Tài liệu Bảo mật Tài sản số - Securing your Digital Assets docx

The Power of Two: The CheckPoint and Nokia• 8+, year partnership between Nokia and Check Point • Nokia and Check Point Provide Security to 92 out of Fortuner 100.. 1 Internet Security Co

Securing your Digital Assets

Gabriel Tan,

District Manager, South Asia

Nokia Enterprise Solutions

About Nokia

• World leader in mobile communications

• Frontrunner in providing mobile, broadband

and IP networks

• Sixth most valuable brand (Interbrand)

• One of the world’s most respected companies

(PriceWaterhouse & Financial Times)

• As mobility and Internet converge,

Nokia is committed to further enriching the daily lives of people

Nokia Organisation

Customer and Market Operations

Technology Platforms

Strategy, Research, Venturing and Business Infrastructure

Mobile Phones Multimedia Networks

Enterprise Solutions

Top of mind issues for security

 Hardened for security

 Simple & manageable

 Reliable

 Cost

 Support multiple applications

…and something that adds more complexity

…securing wireless

Customers still want security appliances …

By 2007, 80% of all network security solutions will be delivered via a dedicated appliance - IDC

W hat S ecurity F unction are you likely to deploy on a security appliance?

W hat is the primary driver behind

appliance-based security technology?

… and they want mo re from thes e appliances

Nokia Aligned With Market Preferences

In-Stat (2005)

• Set For Explosive Growth

Forrester (2005)

• 50% of enterprises prefer separate

stand alone appliances

•14% prefer all-in-one

•28% prefer integrated

Source: Gartner (July 2005)

Gartner (2005)

Nokia IP Security Platforms

Performance & Functionality

Nokia IP560

The Power of Two: The CheckPoint and Nokia

• 8+, year partnership between Nokia and Check Point

• Nokia and Check Point Provide Security to 92 out of Fortuner 100.

Check Point

• No 1 Internet Security Company: Built on Firewall Software Success

• Award winning GUI

• Patented Stateful Inspection

Nokia

• Internet Security Appliance Pioneer

• Built to secure demanding traffic

• Fastest performance Platform For Check Point (IPSO)

• ‘Audit’ Grade HW Build, OS and Management tools Enterprise and Carrier

• The First and Leading HA Firewall Solution for Check Point

• Global Support and Service

• Patented security technologies

• Jointly-developed acceleration technologies

• Several IETF Reference Points (IPv6, VRRP) etc

• 600+ security focused engineers

Nokia IP2250

Nokia Security Firewall Appliances

• Comprehensive quality assurance

on complete hardware and

Nokia IP Security Appliance Platforms

• H ardware

• Nokia Pioneered The IP Security Appliance, knows more about Security Appliances Than Any other Vendor

• Nokia Designs and builds Entire Appliance Platform, down To Component Level, including boards etc…

• Nokia Develops and QA’s all hardware driver software, with specialized toolsets and bench configurations

• Nokia Provides Redundant hot swap power supplies

• Nokia Provides Redundant hot swap Network Interface Cards

• Nokia Provides Solid State and HDD based System Solutions

• Nokia Delivers High Port Density, High Connectivity Solutions

• Nokia IP Appliances are Built with Ease of Serviceability in mind

• All Systems Quality Assured Under Ideal and ‘Real World’ Operational Environments

• All ‘installed base’ hardware, operating system and application combinations QA’d together

• Nokia Continues To Invest in Hardware Innovations – ADPs, Solid State Support, 10GigE

• O perating S ystem – IP Security Operating System

• Network Element Operating System, Optimised For Packet Forwarding

• IPSO High Performance Forwarding based on Patented IP Switching Technology

• ASIC Firewall Performance From Software Based Firewall, with no Restrictions on Flexibility

• Built On Carrier Grade, ‘Battle’ Proven, IP Networking BSD IP Stack, used by Operators and ISPs

• Nokia Hardened* Operating System IPSOTM

• Early Implementation of Digitally Signed OS

• Less Than 10 CERTs in 8+ Years of Field Deployments

• Firewall acceleration pioneer, Nokia Patented IP Firewall Flows

• The market leader and pioneer in integrated high availability firewall technology VRRP-MC to IP Clustering

• World Class, well proven, standards adherent routing

• Well proven IPv6 Implementation, deployed in ISP and Operator Networks for 5yrs+

• Multiple OS Image Management for rollback and recovery operations

• Powerful CLI, and Diagnostic Shells

• Nokia Pioneered Web Interface For Security Appliance Management – Nokia Voyager Element Manager

• Nokia Pioneered Security Appliance System Level Management – Nokia Horizon Manager

• Do No Harm patch, upgrade and management technology for Entire Systems including Security Applications

• Nokia Hardware and Software Asset Auditing tools

Nokia IP Security Operating System

What is A Secure Appliance Operating System?

