Transcript document

Symantec Gateway Security
Customer Presentation
30-Nov-01
30-Nov-01
Topics
 Evolving
Security Threats
 Protecting – Introducing Symantec Gateway Security
 Symantec Gateway Security Appliance Overview

Customer Problems Our Features Address
 Support
 Summary
 Questions
30-Nov-01
Slide 2
Evolving Security Threats
Will Your Perimeter Security Stop
Them?
30-Nov-01
Typical Perimeter Threats
File Server
Web Server
Network IDS
Detect attacks
Alert / Log
Probing
Back-door attacks
DOS attacks
IP spoofing attacks Hacker
Theft, Sabotage Cracker
Web defacement
Workstation
Via Email
Macro Virus
(WM32)
Mobile Code
(Melissa)
Workstation
Mail Server
AV on gw, servers, ws
Block known exploits
Mail Gateway
via SMTP protocol
Detect & clean files
30-Nov-01
Firewall
Block specific exploits
Direct & inspect traffic
Internet
Slide 4
The New “Integrated Threats”
Web Server
File Server
Web Server
Via Web Page
Workstation
Via Email
A security threat or attack that uses
multiple methods to propagate
Workstation
Nimda $500M +
Code Red $2.5B
Workstation
Firewall
30-Nov-01
Mail Server
Mail Gateway
Slide 5
Internet
Nimda Worm Example
Rapid, Multiple Ways to Spread
Web Server
File Server
Web Server
Via Web Page
Workstation
Via Email
1. Worm arrives by email – uses Mime exploit to execute
by just reading or previewing file. Infected systems use
worm’s own SMTP server to send emails to others.
2. Users visiting compromised Web servers prompted to
download infected file containing worm as attachment.
Workstation
Workstation
Firewall
30-Nov-01
Mail Server
Mail Gateway
Slide 6
Internet
Nimda Worm Example
Just “Any” Firewall Won’t Be Effective
File Server Web Server
3. Infected systems scan for unpatched IIS servers,
Web Server Workstation
then use Unicode Web Traversal exploit to gain
Via Web Page Via Email
control of the target server. Commands/messages
embedded creating non-RFC compliant HTTP protocol
packets. Create DOS with outbound traffic.
4. Nimda scans for and attacks hard disks with file
sharing enabled, creates an open network share
and guest account with admin privileges.
Workstation
Workstation
Firewall
Mail Server
30-Nov-01
Mail Gateway
Slide 7
Internet
Nimda Worm Example
How to Stop an Integrated Threat
File Server Web Server
Anti Virus
Blocks known viruses & worms
Scan and inspect all SMTP, HTTP and FTP
Detects worm infection
Repairs infected files
Web Server
Via Web Page
Workstation
Workstation
Firewalls
Full inspection FW to block all non-RFC compliant traffic
Full inspection FW to block outbound server initiated traffic
Full isnpection FW to block specific exploits & logs activity
Workstation
Via Email
Intrusion Detection
Detects directory traversal exploit traffic
Detects probing , specific intrusions & DOS attacks
Logs can identify systems compromised
Take action – block traffic
Mail Server
Mail Gateway
30-Nov-01
Vulnerability Management
Server software to:
Identify patches not installed
Identify weak security settings
Identify unneeded services running
Slide 8
Internet
Nimda Worm Example
Multiple Defenses Work The Best
Web Server
File Server
Web Server
Via Web Page
Workstation
Workstation
Via Email
Anti Virus
Firewalls
Intrusion Detection
Vulnerability Management
Workstation
Internet
30-Nov-01
Mail Server
Mail Gateway
Slide 9
Nimda Worm Example
Problems With Current Situation
 Need

Application proxy firewall, Antivirus, intrusion detection & VM
 Need


to work with multiple vendors
Support issues and varying levels of expertise / learning curve
Multiple management applications increase complexity
 Little

multiple technologies to provide defense in depth
integration between FW, IDS, and AV
Not as secure as an integrated approach & harder to manage
 Need
multiple machines
 Costly and difficult



To Acquire
To Install and Configure
To Manage
30-Nov-01
Slide 10
There Are So Many Different Threats Out
There, How Can We Protect Our Network?
Introducing
Symantec Gateway
Security Appliance
30-Nov-01
Symantec Gateway Security
 An
Integrated Comprehensive Solution to your
Network Security Needs





