1

Securing your Digital Assets

Gabriel Tan,

District Manager, South Asia

Nokia Enterprise Solutions

2

About Nokia

• World leader in mobile communications

• Frontrunner in providing mobile, broadband and IP networks

• Sixth most valuable brand (Interbrand)

• One of the world’s most respected companies(PriceWaterhouse & Financial Times)

• As mobility and Internet converge, Nokia is committed to further enrichingthe daily lives of people

3

Nokia Organisation

Customer and Market Operations

Customer and Market Operations

Technology Platforms Technology Platforms

Strategy, Research, Venturing and Business Infrastructure

Strategy, Research, Venturing and Business Infrastructure

Mobile

Phones

Mobile

Phones

Multimedia Multimedia Networks Networks

EnterpriseSolutionsEnterpriseSolutions

4

Top of mind issues for security

Hardened for security Simple & manageable Reliable Cost Support multiple applications

…and something that adds more complexity…securing wireless

5

Customers still want security appliances …

By 2007, 80% of all network security solutions will be delivered via a dedicated appliancea dedicated appliance. - IDC

81%75% 74%

63% 60%

IDP NetworkFirewall

EmailSecurity

WebContent

ApplicationFirewall

What Security Function are you likely to deploy on a security appliance?

What is the primary driver behind appliance-based security technology?

79%

73%

58%

52%

Simplermanageability

Obtain higher levelof security

Betterprice/performance

Convergence (UTM)

… and they want more from these appliances.

6

Nokia Aligned With Market Preferences

In-Stat (2005)

• Set For Explosive Growth

Forrester (2005)

• 50% of enterprises prefer separate stand alone appliances

•14% prefer all-in-one•28% prefer integrated

Best of Breed, 52%Multivendor

Integrated, 37%

Suite/Single Vendor, 11%

Source: Gartner (July 2005)

Gartner (2005)

7

Nokia IP Security PlatformsP

rice

Check Point VPN-1 Pro or Check Point VPN-1 Pro or VPN-1 ExpressVPN-1 Express

LargeEnterprise

DataCenterService Providers

Nokia IP710

Nokia IP350/IP355

Nokia IP380/IP385

Nokia IP1260

Small to MidEnterprise

Remote Office Branch Office

Nokia IP1220

Nokia IP2250

Nokia IP260/IP265

Nokia IP40

Performance & Functionality

Nokia IP560

8

The Power of Two: The CheckPoint and Nokia• OverviewOverview

• 8+, year partnership between Nokia and Check Point• Nokia and Check Point Provide Security to 92 out of Fortuner

100.

Check PointCheck Point• No. 1 Internet Security Company: Built on Firewall Software

Success• Award winning GUI• Patented Stateful Inspection

NokiaNokia• Internet Security Appliance Pioneer• Built to secure demanding traffic • Fastest performance Platform For Check Point (IPSO)• ‘Audit’ Grade HW Build, OS and Management tools Enterprise

and Carrier• The First and Leading HA Firewall Solution for Check Point• Global Support and Service

• InnovationInnovation• Patented security technologies • Jointly-developed acceleration technologies• Several IETF Reference Points (IPv6, VRRP) etc..• 600+ security focused engineers

300,000+ Installation

s

Check Point / Check Point / Nokia Nokia

InstallationsInstallations

1998 2006

9

Nokia IP2250

Nokia Security Firewall Appliances

• IPSO - Hardened OS designed for security • Simple procurement and configuration • Single support point for the entire solution• Comprehensive quality assurance on complete hardware and software solution• Network-centric product architecture• First-Call, Final-Resolution support

Nokia IP12xx

Nokia IP3xx

Nokia IP40

Nokia IP26x

Nokia IP710

10

Nokia IP Security Appliance Platforms• Hardware• Nokia Pioneered The IP Security Appliance, knows more about Security Appliances Than Any other Vendor

• Nokia Designs and builds Entire Appliance Platform, down To Component Level, including boards etc…

• Nokia Develops and QA’s all hardware driver software, with specialized toolsets and bench configurations

• Nokia Provides Redundant hot swap power supplies

• Nokia Provides Redundant hot swap Network Interface Cards

• Nokia Provides Solid State and HDD based System Solutions

• Nokia Delivers High Port Density, High Connectivity Solutions

• Nokia IP Appliances are Built with Ease of Serviceability in mind

• All Systems Quality Assured Under Ideal and ‘Real World’ Operational Environments

• All ‘installed base’ hardware, operating system and application combinations QA’d together

• Nokia Continues To Invest in Hardware Innovations – ADPs, Solid State Support, 10GigE

11

• Operating System – IP Security Operating System

• Network Element Operating System, Optimised For Packet Forwarding

• IPSO High Performance Forwarding based on Patented IP Switching Technology

• ASIC Firewall Performance From Software Based Firewall, with no Restrictions on Flexibility

• Built On Carrier Grade, ‘Battle’ Proven, IP Networking BSD IP Stack, used by Operators and ISPs

