1 / 6

Security in High-Performance Networks: A Practical Approach

This practical guide by Tony Cataldo delves into the crucial aspects of network security, emphasizing the importance of profound knowledge in business, applications, and network architecture. It discusses the significance of understanding and testing applications, network metrics, and business operations to ensure a high-performance network. The book covers topics such as bad protocols and applications, security testing, network complexity, and different types of security measures like firewall diversity and access control lists. Through various scenarios and tradeoffs, it offers insights into achieving robust security without compromising performance or latency in global network infrastructures.

masato
Download Presentation

Security in High-Performance Networks: A Practical Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in High Performance NetworksA Practical ViewTony Cataldo5/19/04

  2. Security is about Knowledge • Know your Business • What failures are acceptable – Scope and Concurrency • Know your Applications: • What they do • How they do it • Who wrote them – what are they based on • How were they tested • What were they tested for? –Load, Performance, Locality? • Know the Network • More than the metrics like routers, switches & locations • Architecture and Design – How do things route? • Where are un-routable packets coming from & going to? • Ingress/Egress to the Public Internet and Supplier Networks • Is there a difference? • Should there be a difference?

  3. Know what Business your Company is in… Cars and Trucks • Design and Engineer • Research • Advanced Engineering • CAD/CAM and CAE • Manufacturing • Industrial Engineering • Materials Scheduling and Logistics • Shipping • Marketing and Sales • Dealers Independently Owned • Ad Campaigns and/or Web presence for all Brands • Financing • Service • All on a Global Basis

  4. What Makes a High Performance Network – Low? • Bad Protocols – What should/should not run on the Network • Bad Applications – Security is not an afterthought • Testing at the wrong time • Latency • Complexity • Knowing the difference between High-Availability, Disaster-Recovery, Business-Continuity, Robustness and Reliability • Bad Security – “Depth of Security” is important, but so is type: • Router Access Control Lists’ • Firewall Diversity and Placement • Analyze the logs – Get a baseline, look for perturbations

  5. Some Scenarios – Some Tradeoffs • Public Internet Connectivity: • Ford is a Global Company that requires low latency connectivity in its major markets therefore we have Public Internet connections in Europe, US and Singapore. Tradeoff: Simplicity vs. Latency • The connectivity in the US is provided by four different ISP’s split between two US Data Centers. Tradeoff: Disaster Recovery and Robustness vs. Easy Routing to the Public Internet • Monolithic vs. Horizontal or Vertical Scaling • Should the entrance to all Public Facing web sites have Firewall, Load-Balancing and Routing in one pair of devices for performance reasons? • Should Firewalls (weakest performance link) do deep-packet inspection or just a “speed-bump” along the way? • Know your Firewalls’ limits: Concurrent Connections, Connections/Sec. and I/O limits. Thru-put under operating conditions. • Applications Oriented Security • Most Common is Email Relays in/out with virus checking • Reverse Proxy for selected web apps. But it becomes a slippery slope when caching, load-balancing and TCP flow optimization is considered. • SSL/VPN for selected apps but how to scale, up or across?

  6. Thank You

More Related