Market research shows that more than half of the companies in North America, Europe and Asia Pacific have remote users, and that 40 percent of workers now travel for business. The requirements of this increasingly distributed workforce are placing new pressure on organizations to provide secure and reliable multimedia solutions that connect employees, partners and customers — anywhere, anytime. Multimedia applications and IP Telephony deliver the capabilities to connect a mobile world. They drive down operations costs and increase productivity by providing innovative means for distributed workforces to collaborate more efficiently than ever before. With the benefits of multimedia, however, also come security risks such as viruses, worms, identity theft and software vulnerabilities.
Through secure multimedia and IP Telephony solutions, organizations can achieve privacy and reliability and minimize service and identity theft. Highgrade encryption technologies ensure privacy, regulatory compliance and intellectual property protection — eliminating the threat of eavesdropping and tampering. Strong threat protection and high-availability systems — featuring redundant, survivable components and networks — ensure reliability and business continuity. Service theft, toll fraud and identify theft are minimized through strong authentication on every transaction.
Nortel: Answering the call for secure multimedia communications
The only effective security strategy is one that considers end-to-end network architecture and enforces corporate policies with multiple security approaches at multiple areas within the network. Nortel’s Layered Defense implements such an approach — helping to ensure that there are no single points of security failure in a network. Nortel, together with its rapidly growing portfolio of industry-leading Security Developer Partners, provides a complete and extensive array of security technologies to secure multimedia and other business-critical applications. Nortel developed the Unified Security Framework to help customers realize complete end-to-end network security. This framework considers all aspects of network security, including technology users’ behaviors and organizational processes. The attributes behind the framework provide organizations a security blueprint they can use as they move toward increasingly open network environments.
Endpoint security: The first step in securing multimedia communications
An important aspect of secure multimedia communications is securing communication endpoints. This requirement is critically important for a wide range of users such as mobile workers, road warriors, home-based office workers, branch offices and headquarters. The Nortel Secure Network Access Solution (NSNA) secures multimedia endpoints such as IP Phones, PCs and PDAs in two ways. It uses standards based IEEE 802.1x Extensible Authentication Protocol (EAP) and Nortel’s Tunnel Guard technology to connect devices from remote locations. Once authenticated, endpoints can be assigned automatically to a virtual local area network (VLAN) and controlled by user-oriented policies.
NSNA also interrogates devices to verify compliance with organizational security policies, such as the latest firewall and virus software definitions. If a device does not meet security policy, it can be placed in a remediation VLAN until the device becomes policy-compliant. Multimedia security — Layered Defense in practice Mobile workers
From Voice over IP (VoIP) to video conferencing, and from instant messaging to Web collaboration, today’s increasingly mobile workforce needs secure access to communications — a requirement delivered by Nortel’s Secure Multimedia Solution. To maintain privacy, the solution leverages Nortel’s award-winning VPN technology, supporting either SSL or IPSec encryption capabilities in conjunction with strong endpoint security authentication and authorization. Nortel VPN Gateways and VPN Routers (formerly known as Contivity*) are VoIP and multimedia-aware, enabling mobile workers to seamlessly run PC and PDAbased multimedia software clients capable of voice, video, instant messaging and Web collaboration. Nortel offers secure VoIP soft clients specifically designed for mobile devices. For employees without access to corporate PCs, multimedia services such as unified messaging are delivered securely through an SSL-protected, Web-based portal. When using SSL-based services, NSNA protection is implemented using Java-based software downloaded to laptops, kiosks or PDAs.
Multimedia and VoIP communications between headquarters, branch and home-based offices must also be secure— a requirement that Nortel’s solution addresses through encrypted tunnels. Encrypted tunnels secure multimedia communications and management communication to and from remote equipment, limiting access to authorized administrators. These tunnels, which leverage Nortel’s unique secure routing technology, enable dynamic routing over secure connections. This technology results in simplified administration and delivers the high performance needed to support latency-sensitive applications such as VoIP and multimedia. Nortel’s branch office multimedia equipment enhances the reliability of multimedia communications. It can be configured with built-in, award-winning VPN technology and linked with other corporate multimedia equipment to form a geographically redundant, highly available communications system. The Secure Multimedia Solution leverages branch equipment including the Business Communications Manager or Survivable Remote Gateway networked to the headquarters-based Communication Server 1000 or 2100 and VPN Router.
