Guidance to Improved Information Security SonicWALL Solutions for Federal Government 8.5.08 Need for Internet Security Changing Nature of Attacks Critical infrastructures reliant on Internet Full-blown cyber “shadow” war: Systematic probing and attacks by hostile entities Exploitation of application vulnerabilities Dramatic increase in the speed and sophistication of blended threats New threats, Spyware, Phishing, Wireless threats Compounded by human factors and social engineering NIST Guidance* Risk-Based Protection Strategies Defense-in-breadth considerations include: Diversification of the portfolio of information technology assets within the organization; Management of the complexity of the information systems within the organization; Application of a balanced set of management, operational, and technical safeguards and countermeasures to organizational information systems to achieve defense-in-depth; Detection and response to breaches of information system boundaries; Restrictions on the use of information technologies based on the risks incurred by the deployment of such technologies * NIST Special Publication 800-39, Oct. 2007 NIST Guidance* Diversification of Information Technology Assets Homogeneity in hardware and software components can increase risk Diversifying the portfolio of information technology products translates into greater difficulty in completing attacks The degree of information technology asset diversification should be commensurate with organizational risk * NIST Special Publication 800-39, Oct. 2007 NIST Guidance* Continuous Monitoring Effective information security programs should include an aggressive continuous monitoring program An effective organization-wide continuous monitoring program includes: Configuration management and control processes for organizational information systems; Security impact analyses of changes to the organization’s information systems Assessment of selected security controls in the information systems Security status reporting to appropriate organizational officials. * NIST Special Publication 800-39, Oct. 2007 Our Solutions Address Key Security Concerns Network Security UTM Secure Content Management Secures and protects networks from viruses, Trojans, worms and other malware Prevents webbased and email-based malware from entering your network Secure Operational Continuity The ultimate back up for digital and natural disasters Global Management System An easy way to monitor, manage and report on your network SonicWALL Advantages Lower costs of acquisition and implementation Lower total cost of ownership (TCO) Lower energy consumption appliances Reduced thermal footprint/lower temperature operations Solutions FIPS Certified or on certification track with Common Criteria Company coordinates with NIST SonicWALL Broad Solution Suite A Heterogeneous Security Environment SonicOS firmware Purpose-built and hardened Competes with Cisco and Juniper Common Criteria certified (v5.0.1 on Network Security Appliance [NSA] Series) A proven platform with 13+ years in the field and over 1MM installations A dynamic platform with constant adaptation and refinement achieving Evaluation Assurance Level (EAL) 4+ Inclusion of devices utilizing SonicOS is in alignment with NIST guidance on creating a heterogeneous security environment. Guidance to Solutions – Intrusion Prevention NIST Guidance* – Signature-Based Detection Security Capabilities Information Gathering Capabilities Logging Capabilities Detection and Prevention Capabilities Management Application Layer Wireless IDPS * NIST Special Publication 800-94, Feb. 2007 ** NSA = Network Security Appliance NSA** UTM Firewalls 25K signature capability Unified Threat Management: Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention (GAV/IPS) Content Filtering Service (CFS) GMS management and ViewPoint reporting Multi-core specialized security microprocessors for industry-leading throughput with Load Balancing FIPS 140-2 Level 2 Encryption Application Layer Inspection Optional 802.11b/g Wireless LAN Intrusion Prevention: SonicWALL Approach Hidden threats Typical User Activity Typical Network Traffic: Email Our World View Firewall View 3 2 1 Traffic = multiple packets of information DATA One Packet = Header info and Data Firewall Traffic Path HEA DER Network communication, like email, file transfers and web sessions are packetized 4 Typical Firewalls INSPECT Stateful is limited that |can Version | Service Total Length Sourceinspection UDP Port | Flags | Fragment only ID block on ports Protocol | IP Checksum Source IP Address Data Inspection! Destination IP Address IP Options TTL Destination No UDP Port | Stateful Packet Inspection Packets go through unchecked! Firewall Traffic Path Source Destination 212.56.32.49 65.26.42.17 Source Port Dest Port 823747 Sequence 80 Sequence 28474 2821 Syn state IP Option SYN none SonicWALL – Deep Packet SonicWALL Signatures Source UDP Port | | | Destination UDP