Upload
trinhnhu
View
216
Download
0
Embed Size (px)
Citation preview
Dell SonicWALL
Next Generation Firewalls – to już szósta Generacja
Przesłanie: Bezpieczeństwo wynikiem pracy rąk Twoich.
2 SonicWALL Confidential
Prelegent
Waldemar Kowalczyk Dell SonicWALL Certified Trainer
Security Pre-Sales Engineer RRC Poland
Business Unit Security
3 SonicWALL Confidential
Agenda • Krajobraz zagrożeń
• Kolejne mechanizmy… ‚deeper and deeper’ SSL Decryption & Inspection
IPS with Anti-Evasion
Network-based Malware Protection
• Dell - Bezpieczeństwo Sieci… Co i dla kogo?
5 SonicWALL Confidential
http://www.verizonenterprise.com/DBIR/2013/
https://www.mandiant.com/resources/m-trends/
6 SonicWALL Confidential
Masowe ataki oportunistyczne.
Doraźna korzyść? Jaka korzyść?
Korzyść finansowa
9 SonicWALL Confidential
Techniki manipulacji stale istotne. Media społecznościowe są nieograniczoną bazą wiedzy.
13 SonicWALL Confidential
To naprawdę proste
Vs.
Statefull Packet Inspection (SPI) w Systemach Zabezpieczeń znany jest od
Czy zagrożenia przez ostatnie 25 lat zmieniły swoją postać?
Czy użyłbyś technologii
sprzed ćwierć wieku?
1989.
14 SonicWALL Confidential
Tradycyjne Systemy Zabezpieczeń potrafią jedynie ‚touch the surface’:
Packet Filtering Stateful Packet Inspection Access Control Rules IPsec VPN
15 SonicWALL Confidential
Ale zaawansowana ochrona musi pozwolić nam ocenić rzeczywistą skalę zagrożenia.
16 SonicWALL Confidential
Next-Generation Firewalls
Stateful Packet Inspection
Secure Remote Access (VPN)
Access Control Rules
In-line, bump-in-the-wire
Application Control
Integrates with AD Server
Intrusion Prevention
Anti-Malware
SSL Decryption
17 SonicWALL Confidential
Deeper Network Security
SSL Decryption & Inspection
IPS with sophisticated anti-evasion technology
Network-based malware protection with CloudAssist™
Application
Visibility & Control
19 SonicWALL Confidential
http://netsecinfo.blogspot.com/2010/04/detecting-malware-intrusions-inside.html
http://bad-bytes.blogspot.com/2012/07/ssl-encryption-for-malware-command-and.html
2010 - 2012
20 SonicWALL Confidential
http://news.softpedia.com/news/Malware-Attached-to-Boston-Marathon-Bombings-Spam-Uses-SSL-to-Communicate-348890.shtml
http://www.hotforsecurity.com/blog/within-hours-of-boston-bombing-related-keywords-spread-to-20-of-spam-bitdefender-study-shows-5955.html
Kwiecień 2013
21 SonicWALL Confidential
65%
35%
Ruch Sieciowy
Clear Text SSL Encrypted
NSS Labs
Czerwiec 2013 https://www.nsslabs.com/system/files/public-report/files/2013-06%20AB%20SSL%20Performance%20Problems%20130605c.pdf
Czy rzeczywiście
musimy liczyć na szczęście?
23 SonicWALL Confidential
https://technet.microsoft.com/en-us/security/bulletin/ms13-sep
https://www.adobe.com/support/security/
September 10, 2013
25 SonicWALL Confidential
Cel: włamanie.
Zagadnienie: IPS nie może zatrzymać ruchu, który jest dla niego nieznany.
Evasion Technics – techniki mające na celu ukrycie zagrożenia celem oszukania systemów IPS.
Wiele z tych technik jest znanych od lat!
26 SonicWALL Confidential
“Resistance to known evasion techniques was perfect, with the Dell SonicWALL SuperMassive E10800 SonicOS 6.0 achieving a 100% score across the board in all related tests.” -NSS Labs 2013
Download the full report for free:
http://www.sonicwall.com/us/en/17360.html
31 SonicWALL Confidential
99%
ATTACK
ANY File
Send Alert &
Drop Connection !
Ochrona Network-based Malware
32 SonicWALL Confidential
25%
75%
Ochrona CloudAssist™ Malware
ATTACK
0e7ccbf78167faac97f7a45f977681d9
Dell SonicWALL GRID
CloudAssist Database
Executable File
MD5
33 SonicWALL Confidential
75%
25%
ATTACK
0e7ccbf78167faac97f7a45f977681d9
Dell SonicWALL GRID
CloudAssist Database
13.5M+ Signatures
! Send Reply to Drop Connection Executable File
Ochrona CloudAssist™ Malware
34 SonicWALL Confidential
Skuteczność ochrony przed Malware’ami
https://www.icsalabs.com/technology-program/anti-virus/av-monthly-testing-reports
Example of competitor (retracted) that failed this test:
Dell participates in monthly anti-virus testing.
