Transcript D-SWAT
VigorPro100 Unified Security Firewall DrayTek Corp. Confidential Agenda UTM VigorPro100: Unified Security Firewall Web Portal and Service Flow Competition Analysis Live Demo Confidential VigorPro100 Anti-Virus Alert IDP Alert Dual WAN Up to 2 DMZ ports (share with LAN ports) Up to 4 LAN Ports Wireless 802.11b/g Printer Server Confidential Threats and Solutions Damage Anti-Spam Host-based web filter Anti-spy ware IDS, IPS Host-base Anti-virus IM/P2P Firewall: DDoS, Sync flood… Confidential Firewall Restrict access to certain, IP, ports or services that administrator does not want unauthorized people do – Packet filter • Network level • Source/destination IP, source/destination port(TCP/UDP) (L3/L4) – Application gateway (proxy server) • Host using various forms of proxy servers to proxy traffics instead of routing it • Capable of inspect the content(L7) Confidential NIDS Confidential NIDS NIDS can detect unsuccessful attack by anomalous protocol or traffic behavior Signature: specific patterns base on known vulnerabilities or exploits Confidential IPS Intrusion Prevention System Intrusion Detection and Prevention IPS(IDP) = in-line mode IDS Confidential IDS v.s. IPS Firewall Firewall Confidential IDS v.s. IPS IDS Structure Sniffer mode Action IPS In-line mode Co-work with Reset firewall to reset connection or traffic connection drop packet Confidential Hacking Steps Confidential Attack Sophistication Dos, DDOS Buffer overflow SQL injection Trojan, backdoor Virus, worm, spyware Spoofing Phishing Intruder Knowledge Attack Sophistication Source: CERT Confidential UTM Unified Threat Management Gateway/firewall integrated with multiple security functions – Feature integration • • • • • Intrusion detection/intrusion protection Anti-virus Application filters Content filters VPN – Converged Voice/Data • IP voice: security and QoS Confidential Why UTM More add-on value – Integrated functionality, all-in-one – Network level protection Reduce management efforts – Separate device: independent logging and multiple GUI – Easy configuration & management – Easy troubleshooting – ……… …….. Confidential UTM Market Trend Total Revenue of security firewall 2003: $1.6B UTM v.s. VPN Firewall – UTM=$105M – Legacy VPN Firewall=$1.5B 57%: 43% 6%: 94% Total revenue will reach $3.45B(AVG +17% growth rate/yr) by 2008. – The sales from UTM will exceed that of legacy VPN firewall 2003 2008 UTM VPN Firewall Source: IDC Confidential UTM Market Share NetScreen (5.0%) Others (9.5%) FortiNet (29.5%) ServGate (9.5%) Secure Computing (21.7%) Symantec (22.9%) UTM market share 2003 world-wide, Source: IDC Confidential UTM VigorPro100: Unified Security Firewall Web Portal and Service Flow Competition Analysis Live Demo Confidential Unified Security Solution • Supporting level • Management level • Application level D-SWAT VigorView/ WEB UI / CLI Telnet / Syslog VPN CPA QoS IM/P2P Blocking Anti-Intrusion Anti-Virus • Kernel level • Board level DrayOS CICP Scan Engine Confidential VPN DES Engine Network-level Protection Block viruses/IDP at the point of network entry – Provide protection of all hosts inside network edge before threats intrude Confidential Content-based Protection Scan all major network applications – – – – – POP3/SMTP/IMAP4 FTP HTTP ZIP/GZIP/BZIP2 VPN tunnel Confidential MSSI MSSI™(Multi-Stack Stateful Inspection) – The patent-pending technology developed by DrayTek – Inline scanning – No proxy: scan on the fly, real-time response – Cross packets inspection – No file size limitation ** The methodology of proxy-based virus scanning is a patent of TrendMicro http://www.trendmicro.com/en/about/news/pr/archive/2005/pr080905.htm Confidential Format Parser Stack Decoder Stack Decompression Stack victim Confidential High Performance Hardware-accelerated scan engine – CICP: Content Inspection Co-Processor – High throughput, low latency Confidential IM/P2P IM(Instant Message)/P2P(Peer-to-Peer) – Application to deliver text, document, picture, audio, web-phone, conference… through internet IM: MSN, Yahoo messenger, ICQ… P2P: eMule, Edonkey, KazaA, Bit Torrent, Skype Confidential IM/P2P in Business Pros – Instant and efficient communication or conference – Freeware, free rate Cons – Reduce productivity: employees use it for personal purpose during business hour – Security hole • Virus, worms, spyware • Confidential material or information could be easily disclosed – P2P file-sharing ware against law in some countries – Waste bandwidth Confidential Manage IM/P2P Allow or block Time scheduled Confidential Web Content Filter Manage internet access, prevent internet misuse – Make the network away from gaming, chat room, porno, file-sharing … website – Improve employee productivity – Reduce the risk of legal liability as result of improper internet activity Confidential Web Content Filter Category Website: 4 groups, 41 categories Time scheduled Powered by SurfControl Confidential Dual WAN Load balance: share the internet traffic Bandwidth fail-over Bandwidth On Demand Configurable internet