handreamnet security switch
DESCRIPTION
Handreamnet is a leading network security solution provider with a competitive edge against global vendors in network security and traffic management markets. Internet usage patterns have changed and E-business volume is expanding, and so are the threats and damage caused by activities such as hacking, viruses, and worms, which are increasing in number. Handreamnet provides reliable solutions based on deep technology and expertise to secure network availability. Handreamnet is also making investments to solve the network overload traffic and to prohibit harmful traffic. For more information about Handreamnet please visit http://en.handream.net/main.phpTRANSCRIPT
1 www.handream.net
HanDream Security Switch
2
WHAT’S SECURITY SWITCH ?
3
Hacking IP & ARP spoofing
Network trouble
(Management Issue) IP Address conflicts
Network Loop
ATTACK DoS, DDoS, SCAN, ARP
Spoofing…………
L2 Authentication Internal IP address
management
Why need Security on L2 Switch?
4
WHY SECURITY SWITCH ?
Well Prepared from Attack outside with IPS / Firewall
Very vulnerable if the attack raise from access level
No Active Protection when Attack from the inside of network
Outside and Core Network
Access Network (Internal) Blind are or difficult Management due to many random users
No Real-time detect & protection from Attack / Hacking
Backbone Layer Second damaged level from the access level attack
Enough stop service due to mass traffic from the access level
Required Auto detect feature
Block only harmful traffic itself
Converged Network Management
Reasonable Expense
Easy to Install
Security was the area of the core side, not access area. What’s the solution for the access area?
5
Hacking
Attack Network Attack
(Flooding/DDos)
Authentication Function Disabled
Lack of Network Security Management
Direct Attack Intended
(Sniffing/Spoofing)
SECURITY
ISSUE
Abnormal traffic increased mobile users
Internal bad users
80% of Attack is from Internal Traffic !!!!
Network Resource
Management
L2 Level Securities
Detect & Protection from Internal Network Traffic
Intercept Massage or Files
Hard to find the origin
Tapping Authentication(VoIP)
Network Down due to attack
Spread damage to the upper layer
6
Access company information using
hacking tool (intention)
Access Authority
(ERP/Groupware)
ID & Password
Personal Profile
Data File
Phone Line
Data Sniffing Sneaking personal and
company information
IP Telephony Phone Tapping
Hacking from inside
Internet Hacking from outside
Threat from increased mobile devices inside office
Threat in office
Hacking from virus infected devices
(no intention)
※ Hard to detect L2 level packet falsified
by ARP spoofing
L2 Level Securities (Hacking)
7
Distribute core
WAN Edge
Router, Firewall
Main core
Access core
Internet
attacker
Attack from access level
L2 - MAC flooding , MAC Falsify , ARP Attack
L3 - IP Spoofing,DHCP Attack , ICMP Attack
L4 - TCP Sync flooding (Dos,DDos,RANDOM Attack)
UDP flooding , Scanning
Attack for network down using
rapid spreading of abnormal traffic
No way to detect when internal
attack happened
L2 Level Securities (Network Attack)
8
Unknown or
Non-Compliant
Known
Device Guest
? X
Many possible ways to access internal
network without authentication
Increased unauthorized access
Production
Network Internet
No way to detect internal
unauthorized user’s trail
Easily access or virus spread by
intended internal user
L2 Level Securities (Authentication)
9
Easy
Installation
Hacking
Security
Authentication
Intelligent
Security
Network Operator Needs
High
Performance L2 Level
Authentication
Easy
Maintenance
10
Operator
Needs
Network
Security
Handreamnet L2 Security Swtich
11
HANDREAMNET SECURITY
SWITCH FUNCTION
12
Auto Detect
