Upload
ramsharma
View
94
Download
6
Embed Size (px)
Citation preview
2
Well Prepared from Attack outside with IPS / Firewall
No Active Protection from internal attack
Outside Network
Access Network (Internal)No real-time detect & protection from Attack / Hacking
Very vulnerable if the attack raise from access level
Backbone LayerSecond damaged level from internal user attack
Attack make the overall performance to be delayed.
Required Auto detect / block
Block only harmful traffic
Cost effective solution
Easy Maintenance
Is perimeter security adequate?
80% of IT breaches are perpetrated by internal traffic !!!!
3
Hacking
AttackNetwork Attack
(Flooding/DDoS)
Authentication
Direct Attack Intended
(Sniffing/Spoofing)
SECURITY
ISSUE
Provide internal user authentication
Easy management
Network Resource
Management
Intercept Massage or Files
Tapping Authentication(VoIP) Network Down due to attack
Spread damage to the upper layer or peers
HanDreamnet Solution
4
HackingIP & ARP spoofing
Network trouble
(Management Issue)IP Address conflicts
Cable Loop
AttackingDoS/DDoS/SCAN/TCP Syn
flooding etc
L2 AuthenticationInternal IP address
management
Current Network Threats
How does your current L2/L3 switch prevent…
5
HDN Switch Differentiator
Active and Real Time Solutions for
• DoS/DDoS Attacks
• Advanced Persistent Threats
• Cable Looping
• Information Leakage
6
Internet
현재 네트워크 문제점
DoS/Harmful traffic from internal
• Harmful traffic spread into internal
network
No internal security
• Internal attack effects on entire
network
Effect on entire network
• Hard to find out where
Difficult to find out
7
현재 네트워크 문제점
• No agent software required
Secured internal network
• Block harmful traffic only
• Normal traffic can be passed
Protect entire network
• Auto detection
• Report function provide
Easy to find problem
Internet
DoS/Harmful traffic from internal
8
현재 네트워크 문제점
Solution for APT (Advanced Persistent Threat)
• Only blocking outbound packet
Blocking Point
• Malware can spread internal network
Internal Network
• Hard to find APT source device or
port of the switch
finding APT source
Internet
APT MalwareProtection
System
9
현재 네트워크 문제점
• SG switch can block malware without
agent sofware
Block Point
• Can be secured internal network
Internal Network
• Can find device and port
Finding APT Source
Internet
APT Protection
VIPM
Solution for APT (Advanced Persistent Threat)
10
When security function is OFF
Server/Recorder
Normal Data Traffic Flow
UDPUDP
IP Camera
Case 1: CCTV
11
When security function is OFF
Server/ Recorder
Attack to Camera using TCP Syn Flooding
Syn
Syn
Hacked on empty port
Operating stopped
Could not respond to
mass traffic
IP Camera
No Video
Case 1: CCTV
12
When Security function OFF
Sever / Recorder
Attack to Recorder using TCP Syn Flooding
Syn
Syn
Operating stopped.
Could not respond to
mass traffic
IP Camera
Hacked on empty
port
No Video
Case 1: CCTV
13
When Security function OFF
Server/Recorder
Normal Data Traffic Flow
UDPUDP
IP Camera
Case 2: ARP spoofing on CCTV
14
When Security function OFF
Server/Recorder
Image replacing by ARP Spoofing attack
Hacked on empty
port
IP Camera
ARP
Misidentify local
server
Case 2: ARP spoofing on CCTV
15
When Security function OFF
Server / Recorder
Image replacing by ARP Spoofing attack
Hacked on empty
port
IP Camera
UDP
Misidentify local
server
Replacing
image
Replaced image is recorded
Case 2: ARP spoofing on CCTV
17
Internet
현재 네트워크 문제점
Cable Looping
• Broadcasting storm generated
Cable looping by mistake
• Entire network down
• Service stop
Network down
• Very hard to find out
• Take long time to fix it
Difficult find out
18
Internet
현재 네트워크 문제점
• Auto detect looping packet
Secured internal network
• Block broadcasting storm
Protect entire network
• Auto detection
• Report function provide
Easy to find out
Cable Looping
19
현재 네트워크 문제점
Information leakage
• ID/Password stealing and wire
tapping on VoIP
Internal data leaking
• Man In The Middle attack
• Packet go through hackers PC
Network speed down
• No one catch ARP Spoofing attack
Difficult to find out
20
현재 네트워크 문제점
• Auto detect ARP Spoofing
Secured internal data
• Block Man In The Middle attack
Keep normal condition
• Auto detection
• Report function provide
Easy to find out
Information leakage
21
현재 네트워크 문제점
Total Solution
• Multi product required
Total Solution
• Hard to find problem because multi
vendor products
When Failure
• High installation, maintenance, and
engineers
Cost
Internet
NMS
Access Management
IP Management
IP ManagerProbe
22
현재 네트워크 문제점
Internet
VIPM
• SG Security Switch and VIPM
• NMS, Authentication, IP
management, Traffic monitoring
Total Solution
• One vendor solution
When Failure
• Cost effective for all mission
• Security, NMS, Authentication, IP
Management, TMS
Cost
Total Solution
23
SG Security Switch
• Detect/Block all kinds of internal attacks
• No service interruption
• Embedded proprietary security ASIC
• Visible and audible alarm for Administrator
• Web-Alert
Normal Traffic
Harmful Traffic
Sever
L2 Switch
• No way to detect various harmful traffic
• ACL is consuming time
• No Alarm
• No Alert
• Threshold is not enough
Normal Traffic
Harmful Traffic
Sever
Regular Switch SG Security Switch
Regular vs. Security Switch
Dirty Clean
Function Regular Switch SG Security Switch
Harmful Traffic Detection
• Only over traffic can be detected
• Manual troubleshooting
• Decreased Performance
• Can’t detect IPv6 attack
• Detect all kinds of harmful traffic
• Real time detect and block
• No performance delay
• IPv6 security features & function
Isolate Harmful Traffic• Block Port or IP
• Service impact
• Blocked ONLY harmful traffic
• Normal traffic is OK
IP telephony tapping(ARP Spoofing)
• Detect only dynamic IP (DHCP) • Detect Dynamic and Static too
Cable Looping• Manual fix once it happened
• Service impact until resolved.
