network g venli i ve atak nleme z mleri akademik bili im 2006 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 PowerPoint Presentation
Download Presentation
Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006

Loading in 2 Seconds...

play fullscreen
1 / 42

Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 - PowerPoint PPT Presentation


  • 191 Views
  • Uploaded on

Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006. Orhan ORTAÇ orhan_ortac@3com.com. Agenda. History and Trend 3Com’s Security Strategy Security Solutions 3Com Tippingpoint IPS (Intrusion Prevention System) 3Com X505 Firewall Correct solution. 3Com Confidential. 2.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006' - violet


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network g venli i ve atak nleme z mleri akademik bili im 2006

Network Güvenliği Ve Atak Önleme ÇözümleriAkademik Bilişim 2006

Orhan ORTAÇ

orhan_ortac@3com.com

agenda
Agenda
  • History and Trend
  • 3Com’s Security Strategy
  • Security Solutions
    • 3Com Tippingpoint IPS (Intrusion Prevention System)
    • 3Com X505 Firewall
  • Correct solution
history and trend virus worm
History And Trend – [ Virus & Worm ]
  • 1949 : First virus program idea
  • 1984 : Called “Virus” – (Fred Cohen)
  • 1986 : First PC virus [Brain]
  • 1987 : Lehigh
  • 1988 : Jerusalem . . .
  • 1992 : Total of 1300 known virus. [18 New Virus /Month]
  • 2001 : Nimda
  • 2003 : Blaster
  • 2004 : Sasser
slide5

Internet

History And Trend - Historical Network Configuration

Router

Firewall

Trusted Zone

Marketing

Financial

DesktopPCs

Switch

Engineering

Mail

Sales

CAD

slide6

History And Trend - Historical Network Configuration

To: 115.13.73.1

From: 66.121.11.7

FTP-21

HTTP-80

Sub 7-6776

Quake-26000

SMTP-25

history and trend what about atacks
History And Trend – [ What about atacks? ]
  • Microsoft is the most popular O.S.
  • Weak applications has vulnerabilities
  • Protocol based vulnerabilities
    • TCP / IP
    • SMTP / FTP ...
  • VoIP vulnerabilities
  • Low level administration

~2500 known atack types !

slide8

HTTP-80

History And Trend –Today’s Firewall Configurations

FTP-21

BackOrifice-31337

SMTP-25

history and trend summary
History And Trend - Summary
  • Increasing rate of new vulnerabilities and decreasing time to patch
  • IT complexity hinders security practice implementation
  • Increasing number of attacks and attackers
  • Walk-in worms, e-mail attacks, spyware
  • More connected end points on the network
  • Increasing number of applications
  • VoIP Deployment
  • Lack of IT resources

Security

Gap

Security Demands

Business Security Capacity

Time, Business Growth

customer requirements1
High network performance and uptime

High level information security

Automated security control

Centralized management

Customer Requirements
3com s security strategy what is the strategy
3Com’s Security Strategy - What is the strategy ?

Secure Network

  • Overlaid or Embedded Security
  • Adaptive and Dynamic Protection
  • Automatic and Centrally Manageable

Security

Converged

Converged Network

  • Multi-service Network
  • Synergy between infrastructure elements
  • Edge-to-Core Coverage

Networks

Customer Benefits

  • Business Continuity
  • Capital Efficiency and Cost Reduction
  • Corporate Control and Visibility
3com s security strategy the 3com offer
Inline, wire-speed blocking of malicious traffic

Integrated Firewall, IPS, VPN, URL Filtering

3Com TippingPoint IPS

3Com X505

3Com’s Security Strategy - The 3Com Offer
security solutions security appliance evolution
Security SolutionsSecurity Appliance Evolution

