerla ES IMPORTANTE? ES CLAVE. Acme Packet Page Acme Packet Enterprise Overview Acme Packet confidential 42
  • SBC:Resuelve los Retos 1: La Herramienta de Interoperabilidad Mas Potente – Interworking Señalización, Transporte, en Cliente y hacia SP – ROI: Protección Inversión, Integración, Costes, Eficiencia, Agilidad (Time to Market) 2: Seguridad: Firewall Dedicado y Especializado VoIP – Interna y Externa, Mantiene Servicio Operativo. Control Fraude. Encriptación, VPNs. Usuarios Remotos sobre Red Pública. – ROI: Disponibilidad y Continuidad de Negocio. Privacidad. Seguridad. 3: Control QoS y de Negocio – CAC, Medida e Informes QoS. Troubleshooting. – CDRs para Tarificación por Entornos / VPNs – Alta Disponibilidad, R. Geográfica. Sin Perder Llamadas en Failover. – ROI: Alta Disponibilidad y Continuidad Negocio. Ahorro y Control Costes.Acme Packet Page Acme Packet confidential
  • Seguridad en Servicios VoIP/Video/UCAcme Packet Acme Packet company overview Page
  • Nuevas Reglas, Nuevas Amenazas• Ataques a Nivel de Sesión que pueden Arruinar la Continuidad y Productividad del Negocio – Ataques DoS/DDoS – Fraude – Spam VoIP – Register / Signalling Overload (Malicioso / Fortuito)• Las brechas en la Privacidad de las comunicaciones pueden producir Pérdidas de Negocio y Violaciones Regulatorias – Robo Indentidad – Eavesdropping (escuchas) – Fraudes Las Soluciones de Seguridad Deben estar Diseñadas para Proteger Comunicaciones de Tiempo Real – A nivel SesiónAcme Packet Beta footer test Page
  • Herramientas Actuales: No 100% Adecuadas• Firewalls: No Están Diseñados para Servicios Real Time – Impactan en Calidad de Servicio (Añadiendo Jitter y Latencia) – No Pueden Manejar cientos o miles de Sesiones en Tiempo real – No Trabajan a Nivel de Sesión. No fueron Diseñados para Eso – No Proporcionan Alta Disponibilidad (p.e. No perder sesiones en Failover)• Problemas: – Prevenir Condiciones de Sobrecarga específicas de SIP y Ataques Malintencionados, – Abrir / Cerrar de Forma Dinámica Puertos RTP Medios en sincronización con la Señalización SIP. – Seguir el Estado de la Sesión y Proveer Servicio Ininterrumpido. – No Seguridad en Sesiones Encriptadas Acme Packet Acme Packet confidential Page
  • Acme Packet Net SAFE: Solución EspecíficaSeguridad para Servicios Real Time Monitoriza, Informa y Registra Se Protege a Sí Mismo frente ataques, información de Hackers y ataques DoS o Sobrecargas provee info para auditorías. Maliciosos/Fortuitos Auto Control de Acceso Dinámico y a Nivel de Previene Malas protección Prácticas, Fraude y Sesión para DoS, DDoS Seálización y Medios. Robo Servicio Control e Prevención Acceso y Fraude Separación VPNs Soporte para Protege Servicios y Infraestructura, Privacidad, Seguridad VPN previene de Prevención Topology de L2 y L3ataques externos,internos y limita el DoS Hiding, impacto Servicio Encriptación Worm/Virus . Ocultación Malicious Completa SW Infraestructura y Privacidad Detección y Eliminación de Virus, Usuarios Gusanos y Malware Acme Packet Acme Packet confidential Page
  • Diferencias Básicas con Otras Soluciones Dispositivos B2BUA (SBC) Firewall con SIP ALG Data center Data center IP PBX IP PBX UC server UC server SIP trunk SIP trunk• Terminan, Inician y Reinician • La Sesión Atraviesa el FW Señalización y SDP • No puede Terminar, Iniciar y re• 2 Sesiones, una a Cada Lado del Iniciar Señalización y SDP Sistema • Trabaja en Capas 2-4• Capas 2-7 • Solo Inspecciona y Modifica• Inspecciona y Modifica toda Direccionamiento a Nivel Sesión información cabeceras de la capa de (SIP, SDP, etc.) Sesión (SIP, SDP, etc.) • Solo ACLs Estáticas• ACLs estáticas y Dinámicas • Cierra los Puertos ante Ataques:• Mantiene Servicio operativo Pérdida Servicio. Acme Packet Page Acme PacketPacket confidential 2009 Acme Packet Enterprise -Overview Acme SE Training July 48
  • …Soluciones Complementarias• Control Separado de Aplicaciones de Tiempo Real (SBC) y Tráfico Tradicional (FW).• Mantiene Gestión separada si se Requiere• Sin Cambiar Configuración de Firewalls• Optimización de Tráfico – Los pequeños paquetes de Media no atraviesan en FW• No Impacta en la QoS de la VoIP – Sin latency ni jitter adicional introducido por FW SIP Carrier – Latencia SBC en medios menor que 15µs Carrier Termination Router• Se recomienda Despliegue en Paralelo Data SBC – En Serie Posible en Situaciones en las que Firewall IT security impone un modelo con DMZ Data Network or VLAN Acme Packet VoIP NetworkPageVLAN or Acme Packet confidential
