Transcript Enterprise Council Comms overview

Network Güvenliği Ve
Atak Önleme Çözümleri
Akademik Bilişim 2006
Orhan ORTAÇ
[email protected]
Agenda
• History and Trend
• 3Com’s Security Strategy
• Security Solutions
– 3Com Tippingpoint IPS (Intrusion Prevention System)
– 3Com X505 Firewall
• Correct solution
1
History And Trend
3Com Confidential
2
History And Trend – [ Virus & Worm ]
• 1949 : First virus program idea
• 1984 : Called “Virus” – (Fred Cohen)
• 1986 : First PC virus [Brain]
• 1987 : Lehigh
• 1988 : Jerusalem . . .
• 1992 : Total of 1300 known virus. [18 New Virus /Month]
• 2001 : Nimda
• 2003 : Blaster
• 2004 : Sasser
3
History And Trend Historical Network Configuration
Internet
Router
Firewall
Trusted
Zone
Marketing
Financial
Desktop
PCs
Switch
Engineering
CAD
Mail
Sales
4
History And Trend Historical Network Configuration
5
History And Trend – [ What about atacks? ]
• Microsoft is the most popular O.S.
• Weak applications has vulnerabilities
• Protocol based vulnerabilities
– TCP / IP
– SMTP / FTP ...
• VoIP vulnerabilities
• Low level administration
~2500 known atack types !
6
History And Trend –
Today’s Firewall Configurations
7
History And Trend - Summary
–
–
–
–
–
–
–
–
Increasing rate of new vulnerabilities and decreasing time to patch
IT complexity hinders security practice implementation
Increasing number of attacks and attackers
Walk-in worms, e-mail attacks, spyware
More connected end points on the network
Increasing number of applications
Security
VoIP Deployment
Gap
Lack of IT resources
Business Security Capacity
Time, Business Growth
8
Customer Requirements ?
3Com Confidential
9
Customer Requirements
• High network performance and uptime
• High level information security
• Automated security control
• Centralized management
10
What is the best strategy?
3Com’s Security Strategy
3Com Confidential
11
3Com’s Security Strategy What is the strategy ?
Secure Network
• Overlaid or Embedded Security
• Adaptive and Dynamic Protection
• Automatic and Centrally Manageable
Security
Converged
Converged Network
• Multi-service Network
• Synergy between infrastructure elements
• Edge-to-Core Coverage
Networks
Customer Benefits
• Business Continuity
• Capital Efficiency and Cost Reduction
• Corporate Control and Visibility
12
3Com’s Security Strategy The 3Com Offer
• 3Com TippingPoint IPS
• Inline, wire-speed blocking
of malicious traffic
• 3Com X505
• Integrated Firewall, IPS,
VPN, URL Filtering
13
Security Solutions
Intrusion Prevention System
3Com Tippingpoint IPS
3Com Confidential
14
Security Solutions
Security Appliance Evolution
1998
1999
Firewalls
increasing in
importance to
large enterprise
2000
2001
Performance
concerns begin to
shift FW market
towards
appliances
FW and IPSec
bundled
Firewall
appliances equal
53% of mkt
Security is a choke
point
2002
2003
Layer 7 inspection
and SSL VPN
introduced
ASICs,
acceleration and
HA become
commonplace
IDS appliances
equal 24% of mkt
FW/VPN
appliances equal
63% of mkt
2004
2005
VoIP, L7 and multiservice platforms
drive performance
requirements
IDS/IPS
appliances equal
49% of mkt
CKPT, ISS, &
SCUR introduce
appliances
2006
Security
proliferates in
switches
SSL / IPSec / FW /
IPS appliances
begin to proliferate
Standalone SSL
integrates other
security services
Source: Frost & Sullivan
15
Security Solutions
TippingPoint Closes the Gap with Intrusion
Prevention
Ultra-High
Performance
Custom Hardware
 5 Gbps Throughput
 Switch-Like Latency
 250K Sessions/Second
 Total Flow Inspection
 64K Rate Shaping Queues
 10K Parallel Filters
Application Protection
Intrusion
Preventio
n
Systems
Infrastructure Protection
Performance Protection
Filtering Methods
16
Security Solutions
Application Protection –
Defends Clients and Servers
Application Protection
Intrusion
Prevention
Systems
Infrastructure Protection
Performance Protection
• Performs Total Inspection at Layers 2-7
• Protects Vulnerabilities
Protect:
 Microsoft Applications
& Operating Systems
 Oracle Applications
 Linux O/S
 VoIP
From:
 Worms/Walk-in Worms
 Viruses
 Trojans
 DDoS Attacks
 Internal Attacks
 Unauthorized Access
• Protects Perimeter and Internal Network