Port INSPECT INSPECT ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Version Service Total Length Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MSID Flags Fragment SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS Protocol 25NNTP 2ORACLE TTL IP Checksum 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN Source IP Address 25SMTP 23SNMP 17TELNET Destination IP Address 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT | | | IP Options Stateful Packet Inspection Deep Packet Inspection Deep Packet Inspection inspects all traffic moving through a device – 98% more inspection Firewall Traffic Path h Why SonicWALL is preferable: Scanning Real-time Scanning Network Use max max min min SonicWALL Version | Service | Total Length Source ID Time | Flags | Fragment UDP Port Real TTL | Protocol | IP Checksum Scanning Engine Destination um UDP Port Source IP Address Destination IP Address IP Options Protection for ALL Traffic and ALL Users # of Users Traffic Network Use Scanning Scanning Stopped max max min min Memory Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address All solutions: Memory Limited Scanning Engine Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address Memory Full Scanning Stopped # of Users Traffic Intrusion Prevention: SonicWALL Unified Threat Management Gateway Anti-Virus 24x7 Signature Updates PRO Series as In-line Threat Solution • Full L2-7 signaturebased inspection • Application awareness Unified Threat Management Wireless UTM Internal Protection WLAN Zone User Zone Data Center Scan through unlimited file sizes Scan through unlimited connections Scan over more protocols than any similar solution Anti-Spyware/Phishing for protection against malicious programs Blocks the installation of spyware Blocks spyware that is emailed and sent internally Applications Layer Threat Protection: Full protection from vulnerabilities, buffer overflows, worms, blended threats Content control, application blocking for control over IM, P2P and other apps and SPAM RBL blocking Fully updateable with pro-active intelligence and alerting Intrusion Prevention: SonicWALL Approach Behind every appliance: Purpose Built Hardened OS Performance tuned First to market scalable inspection techniques Flexible security paths Unified Threat Management Drop Easy to Deploy – plug/play Deep Inspection Engine PKT INSPECTION SERVICES FW IPS A/V CFS VPN FORWARDING ENGINE Other Forward Flow Queue NETWORK I/O ENGINE FLOW VECTOR BUS STREAM REASS’M ROUTING BW MANAGEMENT BW MANAGEMENT L2 L3 L4 L7 DEFRAG FLOW ORDER INGRESS PACKET HANDLING IKE Fast Path FLOW CLASSIFIER Rules, Identity Mgmt and Policies Unified Threat Management RATE LIMITER REFRAG EGRESS PACKET HANDLING Guidance to Solutions – Wireless NIST Guidance – Client Devices Access Points Wireless Bridges IEEE 802.11a/b/g Configuration/change control and management includes security feature enhancements and patches Standardized configurations SonicWALL NSA** and TZ Series Wireless cards and access points Secure wireless roaming Granular security policy enforcement to reflect security policy * NIST Special Publication 800-48 Aug. 2007 ** NSA = Network Security Appliance IEEE 802.11a/b/g options Multiple SSID support Central management Rogue access point detection Intrusion detection, wireless firewalling, virtual access point (VAP), and content filtering Guidance to Solutions- VPNs NIST Guidance* SonicWALL E-Class SSL-VPN Manageability High Availability and Scalability Central Reporting and Management Portal Customization High Capacity and Availability Granular Access Control Authentication Encryption and Integrity Protection Access Control Endpoint Security Controls Intrusion Prevention * NIST Special Publication 800-113, Sept. 2007 Tokenless Two-factor Authentication, and RSA support Mobile Device Support Endpoint Control: Client Interrogation and Session Protection Supporting Telework SSL-VPN can be an all-in-one solution for all user to remotely access applications Suppliers Mobile workers, Teleworkers, Partners, Contractors SSL-VPN Not just for laptops Desktops, PDAs, Smartphones HQ TeleWorkers Integrates on existing infrastructure Mobile Users Opens new opportunities to access applications from the field and provide better services 19 CONFIDENTIAL All Rights Reserved Supporting Telework Reduces traffic congestion Reduces public infrastructure costs Reduces air pollution Reduces real-estate costs Reduces office-operations costs Increases employee satisfaction Accommodates disabilities Helps meet regulatory compliance Improves public image 20 CONFIDENTIAL All Rights Reserved Guidance to Solutions – Email Security NIST Guidance* Hardening the email server Malware scanning Spam filtering Phishing filter Content Filtering Blacklist and Whitelist capabilities * NIST Special Publications SP800-45/114, Feb. / Nov. 2007 SonicWALL E-Class Email Security Hardened OS Inbound and outbound e-mail protection Dual-layer Commercial Anti-Virus