Network Security Solutions

Network Appliances

  • Network Access Control (NAC)
  • Firewall
  • Virtual Private Network (VPN)
  • Intrusion Detection Systems (IDS)
  • Intrusion Prevention Systems (IPS)
  • Anti-Spam
  • Anti-Spyware
  • Anti-Virus
  • Content Filtering
  • Unified Threat Management (UTM)

As business operations depend increasingly on computers for productivity, an enterprise has to take all necessary safeguards to prevent any threats or security breaches of its crucial data or any information. The enterprise must adopt a variety of security policies and practices to monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. The threats that an enterprise network now faces are evolving rapidly, and the network security solutions implemented play major roles in the success or failure of the organization's overall network security strategy. One of the networking security solutions is Network Access Control (NAC). It defines and implements the provisions and policies of network security including how a user, a computer, or an end-node device would be able to connect to the network. Network access control could be integrated with other functions of the network such as routers, switches, firewalls, servers, end user computers, or other security appliances. In the internet environment, a Firewall serves a critical role in the overall security of the network.

It permits or denies any network transmission or communication based on a set of pre-defined rules and policies. Many firewalls are configured as a single point of security policy enforcement in between the public internet and a private enterprise network to protect PCs, servers, and other infrastructure within the "trust boundary" from any threats from the outside. Most firewalls are designed to fully leverage these benefits of an appliance such as ease of use, simplicity of management, and easy maintenance.

Virtual Private Network (VPN) is developed to enable the remote offices or traveling users to access the enterprise network through the public internet. Once a remote user or a remote device is authenticated and a virtual tunnel is established over the internet between this end-node device and the enterprise network, the user will be able to access secure data, as if she or he is on the secured Local Area Network (LAN). The data across the net in transmission is encrypted to prevent disclosure to other parties on the public internet. Rather than leasing more expensive private lines, VPN appliances have become the preferred choices for an enterprise to establish more secured network links with their multiple sites or remote users.

To protect the network security further, Intrusion Detection Systems (IDS) is used to monitor in-line on any network and system malicious activities or policy violations. It is primarily focused on identifying possible incidents, logging and reporting these attempts of violation. With the report, the IT department could pinpoint where the problems are with its security policies and take the right actions to fix them. Furthermore, any detected intrusion attempts could be automatically blocked by Intrusion Prevention Systems (IPS), an extended function of IDS. As enterprise network traffic growing with bandwidth, complexity of connections and protocols, IDS/IPS systems are built as gateway appliances to support the increasing demands of computation loads in the tasks of inspection, detection, and monitoring.

In recent years, accessing the Web for business purposes is on the rise. Enterprises conduct B2B, B2C, on-line shopping, access business data from the Web, and send emails much more often. Malware, short for malicious software, comes in all different formats or ways such as spam, spyware, virus, worm, Trojan horses, etc. designed to disrupt or deny operations, to gather information, to gain unauthorized access to system, and/or to achieve cybercriminal goals. To prevent malware threats, anti-malware, or anti-virus and anti-spyware are implemented on Secure Web Gateways (SWG), a gateway appliance to scan all incoming network data. The malware would be blocked when it detected in coming across, or be removed when detected within the devices.

To prevent unauthorized access of their crucial data, some organizations install Content Monitoring and Filtering (CMF) or Web Content Filtering functions on the same gateway appliance with anti-malware functions. This content-aware function typically monitor and detect outbound sensitive data crossing the enterprise perimeter, it will stop the delivery of restricted content, if the receiving-end is not authorized. Or it will encrypt the restricted content to enforce the Data Loss Prevention (DLP) policy.

Rather than managing multiple security appliances on the network, an all-in-one unified appliance, Unified Threat Management (UTM), with all network security functions such as firewall, VPN, IDS/IPS, anti-malware, anti-virus, anti-spyware, anti-spam, content filtering, certainly appeals to IT management. It’s a less complex and more cost-effective way to serve the same security purpose and to realize the benefits of power saving, space saving, ease of install and administration.

Network security appliances are important parts of a secure enterprise network. When compared with standard workstations or servers, these network appliances deliver the performance with hardware customized for specific applications. Appliance platforms bring in flexibility to configure, scalability to expand, and stability of ease of use. Contact us today to learn more about how we can institute a series of - network security solutions to keep your organization and information safe and secure.

Vehicle fleets handle so many aspects of our daily lives, from delivery trucks and vans to municipal utility workers to police / fire / ambulance services, and yes, even the famous "cable guy." With so many vehicles on the roads, and customers expecting timely service appointments, informal and manual dispatch and tracking techniques such as spreadsheets, sticky notes, white boards and reams of paper are becoming inadequate and obsolete.

End-to-end computer networks can simplify and automate the tracking and route assignments in real time while improving service levels and customer satisfaction. Back office computers running advanced software connect to office enterprise Ethernet networks and servers in data centers. Firewalls and VPN support ensure security from hacking and protect sensitive data. Externally, the public internet and commercial wireless networks allow easy transferring of encrypted data to and from in-vehicle telematics systems. From planning and scheduling to invoicing, computers automate the entire process and reduce errors.

Network Appliances (Optimization)

  • Load Balancing
  • WAN Optimization
  • Application Delivery Network (ADN)
  • Content Delivery Network (CDN)

As the information being transferred across the network expands exponentially, the demands for quick response and continuous availability of data have put tremendous pressure on the IT department. For business continuity and to be competitive, it is a mandate for a company to deliver the performance of an optimized network.

To achieve high continuous connectivity and availability of the network, a link load balancer is designed to proactively manage the bandwidth of outbound routed links between the enterprise network and the internet. These links could be multiple ISPs or private lease lines with any speed. To balance the outbound traffic, a Load balancer distributes traffic loads on the network based upon the status of traffic congestion and current traffic loads of available links. It also performs link failover to one of the available links when a link fails to serve. The link load balancers, as appliances, are installed between the firewall and modems and/or routers. In the internet environment, a Firewall serves a critical role in the overall security of the network.

As internet traffic gets more congested, the network latency from servers to end users is increasing. WAN Optimization is developed to reduce the latency and improve the response time of critical applications. It is a collection of techniques for increasing data-transfer efficiencies across the wide-area networks. These techniques are data reduction, duplication, compression, traffic shaping and prioritization. The WAN Optimization Controller (WOC) is the WAN Optimization appliance used to reduce any impact on the network performance and its underlying protocols.

The Application Delivery Network (ADN) is a suite of technologies that, when deployed together, provide application availability, security, visibility, and acceleration. It is defined as a superset of WAN Optimization. The Application Delivery Controller (ADC), located in the data center, is an advanced traffic management appliance referred to as a web switch, content switch, or multilayer switch. It distributes traffic among a number of servers which are located either locally or remotely, based on application specific criterion. On the application end-user side, likely a branch office, the WOC uses caching, traffic prioritization, and optimization techniques to minimize the amount of repeated information to flow over the network.

A Content Delivery Network or Content Distribution Network (CDN) is a system of computers containing copies of data placed at the various nodes of a network. The access performance of its cached data depends on the access bandwidth and the access redundancy provided by the Content Delivery Controller (CDC). Data content types often cached are web objects, downloadable objects (media files, software, documents), applications, live streaming media, and database queries. It is built based on the theory that the closer the content is located to the end user, the faster it could be delivered with less jitter likely. This will increase the reliability of delivery with high Quality of Service (QoS) as the network load is minimized.

Network Security Application Note