slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
InstantScan Content Manager PowerPoint Presentation
Download Presentation
InstantScan Content Manager

Loading in 2 Seconds...

play fullscreen
1 / 87

InstantScan Content Manager - PowerPoint PPT Presentation


  • 367 Views
  • Uploaded on

InstantScan Content Manager L7 Networks service@L7-Networks.com L7 Networks Inc. Agenda Company Profile L7 Missions L7 Investors Layer-7 Content Manager Part-I Market Demand Part-II Solutions Part-III Successful Cases Appendix-I Layer-7 App. Appendix-II Product Spec.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'InstantScan Content Manager' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
instantscan content manager

InstantScan Content Manager

L7 Networks service@L7-Networks.com

L7 Networks Inc.

agenda
Agenda

Company Profile

  • L7 Missions
  • L7 Investors

Layer-7 Content Manager

  • Part-I Market Demand
  • Part-II Solutions
  • Part-III Successful Cases
  • Appendix-I Layer-7 App.
  • Appendix-II Product Spec.
  • Appendix-III Patents
missions internal network security
Missions: Internal Network Security

InstantScan Content Mgr.

Catching Internal Thieves:

Employee internet content / behavior management

InstantLock Co-Defender

Defending Internal Attacks:

Isolate virus-infected PCs

Internal Threats

InstantBlock Application Firewall

Preventing External Attacks/Thieves:

Unified threat management

InstantQos Bandwidth Mgr.

Shaping Internal Traffic:

Manage P2P / streaming / VoIP / … by layer-7 in-depth classification

External

Threats

part i market demands

Part-IMarket Demands

Catching the Internal Thieves

what are your employees doing at work
What are your employees doing at work?

employee productivity killer

Internet Explorer for web sites

Outlook for emails

Looking for info for work?

Check out stock price first!

network performance

killer

Communicating for work?

Speak to lovers first!

MSN for chats

BT, ED2K, Xunlei

Download a movie back home for fun!!

survey studies
Survey & Studies
  • Heavy Usage
    • Gartner: >30% enterprise, <1% control (2005)
    • Radicati Group: >80% enterprise (2008)
  • Security Theats
    • WORM_KELVIR.A
    • WORM_FATSO.A
3 bandwidth stealers for downloads
3. Bandwidth stealers for downloads
  • P2P downloads
  • Illegal music
  • Illegal movies
  • ……
  • ……
  • Bandwidth inadequate for
  • HTTP
  • Email
  • ERP
  • ……
plug play
Plug & Play

Firewall

2005/03/25: NBL Editor’s Choice

Beat Facetime, Akonix

2005/12/01: National Innovation

Awards

L7

Content Manager

(stealth mode)

switch

5 step content management
5-Step Content Management

Step.4

Content Mgmt.

Step.1

Discovery

Step.2

Normalization

Step.3

Behavior Mgmt.

Step.5

Report Analysis

Anti-Virus

MSN file transfer

File Recording

IM Game

IM Chat

Chat Recording

IM Streaming

Keyword block

P2P Bandwidth Mgmt.

35 Mbps

20 Mbps

10 Mbps

Real-time Learning

Layer-7 to Layer-4 Normalization

Interactive Behavior Mgmt.

Deep Content Inspection

Offline Report / Analysis

1 employees with low productivity15
1. Employees with low productivity

Instantly respond

to employees in

Chat windows even

IS doesn’t have an

IP address

2 information leakage or virus16
2. Information Leakage or Virus

Price Book

Instant Warning

3 bandwidth stealers for downloads17
3. Bandwidth stealers for downloads
  • P2P downloads
  • Illegal music
  • Illegal movies
  • ……
  • ……

After installing InstantScan

  • Mission critical app.
  • HTTP
  • Email
  • ERP
  • ……
solutions
Solutions

manage / filter / record / audit employee’s IM & Web behaviors and contents to increase their productivity

built-in backend reports for 3-level analysis: (1) index for productivity, performance, security; (2) dashboards for summary; (3) detailed reports for inspection

Employee

Productivity

highspeed UTM hardware platform with intelligent 3-tier arch. for performance, availability, and reports

Layer-7

Visibility

understand the real applications running by your employees

Network

Performance

Internal

Security

limit P2P / P2SP traffic and guarantee mission critical traffic such as ERP, VoIP, Web traffic

prevent internal network users from virus/worm or information leakage by P2P / tunnel software, spyware, WebMail, WebIM, etc.

painless installation
Painless Installation?

