KAPIE presentation minimaan tigapuluh kar.pptx
buatmainpointblankdo
8 views
49 slides
Mar 06, 2025
Slide 1 of 49
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
About This Presentation
Penggunaan pada KAPIE presentation
Slide Content
ENTERPRISE DATA CENTER Sukma Aji Baskara
TOPOLOGY DESIGN
Cisco SAFE Cisco SAFE menggunakan Cisco Security Control Framework (SCF), framework umum yang mendorong pemilihan produk dan fitur yang memaksimalkan visibilitas dan control.
SCF mendefinisikan enam tindakan keamanan yang membantu membuat security policy dan meningkatkan visibilitas dan kontrol . Visibilitas ditingkatkan dengan mengidentifikasi , memonitor , dan menghubungkan . Kontrol ditingkatkan melalui tindakan hardening, mengisolasi , dan melakukan enforcement.
The SAFE Key
Design Modules
CORE
Core merupakan bagian dari infrastruktur yang menyambungkan semua segmen . Core memerlukan transfer data berkecepatan tinggi yang bertujuan untuk menyediakan transportasi untuk Layer-2 / Layer-3. Core biasanya diimplementasikan dengan redundant switches yang menghubungkan koneksi ke Internet Edge, Head Quarter, Data Center dan WAN Edge.
INTERNET EDGE
Internet Edge adalah infrastruktur jaringan yang menyediakan konektivitas ke Internet.
INTERNET EDGE Berikut adalah atribut – atribut keamanan yang diperhatikan : •Service availability and resiliency •Prevent intrusions, DoS, data leak, and fraud •Ensure user confidentiality, data integrity, and availability •Server and application protection •Server and application segmentation •Ensure user segmentation •Content control and inspection
Device IP Address Port Description Pair Device IP Address Port ISP 192.168.174.150 F1/0 ESW2_to_Internet VMnet 8 192.168.174.1 - 192.168.99.1 F1/1 Internet_to_ESW2 FortiGate 192.168.99.2 2 FortiGate 192.168.5.101 1 Management SW_MGMT - Eth4 192.168.99.2 2 FortiGate_to_ESW2 ESW2 192.168.99.1 F1/1 10.50.1.2 5 FortiGate_to_IntDistri Intedge_Distribution 10.50.1.1 F1/0 Intedge_Distribution 10.50.1.1 F1/0 IntDistri_to_FortiGate Intedge_Distribution 10.50.1.2 5 10.30.1.1 F1/1 IntDIstri_to_Coreswitch Coreswitch 10.30.1.2 F1/3 Interface Pair
VLAN ID Device in used Nama Vlan Description 106 ESW3 Vlan106 ESW3_to_VMnet4 106 FortiGate Vlan106 IntVlanForti_to_ESW3 VLAN
IP Scheme Connection Type Description IP Address Subnet Mask Device VLAN ID Management Management 192.168.5.101 /24 FortiGate6.2.1-1 - Point to point FortiGate_to_ESW2 192.168.99.2 /24 FortiGate6.2.1-1 - Point to point FortiGate_to_IntDistri 10.50.1.2 /24 FortiGate6.2.1-1 - VLAN FortiGate_to_ESW3 192.168.106.3 /24 FortiGate6.2.1-1 106 Point to point IntDistri_to_FortiGate 10.50.1.1 /24 Intedge_Distribution - Point to point IntDistri_to_Coreswitch 10.30.1.1 /24 Intedge_Distribution - Point to point ESW2_to_VMnet8 192.168.174.150 /24 ESW2 - Point to point ESW2_to_FortiGate 192.168.99.1 /24 ESW2 - VLAN InterfaceVLAN106 192.168.106.5 /24 ESW3 106
Device Destination Gateway Description FortiGate 0.0.0.0 192.168.99.1 DefaultRoute FortiGate 0.0.0.0 10.50.1.1 DefaultRoute_Priority5 ESW2 0.0.0.0 192.168.174.2 DefaultRoute ESW2 10.50.1.1 192.168.99.2 Connection_to_IntDistri Intedge_Distribution 0.0.0.0 10.50.1.2 DefaultRoute ESW3 0.0.0.0 192.168.106.3 DefaultRoute Routing Device Network Wildcard Area Description Intedge_Distribution 10.30.1.0 0.0.0.255 Backbone OSPF
Policy
HEAD QUARTER
Head Quarter menyediakan akses jaringan ke end users dan perangkat yang terletak di lokasi geografis yang sama .
