次世代中小企業網路、安全新架構
advertisement
次世代中小企業網路、安全新架構 Colin Wu Security Solution Consultant, Dell Security| Taiwan Agenda • Security Challenges • Firewall Enhancement features – SonicWALL Capture ATP – CFS 4.0 – SWARM • Dell Network Security Portfolio – – – – New TZ Series SonicPoint Series Dell X-Series Integration WXA / GMS • Case Study • Q&A Security Products Security Challenges siloed solutions | BYOD | encrypted everything | rapidly changing technology | unknown, zero day threats | compromised credentials Security Products Firewall Enhancement Features: -SonicWALL Capture ATP -CFS 4.0 -SWARM Security Products SonicWALL Capture Advanced Threat Protection (ATP) Service Cloud service detects and blocks zero-day threats at the gateway • Multi-engine sandbox detects more threats than single sandbox technology • Broad file type analysis and operating system support for any file-size • Blocks until verdict at the gateway (HTTP/S only) • Rapid deployment of threat intelligence • Reporting and alerts TZ SOHO Wireless - TZ600 NSA 2600 – 6600 SuperMassive 9200-9600 Security Products Increase security effectiveness against zero-day threats • Multi-engine advanced threat analysis detects more threats, can’t be evaded – Virtualized sandbox – Full system emulation – Hypervisor level analysis • Broad file type and OS environment analysis, no file size limitation – PE, MS Office, PDF, archives, JAR, APK – Windows, Android and Mac OS(H216) • Automated and manual file submission Security Products SonicWALL Capture ATP Settings Security Products SonicWALL Capture ATP Status Security Products SonicWALL Capture ATP Status Security Products SonicWALL Capture ATP File Analysis Report Security Products SonicWALL Capture ATP File Analysis Report Security Products SonicWALL Capture ATP File Upload Security Products Content Filtering Service 4.0: What’s New? 1. Block Page Override 2. Policy-Level Block Page Password required to override blocked content Personalize block page messaging per policy using CFS Action Objects 3. Wildcard Support 4. Confirm-Only URL matching now accepts wildcards (*) Confirm before accessing designated URLs 5. Embedded URI Filtering 6 SafeSearch Enforcement Embedded URIs (i.e. Google Translate no longer bypasses blocked URLs) Enforce SafeSearch for Google and Bing 7. Youtube Restricted Mode 8. New Category Enforce Youtube’s Restrict Mode to only display Youtube’s curated videos Add Radicalization and Extremism category Security Products Prioritized Policies • Policies can now be visually managed from a central location • Managed by priority link – • (#1= highest priority) Unlike CFS 3.0 (least restrictive/most permissive) Best practice: set most specific (least generic) policies to highest priority Security Products CFS Custom Category • • A domain can now be easily added to up to 4 categories Note: i.e.: aaa.com and www.aaa.com would be rated independently Security Products CFS Policies: Gluing All Together Profile and Action Objects as well as Users, Scheduling are assigned to a Policy Security Products Websense Settings UI No adjustment needed when upgrading from CFS 3.0 Security Products URI List Objects: Assigned to Profile Objects • • • • • URI Objects now support sub-domains Replaces “custom lists’ and ‘Keywords’ Lists can be imported/exported Sub-support and wildcard matching; i.e. www.*.com. URL list objects are later marked as allowed/forbidden in Profile objects Security Products Profile Object - Settings Allowed URL list: for URLs Whitelist Forbidden URL list: for URIs blacklisting Note: both lists have higher priority (verified earlier) than URI Categories Allowed/Forbidden URL searching order: Defines the matching priority Operation for Forbidden URL: if URI hits the Forbidden URI list, operation can be either block, confirm or require passphrase. Domain Category Actions/Operations: • Allow: no URI restriction • Block: standard HTML block page • Passphrase: access only for a limited period of time (1-9999 minutes) if user enters valid password • BWM: applies Bandwidth