1 / 42

Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006

Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006. Orhan ORTAÇ orhan_ortac@3com.com. Agenda. History and Trend 3Com’s Security Strategy Security Solutions 3Com Tippingpoint IPS (Intrusion Prevention System) 3Com X505 Firewall Correct solution. 3Com Confidential. 2.

violet
Download Presentation

Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Güvenliği Ve Atak Önleme ÇözümleriAkademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com

  2. Agenda • History and Trend • 3Com’s Security Strategy • Security Solutions • 3Com Tippingpoint IPS (Intrusion Prevention System) • 3Com X505 Firewall • Correct solution

  3. 3Com Confidential 2 History And Trend

  4. History And Trend – [ Virus & Worm ] • 1949 : First virus program idea • 1984 : Called “Virus” – (Fred Cohen) • 1986 : First PC virus [Brain] • 1987 : Lehigh • 1988 : Jerusalem . . . • 1992 : Total of 1300 known virus. [18 New Virus /Month] • 2001 : Nimda • 2003 : Blaster • 2004 : Sasser

  5. Internet History And Trend - Historical Network Configuration Router Firewall Trusted Zone Marketing Financial DesktopPCs Switch Engineering Mail Sales CAD

  6. History And Trend - Historical Network Configuration To: 115.13.73.1 From: 66.121.11.7 FTP-21 HTTP-80 Sub 7-6776 Quake-26000 SMTP-25

  7. History And Trend – [ What about atacks? ] • Microsoft is the most popular O.S. • Weak applications has vulnerabilities • Protocol based vulnerabilities • TCP / IP • SMTP / FTP ... • VoIP vulnerabilities • Low level administration ~2500 known atack types !

  8. HTTP-80 History And Trend –Today’s Firewall Configurations FTP-21 BackOrifice-31337 SMTP-25

  9. History And Trend - Summary • Increasing rate of new vulnerabilities and decreasing time to patch • IT complexity hinders security practice implementation • Increasing number of attacks and attackers • Walk-in worms, e-mail attacks, spyware • More connected end points on the network • Increasing number of applications • VoIP Deployment • Lack of IT resources Security Gap Security Demands Business Security Capacity Time, Business Growth

  10. 3Com Confidential 9 Customer Requirements ?

  11. High network performance and uptime High level information security Automated security control Centralized management Customer Requirements

  12. 3Com Confidential 11 What is the best strategy?3Com’s Security Strategy

  13. 3Com’s Security Strategy - What is the strategy ? Secure Network • Overlaid or Embedded Security • Adaptive and Dynamic Protection • Automatic and Centrally Manageable Security Converged Converged Network • Multi-service Network • Synergy between infrastructure elements • Edge-to-Core Coverage Networks Customer Benefits • Business Continuity • Capital Efficiency and Cost Reduction • Corporate Control and Visibility

  14. Inline, wire-speed blocking of malicious traffic Integrated Firewall, IPS, VPN, URL Filtering 3Com TippingPoint IPS 3Com X505 3Com’s Security Strategy - The 3Com Offer

  15. 3Com Confidential 14 Security SolutionsIntrusion Prevention System 3Com Tippingpoint IPS

  16. Security SolutionsSecurity Appliance Evolution 1998 1999 2000 2001 2002 2003 2004 2005 2006 Performance concerns begin to shift FW market towards appliances FW and IPSec bundled Layer 7 inspection and SSL VPN introduced ASICs, acceleration and HA become commonplace VoIP, L7 and multi-service platforms drive performance requirements Security proliferates in switches Firewalls increasing in importance to large enterprise Firewall appliances equal 53% of mkt Security is a choke point IDS appliances equal 24% of mkt FW/VPN appliances equal 63% of mkt IDS/IPS appliances equal 49% of mkt CKPT, ISS, & SCUR introduce appliances SSL / IPSec / FW / IPS appliances begin to proliferate Standalone SSL integrates other security services Source: Frost & Sullivan

  17. Signature Protocol Anomaly Vulnerability Ultra-High Performance Custom Hardware • 5 Gbps Throughput • Switch-Like Latency • 250K Sessions/Second • Total Flow Inspection • 64K Rate Shaping Queues • 10K Parallel Filters Application Protection Intrusion Prevention Systems Infrastructure Protection Performance Protection Filtering Methods Security Solutions TippingPoint Closes the Gap with Intrusion Prevention Traffic Anomaly

