copyright © siemens enterprise communications gmbh & co. kg 2009. all rights reserved. siemens...

Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved.Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG

SEN CMC BOMFor internal use only

Jun 09 Copyright © Siemens Enterprise Communications GmbH & Co. KG 2009. All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG

Enterasys Secure Networks

Tamara Maksimovic

CCNA-SEC, CCDA, CCNPESSE-D, ESSE-NAC

Technical Consultant



Jun 09

Enterasys-Who we are?

Originally founded as Cabletron Systems 25 years ago Today we are part of a global joint venture with SIEMENS

Thousands of customers in more than 70 countries 100+ of the FORTUNE Global 500 Strong presence in government and higher education

Hundreds of global patents resulting from more than US $1 billion R&D investment

The perfect-sized company

We measure our success by your satisfaction There is nothing more important than our customers Deliver on our promises on-time, on-budget 95% of our customers would purchase from us again



Jun 09

What we do?

Enterasys delivers Secure Networks™ that ensure the confidentiality, integrity, availability and performance of IT services and the business users that rely on them

Ensure only the right users have access to the right information from the right place at the right time

Secure any network “What you need, is what you get” policies based on identity Protect financial and knowledge investments through

open-architecture, standards-based technologies Visibility and control of large and diverse enterprise networks Backwards compatibility assures multi-generation

useful lifecycle to accelerate ROIDesign, deploy, optimize, support and service integrated hardware and software solutions

Intelligently sense and automatically respond to security threats on your network

Proactively prevent threats from entering your network



Jun 09

Secure Networks™ Defined

© 2008 Enterasys Networks, Inc. All rights reserved.

4

Management Software

Centralized Visibility and Control

IDS, IPS, NBA, SIEM and Network Access Control

Advanced Security Applications

Security-EnabledInfrastructure

Switches, Routers, Wireless



Jun 09Page 5

Open Communications Portfolio

Networks

Services

Contact Centers

Contact CenterCampaign Management Automated Outbound Voice Portal

UC Application MobilityUC Server Video Messaging

Converged medium-to-large

Small IP system Converged SME Small IP UC system

3rd Party Network Products

Network SecurityApplications

Management Software Switches & Routers WLAN

Lifecycle Professional Hosted Managed SecurityUC Integration

Voice

UnifiedCommunications

Devices and Clients

SecurityThreat Management & Data SecurityIdentity & PrivacyBusiness Continuity Compliance

+ 3rd Party Partners

medium-to-verylarge SIP



Jun 09Page 6

Enterasys Networks Portfolio

Switches PremiumCore and Distribution

Secure CoreRouters

Routers WANVPN / Firewall

Security-Enabled Infrastructure

Switches, routers and wireless

Industrial Switches

Centralized Command & Control

Advanced ManagementManagement SNMP

Event Management

Control and Inventory

Security policies and visibility

Quality of Services in one touch

CSIRT - Incident respond team

Automation and searches automatically

Advanced Security Applications

Compliance and SecurityNetwork Access Control - NAC

Compliance and audit

Logs Correlation (SIEM)

Intrusion Detection Systems (IDS)

Intrusion Prevention Systems (IPS)

Behavioral Analysis (NBAD)

Remediation and Assessment

Edge Switches

Wireless802.11



Jun 09Page 7

SecureStack A2 Series

ConvergenceConvergence• Multi classification in layers 2/3/4

• Differentiated Services (DiffServ)

• 8 priority queues per port

• Management of queue Strict Priority and WRR

ConnectivityConnectivity• 8 units per stack of switches

• closed-loop stacking via RJ45

• Redundancy of management

• Redundant Power Supply (optional)

• Power over Ethernet IEEE 802.3af

• 8.000 MAC Address

• Spanning Tree (802.1d, 802.1w, 802.1s)

• 1024 VLAN 802.1Q

• Link Aggregation 802.3ad

• Remote Monitoring (RMON)

ComplianceCompliance• Identity and user authentication

• Authentication 802.1x and MAC (RFC3580)

• Integration with NAC Solution

• MAC Locking per port dynamic and static



Jun 09Page 8

SecureStack B Series






• Dedicated closed-loop stacking






• 1024 VLAN 802.1Q




• Authentication 802.1x, MAC, and PWA (optional)


• Secure Policies through Secure Networks (optional)



Jun 09Page 9

SecureStack C Series

ConvergenceConvergence

• Multi classification in layers 2/3/4





• Dedicated closed-loop stacking




• Routing IPv4 e IPv6

• RIP, OSPF, VRRP, DVMRP, PIM e IGMP



• 1024 VLAN standard 802.1Q

ComplianceCompliance

• Identity and user authentication

• Authentication 802.1x, MAC, and PWA


• Secure Policies through Secure Networks



Jun 09Page 10

D-Series


• Multi classification layers 2/3/4



• Queue management Strict Priority e WRR

ConnectivityConnectivity

• Compact Switch with low noisy mechanism

• Recommended for classroom and meeting room

• Works in high temperature up to 60 ºC (50 ºC PoE)