WebSense / BlueCoat / FaceTime / IM Logic / Akonix require to setup every client to connect to the IM Proxy

Spam Wall

Tunneled IM cannot be managed

Virus Wall

IM@HTTP cannot be managed

IM Proxy data path

Inline-IDP

Firewall/VPN

Check website

for comparison

Content Mgmt.

IM

Proxy

What if IM is tunneled in WebMSN/Mail/HTTP/…?

Web

Proxy

What if IM behaves like Web Proxy?

step 0 no modification of networks
Step 0. No Modification of Networks

IM in port-80, proxy, socks4/5 can still be managed

Even in wireless/dhcp env, still can be managed by AD

Management

Server

DHCP

Server

Firewall/Router

Proxy

IS

switch

AD

Server

switch

3 tier architecture
3-Tier Architecture

Friendly user interfaces

Powerful reporting and alerts

Plug & play installation without modifying network arch.

5 step content management23
5-Step Content Management

Step.4

Content Mgmt.

Step.1

Discovery

Step.2

Normalization

Step.3

Behavior Mgmt.

Step.5

Report Analysis

Anti-Virus

MSN file transfer

File Recording

IM Game

IM Chat

Chat Recording

IM Streaming

Keyword block

P2P Bandwidth Mgmt.

35 Mbps

20 Mbps

10 Mbps

Real-time Learning

Layer-7 to Layer-4 Normalization

Interactive Behavior Mgmt.

Deep Content Inspection

Offline Report / Analysis

step 1 discovery app view
Step 1. Discovery (App. View)

Watch applications’ sessions and highlight tunneled IM sessions

step 2 setup l7 policy
Step 2. Setup L7 Policy

Scheduled updates to Application Patterns to manage application usage by defined time schedules

step 3 1 setup im policy for individuals
Step 3.1 Setup IM Policy for Individuals

IM management for individuals by (1) specific IM accounts, (2) learning, (3) registration, (4) AD name, (5) AD group

step 3 2 setup im behavior mgmt
Step 3.2 Setup IM Behavior Mgmt.

Define permission levels to facilitate individual IM policy deployment

step 3 3 setup im peers
Step 3.3 Setup IM Peers

Limit the peer for chat by individuals or groups

step 3 4 self defined policy violation warning messages
Step 3.4 Self-Defined Policy Violation Warning Messages

Multi-language support for all languages

step 3 4 setup bandwidth pipes
Step 3.4 Setup Bandwidth Pipes

Divide outbound bandwidth pipes by mouse drags

Divide inbound bandwidth pipes by mouse drags

step 4 1 setup im chat content management
Step 4.1 Setup IM Chat Content Management

Right click to define your own chatting keywords / groups

step 4 2 setup im file transfer content management
Step 4.2 Setup IM File Transfer Content Management

Right click to define your own filename keywords/groups

step 4 3 setup im file transfer anti virus
Step 4.3 Setup IM File Transfer Anti-Virus

Anyone who is infected with virus will be notified the name of the virus

step 5 1 multi level auditing levels
Step 5.1 Multi-level Auditing Levels

3-levels: admin/mis/audit to separate operating and auditing parties

accounting auditing
Accounting & Auditing

Anyone who is auditing others

should have themselves

well-audited so as to assist

customers to be compliant to

various regulations.

manufacturing
Manufacturing

Confidential information should be kept

as private as possible. InstantScan is

able to detect varieties of tunneled

software which may cause a lot of

security holes for information leakage.

semiconductor
Semiconductor

Confidential design sheet is the core

technology of IC design and must be kept

as private as possible. Anyone who use

IM to transfer confidential files can be

caught with strong evidence.

