Network Security Measures For Next-Generation Enterprises
Rapid advances in communications technology have met with equally rapid
growth in security threats, cybercrime, and the introduction of new security
regulations designed to mitigate these threats. To keep up with these changes
and thrive, enterprises must change how they view security. Competing
effectively in today's business environment means creating a trusted dynamic
enterprise that supports secure voice and data communication channels and
employee mobility.
Security must be dynamic, constantly evolving to meet new threats and allow
for real-time adjustment of security policies to reduce risk. This requires a
shift to a user-centric approach to security that, delivered from within the
network, protects networks, people, processes and knowledge. Security must
also drive business performance. To achieve this, enterprises must have a
corporate-wide strategy - a security blueprint - that allows the enterprise to be
open for business and provide a trusted environment.
Leveraging Bell Labs’ innovation and its carrier class roots, our experience
securing carrier networks, and our understanding of multiple deployment
models, the Alcatel-Lucent security blueprint helps enterprises deploy usercentric security from within their own network.
 A global, corporate-wide security infrastructure






Consistent and corporate-wide application of security (voice, data,
mobility)
Security delivered separately from endpoints and applications
An independent chain of control for security
Security that is transparent to the user
Always-on and highly available security
Ensure secure, private and quality communications from any device,
at any time, by combining the trusted capabilities of the enterprise
network with the creative communications services of the Web (Web
2.0, Cloud and beyond)
To enable the transformation to a trusted, dynamic enterprise with its usercentric security blueprint, Alcatel-Lucent offers a complete suite of products
and solutions that can be easily integrated with existing switching and
security infrastructures. The complete portfolio of Alcatel-Lucent security
solutions allows enterprises to leverage Bell Labs innovations and its carrier
roots to benefit from its carrier class security expertise. It creates open and
secure interfaces to communications, data and services to enable enterprises
to take advantage of new collaborative business models (Web 2.0, Cloud).
Perimeter Security
Security starts with protecting the
voice and data fabric and ensuring a
proper, secure perimeter is in place.
This perimeter must include
traditional elements, such as IP
firewall, virtual private network
(VPN) and threat management.
Choosing a perimeter security solution
means different choices for different
types of enterprises and depends upon
security strategy. Considerations in
controlling security operations costs
include scalability and manageability
of the perimeter solution, especially
for enterprises with multiple locations
to protect.
Our managed perimeter security has
the capability to secure next
generation converged networks
including VoIP, IMS, IPtv, fixed
mobile convergence and Femto.
For enterprises with multiple managed
branch offices, secure integrated
solutions are a must. The AlcatelLucent OmniAccess 5700 Unified
Services Gateway provides a complete
branch office solution in a single
appliance.
Why choose the OmniAccess 5000?



An integrated platform with
network (Routing, Switching,
QoS)
Full security (Firewall, VPN,
IDS)
Handles analog and packet
voice
What makes the OmniAccess 5000
unique?


Centralized management,
performance and scalability
Competitive price/performance
Network Access Control
Alcatel-Lucent Safe Network Access
Control (NAC) provides a fully
integrated NAC solution for multivendor networks with a variety of
managed and non-managed endpoints.
Safe NAC provides guest access, host
integrity check, and role-based access
control to help corporations ensure
compliance. Safe NAC is also backed
by a global multi-vendor capable
professional services organization.
Safe NAC has been shown to reduce
costs by automating operational
processes and minimizing the need for
IT operator intervention during the
authentication process. There is also
simplified troubleshooting and
reduced help desk costs which enables
a reduction in operational overhead
and proactively ensures the health of
the network.
The solution offers a number of key
benefits including full visibility and
control of network activity, protection
of network assets and mission critical
data, ability to enforce user policies in
a centralized manner and most
importantly, ability to offer guest
access.
Safe NAC is comprised of multiple
components including the AlcatelLucent OmniSwitch platforms (AOS
6.3.4 and newer), the Alcatel-Lucent
OmniVista Access Guardian and
Quarantine Manager, the AlcatelLucent VitalQIP and Alcatel-Lucent
OmniAccess wireless platforms. The
Alcatel-Lucent products are integrated
with InfoExpress CyberGatekeeper
Policy Server, CyberGatekeeper
Policy Management and Reporting,
CyberGatekeeper remote and
CyberGatekeeper agents.
Benefits :
Cost optimization




Completely integrated
hardware and software solution
Simplified maintenance and
troubleshooting
Easy to deploy, interoperate
and integrate into existing
network infrastructure
Customized solution available
via Alcatel-Lucent
professional services


