Presents… Network Security Made Simple Presented by: Sponsored in
37 Slides8.82 MB
Presents Network Security Made Simple Presented by: Sponsored in Part by: www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Presenters: Moderator: Tara Seals – Channel Vision Magazine Presenters: Warren Reyburn – Executive Vice President at LSI Bruce Wirt – Vice President of Sales and Marketing at LSI Shawn Nace – Senior Sales Engineer at LSI Dave Larson – COO/CTO at Corero David Fisher – Technical Sales Consultant at AT&T www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Who is LSI? 17 – Number of years in business operation Product Portfolio – Analog, PRI, SIP, HPBX, MPLS, Network Security 15,000 plus – Number of LSI customer locations 40 – Number of states (and Puerto Rico) that LSI has end users 5 – Number of International destinations (Canada, England, Israel, Singapore, Costa Rica) Part of the Block Communications family of media companies MSOs in Mississippi, Alabama, and Ohio CLECs in Ohio and Pennsylvania with nationwide voice and data availability Network Television Affiliates in Idaho, Illinois, Ohio, and Kentucky Newspapers- Toledo Blade and Pittsburgh Post Gazette www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
The Nation’s Leading Brands Trust LSI: www.linesystems.com VOICE l DATA l CLOUD 4 855.733.1000
LSI Network Network POPs in Pennsylvania, Ohio, Michigan, Mississippi, and Georgia Metaswitch and Broadsoft equipped SIP Certified: Avaya, Mitel, Toshiba, Shoretel, NEC LNP in all 50 states, 13,000 domestic rate centers 18 MPLS NNI Agreement in place by Q1-17, rendering over 500k unique lit buildings Market-Leading Technology Partners: www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Current Subscriber Footprint www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Protecting Your Network Starts Here: LSI Protects Your Network with Tele-Cloud Firewall Powered by Sophos Customer network threats are constantly evolving, and the evolution of converged networks means that any attack can have an effect not only on Internet and private data, but also on voice applications as well. LSI’s Unified Threat Management System provides: Firewalling Intrusion Prevention Application Control Web Filtering with Enhanced Reporting Email Filtering and Encryption Site to Site VPN Anti Virus Wireless Protection And more! www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Protecting Your Network Starts Here: LSI’s Network Outperforms the Competition DDoS attacks can disrupt or cripple customer operations, which result in major economic losses. As a result all LSI dedicated Internet customers are protected from DDoS attacks with our Corero Threat Defense Appliance (TDS) Installed at the Core level and covering all Internet peering arrangements, the TDS provides comprehensive network security against cyber security threats Corero provides LSI with analytics and actionable intelligence into: Reflective amplified DDoS attacks, targeted application layer attacks, malicious IP addresses, botnets and more www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Corero Network Security DDoS Mitigation with LSI Dave Larson, COO/CTO September 2016 2016 Corero www.corero.com
Evolution of DDoS Defense
DDoS Defense 1.0 - Null Route DDoS Detection (NetFlow Collector/Analyzer) Ne tF lo w Native Traffic Path Attack Traffic Non-Attack Traffic Null Route on Destination IP Unprotected Customer All traffic discarded 11 2016 Corero www.corero.com
DDoS Defense 2.0 - Scrubbing DDoS Detection (NetFlow Collector/Analyzer) Ne tF lo w Native Traffic Path Non-Attack Traffic Attack Traffic Non-Attack Traffic New Route via BGP Diverted Traffic Path TMS Industry Leader’s Scrubbing Approach 12 2016 Corero www.corero.com GRE Tunnel to Customer Partially Protected Customers
DDoS Defense 3.0 - Inline, Always-On SecureWatch Comprehensive DDoS Analytics Real-time Alerting and Reporting Attack Traffic Non-Attack Traffic Non-Attack Traffic DDoS Traffic Blocked Inline 13 Completely Protected Customers 2016 Corero www.corero.com
The Corero SmartWall Threat Defense System (TDS)