  18. Security Solutions Application Protection – Defends Clients and Servers Protect: • Microsoft Applications & Operating Systems • Oracle Applications • Linux O/S • VoIP From: • Worms/Walk-in Worms • Viruses • Trojans • DDoS Attacks • Internal Attacks • Unauthorized Access • Performs Total Inspection at Layers 2-7 • Protects Vulnerabilities • Protects Perimeter and Internal Network • Provides Day-Zero Attack Protection • Eliminates Emergency Patching Triage • Prevents Application and O/S Damage/Downtime Application Protection Intrusion Prevention Systems Infrastructure Protection Performance Protection

  19. Security Solutions Infrastructure Protection – Defends Network Equipment Protect: • Routers (e.g. Cisco IOS) • Switches • Firewalls (e.g. Netscreen OS, CheckPoint FW1) • VoIP From: • Worms/ Walk-in Worms • Viruses • Trojans • DDoS Attacks • SYN Floods • Traffic Anomalies • Protects Network Equipment Vulnerabilities • Protects Against Anomalous Traffic Behavior • Automatic Baselining • Rate Limit, Block, or Alert on Thresholds • Supports Custom IP filters, ACLs Application Protection Intrusion Prevention Systems Infrastructure Protection Performance Protection

  20. Security Solutions Performance Protection – Defends Overall Network Performance Protect: • Bandwidth • Server Capacity • Mission-Critical Traffic From: • Peer-to-Peer Apps • Unauthorized Instant Messaging • Unauthorized Applications • DDoS Attacks • Increases Network Performance Even When Not Under Attack • Rate Limits Non-Mission Critical Applications • Eliminates Bandwidth Hijacking • Controls Rogue Applications • Eliminates Misuse and Abuse • Controls Peer-to-Peer Traffic Application Protection Intrusion Prevention Systems Infrastructure Protection Performance Protection

  21. Security Solutions Quarantine Automatic Protection Quarantine Process • Client Authenticates via SMS • SMS acts as Radius proxy, learns MAC/Switch/Port from Switch via RADA RADIUS • EVENT: Illegal Activity • SMS resolves IP to MAC • MAC Address is placed into a blacklist and policy set • SMS forces re-authentication of compromised device • Device is contained within the set policy at the access switch ingress port 2 SMS 4 5 Safe Zone 1 3 Core 6 TippingPoint IPS 7 Access Switches Clients Breach to Containment in under 5 seconds

  22. Security Solutions Security Management System • Hardware is included with SMS purchase and software ispre-installed • Installation Ease • Scalable • Enterprise-wide security policy management • Port-by-port policy • Device-by-device policy

  23. Security Solutions IPS and Switching Infrastructure Internet Home Users Using WLAN/Broadband Router Mobile Devices Firewall Mkt Supplier Connectedto Sales Server Financial WAP Switch Engineering TrustedZone Mobile Users Connected to LAN CAD Mail Sales

  24. 50 Mbps 1x10/100/1000 Segment 100 Mbps 1x10/100/1000 Segment 200 Mbps 2x10/100/1000 Segment 400 Mbps 4x10/100/1000 Segment 1.2 Gbps 4x10/100/1000 Segment 2.0 Gbps 4x10/100/1000 Segment 5.0 Gbps 4x10/100/1000 Segment Security Management System Security Solutions TippingPoint Product Line

  25. Vulnerability Analysis Raw Intelligence Feeds Vaccine Creation Security Solutions Automatic Digital Vaccines SANS CERT Vendor Advisories Bugtraq VulnWatch PacketStorm Securiteam @RISK Weekly Report Digital Vaccine Automatically Delivered to Customers Filter Types • Signature • Vulnerability • Traffic and/or Statistical Anomaly Scalable distribution network using Akamai’s 9,700 servers in 56 countries