Management Objects to category • Confirm: presents an ‘advisory’ page before accessing web content Operation: 1-click to set all categories to the selected Operation Note: By default, categories 1 ~ 12 are blocked. Security Products Profile Objects: Advanced Tab Smart Filtering for Embedded URL: Filters embedded URIs when translated using Google Translate (https://translate.google.com) Google Forced Safe Search: Google Safe Search enforcement does not require DPI-SSL Enable Safe Search Enforcement: Safe Search enforcement for Yahoo.com, Lycos or Dogpile.com (does require DPI-SSL) Youtube Restrict Mode: Enforces Youtube’s proprietary ‘parental controls’ Google Forced Safe Search: Google Safe Search enforcement does not require DPI-SSL All Advanced Tab settings, including SafeSearch are configured within policies Security Products Action Objects: Block Main settings: • Wipe Cookies: The cookies inside the HTTP request will the removed to protect privacy. (Can affect Safe Search enforcement except for Google/Bing) • Enable Flow Reporting: UTM will send the HTTP/HTTPS to App Flow. For HTTPS requests, DPI-SSL needs to be active Available tag/variables in Block page tab: $$Reason$$: Displays confirmed reason (category or Forbidden URL List). $$fw_interface$$: IP address of current interface $$ClientIpAddr$$: IP address of the client $$Policy$$: the CFS policy applied to the web request Action Object configures the operation set in the Profile Object Security Products Action Object: Passphrase Type Enter Password: allows content access if user provides a given password Mask Password: If enabled, requires re-entering password in Confirm Password Active Time: allows content access for this time duration (up to 9999 minutes) Security Products Passphrase In Action After entering the correct password, user can access web content Security Products Profile Object: Confirm Type 24 $$ConfirmLink$$: will display the “Continue” and “Close” links (must be used only once in HTML) Security Products Confirm In Action User is required to Acknowledge web access to proceed Security Products Action Object – BWM (Bandwidth Management) Per Policy: The bandwidth limit is individually applied to each policy i.e.: two policies; each has an independent limit of 500kb/s, the total possible bandwidth between those two rules is 1000kb/s Per Action: The bandwidth limit is shared across all policies to which it is applied i.e.: two policies share a BWM limit of 500kb/s, limiting the total bandwidth between both policies to 500kb/s Designate Egress and Ingress BWM objects: Go to Firewall Settings BWM to configure them Security Products Security Products SWARM Summary Security Products Top Applications by Category Security Products Top Applications by Bandwidth Security Products Top Exploitation Attempts Security Products Top Countries by Traffic Security Products Top Traffic Usage by IP & Top User Sessions Security Products Risk Definitions & Vulnerability Descriptions Security Products Dell Network Security Portfolio -New TZ Series -Sonic Point Series -Dell X-Series Integration -WXA / GMS Security Products Challenge: Managing multiple point solutions Small and Medium Business with a single location Switches Firewalls Wireless Security Products Security Products Dell SonicWALL NGFW Lineup Enterprise, Data Center Dell SonicWALL SuperMassive Series SMB/Campus/Branch Dell SonicWALL New NSA Series Supermassive 9800 Supermassive 9600 SuperMassive 9400 SuperMassive 9200 Dell SonicWALL NSA Series Dell SonicWALL TZ Series NSA2600 SuperMassive E10800 SuperMassive E10400 SuperMassive E10200 NSA3600 NSA4600 NSA5600 NSA6600 SOHO TZ300 / TZ 400 TZ500 / TZ 600 Security Products New TZ series Security Products Design drivers for the new TZ series Security Products Dell SonicWALL TZ 600 4 x 1.4 GHz 1 GB System Memory 10x1GbE Copper 2 USB 3.0 64MB Flash No Integrated Wireless SPI (Mbps) 1,500 Full DPI (Mbps) 500 Anti-malware (Mbps) 500 IPS (Mbps) 1,100 IPSec VPN (Mbps) 1,100 Security Products Dell SonicWALL TZ 500 4 x 1.0 GHz 1 