Support for multiple endpoint
platforms
Reduced Help Desk calls for
guest access and time to
trouble shoot mis-configured
endpoints.
Secure access for endpoints to
network resources


Continuous surveillance for
identification and mitigation of
rogue and improperly
configured endpoints
Remediation of non-compliant
endpoints to guest server or
guest access
Identity-based networking

Role based access control
allowing access only to
network resources as defined
in user based policies located
on the Alcatel-Lucent
OmniSwitch
Protection of mission critical data and
resources


Centralized policy
management provides
simplified management of
endpoints and users
Seamless use of multiple
authentication methods
(802.1x, MAC, Captive Portal)
for automation of endpoint
integrity checking.
Increased compliance

Consistent compliance policy
can be defined and adhered to

Detailed compliance reporting
to provide visibility of
activities on the network
Features :








Access control for guests,
LAN and wireless
Endpoint malware protection
Verify OS and end-point
configuration
Controls automatic
remediation
Role-based post admission
control
Audit reports for compliance
Non-disruptive, multi-vendor
network deployment
Support for multiple
authentication methods, multiendpoint environments
Embedded Security
Alcatel-Lucent treats security as an
integral part of switch and network
design. Security functions are
embedded directly into our switching
fabric, operating systems,
management applications, and all
interface directly with identity
management. This improves security
by delivering it at the first point of
network contact and reduces security
operating costs by allowing
administrators to configure, manage
and maintain the infrastructure more
efficiently.
Security at the switch core
Integrated into the switch operating
system (AOS), Alcatel-Lucent’s
Access Guardian combines LAN
switch and wireless LAN controller
authentication and access control
features with standards based
directory services. This method
provides authentication, device
compliance and access control
functions directly into the hardware,
distributing security functions closer
to the user.
Why choose Access Guardian?



Authentication, device
compliance and access control
functions are designed directly
into the hardware.
Simplified configuration and
management
Host integrity checking and
user profiles automatically
manage end point security
Quarantine – the next layer of
embedded security
Imagine one of your devices is under
Denial of Service attack, do you know
which device and how fast can you
react to this treat? Alcatel-Lucent
Quarantine Manager combines
network management and network
security into one application to defend
against attacks just like this at the
network and application level,
isolating misbehaving users and
providing a means for user
remediation.
It extends Alcatel-Lucent NMS
benefits such as centralization and
automation, and offers OneTouch
automation for handling a security
event once it is detected, reducing the
complexity of pre-configured alert
notifications and containment rules.
Why choose Alcatel-Lucent
Quarantine Manager?