• Provides Day-Zero Attack Protection
• Eliminates Emergency Patching Triage
• Prevents Application and O/S Damage/Downtime
17
Security Solutions
Infrastructure Protection –
Defends Network Equipment
Application Protection
Protect:
 Routers (e.g. Cisco IOS)
 Switches
 Firewalls (e.g. Netscreen OS,
CheckPoint FW1)
Intrusion
Prevention
Systems
Infrastructure Protection
Performance Protection
• Protects Network Equipment
Vulnerabilities
• Protects Against Anomalous Traffic
Behavior
 VoIP
From:
 Worms/ Walk-in Worms
 Viruses
 Trojans
 DDoS Attacks
 SYN Floods
 Traffic Anomalies
– Automatic Baselining
– Rate Limit, Block, or Alert on Thresholds
• Supports Custom IP filters, ACLs
18
Security Solutions
Performance Protection –
Defends Overall Network Performance
Application Protection
Intrusion
Prevention
Systems
Infrastructure Protection
Performance Protection
• Increases Network Performance Even When
Not Under Attack
• Rate Limits Non-Mission Critical Applications
– Eliminates Bandwidth Hijacking
– Controls Rogue Applications
– Eliminates Misuse and Abuse
– Controls Peer-to-Peer Traffic
Protect:
 Bandwidth
 Server Capacity
 Mission-Critical Traffic
From:
 Peer-to-Peer Apps
 Unauthorized Instant
Messaging
 Unauthorized
Applications
 DDoS Attacks
19
Security Solutions
Quarantine Automatic Protection
Quarantine Process
1.
2.
RADIUS
SMS
3.
4.
5.
2
4
5
6.
7.
Safe
Zone
1
Client Authenticates via SMS
SMS acts as Radius proxy,
learns MAC/Switch/Port from
Switch via RADA
EVENT: Illegal Activity
SMS resolves IP to MAC
MAC Address is placed into a
blacklist and policy set
SMS forces re-authentication
of compromised device
Device is contained within the
set policy at the access switch
ingress port
3
Core
6
TippingPoint IPS
7
Access Switches
Clients
Breach to Containment in under 5 seconds
20
Security Solutions
Security Management System
• Hardware is
included with SMS
purchase and
software is
pre-installed
• Installation Ease
• Scalable
• Enterprise-wide
security policy
management
– Port-by-port policy
– Device-by-device
policy
21
Security Solutions
IPS and Switching Infrastructure
Internet
Home Users Using WLAN/Broadband
Router
Mobile
Devices
Firewall
Mkt
Financial
WAP
Supplier
Connected
to Sales
Server
Switch
Engineering
Trusted
Zone
Mobile
Users
Connected
to LAN
CAD
Mail
Sales
22
Security Solutions
TippingPoint Product Line
50 Mbps
1x10/100/1000
Segment
100 Mbps
1x10/100/1000
Segment
2.0 Gbps
4x10/100/1000
Segment
5.0 Gbps
4x10/100/1
000
Segment
200 Mbps
2x10/100/1000
Segment
400 Mbps
4x10/100/1
000
Segment
1.2 Gbps
4x10/100/1000
Segment
Security
Management
System
23
Security Solutions
Automatic Digital Vaccines
Raw Intelligence
Feeds
•
•
•
•
•
•
•
SANS
CERT
Vendor Advisories
Bugtraq
VulnWatch
PacketStorm
Securiteam
@RISK
Digital Vaccine
Automatically
Delivered to
Customers
Weekly Report
Vulnerability Analysis
Filter Types
Vaccine Creation
• Signature
• Vulnerability
• Traffic and/or Statistical Anomaly
Scalable distribution network
using Akamai’s 9,700 servers
in 56 countries
24
Security Solutions
Summary of Core IPS Features
Feature
Benefit
Purpose-Built Custom
ASIC Hardware Platform
Extensible Platform for Uncompromising
Security and Networking
50Mb – 5Gb Performance
Scalable Solutions for Perimeter and Internal
Protection
Switch-Like Latency
Inline Network Deployment Without Impacting
Network Performance
Inline Attack Blocking
Effective Proactive Attack Termination
Recommended Settings
Automatic Security, both out of the box and
ongoing
Rate Shaping
Bandwidth Management and Network
Performance Protection
Complete Filtering
Methods
Proactive Accurate and Comprehensive Attack
Filtering
(signature, protocol anomaly, vulnerability,
traffic anomaly)
DDoS SYN Proxy and
Connection Rate
Limiters
Advanced Protection for Evolving DDoS Attacks
25
Security Solutions
Select TippingPoint Customers
26
Security Solutions
TippingPoint Awards
SC Global Awards 2005 – Principal
Awards
TippingPoint was named the Best
Security Solution in the 2005 SC Global
Awards for the best overall solution for
dealing with today’s threats to
information security and the protection
of corporate information assets.