  26. Security Solutions Summary of Core IPS Features

  27. Security Solutions Select TippingPoint Customers

  28. Security Solutions TippingPoint Awards SC Global Awards 2005 – Principal AwardsTippingPoint was named the Best Security Solution in the 2005 SC Global Awards for the best overall solution for dealing with today’s threats to information security and the protection of corporate information assets. Common Criteria CertificationTippingPoint is the first Intrusion Prevention System (IPS) to obtain all four government-validated protection profiles: analyzer, sensor, scanner and system. SC Magazine Best BuyTippingPoint was selected by SC Magazine as a "Best Buy" in their group test of intrusion prevention products. IDG Network Awards 2004 WinnerTippingPoint is the winner of the "Network Protection Product of the Year" from IDG and TechWorld.com. The prestigious IDG awards recognize the very best in the industry and reward companies for innovative and effective use of networking technology. Frost and Sullivan 2005 Network Security Infrastructure Protection Entrepreneurial Company of the YearTippingPoint was named the 2005 Network Security Infrastructure Protection Entrepreneurial Company of the Year by Frost & Sullivan. eWeek Labs Analyst's Choice AwardTippingPoint's IPS ably handled both real and staged attacks on week Labs' test network, attached to the Internet for nearly a week. Information Security Magazine 2004 Product of the YearTippingPoint was selected by Information Security Magazine as "2004 Product of the Year" for Intrusion Prevention Systems. NSS Gold AwardTippingPoint’s Intrusion Prevention System is the first and only product to win the coveted NSS Gold Award in the IPS space. The Tolly Group "Up To Spec"Performance and security benchmark. TippingPoint's IPS demonstrated 100% security accuracy at 2 Gbps. CompTIA "Best New Product"TippingPoint's Intrusion Prevention Systems were named "Best New Product" in the hardware category at the Executive Breakaway 2003 Conference hosted by CompTIA in Halifax, Canada. eWeek Excellence AwardTippingPoint's Intrusion Prevention Systems received the "Enterprise Resource Protection" eWeek Excellence Award announced in the April 5, 2004 issue of eWeek Magazine. SC Magazine Best Buy of 2004TippingPoint's was selected by SC Magazine as a "Best Buy in 2004" for intrusion prevention InfoWorld 100University of Dayton, a TippingPoint customer, was recognized as a technological leader and awarded with the 'InfoWorld 100' for its advancements made through implementing TippingPoint's Intrusion Prevention Systems. SANS "Trusted Tool"TippingPoint’s Intrusion Prevention System has been selected as a "Trusted Tool" by the SANS Institute, the world's premier security research and training organization. University Business Magazine "Show Stopper" AwardTippingPoint's Intrusion Prevention Systems were awarded the "Show-Stopper" at the 2003 Educause Conference in Anaheim, California.

  29. 3Com Confidential 28 Security Solutions3Com X505 Firewall

  30. Integrated Security Platform Built on IPS Bandwidth Management Multicast Routing Web Filtering Firewall VPN IPSec VPN to transform the Internet into a secure converged network for multi-site connectivity Provide support for next generation IP conferencing applications To protect against offensive web content and enforce acceptable usage policies QoS and bandwidth management to improve network performance and provide policy based traffic shaping Traditional firewall technology to provide access control and policy enforcement IPS Industry leading TippingPoint IPS technology and Digital Vaccine protection IPS is the core function that creates value in, and serves as the foundation of, the X505. All other features are accessories to the IPS core.

  31. What is the TippingPoint X505 • Integrated Security Platform – GA 12/1/05 • Combining Market Leading IPS with … • Firewall, IPSec-VPN, Web content filtering, routing & policy based traffic shaping • Same TippingPoint Digital Vaccine • Same Threat Suppression Engine • Enhanced Local Security Manager • Extreme Flexibility • For example: Apply IPS and traffic shaping inside VPN tunnels • Delivering Secure Converged Networks • For Distributed Multisite Organizations • “All-in-One” Integrated Security Platform • FW, IPS, VPN, Routing, Multicast, NAT, Web Filtering, Traffic Shaping, etc • Device status/Health/TOS/DV updates capability at GA. Cannot configure the IPS policy from SMS. Future roadmap will have full SMS support

  32. TippingPoint X505 Hardware • Hardware • Rack mountable form factor • 4 x 10/100 Ethernet ports • Inbuilt IPSec hardware acceleration (up to AES-256) • On-box URL filtering • Performance • 50+ Mbps IPS • 50+ Mbps IPSec VPN (3DES/AES-256) • 100+ Mbps Firewall Throughput • Supports over 1,000 VPN tunnels • 5000 Connections per second • 128,000 Concurrent Sessions

  33. Vulnerability Analysis Raw Intelligence Feeds Weekly Vaccine Distribution Application Protection Infrastructure Protection Performance Protection TippingPoint Closes the Gap with Intrusion Prevention Signature Protocol Anomaly Vulnerability Traffic Anomaly SANS CERT Vendor Advisories Bugtraq VulnWatch PacketStorm ZDI Intrusion Prevention Systems @RISK Weekly Report Filtering Methods

