VortiQa Software for Enterprise / SMB / Residential Networking Equipment
|
|
- Aleesha Greene
- 5 years ago
- Views:
Transcription
1 July 2009 VortiQa Software for Enterprise / SMB / Residential Networking Equipment Satish Swarnkar, Director of Engineering Pravin Kantak, Engineering Manager Software Products Division, Networking and Multimedia Group service names are the property of their respective owners. Freescale Semiconductor, Inc
2 VortiQa Software Announced on June 15, 2009 VortiQa software: a new brand of Freescale software for networking equipment that helps accelerate product development and increase the pace of innovation \vór ti ka\: A whirlwind of innovation Four new VortiQa product lines of production-ready software applications: VortiQa software for service provider equipment VortiQa software for enterprise network equipment VortiQa software for small business gateways VortiQa software for SOHO/Residential gateways A comprehensive solution-centric approach for networking applications in targeted vertical segments: Silicon QorIQ and PowerQUICC communications processors Software VortiQa software products Expanded Ecosystem - hardware, OS, ISVs, system integrators service names are the property of their respective owners. Freescale Semiconductor, Inc
3 Challenges for Network Equipment Vendors Complex networks need rich and comprehensive security solutions Threats on rise Need unified threat management solution with firewall, IPS, Anti-X and secure VPN and with fine-grained access control to: Prevent attacks Ensure data confidentiality Prevent viruses and stop spam INTERNET ENTERPRISE NETWORK Web Confidential MARKETING SUBNET Performance Threats from within the core (inside) and from external world raise the bar on performance requirements with Gigabit speeds of traffic MALICIOUS HACKERS App CENTRAL SERVICES FINANCE SUBNET Complex multicore silicon needs highly optimized and tuned software solution in short time frame For faster time to market Potpourri of software stacks and products makes maintenance difficult VortiQa software offers: Protection from external and internal attackers Stateful Protocol Analysis with ability to detect and prevent the attacks service names are the property of their respective owners. Freescale Semiconductor, Inc
4 Challenges for Network Equipment Vendors Complex networks need rich and comprehensive security solutions Threats on rise Need unified threat management solution with firewall, IPS, Anti-X and secure VPN and with fine-grained access control to: Prevent attacks Ensure data confidentiality Prevent viruses and stop spam INTERNET ENTERPRISE NETWORK Web Confidential App security hole: Patch unavailable MARKETING SUBNET Insider Attacks Performance Threats from within the core (inside) and from external world raise the bar on performance requirements with Gigabit speeds of traffic Complex multicore silicon needs highly optimized and tuned software solution in short time frame For faster time to market Potpourri of software stacks and products makes maintenance difficult MALICIOUS HACKERS DoS Attacks Application Attacks OS Finger Printing Attacks Anti-NIDS Attacks Application security hole: Patch not applied App CENTRAL SERVICES FINANCE SUBNET VortiQa software offers: Protection from external and internal attackers Stateful Protocol Analysis with ability to detect and prevent the attacks Dishonest Employee Trojan Attack service names are the property of their respective owners. Freescale Semiconductor, Inc
5 VortiQa Software for Network Equipment VortiQa software for Enterprise, SMB and Residential network equipment Unified Threat Management system is defined as an integrated network security device implementing: Firewall Intrusion Prevention Network Anti-Virus IPsec VPN Traffic Management () High performance solution in a System Completely leveraging hardware features SEC, PME, Quick Engine etc. Field Proven Solution with ecosystem support Faster time to market Engineering Support teams supporting Customer s engineering teams service names are the property of their respective owners. Freescale Semiconductor, Inc
6 Software for Service Provider Equipment Software for Enterprise Equipment Software for Small Business Gateways Software for SOHO / Residential Gateways Freescale Silicon QorIQ processors (P4080) PQIII and QorIQ processors (8377E, 8572E, P2020, P4080) PQIII and QorIQ processors (8377E, P2020) PQIII and QorIQ processors (8315E, 8314E, P1020) VortiQa Software Products Overview Delivers integrated networking and security functionality Example Applications Multi-service edge routers, Switches, Wireless infrastructure, security gateway Enterprise U, security appliances, secured routers and switches Multi-service business gateways xdsl, PON, FTTH, and other CPE devices Key Features Networking protocols L2 or L3 Stateful Packet Inspection Firewall, NAT IPSec VPN + IKEv1 + IKEv2 Stateful deep packet inspection: P2P filtering Protocol Anomaly Traffic Anomaly QoS / Traffic Management Networking protocols L2 or L3 SPI Firewall support IPSec Enterprise VPN + IKEv + IKEv2 Stateful deep packet inspection: P2P filtering Protocol Anomaly Traffic Anomaly QoS / Traffic Management Anti-Virus and Anti-Spam HA Support Networking protocols Advanced IPSec VPN + IKE supports SPI Firewall + Advanced NAT features + Dual WAN with Load balancing / Fail Over Optional service provider provisioning Networking protocols SPI Firewall + NAT + Residential Gateway IPSec VPN Optional service provider provisioning service names are the property of their respective owners. Freescale Semiconductor, Inc