• Nokia Hardened* Operating System IPSOTM

• Early Implementation of Digitally Signed OS

• Less Than 10 CERTs in 8+ Years of Field Deployments

• Firewall acceleration pioneer, Nokia Patented IP Firewall Flows

• The market leader and pioneer in integrated high availability firewall technology VRRP-MC to IP Clustering

• World Class, well proven, standards adherent routing

• Well proven IPv6 Implementation, deployed in ISP and Operator Networks for 5yrs+

• Multiple OS Image Management for rollback and recovery operations

• Powerful CLI, and Diagnostic Shells

• Nokia Pioneered Web Interface For Security Appliance Management – Nokia Voyager Element Manager

• Nokia Pioneered Security Appliance System Level Management – Nokia Horizon Manager

• Do No Harm patch, upgrade and management technology for Entire Systems including Security Applications

• Nokia Hardware and Software Asset Auditing tools

• Nokia Brings F.C.A.P.S Best of Breed NMS to Security Appliance - Nokia Appliance Manager

Nokia IP Security Operating System

12

What is A Secure Appliance Operating System?

• “Applications cannot be more secure than the kernel functions they call”

• OS is the right place for security

Operating system security is fundamental to the security of every computing system because operating systems are a critical point of failure for the entire system. Unfortunately, attempts to secure computer systems continue to be based on the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems. The reality is that secure applications require secure operating systems, and any effort to provide system security that ignores this premise is doomed to fail. – NSA

13

Anatomy of A Secure Appliance Operating System

SystemArchitectu

re

Security Functions

Deployment

Processes

BuildingSecure

Software

IndependentValidation & Certifications

Identification and AuthenticationUser Data Protection including Access Control File integritySecurity Audit…

Programming TechniquesDevelopment ProceduresSecurity Hardening

Common CriteriaITSECFIPS 140IS 17799SAS-70

Secure DeliveryDigitally-Signed BinariesSecure Lockdown

Enforces the Security Policywith a Security Model implemented by kernel components and by kernel modularity

14

General Purpose Operating System Security Solutions

Flexible but NOT fast

CPUCPUCPUCPU

Packet Processing

Packet Processing PolicyPolicyPolicyPolicy

Software Based(Server Appliance)

15

ASIC Based Security Solution

Fast but NOT flexible

Hardware Based(ASICs)

Packet Processing

Policy

16

Nokia IP Security Appliance

Fast + Flexible Fast + Flexible

Nokia

CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPU

PolicyPolicyPolicyPolicy

CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUNPUNPUNPUNPU

APIAPIAPIAPI

Packet Processing

Packet Processing

17

Nokia Unique Value Proposition

Fast but NOT flexible Flexible but NOT fast

Fast + Flexible Fast + Flexible

CPUCPUCPUCPU

Packet Processing

Packet Processing PolicyPolicyPolicyPolicy

Software Based(Server Appliance)

Nokia

Hardware Based(ASICs)

Packet Processing

Policy

CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPU

PolicyPolicyPolicyPolicy

CPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUCPUNPUNPUNPUNPU

APIAPIAPIAPI

Packet Processing

Packet Processing

18

In Other People’s Words

Nokia IP3xx

“This product shows how two companies can work together to create a product better

than the sum of its parts”

-Secure Computing Magazine

“A versatile and flexible solution for the high end of the market”

-Secure Computing MagazineNokia IP2250

Nokia IP2xx

"As a dedicated hardware platform, the Nokia IP260 offers some ferocious capabilities.“

-Network Computing Magazine

19

IP Security Appliance Business

• Business Week, 28 Aug ‘02- Nokia's Security Connection "force to be reckoned with... According to tech researcher IDC, Nokia is quickly grabbing market share in the exploding market for firewall/VPN appliances“

• 25.6% of Asia Pacific Security Appliance Market Share

• Nokia with Check Point VPN-1/FireWall-1 has 62% VPN and 41% firewall market share (Infonetics Research, VPN Hardware Market)

• Frost & Sullivan 2005 Firewall market sharefor Vietnam, Nokia ranked #1

20

Nokia SSL VPNEnables new mobile connectivity applications

Enterprise

Intranet

Internet

Nokia SSL VPN

Firewall

Employees using a non-

corporate device at home, a

library or a café

Employees using a corporate

device at a hotel or using Wi-Fi

provider

Partners, suppliers & contractors

Linux & Unix users

Client-server

applications like

Outlook, & Notes

Web-enabled

applications SFA,

CRM, ERP

Mainframe, SSH, FTP,

Telnet

Executive access

Business Continuity

21

Performance

Pri

ce

MediumOffice

Large Office

Remote Office Branch Office

Nokia 500i *VPN Gateway

Nokia 100iVPN GatewayNokia 50i

VPN Gateway

Nokia 5i and Nokia 10iVPN Gateways

Nokia IP VPN Gateways

• Fully-integrated, secure IPSec VPN gateways, with multiple options, for fast, easy deployment in high-performance networks

• Advanced dynamic connectivity to mobile devices and other VPN gateways through robust broadband and routing functionality

• Extreme system availability using diskless hardware, patented clustering and patent-pending adaptive networking technologies

• Product targeted for government sales through planned industry certification including FIPS-140-2, EAL4, ICSA and VPN Consortium