  34. TippingPoint X505 Firewall • Stateful packet inspection • Numerous built-in application layer gateways (SIP, H323, etc) • Policy Classification • Services (pre-defined, custom & groups) • Source / Destination Security Zone • Source / Destination IP Address / Address group • Schedule – Time of day / day of week • User Authentication – forces user auth for access to policy • Policy Actions • Deny / Allow / Content Filter • Traffic Shape

  35. Wireless Zone 2 DMZ Zone 1 TippingPoint X505 Regional Office Wide Area Mobile Workers VPN TippingPoint X505 TippingPoint X505 Branch Offices TippingPoint X505 VPN • Low latency IPSec hardware crypto • DES, 3DES, AES-128, AES-192 & AES-256 • Keying Modes • Manual, IKE + shared secret, IKE + X509 Cert • Support for VPN Clients • Native IPSec, PPTP, L2TP/IPSec (Microsoft standard) • Advanced Features • Ability to terminate tunnel into any security zone • IP Multicast routing over IPSec (PIM-DM) • IKE keep alive / NAT traversal • DHCP over VPN

  36. FTP WWW TippingPoint X505 Traffic Shaping Internet Guest Internet Only Guest HTTP Traffic – Low QoS VPN Corporate LAN Traffic – Medium QoS Employee Authenticated VPN Zone IP Telephone Authenticated VPN Zone VoIP Traffic – High QoS Internet Dynamic allocation of bandwidth to maximize resources • By policy • Both inbound & outbound directions • For any application • Both inside & outside of VPN tunnel • Multiple policies create various zones

  37. TippingPoint X505 Summary • VPN • DES, 3DES, AES-256 • Manual key, IKE PSK, X509 certificates • Terminate onto any security zone • Support PPTP, L2TP/IPSec & IPSec VPN clients • Web Content Filtering • Manual allow / deny lists • Keyword / regular expression • Content Filter service (40+ categories) – supplied in conjunction with SurfControl Inc • Traffic Shaping • Stateful, policy based traffic shaping (zone, service, schedule, etc) • Full policy control (application, service, zone, schedule, etc) • Inbound / outbound rate limiting • Inside / outside VPN tunnel • Guaranteed, maximum, priority • Routing • Static, RIP v1/2 • IP multicast over VPN (PIM-DM & IGMP) • Hardware • Rack mountable form factor • 4 x 10/100 Ethernet ports • 1 x dedicated 10/100 management port • Inbuilt IPSec hardware acceleration (up to AES-256) • Performance • 50+ Mbps IPS • 50+ Mbps IPSec VPN (3DES/AES-256) • 100+ Mbps Firewall Throughput • Support over 1,000 VPN tunnels • Supports 50 independent VLAN policies • IPS • Industry leading – same DV as TippingPoint dedicated IPS systems • Application, Infrastructure & Performance, Spyware, Phishing, P2P & ZDI protection • Firewall • Stateful packet inspection • Object based policy engine • NAT, PAT, virtual servers • Inter-VLAN & VPN firewall enforcement

  38. Remote LAN Monitoring Remote LAN Topology Network Configuration Snapshot & Rollback VPN Topology & Monitoring WAN Topology Intuitive Device Management WAN Usage / Profiling Unified bulk software upgrade / configuration backup Root cause analysis Unified fault management for LAN, WAN, Voice & Security Security SolutionsUnified Enterprise Management + = Secure IX Unbeatable Combination

  39. 3Com Confidential 38 Correct Solution ?

  40. Risc Point

  41. Security SolutionsTippingPoint – The Company • The Proven Leader in Intrusion Prevention (Nasdaq: TPTI  COMS) • Launched industry’s first intrusion prevention solution, January 2002 • Awarded major industry accolades for Intrusion Prevention • TippingPoint becomes a division of 3Com Corporation, January 2005 • 125 employees based in Austin, Texas (growing daily!) • Research Leaders of the Industry • Digital Vaccine group monitors cyber threats • Provide intelligence for SANS @Risk newsletter • Founded VOIPSA • Best-of-breed Technology and Execution • Tens of millions of dollars invested in core technology R&D • Solutions are built first for network performance, then security capabilities • Highly parallel, custom packet-processing ASIC technology • 10,000 Parallel Filters • Microsecond Latencies • Patent-pending technologies (10) that deliver unmatched performance

  42. 3Com Confidential 41 ?

More Related