• Redudant power supply (optional)

• Power over Ethernet (PoE) IEEE 802.3af



• 1024 VLAN 802.1Q





• Authentication 802.1x, MAC, and PWA (optional)





Jun 09Page 11

G-Series

ConvergenceConvergence• Multi classification layers 2/3/4



• Queue management Strict Priority e WRR

ConnectivityConnectivity• Switch-router – type modular

• 3 expansion slots

• Swappable redundant power supplies

• Support up to 96 GbE ports or up to 12 10GbE + 24 GbE


• Routing IPv4 e IPv6

• RIP, OSPF, VRRP, DVMRP, PIM e IGMP



• 1024 VLAN 802.1Q







Jun 09Page 12

Limited Lifetime Warranty

“Enterasys Networks supports the limited lifetime warranty for products SecureStack, G-Series and D-Series”

“Enterasys Networks supports the limited lifetime warranty for products SecureStack, G-Series and D-Series”

• The limited lifetime warranty cover until 5 years after EOSL the following:

• Switches

• Power Supplies

• FAN Trays

• Stack cables

• Advanced Replacement

• For some regions (please contact your local distributor)

• Software and phone support are included

• Bugs and fixes

• New features (not all, please contact ETS GTAC)

• Phone support



Jun 09Page 13

Matrix N Series


• High multi-frame classification layers 2/3/4

• Full TOS and Differentiated Services (DiffServ)

• From 4 to 16 priorities queues per port

• Management queue Strict Priority and WRR

ConnectivityConnectivity• Modular chassis switch-router

• Distributed architecture

• Resiliency and high availability (N+6)

• Diversity: + 30 modules types


• Routing IP Unicast and Multicast

• RIP, OSPF, VRRP, DVMRP, PIM, IGMP, PBR


• 4094 VLAN 802.1Q

• Flow Based Architecture, including NetFlow


• Identity, user and multi-user authentication

• Authentication 802.1x, MAC and PWA

• Integrated NAC Solution




Jun 09Page 14

SecureSwitch I-Series

ConnectivityConnectivity• Standalone industrial switch

• Very robust support:

• High temperature, vibration, impact and energy

• Support International Protection (IP) Rating 50

• Redundant DC Power Supply

• Class 1 Division 2


• 802.1Q













Jun 09Page 15

Matrix X Series – Secure Core Router

ConvergenceConvergence• Protocol classification layers 2/3/4

• IP TOS and Differentiated Services (DiffServ)

• Min 8 priority queue per port

• Management queue SPQ, WFQ e Best Effort

ConnectivityConnectivity• Modular chassis crossbar architecture

• Distributed architecture with high performance forwarding mechanism

• High density of 10GbE ports

• Resiliency, high availability in hardware and software

• Firmware hitless and virtual operation “non-stop”

• Routing IP unicast e multicast

• RIP, OSPF, BGP, VRRP, DVMRP, PIM e IGMP


• 1024 VLAN 802.1Q

ComplianceCompliance• High availability for critical mission networks

• DDoS protection embedded

• QoS on demand for applications

• Business continuity architecture



Jun 09Page 16

XSR Security Router Series


• Services classification


• Management queue WFQ e Class Bases WFQ

• Traffic management TD, RED, WRED

ConnectivityConnectivity• Routers with high performance

• “Stateful” Firewall (optional)

• VPN support client-to-site and site-to-site with hardware acceleration (optional)

• Critical mission QoS for WAN applications

• Diversity of WAN interfaces

• Routing IP Unicast and IP Multicast

• RIP, OSPF, BGP, VRRP, PIM, IGMP, PBR, NAT

• Routing and VLAN tagged decision

• Remote Auto Install


• Security policies enabled

• “Stateful” Firewall

• VPN Hardware Acceleration

• URL filters



Jun 09Page 17

HiPath Wireless

ConvergenceConvergence• Effectively serve convergence needs for multiple

vertical industries

• VoWLAN optimized - End to end high quality and secure voice

• Fixed Mobile Convergence (FMC) feature set

ConnectivityConnectivity• Indoor and Outdoor solution

• Centralized management and user location

• High Availability and high density of WIFI users

• Solution for medium and large WIFI networks

• WIDS and Rogue detection

• Access Points 802.11a/b/g /n available

• LAN-TO-LAN and BSS Infrastructure

• RF Planning

• Centralized multi-Controller management platform for large wireless networks

ComplianceCompliance• User identity and authentication

• HiGuard security Comprehensive defense against WLAN security threats

• Traffic routed through the Controller or locally - always perform encryption and QoS



Jun 09Page 18

NetSight® Management Suite

ConvergenceConvergence• QoS Provisioning:

• Multi-frame classification layer 2/3/4

• Differentiated Services (DiffServ) and CoS

• Compliance documentation report

ConnectivityConnectivity• Interactive GUI SNMP for management

• Dynamic topology map L2 and L3

• Event, alarm and CSIRT management

• User and devices location

• Customizable windows to manage (Flex View)

• VLAN configuration 802.1Q

• Protocol Configuration

• Spanning Tree, CDP, GVRP, FST, SpanGuard, ...

