iP PBX | KTS | CPE | Ethernet Routing Switch | Application switch | Security solution
Ethernet Security Switch 2224
Ethernet Security Switch 2224 Access level security solution for Carriers and Enterprise with wire speed networking & real-time detection and protection
Problems of network security
Requirements of the network administrator
The core network is very secure, but the access level is
There should be no change in user environment.
vulnerable to security breaches.
Network configuration must be transparent without any change.
Attacks on the internal network tend to spread quickly.
There should be no additional investment. Network-based access level
There is no independent security solution for the access level.
security solution that does not need client agents. An individual host's security problems should not affect the entire network.
With the introduction of high-speed Internet service, security threats are increasing at the access level of internal networks. At the end of last year an IT newspaper carried an article about the new era of high-speed Internet and the ensuing threats to security. With 1000Mbps service widespread, if 1000 bot-infected PCs are used to make DoS attacks, a tremendous amount of traffic will be generated. No site in Korea will be able to block these attacks, and the traffic could paralyze the Internet in Korea.” Security threats at the access level can destabilize network services and paralyze communication. Therefore, to provide stable network services, IT experts must be able to cope with access level security threats. In addition, as few users will accept slow network performance for better security, we need security solutions that ensure maximum wire speed.
ESS 2224 What is the Ethernet Security Switch? It is LG-Nortel's new concept high-performance L2 security switch that integrates network and security. It offers 2 1-Giga ports and 24 Fast Ethernet ports while providing real-time security functions guaranteeing maximum wire speed.
Full port wire speed with Security 28.8Gbps switching capacity, 6.88Mpps throughput
Security Real-time detection and protection Self-running
No signature update based
Simple No management for clean-service
ASIC based Multi Dimension Security Engine
ESS Ethernet Security Switch Characteristics and Advantages ASIC-based MDS (Multi Dimension Security) Engine
Integrated Control System
Real-time monitoring of network attacks, and automatic protection and cancellation
Real-time information on blocked attacks and history monitoring
Wire Speed with Clean-Zone
End-point Security
Guarantees wire speed / standalone security solution
Outstanding performance and price Innovative functions / realistic price
Powerful network security at the access level
Normal traffic
Harmful traffic
ESS 2224 is a switch with a security function that detects and blocks security threats in real-time. It is the world's first L2 switch with a security function that guarantees wire speed by physically separating the switching part that transmits traffic through the ASIC-based MDS engine from the part performing the security function. ESS 2224 is a hands-off system that doesn't require setup by the security manager. It analyzes network traffic and detects security threats in real-time, establishes security policies and blocks attacks, and terminates the security function after the attacks are blocked. It also offers an integrated management system that provides detailed security event logging, while perceiving and managing the operating status of access level security devices.
MDS(Multi Dimension Security) Engine Inbound and outbound real-time traffic
and analyzes the sorted traffic using the
infection and transmits normal traffic and
transmitted via the switching fabric are
inherent degrees of dispersion and
harmful traffic (e.g. DoS attacks) at the
simultaneously delivered to the MDS
entropy obtained from four sets (S-IP, S-
same time, the filter blocks only the
engine in snipping mode, and the MDS
Port, D-IP and D-Port), and six cubes. If
harmful traffic while protecting the
engine analyzes the traffic volume and
any problem is found, the MDS engine
normal traffic. The MDS engine uses
time on one axis, and security status by
uses detailed L3 and L4 information
L2~L4 information to provide an optimal
host and TCP/UDP port on the other
about the attackers and victims to
access level security solution to
axis.In the analysis stage the MDS
automatically generate security filters for
guarantee network performance with
engine classifies traffic according to
real-time protection.If a user infected
maximum wire speed.
protocols such as TCP, UDP, and ICMP,
with worms or bots is unaware of the
Multi Dimension Security Engine Using MDS(Multi Dimension Security) Engine to analyze traffic information Security Filter Module
- Classification by protocol based on inherent
Security Log
degrees of dispersion and entropy, i.e. S-IP, S-Port, D-IP and D-Port. Real Time Packet Gathering Module
Protection & Releas
- Using 6 cubes to analyze traffic and confirm traffic anomalies
Switching Fabric
Protection
24FE
2GE
Real Time Packet Gathering Module DoS S-Port
DDoS(spoofed)
Attack Packet Analysis
Flash crowd, Worms(spoofed)
1.0
Cube1
icmp
0.9
tcp
The MDS engine uses the inherent
udp
degrees of dispersion and entropy,
other
0.8
obtained from 4 sets (S-IP, S-Port, D-IP
0.7
and D-Port) and 6 cubes to analyze traffic.
