1. Bütünlesik Güvenlik Çözümü� ��beyaz.net�Mart, 2006
2. Sorular: Bilgisayarlariniza kaç virüs veya trojan bulasti?
Güvende oldugunuzdan emin misiniz?
Kaç çesit güvenlik çözümü kullaniyorsunuz?
Güvenlik çözümlerini kayitlarini takip edip önlem alabiliyor musunuz?.
Güvenlik çözümlerindeki sikintilari tesbit edebiliyor musunuz?
3. Güvenlik saldirilarinin sayisi hizla artiyor… Security is at the forefront
There has been an explosion in the number of security incidents reported
Similar growth for vulnerabilities, viruses
Corporate or consumer now faces on an ongoing basis, including hacks, port scans, ID theft, malware infection
The key question is how is the security threat affecting my business, or my customers’ business
Creating and managing a security policy / strategy
Applying dedicated resources, up to CSOs
Measuring the ROI on security spend
Bad news is that it can only get worse Security is at the forefront
There has been an explosion in the number of security incidents reported
Similar growth for vulnerabilities, viruses
Corporate or consumer now faces on an ongoing basis, including hacks, port scans, ID theft, malware infection
The key question is how is the security threat affecting my business, or my customers’ business
Creating and managing a security policy / strategy
Applying dedicated resources, up to CSOs
Measuring the ROI on security spend
Bad news is that it can only get worse
4. Güvenlik Tercihleri IT spending is now alive again
After three yr downturn, now on the rise again
Recent survey shows 48% of companies in Asia will spend more on IT this year
The IT market in China will grow by 18 percent in 2004
IT security spending is growing twice as fast at IT spending
As shown, top priorities are AV, IDS/IDP & FW
IT Administrators are the ones on the front line
But as companies shift more business processes to web services IT admins are being asked to more with less resources
UNi example – many companies wait to get hit
IT spending is now alive again
After three yr downturn, now on the rise again
Recent survey shows 48% of companies in Asia will spend more on IT this year
The IT market in China will grow by 18 percent in 2004
IT security spending is growing twice as fast at IT spending
As shown, top priorities are AV, IDS/IDP & FW
IT Administrators are the ones on the front line
But as companies shift more business processes to web services IT admins are being asked to more with less resources
UNi example – many companies wait to get hit
5. Güvenlik Maliyetleri 78% 1-19 employees
10%, no security
Computer virus (91.1%) are the most prevailing form of computer attack, followed by hacking (13.5%) and denial of service (5.6%).78% 1-19 employees
10%, no security
Computer virus (91.1%) are the most prevailing form of computer attack, followed by hacking (13.5%) and denial of service (5.6%).
6. Tehdit ve Çözümler Vendors have responded the growing range of threats by developing a corresponding range of point solutions. Firewalls, VPN technology, and intrusion detection systems were all designed to deal with connection-based attacks. These systems generally work by inspecting packet headers – i.e. the addresses and the protocols – but do not analyze the application-level content carried by the packets. True application-level threat analysis (e.g. antivirus, content filtering, etc.) is almost always done using software applications that run on hosts, rather than in the network infrastructure itself. This leads to several problems: First, performance of host-based, application-level security software is usually very slow. In addition, point solutions leave gaps in protection that are exploited by attackers. Its no surprise that new attacks are usually designed to slip through the cracks between individual, point-protection systems. If you’re robbing a bank, you don’t attack at the thickest part of the vault!
Vendors have responded the growing range of threats by developing a corresponding range of point solutions. Firewalls, VPN technology, and intrusion detection systems were all designed to deal with connection-based attacks. These systems generally work by inspecting packet headers – i.e. the addresses and the protocols – but do not analyze the application-level content carried by the packets. True application-level threat analysis (e.g. antivirus, content filtering, etc.) is almost always done using software applications that run on hosts, rather than in the network infrastructure itself. This leads to several problems: First, performance of host-based, application-level security software is usually very slow. In addition, point solutions leave gaps in protection that are exploited by attackers. Its no surprise that new attacks are usually designed to slip through the cracks between individual, point-protection systems. If you’re robbing a bank, you don’t attack at the thickest part of the vault!
7. Tehditler Computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of file and are spread as files that are copied and sent from individual to individual.
Worm: self-propagating, meaning that it independently searches for unprotected computers to infect.
A Trojan is malware that performs unexpected or unauthorized, often malicious, actions. The main difference between a Trojan and a virus is the inability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. If it replicates, then it should be classified as a virus.
Malicous mobile code: active code contained on a web page or HTML email
Easy to create: script kiddies, tutorial sites, many large-scale outbreaks resulted from accidents – ILOVEYOU as example
Computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of file and are spread as files that are copied and sent from individual to individual.