Firewall *
Intrusion Detection *
*
Gateway AntiVirus *
Virtual Private Networking
Content Filtering
30-Nov-01
Capabilities to address integrated threats
Slide 12
Gateway Security at the Edge of Network
Internet
FTP
Server
Mail
Server
30-Nov-01
Users
Single box for FW, AV, IDS, & VPN
HA configuration available
Single vendor integration / support
Single management console
Cost effective
DB Server
Slide 13
Web
Servers
Gateway Security at the Edge of Network
 Prohibits
unauthorized traffic
 Passes allowed traffic across the gateway
 Stops various attacks & viruses at the gateway
 Protects against blended threats (e.g.: Nimda)
 Alerts the network administrator of an event
 Limits access to web sites deemed offensive or not
applicable to the business
 Links sites and users securely using the Internet
 Scales from the needs of the small enterprise (50 or
more nodes) to the medium enterprise (5000 nodes)
30-Nov-01
Slide 14
Unsurpassed Security & Value

Exceptional Network Security

Integrated security functionality to protect against:


Single Vendor for Integration & Support

Simplifies security and updates


Hackers, viruses & integrated threats
No need to make sure security from multiple vendors is working and
signatures / engines are all current.
Proper Installation Delivers Better Security

All functions pre-installed and integrated
 Wizards to ease initial setup & help ensure secure configurations

Single Management System

One management console manages all functions



Increases security posture through more effective configuration of the
integrated functions and reduced learning curve
Excellent Performance with HA / Load-balancing Available
One Very Cost-effective and Secure Platform
30-Nov-01
Slide 15
What’s Different?
 Integrated
Multi-Level Protection
Intrusion
Detection Agent
Internet
Symantec
Gateway
Security
Appliance
30-Nov-01
Web server
virus
Firewall Engine
Virus Scanner
Slide 16
Symantec Gateway Security Benefits
 Reduce
number of attacks that affect network
 Stop viruses at the gateway before they enter network
 Stop blended threats (eg. CodeRed, Nimda) at gateway
 Segregate mail servers, ftp servers and web servers
that are accessible from the outside world from
internal private network by use of service networks
 Protect service networks with different rule sets
appropriate to externally accessible systems
30-Nov-01
Slide 17
Symantec Gateway Security Benefits
 Protect
your network from being used to launch denial
of service attacks
 Save bandwidth by prohibiting internal users from
accessing non-business related web sites
 Use internet as cost effective way to connect remote
offices together
 One Rack Unit high – saves space in equipment rack
30-Nov-01
Slide 18
Appliance Overview
How Our Features Address Customer Issues
30-Nov-01
How Can We Stop Hackers and Complex
Integrated Threats?


Symantec Gateway Security Appliance
Powerful Hybrid Firewall architecture ensures performance AND
security

Full Inspection proxies, packet filtering, network circuit level checks
 Traffic is checked granularly





Network Address Translation
Extensible


Everything from IP information to the type of data passed
Detects and blocks non-RFC compliant HTTP traffic common to
integrated threats
May use URL pattern matching on rules to block quantified threats on
specific web platforms common to today’s integrated threats.
Generic Service Proxies to ensure security and flexibility
Best Fit rule processing ensures vulnerabilities aren’t
accidentally introduced
30-Nov-01
Slide 20
How Do We Ensure Compatibility & High Levels of Security?
Symantec Gateway Security Appliance
 Certified Firewall and VPN



ICSA certified
Checkmark certified
Common Criteria certification in progress for EAL4
(Evaluation Assurance Level)
 Authentication

Broad Support for 1 & 2-factor Authentication of access to
subnets, web servers, etc


Defender, SecureID, S/Key, RADIUS, CryptoCard, Certificates,
Windows Domain, LDAP
Out-of-Band Authentication (OOBA)
30-Nov-01
Slide 21
How Can We Stop Viruses and Protect Against Worms?
Symantec Gateway Security Appliance
 Award winning Symantec NAVEX™AntiVirus technology
 Bloodhound technology for heuristic detection of virus threats
 Multi-threaded fast scan engine for virus detection and repair of
HTTP, SMTP and FTP traffic used in integrated threats
 Stops viruses at the gateway before they enter the network
 Mail Policy Filter

Reject the message that matches the filter completely
 Remove the attachment you identify but allow the mail message
through
 You can filter based on:





