iP PBX | KTS | CPE | Ethernet Routing Switch | Application switch | Security solution

Ethernet Security Switch 2224

Ethernet Security Switch 2224 Access level security solution for Carriers and Enterprise with wire speed networking & real-time detection and protection

Problems of network security

Requirements of the network administrator

The core network is very secure, but the access level is

There should be no change in user environment.

vulnerable to security breaches.

Network configuration must be transparent without any change.

Attacks on the internal network tend to spread quickly.

There should be no additional investment. Network-based access level

There is no independent security solution for the access level.

security solution that does not need client agents. An individual host's security problems should not affect the entire network.

With the introduction of high-speed Internet service, security threats are increasing at the access level of internal networks. At the end of last year an IT newspaper carried an article about the new era of high-speed Internet and the ensuing threats to security. With 1000Mbps service widespread, if 1000 bot-infected PCs are used to make DoS attacks, a tremendous amount of traffic will be generated. No site in Korea will be able to block these attacks, and the traffic could paralyze the Internet in Korea.” Security threats at the access level can destabilize network services and paralyze communication. Therefore, to provide stable network services, IT experts must be able to cope with access level security threats. In addition, as few users will accept slow network performance for better security, we need security solutions that ensure maximum wire speed.

ESS 2224 What is the Ethernet Security Switch? It is LG-Nortel's new concept high-performance L2 security switch that integrates network and security. It offers 2 1-Giga ports and 24 Fast Ethernet ports while providing real-time security functions guaranteeing maximum wire speed.

Full port wire speed with Security 28.8Gbps switching capacity, 6.88Mpps throughput

Security Real-time detection and protection Self-running

No signature update based

Simple No management for clean-service

ASIC based Multi Dimension Security Engine

ESS Ethernet Security Switch Characteristics and Advantages ASIC-based MDS (Multi Dimension Security) Engine

Integrated Control System

Real-time monitoring of network attacks, and automatic protection and cancellation

Real-time information on blocked attacks and history monitoring

Wire Speed with Clean-Zone

End-point Security

Guarantees wire speed / standalone security solution

Outstanding performance and price Innovative functions / realistic price

Powerful network security at the access level

Normal traffic

Harmful traffic

ESS 2224 is a switch with a security function that detects and blocks security threats in real-time. It is the world's first L2 switch with a security function that guarantees wire speed by physically separating the switching part that transmits traffic through the ASIC-based MDS engine from the part performing the security function. ESS 2224 is a hands-off system that doesn't require setup by the security manager. It analyzes network traffic and detects security threats in real-time, establishes security policies and blocks attacks, and terminates the security function after the attacks are blocked. It also offers an integrated management system that provides detailed security event logging, while perceiving and managing the operating status of access level security devices.

MDS(Multi Dimension Security) Engine Inbound and outbound real-time traffic

and analyzes the sorted traffic using the

infection and transmits normal traffic and

transmitted via the switching fabric are

inherent degrees of dispersion and

harmful traffic (e.g. DoS attacks) at the

simultaneously delivered to the MDS

entropy obtained from four sets (S-IP, S-

same time, the filter blocks only the

engine in snipping mode, and the MDS

Port, D-IP and D-Port), and six cubes. If

harmful traffic while protecting the

engine analyzes the traffic volume and

any problem is found, the MDS engine

normal traffic. The MDS engine uses

time on one axis, and security status by

uses detailed L3 and L4 information

L2~L4 information to provide an optimal

host and TCP/UDP port on the other

about the attackers and victims to

access level security solution to

axis.In the analysis stage the MDS

automatically generate security filters for

guarantee network performance with

engine classifies traffic according to

real-time protection.If a user infected

maximum wire speed.

protocols such as TCP, UDP, and ICMP,

with worms or bots is unaware of the

Multi Dimension Security Engine Using MDS(Multi Dimension Security) Engine to analyze traffic information Security Filter Module

- Classification by protocol based on inherent

Security Log

degrees of dispersion and entropy, i.e. S-IP, S-Port, D-IP and D-Port. Real Time Packet Gathering Module

Protection & Releas

- Using 6 cubes to analyze traffic and confirm traffic anomalies

Switching Fabric

Protection

24FE

2GE

Real Time Packet Gathering Module DoS S-Port

DDoS(spoofed)

Attack Packet Analysis

Flash crowd, Worms(spoofed)

1.0

Cube1

icmp

0.9

tcp

The MDS engine uses the inherent

udp

degrees of dispersion and entropy,

other

0.8

obtained from 4 sets (S-IP, S-Port, D-IP

0.7

and D-Port) and 6 cubes to analyze traffic.

