Bảo mật Tài sản số - Securing your Digital Assets
Ông Gabriel Tan - Giám đốc khu vực Nam Á - Công ty giải pháp doanh nghiệp Nokia. Operating system security is fundamental to the security of every computing system because operating systems are a critical point of failure for the entire system. Unfortunately, attempts to secure computer systems continue to be based on the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems. The reality is that secure applications require secure operating systems, and any effort to provide system security that ignores this premise is doomed to fail. – NSA
29 trang |
Chia sẻ: tlsuongmuoi | Lượt xem: 2061 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Bảo mật Tài sản số - Securing your Digital Assets, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Securing your Digital Assets Gabriel Tan, District Manager, South Asia Nokia Enterprise Solutions About Nokia World leader in mobile communications Frontrunner in providing mobile, broadband and IP networks Sixth most valuable brand (Interbrand) One of the world’s most respected companies(PriceWaterhouse & Financial Times) As mobility and Internet converge, Nokia is committed to further enrichingthe daily lives of people Nokia Organisation Customer and Market Operations Technology Platforms Strategy, Research, Venturing and Business Infrastructure Mobile Phones Multimedia Networks EnterpriseSolutions Top of mind issues for security Hardened for security Simple & manageable Reliable Cost Support multiple applications …and something that adds more complexity …securing wireless Customers still want security appliances … By 2007, 80% of all network security solutions will be delivered via a dedicated appliance. - IDC Nokia Aligned With Market Preferences In-Stat (2005) Set For Explosive Growth Forrester (2005) 50% of enterprises prefer separate stand alone appliances 14% prefer all-in-one 28% prefer integrated Source: Gartner (July 2005) Gartner (2005) Nokia IP Security Platforms Price Check Point VPN-1 Pro or VPN-1 Express Large Enterprise DataCenter Service Providers Nokia IP710 Nokia IP350/IP355 Nokia IP380/IP385 Nokia IP1260 Small to Mid Enterprise Remote Office Branch Office Nokia IP1220 Nokia IP2250 Nokia IP260/IP265 Nokia IP40 Performance & Functionality Nokia IP560 The Power of Two: The CheckPoint and Nokia Overview 8+, year partnership between Nokia and Check Point Nokia and Check Point Provide Security to 92 out of Fortuner 100. Check Point No. 1 Internet Security Company: Built on Firewall Software Success Award winning GUI Patented Stateful Inspection Nokia Internet Security Appliance Pioneer Built to secure demanding traffic Fastest performance Platform For Check Point (IPSO) ‘Audit’ Grade HW Build, OS and Management tools Enterprise and Carrier The First and Leading HA Firewall Solution for Check Point Global Support and Service Innovation Patented security technologies Jointly-developed acceleration technologies Several IETF Reference Points (IPv6, VRRP) etc.. 600+ security focused engineers Nokia IP2250 Nokia Security Firewall Appliances IPSO - Hardened OS designed for security Simple procurement and configuration Single support point for the entire solution Comprehensive quality assurance on complete hardware and software solution Network-centric product architecture First-Call, Final-Resolution support Nokia IP12xx Nokia IP3xx Nokia IP710 Nokia IP Security Appliance Platforms Hardware Nokia Pioneered The IP Security Appliance, knows more about Security Appliances Than Any other Vendor Nokia Designs and builds Entire Appliance Platform, down To Component Level, including boards etc… Nokia Develops and QA’s all hardware driver software, with specialized toolsets and bench configurations Nokia Provides Redundant hot swap power supplies Nokia Provides Redundant hot swap Network Interface Cards Nokia Provides Solid State and HDD based System Solutions Nokia Delivers High Port Density, High Connectivity Solutions Nokia IP Appliances are Built with Ease of Serviceability in mind All Systems Quality Assured Under Ideal and ‘Real World’ Operational Environments All ‘installed base’ hardware, operating system and application combinations QA’d together Nokia Continues To Invest in Hardware Innovations – ADPs, Solid State Support, 10GigE Operating System – IP Security Operating System Network Element Operating System, Optimised For Packet Forwarding IPSO High Performance Forwarding based on Patented IP Switching Technology ASIC Firewall Performance From Software Based Firewall, with no Restrictions on Flexibility Built On Carrier Grade, ‘Battle’ Proven, IP Networking BSD IP Stack, used by Operators and ISPs Nokia Hardened* Operating System IPSOTM Early Implementation of Digitally Signed OS Less Than 10 CERTs in 8+ Years of Field Deployments Firewall acceleration pioneer, Nokia Patented IP Firewall Flows The market leader and pioneer in integrated high availability firewall technology VRRP-MC to IP Clustering World Class, well proven, standards adherent routing Well proven IPv6 Implementation, deployed in ISP and Operator Networks for 5yrs+ Multiple OS Image Management for rollback and recovery operations Powerful CLI, and Diagnostic Shells Nokia Pioneered Web Interface For Security Appliance Management – Nokia Voyager Element Manager Nokia Pioneered Security Appliance System Level Management – Nokia Horizon Manager Do No Harm patch, upgrade and management technology for Entire Systems including Security Applications