www.handream.net
SG Security Switch
HanDreamnet. Co., Ltd. International Sales Devision James Bae 82-10-3687-4665( [email protected], http://en.handream.net)
Contents
I. Reliability of SG Security Switch
II. Aspect of Administrator’s Concern
III. Cost Effective Investment
IV. SG Switch Performance
V. Trouble Free Guaranteed
VI. Cisco vs. HDN
1. Reliability of SG Security Switch
Process based detecting
– No service interruption
– Checking specific duration to avoid
service interruption, and decide to
drop
Unique MDS Security
– Patented multi dimension detective
technology
– MDS 6 cube analysis
Field Proven Reference
– Deployed from 2007
– More than 50,000 units sold to
enterprise, ISP, public, military, and
university customers
Customizing Support
– Develop the requirement easily
– Tailored customer support service
2. Aspect of Administrator’s Concern
User Friendly Command
– Cisco like CLI command
– Visual network management system
(VNM / VIPM)
Automatic Detect Process
– Automatic detection function helps
administrator to troubleshoot
– Separate harmful traffic from normal
service packet
Enhanced Log information
– Provide whatever clients want
– All security switch logs can be saved for the
future forensic.
Minimized Network Downtime
– Seamless service
– Auto Config for remote configuration
– Auto Config file save system
2. Aspect of Administrator’s Concern
Situation Before After
Harmful traffic • Cannot detect from every switch
• Or manually cut off ( service down)
• Automatic detect and recover
• Separate harmful traffic from normal
(no service down)
Cable loop • Entire networks disaster
• Broadcast storming • Automatic detect and recover
Forensic(log) • No evidence detected • History and log can be traced
Configuration • Required individual saved
• Manual saved
• Automatic saved on the Switch
• Saved with date stamp
Batch Configuration
(ex, password chagned)
• Individual configuration
• Time consuming job • Batch Configuration
Firmware upgrade • Individual configuration
• Time consuming job • Batch firmware upgrade support
Switch replacing • On site support required
• Console connection required
• Remote configuration support
• Auto-Config
Switch configuration • Hard to config QoS and security function • Wizard function support
• Provide proprietary Security function
Function Customization • Not any vendor support • HDN provide specific version for each customer
General • Time consuming against all
situation
• Automatic detect and recover can help
general operation cost
3. Cost Effective Investment
Seamless Service Guarantee
– Protect your network systems from
internal threats
– Protect VPN, Firewall, and Servers
– Protect service from cable loop
Protect internal property
– ARP Spoofing Detection / Drop
– Detect information breaches
(ID/Password)
– Block snipping, tapping, and spoofing
(VoIP or CCTV)
Management System
– Cost saving management system
– Save operating cost with auto response
process
– Batch configuration, and firmware upgrade
– Easy tracking through all histories
Cost Effective Operating Cost
– Automatically detect and recovery
system
– Minimized network downtime
– No need additional investment for
IPv4/v6 harmful attack
4. SG Switch Performance
Full Wire Speed
– Guarantee “wire speed” with security
– Guarantee “wire speed” under the
various network traffic condition
IPv4 / IPv6 Compatibility
– Wire Speed with IPv6 condition
– Wire Speed guaranteed with various
traffic on IPv6 environment
– No need equipment for IPv6 security
hole
ASIC Chip based (MDS)
– Embedded a dedicated security ASIC
– All packet analysis done by MDS
– Fast resolution and simple management
Successful Performance Test
– Pass in-depth QA by Samsung
– Pass in-depth QA by Softbank
5. Trouble Free Guaranteed
Low rate hardware error
– Low rate hardware failure
– Reported error : lower than 0.2%
Proven Reference Customers
– Samsung Electronics since 2009
– 3,000 units installed (R&D center,
manufacturing, and head office)
– Other enterprise/ISP/public/military/university
Approved large companies’ test
– ODM Partner with LG-Ericsson (before)
– ODM Partner with Samsung-Electronics (Now)
Professional Support for YTLC
– Tailored service by local distributor
– Designated Sales / TAC engineer assign
– Engineering consulting support
6. Cisco NAC vs HDN SG
Synergy with existing security systems
– Perfect security
– Cooperative function
NAC Solution
Regular L2 Switch
Security Wire Speed Simple MGMT Cost
SG Security Switch
NAC SG Switch
Function User Access Control Network Switching
Security Device Authentication Detect harmful traffic, and IP management (with VIPM)
How Agent required No agent required
Appendix
1. Regular switch vs. HDN security switch – slide 1,2,3,4
2. Security Internal Threats - Slide 5,6,7,8, 9
3. HDN Security Switch Management
4. Attack at each layer
5. What HDN SG security switch delivers?
6. Why HDN?
TYPE
Performance (Wire Speed with full security features)
L2 function (STP/PVST+/VLAN/LACP)
IPT function
(Voice VLAN/Auto QoS/PoE)
General Security function
(ACL, DHCP Snooping, DAI, IPSG )
Enhanced Security function
(security engine, harmful traffic detection,
tapping detection etc.)
Management (free NMS, security reporting,
real time monitoring, remote configuration)
Reliability & Certificate (1U internal redundancy,
IPv4/IPv6 CC certified, IPv6 Ready Logo)
Customer Support (TAC)
1. Regular Switch vs. Security Switch
Function Regular Switch SG Security Switch
Harmful Traffic Detection
• Only over traffic can be detected
• Manual troubleshooting
• Decreased Performance
• Can detect of IPv6 security
• Detect all kinds of harmful traffic
• Real time detect and drop
• No performance impact
• IPv6 security features & function
Isolate Harmful Traffic • Block Port or IP
• Service impact
• Blocked ONLY harmful traffic
• Ports are always available
IP telephony tapping (ARP Spoofing)
• Detect only dynamic IP (DHCP) • Detect dynamic and static too
Cable Looping • Manual fix once it happened
• Service impact until resolved.