30-Nov-01
File Name:
File Size:
Subject:
Domain:
Advanced file name: You use regular expressions to specify one or
more file names that are known to be threats
Slide 22
How Would We Know If We’re Under Attack?
Symantec Gateway Security Appliance
 Protection from 80 attack signatures with NIDS
 Alert administrator to unauthorized or malicious
activity

Email, pager, log files
 Gated

Gated stops packet from going through


or non-gated signatures
Such as directory traversal exploit traffic in integrated threats
Non-gated logs suspicious packet
 Causes
appliance to block packets from suspicious IP
addresses
30-Nov-01
Slide 23
How Could We Enable Remote Internet Communication?
Symantec Gateway Security Appliance
 Extend corporate LAN as needed with VPN


Branch offices (site to site)
Business partners (site to site)
 Full



VPN (optional function crossgrade)
Telecommuters
Mobile workers
Includes RaptorMobile VPN client
Personal Firewall
 Windows 98, ME, NT, 2000, XP

 FIPS
30-Nov-01
140-1 Level 2 certification in progress
Slide 24
How Can We Reduce Communication Costs Securely?
Symantec Gateway Security Appliance
 Using VPN eliminates costs for




Modem pools
POPs
Toll free numbers
Leased lines
 Most


secure VPN available
Proxy-Secured®
IPSec compliant
IKE and PKI support
 3DES and AES Encryption

30-Nov-01
Slide 25
Can We Stop Our Internet Users From Accessing Unproductive,
Inappropriate or Potentially Harmful Web Sites?
Symantec Gateway Security Appliance
 URL
Filtering to allow access to web sites which are
business related
 URL
Filtering to prohibit access to web sites which are
offensive to the enterprise
30-Nov-01
Slide 26
How Would We Protect Against Equipment Failure and Grow With
Increased Bandwidth / Performance Requirements?
Symantec Gateway Security Appliance
 High Availability and Load Balancing

Preloaded on the appliance



Cluster up to 8 appliances
Provides sites with always available security


Enabled with an optional license key
If one appliance in cluster fails load I shifted to remaining nodes
Load balance to handle large loads

30-Nov-01
Support more than 5000 nodes
Slide 27
How Can We Reduce Management Complexity? We Heard Easy To
Manage Is Easy To Secure.
Symantec Gateway Security Appliance
 Central Management for ALL functions

Easy-to-use GUI
Intuitive management interface
 Guides the construction rules
 Order independent rule setting
 Implement business rules
 Install software patches and updates remotely




No need for tech to visit each site
Manage security policy
Comprehensive logging and reporting
30-Nov-01
Slide 28
How Can We Support A Large Number Of Gateways?
 Distributed

Management and Monitoring
Provides single point management of local and remote:
Symantec Gateway Security appliances
 Symantec VelociRaptor Firewall Appliances
 Symantec Enterprise Firewalls
 Symantec Enterprise VPN



Provides for secure management connection
Define rules for an appliance, copy and distribute to multiple
remotes
 Runs
30-Nov-01
on Win NT/ Win 2000
Slide 29
Support Services Included with Appliance
 One
Year Hardware Warranty
 One Year of Gold Support


Business hour telephone support
Advanced replacement of failed appliance



1 Year of content updates (virus definitions, IDS signatures,
URL and Newsgroups)
May be upgraded to Platinum support

 Live

Ship within 24 hours of confirmed failure
24x7 telephone support
Update
Supports signature updates for antivirus and intrusion
detection
30-Nov-01
Slide 30
Advanced Replacement
 Ship
within 24 hours of confirmed failure
 Customer must return failed unit with RMA# within 30
days


Otherwise customer billed for full list price of appliance
We don’t want the money,
- we want the failed appliance back!
 Included
in Gold and Platinum contract
 Only available if under support contract
30-Nov-01
Slide 31
Summary
30-Nov-01
Unsurpassed Security and Value
Symantec Gateway Security Appliance
 Exceptional Network Security

Integrated security functionality for FW, VPN, AV, IDS &
Filtering
 Single

Simplifies security and updates
 Single

Vendor for Integration & Support
Management System
Less Complex Installation, Configuration & Operation
 Excellent

Performance & Reliability
High Availability / Load-balancing Available
 One
30-Nov-01
Very Cost-effective and Secure Platform
Slide 33
Questions?
30-Nov-01