Size and complexity make large headquarters one of the most challenging environments to secure. Since more than half of all security threats come from inside the corporate network, the Secure Multimedia Solution uses a Secure Multimedia Zone (SMZ) to protect IP Telephony and multimedia application servers. This Secure Multimedia Zone shields the organization from internal security threats and any external threats that penetrate the network perimeter firewall.
Nortel Secure Multimedia Controller
The Nortel Secure Multimedia Controller (SMC) is the most convenient way to establish a Secure Multimedia Zone (SMZ). A purpose-built application firewall, the Secure Multimedia Controller protects Nortel’s IP Telephony and multimedia servers by creating an near-instant Secure Multimedia Zone. By automatically establishing a Secure Multimedia Zone, the Secure multimedia Controller saves time, reduces effort and eliminates the risk of configuration errors. The Secure Multimedia Controller not only protects multimedia servers against attacks, but also provides an architecture that powers current and future encryption technologies. Encrypted signaling prevents the monitoring of call signaling, while encrypted keys allow IP phones to authenticate servers, preventing man-in the-middle attacks from impostor servers that send false signals.
Nortel Switched Firewall
Nortel multimedia-aware switched firewalls protect external perimeters of enterprises as well as boundaries between organizations. With built-in support for VoIP and Session Initiation Protocol (SIP), these firewalls accelerate traffic processing to provide the performance levels necessary to support highquality multimedia communications. Whether it is the Nortel Switched Firewall (formerly known as Alteon* Switched Firewall), Nortel VPN Router with integrated full feature firewall, or Nortel Application Switch (formerly known as Alteon Application Switch), these devices defend multimedia services against denial-of-service, viruses, worms and other attacks.
Nortel Threat Protection System
For an added layer of protection, the Nortel Threat Protection System (TPS) can be added to the headquarters user network or core network that surrounds it. The Threat Protection System provides early detection and protection against not only known threats, but also “day zero” attacks. The system recognizes attack behavior, and applies policies to stop denial-of-service and other attacks. The Threat Protection System patrols and monitors user LANs for suspicious activities, blocks new attacks and provides full active threat protection for the multimedia services. Since the Threat Protection System is out of path, it is able to provide security without introducing any delay that would lower service quality.
Bringing it all together with Global Services
To help customers deploy the Secure Multimedia Solution, Nortel’s Global Services and select partners offer a full suite of security services. These services include network security design and planning, security audits and assessments, security integration planning, and compliancy and regulatory audits.
Additionally, Nortel can provide:
> Project management and implementation of security solutions
> Ongoing technical support and software updates
> Security optimization, upgrade and migration support
Nortel also offers managed services to help organizations get their security infrastructure up and running quickly.
Real-world security Government applications
Nortel security solutions have been proven in some of the world’s most demanding government environments, including high-security national defense organizations, and state and local police organizations. Select models of Nortel’s VPN Router have achieved FIPS certification with Common Criteria certification in progress. The Nortel Secure Multimedia Solution meets the Triple DES (3-DES) encryption requirements mandated by the FBI and NCIS for use with mission-critical IP-based applications and networks. Nortel is the first networking vendor to provide an end-to-end VoIP solution certified by the U.S. Defense Department Joint Interoperability Test Command (JITC), which means that government agencies can utilize high security mobility with VoIP. Nortel also offers special capabilities, such as secure mobility, to facilitate emergency response and critical communications. Secure mobility enables secure multimedia and IP Telephony communications, including roaming across Wi-Fi, cellular and LAN/WAN-based communications.
Financial services applications
Through strong encryption technologies, the Secure Multimedia Solution helps secure and protect the confidentiality of customers’ IP Telephony and multimedia communications. Strong encryption helps financial institutions to comply with recent laws and regulations such as Gramm-Leach-Bliley. Connectivity via IPSec and SSL VPN provides secure transfer of sensitive information across the Internet or any untrusted network through the use of encryption and user authentication. This includes communication to and from branch locations, executives and account management in the field, outsourcing partners and customers accessing accounts over the Internet.
Innovative multimedia and IP Telephony applications have ushered in a new era of communications, complete with greater
efficiencies and lower operations costs. With these benefits have also come increased security threats. Nortel’s Layered Defense approach to security mitigates the threats by providing multiple layers of security within the network. By securing communications and ensuring security in the core, at the perimeter — and beyond, Nortel’s comprehensive and proven Secure Multimedia Solution has multimedia network security covered.