Worm: self-propagating, meaning that it independently searches for unprotected computers to infect.
A Trojan is malware that performs unexpected or unauthorized, often malicious, actions. The main difference between a Trojan and a virus is the inability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. If it replicates, then it should be classified as a virus.
Malicous mobile code: active code contained on a web page or HTML email
Easy to create: script kiddies, tutorial sites, many large-scale outbreaks resulted from accidents – ILOVEYOU as example
8. Yeni Tehditler New blended threats combine the functionality of viruses, worms, trojans, mobile code and now spam
Fast to propagate, expensive, difficult to secure, and contain
Started with NIMDA
Writers
Variants
Sobig.F
Interestingly, human engineering is still a key to infection
New blended threats combine the functionality of viruses, worms, trojans, mobile code and now spam
Fast to propagate, expensive, difficult to secure, and contain
Started with NIMDA
Writers
Variants
Sobig.F
Interestingly, human engineering is still a key to infection
9. “Maliyetler”
What’s in store for 2004? Rumor had it it would be much worse than 2003
So far so, right on track
MyDoom is worst outbreak ever
How is this affecting your business?
According to ICSA labs, over 80 % of businesses polled in their annual Virus Prevelance Survey suffered a virus disaster
What to expect for the rest of 2004?
What’s in store for 2004? Rumor had it it would be much worse than 2003
So far so, right on track
MyDoom is worst outbreak ever
How is this affecting your business?
According to ICSA labs, over 80 % of businesses polled in their annual Virus Prevelance Survey suffered a virus disaster
What to expect for the rest of 2004?
10. Bütünlesik Tehdit Yönetimi
11. Tam güvenlik için farkli farkli çözümlere ihtiyaç duyariz Gateway is best place to protect
Gateway is leading entry point
Point solutions
Issues
TOC
Management overhead
Security gaps
Performance
Gateway is best place to protect
Gateway is leading entry point
Point solutions
Issues
TOC
Management overhead
Security gaps
Performance
12. Birçok yeni tehdit standart güvenlik tehditlerini asabilmistir Slammer, LovSan/MSBlaster, SoBig, MyDoom
Birçok antivirus ve IDP tesbit edememistir.
Neden?
Antivirus sistemler sadece belli portlari filtrelerler
Mail (SMTP, POP3, IMAP), Web (HTTP), File Transfer (FTP)?
Yeni bazi tehditler antiviruslerin kontrol etmedigi protokolleri kullanirlar
RPC, TFTP, SQL, vb.
Intrusion Prevention sistemler genelde güçlükle yönetilirler.
Yeni ve farkli tipte saldirilar hizli güncelleme gerektirmektedir.
Saldirilarin ilk giriste tesbiti önem kazanmistir.
13. Stateful Inspection Firewall'larin isleyisi Let’s shift gears now and look a bit at the evolutions of firewall technology.
Majority of point-solution firewalls in place use stateful inspection
A stateful inspection firewall accepts or denies traffic based on the source IP address, destination IP address, source port, destination port and protocol.
10 yrs
Typically provide security at network layer
Has done as excellent job of balancing performance and throughput, but has limited capability beyond access rights
In point solution configuration, (general explanation)
Firewall interoperates w/ compilation of other security products
After checking policy and access right, packets are distributed in-line, in this example through through other standalone devices such as IDP, AV, CF
Let’s shift gears now and look a bit at the evolutions of firewall technology.
Majority of point-solution firewalls in place use stateful inspection
A stateful inspection firewall accepts or denies traffic based on the source IP address, destination IP address, source port, destination port and protocol.
10 yrs
Typically provide security at network layer
Has done as excellent job of balancing performance and throughput, but has limited capability beyond access rights
In point solution configuration, (general explanation)
Firewall interoperates w/ compilation of other security products
After checking policy and access right, packets are distributed in-line, in this example through through other standalone devices such as IDP, AV, CF
14. Firewal genelde içerik kontrolü yapmaz Most stateful inspection firewalls scan only the header for malicious content while leaving the actual data packet unchecked
Analogy: Looks at the envelope, but not what’s inside
Malicious content gets through
Most stateful inspection firewalls scan only the header for malicious content while leaving the actual data packet unchecked
Analogy: Looks at the envelope, but not what’s inside
Malicious content gets through
15. Deep Packet Firewall In the past couple of years, there has been a lot of discussion around the next generation of Firewall technology, “Deep Packet” Inspection.
In a general sense, deep packet inspection firewalls combine the functionality of stateful inspection firewall and Intrusion detection/prevention system capabilities
Combines firewall access control with IDP huerstics and attack signatures.
This moves the security service from network to the application layer and therefore better secures against content threats such as malware and protocol attacks
Requires specialized ASIC that deliver wire speed throughput
As shown above, after passing the deep packet firewall, depending an policy assigned to the packet stream, the content would then be parsed to AV and content filtering
In the past couple of years, there has been a lot of discussion around the next generation of Firewall technology, “Deep Packet” Inspection.
In a general sense, deep packet inspection firewalls combine the functionality of stateful inspection firewall and Intrusion detection/prevention system capabilities
Combines firewall access control with IDP huerstics and attack signatures.
This moves the security service from network to the application layer and therefore better secures against content threats such as malware and protocol attacks
Requires specialized ASIC that deliver wire speed throughput
As shown above, after passing the deep packet firewall, depending an policy assigned to the packet stream, the content would then be parsed to AV and content filtering
16. Bazi saldirilar yakalanamayabilir Issue with Deep Packet inspection
Some vendors talk about doing “packet-level” content scanning scanning for malware such as viruses and worms
But in reality, they are not scanning complete object, but rather strings of packets, or in some cases, individual packets
Malware writers leverage techniques like IP fragmentation that can are distribute a virus or worm over long stream of packets
Issue with Deep Packet inspection
Some vendors talk about doing “packet-level” content scanning scanning for malware such as viruses and worms
But in reality, they are not scanning complete object, but rather strings of packets, or in some cases, individual packets
Malware writers leverage techniques like IP fragmentation that can are distribute a virus or worm over long stream of packets
17. Komple Koruma: Complete content protection is a further stage in of firewalls and content protection evolution
Unifies the capability of stateful inspection, deep packet inspection and adds antivirus scanning and content filtering capabilities
Able to scan at file level, not just application level
Through consolidation CCP offers better performance, security, and management
Requires highly specialized platform
high throughput
packets only need to be scanned onceComplete content protection is a further stage in of firewalls and content protection evolution
Unifies the capability of stateful inspection, deep packet inspection and adds antivirus scanning and content filtering capabilities
Able to scan at file level, not just application level
Through consolidation CCP offers better performance, security, and management
Requires highly specialized platform
high throughput
packets only need to be scanned once
18. Içerik bazli saldirilari tesbit edebilmek için Deep Packet Inspection yeterli degildir. How does it work?
Complete content protection re-assemble the packets back into the original APPLICATION-level objects from which they were derived – i.e. the files, programs, etc.
THEN, once the original content has been re-created, you can scan it for viruses, worms, bad URLs, bad words, etc.
Uses combination of attack signatures, protocol analysis, huersitics, virus pattern signatures, content signatures
How does it work?
Complete content protection re-assemble the packets back into the original APPLICATION-level objects from which they were derived – i.e. the files, programs, etc.
THEN, once the original content has been re-created, you can scan it for viruses, worms, bad URLs, bad words, etc.
Uses combination of attack signatures, protocol analysis, huersitics, virus pattern signatures, content signatures
19. Stateful / Deep Packet Inspection / Complete Content Protection As shown here, complete content protection enables a wide range of security capabilities
As shown here, complete content protection enables a wide range of security capabilities
20. Bütünlesik Çözüm daha güçlü donanim gerektirir
21. Komple Koruma Where to find Complete Content Protection (and next gen security in general)?
In a purpose built, multi-function, hardware driven, upgradeable, security gateway
Where to find Complete Content Protection (and next gen security in general)?
In a purpose built, multi-function, hardware driven, upgradeable, security gateway
22. Karsilastirma Comparatively, what are the benefits:
Purpose built: ASIC-accelerated, Hardened OS, delivers fewer points of failure or security gaps
Multi-function: look for consolidation of FW, IDP, AV, CF (including AS) an also other capabilities such as HI, Traffic shaping, transparent mode
Manageability: easy to manage and apply security policy
Performance: real-time performance, GB performance
TCO: look for product licence vs. user-based license
Upgradeable platform: built-in security upgrade capability through new OS updates w/ new security features and capabilities
Comparatively, what are the benefits:
Purpose built: ASIC-accelerated, Hardened OS, delivers fewer points of failure or security gaps
Multi-function: look for consolidation of FW, IDP, AV, CF (including AS) an also other capabilities such as HI, Traffic shaping, transparent mode
Manageability: easy to manage and apply security policy
Performance: real-time performance, GB performance
TCO: look for product licence vs. user-based license
Upgradeable platform: built-in security upgrade capability through new OS updates w/ new security features and capabilities
23. Genel Güvenlik Altyapisi
24. “Yeni Jenerasyon”� �Içerik ve Saldiri Güvenligi � ��
25. Fortinet Uygulamalari FortiGate AV firewalls are complemented by a suite of tools and services that deliver a comprehensive network protection solution:
-The FortiResponse Network includes people and technical infrastructure deployed around the world that enables Fortinet to keep every FortiGate unit up-to-date and able to detect and repel the latest attacks.