• “Applications cannot be more secure than the kernel functions they call”

• OS is the right place for security

Operating system security is fundamental to the security of every computing

system because operating systems are a critical point of failure for the entire

system Unfortunately, attempts to secure computer systems continue to be based

on the flawed assumption that adequate security can be provided in applications

with the existing security mechanisms of mainstream operating systems The

any effort to provide system security that ignores this premise is doomed to fail –

NSA

Anatomy of A Secure Appliance Operating System

System Architecture

Security Function s

Deployment Processes

Building Secure Software

Independent Validation &

Certifications

Identification and Authentication

User Data Protection including

Enforces the Security Policy

with a Security Model implemented by kernel components and by kernel modularity

General Purpose Operating System Security

Solutions

Flexible but NOT fast

CPU

Packet Processing Packet

Processing Policy

Software Based (Server Appliance)

ASIC Based Security Solution

Fast but NOT flexible

Nokia IP Security Appliance

Packet Processing Packet

Processing

Nokia Unique Value Proposition

Fast but NOT flexible Flexible but NOT fast

Fast + Flexible

CPU

Packet Processing Packet

Processing Policy

Software Based (Server Appliance)

Packet Processing Packet

Processing

In Other People’s Words

Nokia IP3xx

“This product shows how two companies can work together to create a product better than the sum of

its parts”

-Secure Computing Magazine

“A versatile and flexible solution for the high

end of the market”

-Secure Computing Magazine

Nokia IP2250

Nokia IP2xx

"As a dedicated hardware platform, the Nokia IP260

offers some ferocious capabilities.“

-Network Computing Magazine

IP Security Appliance Business

• Business Week, 28 Aug ‘02- Nokia's Security Connection

" force to be reckoned with According to tech researcher IDC, Nokia is quickly grabbing market share in the exploding market for firewall/VPN appliances“

• 25.6% of Asia Pacific Security Appliance Market Share

• Nokia with Check Point VPN-1/FireWall-1

has 62% VPN and 41% firewall market share

(Infonetics Research, VPN Hardware Market)

• Frost & Sullivan 2005 Firewall market share

for Vietnam, Nokia ranked #1

or a café

Employees using a corporate device at

a hotel or using

Wi-Fi provider

Partners, suppliers & contractors

Linux & Unix users

Large Office

Remote Office Branch Office

• Fully-integrated, secure IPSec VPN gateways, with multiple

options, for fast, easy deployment in high-performance networks

• Advanced dynamic connectivity to mobile devices and other VPN

gateways through robust broadband and routing functionality

• Extreme system availability using diskless hardware, patented

clustering and patent-pending adaptive networking technologies

• Product targeted for government sales through planned industry

certification including FIPS-140-2, EAL4, ICSA and VPN Consortium

Nokia Mobile IP VPN Solution

Headquarters

Nokia 50i

Nokia VPN Mgr (with Nokia SSM) Nokia Mobile

Mobile VPN Client

Nokia Enterprise Solutions

IT Security Infrastructure

A uthentication & E ncryption

A ccess C ontrol Intrusion D etection

Access Network

Internet

A pplications, F iles,

A uthentication, etc.

Nokia Service – First Call – Final Resolution

•Support resources have a direct line to hardware engineering, software

engineering and QA teams – No company boundaries to span during resolution

•8x5 VAR fulfilled or Nokia fulfilled support

•8x5 onsite VAR fulfilled or Nokia fulfilled support

•24x7 VAR fulfilled or Nokia fulfilled support

•24x7 onsite VAR fulfilled or Nokia fulfilled support

Nokia provides integrated single source, and single contract, support for Check Point VPN-1, Nokia IP Security Platforms, interface cards, VPN

accelerator cards, HA software and routing protocols.

Hardware Repair and Replacement Services Networking Equipment

• Field support in more than 2000 cities

• Onsite Service Options: NBD, Same Day

4 Hour Response, 2 Hour Response

• Nokia First Call-Final Resolution

• Follow The Sun Support

• Available 365x24x7

USA East

Taiwan China

End User help desk support delivered by 19 Customer Care Centers globally

• Set up assistance

• Access to device specialists

• >1000s of repair service points globally

Malaysia

HK

Brazil Argentina

Columbia Mexico

Hungary Germany Italy Spain Belgium

USA South East

China

Global Support Infrastructure

Global TAC & Field Infrastructure

Nokia Uniqueness in Unified Threat Management

S ecurity A ppliances with a “ tuned” O perating S ystem(N okia appliances with IP S O O perating S ystem )

S ervices

R esiliency, P erform ance, P olicy C ontrol, flow m anagem ent,

S ecurity A ppliances with a “ tuned” O perating S ystem(N okia appliances with IP S O O perating S ystem)

S ervices

R esiliency, P erform ance, P olicy C ontrol, flow m anagem ent,

A nom aly D etection, R egulatory C om pliance, ex tensibility

Services Broad Attack Detection Deep Packet Inspection Application Control Real Time Response

ID/P

Services Access Control Application Control Protocol Validation Enforcement

Services Virus Mitigation Spyware, Adware, Malware Detection and Control

Malicious Mobile Code Mitigation

Security and Mobility Unification

Email, PIMServer

NokiaManagementCenter

(Admin Interface)

DNSDirectory

Firewall VPN (IP &/or SSL)

ID/P Directory Services Email

VoIP

Nokia Unified Threat Management Functions

• All-in-one secure mobility