OneTouch automation
simplifies rules and decision
deployment and change
management
Containment and remediation
ensures consistently secure
infrastructure
Part of a comprehensive
integrated security strategy
Network administrator has
complete control over
quarantine operations
Application Security
Business operations today demand
open access from a variety of devices.
However, unless proper safeguards are
in place, web-enabled access can
compromise the confidentiality of
business-critical information. The
Enterprise landscape is changing. New
applications such as VoIP, new
business models leveraging Web 2.0
and the Cloud, and changing
compliance regulations all create the
need for security solutions that protect
users and infrastructure.
Security for VoIP
As VoIP adoption grows, more hackers and criminals attempt to capitalize on
the technologies security weaknesses. Denial of service (DOS) attacks,
registrant hijacking, message tempering, and SPAM are just a few examples.
Enterprises must not overlook VoIP security or risk exposing their business
to attack.
Enterprise telephony infrastructures are rapidly changing from traditional,
fixed function, proprietary Private Branch Exchange (PBX) infrastructures, to
voice over Internet Protocol (VoIP) PBX systems. These systems enable
convergence of voice and data networks, minimize infrastructure costs and
provide deployment ease and flexibility.
However, the transition to VoIP technology presents new security challenges
that must be addressed to ensure secure and robust, non-disruptive, toll-grade
quality of service (QoS) for voice services, and ensure that business-critical
data networks continue to operate effectively. Therefore, the benefits VoIP
provides can be erased quickly by motivated cyber criminals bent on
compromising an enterprise network.
Alcatel-Lucent provides an end-to-end solution that includes advanced,
multi-layered, network-level security at every point of vulnerability. IP
communications are secured with dynamic pin-holing, deep packet inspection
technology, and advanced bandwidth management capabilities. The
functionality is delivered by Alcatel-Lucent's VPN Firewall Brick®. The
voice and signaling for VoIP are encrypted by the Thales IP Touch Security
Solution to ensure confidentiality and to ensure that all IP phone software
upgrades are not corrupted.
PCI compliance
The real cost of data breach is more than you think. According to the U.S.
National Archives & Records Administration, 50% of businesses that lose
their critical data for 10 days or more file for bankruptcy immediately!
For retailers, PCI compliance is mandatory and has direct and indirect
business benefits. First, no retailer who is PCI-compliant has ever been a
victim of credit card theft. More than the direct cost savings of avoiding a
breach, there is a tacit benefit to the retailer’s brand. Secondly, there are bank
imposed monetary penalties that apply if a retailer is found out-ofcompliance.
Being PCI compliant involves a continuous process of assessment to
determine the current risk level faced by an organization. Alcatel-Lucent PCI
compliance solutions can be applied in stages depending upon most pressing
gaps that an organization might need to correct. Ultimately, a complete
deployment provides a cost effective end-to-end protection and is nondisruptive to current operations.
A critical and most basic component for PCI compliance is the perimeter
surrounding the enterprise, especially if there are many branch locations or
the enterprise is also engaged in ecommerce via their Web site. For fortifying
the enterprise perimeter, Alcatel-Lucent has two products the can be used to
fill any existing gaps, its VPN Firewall Brick®, and FortiNet's FortiWeb.
With a secure perimeter in place, an enterprise must then move to contain the
network connected devices that are considered to be in scope for PCI
compliance. These devices must be regularly audited and can drive up the
cost of maintaining PCI compliance. In addition, providing proper audit trails
is a must. Alcatel-Lucent with its SafeGuard product is able to allow the
network of an enterprise to virtually isolate the devices that are involved in
credit card transactions without requiring a costly network reconfiguration.
For those enterprises that must have controls in place on each transaction and
each user, Alcatel-Lucent's OmniAccess™ 8550 Web Service Gateway can
provide the required contextual transaction content inspection and policy
enforcement with audit.
Security Management
Effective security management involves not only making the right choices
about vulnerability detection, patch management and compliance
management, but also a performance and event management solution that
meets the demands of a global enterprise. Security solutions must collect a
rich dataset from the voice and data fabric and provide a robust event
response and escalation engine.
The Alcatel-Lucent VitalSuite® is Alcatel-Lucent’s industry leading, award
winning, multi-vendor, multi-technology network, application and business
transaction performance management product family that offers a number of
features and capabilities that address the needs of enterprise, government and
service provider customers worldwide. With its unprecedented "Quality of
Visibility" (QoV), VitalSuite lets the customer see everything from the
physical infrastructure to individual desktops to understand the end-user
experience and monitor compliance with service level agreements (SLAs).
The Alcatel-Lucent VitalSuite™ Performance Management Software
solution provides network administrators with end-to-end, web-based
visibility into geographically dispersed, multi-vendor, and multi-technology
converged infrastructures.
The VitalSuite® portfolio integrates multiple innovative components and
capabilities to keep networks, applications and business processes working
together effectively. From a single location, network managers can monitor,
measure and enhance delivery of carrier-class business services across multiservice, multi-vendor networks.
What makes our solution unique?



Performance & event management
Real-time event analysis
Application performance management, reporting, and proactive
tracking of performance problems

End-to-end management for geographically dispersed, multi-vendor,
multi-service networks with at-a-glance access to personalized
performance data
Identity Management
Identity management is at the heart of user-centric security and starts with an
enterprise-wide password management platform and directory server farm.
Many organizations consider it essential to adopt some form of strong
authentication based on certificates, coupled with two-factor identification of
end users and devices.
Providing a rich set of interface and control points to the voice and data
fabric of the enterprise is key to the deployment an Authentication,
Authorization and Accounting (AAA) infrastructure. The Alcatel-Lucent
8950 AAA solution provides the most extensive set of AAA support features
available for both wireline and wireless networks.
What makes our solution unique?





PolicyFlow™ language and interpretation engine allows the system to
enforce to any policy scenario
Extensive protocol support for wireless LANs and other networks (i.e.
802.1x, DIAMETER, and EAP protocols)
Complete solution that fully enables 3G mobility wireless WANs
Centralized management
Comprehensive dashboards
The Motive AAA is the Authentication, Authorization and Accounting
(AAA) server of choice for major service providers, ISPs and Enterprises due
to its proven performance and its flexible, extensible PolicyFlow™
architecture built on Java™-based programming language. In addition,
Motive AAA provides an expanded graphic interface for overall server
configuration, management and monitoring.
Motive AAA server delivers expanded functionality to address your
deployment of wireless LANs and other networks deploying 802.1x,
DIAMETER, and EAP protocols to support fixed-mobile roaming and
blended multimedia services.
Benefits :