Nokia Hardware and Software Asset Auditing tools Nokia Brings F.C.A.P.S Best of Breed NMS to Security Appliance - Nokia Appliance Manager Nokia IP Security Operating System What is A Secure Appliance Operating System? “Applications cannot be more secure than the kernel functions they call” OS is the right place for security Operating system security is fundamental to the security of every computing system because operating systems are a critical point of failure for the entire system. Unfortunately, attempts to secure computer systems continue to be based on the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems. The reality is that secure applications require secure operating systems, and any effort to provide system security that ignores this premise is doomed to fail. – NSA Anatomy of A Secure Appliance Operating System System Architecture Security Functions Deployment Processes BuildingSecureSoftware Independent Validation & Certifications General Purpose Operating System Security Solutions Flexible but NOT fast ASIC Based Security Solution Fast but NOT flexible Nokia IP Security Appliance Fast + Flexible Nokia CPU CPU CPU CPU Policy CPU CPU CPU NPU API Packet Processing Nokia Unique Value Proposition Fast but NOT flexible Flexible but NOT fast Fast + Flexible Nokia CPU CPU CPU CPU Policy CPU CPU CPU NPU API Packet Processing In Other People’s Words IP Security Appliance Business Business Week, 28 Aug ‘02- Nokia's Security Connection "force to be reckoned with... According to tech researcher IDC, Nokia is quickly grabbing market share in the exploding market for firewall/VPN appliances“ 25.6% of Asia Pacific Security Appliance Market Share Nokia with Check Point VPN-1/FireWall-1 has 62% VPN and 41% firewall market share (Infonetics Research, VPN Hardware Market) Frost & Sullivan 2005 Firewall market sharefor Vietnam, Nokia ranked #1 Nokia SSL VPN Enables new mobile connectivity applications Business Continuity Performance Price Medium Office Large Office Remote Office Branch Office Nokia 500i *VPN Gateway Nokia 100iVPN Gateway Nokia 50i VPN Gateway Nokia 5i and Nokia 10iVPN Gateways Nokia IP VPN Gateways Fully-integrated, secure IPSec VPN gateways, with multiple options, for fast, easy deployment in high-performance networks Advanced dynamic connectivity to mobile devices and other VPN gateways through robust broadband and routing functionality Extreme system availability using diskless hardware, patented clustering and patent-pending adaptive networking technologies Product targeted for government sales through planned industry certification including FIPS-140-2, EAL4, ICSA and VPN Consortium * Available in 1H 2005 Nokia Mobile IP VPN Solution Headquarters Nokia 50i Nokia VPN Mgr(with Nokia SSM) Nokia MobileVPN Client Branch Office Nokia 10i Internet Mobile VPN Client Site-to-Site Connectivity Remote Access Connectivity Native Windows L2TP/IPSec client Nokia Enterprise Solutions Nokia Firewall/VPN Mobile Devices& PDAs Employees on enterprise device Employees on non-enterprise device IT Apps / Assets IT Security Infrastructure Authentication & Encryption Access Control Intrusion Detection Anti-Virus ANY Mobile Device Nokia SSL VPN Nokia IP VPN Nokia VPN Manager / NHM Access Network Internet Applications, Files, Authentication, etc. Nokia Service – First Call – Final Resolution Direct Access To Engineering Support resources have a direct line to hardware engineering, software engineering and QA teams – No company boundaries to span during resolution Three SCP Accredited TAC centers for follow the sun service Comprehensive support offerings available worldwide 8x5 VAR fulfilled or Nokia fulfilled support 8x5 onsite VAR fulfilled or Nokia fulfilled support 24x7 VAR fulfilled or Nokia fulfilled support 24x7 onsite VAR fulfilled or Nokia fulfilled support Nokia provides integrated single source, and single contract, support for Check Point VPN-1, Nokia IP Security Platforms, interface cards, VPN accelerator cards, HA software and routing protocols. Hardware Repair and Replacement Services Networking Equipment Field support in more than 2000 cities Onsite Service Options: NBD, Same Day 4 Hour Response, 2 Hour Response Mobile Devices Advanced Exchange Return and Repair Walk In Service India Singapore Japan USA West Canada UK Finland Enterprise level technical support delivered by Global Technical Assistance Centers Nokia First Call-Final Resolution Follow The Sun Support Available 365x24x7 USA East Taiwan China End User help desk support delivered by 19 Customer Care Centers globally Set up assistance Access to device specialists >1000s of repair service points globally Malaysia HK Brazil Argentina Columbia Mexico Hungary Germany Italy Spain Belgium USA South East China Global Support Infrastructure Global TAC & Field Infrastructure Global Field Services Infrastructure for 5x8xNBD / 24x7x4h On-site HW Replacement. 2000 Field Service Locations Globally On-Site HW Replacement: Nokia Uniqueness in Unified Threat Management Problem: Multiple discrete services x Multiple Locations = Security Trade-Offs Nokia UTM: Unified secure mobility services x Multiple locations = Limited Trade-Offs Security and Mobility Unification Email, PIMServer NokiaManagementCenter(Admin Interface) Nokia Unified Threat Management Functions All-in-one secure mobility architecture Ease of management, integration, deployment Consolidated management framework
Các file đính kèm theo tài liệu này:
- Gabriel_Nokia_(PPTminimizer).ppt