  • Por Qué un SBC sí?• Solución DoS Basada en Appliance Hardware & Software – Sin Cuellos de Botella / Colas de elementos Confiables y No Confiables – Manejo Dinámico de la “Confiabilidad”: Solo replica las Sesiones “confiables” al otro lado – El resto se queda en la cola de “no Confiables” cuya capacidad es Configurable – Limitación del tráfico Señalización SIP hacia la red – Tratamiento separado de Invites y registers. work• Real-time – Autoajusta Dinámicamente Niveles Confiabilidad y Apertura / Cierre Puertos – Bloqueo Automático de usuarios no Confiables: Whitelists/Blacklist Servicios IP/SIP/SDP – Evita Riesgos de Falsos DoS• Extiende Privacidad y Confiabilidad a los End Points – IPsec, TLS, and SRTP Acme Packet Acme Packet confidential Page
  • Certificado Por Labs Independientes• “Flawlessly passed all of CT Labs’ grueling attack tests” – Total of 34 different test cases, using over 4600 test scripts – Rate of 300,000 messages / second (approximate) – No failed or dropped calls, even for new calls made during attacks – Sourced from over 1 billion randomly generated addresses – No lost RTP packets during attacks• Protected the core service infrastructure equipment – Stopped flood attacks into core – Stopped malicious packets at edge• SBC performance not impacted during attack – SBC CPU utilization - only 10% increase – Signaling latency - only 2 ms average increase – RTP jitter – less than 1 ms increase (not measurable by test equipment) Acme Packet Page Acme Packet confidential
  • Diferencias Funcionales entre un SBCy Otras Soluciones Firewall IP PBX + Other UC with SIP Session security Function & feature examples SBC ALG Manager Router elementDoS/DDoS protection √ - - - limitedAccess control - dynamic & static √ static only - static only -Topology hiding √ - - - -Encryption – signaling & media √ IPSec only TLS only IPsec only limitedMalware & SPIT mitigation √ - - - √Remote NAT traversal √ - - - -VPN bridging √ - - L3 only -Header manipulation rules for interop √ - - - -SIP / H.323 interworking √ - - - -Overlapping dial plan translations √ - √ - -Advanced session admission controls √ - √ - -Load balancing & advanced routing √ - √ - -Signaling overload control √ - √ - -QoS marking and reporting √ - - minimal -Embedded in Avaya Aura System Platform - - √ - -Acme Packet Page CONFIDENTIAL © 2010 Avaya Inc. All rights reserved. 52 Acme Packet Enterprise Overview
  • Escenarios SBC en OpenscapeVoice
  • SBC scenarios supported by OpenScape Voice Centralized Users Centralized Applications OSV Applications OSV Users WAN Centralized Centralized Main Office SBC SBC Main Office (Geographically Separated) (Geographically Separated) Internet NAT+FW NAT+FW 1. SIP Carrier 1. SIP Carrier SIP trunking SIP trunking 3a. Branch Office in corporate/trusted 3b. Branch Office NAT+FW across untrusted infrastructure infrastructure NAT+FW OpenScapeBranch OpenScapeBranch (Proxy mode), (SBC mode) RG8700 NAT+FW Integrated SBC for NAT+FW Integrated SBC for Branch SIP trunking Branch SIP trunking 2. Remote User Access (Planned for OSB V1R3) (User behind NAT FW) (Planned for OSB V1R3)Acme Packet Page Acme Packet Enterprise Overview
  • Escenario 1a: Carrier SIP Trunking Enterprise Network SIP Carrier SIP Internet Trunking PSTN RTP Service OpenScape SBC Untrusted Voice IP Servicel SBC enables enterprises to use broadband SIP trunking services for inbound / outbound off-net calls – Less expensive, IP based alternative to traditional channelized TDM trunking servicesl SBC provides signalling and media security, management and visibility at the edge of the enterprise network – Including QoS monitoring/logging for SLA (not tested as part of the OpenScape Voice solution)l SBC provides for SIP interoperability between diverse SIP trunking providers and OpenScape Voice’s normalized SIP Interface to Service Providers.Acme Packet Page Acme Packet Enterprise Overview