ic design
IC Design

Confidential design sheet is the core

technology of IC design and must be kept

as private as possible. Anyone who use

IM to transfer confidential files can be

caught with strong evidence.

banking stocks
Banking & Stocks

With a heavy usage of IM across the stock

transactions, they do need a tool to log and

record what the customers have issued to

the brokers, and what the brokers have

spoken to the internal dealers.

photodiode
Photodiode

Confidential design sheet is the core

technology of Photodiode and must be

kept as private as possible. Anyone who

use IM to transfer confidential files can be

caught with strong evidence.

electronics
Electronics

Confidential price book is the core

value of us to sale the chips and must be

kept as private as possible. Anyone who

use IM to transfer confidential files can be

caught with strong evidence.

media
Media

Confidential news are invaluable if they are kept in secret.

However, journalists communicate largely with IM so they

can share the resources. What is worse, internal staffs

may also use IM to tell other staffs in other companies.

However, IM is extremely convenient for communications

among internal staffs. We need L7 to control them.

slide48

Spin-off from the D-Link corporation, Alpha continued to

sue VIA Technology for the stolen confidential designs. In

the mean time, Alpha Networks put 4 InstantScan boxes

at the outbound links to control the use of IM so as to

gather the information of IM usage.

As the largest multi-level company in the world, Amway

continued to make itself conform to the toughest

regulations in order to keep its electrical communications

as secure as possible, just like what it had done to web

and emails.

slide49

Confidential patents are invaluable if they are kept in

secret. Biochemistry has become the most emergent

Industry that can boost revenue in the century. Just like

what health-care industry has emphasized, the data of the

patient or people under experiments is extremely

proprietary and never be leaked to anyone else. L7’s

InstantScan helps to control the usage of IM.

benefits for deploying instantscan
Benefits for Deploying InstantScan
  • Discovery
    • See who is actually using the network for what, especially in multi-culture environments which mix a huge number of applications.
  • L7 Firewall: IM / P2P / Tunnel / Streaming / VoIP / File-Transfer / …
    • Effective control the applications in your networks, either blocking or shaping
  • Content Manager: IM & Web
    • Selectively log/record employees' activities and contents for regulations and compliance.
    • Actively control the activities/contents instead of just logging/recording to prevent confidential information leakage while improving productivity.
  • Report & Analysis
    • log and archive for potential legal discovery needs or other purposes
    • Indication of employees' policy violations or productivity.
slide51
Layer-7

Content Manager

1 l7 support what applications
1. L7 support what applications?
  • Check Appendix II or L7 Web Portal
2 target customers and competitors
2. Target customers and competitors

IS-5000

Actively mgmt. + auditing

Competitor: Facetime/Akonix/ImLogic

Installation: Win

Function: Even

Price: win (no need to have 2 devices)

IS-1000

IS-100

UTM-oriented market. Need passive sniffing instead of active management. So L7 integrates IS+IB+IQ to penetrate this market

IS-50

IS-10

Competitor BlueCoat has dominated the proxy market by huge number of deployed proxies. Emphasize L7’s IM/P2P advantage while unneeded to change their proxy architecture

Passive auditing

Tiny

(<30)

Small

(<70)

Medium

(< 150)

Large

(<1000)

Huge

(<3000 people)

normalization step 1 step 2
Normalization: Step 1~Step 2

Step.4

Content Mgmt.

Step.1

Monitor

Step.2

Normalization

Step.3

Behavior Mgmt.

Step.5

Report Analysis

Anti-Virus

MSN file transfer

File Recording

IM Game

IM Chat

Chat Recording

IM Streaming

Keyword block

P2P Bandwidth Mgmt.

35 Mbps

20 Mbps

10 Mbps

Real-time Learning

Layer-7 to Layer-4 Normalization

Interactive Behavior Mgmt.

