1 / 32

AT-9424 Product Overview

AT-9424 Product Overview. Managed Gigabit Switch with Denial of Service (DoS) Attack Protection. Allied Telesyn AT-9424 Gigabit Ethernet Switch for the Edge. First security focused gigabit switch for the access edge

daryl
Download Presentation

AT-9424 Product Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AT-9424 Product Overview Managed Gigabit Switch with Denial of Service (DoS) Attack Protection

  2. Allied Telesyn AT-9424Gigabit Ethernet Switch for the Edge • First security focused gigabit switch for the access edge • Detects and protects against 6 DoS attack variants • Classifies and ACLs provide additional customizable security • Also offers a competitive base feature set outside of security • Available Now • 24 10/100/1000 ports and 2 SFPs or GBICs in 1 RU • Part Number: AT-9424T/SP-10 & AT-9424T/GB-10

  3. Newest Addition to Extensive Switch Portfolio SwitchBlade • Enterprise and Service Providers needing: • Large network applicability • High degree of traffic manipulation and management • Multiple redundancy options • Customizable script based actions for network management and security 9900 Series 8924 8800 Family Layer 3 9800 Family 9624 TBD Power over Ethernet 8600 Family • Small to Medium Enterprise needing: • Simplified management • VoIP optimization • Security 9400 Family Layer 2 Plus Power over Ethernet 8500 Family 8400 Modular Chassis • Small to Medium Business needing: • Low cost • Simple management • Connectivity for less than 1,000 users 8300 Stackable Family Layer 2 8000 Family Wiring Closet Workgroup NSP Backbone Enterprise NSP

  4. Traditional Enterprise LAN Traditional Enterprise LAN Education Institutions Traditional Enterprise LAN Service-provisioned Leased Offices or MTUs Traditional Enterprise LAN AT-9424 – Target Markets These organizations need gigabit and DoS attack protection • Have users that bring laptops in and out of the network making the network susceptible to hosting DoS attacks

  5. AT-9424 the Gig Switch of Choice for: • Security Conscious Medium to Small organizations (50-1000 users) • The 9424 is the only switch in its class with attack detection and suppression • 54% of respondents to the Network Computing Reader Survey plan to invest more in security than in anything else • SMEs and SMBs moving towards Gig-to-the-desk • Cost effective and more secure • SMEs seeking a simple server aggregation switch • Rich quality of service (QoS) capabilities • SMEs who want to eliminate distribution tier bottlenecks • Wirespeed gigabit switching in a compact formfactor

  6. The Denial of Service Threat Today IT attempts to address this issue in their WAN facing security hardware, but since this attack is coming from the inside the traffic is already clogging the network • A denial of service attack is a network infrastructure attack that is targeted towards: • Network equipment (routers, switches) • Services (e-mail, file servers) • Computers group (PCs) WAN Edge LAN End Points Internet X Host systems are often infected by spam email, web browsing and laptops used outside of the network. Excess phony traffic from the DoS zombie clogs the network If the attack is successful it is a liability to the host network company

  7. AT-9424 – Service Highlights L2-L4 Intelligent Services Redundancy Advanced Security Rate Limiting (Ingress & Egress) 8 hardware queues per port 802.1p for MAC-based QoS Layer 2, 3 and 4 classifiers DiffServ for IP-based Qos CoS to DSCP remarking QoS ACLs • Attack Detection / Suppression • MAC Address Lockdown • Radius/ TACACS+ • SSHv2 & SSL • Port Security • 802.1x 802.1w Rapid STP 802.1s Multiple STP 802.1D Spanning Tree Redundant Power Supply Option 802.3ad Link Aggregation (LACP)

  8. AT-9424’s Layer 2-4 Intelligence • Layer 2 – 4 intelligence is: Looking deep into the packet layer and using classifiers to take action. • Using Layer 2-4 Intelligence for security • The ability to allow and disallow access to networks and network resources based on: • -L2: MAC Address Source/Destination or both • -L3: IP Address Source/Destination or both • -L4: TCP and UDP port number • Using Layer 2-4 Intelligence for QoS • The ability to prioritize and/or rate limit traffic based on: • -L2: MAC Address Source/Destination or both • -L3: IP Address Source/Destination or both • -L4: TCP and UDP port number • Using Layer 2-4 Intelligence formanagement • The ability to mirror traffic based on: • -L2: MAC Address Source/Destination or both • -L3: IP Address Source/Destination or both • -L4: TCP and UDP port number

  9. AT-9424’s Attack Detection and Suppression • AT-9424’s DoS-Attack Protection Feature • A firewall supplement not a firewall replacement • It is a cost-effective additional layer of security • It handles attacks that come from the inside and prevents them from clogging the network and affecting other services like VoIP WAN Edge LAN End Points Internet

  10. Supporting Features 802.1x VLANs by MAC/Protocol/Subnet ACLs Rate limiting Advanced QoS Wire speed Primary Application ExampleGigabit-to-the-Desk WAN Edge LAN End Points Internet • s • Attack detection and suppression • GARP / GVRP • Broadcast storm control • Port Security (MAC Lockdown) • IGMP Snooping

  11. Supporting Features Rapid reconvergence (802.1w) Automatic port fail-over Link aggregation (LACP) Optional Redundant Power Supply QoS SFPs s Attack detection and suppression VLANs by MAC/Protocol/Subnet ACLs Rate limiting Broadcast storm control Other Application ExamplesServer Aggregation WAN Edge LAN End Points Internet Servers