  • Scenario 1b: Intra- & Inter-Enterprise SIP TrunkingFederations Enterprise Network A Enterprise Network B Internet OpenScape SBC Untrusted SBC OpenScape Voice IP Service Voice SBC enables enterprise to use broadband SIP trunks (SIP or SIP-Q tie lines) between OpenScape systems over untrusted IP networks. Eliminates need for carrier SIP trunking services – Peer-to-peer SIP trunks run over Layer 3 IP services Provides SIP-aware NAT functions, attack protection, signalling and media encryption, session detail recording… Protects communications from attacks based on visibility and mutability of signalling and media streams (eavesdropping, media injection attacks, call hijacking, etc) Provides complete application level security (SIP firewall function) Bandwidth and QoS based call admission control, QoS mapping, monitoring and marking, QoS based routing (not tested as part of the OpenScape Voice solution)Acme Packet Page Acme Packet Enterprise Overview
  • Scenario 2: Remote User Access Enterprise HQ SIP NAT FW RTP Internet RTP OpenScape SBC SIP Voice Public IP Address Corporate IP Address Space NAT Space FW Security Encryption, authentication Media handling, dynamic pin-holing Application availability Hosted NAT Traversal IP-address & VPN management Media anchoring and releaseAcme Packet Page Acme Packet Enterprise Overview
  • Scenario 3a: Branch Office connection Enterprise HQ Branch Office Proxy: OpenScape Branch, RG8700 WAN PSTN OpenScape SBC Voice Near + far end Trusted IP Service PSTN NAT Gateway •Security – Encryption •Application availability – Multi-vendor Interworking – IP-address & VPN management – Media anchoring and release •Regulatory compliance – Domain separation (VPNs)Acme Packet Page
  • Scenario 3b:Branch Office connection Enterprise HQ Branch Office Proxy&SBC: OpenScape Branch Internet PSTN OpenScape SBC Voice Untrusted NAT NAT PSTN IP Service Gateway •Security – Encryption •Application availability – Multi-vendor Interworking •Note: – IP-address & VPN management De-centralized deployment of Acme Packet – Media anchoring and release SBCs in branch office locations is not supported. OpenScape Branch has integrated SBC •Regulatory compliance functionality, for use in branch offices. – Domain separation (VPNs)Acme Packet Page
  • OpenScape Branch V1 R2 Proxy Operating Mode Enterprise HQ 1. Branch SIP Users are primarily registered Centralized OSV to the OpenScape Branch. Users Applications 2. OpenScape Branch operates as a Proxy and forwards messages from the branch SIP User to the OSV for call control. 2a Centralized SBC Note: Centralized The LAN infrastructure in the Main Office GWs 2b can be either 2a) directly connected to the WAN or PSTN SIP trunking WAN 2b) connected to the WAN through the SBC (in case that NAT is required to handle overlapping Branch Office private IP address ranges in various Branch Offices). UsersOpenScape Branch(Proxy mode) For the event that the OpenScape Branch in Proxy 1 mode fails, the SIP Users also have the OSV SIP NAT+FW address as the Backup Server Address and can reach Optiona SIP trunking l the OSV with no service disruption. GW(Planned for OSB V1R3) PSTN Acme Packet Page Acme Packet Enterprise Overview
  • OpenScape Branch V1 R2 SBC operating mode Enterprise HQ Centralized Applications OSV Users 1. Branch SIP User are primarily registered to the OpenScape Branch. 2. Even in the so called “SBC mode” OpenScape Branch operates as a Proxy and forwards messages from the Centralized branch SIP User to the OSV for call control. SBCCentralized 2 Internet GWs PSTN SIP trunking Branch Office For OpenScape Branch in SBC Mode, a unit failure is NAT+FW OpenScape Branch more critical than in Proxy mode. (SBC mode) No communication to the OSV is then available. 1 One method to avoid this very unlikely condition is to NAT+F have a redundant OpenScape Branch unit at the branch. Optiona W l GW SIP trunking PSTN (Planned for OSB V1R3)Acme Packet Page Acme Packet Enterprise Overview
  • Comunicación Dinámica - Infraestructura automatizada Javier Abad, jabad@infoblox.com Javier Abad, jabad@infoblox.com Francisco Irala, firala@infoblox.com Francisco Irala, firala@infoblox.com© 2010 Infoblox Inc. All Rights Reserved.
