2001 OP Financial Highlight PSINet Managed VPN 소개 박훈철 대리

2001 OP Financial Highlight PSINet VPN Applications & Requirements Extranet Business-to-Business Remote Access Remote Access DSL Cable POP Remote Access Intranet Central Site Intranet Branch Remote Access  Extension of Dial  ADSL, Cable, ISDN  User manageablility & deployment scalability Site-to-Site : Intranet & Extranet  Extension of classic WAN  provided by Service Provider  VPN with Firewall service  Enhanced VPN service  Vscalable performance with VSU

2001 OP Financial Highlight Agenda  PSINet Remote Access VPN Service  PSINet Site-to-Site VPN Service  PSINet GIHC VPN Service  PSINet Managed VPN Service  PSINet Case Studies  Q & A

2001 OP Financial Highlight PSINet Remote Access VPN Service NAS POP Gric Roaming Dial-Up Access ISP AAA ISDN Access Service Provider Network ADSL AAA ADSL Access Cable Enterprise or ISP Cable Modem VPDN Requirements Robust security Simple & easy-to-use VPN client Scalability High availability Integrated management Deployment flexibility

2001 OP Financial Highlight PSINet Remote Access VPN Service VPNremote software VPN NAS POP Dial-Up Access VPN AAA ISDN Access Intranet Server VPN PSINet IPSec Tunnel ADSL ADSL Access VSU VPN Cable Enterprise Netwrok ISP Cable Modem VPN Gric Roaming PSINet Remote Access VPN Sulution Easily deployable and manageable IPSec client software Centralized policy-based management of VPN users provides a high degree of scalability

2001 OP Financial Highlight PSINet Remote Access VPN Service Client IP Address Pool AAA Intranet Server VPN POP IPSec Tunnel @#!1$%2*&%3#&… Remote Access VSU Enterprise Netwrok IP Pool Address VPNremote Client user has random IP address assigned by ISP VSU translates user’s original IP address to one in Client IP Address Pool Packet Filtering Rule VSUs support packet filtering ACL (Access Control List) consist of Client IP Address Pool Encryption Using strong(3DES) encryption, VPN’s allow the flow of secure traffic between networks over a public intrastructure such as the Internet.

2001 OP Financial Highlight PSINet Remote Access VPN Service AAA Web Gric Roaming VPN POP PSINet Mail Remote Access VPN POP VSU Groupware 기 능 종 류 PSINet VPN Packet Mode Tunnel, Transport Tunnel Encryption Algorithm DES, 3DES 3DES Authentication Algorithm MD5, SHA1 Compression STAC Key Management IKE, SKIP Firewall Packet Filtering Rule NAT Static, Dynamic, Port System Management SNMP, SSL, Syslog Remote Client Windows 95/98,NT,2000,Me

2001 OP Financial Highlight Agenda  PSINet Remote Access VPN Service  PSINet Site-to-Site VPN Service  PSINet GIHC VPN Service  PSINet Managed VPN Service  PSINet Case Studies  Q & A

2001 OP Financial Highlight PSINet Site-to-Site VPN Service Firewall ISP Extranet / Business-to-Business Intranet Server ISP Service Provider Network Firewall Intranet / Branch1 Intranet / Central Site ISP Intranet / Branch2 Site-to-Site VPN Requirements Robust security Deployment Flexibility Bandwidth Managemet Service-Level Validation Multi-Device VPN Management

2001 OP Financial Highlight PSINet Site-to-Site VPN Service VSU Extranet / Business-to-Business Intranet Server VSU IPSec Tunnel PSINet VSU Intranet / Branch1 Intranet / Central Site VSU Intranet / Branch2 PSINet Site-to-Site VPN Sulution Hardware-based Encryption Greater VPN Security & Reliability Site Specific Scalability Feature Interoperability Device Integration Investment Protection

2001 OP Financial Highlight PSINet Site-to-Site VPN Service IP Header Payload Original IP datagram Intranet / Central Site Intranet Server VSU PSINet IPSec Tunnel Branch2 Branch1 Business-to-Business Tunneling Original IP datagram IP Header Payload Tunnel IP Header IP Header Payload Original IP datagram Tunneling Enable Routing with Private IP IP>traceroute 203.235.76.18 Traceroute 203.235.76.18: 56 data byes 1 123 ms 120 ms 121 ms 203.235.76.18 Trace complete. IP>traceroute 10.10.1.34 Traceroute 10.10.1.34: 56 data byes 1 117 ms 115 ms 113 ms 10.10.1.34 Trace complete.

2001 OP Financial Highlight PSINet Site-to-Site VPN Service VSU Web PSINet Extranet / Business-to-Business VSU Mail Intranet / Branch1 VSU VSU Extranet Groupware Intranet / Branch2 기 능 종 류 PSINet VPN Packet Mode Tunnel, Transport Tunnel Encryption Algorithm DES, 3DES 3DES Authentication Algorithm MD5, SHA1 Compression STAC Key Management IKE, SKIP Firewall Packet Filtering Rule NAT Static, Dynamic, Port System Management SNMP, SSL, Syslog Remote Client Windows 95/98,NT,2000,Me

Agenda  PSINet Remote Access VPN Service  PSINet Site-to-Site VPN Service  PSINet GIHC VPN Service  PSINet Managed VPN Service  PSINet Case Studies  Q & A