• Auto Detect and Block
• No service impact
NMS• No report feature
• No function except configuration
• Provide CIO Report
• Shows malicious traffic status
Power Redundancy (POE) • Internal and external redundancy • Internal redundancy
Green IT • Possibly Yes• Save power consumption(max 50%)
• 802.3az EEE
Monitoring/ Management • Need to buy • Included
Regular vs. Security Switch
25
SG2024G Catalyst 2960S-24TS
Hardware &
Interface
Power Internal power redundancy External RPS
10/100/1000Base-T 24 24
1000 Base-X 4 4
Performance
Forwarding Rate 71.4 Mpps 42 Mpps
Flash / DRAM 256M 64M / 128M
MAC address 32k 8k
Layer 2
STP/RSTP/MSTP/PVST+ / PVRST+ Yes Yes
Port Redundancy Smart Port Redundancy Flexbile Link
Voice VLAN Yes Yes
Ring Protocol Yes No
UDLD, Cable diagnostic (TDR) Yes Yes
QoS Queue per port 8 4
Security
L2/L3/L4 ACL , ACL, Time based ACL,
VLAN ACLYes Yes
DHCP Snooping, IPSG Yes Yes
802.1x (Multi user, MAC bypass…) Yes Yes
Management
Stacking No Yes
CDP, DHCP Server, SNMPv1/2/3,
TACACS+, RADIUS, IPv6 management,
LLDP, LLDP-MED
Yes Yes
Flow Monitoring sFlow No
Spec comparison – Cisco vs HDN
26
SG2024G Catalyst 2960S-24TS
Security
features
Set up/Release security policy automatically OK N/A
Real time log & history for dropping attack on CLI
OK N/A
Real time report while Drop Attack traffic OK N/A
Scan Attack OK N/A
IP Spoofing attack OK N/A
ARP Spoofing attack OK N/A
NetBios flooding attack OK N/A
Worm_port_Attack attack OK N/A
TCP/UDP/ICMP DoS/DDoS_Attack OK N/A
TCP SCAN_Attack OK N/A
TCP/UDP/ICMP Flood_Attack OK N/A
TCP Syn Flood Attack OK N/A
Loop detection OK N/A
Security features comparison
27
Specification
Wire Speed
L2 function (STP/PVST+/VLAN/LACP)
IPT function
(Voice VLAN/Auto QoS/PoE)
General security function
(ACL, DHCP Snooping, DAI, IPSG etc)
Special security function
(hardware based, smart detection, attack, hacking,
spoofing)
Management (free NMS, security log, real time detection
report, remote-configuration)
Reliability & Certification (1U internal power redundancy,
IPv4/IPv6 CC certified, IPv6 Ready Logo)
TAC support system
Others vs. Security Switch
29
Network Attack Protection (Layer 4 level)
MAC source/dest address
IP source/dest address/port
IP rangeTCP flags
Protocol (TCP/UDP/ICMP)TCP/UDP dest port
Port pattern/IP patternDetection count
Cable Loopback Test
IP Spoofing, DHCP Attack, ICMP Attack
Cable disconnected, Loop Detection
MAC Flooding, MAC falsify , ARP Attack
TCP Syn flooding (DoS/DDoS/Random Attack)
UDP flooding, Scanning
Detect Malicious traffic
No signature based update
30
MDS Security Engine: 6 Cube
DoS DDoS DDoS(spoofed) Flash crowds,Worms(spoofed)
Attack Packet AnalysisMulti-dimension Security Engine
Sensor Log
MD Protection Engine
RT Packet Gathering Module
Switching FabricProtection
DDoS ClassDoS ClassScan ClassRandom Class
Security Filter Module
(0011)
Response
Analysis of user traffic based on S-IP, S-port, D-port, D-IP, Protocol and Entropy of user traffic.
31
MDS Security Engine: 6 Cube
MDS DoS : Src IP 192.168.254.200 attacks Dst IP 192.168.254.1 and Port 445.
35
Visual & Audible Alarm
VNM(Visual Node Manager)
Provides visual alarm with lightning symbol on attacked ports
Provides audible alarm when it triggers.
36
Auto-Config / Backup configuration files
VNM (Visual Node Manager)
Detects new device automatically.
Backup configuration files from all distributed switches(show it through vnm)
37 Copyright©2013 By Handreamnet Co., Ltd. All rights reserved
① ②③
④
1. New IP assign
2. Assign Subnet
3. Assign G/W
4. Assign SNMP Config
37
Auto-Config