• Real time detect and block
• No service impact
Easy Administration • No report feature
• Separate management (network, security)
• Provide powerful report and log feature
• Real time traffic monitor
Power Redundancy (POE) • Internal and external redundancy • Internal redundancy
Green IT • No • Save maximum 50% power consumption
Monitoring/ Management • Purchase • Free
2. Regular Switch vs. Security Switch
SG Security Switch
• Detect/Block all kinds of internal attacks
• No service interruption
• Embedded proprietary security ASIC
• Provides visible and audible alarm for Administrator
Normal Traffic
Harmful Traffic
Sever
L2 Switch
• No way to detect various harmful traffic from users.
• ACL is time consuming job.
• Cannot do anything against internal threats such as
DDoS attack.
Normal Traffic
Harmful Traffic
Sever
3. Regular Switch vs. Security Switch
Regular Switch SG Security Switch
Scenario : Scan attack sends to 3 different ports using changed destination IP by the attacker
4. Regular Switch vs. Security Switch
Comparing the methods to protect from attacks
HDN Scenario (SG2024) Other Vendor’s Scenario
④ Block attack port by manual access list ② Auto create protection rule by MDS engine
■ Result
Abnormal traffic already spread on local network
Take long time to prepare future defense
Operator must be involved at each step
① Detect network error
(low speed, report by user)
③ Analyze packet through L3 switch
② Checking by operator(L3 backbone switch, Router, Server farm )
No traffic damage occurred because of port based detection
No additional attack occurred
Forecast using attack log history
No need operator’s hand
■ Result
① Auto detect by MDS engine
④ Separate attack packets from normal
⑤ Clear ACL by operator
VS
③ Write history and log
Threats from portable devices
– Spread harmful traffic from USB device
– Smart device are more vulnerable in BYOD era
5. Security – Internal Threats
Access Authority (ERP/Groupware)
ID & Password
Personal Profile Data File
Phone Line
IP Telephony Phone Tapping
Hacking from inside
<Reference: Microsoft>
Fast spread from internal network
Spreading from internal mal-user
Spreading ARP spoofing code
Infected by portable storage
Infected from sharing folder
6. Security – Internal Threats
Spreading Worm
7. Security – Internal Threats
Issues on regular switch
– Vulnerability of attacks
– Internal information breach from vulnerable devices
– No way to protect internal information
Attack PC
smartphone PDA
Notebook
WiFi AP
messenger
Groupware
IPphone
Server webcam
IP Network
Contact Center
Lack of detection
•Cannot detect internal network scanning - IP, Service Ports can be scanned - Scan OS information using Fingerprint
Lack of Execution
•
•Cannot block ARP Spoofing attack - Only works in Dynamic IP condition
• Cannot block many harmful traffic
8. Security – Internal Threats
Focused on Core Network
– How about internal threats?
Well Prepared from Attack outside with IPS / Firewall
No Active Protection from internal employee attack
Outside and Core Network
Access Network (Internal)
Backbone Layer Second damaged level from internal user attack
Attack make the overall performance to be delayed.
Required Auto detect / block
Block only harmful traffic
Reasonable Expense
Easy Maintenance
Increased attack from mobile device
Blind Area/Difficult Management
No Real-time Detect from Attack / Hacking
Difficult Network Modify
Cable Loop Accident
• Cable loop connection by mistake
• Called broadcast storm, entire network will be down
Happened by mistake
• Damaged area: Entire network will be down
• Damaged duration: Hard to find failure point, check
manually, cannot use network back until fixed.
Damage
If SG switch, no service interruption
9. Internal Threats
Visual IP Manager Visual Node Manager
• Integration with SG switch and VIPM server
• Detect bad user with any OS
• IP management and access control
• Redirect web page for notice or registration
• DHCP policy advertisement
• Montio
• Monitoring real time detect status
• Monitoring traffic status of each port
• Monitoring system status
• Free bundle software
Harmful traffic monitoring
Hacking/Sniffing traffic monitoring
VNM + IP Management System
Not Authorized PC
↑Send group policy
Send log data ↓
10. Management – VNM and VIPM
11. Attack at each layer
MAC source/dest address
IP source/dest address/port
IP range TCP flags
Protocol (TCP/UDP/ICMP) TCP/UDP dest port
Port pattern/IP pattern Detection count
Cable Loopback Test
IP Spoofing, DHCP Attack, ICMP Attack
Cable disconnected
MAC Flooding, MAC spoofing, ARP Attack
TCP/UDP flooding, Scanning
No Signature update (behavior based security)
Different level’s attack diagram
12. What HDN SG delivers?
Internal Security is more important
Hacking
Attack Network Attack
(Flooding/DDos)
Authentication Function Disabled
Lack of Network Security Management
Direct Attack Intended
(Sniffing/Spoofing)
SECURITY
ISSUE
Abnormal Traffic Increased by Mobile User
Protect Internal Bad Users
80% of Attack is from Internal Traffic !!!!
Network Resource
Management
Intercept Massage or Files
Tapping Authentication, VoIP
Hard to find internal hacking
users
Network Down caused by mal-packet flooding
Huge Damage Spread
Embedded a dedicated Security ASIC(MDS:Multi-Dimension Security engine)
Real-time traffic status -> easy management
Detect/block harmful traffic only -> Not Port/IP block
Visible & Audible alarm through VNM
A detailed log supports through VNM
Guarantee performance with full security features
Easy Management – real time monitoring
Cost effective
No additional equipment for access layer security
Protect confidential information from Attacker/Hacker
True security leading solution for internal users.
13. Results (Why HDN?)