0.6

In cube 1, traffic is analyzed using the

0.5

inherent degrees of dispersion and

DDoS

entropy with fixed D-IP and D-Port, and

0.4

variable S-IP and S-Port. The figure on the 0.3

left illustrates a large amount of traffic 0.2

arriving in a short period of time. There is

0.1

0

less variation as S-IP and S-Port approach 0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.0

0, and more variation as they approach 1. S-IP

Access Level End-point Security Service (Zero-day Protection) ESS 2224 detects and prevents attacks

Physical

within microseconds when types and

when changes in traffic need to be checked for a bit longer to confirm an

Network

Transport

Cable disconnected

strengths are prominent (e.g. DoS, DDoS and Flooding attacks). Even

Data

MAC Flooding Attack IP Spoofing, DHCP Attack, ICMP Attack TCP Syn flooding Dos/DDoS Attack UDP/TCP flooding, Scanning Attack

abnormality (e.g. scanning attacks), the attacks are detected and blocked in milliseconds. When the engine confirms that the attack is over, the security filter is automatically removed. The MDS Cable Loopback Test

engine is 100% self-running and

MAC source/dest address

prevents Zero Day attacks in real-time

IP source/dest address/port IP range

without requiring the security manager

Protocol(TCP/UDP/ICMP) TCP/UDP dest port Port pattern/IP pattern TCP flags

to set up or update security filters.

Ethernet Security Switch

Smart Protection Selective Protection Policy Selectively blocks harmful packets or service ports that are infected with

Release

worms or viruses to allow continued

Protection

system operation

Security Policing

Uses L2~L4 information to Packet Analysis

automatically generate security filters and block attacks in real-time Proactively-responding MDS

> Detect and prevent ARP Spoofing User B

User A

ESS 2224 completely blocks off recent ARP Spoofing attacks which crack widespread damages into static or dynamic IP address network.

Spoofed MAC

Prior to any attacks, it detect automatically breaches and secure your network from personal information exposure, illegally recording on IPT(IP

ARP Spoofing Attacker (Man in the Middle)

Telephony) and spread of Worm or Bot virus.

> QoS -Wire Speed ensures stable multimedia service Classification and prioritization of LAN traffic, and DSCP marking & remarking ensure mission-critical application services and Kbps port-based rate limiting function, and QoS policies based on 8 queues are also provided.

Ethernet Security Switch 2224

> Provides real-time log information through the integrated security control system ESS 2224 blocks diverse attacks such as DoS, DDoS, UDP Flooding and IP-Spoofing, and provides an integrated control system to monitor and manage security event logging information for the blocked attacks in real-time. In connection with the integrated control system, a remote control policy allows the security manager to monitor and control multiple ESS 2224 systems, security event reports, etc. in one window, letting the security manager operate the access level security of the entire network. The integrated control system monitors real-time traffic, network attacks, and network status using event information, provides powerful reporting functions (e.g. analysis of network attack types and infected hosts), and provides step-by-step alert functions for network attacks.

> ESS 2224 VS Ordinary L2 Switch Classification

ESS 2224

Ordinary L2 Switch

Security function

ASIC Based MDS(Multi Dimension Security) Engine

Not available Transmission of simple traffic

Response system

Active response system based on the MDS Engine Automatic packet blocking at the user level

Passive response system Responds after checking information Takes too much time in analyzing causes and responding

Management

Analyzes attacks by type and situation, and implements preventive measures

Administrator passively responds to individual attacks Lack of systematic information