* Available in 1H 2005

22

Nokia Mobile IP VPN Solution

Headquarters

Nokia 50i

Nokia VPN Mgr(with Nokia SSM)Nokia Mobile

VPN Client

Branch Office

Nokia 10i

Internet

CorporateWi-Fi

Wireless Network(GPRS, 3G)

Mobile VPN Client

Site-to-Site Connectivity

Rem

ote

Acce

ss Connectiv

ity

Native Windows

L2TP/IPSec client

23

Nokia Enterprise Solutions

Nokia Firewall/VPN

Mobile Devices& PDAs

Employees on enterprise

device

Employees on non-enterprise

device

IT Apps / Assets

IT Security Infrastructure

Authentication & EncryptionAccess Control

Intrusion DetectionAnti-Virus

ANY Mobile Device

Nokia SSL VPN

Nokia IP VPN

Nokia VPN Manager /

NHM

AccessNetwork

Internet

Applications, Files, Authentication, etc.

24

Nokia Service – First Call – Final Resolution

• Direct Access To EngineeringDirect Access To Engineering•Support resources have a direct line to hardware engineering, software engineering and QA teams – No company boundaries to span during resolution

• Three SCP Accredited TAC centers for follow the sun Three SCP Accredited TAC centers for follow the sun serviceservice

• Comprehensive support offerings available worldwideComprehensive support offerings available worldwide•8x5 VAR fulfilled or Nokia fulfilled support•8x5 onsite VAR fulfilled or Nokia fulfilled support•24x7 VAR fulfilled or Nokia fulfilled support•24x7 onsite VAR fulfilled or Nokia fulfilled support

Nokia provides integrated single source, and single contract, support for Check Point VPN-1, Nokia IP Security Platforms,

interface cards, VPN accelerator cards, HA software and routing protocols.

25

Hardware Repair and Replacement Services

Networking Equipment • Field support in more than 2000

cities• Onsite Service Options: NBD, Same

Day4 Hour Response, 2 Hour Response

Mobile Devices• Advanced Exchange • Return and Repair• Walk In Service

India

Singapore

Japan

USA West

CanadaUK

Finland

Enterprise level technical support delivered by

Global Technical Assistance Centers

• Nokia First Call-Final Resolution• Follow The Sun Support• Available 365x24x7

USA East

Taiwan

China

End User help desk support delivered by 19 Customer Care Centers globally

• Set up assistance• Access to device specialists• >1000s of repair service points

globally

Malaysia

HK

Brazil

Argentina

ColumbiaMexico

HungaryGermany

ItalySpain

Belgium

USA South East

China

Global Support Infrastructure

26

Global TAC & Field Infrastructure

Global Field Services Infrastructure for 5x8xNBD / 24x7x4h On-site HW Replacement.2000 Field Service Locations Globally

On-Site HW Replacement:

Global 365x24x7 Nokia Technical Support (First Call – Final Resolution) through Follow the Sun Model. Three regional Technical Assistance Centers (TACs) & four Product Line Support (PLS) Centers located with R&D.

(TACs) in Kanata, London, Singapore, India and Tokyo. (PLS) in Mountain View, Pittsburgh, India & Helsinki.

Technical Support:

5 Global DHL Hosted Spares Depots in Cincinnati, Brussels, Singapore, Tokyo & Shanghai.Same Day Shipping Globally & Next Day Delivery in the US, EU, Singapore, Japan & China.

Advanced HW Replacement:

27

Nokia Uniqueness in Unified Threat Management

Security Appliances with a “tuned” Operating SystemSecurity Appliances with a “tuned” Operating System(Nokia appliances with IPSO Operating System)(Nokia appliances with IPSO Operating System)

ServicesResiliency, Performance, Policy Control, flow management,

Anomaly Detection, Regulatory Compliance, extensibility

Security Appliances with a “tuned” Operating SystemSecurity Appliances with a “tuned” Operating System(Nokia appliances with IPSO Operating System)(Nokia appliances with IPSO Operating System)

ServicesResiliency, Performance, Policy Control, flow management,

Anomaly Detection, Regulatory Compliance, extensibility

ServicesBroad Attack Detection

Deep PacketInspection

Application Control

Real Time Response

ID/PID/P

ServicesAccess Control

Application Control

Protocol Validation

Enforcement

FirewallFirewall Network AVNetwork AV

ServicesVirus Mitigation

Spyware, Adware, Malware Detection and Control

Malicious Mobile Code Mitigation

Problem:• Multiple discrete services x Multiple Locations = Security Trade-Offs

Nokia UTM:• Unified secure mobility services x Multiple locations = Limited Trade-Offs

Problem:• Multiple discrete services x Multiple Locations = Security Trade-Offs

Nokia UTM:• Unified secure mobility services x Multiple locations = Limited Trade-Offs

28

Security and Mobility Unification

Email, PIMServer

NokiaManagement

Center(Admin Interface)

DNSDirectory

Firewall

VPN (IP &/or SSL)

ID/P

Directory Services

Email

VoIP

Nokia Unified Threat Management Functions

• All-in-one secure mobility architecture

• Ease of management, integration, deployment

• Consolidated management framework

29