7 How QorIQ Platforms and VortiQa Products Align QorIQ Platforms/Products QorIQ P5 QorIQ P4 PRODUCTS: P4080 QorIQ P3 QorIQ P2 PRODUCTS: P2020 P2010 QorIQ P1 PRODUCTS: P1020 P1010 P1011 VortiQa Software for Service Provider Metro Carrier Edge Router Equipment Unified Threat Management Service Provider Routers Converged Media Gateway Integrated Services Router VortiQa Software Products IMS Controller VortiQa Software for Enterprise Equipment VoIP Carrier-Class Media Gateway Network Admission Control SSL, IPSec, Firewall Network Attached Storage Radio Network Control VortiQa Software for Small/Medium Business Gateways Wireless Media Gateway Storage Networks Access Gateway Home Media Hub Serving Node Router (GSN) VortiQa Software for SOHO/ Residential Gateways Basestation service names are the property of their respective owners. Freescale Semiconductor, Inc
8 Architecture: VortiQa Software for Enterprise Network Equipment service names are the property of their respective owners. Freescale Semiconductor, Inc
9 Architecture: VortiQa Software for Enterprise Network Equipment SSLVPN Reverse Proxy Socks App Tunnel L2 Tunnel Portal CMS/Embedded Management: CLI, HTTP, LDSV, SYSLOG, , SNMP AV/AS SMTP/S Proxy POP3/s Proxy HTTP Proxy FTP Proxy AV DB AS DB IPS Manager IKEv1/v2 PKI (SCEP, OCSP, LDAP) XAUTH, EAP IRAC IRAS Authentication Services LDAP Client RADIUS Client Local User Space SPI Firewall Inline IPS IPSec VPN SSLVPN Anti-Virus Anti-Spam TCP/ IP Firewall Policy Mgmt Session Management and Packet processing Traffic Policing Transparent Proxy Support Application Level Gateway Drop-in Clustering Intrusion Detection/ Prevention Engine Ethernet, Bridging and WAN Protocols IPSec Packet Processing Traffic Shaping Kernel Space Routing QoS Transparent mode support High availability (active-backup) Hardware Layer Clustering (activeactive) Ethernet Controllers Crypto Acceleration Pattern Matching Acceleration service names are the property of their respective owners. Freescale Semiconductor, Inc
10 Firewall Architecture Stateful inspection firewall Defense against DoS & DDoS attacks Access Policy enforcement Application level filtering & cookie filtering Event logging (SMTP client, syslog client) Comprehensive configuration Granular, user specific policies Traffic type, protocol/port, Source/ destination, time of the day, as well as authentication based access System-wide policies Comprehensive NAT w/ ALGs ALGs (application layer gateways) Enterprise Application SQL*Net Communications SIP, MSN Standard Protocols - FTP Administration Management Engine Syslog Support Export log Web Based Configuration CLI Event Log Network Access Statistics NAT with ALG Support Stateful Inspection Engine Weekly Activation Schedule Network Access Policy Manager Application Specific Content Filtering Network Access Policy Engine User Specific Access Policies System Wide Access Policies CyberDefense Engine Dynamic Remote User Access Ping of IP Spoofing Reassembly Attacks DoS Attacks Death Smurf WinNuke Land ICMP Redirects IP Source Routing service names are the property of their respective owners. Freescale Semiconductor, Inc
11 Freescale Inline IPS sensor Advanced detection techniques with stateful application intelligence Greater accuracy over traditional IPS Reduced false positives & High performance Protocol anomaly detection Embedded Manager Comprehensive configuration capabilities with support for rule editing Extensive Reporting Centralized signature updates Freescale produces IPS signature updates Provides centralized update capabilities IP Reassembly IPS Architecture Inline IPS Manager and Administration Management Cyber Defense Engine Session Classification Engine Rule Parsing Engine Stateful Application Engine POP3 Engine IMAP Engine SNMP Engine FTP Engine APC Engine NNTP Engine HTTP Engine SMTP Engine DNS Engine TCP Resequencing IP Layer Engine Content Search Engine Traffic Anomaly Transport Layer Engine (TCP,UDP, ICMP) service names are the property of their respective owners. Freescale Semiconductor, Inc
12 IPsec VPN Architecture Proven interoperability Time tested in the field VPN protocol support Layer 3: IPSec, IKEv1 and v2 Layer 2: PPTP and L2TP PKI and Certificates: Support for X.509v3 including SCEP, OCSP, PKCS 7,10 and LDAP client for CRL retrieval Advanced Features Granular policy management for specific protocols DPD(Dead peer detection), DPTD (Dead peer tunnel detection) NAT traversal Hardware encryption accelerator support RADIUS Client LDAP Client OCSP Client SECP Client XAuth NGM Mode Config IKE Policy Certificate IKE-IPSec Manager Manager APIs BSD Sockets ISecPDri IPsecDrv UDP Interface IP Layer ICMP Interface Public Key Crypto APIs Software Crypto Library Link Layer PKEP Driver Public Key Encryption Processor Physical Layer IKEv1 and V2 Engine IPSec APIs TPSec Engine SPD SAD MKMD AH/ESP Symmetric Key Crypto APIs SKEP Driver Software Crypto Library Symmetric Key Encryption Processor EAP Inline Accelerator Interface service names are the property of their respective owners. Freescale Semiconductor, Inc