SC Magazine Best Buy
TippingPoint was selected by SC
Magazine as a "Best Buy" in their group
test of intrusion prevention products.
Common Criteria Certification
TippingPoint is the first Intrusion
Prevention System (IPS) to obtain all
four government-validated protection
profiles: analyzer, sensor, scanner
and system.
Frost and Sullivan 2005 Network
Security Infrastructure Protection
Entrepreneurial Company of the Year
TippingPoint was named the 2005
Network Security Infrastructure
Protection Entrepreneurial Company of
the Year by Frost & Sullivan.
IDG Network Awards 2004 Winner
TippingPoint is the winner of the
"Network Protection Product of the
Year" from IDG and TechWorld.com.
The prestigious IDG awards recognize
the very best in the industry and reward
companies for innovative and effective
use of networking technology.
eWeek Labs Analyst's Choice
Award
TippingPoint's IPS ably handled both
real and staged attacks on week
Labs' test network, attached to the
Internet for nearly a week.
Information Security Magazine
2004 Product of the Year
TippingPoint was selected by
Information Security Magazine as "2004
Product of the Year" for Intrusion
Prevention Systems.
NSS Gold Award
TippingPoint’s Intrusion Prevention
System is the first and only product to
win the coveted NSS Gold Award in the
IPS space.
The Tolly Group "Up To Spec"
Performance and security benchmark.
TippingPoint's IPS demonstrated
100% security accuracy at 2 Gbps.
SC Magazine Best Buy of 2004
TippingPoint's was selected by SC
Magazine as a "Best Buy in 2004" for
intrusion prevention
eWeek Excellence Award
TippingPoint's Intrusion Prevention
Systems received the "Enterprise
Resource Protection" eWeek
Excellence Award announced in the
April 5, 2004 issue of eWeek Magazine.
CompTIA "Best New Product"
TippingPoint's Intrusion Prevention
Systems were named "Best New
Product" in the hardware category at
the Executive Breakaway 2003
Conference hosted by CompTIA in
Halifax, Canada.
SANS "Trusted Tool"
TippingPoint’s Intrusion Prevention
System has been selected as a
"Trusted Tool" by the SANS Institute,
the world's premier security research
and training organization.
InfoWorld 100
University of Dayton, a TippingPoint
customer, was recognized as a
technological leader and awarded with
the 'InfoWorld 100' for its
advancements made through
implementing TippingPoint's Intrusion
Prevention Systems.
University Business Magazine
"Show Stopper" Award
TippingPoint's Intrusion Prevention
Systems were awarded the "ShowStopper" at the 2003 Educause
Conference in Anaheim, California.
27
Security Solutions
3Com X505 Firewall
3Com Confidential
28
Integrated Security Platform Built
on IPS
Bandwidth
Management
QoS and
bandwidth
management
to improve
network
performance
and provide
policy based
traffic shaping
Firewall
Traditional
firewall
technology to
provide
access
control and
policy
enforcement
VPN
IPSec VPN to
transform the
Internet into a
secure
converged
network for
multi-site
connectivity
Web
Filtering
To protect
against
offensive web
content and
enforce
acceptable
usage policies
Multicast
Routing
Provide
support for
next
generation IP
conferencing
applications
IPS
Industry leading TippingPoint IPS technology and Digital Vaccine protection
IPS is the core function that creates value in, and serves as the foundation of, the X505.
All other features are accessories to the IPS core.
29
What is the TippingPoint X505
• Integrated Security Platform – GA 12/1/05
– Combining Market Leading IPS with …
• Firewall, IPSec-VPN, Web content filtering, routing & policy based traffic shaping
– Same TippingPoint Digital Vaccine
– Same Threat Suppression Engine
– Enhanced Local Security Manager
• Extreme Flexibility
– For example: Apply IPS and traffic shaping inside VPN tunnels
• Delivering Secure Converged Networks
– For Distributed Multisite Organizations
• “All-in-One” Integrated Security Platform
• FW, IPS, VPN, Routing, Multicast, NAT, Web Filtering, Traffic Shaping, etc
–
Device status/Health/TOS/DV updates capability at GA. Cannot configure the IPS policy from SMS. Future roadmap will
have full SMS support
30
TippingPoint X505 Hardware
• Hardware
–
–
–
–
Rack mountable form factor
4 x 10/100 Ethernet ports
Inbuilt IPSec hardware acceleration (up to AES-256)
On-box URL filtering
• Performance
–
–
–
–
–
–
50+ Mbps IPS
50+ Mbps IPSec VPN (3DES/AES-256)
100+ Mbps Firewall Throughput
