Campus Network Security

A “campus” network uses a mix of technologies, products, and applications, and serves a large user population. The campus network presents a challenging security picture because of the diversity of elements to protect:

• Servers, including departmental servers for user access and file sharing, central application servers such as finance and databases, and Web servers for either public Web or Intranet applications.

• Operating systems, typically multiple versions of multiple OS’s running on servers and clients.

• Network devices, including routers, Layer 4-7 load-balancing switches, Layer 3 core switches, Layer 2 distribution switches, and wireless LAN access points.

• Security devices, such as firewalls, VPN gateways, intrusion-detection and anti-virus servers, SSL accelerators, authentication servers, and content filtering servers.

Layer 2 switching security. VLANs based on IEEE 802.1Q standard and Ethernet switches segregate traffic for greater security and manageabilityWith the general availability of the 802.1x authentication standard, Ethernet switches offer embedded capabilities to apply security at every node in the network, providing an effective framework for authenticating and controlling user traffic to a protected network. 802.1x ties a protocol called EAP (Extensible Authentication Protocol, originally developed for PPP) to LAN media and supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. It enables enforcement of client authorization on corporate authentication servers like RADIUS.

Layer 3 switching and routing security. Network address translation (NAT) enables an organization to present a public IP address to the world and hide internal addresses from public view. Processing NAT in hardware with a switch is an innovative strategy making routing and firewall solutions highly efficient. Proper design and use of routing and Layer 3 switching enhance the survivability of the campus network. Access control lists, IP segmentation and sub-netting, redundancy protocols such as Virtual Router Redundancy Protocol (VRRP), and fast convergence routing using OSPF (Open Shortest Path First) all contribute to a more survivable infrastructure. Routers and routing switches secure the data path using IP filters that drop undesirable packets. Routing can be further secure by implementing route policies, encryption and authentication of OSPF and BGP route updates with MD5, and broadcast/multicast rate limiting. Last but not least is the innovative Secure Routing Technology (SRT), which enables dynamic routing over secure IPsec tunnels for RIP and OSPF.

Securing remote communication via IPsec VPNs and SSL VPNs. Typically, the campus network also supports VPNs to connect with branch offices and remote users—carrying private network traffic within a secure, encrypted “tunnel” carried over a public network. Robust and secure central site solutions that support both remote access and remote office IP-VPNs and firewalls are key elements of the campus network. For more information, see “Securing the Perimeter Network” and “Securing Remote Access,”.

BTC Networks has partnered with the following vendors to offer best of breed campus security solutions.

Nortel

Internet Security Systems (ISS)

Juniper

Fortinet

	PBXs, Key Systems
	IP Telephony
	LAN / WAN Systems
	Security & VPN Systems
	Call Billing Systems & IVR Applications
	Network Management Systems
	Multiservice Core / Access Systems
	DDN, Access and NTU Systems
	DSL Systems
	Videoconferencing Systems
	Outside Plant Networks Systems
	SDH / DWDM Equipment

	Wireless "DECT" Telephone Systems
	Wireless Data Networks
	Broad-Band Wireless Systems
	Microwave & VSAT
	GSM Infrastructure
	Trunked Radio Mobile

	Call Billing
	CNI Apllications
	Contact Center & Interactive Voice Response - IVR
	DECT Mobility & WVoIP
	Unified Messaging
	Voice Recording
	Voice Switching(Hybrid, Digital & Pure IP PABX's)

	Data Center Infrastructure
	Local Area Network
	Storage Networking Solutions
	Metropolitain / Wide Area Network
	WAN Optimization
	Application Switching & Content Distribution

	Network Perimeter Protection
	Campus Network Security
	Data Center Security
	Secure Remote Access (IPSec / SSL VPN)
	Physical Acess Control (Biometrics, Smart cards)
	Video Surveillance

	SCADA Solution
	Converged Entreprise / Broadband IP Services Nodes

	FSO - Free Space Optic
	Microwave
	Paging system
	Radio
	V-SAT
	Wireless Mesh Network (WiMAX)
	Wireless Network (WiFi Networks & Hotspots)

	Audio Conferencing
	Multimedia Streaming & Collaboration
	Video Conferencing

	Fiber Optic Cabling
	LAN Cabling
	Telephony Cabling
	Unified Cabling

	GPRS Infrastructure
	GSM Core Packetization
	GSM Infrastructure
	GSM Network Optimization
	GSM Site Planning
	GSM Value Added Services
	SIM Applications & Services

	CSS7 Signaling
	Data Warehousing & Intelligent solution
	Fraud Management Systems
	LAN / Campus Management System
	Revenue Assurance System
	Service Level Assurance System
	VOIP Monitoring System
	WAN Management System

	Data / Voice Multiplexer
	HDSL Terminal Unit
	SDH Fiber Optic Terminal Links

	Wire Communications
	Wireless Communications
	DC/AC Power Systems

	Convergence Solutions
	Telephony Solutions
	Data Network Solutions
	Security Solutions
	Wireless Solutions
	Audio & Video Conferencing Solutions
	Structured Cabling & OSP Solutions
	GSM Solutions
	Network Management Solutions
	Digital Cross-Connect Solutions
	Backup Power Solutions