copyright © siemens enterprise communications gmbh & co. kg 2009. all rights reserved. siemens...
TRANSCRIPT
Page 1Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09 Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
Enterasys Secure Networks
Tamara Maksimovic
CCNA-SEC, CCDA, CCNPESSE-D, ESSE-NAC
Technical Consultant
Page 2Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
Enterasys-Who we are?
Originally founded as Cabletron Systems 25 years ago Today we are part of a global joint venture with SIEMENS
Thousands of customers in more than 70 countries 100+ of the FORTUNE Global 500 Strong presence in government and higher education
Hundreds of global patents resulting from more than US $1 billion R&D investment
The perfect-sized company
We measure our success by your satisfaction There is nothing more important than our customers Deliver on our promises on-time, on-budget 95% of our customers would purchase from us again
Page 3Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
What we do?
Enterasys delivers Secure Networks™ that ensure the confidentiality, integrity, availability and performance of IT services and the business users that rely on them
Ensure only the right users have access to the right information from the right place at the right time
Secure any network “What you need, is what you get” policies based on identity Protect financial and knowledge investments through
open-architecture, standards-based technologies Visibility and control of large and diverse enterprise networks Backwards compatibility assures multi-generation
useful lifecycle to accelerate ROIDesign, deploy, optimize, support and service integrated hardware and software solutions
Intelligently sense and automatically respond to security threats on your network
Proactively prevent threats from entering your network
Page 4Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
Secure Networks™ Defined
© 2008 Enterasys Networks, Inc. All rights reserved.
4
Management Software
Centralized Visibility and Control
IDS, IPS, NBA, SIEM and Network Access Control
Advanced Security Applications
Security-EnabledInfrastructure
Switches, Routers, Wireless
Page 5Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 5
Open Communications Portfolio
Networks
Services
Contact Centers
Contact CenterCampaign Management Automated Outbound Voice Portal
UC Application MobilityUC Server Video Messaging
Converged medium-to-large
Small IP system Converged SME Small IP UC system
3rd Party Network Products
Network SecurityApplications
Management Software Switches & Routers WLAN
Lifecycle Professional Hosted Managed SecurityUC Integration
Voice
UnifiedCommunications
Devices and Clients
SecurityThreat Management & Data SecurityIdentity & PrivacyBusiness Continuity Compliance
+ 3rd Party Partners
medium-to-verylarge SIP
Page 6Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 6
Enterasys Networks Portfolio
Switches PremiumCore and Distribution
Secure CoreRouters
Routers WANVPN / Firewall
Security-Enabled Infrastructure
Switches, routers and wireless
Industrial Switches
Centralized Command & Control
Advanced ManagementManagement SNMP
Event Management
Control and Inventory
Security policies and visibility
Quality of Services in one touch
CSIRT - Incident respond team
Automation and searches automatically
Advanced Security Applications
Compliance and SecurityNetwork Access Control - NAC
Compliance and audit
Logs Correlation (SIEM)
Intrusion Detection Systems (IDS)
Intrusion Prevention Systems (IPS)
Behavioral Analysis (NBAD)
Remediation and Assessment
Edge Switches
Wireless802.11
Page 7Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 7
SecureStack A2 Series
ConvergenceConvergence• Multi classification in layers 2/3/4
• Differentiated Services (DiffServ)
• 8 priority queues per port
• Management of queue Strict Priority and WRR
ConnectivityConnectivity• 8 units per stack of switches
• closed-loop stacking via RJ45
• Redundancy of management
• Redundant Power Supply (optional)
• Power over Ethernet IEEE 802.3af
• 8.000 MAC Address
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 1024 VLAN 802.1Q
• Link Aggregation 802.3ad
• Remote Monitoring (RMON)
ComplianceCompliance• Identity and user authentication
• Authentication 802.1x and MAC (RFC3580)
• Integration with NAC Solution
• MAC Locking per port dynamic and static