GB System Memory 8 x 1GbE Copper 2 USB 3.0 64MB Flash Integrated Wireless 802.11ac SPI (Mbps) 1,400 Full DPI (Mbps) 400 Anti-malware (Mbps) 400 IPS (Mbps) 1,000 IPSec VPN (Mbps) 1,000 Security Products Dell SonicWALL TZ 400 4 x 800 MHz 1 GB System Memory 7 x 1GbE Copper 1 USB 3.0 64MB Flash Integrated Wireless 802.11ac SPI (Mbps) 1,300 Full DPI (Mbps) 300 Anti-malware (Mbps) 300 IPS (Mbps) 900 IPSec VPN (Mbps) 900 Security Products Dell SonicWALL TZ 300 2 x 800 MHz 1 GB System Memory 5 x 1GbE Copper 1 USB 3.0 64MB Flash Integrated Wireless 802.11ac SPI (Mbps) 750 Full DPI (Mbps) 100 Anti-malware (Mbps) 100 IPS (Mbps) 300 IPSec VPN (Mbps) 300 Security Products Dell SonicWALL SOHO 2 x 400 MHz 512 MB System Memory 5 x 1GbE Copper 1 USB 2.0 32 MB Flash Integrated Wireless 802.11n SPI (Mbps) 300 Full DPI (Mbps) 50 Anti-malware (Mbps) 50 IPS (Mbps) 100 IPSec VPN (Mbps) 100 Security Products Dell X-Series Integration Security Products Dell SonicWALL and Dell Networking Cooperation SMB Oriented 8-52 Ports with PoE and PoE+ Compact & Power Efficient Security Products Getting Started with X-Series Switch Integration Assumptions Up-to 2 Switches for Provisioning Single Switch Switches must be in Managed Mode Multiple Switches VLANs support via dedicated links only VLANs Config. Of Switches via Firewall only High Availability Security Products Configuring an X-Series Switch in a TZ Firewall X-Series switch default User Name: admin Password: admin IP Address: 192.168.2.1 Common Uplink From Port Graphics or Port Configuration tab, Set up Portshields – Port 3 to X3 Port 5 to X5 X4 & Port 6 are on the same subnet 192.168.2.0 Management & Data share the same link Security Products Logging/Syslog, Diagnostics Support • • Syslog support available for the following critical events • Add/Delete of switch • Configuration of portshield on an extended switch port • Network events like Port Up/Down Diagnostics Support • Statistics of Extended Switch Ports • Upgrade of firmware image, boot image on the Extended Switch • Reload of the Extended Switch Extended Switch Statistics Extended Switch Restart Firmware Management Security Products Sonic Point Series Security Products Dell Sonic Point Series • • • • • • SonicPoint ACe 802.11ac 3x speed of 802.11n Enterprise chipset Dual radio – ac & n 6 external antennas Plenum rated • • • • • • SonicPoint ACi 802.11ac 3x speed of 802.11n Enterprise chipset Dual radio – ac & n Internal antennas Plenum rated Requires SonicOS 5.9.1.0 (Gen5) or 6.2.2.0 (Gen6) GMS 7.2 SP3 • • • • • • SonicPoint N2 802.11n Enterprise chipset Faster than NDR Dual radio – both n 6 external antennas Plenum rated Security Products Dell SonicWALL differentiators • Simplified deployment Integrated wireless controller Auto-detection and auto-provisioning • Comprehensive security DPI security for wired and wireless traffic Application control, SSL decryption/inspection, intrusion prevention, content filtering Wireless security features Virtual access points Wireless guest services External guest authentication (LHM) Captive portal Wireless intrusion detection/prevention Security Products SonicWALL WXA Series Security Products Dell SonicWALL WXA Series WXA 500 software WXA 6000 software WXA 2000 WXA 4000 WXA 5000 Security Products What Applications Can be Accelerated? • Internal web applications • FTP transfers • Windows File Sharing resources • SharePoint • Database apps • Backup and Recovery (client-to-appliance CDP) • Database replication • and more… Security Products Multi-Site VPN Deployment Multiple remote offices connecting back to a central office Solution Requirements • TZ/NSA firewalls • WXA appliances • Site-to-site VPN tunnels Results: Traffic between the sites is optimized with minimal configuration Security Products Using Dedicated WAN Links Leveraging dedicated WAN links between offices Solution Requirements • TZ/NSA firewalls • WXA appliances • Dedicated WAN Links Results: Traffic between the sites is optimized with minimal configuration Security Products HTTP (Web) Caching