Harmful Traffic
Auto Detect
Sniffing/Spoofing
Perfect Control
User Access
Management
Handreamnet Switch Specification
13
Network Attack Protection (Layer 4 level)
MAC source/dest address
IP source/dest address/port
IP range TCP flags
Protocol (TCP/UDP/ICMP) TCP/UDP dest port
Port pattern/IP pattern Detection count
Cable Loopback Test
IP Spoofing, DHCP Attack, ICMP Attack
Cable disconnected
MAC Flooding, MAC falsify , ARP
Attack
TCP Syn flooding (DoS/DDoS/Random Attack)
UDP flooding, Scanning
Detect harmful traffic
Layer 4 based analysis & protection
No signature update base
14
Smart Protection
Detect harmful traffic with 6 way steps
Guarantee no service delay
Prepare future network problem
Smart Protection
15
Sensor Log
MD Protection Engine RT Packet Gathering
Module
Switching Fabric Protection
Security Filter
Module
Giga / Fast Ethernet Interface
ASIC Based Detect Engine – MDS
Multi Dimension Security Engine
Hardware based security engine
Traffic analysis & detect with 6 different ways
Full wire speed guaranteed when even bad traffic detected
16
Real time monitoring - VNM
Visual Node Manager
Report real time detect status
Report traffic status each ports
Real time IP usage
Free bundle provided
17
Web Alert
Web Alert
Alert alarm when detect
No agent based
Provide web based alarm
18
Utilized Authentication Management
• VIPM
• IPScan
• IDS
• Etc
API
LOCAL Embeded Auth 802.1x base Solution Authentication
&Control
Local
User DB
Port Base
Multi User
MAC
WEB
Guest_VLAN
RADIUS Server
TACACS+ Server
EAP(RADIUS/Diameter)
Port Base
Multi User
MAC
WEB
Guest_VLAN
IP(Port,Vlan)
MAC(Port,Vlan)
IP,MAC(Port,Vlan)
MAC Wildcard(*)
EAP(EAPOL) EAP(EAPOL) IP, ARP
19
Achieved Reliability Test by LG-Nortel, 2007
Award HIT Product – Network Equipment by Digital Times, 2008
Award IT Innovation Product –security part by Digital Daily, 2008
Certified Security Standard Product by Samsung Electronics, 2009
Grand Award DT Brand Power by Digital Times, 2009
Certified Standard Security Equipment by SoftBank, Japan, 2010
Certified CC, EAL2 by IT Cyber Security Center,
Certified International IPv6 Ready Logo Phase-2, 2011
Proved Reliability
Certified high
industrial
standard
Proved Security
Algorism
Error Rate
Less 0.2%
20
Handreamnet’s Scenario (SG2024) Other Vendor’s Scenario
④ Block attach port by manual access list ② Auto create detection rule by MDS engine
■ Result
L3 Core Switch down but abnormal traffic already spread on local
network
Take long time to prepare future defense
Operator always involve each procedure
① Detect
network error
(low speed etc)
③ Analyze
packet
through L3
switch
② Checking by
operator(L3
backbone switch,
Router,
Server farm )
No traffic damage occurred because of port based detection
No additional attack occurred
Forecast using attack log history and warn the origin of the traffic
No need operator’s hand
■ Result
① Auto detect by MDS engine
④ Setting normal with
Attack packet stops
ASIC based Security Engine
⑤ Clear ACL by
operator
Never prepare future network fialure Prepared future network failure VS
③ Write history and log
Comparing other products
situation) Scan attacking from 3 different ports through keep
changing destination IP
21
Attack Port
Connect Port Up-Link Port
Attack Alert
Hacking/Attack/Switch monitoring Network Resource Management
[IP/MAC/SWITCH PORT]
Harmful traffic detection mornitoring Real-time monitoring and searching
Visual Node Manager
22
Service Reliability
Reduce Cost
Network Resource
Management
Attack Detection
Hacking
Detection
What we expected
23
* Maximum 50% of energy saving efficiency depends on network environment
Green IT - SG2024
Energy Saving Description Remarks
• Green IT • 34.7W power consumption, lowest in the world.