Reports are available for free at the address below.
41 SonicWALL Confidential
Level 0: Visualize Use the App Flow Monitor to see bandwidth
usage by application, users, and more
Level 1: Bandwidth Management Use the Create Rule function to Manage Bandwidth
in three simple steps (by application, user, and more)
Level 2: Application Rules Create a rule where Action = Bandwidth Management,
Block, or Redirect. (delineate further by user,
interface, signature, schedule)
Level 3: Custom Signatures Configure a unique Action Object for a specific application
signature in two clicks on the App Control Advanced page
Co
ntr
ol
Mo
nito
r Kontrola i Wizualizacja Aplikacji
43 SonicWALL Confidential
Gartner defines the unified threat
management (UTM) market as
multifunction network security
products used by small or midsize
businesses (SMBs). Typically,
midsize businesses have 100 to
1,000 employees, with revenue
ranging from $50 million to $1
billion.
Gartner recognizes
Dell as a Leader in
network security.
Download the full report for free:
http://www.sonicwall.com/us/en/14539.html
44 SonicWALL Confidential
NSS Labs
Recommends
Dell as a trusted
NGFW provider.
Download the full report for free:
http://www.sonicwall.com/us/en/17360.html
46 SonicWALL Confidential
Dell SonicWALL Next Generation Firewalls
SuperMassive E10800
SuperMassive E10400
SMB/Campus/Branch
Enterprise, Data Center
SuperMassive Series
TZ 215/W TZ 205/W TZ 105/W
SuperMassive 9600 SuperMassive 9400 SuperMassive 9200
TZ Series
NSA 4600 NSA 3600 NSA 2600
NSA 220/250M
NSA 6600 NSA 5600
NSA Series
47 SonicWALL Confidential
Medium/Large Network Deployment with DPI Security
• Requirements – Layered security – Levels of trust created via
defining zones. – Gateway Firewalls between
zones. – Context-aware security
– Enforce global Policy based on context (user, location, access method, Device, etc)
– Application-aware Security – Mitigate Advance persistent
threats – Orchestrated Security
management – Workload Virtualization
introduces Virtual Access Layer
– Need security functions like physical layer
• Security Functions
– ACLs, Firewalls, IDS/IPS – host-based security (HIPS,
Vulnerability Scanning) – Email Security – Anti-Spyware – Secure Remote Access – SIEM/Log Monitoring
47
Virtual Access
Core
WAN
Aggregation
Access
Firewall, IDS/IPS, Gateway
services, …
NSA Series
48 SonicWALL Confidential
NGFW Wire & L2 Bridge Mode Deployment NGFW insertion into a network with an existing gateway firewall
Layer 2 Bridge or Wire Mode Deployment
Discover application usage & threats leaking through the traditional firewall
Before After
50 SonicWALL Confidential
Secure remote access
Email security
Policy & management
Hosted
Network security
Portfolio Dell SonicWALL – to nie tylko NGFW
Clean wireless – SonicPoint-N Series
WAN acceleration
Application Intelligence and Control
GAV/ Anti-Spyware Intrusion Prevention
Comprehensive Anti-Spam
Service
Enforced Client
Anti-Virus
Content Filtering Service
Global VPN
Client
SSL VPN For Network
Security
Secure Virtual Assist
Mobile Connect
End Point Control
Connect Mobile
Spike License Pack
Advanced Reporting
Native Access Module
Secure Virtual Assist
Secure Virtual Access
Secure Virtual Meeting
Mobile Connect
Web Application Firewall
Email Protection Email
Anti-Virus Email
Compliance
Global Management System
Analyzer Scrutinizer
51 SonicWALL Confidential
SonicWALL.com
SonicWALL.com • Site launches May 7th
• Typical P1 launch activities
• Web Banner on homepage
• Gen5 NSA stay on site
52 SonicWALL Confidential
Software.Dell.com
DSG Site • Soft launch May 23
• Public launch May 27
• Will feature Gen6 NSA
• Gen5 NSA also featured
53 SonicWALL Confidential
Training and our offer to you…!
Technical Training
• RRC Poland – Authorized Training Center
150 USD
za dwudniowe autoryzowane, certyfikowane szkolenie
Certified SonicWALL
System Administrator