Deep Content Inspection

Offline Report / Analysis

general applications
General Applications
  • No mater which port they use
    • HTTP
    • SMTP
    • POP3
    • IMAP
    • FTP
instant messenger im
Instant Messenger (IM)
  • MSN: 6.2, 7.0, 7.5, 8.0 beta, Windows Live Messenger 8.0
  • Yahoo Messenger: 5.5, 6.0, 7.0, 8.0 beta, 8.0
  • ICQ: 2003pro, 4.14lite, 5.0
  • AIM: 5.9
  • QQ:
    • YamQQ-2003II, QQ-2003II, QQ-2003III, YamQQ-2004III, QQ-2004 formal edition,
    • YamQQ 2005 Formal Edition, QQ 2005 Beta2,
    • QQ 2005 Simplified Chinese Formal edition (include 珊瑚蟲增強包v4.0 Formal Edition)
    • qqfile: QQ2006Beta2, qqshare: QQ2006Beta2
  • Miranda: v0.4
  • Gaim: v1.30
  • Trillian: Basic 3.0
  • Google talk beta
  • Webim: include web-msn, web-aol, web-yahoo, web-icq
    • http://www.e-messenger.net/, http://e-messenger.net/, http://vweb.e-messenger.net/,
    • http://start.e-messenger.net/, http://hanoi.e-messenger.net, http://www.meebo.com/,
    • http://www.iloveim.com/, http://x??.iloveim.com/, http://hanoi.e-messenger.net,
    • http://webmessenger.msn.com/, http://www.icq.com/icq2go/, http://aimexpress.aim.com/
    • http://www.ebuddy.com
peer to peer p2p
Peer-to-Peer (P2P)
  • Bittorrent:
    • BitComet 0.54 / 0.6 / 0.67, Bitspirit 2.7, Mxie 0.6.0.2, utorrent 1.5, azureus 2.4
  • Kuro: m6, 2005 5.18
  • Edonkey:
    • Emule 0.42b/0.44d/0.45b, edonkey2000 V1.0, Overnet tested-version, utorrent v1.5, azureus v2.4
  • ezPeer+ v1.0beta
  • Directconnect: directconnect 2.205, dc++ 0.668
  • OpenFT: crazaa v3.55, Kceasy v0.14
  • Pigo: pigo v3.1, 100bao v1.2.0a
  • Kugoo: v2.03, v2.055, v3.10
  • Ares: 1.04
  • poco:
    • poco 2005
    • pp point (pp奌奌通) v2006
  • Fasttrack:
    • kazaa 2.7 / 3.0 / 3.2
    • grokster 2.6/2.6.5
    • iMesh 4.5 build 151 / 5.20 / 6.5
  • Gnutella:
    • ezpeer: 1999A6, 1999A10, BearShare Pro 4.6.2, Shareaza 2.1.0.0, Morpheus 4.6.1/ 4.7.1
    • Gnucleus 1.55, 2.0.9.0, Mxie 0.6.0.2, Foxy 1.8.6
voice over ip voip
Voice Over IP (VoIP)
  • Skype:
    • 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.5beta, 2.5.0.113
  • SkypeOut:
    • 1.4, 2.0
  • SIP:
    • TelTel 0.8.5.3, Wagaly TelTel 0.8.4, MSN Voice 7.5 , Yahoo Voice 7.0
  • H323:
    • NetMeeting: 3.01
tunnel ware
Tunnel Ware
  • hopster: Release 17
  • Httptunnel: v3.2, 3.4
  • Realtunnel: v0.9.9, 1.0.1
  • VNN: 2.1, 3.0
  • Softether: 1.0, 2.0
  • Tor: v0.1.0.1X, v0.1.1.22
  • JAP 00.05.022
  • YourFreedom 20060725-01
remote access
Remote Access
  • Windows remote desktop
  • VNC (Virtual Network Computing)
    • vnc, Ultra VNC 1.0.1, Win v3.3.7
  • Symantec pcAnywhere 10.5 / 11
  • NetOP Remote Control v9.00
  • Remote Administrator 2.2
streaming
Streaming
  • RTSP:
    • http://www.haody99.com/, MediaPlayer 10.0, RealPlayer 10.5
    • QuickTime 6.5, 7.0, KKBox: v1.0, v2.0, v2.2, RealOne 1.0, 2.0
    • MMS(Multimedia Messaging Service),
    • Yahoo music
      • (http://music.yahoo.com/, http://tw.music.yahoo.com/, http://music.yahoo.com.cn/)
  • - Shoutcast:
    • winamp 5.111 / 5.24
    • JetAudio 6.2
    • Icecast 2.3
  • Live365: Radio365 1.11 build17
  • Google Video(http://video.google.com/)
  • AOL Radio(http://music.aol.com/radioguide/bb.adp)
  • iTunes 6.0
  • TVAnts 1.0
  • PeerCast 0.1217
  • Napster (www.napster.com)
  • qqtv (qq直播; tv.qq.com) 3.2
  • ppstream 1.0
  • Webs-tv (http://www.webs-tv.net)
facetime s solution
Facetime’s Solution