13 Packet Tap Interface with Linux Packet Reception VortiQa software registers to pre-routing netfilter hook Hardware interrupt context, Packets queued to CPU specific queues at dev layer Hardware interrupts acked immediately Either Hardware Interrupt or Ksoftirqd executes RX_PACKET softirq routine TCP/IP, VortiQa software code are executed in the context of Hardware Interrupt Or ksoftirqd No blocking calls in VortiQa software code Local out packets are collected at Post-Route hook Packet Transmission VortiQa software utilizes Linux TCP/IP route lookups, interface related API VortiQa software invokes IP layer Transmit routine directly to send out packet on a given interface NetFilter Hooks TCP/IP Socket Layer Dev Layer VortiQa Software Ethernet / WAN Drivers Networking Hardware service names are the property of their respective owners. Freescale Semiconductor, Inc
14 Packet Processing Control Flow VortiQa software modules IPsec- VPN, IPS, Traffic Mgmt register with Firewall ecosystem VortiQa software Core Module Firewall captures packets from TCP/IP stack After firewall functionality (Policy Enforcement, Attack verifications) done, Firewall Eco-system dispatches packets to registered modules in priority basis IPsec-VPN, IPS may use their Hardware Eco-system interface to utilize Hardware Accelerator services Each module may consume or return packets to Firewall Eco-system Firewall Eco-system finally dispatches packets out SSLVPN Linux TCP/IP Stack AntiX Firewall with Eco-system Interface IPS IPsec VPN HW Accelerator Eco-System Glue Layer HW Accelerator Traffic Mgmt Accelerators IPsec/IKE: Crypto Accelerators Plain Crypto IHAPPI In-line PKI IPS: Pattern Matching Accelerators DFA service names are the property of their respective owners. Freescale Semiconductor, Inc
15 Packet Processing Control Flow (Cont ) Typical data packet processing flow: Traffic Policing* Firewall IPS* AV/AS * IPsec* Traffic Shaping* SSLVPN Firewall AV/AS IPS IPsec IKEv1/ IKEv2 Traffic Policing Traffic Shaping Ingress Egress Note: * Enabled through configuration Supported protocols: HTTP, SMTP & POP3 service names are the property of their respective owners. Freescale Semiconductor, Inc
16 Management Infrastructure All management applications use the same management APIs Kernel space modules make their management APIs available through pseudo-driver IOCTL/Command IDs. User land processes make their management APIs available through wrapper layer over loopback sockets IPC/Wrapper layer transports the configuration commands appropriately to kernel/user space modules As kernel space APIs may modify the data structures used by packet path, proper synchronization should be implemented On a SMP architecture, spinlocks are used to protect configuration changes CLI Web GUI Character Pseudo-driver Kernel Modules CMS LDSV SNMP Management APIs IPC/Wrapper Layer Loopback Sockets User land Modules service names are the property of their respective owners. Freescale Semiconductor, Inc
17 Performance Consideration service names are the property of their respective owners. Freescale Semiconductor, Inc
18 Performance & Requirements Requirement Perimeter threats emerging from public Internet Core threats emerging from internal protected networks Gigabit Ethernet ports connecting to desktops and servers L3 switches providing security Performance issues Deep packet / data inspection and protocol inspection Traditional specialized ASIC providing data path solution are not sufficient Critical performance metrics: Throughput, Latency and Session rate service names are the property of their respective owners. Freescale Semiconductor, Inc
19 Symmetric Multiprocessing in Multicore Silicon Symmetric Multi-Processing (SMP) Usage Improve performance using Linux SMP architecture Multiple processor usage by VortiQa software for enterprise Linux Kernel components Multiple pthreads in user level process Load Distribution CPU affinity Receive Side Scaling Processor 3 Processor 2 Processor 1 VortiQa Processor 0 Software VortiQa Software VortiQa Software VortiQa Software Linux Interrupt Scheduler Network Controller Network Controller Network Controller Network Controller service names are the property of their respective owners. Freescale Semiconductor, Inc
20 Hardware Accelerators Accelerators Usage Improve performance with offloading repetitive CPU intensive tasks VPN: Crypto accelerators Plain Crypto Accelerators IHAPPI Inline PKI Accelerators Firewall: Data path accelerator Table Look up Quick Engine IPS: Regular expression pattern match accelerators. IPS: Providing pre-screening capabilities in the data path Firewall IPS IPsec VPN HW Accelerator Eco-System Glue Layer HW Accelerator service names are the property of their respective owners. Freescale Semiconductor, Inc
