Guidance to Improved
Information Security
SonicWALL Solutions for Federal Government
8.5.08
Need for Internet Security
Changing Nature of Attacks
 Critical infrastructures reliant on Internet
 Full-blown cyber “shadow” war: Systematic
probing and attacks by hostile entities


Exploitation of application vulnerabilities
Dramatic increase in the speed and
sophistication of blended threats
 New threats, Spyware, Phishing,
Wireless threats
 Compounded by human factors and
social engineering
NIST Guidance*
Risk-Based Protection Strategies
Defense-in-breadth considerations include:
 Diversification of the portfolio of information technology
assets within the organization;
 Management of the complexity of the information systems within the
organization;
 Application of a balanced set of management, operational, and
technical safeguards and countermeasures to organizational
information systems to achieve defense-in-depth;
 Detection and response to breaches of information system
boundaries;
 Restrictions on the use of information technologies based on the
risks incurred by the deployment of such technologies
* NIST Special Publication 800-39, Oct. 2007
NIST Guidance*
Diversification of Information Technology Assets
 Homogeneity in hardware and software components can
increase risk

Diversifying the portfolio of information technology
products translates into greater difficulty in completing
attacks

The degree of information technology asset
diversification should be commensurate with
organizational risk
* NIST Special Publication 800-39, Oct. 2007
NIST Guidance*
Continuous Monitoring
 Effective information security programs should include
an aggressive continuous monitoring program
 An effective organization-wide continuous monitoring
program includes:
 Configuration management and control processes for
organizational information systems;
 Security impact analyses of changes to the organization’s
information systems
 Assessment of selected security controls in the
information systems
 Security status reporting to appropriate organizational
officials.
* NIST Special Publication 800-39, Oct. 2007
Our Solutions Address Key Security Concerns
Network Security
UTM
Secure Content
Management
Secures and
protects
networks from
viruses,
Trojans, worms
and other
malware
Prevents webbased and
email-based
malware from
entering your
network
Secure
Operational
Continuity
The ultimate
back up for
digital and
natural
disasters
Global Management System
An easy way to monitor, manage and report on your network
SonicWALL Advantages
 Lower costs of acquisition and implementation
 Lower total cost of ownership (TCO)
 Lower energy consumption appliances
 Reduced thermal footprint/lower temperature operations
 Solutions FIPS Certified or on certification track with
Common Criteria

Company coordinates with NIST
SonicWALL Broad Solution Suite
A Heterogeneous
Security Environment
SonicOS firmware