1998

1999

2000

2001

2002

2003

2004

2005

2006

Performance concerns begin to shift FW market towards appliances

FW and IPSec bundled

Layer 7 inspection and SSL VPN introduced

ASICs, acceleration and HA become commonplace

VoIP, L7 and multi-service platforms drive performance requirements

Security proliferates in switches

Firewalls increasing in importance to large enterprise

Firewall appliances equal 53% of mkt

Security is a choke point

IDS appliances equal 24% of mkt

FW/VPN appliances equal 63% of mkt

IDS/IPS appliances equal 49% of mkt

CKPT, ISS, & SCUR introduce appliances

SSL / IPSec / FW / IPS appliances begin to proliferate

Standalone SSL integrates other security services

Source: Frost & Sullivan

security solutions tippingpoint closes the gap with intrusion prevention

Signature

Protocol

Anomaly

Vulnerability

Ultra-High

Performance

Custom Hardware

  • 5 Gbps Throughput
  • Switch-Like Latency
  • 250K Sessions/Second
  • Total Flow Inspection
  • 64K Rate Shaping Queues
  • 10K Parallel Filters

Application Protection

Intrusion

Prevention

Systems

Infrastructure Protection

Performance Protection

Filtering Methods

Security Solutions TippingPoint Closes the Gap with Intrusion Prevention

Traffic

Anomaly

security solutions application protection defends clients and servers
Security Solutions Application Protection – Defends Clients and Servers

Protect:

  • Microsoft Applications & Operating Systems
  • Oracle Applications
  • Linux O/S
  • VoIP

From:

  • Worms/Walk-in Worms
  • Viruses
  • Trojans
  • DDoS Attacks
  • Internal Attacks
  • Unauthorized Access
  • Performs Total Inspection at Layers 2-7
  • Protects Vulnerabilities
  • Protects Perimeter and Internal Network
  • Provides Day-Zero Attack Protection
  • Eliminates Emergency Patching Triage
  • Prevents Application and O/S Damage/Downtime

Application Protection

Intrusion

Prevention

Systems

Infrastructure Protection

Performance Protection

security solutions infrastructure protection defends network equipment
Security Solutions Infrastructure Protection – Defends Network Equipment

Protect:

  • Routers (e.g. Cisco IOS)
  • Switches
  • Firewalls (e.g. Netscreen OS, CheckPoint FW1)
  • VoIP

From:

  • Worms/ Walk-in Worms
  • Viruses
  • Trojans
  • DDoS Attacks
  • SYN Floods
  • Traffic Anomalies
  • Protects Network Equipment Vulnerabilities
  • Protects Against Anomalous Traffic Behavior
    • Automatic Baselining
    • Rate Limit, Block, or Alert on Thresholds
  • Supports Custom IP filters, ACLs

Application Protection

Intrusion

Prevention

Systems

Infrastructure Protection

Performance Protection

security solutions performance protection defends overall network performance
Security Solutions Performance Protection – Defends Overall Network Performance

Protect:

  • Bandwidth
  • Server Capacity
  • Mission-Critical Traffic

From:

  • Peer-to-Peer Apps
  • Unauthorized Instant Messaging
  • Unauthorized Applications
  • DDoS Attacks
  • Increases Network Performance Even When Not Under Attack
  • Rate Limits Non-Mission Critical Applications
    • Eliminates Bandwidth Hijacking
    • Controls Rogue Applications
    • Eliminates Misuse and Abuse
    • Controls Peer-to-Peer Traffic

Application Protection

Intrusion

Prevention

Systems

Infrastructure Protection

Performance Protection

security solutions quarantine a utomatic protection
Security Solutions Quarantine Automatic Protection

Quarantine Process

  • Client Authenticates via SMS
  • SMS acts as Radius proxy, learns MAC/Switch/Port from Switch via RADA

RADIUS

  • EVENT: Illegal Activity
  • SMS resolves IP to MAC
  • MAC Address is placed into a blacklist and policy set
  • SMS forces re-authentication of compromised device
  • Device is contained within the set policy at the access switch ingress port