  • Sobre Infoblox Referente en el mercado DNS, DHCP e IPAM (DDI) Única compañía en obtener la calificación “Strong Positive” de Gartner La única solución integral en entornos Network Change & Configuration Management (NCCM) Ejemplo de centros de soporte globales y oficinas Primera implementación empresarial, multifabricante del • USA • Japón • Holanda • India Orchestration Server (IF-MAP) • Australia • China • Hong Kong • Canada • Singapur • Más… Primeros en combinar los entornos DDI, NCCM e IF-MAP Más de 4,500 clientes y más de 250 de las Fortune 500 Presencia en 30 paises, centros TAC globalea con soporte 24/7, más de 170 ingenieros* November 2009 DDI Marketscope Report© 2010 Infoblox Inc. All Rights Reserved.
  • La automatización de la Infraestructura es estratégica Tamaño y Usuarios, dispositivos, sistemas, TAREAS aplicaciones, protocolos, servicios, Complejidad virtualización, movilidad… de la red ctura Hacer la infraestru más dinámica riesgo Sin incrementar elCantidad / Tamaño Pero mejorando la Incrementando productividad y la Demandas de riesgos, red disponibilidad de la nfrastructura costes, de red retrasos Personal, recursos Recursos en gestión de la red Tiempo © 2010 Infoblox Inc. All Rights Reserved.
  • Ejemplo de clientes y partners Clientes Alianzas tecnológicas Banco de España© 2010 Infoblox Inc. All Rights Reserved.
  • ¿Cómo complementa Infolbox las solucionesUC de Siemens? Disponibilidad para el negocio Red “always on” Visibilidad de IPs en tiempo real Detección proactiva de fallos Control & Compliance de la red Switches Routers Gestión ágil, visibilidad de la infraestructura dinámica IPAM & NCCM Reportes sobre el cumplimiento de normas y políticas internas Security Wireless Apps Análisis en tiempo real del impacto del cambio Eficiencia y automatización Provisión automática de IPs de dispositivos finales. Cambios en la red Eficiencia en entornos virtualizados Herramientas para identificar, verificar y remediar problemas rápidamente© 2010 Infoblox Inc. All Rights Reserved.
  • Facilitar el entorno UC dinámico Visibilidad Y automatización Aplicaciones Infoblox DDI Proporciona servicios DDI DNS / DHCP / IPAM Detecta IPs Comunicar / Realizar acción Closed Loop Automation Infoblox NCCM Chequeo de infraestructura Routing, Switching… Reconoce el cambio© 2010 Infoblox Inc. All Rights Reserved.
  • Solución DDI de Infoblox El nexo de unión entre las redes y las aplicaciones IP address Management (IPAM) Applicaciones - Planificación - Reservar-Asignar - Operación DNS, DHCP and Servicios siempre disponibles y IPAM robustos - Domain Name System (DNS) Infraestructura - Dynamic Host Control Protocol (DHCP) - Otros (Tiempo, TFTP, etc.) Un bajo rendimiento en DDI es el punto débil de la red© 2010 Infoblox Inc. All Rights Reserved.