• High efficiency greet IT support • SG all product
• AUTO power saving • 60/600sec(manual) interval ON/OFF
• Each port based • SG all product
• Scheduled power saving
• Weekly/hourly/port based schedule support
• Auto on/off when traffic detect even though ports are
on power save scheduled
• Huge amount of saving when scheduled
•SG2024G
• Green IT Standard
• IEEE802.3az support – Energy Efficient Ethernet
• Certified RoHS – Restriction of Hazardous Substance
24
Function Description Remarks
• Shard VLAN Egress-port
(Private VLAN)
• Block internal communication on same network
• Only allowed uplink traffic
• Cyber apart / condor
• Hotel, IDC center
• Bank, resident, Lab
• Port Redundancy • Port redundancy for dummy hub with STP support
• Active / Standby • Old network / Factory
•DHCP Server / DHCP Relay • DHCP Relay, and DHCP Server support • Dormitory / small company
• 802.1P(Voice VLAN) • Voice packet priority when burst traffic happens • IP Terminal
• Cable length detect • Cable length detect connected with swtich • network maintenance
• Cisco protocol support
(CDP, PVST ) • Comparable with existing Cisco product with CDP, PVST
• Radius Server support • Internal Radius Server support
- Web authentication, MAC authentication, 802.1X authentication
• Maximum 512 user
support on each switch
• NetBios filtering support • Block NetBios communication
• SFF-8472(fiber module information)
support
• Fiber module information support
- Temperature, Power, Sensitive of TX/RX information
SG2024 Strong Point again competitors
25
INTEGRATED SECURITY
MANAGEMENT SYSTEM
-VISUAL IP MANAGER
26
Visual IP Manager
IP MAC IP MAC
VIPM server L2 security
switch ① IP/MAC information to VIPM
③ Assigned policy send to the
Switch
② New policy create &
monitoring
④ Block unauthorized user
(Automatic authentication) Web based tool support
Real time monitoring of current status
IP resource management
Archive L2 switch user
information to database
Analyze current network situation
Authentication/Authorization for
each user
IP/MAC information of users
will be sent to VIPM server
Policy from VIPM server will
be assigned to each user
Surveillance Network
attack/hacking
Report to VIPM server
IPM Console
VIPM network configuration
27
Interworking between Security Switch and VIPM server
Regardless user’s OS
Authentication Web page support
DHCP policy assinged
VIPM redundancy support
Authentication– VIPM Authentication
Unauthorized PC
VIPM Authentication
28
Management of network and users
Real time management
Real time monitoring of detects
IP manage and control
Alarm function support
29
IP management and control
By equipment, IP Class, Department
Detect IP Conflict, Available IP
Finding user’s location
IP Management
30
Real time report- Dashboard
Real time equipment status
Real time connected users
Real time detected status
Dashboard
31
Trace user’s location
By switch name, port
User IP usage history
Time scheduling function
IP user’s location
32
Registration page support (web based)
Non Agent based
Web page provide
New user registration on every semester
[edit] [registration] [delete]