PSINet GIHC VPN Service 센타내 입주한 서버와 관리자 Desktop간에 VPN Remote Client를 이용한 안전한 데이터 전송 및 관리 고객 기존 사설망을 VSU를 이용하여 센타내 서버와의 안정한 데이터 전송 사설 전용선 (256K ~E1) 을 사용한 입주 서버와의 안전한 데이터 전송 대체 고속(100M)의 안전한 데이터 전송가능 저렴한 비용으로 안전한 서버관리 및 데이터 관리

PSINet GIHC VPN Service PSINet Public Network Private Network PSINet Backbone Main switch 203.x.x.x Access switch Web Server 203.x.x.2 10.x.x.2 Access switch OSPF Firewall Streaming Server 203.x..x.3 10.x.x.3 VSU= 203.x.x.1 10.x.x.1 Streaming Server 203.x.x.4 10.x.x.4 Database 203.x.x.5 10.x.x.5

Agenda  PSINet Remote Access VPN Service  PSINet Site-to-Site VPN Service  PSINet GIHC VPN Service  PSINet Managed VPN Service  PSINet Case Studies  Q & A

PSINet Managed VPN Service 자체 제작된 별도의 장애 관리 시스템 및 트래픽 관리 시스템을 이용해서 인터넷 사용량을 일간/주간/월간 그래픽으로 볼수 있도록 페이지를 제공

PSINet Managed VPN Service MSG(Managed Service Group)란?  PSINet NOC(Network Operation Center)소속의 보안 전문가 그룹으로, 고객사의 보안정책수립 및 네트워크 관리를 총괄하는 조직 MSG의 역할 및 책임 고객사의 보안정책 컨설팅 24 X 7 NMS 및 Monitoring 서비스 Intranet 이나 VPN등의 Managed 서비스 구축 시 작업 전담 고객사 측 CPE(Customer Premises Equipment)에 대한 Setting 및 Maintenance 지원 Router, 인증 및 로그서버 Configuration 지원 각 Intranet sites에 대한 장애처리, NMS 전담

PSINet Managed VPN Service PSINet Korea MSG 운영방안 Call Center PSINet Korea MSG ISP사업본부 기술운영 기술지원 고객사 24X7 NMS Network Monitoring 및 Reporting 보안 정책 컨설팅 보안관련 정보 제공 장애 처리 장애 보상 하드웨어 유지 보수 각종 기술 지원 영업담당자

PSINet Managed VPN Service 장애처리 System 및 장애처리 방안 하루 24시간, 주 7일 NOC 운영을 통한 Network Monitoring 및 장애처리 자체 장애 처리시스템을 통하여 장애 처리와 관련된 모든 부서에서 장애 확인 및 대처 Alarm System을 이용한 사전 장애 통보 및 신속대처 장애 복구 후 장애 내역을 분석하여 재발되는 장애를 최대한 억제 발생한 모든 장애에 대해서는 장애내용, 장애시간, 복구내용을 DB로 관리 및 Report

PSINet PSINet Managed VPN Service IPSec Tunnel ISP VSU ISP ISP ADSL / Cable VPN Dial-Up Access VPN Gric Roaming VPN ISP ISP VSU ISP Extranet / Business-to-Business Intranet Server VSU IPSec Tunnel PSINet VSU Intranet / Branch1 Intranet / Central Site VSU Radius / Log / VPNmanager Intranet / Branch2 VSU PSINet Operationg Center

PSINet Operationg Center PSINet Managed VPN Service B1 PSINet Operationg Center IP Pool 217.207.101.10 217.207.101.11 217.207.101.12 217.207.101.13 203.255.113.0/24 Directory Server VPNmanager Directory Server .24 SNMP, SSL, Syslog .25 VSU .100 .26 A1 217.207.101.0/24 .101 PSINet Backbone VSU .102 .103 .57 .58 .59 VSU .104 R1 R2 D1 C1 Remote Account 210.128.239.0/24 IP ? B1 A1 VPN (Tunnel Group1) 203.255.113.24  217.207.101.100 B1 A1 VPN (Tunnel Group2) 203.255.113.25,26  217.207.101.101,102,103 C1 A1 VPN (Tunnel Group) 210.128.239.57,58,59  217.207.101.102,103 D1 A1 VPN (Tunnel Group) (Remote) ID,PW 217.207.101.10,11,12,13  217.207.101.104

Agenda  PSINet Remote Access VPN Service  PSINet Site-to-Site VPN Service  PSINet GIHC VPN Service  PSINet Managed VPN Service  PSINet Case Studies  Q & A

PSINet Case Studies 1 CASE 1 : 한국타이어 VSU 일본 지사 Web 210.238.254.0 / 255.255.255.224 1 ISP T1 ISP Mail VSU ISP VSU F/W 호주 지사 203.42.125.48 / 255.255.255.240 Groupware IP Group 203.31.6.0 203.31.7.0 203.31.17.0 서울본사 VSU 독일 지사 192.169.202.0 / 255.255.255.0

PSINet Case Studies 1 CASE 2 : LG-EDS 600명 부분적 사용자별 Access Point 개별 설정 VPNremote software VPN 600명 부분적 사용자별 Access Point 개별 설정 Dial-Up Access VSU Web VPN 1 ISP F/W ISDN Access ISP VPN ISP Mail ISP ADSL Access F/W ISP VPN Groupware VSU Cable Modem IP Group 210.103.148.0 210.103.149.0 210.103.150.0 VPN 서울본사 Gric Roaming

Q & A