Limited solution. Cannot control P2P bandwidth. Can block Skype

Require clients to assign proxy to IM Auditor

What if not set the proxy?

akonix s solution i
Akonix’s Solution (I)

Limited solution. Cannot control P2P bandwidth.

Cannot manage Skype

Require clients to assign proxy to IM Auditor

What if not set the proxy?

akonix s solution ii
Akonix’s Solution (II)

Limited solution.

Cannot control P2P bandwidth.

Cannot manage Skype

Cannot manage MSN / Yahoo / AOL / ICQ over random ports

nbl test report 2005 2 2373
NBL Test Report (2005/2/23)

FP: False positive, FN: False negative, N/A: Not available

nbl test report 2005 2 2374
NBL Test Report (2005/2/23)

FP: False positive, FN: False negative, N/A: Not available

nbl test report 2005 2 2375
NBL Test Report (2005/2/23)

FP: False positive, FN: False negative, N/A: Not available

nbl test report 2005 2 2376
NBL Test Report (2005/2/23)

FP: False positive, FN: False negative, N/A: Not available

nbl test report 2005 2 2377
NBL Test Report (2005/2/23)

FP: False positive, FN: False negative, N/A: Not available

nbl test report 2005 2 2378
NBL Test Report (2005/2/23)

Virus scanning is supported in advanced version

patent 1 postack tcp bw mgmt 1
Patent-1: PostACK TCP BW. Mgmt.(1)
  • Contributed to IEEE
    • IEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise Edges
    • IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management Systems
    • IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways
    • IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs
patent 1 postack tcp bw mgmt 2
Packeteer

TCP Rate Control

Window sizing

L7

PostACK

Delaying the reverse ACK

Patent-1: PostACK TCP BW. Mgmt.(2)
patent 2 softasic classification
Patent-2: SoftASIC® Classification

……..

Yahoo app. pattern

AOL app. pattern

MSN app. pattern

BT app. pattern

………

Step 1. Reassembly

pattern matching

Step 3. Cut-Thr

Forwarding

Step 2. Match!!

P2P/BT@HTTP

At most first 10 pkts can judge if this HTTP is BT

(average case: first 3 pkts can finish the process)

patent 3 multi stage inspection 1
Patent-3: Multi-Stage Inspection(1)
  • Standard@Any
  • HTTP
  • Proxy@HTTP@Any
  • Socks4@Any
  • Socks5@Any
  • ….

Spam Wall

Tunneled IM cannot be managed

Virus Wall

IM@HTTP cannot be managed

IM Proxy data path

Inline-IDP

Firewall/VPN

Content Mgmt.

IM

Proxy

Web

Proxy

patent 3 multi stage inspection 2
Patent-3: Multi-Stage Inspection(2)

IM Content Mgmt.

Engine

Step 3. Redirect

……..

Yahoo app. pattern

AOL app. pattern

MSN app. pattern

BT app. pattern

………

Step 1. Strip Headers

(socks4/5)

pattern matching

Step 2. Match!!

MSN@Socks@Any

patent 4 inline proxy stack 2
Patent-4: Inline-Proxy Stack(2)
  • Benefits:
  • True inline plug & play proxy stack
  • Stable user-space programming
  • Easy for SMP parallel processing

IM/Web Content Mgmt.

Engine

Inline-Proxy TCP Stack

Emulate original

IP/port while swapping sequence #

Queue

MSN@Socks@Any

slide87
Layer-7

Content Mgmt.

Expert