SMS, E-Mail, VIPM popup to operator
Request IP user
33
Switch Graphical Status
Switch Graphical Status
34
SECURITY SWITCH LINE-UP
35
100 10G Giga 100 10G Giga
PoE
08
24
48
SG2024G SG2024
SG2008G SG2008GPoE
SG2024P SG2024GPoE
SG2048GPoE SG2048G
SG2024GF
SG2124GX
SG2148GXPoE
SG2124GXPoE
SG2124
SG2148 SG2148GX
SG2124PoE
SG2124GXF
[L2 48Port 10/100]
[L2 24Port 10/100]
[L2 24Port 10/100]
[L2 48Port Giga]
[L2 24Port Giga] [L2 24Port 10G]
[SFP 24Port]
[SFP 24Port 10G]
[L2 48Port 10G] [L2 48Port Giga/PoE] [L2 48Port 10G/PoE]
[L2 24Port 10G/PoE] [L2 24Port Giga/PoE] [L2 24Port 10/100 PoE]
[L2 8Port Giga/PoE] [L2 8Port Giga]
[L2 24Port 10/100 PoE]
Capacity
# of Ports
Handreamnet L2 Switch Line-up
36
100 10G Giga 100 10G Giga
PoE
08
24
48
SG3024G SG3024 SG3024P SG3024GPoE
SG3048GPoE SG3048G
SG3024GF
SG3124GX
SG3148GXPoE
SG3124GXPoE
SG3124
SG3148 SG3148GX
SG3124PoE
SG3124GXF
[L3 48Port 10/100]
[L3 24Port 10/100]
[L3 24Port 10/100]
[L3 48Port Giga]
[L3 24Port Giga] [L3 24Port 10G]
[SFP 24Port]
[SFP 24Port 10G]
[L3 48Port 10G] [L3 48Port Giga/PoE] [L3 48Port 10G/PoE]
[L3 24Port 10G/PoE] [L3 24Port Giga/PoE] [L3 24Port 10/100 PoE]
[L3 24Port 10/100 PoE]
Capacity
# of Ports
Handreamnet L3 Switch Line-up
37
Model Name Capacity Throughput Port type # of
Port PoE
SG2024 28.8Gbps 13.09Mpps 10/100 24
SG2024P 28.8Gbps 13.09Mpps 10/100 24 24
SG2008G 20Gbps 29.76Mpps 10/100/1000 8
SG2008GPoE 20Gbps 29.76Mpps 10/100/1000 8 8
SG2024G 48Gbps 71.43Mpps 10/100/1000 24
SG2024GPoE 48Gbps 71.43Mpps 10/100/1000 24 24
SG2048G 192Gbps 142.9Mpps 10/100/1000 48
SG2048GPoE 192Gbps 142.9Mpps 10/100/1000 48 48
SG2024GF 48Gbps 71.43Mpps 1000Base-SX/LX/LH(SFP) 24
SECURITY SWITCH
SG2000 SERIES
38
Model Name Capacity Throughput Port type # of
port PoE
SG2124 28.8Gbps 19Mpps 10/100 24
SG2124PoE 28.8Gbps 19Mpps 10/100 24 24
SG2148 57.68Gbps 26.2Mpps 10/100 48
SG2148PoE 57.68Gbps 26.2Mpps 10/100 48 48
SG2124GX 144Gbps 131Mpps 10/100/1000 24
SG2124GXPoE 144Gbps 131Mpps 10/100/1000 24 24
SG2148GX 288Gbps 202.4Mpps 10/100/1000 48
SSG2148GXPoE 288Gbps 202.4Mpps 10/100/1000 48 48
SG2124GXF 144Gbps 131Mpps 1000Base-SX/LX/LH(SFP) 24
SECURITY SWITCH
SG2100 SERIES
39
Model Name Capacity Throughput Port type # of
Port PoE
SG3024 28.8Gbps 13.09Mpps 10/100 24
SG3024PoE 28.8Gbps 13.09Mpps 10/100 24 24
SG3024G 48Gbps 71.43Mpps 10/100/1000 24
SG3024GPoE 48Gbps 71.43Mpps 10/100/1000 24 24
SG3048G 192Gbps 142.9Mpps 10/100/1000 48
SG3048GPoE 192Gbps 142.9Mpps 10/100/1000 48 48
SG3024GF 48Gbps 71.43Mpps 1000Base-SX/LX/LH(SFP) 24
SECURITY SWITCH
SG3000 SERIES
40
Model Name Capacity Throughput Port type # of
Port PoE
SG3124 28.8Gbps 19Mpps 10/100 24
SG3124PoE 28.8Gbps 19Mpps 10/100 24 24
SG3148 57.68Gbps 26.2Mpps 10/100 48
SG3148PoE 57.6Gbps 26.2Mpps 10/100 48 48
SG3124GX 144Gbps 131Mpps 10/100/1000 24
SG3124GXPoE 144Gbps 131Mpps 10/100/1000 24 24
SG3148GX 288Gbps 202.4Mpps 10/100/1000 48
SG3148GXPoE 288Gbps 202.4Mpps 10/100/1000 48 48
SG3124GXF 144Gbps 131Mpps 1000Base-SX/LX/LH(SFP) 24
SECURITY SWITCH
SG3100 SERIES
41
References - Public
42
References - Public
43
References - Company
44
References - University
45
References - Japan