  12. Supporting Features Attack detection and suppression, Multiple STP, CoS toDSCP remarking Rapid reconvergence (802.1w) Link aggregation (LACP) QoS, Other Application ExamplesAccess Switch Aggregation WAN Edge LAN End Points Internet • s • SFPs, • Optional Redundant Power Supply • ACLs • Rate limiting • Broadcast storm control

  13. Supporting Features Wirespeed Gigabit QoS link aggregation, Optional Redundant Power Supply Broadcast storm control Other Application ExamplesSmall Business Mini-core WAN Edge LAN End Points Internet • s • Attack detection and suppression • VLANs by MAC/Protocol/Subnet • ACLs • Rate limiting • Bad cable detection

  14. Most Compelling L2-4 Gigabit Switch AT-9424 • Everything you expect and more… • Attack detection and suppression • Advanced QoS capabilities • L2-4 intelligence for custom security, management and QoS control

  15. Available SFP Modules

  16. Available GBIC Modules

  17. Redundant Power Supply Option • AT-RPS3204

  18. AT-9424 Feature Summary • Security • Attack detection and suppression (6 DoS variants) • 802.1x • Port security • TACACS+ • RADIUS Authentication and Accounting • ACLs by: packet type, IP address, protocol, port number, MAC address and VLAN • Unknown unicast/multicast blocking • QoS • 802.1p Class of service • Strict Priority and Weighted Round Robin • ToS • DiffServ • CoS to DSCP mapping / remarking • Ingress and egress rate limiting by port and flow • RFC 2236 IGMP Snooping (Ver. 2.0) • RFC 1112 IGMP Snooping (Ver. 1.0) • Management and Monitoring • Web, CLI, Telnet, Serial • SNMP v1, v2c, v3 • RMON 1 (Groups: 1, 2, 3, 9) • Port-Mirroring • ASCII-based config file • Event Log • RFC951 BOOTP • RFC 1350 TFTP • VLANs • Port-based VLAN (4096) • GARP/ GVRP • IEEE 802.1v VLAN Classification by Protocol / IP Subnet • Upstream forwarding only VLANs • 802.1Q VLAN bridge • 802.3ac VLAN 802.3x flow control tagging extensions • Redundancy • 802.1D Spanning Tree Protocol • 802.1w Rapid Spanning Tree • 802.3ad Link-Aggregation (LACP) • Bad Cable Detection • Broadcast Storm Control • 802.1s Multiple STP (compatible with PVST+) • Scalability • Switch cluster management • 8-ports per trunk group

  19. Thank You

  20. Competitive Positioning AT-9424

  21. Competitive Landscape • 3com SuperStack 3 Switch 3824 • 3com SuperStack 3 Switch 3870 • Cisco Catalyst 2970G-24TS  • HP ProCurve Switch 2824 • Foundry EdgeIron 24GS (FES2402CF) • Enterasys Matrix C1G124-24 

  22. Selling Against3com SuperStack 3 Switch 3824 • 24 10/100/1000 ports • 4 SFP combo slots

  23. Selling Against3com SuperStack 3 Switch 3870 • 24 10/100/1000 ports • 4 SFP slots

  24. Selling AgainstCisco 2970G-24TS • 24 10/100/1000 ports • 4 SFP slots

  25. Selling AgainstHP ProCurve Switch 2824 • 20 10/100/1000 ports • 4 SFP/TX combo ports

  26. Selling AgainstFoundry EdgeIron 24GS (EIF24G-A) • 24 10/100/1000 ports • 4 SFP combo slots

  27. Selling AgainstEnterasys Matrix C1G124-24  • 24 10/100/1000 ports • 4 SFP combo slots

  28. Allied Telesyn AT-9424Managed 24-port Gigabit Switch + 2 SFPs • Attack Protection • Advanced QoS • Layer 2-4 Intelligence • 24 x 10/100/1000 auto-sensing ports • 2 unpopulated combo SFP slots (mini GBICs) • Wirespeed, non-blocking performance • 48-Gbps switching capacity • 35.7-Mpps forwarding rate • 1 Rack-mount Unit (RU) high form-factor allows for rack space optimization • 8 hardware queues • RJ45 Consol port • Ingress and egress rate limiting Exceeding Expectations

  29. Thank You

  30. Old Spanning Tree 802.1D – STP Allow all or block all VLANs coming from a port Slow Convergence 802.1w – RSTP Allow all or block all VLANs coming from a port Non standard-based PVST Consumes too much CPU time and network bandwidth (with control traffic) 802.1s advantages: Eliminates all limitations mentioned above IEEE 802.1s (Multiple Spanning Tree) Image Source: NetworkWorldFusion, ‘802.1s solves architecture issues’ 08/04/03

  31. 802.1s with VLAN Services Alternative to the Transparent LAN Services (aka Private Line Services) Ethernet is cheaper and more bandwidth efficient compared to TDM or ATM-based TLS Enables large “Flat” switched network for university campuses Department has offices around “Access Ring #1” only: vlan RED Department has offices around “Access Ring #1” & “Core Ring”: vlan BLUE Department has offices spanning across “All Rings”: vlan BLACK IEEE 802.1s as Ethernet Services Campus Core Ring Access Ring #2 Access Ring #1

  32. Prevents unauthorized use of network resources, such as: Bandwidth and Servers “Multi-Supplicant” and “Authenticator” modes are supported to allow indirect and direct host attachments Verified with all popular 802.1x clients, such as: Win-XP, Aegis Meeting House 8500 offers “Tiered Security” with 802.1x authentication and DoS-attack protecttion IEEE 802.1x (Port-Based Network Access Control)

More Related