HEAD QUARTER Dari perspektif keamanan, berikut ini adalah atribut – atribut yang diperhatikan dari Head Quarter : •Service availability and resiliency •Prevent unauthorized access, network abuse, intrusions, data leak, and fraud •Ensure data confidentiality, integrity, and availability •Ensure user segmentation •Enforce access control •Protect the endpoints
Device IP Address Port Description Pair Device IP Address Port DistributionSwitch HQ 10.20.2.1 F0/1 DistriSwHQ_to_FortiGate FortiGate 10.20.2.2 2 10.20.1.2 F1/0 DistriSwHQ_to_Coreswitch Coreswitch 10.20.1.1 F1/0 FortiGate 192.168.5.19 1 Management SW_MGMT - Eth4 10.20.2.2 2 FortiGate_to_DistriSwHQ DistributionSwitchHQ 10.20.2.1 F0/1 Firefox 172.16.101.2 Eth0 Firefox_to_FortiGate SwitchAccessHQ - F1/3 Interface Pair
VLAN ID Device in used Nama Vlan Description 101 SwitchAccessHQ Vlan0101 Firefox_to_FortiGate 102 SwitchAccessHQ Vlan0102 Firefox_to_FortiGate 101 FortiGate Vlan101 IntVlanForti_to_Firefox VLAN
IP Scheme Connection Type Description IP Address Subnet Mask Device VLAN ID Management Management 192.168.5.19 /24 FortiGate6.2.1-2 - Point to point FortiGate_to_DistriSwHQ 10.20.2.2 /24 FortiGate6.2.1-2 - VLAN FortiGate_to_Firefox 172.16.101.1 /24 FortiGate6.2.1-2 101 Point to point DistriSwHQ_to_Coreswitch 10.20.1.2 /24 DistributionSwitchHQ - Point to point DistriSwHQ_to_FortiGate 10.20.2.1 /24 DistributionSwitchHQ - VLAN DHCPVLAN_from_FortiGate 172.16.101.2 /24 Firefox31.1.1~2-1 101
Device Destination Gateway Description DistributionSwitchHQ 172.16.101.1 10.20.2.2 Connection_to_vlan101 FortiGate 0.0.0.0 10.20.2.1 DefaultRoute Static OSPF Device Network Wildcard Area Description DistributionSwitchHQ 10.20.1.0 0.0.0.255 Backbone
Policy
DATA CENTER
Arsitektur Data Center memungkinkan module Data Center diperlukan ketika demand dan beban meningkat . Core data center menyediakan routing module Layer-3 untuk semua trafik masuk dan keluar dari Data Center.
DATA CENTER Berikut ini adalah beberapa atribut keamanan dari desain Data Center : •Service availability and resiliency •Prevent DoS, network abuse, intrusions, data leak, and fraud •Ensure data confidentiality, integrity, and availability •Content control and application level inspection •Server and application protection and segmentation
Device IP Address Port Description Pair Device IP Address Port AggregationLayerDC 10.10.1.1 F1/0 AggLayerDC_to_Coreswitch Coreswitch 10.10.1.2 F1/2 FW_DC 192.168.5.170 Eth0 Management SW_MGMT - Eth6 FW_DC 192.168.151.3 Eth2 FW_DC_to_VMnet3 AggregationLayerDC - F1/2 Interface Pair
VLAN ID Device in used Nama Vlan Description 101 AggregationLayerDC outbound AggLayerDC_to_FW_DC 101 FW_DC outbound InterfaceVLAN101 151 AggregationLayerDC inbound FW_DC_to_AccessLayerDC 151 AccessLayerDC inbound VMnet3_to_AggLayerDC VLAN
Connection Type Description IP Address Subnet Mask Device VLAN ID VLAN InterfaceVLAN101 192.168.101.5 /24 AggregationLayerDC 101 Point to point AggLayerDC_to_Coreswitch 10.10.1.1 /24 AggregationLayerDC - Management Management 192.168.5.170 /24 FW_DC - VLAN InterfaceVLAN101 192.168.101.3 /24 FW_DC 101 Point to point FW_DC_to_AggLayerDC 192.168.151.3 /24 FW_DC - IP Scheme
Device Destination Gateway Description AggregationLayerDC 192.168.151.0 192.168.101.3 Connection_to_FW_DC AggregationLayerDC 192.168.151.0 192.168.101.3 Connection_to_VMnet3 FW_DC 0.0.0.0 eth1.101 DefaultRoute Device Network Wildcard Area Description AggregationLayerDC 10.10.1.0 0.0.0.255 Backbone OSPF Static
WAN EDGE
WAN Edge merupakan infrastruktur jaringan yang menghubungkan koneksi WAN dari kantor cabang yang jauh secara geografis ke kantor pusat .