SmartWall Threat Defense System 1/10/20 Gbps Affordable, Scalable, Automatic DDoS Defense Service/Hosting Providers and Online Enterprises On Premises or Cloud deployments Protection in modular increments of 10/20 Gbps In-line or Scrubbing topologies ADVANCED DDOS THREAT DEFENSE TECHNOLOGY 15 BUILT ON NEXT GENERATION ARCHITECTURE 2016 Corero www.corero.com 80 Gbps 320 Gbps COMPREHENSIVE ATTACK VISIBILITY & NETWORK FORENSICS
In-Line Mitigation: Block Communications DDoS is handled automatically, and good user traffic flows as intended Near saturation attack event on 12/22 Weekly Aggregate DDoS Mitigation Week start date Traffic blocked (GB) 9/27/2015 7935.42 10/4/2015 5442.49 10/11/2015 4515.76 10/18/2015 2040.66 10/25/2015 5280.27 11/1/2015 6018.34 11/8/2015 4506.04 11/15/2015 3903.47 11/22/2015 5833.86 11/29/2015 4941.37 12/6/2015 2457.96 12/13/2015 5262.04 12/20/2015 25005.61 12/27/2015 8610.96 25 terabytes of DDoS attack traffic automatically removed! No human intervention 2016 Corero www.corero.com 1 8
Who is Corero Network Security? First Line of Defense HQ 500 Hudson, MA, USA Publicly traded CNS:LN active customers across many verticals world-wide against DDoS attacks and cyber threats Corero products and services PROTECT AND OPTIMIZE your critical infrastructure and online services HOSTING PROVIDERS & DATA CENTERS SERVICE PROVIDERS 2016 Corero 19 www.corero.com ENTERPRISE
Thank You!
World Class Ethernet Last Mile Aside from NNI Partnerships, LSI is On Net in 28 States for Last Mile Ethernet Price competitive availability in the 21 state AT&T ILEC Markets Get access to the world class AT&T Ethernet Network, engineered back to LSI for full DDoS protection Dedicated Internet, MPLS, and hybrid network options www.linesystems.com VOICE l DATA l CLOUD 855.733.1000
Next Generation of Switched Ethernet Overview Version AT&T Virtual Private Network Service (AT&T AVPN) 2016 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
The evolution to solutions From to Complex, multi-vendor, corporate managed solution Reduce complexity and potentially lower costs Voice TDM Integrated solutions WAN – MPLS network foundation – Voice and collaboration – Remote locations – Mobile productivity apps, fixed mobile convergence – End to end management WAN – Security services Rout e rs PBX Routers As a Service Integrated and automated experience - One AT&T 23 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
AT&T MPLS VPN Service Just the Basics – Partitioned/private – Many access types, including wireless 4G / LTE – Core routing features – IPv4 and IPV6 Ethernet VPN Private Network-based (MPLS) AT&T POP AT&T MPLS VPN PP P DSL Access PPP/Ethernet/PL Wireless 24 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. Tunnel Gateway & Authentication Server
AT&T VPN Service Overview Benefits Customer Access – Application awareness – Scalability Ethernet – Agile, reliable, flexible any-to-any connectivity – Easy access to reporting / tools – Industry-leading Service Level Agreements – Meshed network with Class of Service ATM* AT&T POP – Built-in Disaster Recovery AT&T MPLS Network IP *AT&T VPN Frame, ATM & DSL Ports are on Sales Hold and Unavailable to New Customers 25 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. Firewall The Internet Smartphone
Class of Service Prioritizing your traffic Class I Class IIV Class II Class III Class IV Class V VOIP Video SAP, Oracle Applications Web Traffic Email, FTP Scavenger Customer Edge (CE) Router Sets CoS MPLS Enabled Network Traffic Flow Provider Edge (PE) Router Reinforces CoS Traffic at Ingress 26 Provider Edge (PE) Router Acts on CoS Traffic at Egress 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
Delivering differentiated networking value Enterprise Networking Solutions Performance – Consistent global architecture, virtually seamlessly integrated – Any-to-any connectivity regardless of access type, location or speed – Application performance around the world – Traffic prioritization with ability to set performance at transaction level – Industry leading Service Level Agreements for VPN – Reliable infrastructure and round the clock recovery capabilities 27 Agility – Leading network convergence to IP VPN and IP applications Control – Global Network Operations Center network monitoring 24/7 – Industry leading, award winning AT&T BusinessDirect portal – Enterprise determines extent of access for end-users – Manage costs as well as existing investments 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. Security – Inherent network-based, technology protection – Optional Personal Firewall – Dedicated connectivity between AT&T and customer data center – Infrastructure helps protect confidentiality and integrity of communications
