Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Similar documents
1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Training UNIFIED SECURITY. Signature based packet analysis

Managing SonicWall Gateway Anti Virus Service

Symantec Client Security. Integrated protection for network and remote clients.

A Comprehensive CyberSecurity Policy

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

NetDefend Firewall UTM Services

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Palo Alto Networks PAN-OS

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Paloalto Networks PCNSA EXAM

Cisco s Appliance-based Content Security: IronPort and Web Security

Palo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010

Next-Generation Firewall Overview

Evaluation criteria for Next-Generation Firewalls

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Annexure E Technical Bid Format

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

CyberP3i Course Module Series

Copyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer

All-in one security for large and medium-sized businesses.

McAfee Public Cloud Server Security Suite

SRX als NGFW. Michel Tepper Consultant

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Stopping Advanced Persistent Threats In Cloud and DataCenters

SonicOS Standard Release Notes SonicWALL Secure Anti-Virus Router 80 Series SonicWALL, Inc. Software Release: March 15, 2007

Future-ready security for small and mid-size enterprises

Barracuda Firewall Release Notes 6.6.X

2 ZyWALL UTM Application Note

BUILDING A NEXT-GENERATION FIREWALL

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

BUFFERZONE Advanced Endpoint Security

Activating Intrusion Prevention Service

Chapter 9. Firewalls

Securing Today s Mobile Workforce

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Business Strategy Theatre

Data Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features

Cisco ASA Next-Generation Firewall Services

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Table of Content. Market Trend

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

BUFFERZONE Advanced Endpoint Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Microsoft Internet Security & Acceleration Server Overview

Comprehensive datacenter protection

What to Look for When Evaluating Next-Generation Firewalls

SONICWALL SECURITY HEALTH CHECK PSO 2017

Integrating Microsoft Forefront Threat Management Gateway (TMG)

SONICWALL SECURITY HEALTH CHECK SERVICE

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

BUILDING AND MAINTAINING SOC

CS 356 Operating System Security. Fall 2013

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Networking Drivers & Trends

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

SONICWALL SECURITY HEALTH CHECK SERVICE

Network. Arcstar Universal One

Take Back Control: Increase Security, Empower Employees, Protect the Business

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

USG2110 Unified Security Gateways

Venusense UTM Introduction

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Seqrite Antivirus for Server

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

SonicWALL UTM Overview. Jon Piro NA Channel SE

Trisul Network Analytics - Traffic Analyzer

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

COMPUTER NETWORK SECURITY

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

How to Configure Virus Scanning in the Firewall for FTP Traffic

The SonicWALL PRO Series

Kerio Control. Unified Threat Management without Complexity. Presenters name. Presented by

Security+ SY0-501 Study Guide Table of Contents

Custom Application Signatures

Medium / Large Enterprises Next-Generation UTM NU-850C

Endpoint Protection : Last line of defense?

Key Features. DATA SHEET

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.3 REVIEWER S GUIDE

Security Assessment Checklist

Renovating our security management: New ways to protect your infrastructure

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Test Report April esafe Virtual Appliance

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

ANATOMY OF AN ATTACK!

New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Cisco Self Defending Network

Transcription:

Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2

What are Students and Staffs doing? Web surfing Twitter, Facebook Downloading files Instant messaging Streaming video Streaming audio Playing game online Personal email Page 3

These things we know? User Port Protocol Application Port 80 is much more than Web browsing 203.12.145.34 80 HTTP Web Browsing? Anna Stand 80 IM Yahoo-IM Port 443 is an encrypted mystery 124.50.13.45 443 HTTPS Secure banking? Paul Donson 443 Email Google Gmail Other ports are being exploited 224.100.30.6 5060 SIP VoIP? John Buly 20129 P2P Orbit downloader Page 4

Beyond Threats Most traffic is not a threat-based but is application and data Application can be good, bad or in-between Good: saleforce.com Bad: badworm.exe In-between: P2P, Streaming video & audio Page 5

Common Question to Admin Where is this TRAFFICcoming from? What APPLICATIONS are really on network? Where is ALL my BANDWIDTHgoing? What are the THREATS?? Page 6

Device Expectation Application Awareness and visibility Integrated full IPS with out compromising performance Intelligent to identify Users Standard Firewall capabilities Multiple option deployments Page 7

Next Generation Firewall Page 8

NGFW Definition Stateful Inspection Intrusion Prevention Application Control SSL Decryption/Inspection By year-end 2014[Next-Generation Firewall] will rise to 35%of the installed base, with 60% of new purchases being NGFWs. Source : Gartner NGFW Research note Page 9