Deployment Solution Requirements • TZ/NSA Next-Generation Firewall • WXA appliance • Internet-based content Results: Reduction in traffic load for Internet-based content Security Products WXA Client, NetExtender configuration • WXAC tab appears if licensed • Plug-in is downloaded directly from the WXA appliance • For devices running Windows Security Products Demonstrating and Quantifying the Benefits of WAN Acceleration Visualizing the benefits of using WAN Acceleration Security Products GMS Security Products GMS 8.0 – Workflow, New Reports, higher performance, and more Security Products GMS 8.0 Workflow: Four steps to error-free policy management 1. Configure & Compare 2. Validate 3. Review & Approve 4. Deploy Audit GMS configures policy change orders and colorcodes them for clear comparisons GMS performs an integrity validation of the policy’s logic GMS emails reviewers and logs a (dis)approval audit trail of the policy GMS deploys the policy changes immediately or on a schedule The change logs enable accurate policy auditing and precise compliance data Security Products Enhanced Access Rules screen Security Products Add a new rule Security Products Edit a rule Security Products Delete a rule Security Products View active Change Order View dialog Security Products Edit time settings Security Products Change Orders screen Security Products Email Notification (sample) Security Products GMS 8.0 – New Reports • New MAC Address Based Reports showing device types • New Botnet, Geo-IP Reports showing firewall filtered protection • New pre-defined reports for HIPAA and SOX for compliance • New customized sorting of Web Activity reports by connections or bytes Security Products MAC Address Reporting • Reports Affected: – – – – – – Data Usage Web Activity User Activity Attacks Authentication Log Analyzer • Endpoint Contexts: – – – – Initiators Targets Responders With Filter Bar Functionality Security Products Botnet Reporting • Report Templates: – – – – Attempts Targets Initiators Timeline • Attack Vector Contexts: – Botnet ID, IP Addresses, Countries, Hosts, Ports, Interfaces – Initiator/Target, Source/Destination, User – With Filter Bar Functionality Security Products Geo-IP Reporting • Report Templates: – – – – Attempts Targets Initiators Timeline • Attack Vector Contexts: – IP Addresses, Countries, Hosts, Ports, Interfaces – Initiator/Target, Source/Destination, User – With Filter Bar Functionality Security Products HIPAA/SOX Reporting Templates • Providing Auditable Data for: – – – – – – – – – – Intrusions Detected Intrusions Blocked Intrusions Initiators Attack attempts Attack targets Attack initiators Web Activity - initiators Applications Detected Applications Blocked Attack Initiators Security Products GMS 8.0 – Reporting Engine Design Improvements • Reports link directly to threat signature and CVE reference information in UI and .pdfs Security Products HR Reports – Top Users of Web and Blocked Web • Scheduled reports of: The biggest users of the web Top N Users of Web sorted by Browse Time showing Top N Websites/User The biggest users of blocked sites Top N Users of Blocked Web sorted by Attempts Showing Top N Websites/User The most frequently visited websites Top N Websites sorted by Browse Time Showing Top N Users Security Products Summary Security Products Security Retail Network Converged Infrastructure solution from Dell Dell SonicWALL WXA Security Products Secured retail network with single centralized management console The Dell Solution 1. Global Management System (GMS) manages firewalls 2. Firewalls control • Access Points • Switches • Enforced Endpoints • WAN Acceleration Dell SonicWALL WAN Acceleration Dell X-Series Switch with PoE Dell Advantage Single Management Console Lower Operating Costs Converged Infrastructure Port Expansion Scalability Dell SonicWALL SonicPoint Security Products Case Study Security Products Case Study Internal Use Only – Dell Confidential Security Products Q&A Security Products Thank you Internal Use Only – Dell Confidential Security Products