WAN EDGE Dari perspektif keamanan , berikut ini adalah atribut – atribut yang diperhatikan dari desain WAN Edge : •Service availability and resiliency •Prevent DoS, network abuse, intrusions, data leak, and fraud •Provide confidentiality, integrity, and availability of data transiting the WAN •Deliver secure Internet WAN backup •Ensure data confidentiality, integrity, and availability •Ensure user segmentation
Device IP Address Port Description Pair Device IP Address Port DistributionSwitchBranch 10.40.1.2 F1/1 DistriSwBr_to_Coreswitch Coreswitch 10.40.1.2 F1/1 DistributionSwitchBranch 10.40.2.1 F1/2 DistriSwBr_to_FW_WAN FW_WAN 10.40.2.2 2 FW_WAN 192.168.5.18 1 Management SW_MGMT - Eth2 FW_WAN 192.168.2.2 2 FW_WAN_to_DistriSwBr DistributionSwitchBranch 10.40.2.1 F1/2 FW_WAN 192.168.1.2 3 FW_WAN_to_ISPA ISP A 192.168.1.1 F1/3 FW_WAN 192.168.4.2 4 FW_WAN_to_ISPB ISP B 192.168.4.1 F1/4 FW_BR 192.168.5.21 1 Management SW_MGMT - Eth3 FW_BR 172.17.17.2 2 FW_BR_to_AlpineLinux AlpineLinux 172.17.17.1 Eth0 FW_BR 192.168.2.2 4 FW_BR_to_ISPA ISP A 192.168.2.1 F1/4 FW_BR 192.168.15.2 5 FW_BR_to_ISPB ISP B 192.168.15.1 F1/5 Interface Pair
Connection Type IP Address Subnet Mask Device VLAN ID Point to point 10.40.1.2 /24 DistributionSwitchBranch - Point to point 10.40.2.1 /24 DistributionSwitchBranch - Management 192.168.5.18 /24 FW_WAN - Point to point 10.40.2.2 /24 FW_WAN - Point to point 192.168.1.2 /24 FW_WAN - Point to point 192.168.4.2 /24 FW_WAN - Management 192.168.5.21 /24 FW_BR - Point to point 172.17.17.2 /24 FW_BR - Point to point 192.168.2.2 /24 FW_BR - Point to point 192.168.15.2 /24 FW_BR - Point to point 172.17.17.1 /24 AlpineLinux-4 - IP Scheme
Device Network Wildcard Area Description DistributionSwitchBranch 10.40.1.0 0.0.0.255 Backbone Device Destination Gateway Description DistributionSwitchBranch 172.17.17.1 10.40.2.2 Connection_to_AlpineLinux FW_WAN 0.0.0.0 192.168.1.1 Connection_to_ISPA FW_WAN 0.0.0.0 192.168.4.1 Connection_to_ISPB FW_WAN 0.0.0.0 10.40.2.1 Connection_to_DistriSwBr FW_BR 0.0.0.0 192.168.2.1 Connection_to_ISPA FW_BR 0.0.0.0 192.168.15.1 Connection_to_ISPB OSPF Static
TERIMA KASIH
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 49
- Age 273 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views