Page 8Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 8
SecureStack B Series
ConvergenceConvergence• Multi classification in layers 2/3/4
• Differentiated Services (DiffServ)
• 8 priority queues per port
• Management of queue Strict Priority and WRR
ConnectivityConnectivity• 8 units per stack of switches
• Dedicated closed-loop stacking
• Redundancy of management
• Redundant Power Supply (optional)
• Power over Ethernet IEEE 802.3af
• 16.000 MAC Address
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 1024 VLAN 802.1Q
• Link Aggregation 802.3ad
• Remote Monitoring (RMON)
ComplianceCompliance• Identity and user authentication
• Authentication 802.1x, MAC, and PWA (optional)
• Integration with NAC Solution
• Secure Policies through Secure Networks (optional)
Page 9Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 9
SecureStack C Series
ConvergenceConvergence
• Multi classification in layers 2/3/4
• Differentiated Services (DiffServ)
• 8 priority queues per port
• Management of queue Strict Priority and WRR
ConnectivityConnectivity• 8 units per stack of switches
• Dedicated closed-loop stacking
• Redundancy of management
• Redundant Power Supply (optional)
• Power over Ethernet IEEE 802.3af
• Routing IPv4 e IPv6
• RIP, OSPF, VRRP, DVMRP, PIM e IGMP
• 16.000 MAC Address
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 1024 VLAN standard 802.1Q
ComplianceCompliance
• Identity and user authentication
• Authentication 802.1x, MAC, and PWA
• Integration with NAC Solution
• Secure Policies through Secure Networks
Page 10Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 10
D-Series
ConvergenceConvergence
• Multi classification layers 2/3/4
• Differentiated Services (DiffServ)
• 8 priority queues per port
• Queue management Strict Priority e WRR
ConnectivityConnectivity
• Compact Switch with low noisy mechanism
• Recommended for classroom and meeting room
• Works in high temperature up to 60 ºC (50 ºC PoE)
• Redudant power supply (optional)
• Power over Ethernet (PoE) IEEE 802.3af
• 16.000 MAC Address
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 1024 VLAN 802.1Q
• Link Aggregation 802.3ad
• Remote Monitoring (RMON)
ComplianceCompliance
• Identity and user authentication
• Authentication 802.1x, MAC, and PWA (optional)
• Integration with NAC Solution
• Secure Policies through Secure Networks
Page 11Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 11
G-Series
ConvergenceConvergence• Multi classification layers 2/3/4
• Differentiated Services (DiffServ)
• 8 priority queues per port
• Queue management Strict Priority e WRR
ConnectivityConnectivity• Switch-router – type modular
• 3 expansion slots
• Swappable redundant power supplies
• Support up to 96 GbE ports or up to 12 10GbE + 24 GbE
• Power over Ethernet (PoE) IEEE 802.3af
• Routing IPv4 e IPv6
• RIP, OSPF, VRRP, DVMRP, PIM e IGMP
• 32.000 MAC Address
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 1024 VLAN 802.1Q
ComplianceCompliance• Identity and user authentication
• Authentication 802.1x, MAC, and PWA
• Integration with NAC Solution
• Secure Policies through Secure Networks
Page 12Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 12
Limited Lifetime Warranty
“Enterasys Networks supports the limited lifetime warranty for products SecureStack, G-Series and D-Series”
“Enterasys Networks supports the limited lifetime warranty for products SecureStack, G-Series and D-Series”
• The limited lifetime warranty cover until 5 years after EOSL the following:
• Switches
• Power Supplies
• FAN Trays
• Stack cables
• Advanced Replacement
• For some regions (please contact your local distributor)
• Software and phone support are included
• Bugs and fixes
• New features (not all, please contact ETS GTAC)
• Phone support
Page 13Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 13
Matrix N Series
ConvergenceConvergence
• High multi-frame classification layers 2/3/4
• Full TOS and Differentiated Services (DiffServ)
• From 4 to 16 priorities queues per port
• Management queue Strict Priority and WRR
ConnectivityConnectivity• Modular chassis switch-router
• Distributed architecture
• Resiliency and high availability (N+6)
• Diversity: + 30 modules types
• Power over Ethernet (PoE) IEEE 802.3af
• Routing IP Unicast and Multicast
• RIP, OSPF, VRRP, DVMRP, PIM, IGMP, PBR
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 4094 VLAN 802.1Q