Next Generation of Switched Ethernet Overview Version AT&T Switched Ethernet ServiceSM 2016 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
AT&T Carrier Ethernet Services Broad Range of Endpoints Resilient Network Making Our Network Work For You – Carrier Ethernet powered by AT&T MPLS Unified, Flexible Services – One of the Broadest Footprints in the Industry – State of-the-Art SONET and Wave Optical Networks – Flexible Management Options – Deep 21 State Access Coverage – Options for Ethernet over Copper – Future Proof – The Network that changes with you – Extensive interconnections with certified Ethernet access suppliers Consistent application deployment and scaling – AT&T Network Coverage – 360 Metro Markets – Ease of Migration & Hybrid Networking Superior network performance to optimize and grow your business AT&T Network Performance Reduce operations costs and save time – Industry Leading SLAs – Customer controls IP routing – Flexible traffic performance using standard classes of service – Broad Portfolio – “Mix and Match” – Rich Solution Options – Management Tools – Access to Internet, VPN and Wide Area Networks 29 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
Ethernet Arrangements Access and Network Solutions for Metro and Wide Area From to Integrated solutions E-Access E-Line Three or More Sites Access through the local facilities to long haul VPN and Internet Ethernet Point to Point using the Ethernet framing for data transport – Virtual Private LAN Service E Internet E E – Multi-point irrespective of distance Virtual EVPL E E E 30 VPN Dedicated EPL 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. E
AT&T Ethernet Industry Recognition Best Service Innovation of the Year North America The Service Innovation - NA Award recognizes the most innovative Carrier Ethernet / Third Network connectivity service available in the North America region. 31 Best Application of the Year Best Application of the Year Government Healthcare The Enterprise Application Government Award recognizes the most innovative use of Carrier Ethernet services to meet the requirements of government-related applications. Application examples include: national, regional, statewide, county, and municipal. The Enterprise Application Health Award recognizes the most innovative use of Carrier Ethernet services to meet the requirements of health-related applications. Application examples include: regional hospital networks, imaging, research, biotechnology, health insurance, and health care services. 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. Best Practices Award Access the reports here.
AT&T Switched Ethernet ServiceSM Benefits Performance 24x7 proactive monitoring and maintenance with industry-leading SLAs Agility ISP Backbone for Internet Access Committed bandwidth, managed NPE, multiple configurations Control Ethernet switching with customer LAN interface, multiple CoS Security AT&T network security Customer Location A Ethernet Switch Core Ethernet Optical Network Customer Location B 32 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. Ethernet Switch
AT&T Switched Ethernet ServiceSM Product Overview What is it? AT&T Switched Ethernet Service offers Ethernet connectivity for customers with multiple locations with a variety of configurations to meet your needs with flexibility to grow and adapt as your needs change: – Ports offered in 2 sizes: 100 Mbps, 1 Gbps – Six classes of service offering the right performance / SLA for your applications – Optional Class of Service prioritization for integrated voice and data networks – Ethernet Private Line (EPL/EVPL) for connections between two locations – Virtual Private LAN Service (VPLS) for connections between 3 or more locations How does it work? – Each customer location is served by an Ethernet port – Ports are connected via the MPLS-based core network using highly secure Ethernet Virtual Connections (EVCs) to enable Virtual Private Networks (VPNs) 33 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T. AT&T Switched Ethernet Core Network