What NGFW should do Identify application/users regardless Ports =/ Applications IP Addresses =/ Users Packets =/ Content Protect in real-time against threats Granular visibility and policy control Application access / Functionality Multi-gigabit with no performance Degraded Page 10

Control Network, Users & Traffic Bandwidth Manage OR Block By User or Group with Exception By Schedule By App (Category, App, Function) Page 11

Architecture and Engine Page 12

Architecture makes a difference Page 13

NGFW Technology Next Generation Requirements Consolidated & Integrated Security Technology Application Visibility -Inspection of Real-time & Latency Sensitive Applications/Traffic Scalable & High Performing Enough to Protect Against Perimeter and Internal Network Challenges Solution Features Multi-Tiered Protection Technology Patented Re-Assembly Free DPI (RFDPI) Multi-Core High Perf. Architecture Page 14

RFDPI Engine Page 15

Dynamic Security Architecture 1. DPI protect against network risks 2. Multi core scan in real-time 3. Dynamic network protections Page 16

Procedures Page 17

NGFW Features Application intelligent control Gateway Security Intrusion Protection Service (IPS) Anti-Virus and Anti-Spyware URL Filtering Service Bandwidth Management (QoS) User Authentication Page 18

Application intelligent control Page 19

Application Visibility Important Apps Unimportant Apps Page 20

Powerful Application Policy Creation Allow IM, but block File Transfer Allow Facebook, but block Farmville Allow Facebook, but block all Facebook applications Page 21

Application Use Enforcement Policy: need all staffs use IE 9.0 Mission: Ensure all PCs are using IE 9.0 Solution: Create a policy to looks for User Agent = MSIE 9.0 in HTTP Allows IE 9.0 traffic and block other browsers Page 22

Deny FTP Upload Need to make sure the authorized staff can upload file and on one can upload Create a policy to allow only certain people FTP PUT Page 23

Block Forbidden Files and Notify An EXE file from being downloaded as an email attachment from being transferred via FTP Create a policy to block forbidden file extension Page 24

Keep P2P Under Control P2P applications steal bandwidth and bring with malicious file P2P application simple changes a version number Create a policy to detect P2P application Page 25

Application Flows Page 26

Application Flows (Table View) Page 27

User Flows Page 28

Gateway Security Page 29

Gateway Security Page 30

Intrusion Protection Service (IPS) Application vulnerabilities, Buffer overflows Scanning (worms, Trojans, software vulnerabilities, backdoor exploits, and other types of malicious attacks) Utilizing a comprehensive signature database Focusing on known malicious traffic decreases false positives increasing network reliability and performance. Page 31

Gateway Anti-Virus and Anti-Spyware High-performance engine scans viruses, spyware, worms, Trojans and application exploits Continually updated database threat signatures Inter-zone scanning delivers protection also between internal network zones Page 32

Content Filtering Service Page 33

Content Filtering Service Page 34

Content Filtering Service Granular content filtering Dynamically updated rating architecture Application traffic analytics Easy-to-use web-based management High-performance web caching and rating architecture IP-based HTTPS content filtering Scalable, cost-effective solution Page 35

Bandwidth Management Page 36

Managing Streaming Video The site such as Youtube block the site might work but the best answer could be to limit the bandwidth Create a policy to limit streaming video Page 37

Control Bandwidth Page 38

User Authentication Page 39

Directory Integration Users no longer defined solely by IP address Manage and enforce policy based on user and/or AD group Understand user application and threat behavior based on AD, LDAP Page 40

Internal DB/Single Sign-on Users Page 41

Protection Visions Page 42

Topology#1: Many-to-One Datacenter Protect servers from outside IPS feature performed Focusing on known malicious traffic Page 43

Topology#2: Many-to-Many External Protect users from surfing internet Outbound Protection Control application usages Shape user bandwidth Page 44

Topology#3: Many-to-Many Internal LAN Concept for Internal protection Users to Datacenter / Server Farms Protect malware infect to servers Restrict user access Page 45

Solutions Page 46

Best Practices First, identify and block all bad applications Second, safely enable all good applications Solid research and support fast deployment of new protections Sustained high performance firewall + IPS platform Page 47

Buyer Models Customer Premise Equipment (CPE) As-a-Service Page 48

Providers System Integrator MSSP Page 49

Difference System Integrator Hardware Ownership CPE One-Time Implement MA provided Admin Maintenance MSSP Low cost of Ownership As-a-Service One-Time Implement Device Management Security Monitoring Security Analyst Proactive Maintenance Align with SLA Page 50

Summary Benefits of NGFW All-in-one functionality Greater visibility and control Simplified management Better security Lower total cost of ownership Page 51

Questions www.i-secure.co.th

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback