1 / 18

Code : STM#530

Distribution. ED01. English. Code : STM#530. OfficeServ7400 Security Introduction. Samsung Electronics Co., Ltd. Objectives. After successful completion of the course the trainees should be able to execute the following activities. Contents. VPN. IDS. VPN. Overview. IPSec

angeni
Download Presentation

Code : STM#530

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Distribution ED01 English Code : STM#530 OfficeServ7400 Security Introduction Samsung Electronics Co., Ltd.

  2. Objectives • After successful completion of the course the trainees should be able to execute the following activities.

  3. Contents VPN IDS

  4. VPN

  5. Overview • IPSec • System to system : Need GWIMS D-board • PPTP/L2TP • System to Node or Server to Client (ex: PC) • Don’t need GWIMS D-board IPSec Branch #1 Remote User Office 본사 PPTP, L2TP Internet VPN Tunneling Branch #2 Serial 2Mbps Serial 2Mbps Private Line

  6. payload payload Internet payload payload payload payload What’s VPN ? • Tunnel Mode (don’t support Transport mode) • Tunnel Protocol (IPSec, L2TP/PPTP) • Key Management : IKE, ISAKMAP, X.509, pre-shared • Authentication : MD5, SHA-1 • Encryption : AES,3DES • Transform Protocol : AH, ESP Mobile User VPN S/W Remoteaccess payload BusinessPartner Headquarters Tunnel VPN S/W Extranet encryption VPN new header payload payload Branch VPN payload Intranet payload VPN payload

  7. comparison

  8. IP header AH IP payload Authenticated except for mutable fields in ‘IP header’ IP header ESP header IP payload ESP trailer ESP auth Encrypted Authenticated New IP header AH IP header IP payload Authenticated except for mutable fields in ‘New IP header’ New IP header ESP header IP header IP payload ESP trailer ESP auth Encrypted Authenticated IPSec • Transport Mode • Tunnel Mode

  9. IKE • Phase 1 • Generate IKE key • Main mode, aggressive mode • Authentication • Pre-shared key • Digital Signature • Public key encryption • Revised public key encryption • Phase 2 • Generate IPSEC key • Quick mode

  10. OfficeServ VPN • 2. Choose Phase 1 / Phase 2 parameters. • 1. Configuration • 3. Check status

  11. OS 7200 OS 7400 Tunnels 100 Tunnels 1024 Tunnels Chip Hifn 7951 CN 1120 IPSec, PPTP, L2TP Protocol Phase 1(main), Phase 2(quick) Phase 1(main, aggressive), Phase 2(quick) ISAKMP 3DES 3DES, AES Encryption RSA, Pre-shared key, X.509 Authentication Specifications of the OfficeServ

  12. IDS

  13. Functions • Real-time detection and response to network based attacks • backdoor, DoS, DDoS, anomalous network access, etc. • Using web management • Support almost all kinds of protocol used in Internet • Intrusion detection according to risk level • High, medium, low • Correspond to intrusion detection • Log audit • IP blocking as linked with firewall • Report to admin using e-mail about detected attacks • 5 categories : Intrusion Type, Source IP, Destination IP, Port, Port scan • Rule update

  14. Rule Update • Sourcefire VRT Certified Rules • Official rules of snort.org (www.snort.org) • Three ways to obtain these rules: • Subscribers (a charge) • Online web subscriber • Receive real-time rules updates as they are available • Registered users (Free) • Online web subscriber • Can access rule updates 5days after release to subscription users • Unregistered users (Free) • Receive a static ruleset at the time of each major Snort Release • CANNOT use for GWIM (limited to commercial use!)

  15. Rule Update • Open Community Rulesets • Submitted by members of the open source community • Release to users without basic tests • not to ensure that new rules will not break Snort • Distributed under the GPL • Freely available to all open source Snort users

  16. Using Snort • Three main operational modes • Sniffer • Packet logger • Network Intrusion Detection System • (Forensic Data Analysis Mode)

  17. Network Environment 165.213.109.2 165.213.109.254 165.213.146.134 • • • • • Send an attack packet pattern or packet pattern similar to attack Untrusted Network Mail Server 165.213.88.100 Internet Send a packet pattern similar to attack Trusted Terminal ManagementPC WAN1 165.213.89.238 165.213.87.230 10.0.0.1 LAN Important File Server Internal Network

  18. Samsung Electronics Co., Ltd.

More Related