21 Software Optimization Techniques Data structure design for search operations Session Search Hash lists Number of buckets tunable Linked list and binary tree for collision elements Instance search Index based ( No linked list or array searches) Rule categorization (In IPS) is based on transport, application protocol and protocol stages No buffer copy epoll (instead of poll/select) usage in socket based applications State machine oriented Multiple sessions in one thread Avoids memory allocations in the data path Efficient code and data cache usage SMP Minimum number of SMP locks in data path around granular code. Session Parallelization Only one processor at any time processes firewall, IPS or VPN sessions. Packets are queued to backlog queue of each session by other processors during this time. No binding of processor to the sessions. Runs most of packet processing in softirq context to reduce the context switches. service names are the property of their respective owners. Freescale Semiconductor, Inc
22 Comprehensive VortiQa Software Solution and Deployment Scenarios service names are the property of their respective owners. Freescale Semiconductor, Inc
23 Enterprise Deployment ENTERPRISE NETWORK Logging Console Admin Console Domain 4 Other Internal Users MARKETING SUBNET Marketing Users Internet Domain 2 MALICIOUS HACKERS VortiQa Software BRANCH OFFICE DoS Attacks Access Control Lists Domain 1 Confidential Data Domain 3 Finance Users HOMEOFFICE App EDI Web Confidential Data FINANCE SUBNET Trojan Attack TELECOMMUTER Policies for individual security domains Policies for Individual users Policies for user groups Allow remote access Allow access to web server Deny access to finance server Deny access to confidential data service names are the property of their respective owners. Freescale Semiconductor, Inc
24 MPC8572E Up to 1500MHz Dual- e500 core; 1MB L2, 800 Mhz DDR2/3, PCI-Express, 4xGbE, USB SRIO, Logging Console Admin Console Enterprise Deployment ENTERPRISE NETWORK Domain 4 Other Internal Users MARKETING SUBNET Marketing Users Internet Domain 2 MALICIOUS HACKERS VortiQa Software BRANCH OFFICE DoS Attacks Access Control Lists Domain 1 Confidential Data Domain 3 Finance Users HOMEOFFICE App EDI Web Confidential Data FINANCE SUBNET Trojan Attack TELECOMMUTER Policies for individual security domains Policies for Individual users Policies for user groups Allow remote access Allow access to web server Deny access to finance server Deny access to confidential data service names are the property of their respective owners. Freescale Semiconductor, Inc
25 P4080E Up to 1500MHz 8 Cores; 1 MB L2, DDR2/3, PCI-Express, 10G/GbE, USB DPAA, Logging Console Admin Console Enterprise Deployment ENTERPRISE NETWORK Domain 4 Other Internal Users MARKETING SUBNET Marketing Users Internet Domain 2 MALICIOUS HACKERS VortiQa Software BRANCH OFFICE DoS Attacks Access Control Lists Domain 1 Confidential Data Domain 3 Finance Users HOMEOFFICE App EDI Web Confidential Data FINANCE SUBNET Trojan Attack TELECOMMUTER Policies for individual security domains Policies for Individual users Policies for user groups Allow remote access Allow access to web server Deny access to finance server Deny access to confidential data service names are the property of their respective owners. Freescale Semiconductor, Inc
26 Enterprise Deployment ENTERPRISE NETWORK Logging Console Admin Console Domain 4 Other Internal Users MARKETING SUBNET Marketing Users Internet Domain 2 MALICIOUS HACKERS VortiQa Software BRANCH OFFICE DoS Attacks Access Control Lists Domain 1 Confidential Data HOMEOFFICE App EDI Domain 3 Finance Users MPC8548 FINANCE SUBNET Web Up Confidential to 1500MHz Single Core; 512KB L2, Data DDR2/3, PCI-Express, 4xGbE, USB SRIO, Trojan Attack TELECOMMUTER Policies for individual security domains Policies for Individual users Policies for user groups Allow remote access Allow access to web server Deny access to finance server Deny access to confidential data service names are the property of their respective owners. Freescale Semiconductor, Inc
27 Enterprise Deployment ENTERPRISE NETWORK Internet Logging Console Admin Console Domain 4 MPC8315 MARKETING SUBNET Marketing Users Other Internal Users 400MHz 2 x GigE (SGMII) PCI, PCI-Exp USB, DDR1/2, Domain 2 400MHz MALICIOUS HACKERS VortiQa Software BRANCH OFFICE DoS Attacks Access Control Lists Domain 1 Confidential Data Domain 3 Finance Users HOMEOFFICE App EDI Web Confidential Data FINANCE SUBNET Trojan Attack TELECOMMUTER Policies for individual security domains Policies for Individual users Policies for user groups Allow remote access Allow access to web server Deny access to finance server Deny access to confidential data service names are the property of their respective owners. Freescale Semiconductor, Inc
