Network design
308 Avaya Application Solutions IP Telephony Deployment Guide
Communication security
The public nature of the Internet, its reach, and its shared infrastructure provide cost savings
when compared to leased lines and private network solutions. However, those factors also
contribute to make Internet access a security risk. To reduce these risks, network administrators
must use the appropriate security measures.
It is important to note that a managed service can be implemented either as a premises-based
solution or a network-based VPN service. A premises-based solution includes customer
premises equipment (CPE) that allows end-to-end security and Service Level Agreements
(SLAs) that include the local loop. These end-to-end guarantees of quality are key
differentiators. A network-based VPN, on the other hand, is provisioned mainly by equipment at
the service provider’s point-of-presence (PoP), so it does not provide equivalent guarantees
over the last mile. For a secure VPN that delivers robust, end-to-end SLAs, an enterprise must
demand a premises-based solution that is built on an integrated family of secure VPN platforms.
The “private” in virtual private networking is also a matter of separating and insulating the traffic
of each customer traffic so that other parties cannot compromise the confidentiality or the
integrity of data. IPSec tunneling and data encryption achieves this insulation by essentially
carving private end-to-end pipes or “tunnels” out of the public bandwidth of the Internet, and
then encrypting the information within those tunnels to protect against someone else accessing
the information. In addition to IPSec, there are two standards for establishing tunnels at Layer 2.
These are the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP),
neither of which includes the encryption capabilities of IPSec. The value of IPSec beyond these
solutions is that IPSec operates at IP Layer 3. It allows for native, end-to-end secure tunneling
and, as an IP-layer service, it also promises to be more scalable than the connection-oriented
Layer 2 mechanisms.
Also, note that IPSec can be used with either L2TP or PPTP, since IPSec encrypts the payload
that contains the L2TP/PPTP data. Indeed, IPSec provides a highly robust architecture for
secure wide-area VPN and remote dial-in services. It is fully complementary to any underlying
Layer 2 network architecture, and with its addition of security services that can protect the VPN
of a company, IPSec marks the clear transition from early tunneling to full-fledged Internet VPN
services.
An issue, however, is the fact that different implementations of IPSec confer varying degrees of
security services. Products must be compliant with the latest IPSec drafts, must support
high-performance encryption, and must scale to VPNs of industrial size.
Finally, a VPN platform should support a robust system for authentication of the identity of end
users, based on industry standard approaches and protocols.
Firewall technologies
To reduce security risks, appropriate network access policies should be defined as part of
business strategy. Firewalls can be used to enforce such policies. A firewall is a network
interconnection element that polices traffic the flows between internal (protected) networks and
external (public) networks such as the Internet. Firewalls can also be used to “segment” internal
networks.
Содержание Application Solutions
Страница 1: ...Avaya Application Solutions IP Telephony Deployment Guide 555 245 600 Issue 3 4 1 June 2005 ...
Страница 20: ...About This Book 20 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 21: ...Issue 3 4 1 June 2005 21 Section 1 Avaya Application Solutions product guide ...
Страница 22: ...22 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 74: ...Avaya Application Solutions platforms 74 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 106: ...Call processing 106 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 124: ...Avaya LAN switching products 124 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 139: ...Issue 3 4 1 June 2005 139 Section 2 Deploying IP Telephony ...
Страница 140: ...140 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 186: ...Traffic engineering 186 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 204: ...Security 204 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 214: ...Voice quality network requirements 214 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 228: ...Avaya Integrated Management 228 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 239: ...Reliability Issue 3 4 1 June 2005 239 Figure 69 S8700 Media Server in a high reliability configuration ...
Страница 274: ...Reliability and Recovery 274 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 275: ...Issue 3 4 1 June 2005 275 Section 3 Getting the IP network ready for telephony ...
Страница 276: ...276 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 350: ...Implementing Communication Manager on a data network 350 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 356: ...Network recovery 356 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 366: ...Network assessment offer 366 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 367: ...Issue 3 4 1 June 2005 367 Appendixes ...
Страница 368: ...Appendixes 368 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 394: ...Access list 394 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 414: ...DHCP TFTP 414 Avaya Application Solutions IP Telephony Deployment Guide ...