www.handream.net

SG Security Switch

HanDreamnet. Co., Ltd. International Sales Devision James Bae 82-10-3687-4665( jbae@handream.net, http://en.handream.net)

Contents

I. Reliability of SG Security Switch

II. Aspect of Administrator’s Concern

III. Cost Effective Investment

IV. SG Switch Performance

V. Trouble Free Guaranteed

VI. Cisco vs. HDN

1. Reliability of SG Security Switch

Process based detecting

– No service interruption

– Checking specific duration to avoid

service interruption, and decide to

drop

Unique MDS Security

– Patented multi dimension detective

technology

– MDS 6 cube analysis

Field Proven Reference

– Deployed from 2007

– More than 50,000 units sold to

enterprise, ISP, public, military, and

university customers

Customizing Support

– Develop the requirement easily

– Tailored customer support service

2. Aspect of Administrator’s Concern

User Friendly Command

– Cisco like CLI command

– Visual network management system

(VNM / VIPM)

Automatic Detect Process

– Automatic detection function helps

administrator to troubleshoot

– Separate harmful traffic from normal

service packet

Enhanced Log information

– Provide whatever clients want

– All security switch logs can be saved for the

future forensic.

Minimized Network Downtime

– Seamless service

– Auto Config for remote configuration

– Auto Config file save system

2. Aspect of Administrator’s Concern

Situation Before After

Harmful traffic • Cannot detect from every switch

• Or manually cut off ( service down)

• Automatic detect and recover

• Separate harmful traffic from normal

(no service down)

Cable loop • Entire networks disaster

• Broadcast storming • Automatic detect and recover

Forensic(log) • No evidence detected • History and log can be traced

Configuration • Required individual saved

• Manual saved

• Automatic saved on the Switch

• Saved with date stamp

Batch Configuration

(ex, password chagned)

• Individual configuration

• Time consuming job • Batch Configuration

Firmware upgrade • Individual configuration

• Time consuming job • Batch firmware upgrade support

Switch replacing • On site support required

• Console connection required

• Remote configuration support

• Auto-Config

Switch configuration • Hard to config QoS and security function • Wizard function support

• Provide proprietary Security function

Function Customization • Not any vendor support • HDN provide specific version for each customer

General • Time consuming against all

situation

• Automatic detect and recover can help

general operation cost

3. Cost Effective Investment

Seamless Service Guarantee

– Protect your network systems from

internal threats

– Protect VPN, Firewall, and Servers

– Protect service from cable loop

Protect internal property

– ARP Spoofing Detection / Drop

– Detect information breaches

(ID/Password)

– Block snipping, tapping, and spoofing

(VoIP or CCTV)

Management System

– Cost saving management system

– Save operating cost with auto response

process

– Batch configuration, and firmware upgrade

– Easy tracking through all histories

Cost Effective Operating Cost

– Automatically detect and recovery

system

– Minimized network downtime

– No need additional investment for

IPv4/v6 harmful attack

4. SG Switch Performance

Full Wire Speed

– Guarantee “wire speed” with security

– Guarantee “wire speed” under the

various network traffic condition

IPv4 / IPv6 Compatibility

– Wire Speed with IPv6 condition

– Wire Speed guaranteed with various

traffic on IPv6 environment

– No need equipment for IPv6 security

hole

ASIC Chip based (MDS)

– Embedded a dedicated security ASIC

– All packet analysis done by MDS

– Fast resolution and simple management

Successful Performance Test

– Pass in-depth QA by Samsung

– Pass in-depth QA by Softbank

5. Trouble Free Guaranteed

Low rate hardware error

– Low rate hardware failure

– Reported error : lower than 0.2%

Proven Reference Customers

– Samsung Electronics since 2009

– 3,000 units installed (R&D center,

manufacturing, and head office)

– Other enterprise/ISP/public/military/university

Approved large companies’ test

– ODM Partner with LG-Ericsson (before)

– ODM Partner with Samsung-Electronics (Now)

Professional Support for YTLC

– Tailored service by local distributor

– Designated Sales / TAC engineer assign

– Engineering consulting support

6. Cisco NAC vs HDN SG

Synergy with existing security systems

– Perfect security

– Cooperative function

NAC Solution

Regular L2 Switch

Security Wire Speed Simple MGMT Cost

SG Security Switch

NAC SG Switch

Function User Access Control Network Switching

Security Device Authentication Detect harmful traffic, and IP management (with VIPM)

How Agent required No agent required

Appendix

1. Regular switch vs. HDN security switch – slide 1,2,3,4

2. Security Internal Threats - Slide 5,6,7,8, 9

3. HDN Security Switch Management

4. Attack at each layer

5. What HDN SG security switch delivers?

6. Why HDN?

TYPE

Performance (Wire Speed with full security features)

L2 function (STP/PVST+/VLAN/LACP)

IPT function

(Voice VLAN/Auto QoS/PoE)

General Security function

(ACL, DHCP Snooping, DAI, IPSG )

Enhanced Security function

(security engine, harmful traffic detection,

tapping detection etc.)

Management (free NMS, security reporting,

real time monitoring, remote configuration)

Reliability & Certificate (1U internal redundancy,

IPv4/IPv6 CC certified, IPv6 Ready Logo)

Customer Support (TAC)

1. Regular Switch vs. Security Switch

Function Regular Switch SG Security Switch

Harmful Traffic Detection

• Only over traffic can be detected

• Manual troubleshooting

• Decreased Performance

• Can detect of IPv6 security

• Detect all kinds of harmful traffic

• Real time detect and drop

• No performance impact

• IPv6 security features & function

Isolate Harmful Traffic • Block Port or IP

• Service impact

• Blocked ONLY harmful traffic

• Ports are always available

IP telephony tapping (ARP Spoofing)

• Detect only dynamic IP (DHCP) • Detect dynamic and static too

Cable Looping • Manual fix once it happened

• Service impact until resolved.

• Real time detect and block

• No service impact

Easy Administration • No report feature

• Separate management (network, security)

• Provide powerful report and log feature

• Real time traffic monitor

Power Redundancy (POE) • Internal and external redundancy • Internal redundancy

Green IT • No • Save maximum 50% power consumption

Monitoring/ Management • Purchase • Free

2. Regular Switch vs. Security Switch

SG Security Switch

• Detect/Block all kinds of internal attacks

• No service interruption

• Embedded proprietary security ASIC

• Provides visible and audible alarm for Administrator

Normal Traffic

Harmful Traffic

Sever

L2 Switch

• No way to detect various harmful traffic from users.

• ACL is time consuming job.

• Cannot do anything against internal threats such as

DDoS attack.

Normal Traffic

Harmful Traffic

Sever

3. Regular Switch vs. Security Switch

Regular Switch SG Security Switch

Scenario : Scan attack sends to 3 different ports using changed destination IP by the attacker

4. Regular Switch vs. Security Switch

Comparing the methods to protect from attacks

HDN Scenario (SG2024) Other Vendor’s Scenario

④ Block attack port by manual access list ② Auto create protection rule by MDS engine

■ Result

Abnormal traffic already spread on local network

Take long time to prepare future defense

Operator must be involved at each step

① Detect network error

(low speed, report by user)

③ Analyze packet through L3 switch

② Checking by operator(L3 backbone switch, Router, Server farm )

No traffic damage occurred because of port based detection

No additional attack occurred

Forecast using attack log history

No need operator’s hand

■ Result

① Auto detect by MDS engine

④ Separate attack packets from normal

⑤ Clear ACL by operator

VS

③ Write history and log

Threats from portable devices

– Spread harmful traffic from USB device

– Smart device are more vulnerable in BYOD era

5. Security – Internal Threats

Access Authority (ERP/Groupware)

ID & Password

email

Personal Profile Data File

Phone Line

IP Telephony Phone Tapping

Hacking from inside

<Reference: Microsoft>

Fast spread from internal network

Spreading from internal mal-user

Spreading ARP spoofing code

Infected by portable storage

Infected from sharing folder

6. Security – Internal Threats

Spreading Worm

7. Security – Internal Threats

Issues on regular switch

– Vulnerability of attacks

– Internal information breach from vulnerable devices

– No way to protect internal information

Attack PC

smartphone PDA

Notebook

WiFi AP

E-mail

messenger

Groupware

IPphone

Server webcam

IP Network

Contact Center

Lack of detection

•Cannot detect internal network scanning - IP, Service Ports can be scanned - Scan OS information using Fingerprint

Lack of Execution

•

•Cannot block ARP Spoofing attack - Only works in Dynamic IP condition

• Cannot block many harmful traffic

8. Security – Internal Threats

Focused on Core Network

– How about internal threats?

Well Prepared from Attack outside with IPS / Firewall

No Active Protection from internal employee attack

Outside and Core Network

Access Network (Internal)

Backbone Layer Second damaged level from internal user attack

Attack make the overall performance to be delayed.

Required Auto detect / block

Block only harmful traffic

Reasonable Expense

Easy Maintenance

Increased attack from mobile device

Blind Area/Difficult Management

No Real-time Detect from Attack / Hacking

Difficult Network Modify

Cable Loop Accident

• Cable loop connection by mistake

• Called broadcast storm, entire network will be down

Happened by mistake

• Damaged area: Entire network will be down

• Damaged duration: Hard to find failure point, check

manually, cannot use network back until fixed.

Damage

If SG switch, no service interruption

9. Internal Threats

Visual IP Manager Visual Node Manager

• Integration with SG switch and VIPM server

• Detect bad user with any OS

• IP management and access control

• Redirect web page for notice or registration

• DHCP policy advertisement

• Montio

• Monitoring real time detect status

• Monitoring traffic status of each port

• Monitoring system status

• Free bundle software

Harmful traffic monitoring

Hacking/Sniffing traffic monitoring

VNM + IP Management System

Not Authorized PC

↑Send group policy

Send log data ↓

10. Management – VNM and VIPM

11. Attack at each layer

MAC source/dest address

IP source/dest address/port

IP range TCP flags

Protocol (TCP/UDP/ICMP) TCP/UDP dest port

Port pattern/IP pattern Detection count

Cable Loopback Test

IP Spoofing, DHCP Attack, ICMP Attack

Cable disconnected

MAC Flooding, MAC spoofing, ARP Attack

TCP/UDP flooding, Scanning

No Signature update (behavior based security)

Different level’s attack diagram

12. What HDN SG delivers?

Internal Security is more important

Hacking

Attack Network Attack

(Flooding/DDos)

Authentication Function Disabled

Lack of Network Security Management

Direct Attack Intended

(Sniffing/Spoofing)

SECURITY

ISSUE

Abnormal Traffic Increased by Mobile User

Protect Internal Bad Users

80% of Attack is from Internal Traffic !!!!

Network Resource

Management

Intercept Massage or Files

Tapping Authentication, VoIP

Hard to find internal hacking

users

Network Down caused by mal-packet flooding

Huge Damage Spread

Embedded a dedicated Security ASIC(MDS:Multi-Dimension Security engine)

Real-time traffic status -> easy management

Detect/block harmful traffic only -> Not Port/IP block

Visible & Audible alarm through VNM

A detailed log supports through VNM

Guarantee performance with full security features

Easy Management – real time monitoring

Cost effective

No additional equipment for access layer security

Protect confidential information from Attacker/Hacker

True security leading solution for internal users.

13. Results (Why HDN?)