28 Datacenter Deployment Farm Aggregation Switches With VortiQa Software Core Switches With VortiQa Software Internet service names are the property of their respective owners. Freescale Semiconductor, Inc
29 Datacenter Deployment Farm Aggregation Switches With VortiQa Software Core Switches With VortiQa Software P4080E Up to 1500MHz 8 Cores; 1 MB L2, DDR2/3, PCI-Express, 10G/GbE, USB DPAA, Internet service names are the property of their respective owners. Freescale Semiconductor, Inc
30 Datacenter Deployment Farm Aggregation Switches With VortiQa Software Core Switches With VortiQa Software MPC8572E Up to 1500MHz Dual- e500 core; 1MB L2, 800 Mhz DDR2/3, PCI-Express, 4xGbE, USB SRIO, Internet service names are the property of their respective owners. Freescale Semiconductor, Inc
31 Datacenter Deployment Farm Aggregation Switches With VortiQa Software Core Switches With VortiQa Software Internet service names are the property of their respective owners. Freescale Semiconductor, Inc
32 SMB Deployment Branch Office VortiQa Software for Enterprise Networks VPN Tunnel Internet SMB Network Telecommuters & Road Warriors service names are the property of their respective owners. Freescale Semiconductor, Inc
33 SMB Deployment Branch Office VortiQa Software for Enterprise Networks VPN Tunnel Internet MPC8378E MPC8377E SMB Network MHz 2 x GigE (SGMII) PCI, PCI-Exp USB, DDR1/2,, SATA 667MHz Telecommuters & Road Warriors service names are the property of their respective owners. Freescale Semiconductor, Inc
34 SMB Deployment Branch Office VortiQa Software for Enterprise Networks VPN Tunnel Internet P2020 Dual e500 Core, MHz 512 KB L2 Cache SMB Network Telecommuters & Road Warriors service names are the property of their respective owners. Freescale Semiconductor, Inc
35 SMB Deployment Branch Office VortiQa Software for Enterprise Networks VPN Tunnel Internet SMB Network Telecommuters & Road Warriors service names are the property of their respective owners. Freescale Semiconductor, Inc
36 Summary and Q&A service names are the property of their respective owners. Freescale Semiconductor, Inc
37 VortiQa software on QorIQ and PowerQUICC processors Summary Answer to challenges faced by the network equipment vendors Guard against elevated and sophisticated threats. Highly optimized & performance tuned solution to get the most out of silicon & its capabilities Accelerate time to market with a comprehensive system solution not just silicon or software Support from the developers who have experience with silicon and software Expanded ecosystem working with independent vendors service names are the property of their respective owners. Freescale Semiconductor, Inc
38 Q&A Thank you for attending this presentation. We ll now take a few moments for the audience s questions and then we ll begin the question and answer session. service names are the property of their respective owners. Freescale Semiconductor, Inc
39
VortiQa Software for Networking Equipment
VortiQa Software for Networking Equipment Satish Swarnkar, Director of Engineering Software Products Division, Networking and Multimedia Group 1 Agenda VortiQa Software Announcement & the new Software
More informationVortiQa Software Products Overview: Benefits, Functions and Roadmap
August, 2010 VortiQa Software Products Overview: Benefits, Functions and Roadmap NET-F0745 John Chang Agenda Multicore processing - quick overview VortiQa software functional and architecture overview
More informationMigrating Unicore Network Packet Processing Applications to Multicore
August, 2009 Migrating Unicore Network Packet Processing Applications to Multicore Challenges and Techniques (1.0) Wilson Lo Architect, Network Software Division, NMG service names are the property of
More informationFreescale s UTM Security Appliance Solutions
June, 2010 Freescale s U Security Appliance Solutions FTF-NET-F0788 Karthik Ethirajan NMG Software Products Division Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationVortiQa Software with Unified Threat Management for Service Provider Equipment
July 2009 VortiQa Software with Unified Threat Management for Service Provider Equipment Performance Optimization on QorIQ P4080 Multicore Processor Bharat Mota Director of Engineering, Software Products
More informationNext-Generation Firewall Series Datasheet
RUIJIE NETWORKS COMPANY LIMITED www.ruijienetworks.com Ruijie 1600 Next-Generation Firewall Series Datasheet Ruijie 1600 Firewall Series is a collection of nextgeneration firewall offering security, routing
More informationDeep Packet Inspection and Application Classification with VortiQa Software
June 22, 2010 Deep Packet Inspection and Application Classification with VortiQa Software Basem Barakat Senior Systems Engineer Software Products Agenda Why deep packet inspection (DPI) is needed What
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationSystrome Next Gen Firewalls
N E T K S Systrome Next Gen Firewalls Systrome s Next Generation Firewalls provides comprehensive security protection from layer 2 to layer 7 for the mobile Internet era. The new next generation security
More informationSecure and Always Online Networking for Small- to Medium-sized Businesses
