NETWORK DEPLOYMENT CONCEPTS
The overall objective is to show how to effectively integrate and utilize the NullBound Malware
Prevention System in various network environments while providing absolute protection from malware.
While all networks are unique in their design and functionality, the concepts are similar.
These examples should be used as a basic reference point when planning to deploy the Malware
Prevention System in a given environment.
Deployment Example 1 - Basic Network
This deployment example is one of the most basic, yet most common scenarios. Shown here, the
NullBound Malware Prevention System (MPS) is connected to the same network switch as the
firewall. As in all the scenarios, regardless of the overall network configuration, the switch
is configured for port mirroring so the Malware Prevention System can see the traffic flow
from any host behind that switch. This basic network example protects all 10,000 end-users
immediately from when the system is started with no other network or end-user configuration
changes.
NOTE: This is only an example of a 10,000 end-user network. NullBound can be scaled to support
any size network.
Deployment Example 2 - Wide Area Network - Dedicated Circuit
This deployment example shows central headquarters as well as a branch office connected via a
dedicated circuit. Since the branch office is connected via a dedicated circuit, all traffic,
including Internet bound traffic, first traverses the headquarters network to reach the Internet.
Because of this, only one instance of the NullBound Malware Prevention system is required to
protect the entire enterprise, regardless of the branch offices geographical location.
Deployment Example 3 - Wide Area Network - VPN Full Tunnel
This deployment example shows a central headquarters as well as a branch office connected via a
full Virtual Private Network tunnel. Since the branch office is connected via a full VPN tunnel,
all traffic, including Internet bound traffic, first traverses the headquarters network to reach
the Internet. Because of this, only one instance of the NullBound Malware Prevention system is
required to protect the entire enterprise, regardless of the branch offices geographical location.
Deployment Example 4 - Wide Area Network - VPN Split Tunnel
This deployment example shows a central headquarters as well as a branch office connected via a
split VPN tunnel. Only internal network traffic is traversing the split VPN tunnel. Internet
bound traffic goes through the firewall and to the Internet without traversing the VPN. Because
of this, the first diagram shows only the headquarters being protected as there is only one
instance of the NullBound Malware Prevention System installed. For the branch office to be
protected, a second instance of the NullBound Malware Prevention System would have to be installed
at the location as shown in the second diagram.
|