0.6
In cube 1, traffic is analyzed using the
0.5
inherent degrees of dispersion and
DDoS
entropy with fixed D-IP and D-Port, and
0.4
variable S-IP and S-Port. The figure on the 0.3
left illustrates a large amount of traffic 0.2
arriving in a short period of time. There is
0.1
0
less variation as S-IP and S-Port approach 0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.0
0, and more variation as they approach 1. S-IP
Access Level End-point Security Service (Zero-day Protection) ESS 2224 detects and prevents attacks
Physical
within microseconds when types and
when changes in traffic need to be checked for a bit longer to confirm an
Network
Transport
Cable disconnected
strengths are prominent (e.g. DoS, DDoS and Flooding attacks). Even
Data
MAC Flooding Attack IP Spoofing, DHCP Attack, ICMP Attack TCP Syn flooding Dos/DDoS Attack UDP/TCP flooding, Scanning Attack
abnormality (e.g. scanning attacks), the attacks are detected and blocked in milliseconds. When the engine confirms that the attack is over, the security filter is automatically removed. The MDS Cable Loopback Test
engine is 100% self-running and
MAC source/dest address
prevents Zero Day attacks in real-time
IP source/dest address/port IP range
without requiring the security manager
Protocol(TCP/UDP/ICMP) TCP/UDP dest port Port pattern/IP pattern TCP flags
to set up or update security filters.
Ethernet Security Switch
Smart Protection Selective Protection Policy Selectively blocks harmful packets or service ports that are infected with
Release
worms or viruses to allow continued
Protection
system operation
Security Policing
Uses L2~L4 information to Packet Analysis
automatically generate security filters and block attacks in real-time Proactively-responding MDS
> Detect and prevent ARP Spoofing User B
User A
ESS 2224 completely blocks off recent ARP Spoofing attacks which crack widespread damages into static or dynamic IP address network.
Spoofed MAC
Prior to any attacks, it detect automatically breaches and secure your network from personal information exposure, illegally recording on IPT(IP
ARP Spoofing Attacker (Man in the Middle)
Telephony) and spread of Worm or Bot virus.
> QoS -Wire Speed ensures stable multimedia service Classification and prioritization of LAN traffic, and DSCP marking & remarking ensure mission-critical application services and Kbps port-based rate limiting function, and QoS policies based on 8 queues are also provided.
Ethernet Security Switch 2224
> Provides real-time log information through the integrated security control system ESS 2224 blocks diverse attacks such as DoS, DDoS, UDP Flooding and IP-Spoofing, and provides an integrated control system to monitor and manage security event logging information for the blocked attacks in real-time. In connection with the integrated control system, a remote control policy allows the security manager to monitor and control multiple ESS 2224 systems, security event reports, etc. in one window, letting the security manager operate the access level security of the entire network. The integrated control system monitors real-time traffic, network attacks, and network status using event information, provides powerful reporting functions (e.g. analysis of network attack types and infected hosts), and provides step-by-step alert functions for network attacks.
> ESS 2224 VS Ordinary L2 Switch Classification
ESS 2224
Ordinary L2 Switch
Security function
ASIC Based MDS(Multi Dimension Security) Engine
Not available Transmission of simple traffic
Response system
Active response system based on the MDS Engine Automatic packet blocking at the user level
Passive response system Responds after checking information Takes too much time in analyzing causes and responding
Management
Analyzes attacks by type and situation, and implements preventive measures
Administrator passively responds to individual attacks Lack of systematic information
> ESS 2224 VS NAC VS L7 Security Switch VS Ordinary L2 Switch Most L7 security switches use signature-
expensive and requires high initial costs,
speed, and after initial costs are paid
based methods like pattern matching,
as well as additional costs for security
additional costs for security signature
making them especially vulnerable to
signature filter updates. The security
updates are not necessary. Another
zero-day attacks, and they often cannot
manager will also have to update filters
strength of ESS 2224 is that its QoS
detect attacks that are slightly modified.