2

SMS

4

5

Safe

Zone

1

3

Core

6

TippingPoint IPS

7

Access Switches

Clients

Breach to Containment in under 5 seconds

security solutions security management system
Security Solutions Security Management System
  • Hardware is included with SMS purchase and software ispre-installed
  • Installation Ease
  • Scalable
  • Enterprise-wide security policy management
    • Port-by-port policy
    • Device-by-device policy
slide23

Security Solutions IPS and Switching Infrastructure

Internet

Home Users Using WLAN/Broadband

Router

Mobile Devices

Firewall

Mkt

Supplier Connectedto Sales Server

Financial

WAP

Switch

Engineering

TrustedZone

Mobile Users Connected to LAN

CAD

Mail

Sales

security solutions tippingpoint product line

50 Mbps

1x10/100/1000

Segment

100 Mbps

1x10/100/1000

Segment

200 Mbps

2x10/100/1000

Segment

400 Mbps

4x10/100/1000

Segment

1.2 Gbps

4x10/100/1000

Segment

2.0 Gbps

4x10/100/1000

Segment

5.0 Gbps

4x10/100/1000

Segment

Security

Management

System

Security Solutions TippingPoint Product Line
security solutions automatic digital vaccines

Vulnerability Analysis

Raw Intelligence Feeds

Vaccine Creation

Security Solutions Automatic Digital Vaccines

SANS

CERT

Vendor Advisories

Bugtraq

VulnWatch

PacketStorm

Securiteam

@RISK

Weekly Report

Digital Vaccine Automatically Delivered to Customers

Filter Types

  • Signature
  • Vulnerability
  • Traffic and/or Statistical Anomaly

Scalable distribution network using Akamai’s 9,700 servers in 56 countries

security solutions tippingpoint awards
Security Solutions TippingPoint Awards

SC Global Awards 2005 – Principal AwardsTippingPoint was named the Best Security Solution in the 2005 SC Global Awards for the best overall solution for dealing with today’s threats to information security and the protection of corporate information assets.

Common Criteria CertificationTippingPoint is the first Intrusion Prevention System (IPS) to obtain all four government-validated protection profiles: analyzer, sensor, scanner and system.

SC Magazine Best BuyTippingPoint was selected by SC Magazine as a "Best Buy" in their group test of intrusion prevention products.

IDG Network Awards 2004 WinnerTippingPoint is the winner of the "Network Protection Product of the Year" from IDG and TechWorld.com. The prestigious IDG awards recognize the very best in the industry and reward companies for innovative and effective use of networking technology.

Frost and Sullivan 2005 Network Security Infrastructure Protection Entrepreneurial Company of the YearTippingPoint was named the 2005 Network Security Infrastructure Protection Entrepreneurial Company of the Year by Frost & Sullivan.

eWeek Labs Analyst's Choice AwardTippingPoint's IPS ably handled both real and staged attacks on week Labs' test network, attached to the Internet for nearly a week.

Information Security Magazine

2004 Product of the YearTippingPoint was selected by Information Security Magazine as "2004 Product of the Year" for Intrusion Prevention Systems.

NSS Gold AwardTippingPoint’s Intrusion Prevention System is the first and only product to win the coveted NSS Gold Award in the IPS space.

The Tolly Group "Up To Spec"Performance and security benchmark. TippingPoint's IPS demonstrated 100% security accuracy at 2 Gbps.

CompTIA "Best New Product"TippingPoint's Intrusion Prevention Systems were named "Best New Product" in the hardware category at the Executive Breakaway 2003 Conference hosted by CompTIA in Halifax, Canada.

eWeek Excellence AwardTippingPoint's Intrusion Prevention Systems received the "Enterprise Resource Protection" eWeek Excellence Award announced in the April 5, 2004 issue of eWeek Magazine.

SC Magazine Best Buy of 2004TippingPoint's was selected by SC Magazine as a "Best Buy in 2004" for intrusion prevention

InfoWorld 100University of Dayton, a TippingPoint customer, was recognized as a technological leader and awarded with the 'InfoWorld 100' for its advancements made through implementing TippingPoint's Intrusion Prevention Systems.