  • Infoblox DNS, DHCP & IPAMAutomatizar la provisión de IPs yproporcionar servicios críticos dered “always-on” Sustituye las hojas de cálculo Visibilidad en tiempo real e históricosde las redes e IPs conectadas Delegar y automatizar las tareas en laprovisión de IPs y redes Reportes y auditoría Infraestructura DNS robusta ysecurizada DHCP Failover mejorado (crítico paraentornos UC) Gestión DNS/DHCP de Microsoft sinagentes © 2010 Infoblox Inc. All Rights Reserved.
  • Tecnología Grid: Factor diferenciador clave Conjunto de miembros (appliances Sencillo, Seguro, Fiablesecurizados) que ejecutan uno o más servicios (DNS,DHCP; TFTP, NTP) Grid Master Candidate at Recovery Site Coordinados por el Grid Master Grid Master Compartiendo una base de datos distribuida External DNS Internal IPAM Grid Member Grid MembersComunicándose mediante VPN SSL Insight Virtual- Control y visibilidad centralizado Environment- IPAM & Discovery tiempo real- Failover automático y DR Branch Offices © 2010 Infoblox Inc. All71 Rights Reserved.
  • Automatización en la gestión de cambios yconfiguradiones en la redEntender la relaciónCausa/Efecto Descubrimiento y visualización de lainfraestructura de red Colecta y analiza las configuacionesde la infraestructura de red Rastrea y automatiza los cambios enla red Identifica el no cumplimiento de“best practices” Identifica la violación de políticas decumplimiento y seguridad (SOX,HIPAA, PCI, etc.) Identifica, verifica y remedia lasincidencias proactivamente © 2010 Infoblox Inc. All Rights Reserved.
  • Agilidad en el Negocio a través de InfraestructuraAutomatizada Soporta iniciativas de negocio Incrementa la agilidad Disminuye el riesgo Aumenta la productividad Virtualización y Cloud Consolidación Data Center Transición a IPv6 Seguridad y cumplimiento Fusiones y adquisiciones© 2010 Infoblox Inc. All Rights Reserved.
  • Muchas Gracias© 2010 Infoblox Inc. All Rights Reserved.
  • Comunicaciones UnificadasRiesgos Compartidos
  • Comunicaciones Unificadas: como protegerlas ¿Puedo reducir el coste de mi telefonía?
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas -Inspección profunda SIP/SDP -Limitacion tasa mensajes SIP,SCCP,SIMPLE -RTP Pin-Holing -Stateful SIP dialog tracking -HA y HA geográfica SIP -Soporte NAT/NATP -SIP NAT Tracing -SIP HNT -Soporte IPv6 -IPS/IDS -Etc…
  • Comunicaciones Unificadas: como protegerlas ¿Cómo hacer llegar la nómina a mis empleados mensualmente?
  • Comunicaciones Unificadas: como protegerlas ¿Cuáles son las fechas de vacaciones de mis técnicos?
  • Comunicaciones Unificadas: como protegerlas ¿Cuál es la mejor forma de compartir mis documentos?
  • Comunicaciones Unificadas: como protegerlas ¿Cómo saber si mi compañero estará disponible ahora mismo o no?
  • Comunicaciones Unificadas: como protegerlas ¿Puedo presentar mi trabajo o producto remotamente y a una amplia audiencia geográficamente dispersa como si estuviera presente?
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas Fortimail: Seguridad SMTP FortiDB: Seguridad en BB.DD FortiWeb: Seguridad WAFS
  • Comunicaciones Unificadas: como protegerlas ¿Cómo ganar movilidad?
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas -Conexiones VPN: -IPSec -SSL -L2TP -PPTP -Escritorio Virtual para VPN-SSL -Portales cautivos -Internet Browsing & split tunneling -Chequeo del End-Point (Forticlient,Java,AX) -Administracion centralizada y seguridad en Puntos de acceso Wi-Fi (FortiAP) -One-Time Password (FortiToken) -Integración auth. Radius, LDAP, AD, e-Diretory -Integracion auth. Transparente AD, e-Directory -Seguridad en VPN (AV,IPS,WF….) -etcétera…
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas
  • Comunicaciones Unificadas: como protegerlas ¿Cómo unificar mis comunicaciones de forma poco costosa y efectiva?
