Upload File

Download - REFERENCE ARCHITECTURE MPLS/SD-WAN Connected Networks

Transcript
Page 1: REFERENCE ARCHITECTURE MPLS/SD-WAN Connected Networks

REFERENCE ARCHITECTURE

2

WAFWAF

MPLS/SD-WANConnectedNetworks

All switches should have port securityenabled with NAC device posture checking

and MFA required for networks access.

Workstations

Mobile devicesRemoteWorkstations

Network should be physically separate with a separate Internet connection or at a minimum segmented by a firewallfrom the internal network

Guest SubnetIoT Subnet

Separate subnets for each individual, business unit, dept. or common access IT resources access requirements

Advanced malware/exploit protection EDR and DLP software installed on all workstations

Remote

VulnerabilityMgmt.

All host routinely scanned for

vulnerabilities and process in place to remediate

identified vulnerabilities.

PAMPAM

(Prvileged account management) deployed to

manage / monitor privileged

access to resources.

EDR Mgmt.Advanced ThreatDetection / EDR

software installedon all systems. Logs configured

to go to SIEM

TIP(Threat Intelligence Platform)

External threat intelligencesources should be used to

enrich data and identify potentially knownmalicious traffic patterns.

Next-GenAV Server

Next-Gen Antivirus server to detect/prevent malware,

exploit attempts andmalicious scripts from running on endpoints

Assets ManagementDatabase

Comprehensive list of all companyIT assets with primary user and

team responsible for administrativemanagement recorded. CMDB with

all changes to critical assets loggedin accordance with the change

management process

MDMMDM

(Mobile Device Management)server to manage / validate

security configurations of supported mobile devices

Security Management SubnetSIEM

Access limited toauthorized securitypersonnel

Internal Web Subnet

Internal App Subnet

Internal DB Subnet

Internal Infra. Subnet

AD/DNS EmailDNS, DHCP, System and Security logs sent to SIEM

DMZ Web Subnet

DMZDB Subnet

System and security logs sent to SIEM

DMZ App Subnet

A least privileged security model should be enforced on all assets deemed business critical and/or assets that process or information deemed sensitive or confidential in nature. This is typically done through virtualization and/or containerization.

Micro segmentation All AD Authentication logs, DNS logs and policy change logs sent to SIEM

All inbound email scanned for threats. All outbound email inspected for DLP violation. All logs sent to SIEM.

SIEM deployed to centralize storage of all security logs for analysis.

System, network and application activities should be logged for allbusiness critical asstesor assets that handle sensitive / confidentialinformation

MFA required for access to externally facing company resources and VPN

Network traffic for managed systems off the network is monitored/restricted

Only mobile devices managed by MDM are allowed to accessresources externally

MFA authentication required.Computer or company issued certificate and user credential required for access.

Internal Wireless Subnet

GatewayFirewall

Layer 7 Firewallconfigured for least permissive access.

All traffic logged.User-based access control

to IT resources.

IDS/IPSInspect all inbound/

outbound traffic for anomalous

or known malicious activity.

DLP SensorInspect all outbound

traffic for DLP violations

Web ProxyWeb Proxy to control outbound web traffic

Client Subnet

Logs sent to SIEM

DNS

Top Related

Increase MPLS and SD-WAN Speeds and Reduce …...Increase MPLS and SD-WAN Speeds and Reduce Operating Costs AN Multiprotocol Label Switching, or MPLS, has been the traditional means
Increase MPLS and SD-WAN Speeds and Reduce …...Increase MPLS and SD-WAN Speeds and Reduce Operating Costs AN Multiprotocol Label Switching, or MPLS, has been the traditional means
MPLS/WAN/VPN Bandwidth Services at NNPC Nodal … MPLS Based Bandwidth... · MPLS/WAN/VPN Bandwidth Services at NNPC Nodal Hubs ... Service (MPLS) and Virtual Private Network (VPN)
MPLS/WAN/VPN Bandwidth Services at NNPC Nodal … MPLS Based Bandwidth... · MPLS/WAN/VPN Bandwidth Services at NNPC Nodal Hubs ... Service (MPLS) and Virtual Private Network (VPN)
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more affordable WAN
MPLS, SD-WAN and Cloud Network: The path to a better, secure and more affordable WAN
SD-WAN: The answer to business networking demands · PDF fileoutgrown the ability of MPLS WAN private services to interconnect remote offices and data centres ... SD-WAN: The answer
SD-WAN: The answer to business networking demands · PDF fileoutgrown the ability of MPLS WAN private services to interconnect remote offices and data centres ... SD-WAN: The answer
Ethernet, MPLS and SD-WAN - CenturyLink (Ethernet, MPLS and SD-WAN), reliability, security and quality of service all ranked above cost/value when it came to critical factors in evaluating
Ethernet, MPLS and SD-WAN - CenturyLink (Ethernet, MPLS and SD-WAN), reliability, security and quality of service all ranked above cost/value when it came to critical factors in evaluating
SD-WAN TRANSFORMS TO SD- BRANCH - MENA ISC Transforms.pdf · SD-WAN with 3 rd Party FW. SD-WAN with Cloud Security. FW with . Embedded SD-WAN “SD-WAN systems do not offer advanced
SD-WAN TRANSFORMS TO SD- BRANCH - MENA ISC Transforms.pdf · SD-WAN with 3 rd Party FW. SD-WAN with Cloud Security. FW with . Embedded SD-WAN “SD-WAN systems do not offer advanced
MSx WAN - tpx.com · SD-WAN is game-changing technology Secure connectivity MPLS traffic encrypted with VPN access to our MPLS network Cloud VPN Dynamic edge-to edge communication
MSx WAN - tpx.com · SD-WAN is game-changing technology Secure connectivity MPLS traffic encrypted with VPN access to our MPLS network Cloud VPN Dynamic edge-to edge communication
SD WAN MPLS service disruption or enhancement
SD WAN MPLS service disruption or enhancement