Purpose-built and hardened



Competes with Cisco and Juniper
Common Criteria certified (v5.0.1 on Network Security Appliance [NSA]
Series)
A proven platform with 13+ years in the field and over 1MM installations
A dynamic platform with constant adaptation and refinement
achieving Evaluation Assurance Level (EAL) 4+
Inclusion of devices utilizing SonicOS is
in alignment with NIST guidance on creating
a heterogeneous security environment.
Guidance to Solutions –
Intrusion Prevention
NIST Guidance* –
 Signature-Based Detection
 Security Capabilities
 Information Gathering
Capabilities
 Logging Capabilities
 Detection and Prevention
Capabilities
 Management
 Application Layer
 Wireless IDPS
* NIST Special Publication 800-94, Feb. 2007
** NSA = Network Security Appliance
NSA** UTM Firewalls
 25K signature capability
 Unified Threat Management:
Gateway Anti-Virus, Anti-Spyware
and Intrusion Prevention (GAV/IPS)
 Content Filtering Service (CFS)
 GMS management and ViewPoint
reporting
 Multi-core specialized security
microprocessors for industry-leading
throughput with Load Balancing
 FIPS 140-2 Level 2 Encryption
 Application Layer Inspection
 Optional 802.11b/g Wireless LAN
Intrusion Prevention:
SonicWALL Approach
Hidden threats
Typical User Activity
Typical Network Traffic: Email
Our World View
Firewall View
3
2
1
Traffic = multiple packets of information
DATA
One Packet = Header info and Data
Firewall Traffic Path
HEA
DER
Network
communication, like
email, file transfers
and web sessions
are packetized
4
Typical Firewalls
INSPECT
Stateful is limited
that |can
Version | Service
Total Length
Sourceinspection
UDP Port
| Flags
| Fragment
only ID
block
on ports
Protocol | IP Checksum
Source IP Address
Data
Inspection!
Destination IP Address
IP Options
TTL
Destination
No
UDP Port
|
Stateful
Packet
Inspection
Packets go through unchecked!
Firewall Traffic Path
Source
Destination
212.56.32.49
65.26.42.17
Source Port
Dest Port
823747
Sequence
80
Sequence
28474
2821
Syn state
IP Option
SYN
none
SonicWALL – Deep Packet
SonicWALL Signatures
Source
UDP Port
|
|
|
Destination
UDP Port
INSPECT
INSPECT
ATTACK-RESPONSES 14BACKDOOR
58BAD-TRAFFIC 15DDOS 33DNS
19DOS 18EXPLOIT >35FINGER
13FTP 50ICMP
115Instant
Version
Service
Total Length
Messenger 25IMAP 16INFO
7Miscellaneous44MS-SQL
24MSID
Flags Fragment
SQL/SMB 19MULTIMEDIA 6MYSQL
2NETBIOS Protocol
25NNTP 2ORACLE
TTL
IP Checksum
25P2P 51POLICY 21POP2 4POP3
18RPC 124RSERVICES
13SCAN
Source IP Address
25SMTP 23SNMP 17TELNET
Destination
IP Address
14TFTP
9VIRUS 3WEB-ATTACKS
47WEB-CGI 312WEB-CLIENT
|
|
|
IP Options
Stateful
Packet
Inspection
Deep
Packet
Inspection
Deep Packet Inspection inspects
all traffic moving through a device
– 98% more inspection
Firewall Traffic Path
h
Why SonicWALL is preferable:
Scanning
Real-time Scanning
Network Use
max
max
min
min
SonicWALL
Version | Service | Total Length
Source
ID Time
| Flags | Fragment
UDP Port Real
TTL | Protocol
| IP Checksum
Scanning
Engine
Destination
um UDP Port
Source IP Address
Destination IP Address
IP Options
Protection for ALL Traffic
and ALL Users
# of Users
Traffic
Network Use
Scanning
Scanning
Stopped
max
max
min
min
Memory
Version | Service | Total Length
ID
|
Flags | Fragment
TTL | Protocol | IP Checksum
Source IP Address
Destination IP Address
All solutions:
Memory Limited
Scanning Engine
Version | Service | Total Length
ID
|
Flags | Fragment
TTL | Protocol | IP Checksum
Source IP Address
Destination IP Address
Version | Service | Total Length
ID
|
Flags | Fragment
TTL | Protocol | IP Checksum
Source IP Address
Destination IP Address
Memory Full Scanning Stopped
# of Users
Traffic
Intrusion Prevention:
SonicWALL Unified Threat Management
 Gateway Anti-Virus
24x7 Signature Updates
PRO Series as
In-line Threat
Solution
• Full L2-7 signaturebased inspection
• Application
awareness