  • Comunicaciones Unificadas: como protegerlas FORTINET: Genuine swiss army knife
  • Comunicaciones Unificadas: el qué y el como
  • “There is nothing more important than our customers” Seguridad de red y UC ¿Quién lee tus Ims? Marzo 2011
  • ¿Qué buscamos de la red actual? USUARIO ADMINISTRADOR EJECUTIVO Movilidad y Dos redes: LAN & Gastos de capital seguridad en la WLAN. Data & red Multimedia Costes de instalación de los Rendimiento y Gestionabilidad sistemas disponibilidad de la red Facilidad de Gastos operativos diagnóstico Soporte de aplicaciones multimedia103 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Un portfolio completoAbierto, Seguro, Listo para la movilidad y convergencia MODULAR APILABLES WIRELESS GESTIÓN SEGURIDAD Switching y Configuraciones Controladores Gestión de red Aplicaciones routing fijas para WLAN, con capacidad avanzadas de modular para switching y Access Points de seguridad, soluciones routing en y soluciones automatismos, control de datacenter y acceso y unificadas de visibilidad y acceso a red, cloud distribución gestión WLAN control prevención de y LAN intrusión y agregación y gestión de eventos. Servicios y Soporte Premiados ©2011 Enterasys Networks, Inc. – All rights reserved. 104
  • El centro de una red inteligente... Software Hardware ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Proporcionando Alto Rendimiento, Flexibilidad y el Menor TCO Una única interfaz para gestionar WLAN Configuración automática del y LAN punto de conexión - Menores costes de operación - La red se adapta rápida y - Mantiene la integridad de la red eficientemente a las necesidades del negocio Servicios y Soporte Más rendimiento con menor Disponibilidad y QoS consumo energético Excepcionales - Ahorra potencia para usarla en - Mayor calidad de Video y Voz las aplicaciones.106 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • CoreFlow 2 – El motor más potente de inspecciónde tráfico Clasifica tráfico y aplica políticas mas allá del nivel 4 SAN - Permite acceso con granularidad de target iSCSI - Gestión de ancho de banda y monitorización a nivel de target iSCSI Voz IP y Video - Permite QoS y control de acceso para flujos de medio o de control RTP Cloud - Permite controles de acceso basados en rol para servicios como www.salesforce.com - Monitorización de tráfico por sites como www.youtube.com107 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Seguridad en UC – El valor de Enterasys Protección deDetección de dispositivo infraestructura UC 802.1x Clasificación de tráfico en el acceso - Prevención de uso no autorizado y ataque al servicio Autenticación MAC - 802.1p, DiffServ, ToS Convergence End Point (CEP) - Limitación de tráfico Detection - Priorización - MAC origen - QoS Extremo a extremo - Dest IP, Layer 4 port - Bloqueo de protocolos no autorizados - LLDP-MED Bloqueo de MAC de dispositivos VoIP - SIP, H.323, H.245 Control de ataques DoS Servicios añadidos de localización - Límite de sesiones - ARPSpoof - DHCPSpoof Comprobación de vulnerabilidades - IP Phones, Call Manager, Voice Switches Detección de intrusiones VoIP – IPS VoIP - Monitoriza ataques en redes de voz - Decodificadores MGCP/H.323/SIP108 - Detección de paquetes ©2011 Enterasys Networks, Inc. – All rights reserved. mal formados
  • Autoconfiguración Configuración automática de miles de teléfonos o end-points. Mantener autoconfiguración, movilidad con seguridad. Soporte de cualquier escenario: - PC y teléfono en puertos distintos - PC y teléfono en el mismo puerto - PC y softphone Asignación de los filtros de seguridad y VLAN en cada caso más… - Quién es Quién – Mapeo de MAC e IP a extensión. - Quién accede a la red – Protección de conversaciones: - Detección de SO conectados en la red - Detección de gusanos UC - Protección de accesos a las llamadas o la señalización. - Comprobación del firmware del teléfono antes de permitir su conexión a la red.109 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Configuración