• Flow Based Architecture, including NetFlow
ComplianceCompliance
• Identity, user and multi-user authentication
• Authentication 802.1x, MAC and PWA
• Integrated NAC Solution
• Secure Policies through Secure Networks
Page 14Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 14
SecureSwitch I-Series
ConnectivityConnectivity• Standalone industrial switch
• Very robust support:
• High temperature, vibration, impact and energy
• Support International Protection (IP) Rating 50
• Redundant DC Power Supply
• Class 1 Division 2
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 802.1Q
• Link Aggregation 802.3ad
ConvergenceConvergence• Multi classification in layers 2/3/4
• Differentiated Services (DiffServ)
• 8 priority queues per port
• Management of queue Strict Priority and WRR
ComplianceCompliance
• Identity and user authentication
• Authentication 802.1x, MAC, and PWA
• Integration with NAC Solution
• Secure Policies through Secure Networks
Page 15Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 15
Matrix X Series – Secure Core Router
ConvergenceConvergence• Protocol classification layers 2/3/4
• IP TOS and Differentiated Services (DiffServ)
• Min 8 priority queue per port
• Management queue SPQ, WFQ e Best Effort
ConnectivityConnectivity• Modular chassis crossbar architecture
• Distributed architecture with high performance forwarding mechanism
• High density of 10GbE ports
• Resiliency, high availability in hardware and software
• Firmware hitless and virtual operation “non-stop”
• Routing IP unicast e multicast
• RIP, OSPF, BGP, VRRP, DVMRP, PIM e IGMP
• Spanning Tree (802.1d, 802.1w, 802.1s)
• 1024 VLAN 802.1Q
ComplianceCompliance• High availability for critical mission networks
• DDoS protection embedded
• QoS on demand for applications
• Business continuity architecture
Page 16Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 16
XSR Security Router Series
ConvergenceConvergence
• Services classification
• Differentiated Services (DiffServ)
• Management queue WFQ e Class Bases WFQ
• Traffic management TD, RED, WRED
ConnectivityConnectivity• Routers with high performance
• “Stateful” Firewall (optional)
• VPN support client-to-site and site-to-site with hardware acceleration (optional)
• Critical mission QoS for WAN applications
• Diversity of WAN interfaces
• Routing IP Unicast and IP Multicast
• RIP, OSPF, BGP, VRRP, PIM, IGMP, PBR, NAT
• Routing and VLAN tagged decision
• Remote Auto Install
ComplianceCompliance
• Security policies enabled
• “Stateful” Firewall
• VPN Hardware Acceleration
• URL filters
Page 17Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 17
HiPath Wireless
ConvergenceConvergence• Effectively serve convergence needs for multiple
vertical industries
• VoWLAN optimized - End to end high quality and secure voice
• Fixed Mobile Convergence (FMC) feature set
ConnectivityConnectivity• Indoor and Outdoor solution
• Centralized management and user location
• High Availability and high density of WIFI users
• Solution for medium and large WIFI networks
• WIDS and Rogue detection
• Access Points 802.11a/b/g /n available
• LAN-TO-LAN and BSS Infrastructure
• RF Planning
• Centralized multi-Controller management platform for large wireless networks
ComplianceCompliance• User identity and authentication
• HiGuard security Comprehensive defense against WLAN security threats
• Traffic routed through the Controller or locally - always perform encryption and QoS
Page 18Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 18
NetSight® Management Suite
ConvergenceConvergence• QoS Provisioning:
• Multi-frame classification layer 2/3/4
• Differentiated Services (DiffServ) and CoS
• Compliance documentation report
ConnectivityConnectivity• Interactive GUI SNMP for management
• Dynamic topology map L2 and L3
• Event, alarm and CSIRT management
• User and devices location
• Customizable windows to manage (Flex View)
• VLAN configuration 802.1Q
• Protocol Configuration
• Spanning Tree, CDP, GVRP, FST, SpanGuard, ...
• Statistics, reports and visibility
• Inventory, backups and upgrades
ComplianceCompliance• Network Access Control - NAC
• Support Secure Networks™ Architecture
• Guest management wired and wireless
• Port Web Authentication for dummies
Network Access Control
Management SNMP
Secure Policies
Patches S.O.Anti-vírusFirewall......
Patches S.O.Anti-vírusFirewall......