Supports over 1,000 VPN tunnels
5000 Connections per second
128,000 Concurrent Sessions
31
TippingPoint Closes the Gap with
Intrusion Prevention
Raw Intelligence Feeds
•
•
•
•
•
•
•
SANS
CERT
Vendor Advisories
Bugtraq
VulnWatch
PacketStorm
ZDI
Vulnerability Analysis
@RISK
Weekly Report
Weekly Vaccine
Distribution
Application Protection
Intrusion
Preventio
n
Systems
Infrastructure Protection
Performance Protection
Filtering Methods
32
TippingPoint X505 Firewall
• Stateful packet inspection
– Numerous built-in application layer gateways (SIP, H323, etc)
• Policy Classification
– Services (pre-defined, custom & groups)
– Source / Destination Security Zone
– Source / Destination IP Address / Address group
– Schedule – Time of day / day of week
– User Authentication – forces user auth for access to policy
• Policy Actions
– Deny / Allow / Content Filter
– Traffic Shape
33
TippingPoint X505 VPN
• Low latency IPSec hardware
crypto
– DES, 3DES, AES-128, AES192 & AES-256
• Keying Modes
– Manual, IKE + shared secret,
IKE + X509 Cert
Wide Area
VPN
• Support for VPN Clients
– Native IPSec, PPTP,
L2TP/IPSec (Microsoft
standard)
• Advanced Features
– Ability to terminate tunnel into
any security zone
– IP Multicast routing over IPSec
(PIM-DM)
34
TippingPoint X505 Traffic Shaping
Internet
Guest HTTP Traffic – Low QoS
Corporate LAN Traffic – Medium QoS
VPN
IP Telephone
Authenticated
VPN Zone
VoIP Traffic – High QoS
Internet
Dynamic allocation of bandwidth to maximize resources
–
–
–
–
–
By policy
Both inbound & outbound directions
For any application
Both inside & outside of VPN tunnel
Multiple policies create various zones
35
TippingPoint X505 Summary
• Hardware
–
–
–
–
Rack mountable form factor
4 x 10/100 Ethernet ports
1 x dedicated 10/100 management port
Inbuilt IPSec hardware acceleration (up to
AES-256)
• Performance
–
–
–
–
–
50+ Mbps IPS
50+ Mbps IPSec VPN (3DES/AES-256)
100+ Mbps Firewall Throughput
Support over 1,000 VPN tunnels
Supports 50 independent VLAN policies
• IPS
– Industry leading – same DV as TippingPoint
dedicated IPS systems
– Application, Infrastructure & Performance,
Spyware, Phishing, P2P & ZDI protection
• Firewall
–
–
–
–
Stateful packet inspection
Object based policy engine
NAT, PAT, virtual servers
Inter-VLAN & VPN firewall enforcement
• VPN
–
–
–
–
DES, 3DES, AES-256
Manual key, IKE PSK, X509 certificates
Terminate onto any security zone
Support PPTP, L2TP/IPSec & IPSec VPN clients
• Web Content Filtering
– Manual allow / deny lists
– Keyword / regular expression
– Content Filter service (40+ categories) – supplied
in conjunction with SurfControl Inc
• Traffic Shaping
– Stateful, policy based traffic shaping (zone,
service, schedule, etc)
– Full policy control (application, service, zone,
schedule, etc)
– Inbound / outbound rate limiting
– Inside / outside VPN tunnel
– Guaranteed, maximum, priority
• Routing
– Static, RIP v1/2
– IP multicast over VPN (PIM-DM & IGMP)
36
Security Solutions
Unified Enterprise Management
Remote LAN Topology
Remote LAN Monitoring
Network Configuration
Snapshot & Rollback
VPN Topology &
Monitoring
WAN
Topology
+
=
Secure IX
Unbeatable Combination
WAN Usage / Profiling
Intuitive Device
Management
Root cause analysis
Unified bulk software upgrade /
configuration backup
Unified fault management for
LAN, WAN, Voice & Security
37
Correct Solution ?
3Com Confidential
38
Risc Point
INTERNET
WAN
Risc Point
DMZ Network
Risc Point
User LAN
Risc Point
Web
Mail
Server LAN
39
Security Solutions
TippingPoint – The Company
• The Proven Leader in Intrusion Prevention (Nasdaq: TPTI  COMS)
– Launched industry’s first intrusion prevention solution, January 2002
– Awarded major industry accolades for Intrusion Prevention
– TippingPoint becomes a division of 3Com Corporation, January 2005
• 125 employees based in Austin, Texas (growing daily!)
• Research Leaders of the Industry
– Digital Vaccine group monitors cyber threats
– Provide intelligence for SANS @Risk newsletter
– Founded VOIPSA
• Best-of-breed Technology and Execution
– Tens of millions of dollars invested in core technology R&D
– Solutions are built first for network performance, then security capabilities
– Highly parallel, custom packet-processing ASIC technology
• 10,000 Parallel Filters
• Microsecond Latencies
– Patent-pending technologies (10) that deliver unmatched performance
40
?
3Com Confidential
41