Security Buying Guide

Security is a reality of life for everyone. Information security is everyone's responsibility. Whether it is keeping systems up to date with configurations and virus definitions or ensuring the company's personnel and client records are secure, Nortel is delivering technologies that provide secure access to information from security policy compliant systems regardless of where and how the user accesses the network. Nortel's award winning security solutions provide small and medium-sized businesses with the network intelligence for success.

What are the security risks that I need to be aware of?

  • Service Disruption/Business Continuity, in which the network is not available for its intended use. This can be caused by a classic "denial of service" attack in which the network is bombarded with false information that it must process, effectively shutting down the network. Holes in the operating systems of key servers could also cause them to be taken out of service, preventing new sessions from being established.
  • Theft of Service, in which an unauthorized user gets to use network bandwidth (or an authorized user gets access to an unauthorized service).
  • Privacy Violations, in which information is captured by a third party. These include eavesdropping, collection of network usage information, and theft of specific data such as credit card numbers. These are also known as confidentiality or privacy concerns.
  • Integrity, where the information sent from one system to another has not been modified on the network.

Back To Top

How do I know if I need security in my network?

You should implement a security solution if your business has any of the following requirements:

  • Broadband and/or wireless connectivity;
  • Extended LAN, WAN corporate connectivity
  • eCommerce transactions conducted via the internet;
  • Sensitive information sharing for employees, partners and/or customers through extranets, VPNs or other remote connections;
  • Network connections to business partners, joint ventures or customers
  • A firewall or any other security device that is not actively being monitored and is your company's only protection

Back To Top

How do I protect my network from external and internal attack?

Securing the network from attack involves both protecting the infrastructure and protecting the traffic.

  • Protecting the traffic means ensuring that all information traversing the network is unaltered and can be read only by its intended recipient (confidentiality and integrity). Protecting the traffic includes preventing outside attacks through the use of firewalls, Network Address Translation (NAT) perimeter security, ensuring the information is unmodified and not seen by others through the use of authentication and/or encryption (application security), and ensuring each network user can securely transport information across the shared infrastructure (transport security). Additional controls including preventing unauthorized systems from connecting to and monitoring network traffic (sniffing) is essential, particularly in wireless networks.
  • Protecting the infrastructure means ensuring unauthorized or disgruntled internal users cannot disrupt the network by such techniques as "hacking" into the switch to alter it's configuration, or bombarding the switch with so much invalid traffic that normal network operation is affected. Protecting the infrastructure includes locked doors and video cameras (physical security), ensuring only authorized personnel have access to applications (user security), and ensuring the network elements are hardened from attack (device security). Process related protection is also essential including making only authorized changes are made (change control) and by limiting session and network control access (access control).

Back To Top

What is a VPN and why is it important for my business?

Virtual Private Networking (VPN) is composed of a network that uses a shared public infrastructure as a channel for private data communications. Virtual Private Networks are used to link remote sites (Site to Site) and remote users to the enterprise data services they need.

  • Site-to-Site VPNs
    Site-to-site VPNs allow enterprises to leverage IP to establish fixed, secure tunnels between corporate sites to replace expensive, dedicated network services. Site-to-site VPNs can securely connect enterprise branches to corporate headquarters or provide business partners, suppliers and customers confidential access to corporate network resources. Nortel Secure Routing Technology (SRT) is an innovative framework to integrate IP routing and security enabling enterprises to build flexible and highly-scalable site-to-site VPNs.


    View a Diagram

  • Remote Access VPNs
    Mobility, flexibility and cost savings are the major benefits of remote access VPNs. Enterprises can meet their needs for mobile and telecommuting applications regardless of the access methods - dial, ISDN, DSL, cable or wireless - while using the Internet as their network transport. Nortel offers both individual and integrated IPsec and SSL-based remote access VPN solutions allowing remote users to securely access corporate resources from browsers or from VPN client software on their PC.


    View a Diagram

Back To Top

What is a virus and what can it do to my network?

A virus is one of several forms of malicious software (malware) commonly seen on both the Internet and enterprise networks. A virus is a special program written to "attach" itself to a file on a computer and when executed, performs a task without the user's knowledge. The virus can infect other files, find other systems on the network it can infect and spread through the network.

The impact from a virus can range from very small to extremely large, particularly with the more widespread viruses over the last few years. Users often receive virus infected programs through email, in software they have downloaded, through specific file sharing systems (peer to peer file transfer) and when visiting web pages.

Viruses can infect computers and result in lost productivity and potentially lost data. Malware trends are suggesting the virus writers are getting smarter to avoid detection or infect as many computers as possible in as short a time as possible. The SQL Slammer event in January 2003 rendered any enterprise networks almost inoperable due to the sheer volume of traffic.