periodically. Because ESS 2224 is an L2
function guarantees stable multimedia
L7 content filtering is usually handled by
switch, it will mostly be installed at
service. ESS 2224 also ensures the
the main CPU or the network processor,
customer sites. Since the ASIC-based
stability of VoIP service by guaranteeing
which burdens processor resources and
multi dimension security engine does not
the bandwidth by blocking threats in real-
causes network service to deteriorate. In
use a switch processor and is self-
time and using 8 levels of queues to
addition, the equipment itself is very
running, it guarantees maximum wire
handle data first.
Actively responding to harmful traffic Systematization of security control
Maximization of network stability
Security | Wire Speed | Simple MGMT | Cost
Ethernet Security Switch ESS 2224 Ordinary Network Access Control (NAC) Ordinary L7 Security Switch Ordinary L2 Switch
> Summary Security solutions for the network access level have become mandatory, but optimal solutions are hard to find. LG-Nortel's ESS 2224 is a self-running security solution based on the MDS engine. It is a completely new approach that totally eliminates security threats in real-time at the network access level while guaranteeing maximum wire speed. In addition, to provide access level security to a wide security scope and various control points, the system must be simple and easy to operate and manage. LG-Nortel's ESS 2224, which eliminates threats and is simple and convenient, is the next stage in the evolution of network access level security solutions.
Product Specifications Feature
Description
Performance
Up to 8000 MAC Address Throughput : 6.88Mpps
Switch Capacity : 28.8Gbps
Memory
Flash memory : 16MB(Max : 32MB)
SDRAM : 128MB(Max : 256MB)
Media Interface
24-Port 10/100Base TX
Combo Type
2-Port 10/100/1000Base TX 2-Port SFP Slot - 1000Base SX/LX/LH - 100Base FX
Management 1Port 10/100Base TX
Environmental
Consol 1Port RJ-45 Connector
Operating Temperature : -20~60
Storage Temperature : -40~70
Operating Humidity : 0~90%(Non-condensing)
Multi Dimension
ASIC Based(Layer2-4 packet classification)
Security Engine
- TCP Syn flooding - DoS/DDoS Attack - IP Spoofing - DHCP Attack - MAC Spoofing - ARP Spoofing
Power
Input : AC100 -240VAC, 50/60Hz
Management
CLI/TELNET/TFTP/SNMP
Mechanical
Dimension : 440(W) x 43.6(H) x 246(D)mm
Layer2 Feature
VLAN Support
- Up to 256 group - IEEE 802.1p - IEEE 802.1Q (Port/Tagging based)
Filtering
- Broadcast storming control - MAC Filtering - DHCP Filtering - NetBIOS Filtering
QoS Feature
- 8 CoS queues per port - Min/Max bandwidth guarantee per CoS, per port - Weighted Round Robin(WRR) - Deficit Round Robin(DRR) - Strict Priority(SP)
Mirroring
-1:1&N:1 Ingress/egress port mirroing
IP Multicast
- IGMP snooping(v1/v2) - IGMP Proxy
Spanning Tree
- IEEE 802.1D Spanning Tree Protocol - IEEE 802.1S Multi Spanning Tree Protocol - IEEE 802.1w Rapid Spanning Tree Protocol
Link Aggregation
- 802.3ad - Up to 6 trunk group - Up to 8 members per group
- UDP flooding - Scanning - ICMP Attack - MAC flooding Power Consumption 46W
Weight : 3Kg
IEEE 802.3x flow control Port Security
- IEEE 802.1X - MAC Address blocking - Per port blocking - Rate limiting
Enterprise Sales Division GS Tower, 679 Yoksam-dong, Kangnam-gu, Seoul, 135-985, Korea Networking Solution Tel:82-2-2005-2210 Fax:82-2-2005-2219 http://www.LG-NORTEL.com