Anti-spam; Anti-phishing DHA, DoS, Zombie and Other Attack Protection Attachment Scanning Group and user management Robust Policy Management Monitoring, Reporting and Log Management Guidance to Solutions – Back-Up and Recovery NIST Guidance* Ensuring that information stored on telework devices is backed up Encrypting files stored on telework devices and removable media Storage encryption * NIST Special Publication SP800-114, Nov. 2007 SonicWALL Continuous Data Protection Desktop, Laptop, Server Backup Continuous Data Protection File Versioning Open-file Backup Policy Based Backup Active Directory Backup Site-to-Site Backup Encryption Central Administration Remote Administration Guidance to Solutions – Security Management NIST Guidance* Access Control Audit and Accountability Configuration Management Identification and Authentication Maintenance System and Communications Protection System and Information Integrity SonicWALL GMS Centralized security and network management Active monitoring of heterogeneous network : single site to thousands of distributed devices VPN deployment and configuration Allows for customized security polices Granular filters can isolate individual users or groups Active device monitoring and alerting Isolate rogue hosts on network segments * NIST Special Publication SP800-53, Dec. 2006 Central Management & Reporting Infrastructure Management A powerful and intuitive tool to centrally manage, monitor, and upgrade thousands of security appliances A configuration engine to deploy a distributed VPN network A tool to distribute security services to security appliances A reporting engine to provide reports and daily logs of firewall activities Security management Change Control IT Process and Control Policy Management Reporting The SonicWALL Global Management System delivers higher quality service to the government, builds efficiencies, and increases security, availability and performance of your security infrastructure Global Management System Designed to provide enterprises with flexible, powerful and intuitive solution to centrally and remotely manage and rapidly deploy SonicWALL appliances and security policy configurations. GMS Server Management Tunnels DB Web Client GMS Delivers Secure Compliance Enforcement •GMS Delivers Policy and Management Enforcement through: Centralized Management (Encrypted and Authenticated) Strong Access Control (Read, Write, etc.) Comprehensive Audit Trails (Monitoring, Reporting, Logging) Dynamic Vulnerability Management (Unified Threat Management Subscriptions) SonicWALL ViewPoint Reporting Easy-to-use Web-based reporting tool that provides administrators with insight into the health of their network including both performance and security Intelligent and Comprehensive: To help administrators optimize security, management growth and plan for future needs, ViewPoint provides understanding of: Network events Activity of threats Employee Internet usage Bandwidth consumption SonicWALL®, Inc. is a global and publicly held company that designs, develops, and manufactures network security, secure remote access, Web and e-mail security, data backup and recovery, and policy and management solutions. SonicWALL is Financially Solid Founded 1991 Publicly traded since 1999 Financially solid (over $200 million in cash) $30 million invested in research and development 2006 30% year-over-year growth Market-leading Solutions #1 For four quarters in a row, we are the worldwide leader in units #1 Unified Threat Management For the 2nd year in a row, we are the leader in units selling for $490-$1,499 in #1 We introduced our first SSL-VPN solution in Q3’05 and quickly moved to the leading unit market share position in Security Appliances SSL-VPN Introduced SCM solution in Q4’04 and soon became a leading Web Filtering Appliance Provider Sources: IDC Quarterly Security Appliance Tracker Q4 2005; Infonetics Network Security Appliances and Software, Quarterly Worldwide Market Share and Forecast Q1’06 #3 The SonicWALL Advantage Integrated, Dedicated and Distributed Enterprise Security and Productivity Remote / Branch Office Solutions SonicWALL Solutions Client Solutions Management Solutions Solutions Completely integrated gateway security Purpose built dedicated content security Deployment specific remote office solutions Unique, fully integrated, distributed wireless connectivity Ultra-high performance, first to market deep packet inspection Dynamic, automated services and updates Scalable enterprise management, reporting and policy control SonicWALL Qualifications Enables Federal Information Security Management Act compliance Installed Base proven in the field FIPS Certifications –FIPS 140-2, Level 2 Low cost of entry, ease of deployment, and ease of management Lower TCO GSA schedule Pricing; Made in USA Letter of Supply, Solid channel distribution SonicWALL Serving Federal Govt U.S. House of Representatives Thank You! 34 CONFIDENTIAL All Rights Reserved