> ESS 2224 VS NAC VS L7 Security Switch VS Ordinary L2 Switch Most L7 security switches use signature-

expensive and requires high initial costs,

speed, and after initial costs are paid

based methods like pattern matching,

as well as additional costs for security

additional costs for security signature

making them especially vulnerable to

signature filter updates. The security

updates are not necessary. Another

zero-day attacks, and they often cannot

manager will also have to update filters

strength of ESS 2224 is that its QoS

detect attacks that are slightly modified.

periodically. Because ESS 2224 is an L2

function guarantees stable multimedia

L7 content filtering is usually handled by

switch, it will mostly be installed at

service. ESS 2224 also ensures the

the main CPU or the network processor,

customer sites. Since the ASIC-based

stability of VoIP service by guaranteeing

which burdens processor resources and

multi dimension security engine does not

the bandwidth by blocking threats in real-

causes network service to deteriorate. In

use a switch processor and is self-

time and using 8 levels of queues to

addition, the equipment itself is very

running, it guarantees maximum wire

handle data first.

Actively responding to harmful traffic Systematization of security control

Maximization of network stability

Security | Wire Speed | Simple MGMT | Cost

Ethernet Security Switch ESS 2224 Ordinary Network Access Control (NAC) Ordinary L7 Security Switch Ordinary L2 Switch

> Summary Security solutions for the network access level have become mandatory, but optimal solutions are hard to find. LG-Nortel's ESS 2224 is a self-running security solution based on the MDS engine. It is a completely new approach that totally eliminates security threats in real-time at the network access level while guaranteeing maximum wire speed. In addition, to provide access level security to a wide security scope and various control points, the system must be simple and easy to operate and manage. LG-Nortel's ESS 2224, which eliminates threats and is simple and convenient, is the next stage in the evolution of network access level security solutions.

Product Specifications Feature

Description

Performance

Up to 8000 MAC Address Throughput : 6.88Mpps

Switch Capacity : 28.8Gbps

Memory

Flash memory : 16MB(Max : 32MB)

SDRAM : 128MB(Max : 256MB)

Media Interface

24-Port 10/100Base TX

Combo Type

2-Port 10/100/1000Base TX 2-Port SFP Slot - 1000Base SX/LX/LH - 100Base FX

Management 1Port 10/100Base TX

Environmental

Consol 1Port RJ-45 Connector

Operating Temperature : -20~60

Storage Temperature : -40~70

Operating Humidity : 0~90%(Non-condensing)

Multi Dimension

ASIC Based(Layer2-4 packet classification)

Security Engine

- TCP Syn flooding - DoS/DDoS Attack - IP Spoofing - DHCP Attack - MAC Spoofing - ARP Spoofing

Power

Input : AC100 -240VAC, 50/60Hz

Management

CLI/TELNET/TFTP/SNMP

Mechanical

Dimension : 440(W) x 43.6(H) x 246(D)mm

Layer2 Feature

VLAN Support

- Up to 256 group - IEEE 802.1p - IEEE 802.1Q (Port/Tagging based)

Filtering

- Broadcast storming control - MAC Filtering - DHCP Filtering - NetBIOS Filtering

QoS Feature

- 8 CoS queues per port - Min/Max bandwidth guarantee per CoS, per port - Weighted Round Robin(WRR) - Deficit Round Robin(DRR) - Strict Priority(SP)

Mirroring

-1:1&N:1 Ingress/egress port mirroing

IP Multicast

- IGMP snooping(v1/v2) - IGMP Proxy

Spanning Tree

- IEEE 802.1D Spanning Tree Protocol - IEEE 802.1S Multi Spanning Tree Protocol - IEEE 802.1w Rapid Spanning Tree Protocol

Link Aggregation

- 802.3ad - Up to 6 trunk group - Up to 8 members per group

- UDP flooding - Scanning - ICMP Attack - MAC flooding Power Consumption 46W

Weight : 3Kg

IEEE 802.3x flow control Port Security

- IEEE 802.1X - MAC Address blocking - Per port blocking - Rate limiting

Enterprise Sales Division GS Tower, 679 Yoksam-dong, Kangnam-gu, Seoul, 135-985, Korea Networking Solution Tel:82-2-2005-2210 Fax:82-2-2005-2219 http://www.LG-NORTEL.com