Secure and Always Online Networking for Small- to Medium-sized Businesses High-performance, high-value Next Generation Firewall (NGFW) for small and medium-sized businesses Anti-malware protection with
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationGigabit Content Security Router CS-5800
Gigabit Content Security Router CS-5800 Presentation Outline Product Overview Product Feature Product Application Product Comparison Appendix 2 / 34 Overview What is the Content filter? Content filtering
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 642-504 Title : Securing Networks with Cisco Routers and Switches Vendors
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationUTM. (Unified Threat Manager) Support for signatures from Snort VRT and Emerging Threat.
UTM (Unified Threat Manager) Intrusion Prevention based Snort 2.9. Support for signatures from Snort VRT and Emerging Threat. HTTP/SSL Web Proxy based on Squid 3.1.20 URL Filtering with Internet DB from
More informationPalo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010
Palo Alto Networks Stallion Spring Seminar -Tech Track Peter Gustafsson, June 2010 About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and
More informationData Sheet. DPtech FW1000 Series Firewall. Overview
Data Sheet DPtech FW1000 Series DPtech FW1000 Series Firewall Overview Firewall 1000 series provides security prevention solutions for 100Mbps, 1Gbps, and 10Gbps network environments. It adopts professional
More informationEvaluation criteria for Next-Generation Firewalls
Evaluation criteria for Next-Generation Firewalls This document outlines many of the important features and capabilities to look for when evaluating a Next-Generation Firewall (NGFW), in order to help
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationDrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume
DrayTek Vigor 3900 Technical Specifications WAN Protocol Ethernet PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6 Multi WAN Outbound policy based load balance Allow your local network to access Internet
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 The Zyxel is built with remote management and ironclad security for organizations with multiple distributed sites. With an extensive suite of security features including ICSAcertified firewall,
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationNext-Generation Firewall Series Datasheet
RUIJIE NETWORKS COMPANY LIMITED www.ruijienetworks.com Ruijie 1600 Next-Generation Firewall Series Datasheet Ruijie 1600 Firewall Series is a collection of nextgeneration firewall offering security, routing
More informationIdentify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)
Course Outline Network+ Duration: 5 days (30 hours) Learning Objectives: Install and configure a network card Define the concepts of network layers Understand and implement the TCP/IP protocol Install
More informationHTG XROADS NETWORKS. Network Appliance How To Guide: EdgeBPR (Shaping) How To Guide
HTG X XROADS NETWORKS Network Appliance How To Guide: EdgeBPR (Shaping) How To Guide V 3. 8 E D G E N E T W O R K A P P L I A N C E How To Guide EdgeBPR XRoads Networks 17165 Von Karman Suite 112 888-9-XROADS
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationEudemon200E-X Series Unified Security Gateway
Product Overview As a new-generation unified security gateway, Huawei Eudemon200E-X Series product family transforms today s Small Business and Enterprise s workspace experience by delivering them high
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationCisco RV180 VPN Router
Cisco RV180 VPN Router Secure, high-performance connectivity at a price you can afford. Figure 1. Cisco RV180 VPN Router (Front Panel) Highlights Affordable, high-performance Gigabit Ethernet ports allow
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationNSG100 Nebula Cloud Managed Security Gateway
Managed Security Gateway The Zyxel Nebula Cloud Managed Security Gateway is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive
More informationUTM Content Security Gateway
UTM Content Security Gateway Physical Port 4 x 10/100/1000BASE-T RJ45 2 undefined Ethernet ports (WAN/LAN/DMZ) Multi-WAN function Outbound load balancing (Supported algorithms: Auto, Source IP, Destination
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationPerformance Enhancement for IPsec Processing on Multi-Core Systems
Performance Enhancement for IPsec Processing on Multi-Core Systems Sandeep Malik Freescale Semiconductor India Pvt. Ltd IDC Noida, India Ravi Malhotra Freescale Semiconductor India Pvt. Ltd IDC Noida,
More informationWho We Are.. ideras Features. Benefits
:: Protecting your infrastructure :: Who We Are.. ideras Features Benefits Q&A Infosys Gateway Sdn Bhd. Incorporated in 2007 Bumiputra owned Company MSC Status Company Registered with Ministry of Finance
More informationSoftware Datapath Acceleration for Stateless Packet Processing
June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions
More informationSeqrite TERMINATOR (UTM) Unified Threat Management Solution.