access mode: PPPoE, DHCP client, Static IP and PPTP Confidential Lower TCO Total Cost of Ownership – The all-in-one unified security firewall – Multi-functionality, single IP management • Too complicated to manage discrete network components • All functionality can be managed and troubleshooting remotely • no IT personnel truck-roll required – D-SWAT Confidential UTM VigorPro100: Unified Security Firewall Web Portal and Service Flow Competition Analysis Live Demo Confidential VigorPro, D-SWAT and Service Confidential D-SWAT The DrayTek Security Warning and Anti-attack Team Research –Hacking technique analysis –Virus sample collection & analysis –Exploit collection & analysis Service –Security portal website –Virus signature update –Security advisories –News letter Training –Hacking Techniques –Incident handling Confidential Service Flow: AV/IDP Step 3 DrayTek Service portal •Step 1. End user purchases VigorPro100 From DrayTek’s reseller Step 2 Internet Distributor/ reseller Step 1 •Step 2. Log on www.vigorpro.com, become MVP Residential SOHO SMB users •Step 3. Activate or extend AV/IDP services Confidential Member of Vigor Protection www.vigorpro.com visitor D-SWAT online advisory New signature alert User profile update news alert subscription Registration User Product registration Product maintenance delete/reinstall/rename/transfer Service Activation/ Extension Virus/IDP signature download D-SWAT business hour tech support Confidential Submit virus to DT Lab Member of Vigor Protection Want to Become DrayTek’s MVP ?? Visit www.vigorpro.com and registration Confidential Get Your Network Protected by Becoming DrayTek’s MVP Knowledge Center for network threat – Online threat advisory by D-SWAT – Online virus, exploit analysis – Most updated news alert Extended service: AV/IDP/Web Content Filter – – – – Product registration and maintenance Service activation Service extension Dedicated tech support by D-SWAT Confidential Product Registration Product’s nick name Product serial number Authentication code (MAC address) Confidential Product Maintenance Confidential Service Maintenance Product rename Product delete Product & service is transferred RMA, service is transferred Confidential Beta Program Beta sample availability: now Firmware: v2.6.0_rc6 or above Signature: DrayTek in house www.vigorpro.com MVP beta: – Provide AV/IDP license key for beta signature download – The MAC address needs to be stored in DrayTek’s server prior to get VigorPro100 registered Beta issue: [email protected] Confidential License Key Projection Type A B IDP Anti-Virus DrayTek DrayTek -V DrayTek -KL V D-SWAT business hour technical support Confidential UTM VigorPro100: Unified Security Firewall Web Portal and Service Flow Competition Analysis Live Demo Confidential Market Segment vs Requirement Host Number -- 500 -- 50 Enterprise Branding Sensitive Non-stop networking 24/7/365 support On-site Installation & Maintenance EMS for Integrated Mgmt/log/report Medium Business Small Business -- 20 -- 5 SOHO/Branch/ Teleworker Confidential Price Sensitive Business hour support Technical consult CMS for easy mgmt Price Sensitive PnP or limited configuration Office hour technical support Confidential Interface Comparison against FortiGate 50A Dual WAN failover/LB Wireless SuperG 108Mbps USB Printer Server DMZ CICP + MSSI inline scan All ports front access, Rack-mountable Proxy-based scan architecture Two USB ports Local RS-232 console Confidential Interface Comparison against TZ 170 series Dual WAN failover/LB, DMZ TZ170 needs to upgrade to enhanced OS$ Wireless SuperG108Mbps TZ170 wireless 802.11b/g USB Printer Server CICP + MSSI inline scan All ports front access, Rack-mountable Dual WAN/analog failover/LB/failback, enhanced OS$ Gateway-enforced AV client, SMTP/POP3, limited node Confidential Interface Comparison against ZyWALL 5 Dual WAN failover/LB Wireless SuperG 802.11b/g cardbus USB Printer Server DMZ CICP + MSSI inline scan All ports front access, Rack-mountable Optional cardbus slot Local RS-232 console Analog dial back up Confidential Key Feature Comparison Confidential Renewal Fee Renewal fee depends on PERFORMANCE of security gateway, no matter AV/IDP or web content filter function VigorPro 100 FortiGate 50A TZ 170 /SonicWALL ZyWALL 5 /ZyXEL Basic Support & Maintenance Package for FortiGate Systems (includes hardware/firmware maintenance, AV/NIDS updates, email support) FortiGate System Model Support Plan Part Number Renewal 2 Year 3 Year 5 Year Contract Contract Contract Contract First Year Contract FG50A FC-30-00051-019-00-DD $107.25 $143.00 $243.10 $343.20 $514.80 FG60 FC-30-00060-019-00-DD $131.45 $215.10 $310.70 $442.15 $657.25 FG100 FC-30-00100-019-00-DD $186.45 $305.10 $440.70 $627.15 $932.25 For EMEA area Confidential TCO: Take TZ170 as Example Confidential TCO Index – – – – – – Host number supported Feature enhancement via OS update Signature: AV, IDP Web content filter VPN client Supporting and maintenance Confidential Victim 172.16.3.136 Attacker 192.168.1.10 Confidential END Confidential