Unified Threat Management

Wireless UTM

Internal
Protection

WLAN
Zone
User
Zone
Data Center
 Scan through unlimited file sizes
 Scan through unlimited
connections
 Scan over more protocols than
any similar solution
Anti-Spyware/Phishing for protection
against malicious programs
 Blocks the installation of spyware
 Blocks spyware that is emailed
and sent internally
Applications Layer Threat Protection:
 Full protection from vulnerabilities,
buffer overflows, worms, blended
threats
Content control, application blocking
for control over IM, P2P and other
apps and SPAM RBL blocking
Fully updateable with pro-active
intelligence and alerting
Intrusion Prevention:
SonicWALL Approach
Behind every appliance:
Purpose Built Hardened OS
Performance tuned
First to market scalable inspection
techniques
Flexible security paths
Unified Threat Management Drop
Easy to Deploy – plug/play
Deep Inspection Engine
PKT INSPECTION SERVICES
FW
IPS
A/V
CFS
VPN
FORWARDING
ENGINE
Other
Forward
Flow
Queue
NETWORK
I/O ENGINE
FLOW VECTOR BUS
STREAM REASS’M
ROUTING
BW MANAGEMENT
BW MANAGEMENT
L2
L3
L4
L7
DEFRAG
FLOW ORDER
INGRESS PACKET
HANDLING
IKE
Fast
Path
FLOW CLASSIFIER
Rules, Identity Mgmt
and Policies
Unified Threat Management
RATE LIMITER
REFRAG
EGRESS PACKET
HANDLING
Guidance to Solutions – Wireless
NIST Guidance –
 Client Devices
 Access Points
 Wireless Bridges
 IEEE 802.11a/b/g
 Configuration/change control
and management includes
security feature
enhancements and patches
 Standardized configurations
SonicWALL NSA** and
TZ Series

Wireless cards and access
points






Secure wireless roaming

Granular security policy
enforcement
to reflect security policy
* NIST Special Publication 800-48 Aug. 2007
** NSA = Network Security Appliance
IEEE 802.11a/b/g options
Multiple SSID support
Central management
Rogue access point detection
Intrusion detection, wireless
firewalling, virtual access point
(VAP), and content filtering
Guidance to Solutions- VPNs
NIST Guidance*
SonicWALL E-Class
SSL-VPN


Manageability
High Availability
and Scalability

Central Reporting and
Management



Portal Customization


High Capacity and Availability



Granular Access Control



Authentication
Encryption and Integrity
Protection
Access Control
Endpoint Security Controls
Intrusion Prevention
* NIST Special Publication 800-113, Sept. 2007
Tokenless Two-factor
Authentication, and RSA support
Mobile Device Support
Endpoint Control: Client
Interrogation and Session
Protection
Supporting Telework
 SSL-VPN can be an all-in-one solution
for all user to remotely access applications
Suppliers
 Mobile workers, Teleworkers,
Partners, Contractors
SSL-VPN
 Not just for laptops
 Desktops, PDAs, Smartphones
HQ
TeleWorkers
 Integrates on existing infrastructure
Mobile Users
 Opens new opportunities to access applications from the
field and provide better services
19
CONFIDENTIAL All Rights Reserved
Supporting Telework
 Reduces traffic congestion
 Reduces public infrastructure costs
 Reduces air pollution
 Reduces real-estate costs
 Reduces office-operations costs
 Increases employee satisfaction
 Accommodates disabilities
 Helps meet regulatory compliance
 Improves public image
20
CONFIDENTIAL All Rights Reserved
Guidance to Solutions –
Email Security
NIST Guidance*
 Hardening the email
server
 Malware scanning
 Spam filtering
 Phishing filter
 Content Filtering
 Blacklist and Whitelist
capabilities
* NIST Special Publications SP800-45/114, Feb. / Nov. 2007
SonicWALL E-Class
Email Security
 Hardened OS
 Inbound and outbound e-mail
protection
 Dual-layer Commercial Anti-Virus
 Anti-spam; Anti-phishing
 DHA, DoS, Zombie and
Other Attack Protection




Attachment Scanning
Group and user management
Robust Policy Management
Monitoring, Reporting and Log
Management
Guidance to Solutions –
Back-Up and Recovery
NIST Guidance*
 Ensuring that
information stored on
telework devices
is backed up
 Encrypting files stored on
telework devices and
removable media
 Storage encryption
* NIST Special Publication SP800-114, Nov. 2007
SonicWALL Continuous
Data Protection