Unified Threat Management Solution TERMINATOR Introduction Seqrite TERMINATOR is a high-performance, easy-to-use Unified Threat Management solution for small and mid-size enterprises. It is a robust solution
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationVG422R. User s Manual. Rev , 5
VG422R User s Manual Rev 1.0 2003, 5 CONGRATULATIONS ON YOUR PURCHASE OF VG422R... 1 THIS PACKAGE CONTAINS... 1 CONFIRM THAT YOU MEET INSTALLATION REQUIREMENTS... 1 1. INSTALLATION GUIDE... 2 1.1. HARDWARE
More informationSecurity with Passion. Endian UTM Virtual Appliance
Security with Passion Endian UTM Virtual Appliance Endian UTM Virtual Appliance Endian UTM Virtual Appliance: Secure and Protect your Virtual Infrastructure Whether you are securing your internal virtual
More informationEndian Hotspot main features
Endian Hotspot main features Service Customization Freely configurable home page after successful login Completely customizable welcome page and printed user information through a user friendly visual
More informationZyWALL VPN2S VPN Firewall
ZyWALL 2S Firewall The ZyWALL 2S is designed for small businesses, branch offices and home/remote workers. it provides you Internet connections with high reliability, high performance and high security
More informationSpirent Avalanche. Applications and Security Testing Solutions. Application. Features & Benefits. Data Sheet. Network Performance Testing
Data Sheet Spirent Avalanche Spirent s Avalanche Layer 4-7 testing solution provides capacity, security and performance testing for network infrastructures, cloud and virtual environments, Web application
More informationQ-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ
Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationHigh Availability Synchronization PAN-OS 5.0.3
High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationUnified Services Routers
Product Highlights Comprehensive Management Solution Active-Active WAN port features such as auto WAN failover and load balancing, ICSA-certified firewall, and D-Link Green Technology make this a reliable,
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationSecure and Optimize Application Delivery, Performance, and Reliability
Secure and Optimize Application Delivery, Performance, and Reliability Alteon Application Switch The Alteon Application Switch is a multi-application switching system designed to allow enterprises to prepare
More informationNetwork-Based Application Recognition
Network-Based Application Recognition Last updated: September 2008 Common questions and answers regarding Cisco Network-Based Application Recognition (NBAR) follow. Q. What is NBAR? A. NBAR, an important
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 Managed The Zyxel Managed is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive suite of security features
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More informationMedium / Large Enterprises Next-Generation UTM NU-850C
Medium / Large Enterprises Next-Generation UTM NU-850C Comprehensive Protection UR-980 Overall Integration Cloud-based Management ShareTech NU-850C is the next phase of technology change which will help
More informationCisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.
Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p. 6 Networking Basics p. 14 Wireless LANs p. 22 Cisco Hardware
More informationMedium / Large Enterprises Next-Generation UTM NU-850C
Medium / Large Enterprises Next-Generation UTM NU-850C Comprehensive ShareTech NU-850C is the next phase of technology change which will help service provider Protection to launch the services in single
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0 Module 1: Intrusion Detection and Prevention Technology 1.1 Overview of Intrusion
More informationNew Features for ASA Version 9.0(2)
FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core
More informationEasy To Install. Easy To Manage. Always Up-To-Date.