Protecting yourself from virus infections involves using an anti-virus detection program, being cognizant of what files are attached to e-mail and who sent them or the website link before you click on it. If the sender is not known, do not open any attachment or click on any link.

Having a virus detection program is only part of the solution. Nortel's VPN Tunnel Guard and Sygate's LAN Enforcer products can assist the detection of systems which do not have anti-virus software or up to date detection signatures and limit the spread of infections in your network.

Back To Top

What key things should I keep in mind when evaluating a security solution?

  • Anti-virus software
  • Firewalls
  • Secure VPN: VPN Tunnels, IPSec, SSL and Encryption
  • Network Boundary Security
  • Network Address Translation and IP Address Schemes
  • Integration with existing technologies
  • Change control and centralized management; and
  • Monitoring, auditing and logging

Back To Top

What do I need to consider when thinking about securing my network?

  • Business policy and practices;
    • Remote access
    • Number of sites
    • Individual access requirements
    • Encryption and firewalls
  • Legal requirements (ie-HIPPA, GLB, Sarbanes-Oxley, EU Data Protection Act)
  • Types and location of the enterprise intellectual property
  • Available resources to design the security solution, implement and operate it.

Back To Top

What kind of security do I need to implement a wireless network?

Wireless networks are viewed in the industry as posing specific security challenges. Implementing the appropriate level of security is dependent upon the specific needs of your wireless network. All wireless networks require at least one Access Point, which is the "bridge" between the wireless and wired networks.

Wireless security solutions include encryption technologies such as Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA). WEP is not considered much better than using an unencrypted wireless network, while WPA offers distinct advantages and increase protection levels. Both encryption methods can be used to limit connections to the wireless network from unauthorized devices although WEP implementations have been successfully compromised.

Additional filtering is available to limit the actual wireless device capable of connecting to the Access Point. These filters require configuration for each wireless network interface card and prevent unauthorized devices from connecting to the network, even if they have the correct network encryption configuration.

The most secure level of protection for a wireless network uses a VPN service over the wireless to provide the same level of security and protection for the network connection as discussed earlier.

Besides several Extensible Authentication Protocol (EAP) implementations of 802.1X, Nortel's WLAN 2200 series Access Points offer the latest security standard Wi-Fi Protected Access (WPA), a subset of the current 802.11i draft* (security specifications currently under development by the IEEE). They also provide a closed system mechanism to prevent unauthorized users from attaching to the network by preventing the broadcast of the SSID. A second security layer, the WLAN Security Switch, provides VPN encryption and firewall along with the capability to not only detect unauthorized or "rogue" Access Points, but also prevents users from connecting to them, and locating unauthorized APs within a 10-meter perimeter.

Back To Top

What security choices are available for small businesses?

Each small business is different, with different needs and problems. Some want to do it themselves with specific products, like firewalls and VPN solutions. Others may wish to use security consultants to design the appropriate solution, build and operate it. Alternatively, they may choose to use managed security service to meet their needs.

No matter which option you choose, small businesses should seriously consider using firewalls at their network perimeter and VPN services for employee and business partner access to their networks and applications.

Back To Top

What questions should I ask a potential vendor?

Potential customers should ask their security vendor

  • Can you provide me with a total solution that incorporates all the essential elements of network protection and guarantees business resiliency?
  • How are security products integrated into the network and other related services
  • Ease of installation, configuration and management;
  • Total cost of ownership over the lifetime of the product;
  • Support and Managed service options and capabilities;
  • Can your vendor help support and manage the solution?
  • Software upgrade programs
  • The level of commitment the vendor has for the product and solution.

Nortel partners with the best in the business of providing solutions for our customers. The Security Developer and Security Expert Advantage Programs can provide the resources any business needs.

Back To Top

How is security sold and managed?

Ideally security should be part of a total solution and integrated with other network devices and services. This is important for the small business that often does not have significant IT resources.

The Yankee Group* identified the top concerns for small and medium businesses when examining network equipment in:

  • Ease of integration into the existing infrastructure;
  • Price of the product;
  • Brand name and reputation of the manufacturer;
  • Ease of use, manageability of the product;
  • Capacity and room for growth;
  • Level of security provided by the product; and,
  • Conformance to industry standards.

* Ease of Integration for Routers, Switches and Hubs Is Top SMB Purchase Driver
October 8, 2004
Research Note By: Christine Liebert

Back To Top

How much should I expect to pay?

Any given solution has a large number of variables depending upon the business requirements. Typical small business security solutions often fall into the $5,000 - $10,000 range depending upon many variables affecting size, scalability and availability requirements.

Back To Top

What are my security options from Nortel?

Back To Top

How do I learn more or purchase a Nortel Networks security solution?

Back To Top