Download
Skip this Video
1 / 25
BroadWeb IPv6 安全產品發展策略 - PowerPoint PPT Presentation
- By geri
- Follow User
- 143 Views
- Uploaded on
BroadWeb IPv6 安全產品發展策略. 威播科技 陳鴻彬 hbc@broadweb.com. IPv6 網路上潛在的 安全與管理問題. Redirect attacks Denial-of-service attacks Flooding denial-of-service attacks Application Layer attacks Worm (Slapper) Rogue Devices IPv4/v6 共存問題 P2P. IPv6 L3-L4 Spoofing.
Download Presentation 
An Image/Link below is provided (as is) to download presentation
PowerPoint Slideshow about 'BroadWeb IPv6 安全產品發展策略' - geri
An Image/Link below is provided (as is) to download presentation
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
IPv6 網路上潛在的安全與管理問題
- Redirect attacks
- Denial-of-service attacks
- Flooding denial-of-service attacks
- Application Layer attacks
- Worm (Slapper)
- Rogue Devices
- IPv4/v6共存問題
- P2P
- ==> spoof mitigation at aggregation points easy to deploy
- 2001::/16—IPv6 Production
- 2002::/16—6to4 Tunneling
- 2003::/16—RIPE
- 3FFE::/16—6Bone Testing
- Unfortunately each subnet (even at the local level) still has a huge range of addresses to spoof
- IPv6 Address Are Globally Aggregated
2001::/16
2001:0600::/23
2001:0200::/23
2001:0400::/23
IPv4 , IPv6 共存問題
- Attacks on dual stacks:
IPv4 入侵偵測
Attacker
Server
IPv4SQL Injection 攻擊
192.168.0.254
192.168.0.100
IPv4 IPS
IPv6SQL Injection 攻擊
3ffe:501:ffff:100::202
3ffe:501:ffff:100::201
BEMS server
192.168.0.252
IPv4 ,IPv6 入侵偵測
Attacker
Server
IPv4 SQL Injection 攻擊
192.168.0.254
192.168.0.100
IPv4 ,IPv6 IPS
IPv6SQL Injection 攻擊
3ffe:501:ffff:100::202
3ffe:501:ffff:100::201
192.168.0.252
BEMS server
BroadWeb IPv4/v6 IPS
- 2006/3/8 ---->
NICI
- Support 10G interface
- Support IPv4/IPv6 Dual Stacks
- Support 6 to 4 & 4 to 6 tunnels
NetKeeper過去擁有的功能
- Anti-Intrusion 阻擋駭客入侵
- Anti-DoS/DDoS 阻擋分散式阻斷服務攻擊
- Anti-Worm 阻擋網路蠕蟲
- Anti-Trojan/Back Door 阻擋木馬,後門程式
- Anti-P2P 阻擋P2P分享下載程式
- Anti-IM 阻擋即時聊天程式
- Anti-Tunnel 阻擋Tunnel軟體使用
- Anti-WebMail 阻止經由WebMail洩漏機密文件
- Anti-Web Post 防止網業資料上傳
- H/W S/W bypass 軟硬體旁路設計
新一代NetKeeper新增特色
- 增強Evasion入侵閃避偵測能力
- 增強Spyware間諜軟體防護能力
- 阻絕間諜軟體模組安裝
- 防止間諜軟體透過網路回報私密資訊
- Virtual Patch虛擬補釘Signature技術,可有效預防零時差攻擊(Zero-Day attack)
- 採用BroadWeb專利之BASTA之State Machine Signature技術,可有效解決加密P2P等應用程式之辨識問題
新一代NetKeeper新增功能
- 多網段保護 (Multi-Segment IPS/IDS)
- Virtual IPS
- 不同VLAN配置不同Policy
- Multiple Rule Sets 多套政策群組
- Rate Limit頻寬限制
- Quota Limit流量管制
- AA/AS HA Support
- Mirror Port Support
- 可用於搭配內容側錄與Sniffer系統
- Device Utilization Present
- CPU/Memory 使用狀況顯示
- 即時頻寬狀態與事件分佈狀態顯示儀表板
- 支援IPv4/IPv6雙軌併行網路環境
BroadWeb NetKeeper最主要優勢
- 曾獲ICSA/NSS雙項國際認證
- 全中文化(包括Signature說明)
- 與多家SOC整合
- 內建Cooper/Optical光纖HW/SW Bypass及HA功能
- 認識超過300種以上之Application (其中P2P超過150種)
- 可處理多種加密P2P及Tunneling
- 可辨認Skype
- 對於IM,可針對特定功能,如:Chat,File Transfer,Video…等分開管理
BroadWeb NetKeeper最主要優勢
- 具備Virtual Patch Signature能力,可預防Zero Day Attach
- 具備FlowBit Signature專利技術可利用State Machine處理加密P2P
- 具備最完善的User Define功能
- IPv6 Support
- Reporting System不額外收費
- 部份機種具有集中管理功能,可用於大型專案(需搭配SAC集中控管系統,需額外購買SAC License)
- 機種最完備
- 國內IPS市佔率最高,客戶群最多,遍及各領域
- 原廠在國內,Support能力最強
- 每月均有訓練課程開課
- 同級產品性價比最好
華電1G
東森1G
NGN 骨幹路由器
FOT
國中/小 L3/L2 Switch or 路由器
L2/L3 Switch
國中/小
Core Switch
共同Server
機房辦公室
電腦教室
教室、辦公室
電腦教室
VoIP
他校WLAN漫遊用戶
WLAN
XX縣/市教育網路NGN計劃華電1G
東森1G
IPv6/v4 IPS (1Gbps)
IPv6/v4 IPS (1Gbps)
NGN 骨幹路由器
FOT
IPv6/v4IPS (1Gbps)
- v4/v6 IPS
- V4/v6 P2P 管制/限頻
IPv6/v4 IPS (200Mbps)
同一台設備
國中/小 L3/L2 Switch or 路由器
L2/L3 Switch
IPv6/v4 IPS (200Mbps)
國中/小
Core Switch
共同Server
機房辦公室
電腦教室
教室、辦公室
電腦教室
VoIP
他校WLAN漫遊用戶
WLAN
XX縣/市教育網路NGN計劃BroadWeb下一階段產品
- IPv4/v6 UTM
- IPv4/v6 Qos Device
- P2P Management
- Qos
Further Work in IPv6 Security
- Support IPv6 DNS
- Home network security model with IPv6
- Peer---Internet---Peer
- Security In Cloud ?
- BotNet in IPv6