Desktop, Laptop, Server Backup
Continuous Data Protection
File Versioning
Open-file Backup
Policy Based Backup
Active Directory Backup
Site-to-Site Backup
Encryption
Central Administration
Remote Administration
Guidance to Solutions –
Security Management
NIST Guidance*
 Access Control
 Audit and Accountability
 Configuration Management
 Identification and
Authentication
 Maintenance
 System and Communications
Protection
 System and Information
Integrity
SonicWALL GMS
 Centralized security and network
management
 Active monitoring of heterogeneous
network : single site to thousands of
distributed devices
 VPN deployment and configuration
 Allows for customized security
polices
 Granular filters can isolate individual
users or groups
 Active device monitoring and alerting
 Isolate rogue hosts on network
segments
* NIST Special Publication SP800-53, Dec. 2006
Central Management & Reporting
Infrastructure Management

A powerful and intuitive tool to centrally
manage, monitor, and upgrade thousands
of security appliances

A configuration engine to deploy a
distributed VPN network

A tool to distribute security services to
security appliances

A reporting engine to provide reports and
daily logs of firewall activities
Security
management
Change
Control
IT Process
and Control
Policy
Management
Reporting
The SonicWALL Global Management System delivers higher quality
service to the government, builds efficiencies, and increases security,
availability and performance of your security infrastructure
Global Management System
Designed to provide enterprises with flexible, powerful and intuitive solution to
centrally and remotely manage and rapidly deploy SonicWALL appliances and
security policy configurations.
GMS Server
Management Tunnels
DB
Web Client
GMS Delivers Secure Compliance
Enforcement
•GMS Delivers Policy and Management Enforcement through:
 Centralized Management (Encrypted and Authenticated)
 Strong Access Control (Read, Write, etc.)
 Comprehensive Audit Trails (Monitoring, Reporting, Logging)
 Dynamic Vulnerability Management (Unified Threat Management
Subscriptions)
SonicWALL ViewPoint Reporting
Easy-to-use Web-based reporting tool that provides
administrators with insight into the health of their
network including both performance and security
 Intelligent and Comprehensive: To help administrators optimize security,
management growth and plan for future needs, ViewPoint provides
understanding of:
 Network events
 Activity of threats
 Employee Internet usage
 Bandwidth consumption
SonicWALL®, Inc. is a global and publicly
held company that designs, develops, and
manufactures network security, secure
remote access, Web and e-mail security,
data backup and recovery, and policy and
management solutions.
SonicWALL is Financially Solid
 Founded 1991
 Publicly traded since 1999
 Financially solid (over $200 million in cash)
 $30 million invested in research and development 2006
 30% year-over-year growth
Market-leading Solutions
#1
For four quarters in a row, we are
the worldwide leader in units
#1
Unified Threat
Management
For the 2nd year in a row, we
are the leader in units selling for
$490-$1,499 in
#1
We introduced our first SSL-VPN
solution in Q3’05 and quickly moved
to the leading unit market share
position in
Security Appliances
SSL-VPN
Introduced SCM solution in Q4’04
and soon became a leading
Web Filtering
Appliance Provider
Sources: IDC Quarterly Security Appliance
Tracker Q4 2005; Infonetics Network Security
Appliances and Software, Quarterly Worldwide
Market Share and Forecast Q1’06
#3
The SonicWALL Advantage
Integrated, Dedicated and Distributed
Enterprise
Security and
Productivity
Remote /
Branch Office
Solutions
SonicWALL
Solutions
Client
Solutions
Management
Solutions
Solutions
Completely integrated gateway
security
Purpose built dedicated content
security
Deployment specific remote office
solutions
Unique, fully integrated,
distributed wireless connectivity
Ultra-high performance, first to market
deep packet inspection
Dynamic, automated services and
updates
Scalable enterprise management,
reporting and policy control
SonicWALL Qualifications







Enables Federal Information Security Management Act compliance
Installed Base proven in the field
FIPS Certifications –FIPS 140-2, Level 2
Low cost of entry, ease of deployment, and ease of management
Lower TCO
GSA schedule Pricing; Made in USA Letter of Supply,
Solid channel distribution
SonicWALL Serving Federal Govt
U.S. House of Representatives
Thank You!
34
CONFIDENTIAL All Rights Reserved