Page 19Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 19
Enterasys Network Access Control
ConvergenceConvergence• Ip phone and camera authentication
• Auto-QoS for all devices in the network
• Automatic traffic shaping
• Auto discovery from convergence devices
ConnectivityConnectivity• Infrastructure integration – easy to use
• Based on RFC 3580, 802.1x, MAC Authentication, Subnet Authentication and WEB Authentication to deploy pre and pos control and authorization
• Ip phone auto-authentication and QoS provisioning up to 3000 devices per appliance
• Agent based or agent less embedded
• Secure Networks on demand and centralized reporting for all network
• Where, when and who is accessing the network
• Remediation Services embedded
ComplianceCompliance• Compliance for all devices in the network
• Assessment embedded, including dissolvable agent for guest users
• Auto remediation and risk reporting
Network Access Control
Patches S.O.Anti-vírusFirewall......
Patches S.O.Anti-vírusFirewall......
Page 20Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 20
Dragon Intrusion Detection and Prevention
ConvergenceConvergence
• H323 and SIP dynamic inspection
• Anomaly, signature and protocol baseline analysis
• DDoS protection for convergence systems
• Reporting of use for convergence devices
ConnectivityConnectivity• Intrusion Detection and Prevention Systems
• Library with +7.500 Signatures
• Multiples models and systems integration
• Management and configuration through GUI
• Packet capture and forensic analysis
• Rebuilding TCP sessions for forensic analysis
• Virtual sensors at same hardware appliance
• VLAN, IP Subnets, TCP/UDP well-know ports and physical ports
• Many response actions: Snipping, Shunning, DIR (ASM integration)
ComplianceCompliance
• Acceptable use policy for device, IP subnets and users
• Security all-in-one for CSIRT
• Collets evidences and perform forensic analysis
• Security Reporting easy to use
1001100111101010 1001100111101010
Threat Notification!
Action:Deny traffic
Threat Notification!
Action:Deny traffic
Page 21Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 21
Dragon Security Command Console – DSCC
Incidents ManagementIncidents Management
• Advanced incident drill down management:
• IP Address, user, event, date and hour
• Magnitude evaluation
• Automate Incident Response (ASM integration)
FeaturesFeatures• GUI interactive monitoring
• Security log and security correlation:
• Support +10.000 kind of logs
• Parsing and log customization
• Security risk management
• Security offense management
• Security Incident evaluation (credibility, relevance and severity)
• Behavioral analysis for network, based on security events, IDS/IPS integration and xFLOW
• One click management
Compliance ReportingCompliance Reporting
• Customizable security reporting
• Templates of reports and regulation:
• SOX, BASE II, HIPPA, CoBIT, ...
• Weekly reporting and notification
Behavioral Analysis
Dashboard(Overview)
CSIRTIncident
Response
Compliance
Reporting
Page 22Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09Page 22
Security Information & Event Manager (SIEM)
Operation SystemsApplications
Firewalls IDS/IPS
SwitchesRouters
Flow Sensors
Normalize Organize Filter Correlation
Prioritize Visibility
BehavioralManageme
ntDashboard(Overview)
IncidentManagement Complianc
e Reporting
NetFlowJ-FlowQ-Flow
Page 23Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
Enterasys Unique Sales Points
Our solutions are uniquely capable of improving operational efficiencies
Open standards-based, interoperability protects existing financial and knowledge investments
Save money, time and people through centralized management visibility & control Supports rapid change for dynamic business environment (new applications, new
security threats)
Cost-effective technology that is less expensive than Cisco Greener to operate Lower startup cost Lower operational cost Lower overall support cost More consistent and efficient way to provision IP services
Page 24Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
Industry leader in network integrated security and control solutions
Security solutions aimed at achieving business oriented objectives
Security built into the data switches – more for their money!
Identity-based networking by user, device, and application
Future proof, open standards based architecture
Scalable, high performance solutions
Enterasys Unique Sales Points
Page 25Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
Enterasys world class service and support
Focused, industry-leading data networking sales and support teams
Full suite of Educational, Professional, and Technical Support services available
Completely in-sourced technical assistance center with an average tenure of +10 yrs supporting Enterasys solutions
Emphasis is on solving your customer problems, not passing them to someone else
Enterasys Unique Sales Points
Page 26Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG
SEN CMC BOMFor internal use only
Jun 09
You can right now!
Copyright © Siemens Enterprise Communications GmbH & Co. KG 2008. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG