broadweb ipv6 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
BroadWeb IPv6 安全產品發展策略 PowerPoint Presentation
Download Presentation
BroadWeb IPv6 安全產品發展策略

Loading in 2 Seconds...

play fullscreen
1 / 25

BroadWeb IPv6 安全產品發展策略 - PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on

BroadWeb IPv6 安全產品發展策略. 威播科技 陳鴻彬 hbc@broadweb.com. IPv6 網路上潛在的 安全與管理問題. Redirect attacks Denial-of-service attacks Flooding denial-of-service attacks Application Layer attacks Worm (Slapper) Rogue Devices IPv4/v6 共存問題 P2P. IPv6 L3-L4 Spoofing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'BroadWeb IPv6 安全產品發展策略' - geri


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
broadweb ipv6

BroadWeb IPv6 安全產品發展策略

威播科技

陳鴻彬

hbc@broadweb.com

slide2
IPv6 網路上潛在的安全與管理問題
  • Redirect attacks
  • Denial-of-service attacks
  • Flooding denial-of-service attacks
  • Application Layer attacks
  • Worm (Slapper)
  • Rogue Devices
  • IPv4/v6共存問題
  • P2P
slide3

IPv6 L3-L4 Spoofing

  • ==> spoof mitigation at aggregation points easy to deploy
  • 2001::/16—IPv6 Production
  • 2002::/16—6to4 Tunneling
  • 2003::/16—RIPE
  • 3FFE::/16—6Bone Testing
  • Unfortunately each subnet (even at the local level) still has a huge range of addresses to spoof
  • IPv6 Address Are Globally Aggregated

2001::/16

2001:0600::/23

2001:0200::/23

2001:0400::/23

ipv4 ipv6
IPv4 , IPv6 共存問題
  • Attacks on dual stacks:
slide7
IPv4 入侵偵測

Attacker

Server

IPv4SQL Injection 攻擊

192.168.0.254

192.168.0.100

IPv4 IPS

IPv6SQL Injection 攻擊

3ffe:501:ffff:100::202

3ffe:501:ffff:100::201

BEMS server

192.168.0.252

ipv4 ipv68
IPv4 ,IPv6 入侵偵測

Attacker

Server

IPv4 SQL Injection 攻擊

192.168.0.254

192.168.0.100

IPv4 ,IPv6 IPS

IPv6SQL Injection 攻擊

3ffe:501:ffff:100::202

3ffe:501:ffff:100::201

192.168.0.252

BEMS server

ipv4 ipv69
IPv4 , IPv6 共存問題
  • Attacks on 6 to 4 tunnels

The Internet (IPv4)

6to4 Tunnel

Network A

Network B

broadweb ipv4 v6 ips
BroadWeb IPv4/v6 IPS
  • 2006/3/8 ---->

NICI

  • Support 10G interface
  • Support IPv4/IPv6 Dual Stacks
  • Support 6 to 4 & 4 to 6 tunnels
netkeeper
NetKeeper過去擁有的功能
  • Anti-Intrusion 阻擋駭客入侵
  • Anti-DoS/DDoS 阻擋分散式阻斷服務攻擊
  • Anti-Worm 阻擋網路蠕蟲
  • Anti-Trojan/Back Door 阻擋木馬,後門程式
  • Anti-P2P 阻擋P2P分享下載程式
  • Anti-IM 阻擋即時聊天程式
  • Anti-Tunnel 阻擋Tunnel軟體使用
  • Anti-WebMail 阻止經由WebMail洩漏機密文件
  • Anti-Web Post 防止網業資料上傳
  • H/W S/W bypass 軟硬體旁路設計
netkeeper12
新一代NetKeeper新增特色
  • 增強Evasion入侵閃避偵測能力
  • 增強Spyware間諜軟體防護能力
    • 阻絕間諜軟體模組安裝
    • 防止間諜軟體透過網路回報私密資訊
  • Virtual Patch虛擬補釘Signature技術,可有效預防零時差攻擊(Zero-Day attack)
  • 採用BroadWeb專利之BASTA之State Machine Signature技術,可有效解決加密P2P等應用程式之辨識問題
netkeeper13
新一代NetKeeper新增功能
  • 多網段保護 (Multi-Segment IPS/IDS)
  • Virtual IPS
    • 不同VLAN配置不同Policy
  • Multiple Rule Sets 多套政策群組
  • Rate Limit頻寬限制
  • Quota Limit流量管制
  • AA/AS HA Support
  • Mirror Port Support
    • 可用於搭配內容側錄與Sniffer系統
  • Device Utilization Present
    • CPU/Memory 使用狀況顯示
  • 即時頻寬狀態與事件分佈狀態顯示儀表板
  • 支援IPv4/IPv6雙軌併行網路環境
broadweb netkeeper
BroadWeb NetKeeper最主要優勢
  • 曾獲ICSA/NSS雙項國際認證
  • 全中文化(包括Signature說明)
  • 與多家SOC整合
  • 內建Cooper/Optical光纖HW/SW Bypass及HA功能
  • 認識超過300種以上之Application (其中P2P超過150種)
  • 可處理多種加密P2P及Tunneling
  • 可辨認Skype
  • 對於IM,可針對特定功能,如:Chat,File Transfer,Video…等分開管理
broadweb netkeeper18
BroadWeb NetKeeper最主要優勢
  • 具備Virtual Patch Signature能力,可預防Zero Day Attach
  • 具備FlowBit Signature專利技術可利用State Machine處理加密P2P
  • 具備最完善的User Define功能
  • IPv6 Support
  • Reporting System不額外收費
  • 部份機種具有集中管理功能,可用於大型專案(需搭配SAC集中控管系統,需額外購買SAC License)
  • 機種最完備
  • 國內IPS市佔率最高,客戶群最多,遍及各領域
  • 原廠在國內,Support能力最強
  • 每月均有訓練課程開課
  • 同級產品性價比最好
slide19
三明治 V.S.漢堡方案

三明治方案

Firewall

Internet

Intranet

DMZ

漢堡方案:加量不加價!

Firewall/UTM

Internet

Intranet

IPS1

IPS2

DMZ

xx ngn

區網

華電1G

東森1G

NGN 骨幹路由器

FOT

國中/小 L3/L2 Switch or 路由器

L2/L3 Switch

國中/小

Core Switch

共同Server

機房辦公室

電腦教室

教室、辦公室

電腦教室

VoIP

他校WLAN漫遊用戶

WLAN

XX縣/市教育網路NGN計劃
xx ngn21

區網

華電1G

東森1G

IPv6/v4 IPS (1Gbps)

IPv6/v4 IPS (1Gbps)

NGN 骨幹路由器

FOT

IPv6/v4IPS (1Gbps)

  • v4/v6 IPS
  • V4/v6 P2P 管制/限頻

IPv6/v4 IPS (200Mbps)

同一台設備

國中/小 L3/L2 Switch or 路由器

L2/L3 Switch

IPv6/v4 IPS (200Mbps)

國中/小

Core Switch

共同Server

機房辦公室

電腦教室

教室、辦公室

電腦教室

VoIP

他校WLAN漫遊用戶

WLAN

XX縣/市教育網路NGN計劃
broadweb
BroadWeb下一階段產品
  • IPv4/v6 UTM
  • IPv4/v6 Qos Device
    • P2P Management
    • Qos
further work in ipv6 security
Further Work in IPv6 Security
  • Support IPv6 DNS
  • Home network security model with IPv6
    • Peer---Internet---Peer
    • Security In Cloud ?
  • BotNet in IPv6