Complete support for Wi-Fi Wireless LANs
Most extensive set of AAA support features available – for wireline
and wireless networks









Fully enables 3G mobility wireless WANs
Easy integration to existing systems
Carrier Class AAA Platform, 5 nines reliability and geo-redundant
Features for every AAA requirement
RADIUS, DIAMETER, TACACS, EAP-SIM, EAP-AKA, EAPFAST, SS7 Gateway, Mobile IP, IPv4/v6, IP assignment and pool
management
High performance-better performance on less hardware
Extreme flexibility-unparalleled user definable integration capabilities
Logging and reporting down the processing thread and packet level
No per server fees
Features :
Provides centralized network access management and control to:.




Verify Identity (Authentication)
Verify Access Permissions (Authorization)
Define Session Configuration Parameters
Record Session Data (Accounting)
Centralized AAA session management and control across a wide range of
access medial including:












Wide Area Broadband (WiMax)
Wide Area Mobile (CDMA, GPRS, UMTS, 1xRTT, 1xEV-DOrA,
eHRPD, LTE 4G and LTE)
Wired and Wireless Local Area Networks (IP, Wi-Fi, WiMax/WiBro)
Dial-Up
DSL (Termination on DSLAM & BRAS)
Dual-Mode Services (UMA/IMS)
Define Session Configuration Parameters
Firewalls and VPNs (LSMS/LVF, etc.)
Features for Wireline and Wide-Area Wireless (W-WAN) networks;
Local-Area Wireless (Wi-Fi) networks and 802.1x/EAP
authentication; UMA and IMS Dual-Mode Handset Services
Provides an expanded graphical interface for overall server
configuration, management and monitoring
The only AAA application to offer a built-in programming language
for writing custom AAA Policy applications. This powerful
PolicyFlow™ language allows the system to conform to any possible
policy scenario, eliminating the need to compromise your
requirements or adjust your designs to meet other AAA software’s
fixed view of the world.
EAP can also be used to support dynamic key creation for securing
the network traffic flowing through the air. This capability provides














an additional layer of protection for users and administrators
concerned about data security.
An easy to use step-by-step GUI wizard that allows administrators to
build specific policies in a fast easy and efficient way.
Server monitoring and statistics tools
Flexible session limit enforcement definition
Real-time session tracking with external query support
SNMP MIB and Trap support
Easy SQL data base integration
Read/write from LDAP directories
Strong authentication (based on token cards)
Flexible retry/alternate data source logic
Complete support for Proxy RADIUS and DIAMETER
Support for IP Multimedia Subsystem (IMS)
Fully configurable accounting
CDR mediation and configurable login
Extensive logging capabilities with multiple log channels (Syslog,
SNMP, SQL, file, etc.)
Security Services
Our teams identify vulnerabilities and
implement secure architecture relying
on 25 years of proven expertise in
high-security environments. We
review and strengthen your
technologies and security policies to
meet compliance requirements and
establish a standards-based framework
for operations. Our experts can
improve your crisis management
strategies and review your
infrastructure, services and security
measures. Our security solutions
portfolio includes:


Security assessment services:
identify the threats and
vulnerabilities within your
organization, network,
applications, services and
policies.
Security strategy, policy and
compliance services: ensure
you are up to date with the





latest regulatory, partner and
business requirements related
to security and privacy.
Alcatel-Lucent can also
establish or update corporate
security strategies, programs
and policies.
Security architecture design
and integration services:
develop, implement and test
security solutions.
Business applications security
services: fully exploit the
OmniAccess 8550 Web
Services Gateway to manage
user access to sensitive
corporate data, applications
and communications across
multiple IT systems, in real
time. We assist with the
design, integration and
optimization of your web
services filtering policies to
ensure you obtain optimal
value from this innovative
security solution.
Security services for mobile
users: install the AlcatelLucent OmniAccess 3500
Nonstop Laptop Guardian
platform. We can provide
consulting, integration and
training to ensure this awardwinning product matches your
unique mobile security
requirements.
Business continuity and
disaster recovery
services:establish processes
and infrastructures that are
responsive, available and
scalable to ensure the secure
continuity of operations in any
situation.
Threat management services:
take reassurance from a full
range of capabilities to
prevent, detect and respond to
security incidents. Leveraging
the security research of
Alcatel-Lucent experts, we
monitor vulnerabilities and
provide alerts and advisories
for CERT-IST.