AT&T Switched Ethernet ServiceSM Easy Connections and Service Management – Local access loop to customer is provisioned over fiber (all speeds) Ethernet over Copper (EoCu) may be used when the CIR is 2 to 10 Mbps – Handoffs to customer are electrical (100 or 1000BaseT) or optical (1G LX/LH and SX; 10G Base-SR/SW and 10G Base-LR/LW) Demarcation point is patch panel (RJ45 or fiber SC) Network Terminal Equipment (NTE) enables AT&T visibility to edge of network for SLA and maintenance – 24x7 Ethernet Network Operations Center (ENOC) Responsible for provisioning and maintenance activity – Customer Provisioning Center – Service Assurance Center – Multiple tiers of technical expertise 34 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
Network Applications VPLS Multipoint VPN EoMPLS Core Network EoMPLS Core Network Ethernet Private Line Virtual Private LAN Service – Expand your business to a 2nd location with LAN-like performance – Bring all locations together in a single network with “any to any” LAN-like connectivity – Connect your primary data center to a back-up data center – Use “Virtual LAN” (VLANs) to segregate your network as needed by department, application, or location – Connect to an Internet Service Provider or another WAN service at Ethernet speeds – Use “virtual” EPL to support private line connections to multiple remote locations from a single hub port 35 – Support a variety of applications by applying different priorities to your Ethernet frames (Real Time vs. Non-Critical) for performance and efficiency 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
AT&T Switched Ethernet ServiceSM Six Classes of Service Site A Site B – Scalable and highly Secure MPLS core featuring Juniper carrier-grade routers – High Density deployment over ROADM and fiber for maximum footprint Site C – Protected 10G Core links to help ensure performance Cell Site Ciena Edge Equipment – Point-to-point, point-to-multipoint, full multipoint SWC – 100Mb / 1G Site D – 5Mb to 10G speeds AT&T Switched Ethernet Core Network Wireless Hub (MTSO) Cell Site Access to Wide Area Ethernet and Layer 3 Services – End to End SLAs Real Time Interactive Business Critical High Business Critical High Service Level Agreements: Service Level Agreements: Service Level Agreements: Service Level Agreements: Latency*: 5 ms Jitter*: 3 ms Packet Delivery Rate*: 99.995% Network Availability: 99.99% Latency*: 13 ms Jitter*: 10 ms Packet Delivery Rate*: 99.95% Network Availability: 99.99% Latency*: 20 ms Jitter*: not offered Packet Delivery Rate*: 99.9% Network Availability: 99.99% Latency*: 30 ms Jitter*: not offered Packet Delivery Rate:* 99.5% Network Availability: 99.99% Service Level Objective: Service Level Objective: Service Level Objective: Service Level Objective: MTTR: 4 hours MTTR: 4 hours MTTR: 4 hours MTTR: 4 hours * SLAs refer to Ethernet Virtual Connections between ports in the same LATA and are one-way objectives. Not Shown: Non-Critical (High and Low) Classes of Service; Non-Critical Low is only offered with Per Packet Class of Service 36 Regional Corporate HQ 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
Business Continuity Options for Redundancy – Customers rely on Ethernet networks for mission critical applications – AT&T Switched Ethernet Service SM offers a variety of service configuration options designed to enable Business Continuity Each customer may have a different design and recovery plan – Within the basic service offer, customers may make the following choices to support their continuity plans EVCs that connect to both primary and secondary data centers Request DC powered NTE and serve from customer DC power including back-up generator Request “dual power supply” NTE and provide power from 2 sources and/or from a customer owned Uninterruptible Power Supply (UPS) system – Customers may also order more than one port and/or optional features on a port to create more robust networks, including: Alternate Serving Switch, Diverse Access or Advanced Access Failover 37 2016 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. AT&T Partner Exchange confidential information, not for distribution outside of AT&T, its affiliates or authorized Solution Providers without the prior written consent of AT&T.
Presentation title here—edit on Slide Master