SANS "Trusted Tool"TippingPoint’s Intrusion Prevention System has been selected as a "Trusted Tool" by the SANS Institute, the world's premier security research and training organization.

University Business Magazine "Show Stopper" AwardTippingPoint's Intrusion Prevention Systems were awarded the "Show-Stopper" at the 2003 Educause Conference in Anaheim, California.

integrated security platform built on ips
Integrated Security Platform Built on IPS

Bandwidth Management

Multicast Routing

Web Filtering

Firewall

VPN

IPSec VPN to transform the Internet into a secure converged network for multi-site connectivity

Provide support for next generation IP conferencing applications

To protect against offensive web content and enforce acceptable usage policies

QoS and bandwidth management to improve network performance and provide policy based traffic shaping

Traditional firewall technology to provide access control and policy enforcement

IPS

Industry leading TippingPoint IPS technology and Digital Vaccine protection

IPS is the core function that creates value in, and serves as the foundation of, the X505. All other features are accessories to the IPS core.

what is the tippingpoint x5 05
What is the TippingPoint X505
  • Integrated Security Platform – GA 12/1/05
    • Combining Market Leading IPS with …
      • Firewall, IPSec-VPN, Web content filtering, routing & policy based traffic shaping
    • Same TippingPoint Digital Vaccine
    • Same Threat Suppression Engine
    • Enhanced Local Security Manager
  • Extreme Flexibility
    • For example: Apply IPS and traffic shaping inside VPN tunnels
  • Delivering Secure Converged Networks
    • For Distributed Multisite Organizations
  • “All-in-One” Integrated Security Platform
      • FW, IPS, VPN, Routing, Multicast, NAT, Web Filtering, Traffic Shaping, etc
        • Device status/Health/TOS/DV updates capability at GA. Cannot configure the IPS policy from SMS. Future roadmap will have full SMS support
tippingpoint x505 hardware
TippingPoint X505 Hardware
  • Hardware
    • Rack mountable form factor
    • 4 x 10/100 Ethernet ports
    • Inbuilt IPSec hardware acceleration (up to AES-256)
    • On-box URL filtering
  • Performance
    • 50+ Mbps IPS
    • 50+ Mbps IPSec VPN (3DES/AES-256)
    • 100+ Mbps Firewall Throughput
    • Supports over 1,000 VPN tunnels
    • 5000 Connections per second
    • 128,000 Concurrent Sessions
tippingpoint closes the gap with intrusion prevention

Vulnerability Analysis

Raw Intelligence Feeds

Weekly Vaccine Distribution

Application Protection

Infrastructure Protection

Performance Protection

TippingPoint Closes the Gap with Intrusion Prevention

Signature

Protocol

Anomaly

Vulnerability

Traffic

Anomaly

SANS

CERT

Vendor Advisories

Bugtraq

VulnWatch

PacketStorm

ZDI

Intrusion

Prevention

Systems

@RISK

Weekly Report

Filtering Methods

tippingpoint x505 firewall
TippingPoint X505 Firewall
  • Stateful packet inspection
    • Numerous built-in application layer gateways (SIP, H323, etc)
  • Policy Classification
    • Services (pre-defined, custom & groups)
    • Source / Destination Security Zone
    • Source / Destination IP Address / Address group
    • Schedule – Time of day / day of week
    • User Authentication – forces user auth for access to policy
  • Policy Actions
    • Deny / Allow / Content Filter
    • Traffic Shape
tippingpoint x505 vpn

Wireless

Zone 2

DMZ

Zone 1

TippingPoint X505

Regional Office

Wide Area

Mobile Workers

VPN

TippingPoint X505

TippingPoint X505

Branch Offices

TippingPoint X505 VPN
  • Low latency IPSec hardware crypto
    • DES, 3DES, AES-128, AES-192 & AES-256
  • Keying Modes
    • Manual, IKE + shared secret, IKE + X509 Cert
  • Support for VPN Clients
    • Native IPSec, PPTP, L2TP/IPSec (Microsoft standard)
  • Advanced Features
    • Ability to terminate tunnel into any security zone
    • IP Multicast routing over IPSec (PIM-DM)
    • IKE keep alive / NAT traversal
    • DHCP over VPN
tippingpoint x505 traffic shaping