• Statistics, reports and visibility

• Inventory, backups and upgrades

ComplianceCompliance• Network Access Control - NAC

• Support Secure Networks™ Architecture

• Guest management wired and wireless

• Port Web Authentication for dummies

Network Access Control

Management SNMP

Secure Policies

Patches S.O.Anti-vírusFirewall......




Jun 09Page 19

Enterasys Network Access Control

ConvergenceConvergence• Ip phone and camera authentication

• Auto-QoS for all devices in the network

• Automatic traffic shaping

• Auto discovery from convergence devices

ConnectivityConnectivity• Infrastructure integration – easy to use

• Based on RFC 3580, 802.1x, MAC Authentication, Subnet Authentication and WEB Authentication to deploy pre and pos control and authorization

• Ip phone auto-authentication and QoS provisioning up to 3000 devices per appliance

• Agent based or agent less embedded

• Secure Networks on demand and centralized reporting for all network

• Where, when and who is accessing the network

• Remediation Services embedded

ComplianceCompliance• Compliance for all devices in the network

• Assessment embedded, including dissolvable agent for guest users

• Auto remediation and risk reporting

Network Access Control





Jun 09Page 20

Dragon Intrusion Detection and Prevention


• H323 and SIP dynamic inspection

• Anomaly, signature and protocol baseline analysis

• DDoS protection for convergence systems

• Reporting of use for convergence devices

ConnectivityConnectivity• Intrusion Detection and Prevention Systems

• Library with +7.500 Signatures

• Multiples models and systems integration

• Management and configuration through GUI

• Packet capture and forensic analysis

• Rebuilding TCP sessions for forensic analysis

• Virtual sensors at same hardware appliance

• VLAN, IP Subnets, TCP/UDP well-know ports and physical ports

• Many response actions: Snipping, Shunning, DIR (ASM integration)


• Acceptable use policy for device, IP subnets and users

• Security all-in-one for CSIRT

• Collets evidences and perform forensic analysis

• Security Reporting easy to use

1001100111101010 1001100111101010

Threat Notification!

Action:Deny traffic

Threat Notification!

Action:Deny traffic



Jun 09Page 21

Dragon Security Command Console – DSCC

Incidents ManagementIncidents Management

• Advanced incident drill down management:

• IP Address, user, event, date and hour

• Magnitude evaluation

• Automate Incident Response (ASM integration)

FeaturesFeatures• GUI interactive monitoring

• Security log and security correlation:

• Support +10.000 kind of logs

• Parsing and log customization

• Security risk management

• Security offense management

• Security Incident evaluation (credibility, relevance and severity)

• Behavioral analysis for network, based on security events, IDS/IPS integration and xFLOW

• One click management

Compliance ReportingCompliance Reporting

• Customizable security reporting

• Templates of reports and regulation:

• SOX, BASE II, HIPPA, CoBIT, ...

• Weekly reporting and notification

Behavioral Analysis

Dashboard(Overview)

CSIRTIncident

Response

Compliance

Reporting



Jun 09Page 22

Security Information & Event Manager (SIEM)

Operation SystemsApplications

Firewalls IDS/IPS

SwitchesRouters

Flow Sensors

Normalize Organize Filter Correlation

Prioritize Visibility

BehavioralManageme

ntDashboard(Overview)

IncidentManagement Complianc

e Reporting

NetFlowJ-FlowQ-Flow



Jun 09

Enterasys Unique Sales Points

Our solutions are uniquely capable of improving operational efficiencies

Open standards-based, interoperability protects existing financial and knowledge investments

Save money, time and people through centralized management visibility & control Supports rapid change for dynamic business environment (new applications, new

security threats)

Cost-effective technology that is less expensive than Cisco Greener to operate Lower startup cost Lower operational cost Lower overall support cost More consistent and efficient way to provision IP services



Jun 09

Industry leader in network integrated security and control solutions

Security solutions aimed at achieving business oriented objectives

Security built into the data switches – more for their money!

Identity-based networking by user, device, and application

Future proof, open standards based architecture

Scalable, high performance solutions




Jun 09

Enterasys world class service and support

Focused, industry-leading data networking sales and support teams

Full suite of Educational, Professional, and Technical Support services available

Completely in-sourced technical assistance center with an average tenure of +10 yrs supporting Enterasys solutions

Emphasis is on solving your customer problems, not passing them to someone else




Jun 09

You can right now!


copyright © siemens enterprise communications gmbh & co. kg 2009. all rights reserved. siemens...

Documents

siemens thousands of

internal use

network slide

enterasys networks

wireless slide

right users

right time

security threats