Transcript Firewall - Raz-Lee

Firewall
End-to-End Network Access
Protection for System i
Overview
Firewall
A solution which secures every type of access
to and from System i, within & outside the organization
Market Need
Hacking
• Open TCP/IP environment has increased System i risks
•
•
•
•
•
Many remote activities are now easy
Initiating commands
Installing programs
Changing data
Moving files
• Limited ability to log/block unauthorized access
Internal Fraud
• FBI Study: the most significant threat to an organization's
information systems comes from inside
• Control and follow-up on user access - a necessity
Firewall Features
Airtight protection from both internal and external threats
Covers more exit points than any other product
Protection from User Level to Object Level
Protects both incoming and outgoing IP addresses
Unique layered architecture - easy to use and maintain
Excellent performance - especially in large environments
User-friendly Wizards streamline rule definitions
Historical data statistics enable effective rule definition
Best-Fit feature formulates rule to suit each security event
Detailed log of all access and actions
Simulation Mode
Tests existing Firewall rules
Enables defining rules based on the simulation
Reports in various formats: e-mail, print-out, HTML/PDF/CSV
Firewall Scenario
Monday, Midnight
“OK, I’m bored…
Let’s do some quick hacking…”
Rob Black
Hacker
5 Minutes Later
“Got it! I’m inside IronTrust Bank systems.
I really need a new sports car…
Let’s extract a few hundred thousands...
Tuesday, Midnight
“OK, now let’s try SMART Insurance…
this should take about 5 minutes!
Rob Black
Hacker
One Minute Later
“Our Firewall just blocked a break-in attempt.
I’ll have the identity, time and IP address in a minute.”
Glenda Wright,
Information Security Manager,
SMART Insurance
5 Hours Later
“Hey, what are all those security layers?
And all these protected exit points…
I can’t get through… there goes my new car!”
Rob Black
Hacker
Firewall Info
Firewall Gateways
iSecurity Firewall Gateways
• IP Address
• User
• Verb
• File
• Library
• Commands
Other products’ Gateways
• IP Address
i5 server
Firewall Adds Another Security Layer
• Native IBM System i security – suitable
System i
for stand-alone systems
• External access bypasses IBM security
• System i is vulnerable in network
environments
Before
With Firewall
Firewall
Native IBM System i Security
Firewall
FTP
Internet
Network PC
Telnet
ODBC
Firewall - Layered Security Design
Exit Point Security
IP/SNA Firewall
User/Verb
Object
Reject
Allow
Level of Control
IP / SNA Name
to Service
User-to-Service/Verb/IP/Device/
Application
User-to-Object
Management Rights
Data Rights
FYI Simulation Mode
Emergency Override
Subnet Mask Support
Firewall User Groups
IBM Group Profiles
User/Group/Supplem
ental/ internal
groups & Generic
Names
Firewall - Layered Security Design (2)
Exit Point Control
Standard Firewall
User/Verb
Object
• FTP:
• FTP:
Authorities
Authorities
Based
Based
onon
IPIP
& User
& User, Home dir, CCSID, Encrypt…
• Telnet:
• Telnet:
Terminal
Terminal
based
based
onon
IP-Automatic
IP-SSL, Automatic
Signon Signon, Naming…
Remote
• Internet
(WSG):
(WSG):
User
User
to to
IPIP
address
address…
Logon • Internet
• Passthrough:
• Passthrough:
User
User*
to System
to System
name
(SNA),
(SNA)
Replace user…
3 Ways to Steal Your Data
Client Access File Transfer
Network Neighborhood
Drag & Drop
Firewall GUI
GUI Example
User Management
Generate Firewall Query
21
Edit a Firewall Query
22
Edit a Firewall Query
23
Firewall Suggests an Appropriate New Rule based on
Log Entry
Results
(historical log entries)
Current FW definitions
24
From Log: Get an Appropriate Rule Definition
25
From Log: Create Real-Time Detection Rule
26
From Log: “Create Detection rule” Populates the
Filter with Data from Request
27
Visualizer for Firewall
Visualizer
Visualizer
• Tool for presenting at-a-glance graphic views of log data from Firewall
• Immediate response to queries for any database size
• Analyzes network access activity (Firewall) and system journal events
(Audit) to pinpoint breaches and trends
29
How Visualizer obtains Firewall & Audit Data
Daily Log Files
Daily Log Files
Audit
Firewall
Firewall
Statistics
File
Night Maintenance
Job
Visualizer
30
Audit
Statistics
File
Visualizer – Analysis of Firewall Log
Example: Select Object…
32
Or: Select the Server
33
And Continue investigating, filtering by
Directory & down to the SQL Verb level!
34
Thank You!
Please visit us at
www.razlee.com