FTP

WWW

TippingPoint X505 Traffic Shaping

Internet

Guest

Internet Only

Guest HTTP Traffic – Low QoS

VPN

Corporate LAN Traffic – Medium QoS

Employee

Authenticated VPN Zone

IP Telephone

Authenticated VPN Zone

VoIP Traffic – High QoS

Internet

Dynamic allocation of bandwidth to maximize resources

  • By policy
  • Both inbound & outbound directions
  • For any application
  • Both inside & outside of VPN tunnel
  • Multiple policies create various zones
tippingpoint x505 summary
TippingPoint X505 Summary
  • VPN
    • DES, 3DES, AES-256
    • Manual key, IKE PSK, X509 certificates
    • Terminate onto any security zone
    • Support PPTP, L2TP/IPSec & IPSec VPN clients
  • Web Content Filtering
    • Manual allow / deny lists
    • Keyword / regular expression
    • Content Filter service (40+ categories) – supplied in conjunction with SurfControl Inc
  • Traffic Shaping
    • Stateful, policy based traffic shaping (zone, service, schedule, etc)
    • Full policy control (application, service, zone, schedule, etc)
    • Inbound / outbound rate limiting
    • Inside / outside VPN tunnel
    • Guaranteed, maximum, priority
  • Routing
    • Static, RIP v1/2
    • IP multicast over VPN (PIM-DM & IGMP)
  • Hardware
    • Rack mountable form factor
    • 4 x 10/100 Ethernet ports
    • 1 x dedicated 10/100 management port
    • Inbuilt IPSec hardware acceleration (up to AES-256)
  • Performance
    • 50+ Mbps IPS
    • 50+ Mbps IPSec VPN (3DES/AES-256)
    • 100+ Mbps Firewall Throughput
    • Support over 1,000 VPN tunnels
    • Supports 50 independent VLAN policies
  • IPS
    • Industry leading – same DV as TippingPoint dedicated IPS systems
    • Application, Infrastructure & Performance, Spyware, Phishing, P2P & ZDI protection
  • Firewall
    • Stateful packet inspection
    • Object based policy engine
    • NAT, PAT, virtual servers
    • Inter-VLAN & VPN firewall enforcement
security solutions unified enterprise management

Remote LAN Monitoring

Remote LAN Topology

Network Configuration Snapshot & Rollback

VPN Topology & Monitoring

WAN

Topology

Intuitive Device Management

WAN Usage / Profiling

Unified bulk software upgrade / configuration backup

Root cause analysis

Unified fault management for LAN, WAN, Voice & Security

Security SolutionsUnified Enterprise Management

+

=

Secure IX

Unbeatable Combination

security solutions tippingpoint the company
Security SolutionsTippingPoint – The Company
  • The Proven Leader in Intrusion Prevention (Nasdaq: TPTI  COMS)
    • Launched industry’s first intrusion prevention solution, January 2002
    • Awarded major industry accolades for Intrusion Prevention
    • TippingPoint becomes a division of 3Com Corporation, January 2005
      • 125 employees based in Austin, Texas (growing daily!)
  • Research Leaders of the Industry
    • Digital Vaccine group monitors cyber threats
    • Provide intelligence for SANS @Risk newsletter
    • Founded VOIPSA
  • Best-of-breed Technology and Execution
    • Tens of millions of dollars invested in core technology R&D
    • Solutions are built first for network performance, then security capabilities
    • Highly parallel, custom packet-processing ASIC technology
      • 10,000 Parallel Filters
      • Microsecond Latencies
    • Patent-pending technologies (10) that deliver unmatched performance