Anda di halaman 1dari 10

Working Draft - Last Modified 20.04.2004 13:50:30 Printed 08.04.

2004 16:30:29
1
Network Infrastructure Solution

Source
Footnote
Unit of measure

Source:
*
Network & Security Infrastructure Services
Unit of measure

• Network design, traffic analysis, troubleshooting,


implementation, migration

Working Draft - Last Modified 20.04.2004 13:50:30


• Network security baselining, design, best practice
implementation (Virus/worms Outbreak
Prevention, IDS/IPS, VPN, Patch Mgmt, Content
Filtering, Vulnerabilities Scan)

Printed 08.04.2004 16:30:29


We have the solutions for
your network & security
* Footnote
needs
Source: Source 2
Network Design Considerations

Unit of measure

Modular Network Design


Provides for:
1. Scalability

Working Draft - Last Modified 20.04.2004 13:50:30


2. Security
3. Manageability
4. Redundancy
5. Flexibility
6. Ease of troubleshooting
7. Network support for diverse applications in the future

Printed 08.04.2004 16:30:29


Backend Server VLAN

Console
And
Security & Detection
Network
Mgmt
VLAN

Tenants’ VLAN (Wireless) Tenants ‘ VLAN (Wired)


* Footnote
Source: Source 3
Advantage of a Modular Network Design

Unit of measure

• Minimize cost

Working Draft - Last Modified 20.04.2004 13:50:30


• Simplify network design

• Facilitate change

• Facilitate scalability

Printed 08.04.2004 16:30:29


* Footnote
Source: Source 4
Business Benefits of a Modular Network Design

Unit of measure

A modular approach has 3 main advantages.

Working Draft - Last Modified 20.04.2004 13:50:30


1. Enables the organization to grow the network in a phased
approach. This enables the network to evolve with the
business needs and allow the adoption of new technologies
without having to re-design the whole network infrastructure.

2. Allows the architecture to address the security relationship

Printed 08.04.2004 16:30:29


between the various functional blocks of the network.

3. Permits evaluation and implementation of security on a


module-by-module basis, instead of attempting the complete
architecture in a single phase.

* Footnote
Source: Source 5
Security and data confidentiality between tenants POS
system
Unit of measure
One of the major concerns is ensuring data confidentiality
and integrity of the tenants’ sales information as it is
transmitted to the server.
Individual tenant must be guaranteed that:

Working Draft - Last Modified 20.04.2004 13:50:30


1. For single store, their sales data and information must be protected from
leakage to other systems, and

2. If there are multiple stores within the mall, these stores must be in a
virtual network so that inventory and customer information can be

Printed 08.04.2004 16:30:29


shared in a secured environment.

* Footnote
Source: Source 6
Security and data confidentiality between tenants POS
system
Unit of measure

Our solution provides for:


1. Per Node VLAN

Working Draft - Last Modified 20.04.2004 13:50:30


This feature allows access to controlled and determined
resources on the wired network, but it prevents wireless
POS from seeing each other and accessing each other’s
data and information.
Hence, one boutique stop will not be able to access the
sales and customer’s information of another boutique, or
for that matter, any other shops.

Printed 08.04.2004 16:30:29


2. Per Tenant VLAN
With this feature, Tenant with more than one shop can
have their shops connected to a single virtual LAN

* Footnote
Source: Source 7
Wired and Wireless Network Security

Unit of measure

1. For a wired LAN, access to the network is governed by access


to an Ethernet port for that LAN. Access control for a wired
LAN often is viewed in terms of physical access to LAN ports.

Working Draft - Last Modified 20.04.2004 13:50:30


Similarly, because data transmitted on a wired LAN is directed
to a particular destination, privacy cannot be compromised
unless someone uses specialized equipment to intercept
transmissions on their way to their destination.
2. In short, a security breach on a wired LAN is possible only if
the LAN is physically compromised.
3. Installing a wireless LAN may seem like putting Ethernet ports

Printed 08.04.2004 16:30:29


everywhere, including in your parking lot.
Similarly, data privacy is a genuine concern with wireless
LANs because there is no way to direct a wireless LAN
transmission to only one recipient.

* Footnote
Source: Source 8
Wireless Network Security Provisions

Unit of measure

 Supports WPA/802.1X

Working Draft - Last Modified 20.04.2004 13:50:30


 WEP keys that are generated dynamically

 Wireless LAN authentication on device-independent e

 Mutual authentication between a client and an


authentication (RADIUS) server

Printed 08.04.2004 16:30:29


* Footnote
Source: Source 9
Working Draft - Last Modified 20.04.2004 13:50:30 Printed 08.04.2004 16:30:29
10
Logical Network Design

Source
Footnote
Unit of measure

Source:
*