-The FortiManager System is a global management tool that provides sophisticated, centralized admin for hundreds or thousands of FortiGate units for enterprises and service providers offering managed security services.
-FortiCARE services provide global, knowledgeable technical support 24x7x365FortiGate AV firewalls are complemented by a suite of tools and services that deliver a comprehensive network protection solution:
-The FortiResponse Network includes people and technical infrastructure deployed around the world that enables Fortinet to keep every FortiGate unit up-to-date and able to detect and repel the latest attacks.
-The FortiManager System is a global management tool that provides sophisticated, centralized admin for hundreds or thousands of FortiGate units for enterprises and service providers offering managed security services.
-FortiCARE services provide global, knowledgeable technical support 24x7x365
26. Genis ürün yelpazesi There’s a FortiGate model to support any performance or price requirement.There’s a FortiGate model to support any performance or price requirement.
27. Kenar korumasi
29. Özellikler Firewall
Anti-Virus, Anti-Malware
IDS - IDP
VPN
Content Filtering
FortiASIC, FortiOS
Trafic Shaping
Load Balance
30. FortiASIC
31. Network ve Firewall Özellikleri Multiple WAN Link
Multi Zone Support
Routing
Static Routing
OSPF, RIP
Policy based routing
Policy Based NAT
Virtual Domains
VLAN tagging
H.323 NAT Traversal
DNS, WINS, DHCP, PPPoE, Dynamic DNS support
NAT, Route, Transparent mode
32. Antivirus Özellikleri High Performance
The world’s only ASIC-based antivirus solution
First and only ICSA-certified, hardware-based AV gateway
Policy-based
Virus scanning
Full coverage of the “WildList” viruses Including polymorphic viruses
Quarantine of infected and suspicious files & blocking of oversized
Rapid threat reaction
Updated by Threat Response Team & FortiResponse™ Distribution Network
33. IPS Özellikleri High Performance
Network monitoring without performance degradation
NIDS supported on all interfaces simultaneously, including sub interfaces mapped to VLANs
Industry leading range of signature support
Signature database of close to 1,400 known attacks
Support for customer self-defined signatures
Signature-based attack recognition
Protocol anomaly detection and prevention
34 attack signatures covering TCP, UDP, ICMP and IP
Customizable
Attack list
e-mail alerts
34. VPN Özellikleri PPTP, L2TP and IPSEC
Dedicated Tunnels
Des, 3Des, Aes encryption
SHA-1, MD5 Authentication
IKE Certificate Authentication
IPSec NAT Traversal
DialUp Support
SSL VPN
35. Kullanici Özellikleri Local users
LDAP, RADIUS support
Active Directory support
Xouth over RADIUS support for IPSec VPN
IP/MAC address binding
Admin Users
Role based administration
Multiple administration level
Web and CLI interface (HTTPS and SSH)?
36. Yedekli Kullanim Özellikleri Fortigate Clustering Protocol
Active-Active
Active Passive
HA in transparent mode
Stateful failover for both firewall and VPN traffic within 3 seconds
Link status monitoring and failover
HA Alert
During failover, the FortiGate units in an HA group send an email and SNMP trap, and log the event.
37. Diger Özellikler ve Ürünler Anti Spam
Traffic Shaping
IM and P2P Filtering (Block and Limit)?
Logging
Integration
FortiAnalyzer
FortiMail
FortiManager
FortiClient
38. Referanslar Istanbul Büyüksehir Belediyesi
I.S.K.I.
BELBIM
I.E.T.T.
Marmara Üniversitesi Hastanesi
Haydarpasa Numune Hastanesi
Istanbul Maden ve Metal Ihracatçi Birlikleri
Gebze Fatih Devlet Hastanesi
Madicana Bahçelievler Hastanesi
Medicana Avcilar Hastanesi
NöroPsikiyatri Istanbul Hastanesi
Bursa Devlet Çocuk Hastanesi
Rize Sar Hospital
Alanya Can Hastanesi
Istanbul Hava Limanlari
M.S.B. Kalite Yönetim Baskanligi
Arsan Dogalgaz
Kadin Koordinasyon Merkezi
Final Dersaneleri
39. Tesekkürler!