automática de Servicios UC IP Phone Privilege SAP Filtered Voice Provisión dinámica o estática Instant Messaging Filtered VLAN Email FilteredUnsupported protocols & ports Filtered VoIP Service MGCP Highest Priority & NOT Rate Limited RTP Highest Priority & Rate LimitedBasic Services (DNS,DHCP,FTP) Low Priority Enterprise User Privilege SAP High Priority Data Instant Messaging Low Priority VLAN Email Medium Priority Unsupported protocols & ports Filtered VoIP Service MGCP Filtered RTP Filtered Basic Services (DNS,DHCP,FTP) Low Priority User & Softphone SourceMAC/DestIP SAP High Priority User Auth Instant Messaging Low Priority Email Medium Priority Unsupported protocols & ports Filtered VoIP Service MGCP Highest Priority & NOT Rate Limited Highest Priority & Rate Limited RTP Basic Services (DNS,DHCP,FTP) Low Priority 110 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Servicios de localización de teléfonos Sede central Gestión Netsight LA West 8th Floor 1st Floor NAC Gateway Boston Location Phone IP Switch IP Switch IP Phone MAC 12th Address Port Floor 3rd flr Boston rd 192.168.4.6 10.192.87.5 fe.9 Siemens:10:1d:ff 12th flr Boston 192.168.8.5 10.192.86.3 fe.18 Siemens:f2:a1:2d 3rd 12th flr Boston 192.168.8.9 10.192.86.3 fe.21 Siemens:11:a6:5f Floor812flr flr Boston th th th 8 flr LA West LA West 10.253.9.3 10.253.9.3 192.168.8.6 10.58.21.8 10.58.21.8 10.192.86.3 fe.14 fe.14 fe.24 Siemens:20:b8:ff Siemens:20:b8:ff 1st flr LA West 10.253.4.4 10.58.26.19 fe.2 Siemens:20:b8:fa 8th flr LA West 10.253.9.3 10.58.21.8 fe.19 Siemens:19:ab:ad111 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • OS LIA Seguridad AvanzadaBeneficios específicos de NAC Physical Infrastructure Enterasys NMS OpenScape DLS Detecta y Localiza Enterasys detecta cada nueva conexión y proporciona información de Import localización. Synchronization Via XML/SOAP Database Control de acceso Enterasys proporciona Mgmt Appliance control extendido de: - Modo de acceso - Tipo de autenticación Core Network 1 - Tipo de dispositivo - Localización: puerto switch, SSID OpenScape Voice - Momento de la conexiónMobile User - Estado de seguridad del dispositivo 2 3 Mobile User Mobile Users Establecimiento de Políticas - Autoriza el usuario o el dispositivo (PC, telefóno, impresora) - Permite el acceso a los recursos basados en la Secure Networks - NAC Features identidad y/o el riesgo de seguridad del dispositivo Access & Establish & Detect & Respond & Respuesta y Remedio Control Enforce Policy Locate Remediate El estado del software se comprueba antes de la conexión y se monitoriza a lo largo de la conexión ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Configuración dinámicaOpenScape DLS: Descarga templates a los teléfonos en función de la información obtenida de la red ej. Configuración de speed dials Speed dial button 7 = #52065 Siemens OpenScape DLS Speed dial Templates: button 7 = Speed dial-button #37208 configuration ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Gestión de activosOpenScape DLS: Actualización automática de inventario despues de cambios Localización de los clientes VoIP en la infraestructura IP e.g., Qué dispositivos VoIP están en la 3ª planta ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Capacidades únicas junto con Flexibilidad y Seguridad La integración de seguridad WLAN y LAN minimiza el coste de la seguridad en UC - Optimiza la eficiencia y reduce costes - Mantiene la integridad de la red sin rediseños Soporte de cualquier fabricante con APIs de integración - Permite soportar cualquier solución de UC con mínimo esfuerzo Seguridad distribuida en la red - Se adapta rápida y eficientemente a las necesidades específicas Fiabilidad y QoS únicos - Mejor calidad de voz y video Simplicidad y automatización de la configuración - Reduce costes de despliegue, garantiza la seguridad115 ©2011 Enterasys Networks, Inc. – All rights reserved.
  • Visit us at: www.enterasys.com