WATCHGUARD FIREBOX SYSTEM Easy To Install. Easy To Manage. Always Up-To-Date. Overview The WatchGuard Firebox System is a comprehensive firewall and VPN security solution that reduces the time and resources
More informationAccessEnforcer Version 4.0 Features List
AccessEnforcer Version 4.0 Features List AccessEnforcer UTM Firewall is the simple way to secure and manage your small business network. You can choose from six hardware models, each designed to protect
More informationISG-600 Cloud Gateway
ISG-600 Cloud Gateway Cumilon ISG Integrated Security Gateway Integrated Security Gateway Cumilon ISG-600C cloud gateway is the security product developed by Systrome for the distributed access network
More informationPreconfigured Audio/Video Bridging System
Preconfigured Audio/Video Bridging System RSB-KIT Gateway Security Appliance (Router) with Rack Mount Bracket and VLAN switch The popularity and affordability of IP networking has driven audio/video and
More informationAnalysis of VPN Protocols
Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer
More informationSonicOS Enhanced Release Notes
SonicOS Contents Platform Compatibility... 1 Known Issues... 2 Resolved Known Issues... 3 Upgrading SonicOS Enhanced Image Procedures... 5 Related Technical Documentation...8 Platform Compatibility The
More informationUser Role Firewall Policy
User Role Firewall Policy An SRX Series device can act as an Infranet Enforcer in a UAC network where it acts as a Layer 3 enforcement point, controlling access by using IP-based policies pushed down from
More informationCradlepoint COR IBR350 Specifications
Cradlepoint COR IBR350 Specifications Figure 1: COR IBR350 Compact, M2M Gateway for Kiosks, ATMs and Digital Signage The Cradlepoint COR IBR350 Series is an affordable, compact, high performance 4G LTE
More informationASACAMP - ASA Lab Camp (5316)
ASACAMP - ASA Lab Camp (5316) Price: $4,595 Cisco Course v1.0 Cisco Security Appliance Software v8.0 Based on our enhanced FIREWALL and VPN courses, this exclusive, lab-based course is designed to provide
More informationUSG2110 Unified Security Gateways
USG2110 Unified Security Gateways The USG2110 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the small enterprises, branch offices,
More informationHardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012
Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2 What
More informationNetworks and Communications MS216 - Course Outline -
Networks and Communications MS216 - Course Outline - Objective Lecturer Times Overall Learning Outcomes Format Programme(s) The objective of this course is to develop in students an understanding of the
More informationCertified SonicWALL Security Administrator (CSSA) Instructor-led Training
Instructor-led Training Comprehensive Services from Your Trusted Security Partner Additional Information Recommended prerequisite for the Certified SonicWALL Security Administrator (CSSA) exam Course Description:
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationNumerics I N D E X. 3DES (Triple Data Encryption Standard), 48
I N D E X Numerics A 3DES (Triple Data Encryption Standard), 48 Access Rights screen (VPN 3000 Series Concentrator), administration, 316 322 Action options, applying to filter rules, 273 adding filter
More informationIndex. Numerics 3DES (triple data encryption standard), 21
Index Numerics 3DES (triple data encryption standard), 21 A B aggressive mode negotiation, 89 90 AH (Authentication Headers), 6, 57 58 alternatives to IPsec VPN HA, stateful, 257 260 stateless, 242 HSRP,
More informationN-Dimension n-platform 340S Unified Threat Management System
N-Dimension n-platform 340S Unified Threat Management System Firewall Router Site-to-Site VPN Remote-Access VPN Serial SCADA VPN Proxy Anti-virus SCADA IDS Port Scanner Vulnerability Scanner System & Service
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationMX Sizing Guide. 4Gon Tel: +44 (0) Fax: +44 (0)
MX Sizing Guide FEBRUARY 2015 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real-world deployments, industry standard benchmarks and in-depth
More informationExam Questions JN0-633
Exam Questions JN0-633 Security, Professional (JNCIP-SEC) https://www.2passeasy.com/dumps/jn0-633/ 1.What are two network scanning methods? (Choose two.) A. SYN flood B. ping of death C. ping sweep D.
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationDistributed Denial of Service
Distributed Denial of Service Vimercate 17 Maggio 2005 anegroni@cisco.com DDoS 1 Agenda PREFACE EXAMPLE: TCP EXAMPLE: DDoS CISCO S DDoS SOLUTION COMPONENTS MODES OF PROTECTION DETAILS 2 Distributed Denial
More informationImplementation Guide - VPN Network with Static Routing
Implementation Guide - VPN Network with Static Routing This guide contains advanced topics and concepts. Follow the links in each section for step-by-step instructions on how to configure the following
More informationUnified Threat Management Systems
Unified Threat Management Systems 500 POWER HDD Another Product by Open Kod TO SOLVE AND TO SECURE www.openkod.com MALAYSIA CYBER SECURITY INNOVATION OF THE YEAR AWARD 2016 WINNER - OPENKOD SDN BHD Unified
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationIngate Firewall & SIParator Product Training. SIP Trunking Focused
Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent
More informationVPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities
Product Highlights Comprehensive Management Solution Advanced features such as WAN failover, load balancing, and integrated firewall help make this a reliable, secure, and flexible way to manage your network.
More informationWatchGuard System Manager Fireware Configuration Guide. WatchGuard Fireware Pro v8.1
WatchGuard System Manager Fireware Configuration Guide WatchGuard Fireware Pro v8.1 Notice to Users Information in this guide is subject to change without notice. Companies, names, and data used in examples
More informationTest - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version ACE Exam Question 1 of 50. Traffic going to a public IP address is being translated by your Palo Alto Networks firewall to your
More information