Network G

1
Network Güvenligi Ve Atak Önleme
ÇözümleriAkademik Bilisim 2006

• Orhan ORTAÇ
• orhan_ortac_at_3com.com

2
Agenda

• History and Trend
• 3Coms Security Strategy
• Security Solutions
• 3Com Tippingpoint IPS (Intrusion Prevention
  System)
• 3Com X505 Firewall
• Correct solution

3
History And Trend
4
History And Trend Virus Worm

• 1949 First virus program idea
• 1984 Called Virus (Fred Cohen)
• 1986 First PC virus Brain
• 1987 Lehigh
• 1988 Jerusalem . . .
• 1992 Total of 1300 known virus. 18 New Virus
  /Month
• 2001 Nimda
• 2003 Blaster
• 2004 Sasser

5
History And Trend - Historical Network
Configuration
Router
Firewall
Trusted Zone
Marketing
Financial
DesktopPCs
Switch
Engineering
Mail
Sales
CAD
6
History And Trend - Historical Network
Configuration
To 115.13.73.1
From 66.121.11.7
FTP-21
HTTP-80
Sub 7-6776
Quake-26000
SMTP-25
7
History And Trend What about atacks?

• Microsoft is the most popular O.S.
• Weak applications has vulnerabilities
• Protocol based vulnerabilities
• TCP / IP
• SMTP / FTP ...
• VoIP vulnerabilities
• Low level administration
• 2500 known atack types !

8
History And Trend Todays Firewall
Configurations
FTP-21
BackOrifice-31337
SMTP-25
9
History And Trend - Summary

• Increasing rate of new vulnerabilities and
  decreasing time to patch
• IT complexity hinders security practice
  implementation
• Increasing number of attacks and attackers
• Walk-in worms, e-mail attacks, spyware
• More connected end points on the network
• Increasing number of applications
• VoIP Deployment
• Lack of IT resources

Security Gap
Security Demands
Business Security Capacity
Time, Business Growth
10
Customer Requirements ?
11
Customer Requirements

• High network performance and uptime
• High level information security
• Automated security control
• Centralized management

12
What is the best strategy?3Coms Security
Strategy
13
3Coms Security Strategy - What is the strategy
?

• Secure Network
• Overlaid or Embedded Security
• Adaptive and Dynamic Protection
• Automatic and Centrally Manageable

Security
Converged

• Converged Network
• Multi-service Network
• Synergy between infrastructure elements
• Edge-to-Core Coverage

Networks

• Customer Benefits
• Business Continuity
• Capital Efficiency and Cost Reduction
• Corporate Control and Visibility

14
3Coms Security Strategy - The 3Com Offer

• Inline, wire-speed blocking of malicious traffic
• Integrated Firewall, IPS, VPN, URL Filtering

• 3Com TippingPoint IPS
• 3Com X505

15
Security SolutionsIntrusion Prevention System
3Com Tippingpoint IPS
16
Security SolutionsSecurity Appliance Evolution
1998
1999
2000
2001
2002
2003
2004
2005
2006
Performance concerns begin to shift FW market
towards appliances FW and IPSec bundled
Layer 7 inspection and SSL VPN introduced ASICs,
acceleration and HA become commonplace
VoIP, L7 and multi-service platforms drive
performance requirements
Security proliferates in switches
Firewalls increasing in importance to large
enterprise
Firewall appliances equal 53 of mkt Security is
a choke point
IDS appliances equal 24 of mkt FW/VPN
appliances equal 63 of mkt
IDS/IPS appliances equal 49 of mkt CKPT, ISS,
SCUR introduce appliances
SSL / IPSec / FW / IPS appliances begin to
proliferate Standalone SSL integrates other
security services
Source Frost Sullivan
17
Security Solutions TippingPoint Closes the Gap
with Intrusion Prevention
Traffic Anomaly
18
Security Solutions Application Protection
Defends Clients and Servers

• Protect
• Microsoft Applications Operating Systems
• Oracle Applications
• Linux O/S
• VoIP
• From
• Worms/Walk-in Worms
• Viruses
• Trojans
• DDoS Attacks
• Internal Attacks
• Unauthorized Access

Application Protection
Intrusion Prevention Systems
Infrastructure Protection
Performance Protection

• Performs Total Inspection at Layers 2-7
• Protects Vulnerabilities
• Protects Perimeter and Internal Network
• Provides Day-Zero Attack Protection
• Eliminates Emergency Patching Triage
• Prevents Application and O/S Damage/Downtime

19
Security Solutions Infrastructure Protection
Defends Network Equipment

• Protect
• Routers (e.g. Cisco IOS)
• Switches
• Firewalls (e.g. Netscreen OS, CheckPoint FW1)
• VoIP
• From
• Worms/ Walk-in Worms
• Viruses
• Trojans
• DDoS Attacks
• SYN Floods
• Traffic Anomalies

Application Protection
Intrusion Prevention Systems
Infrastructure Protection
Performance Protection

• Protects Network Equipment
  Vulnerabilities
• Protects Against Anomalous Traffic
  Behavior
• Automatic Baselining
• Rate Limit, Block, or Alert on Thresholds
• Supports Custom IP filters, ACLs

20
Security Solutions Performance Protection
Defends Overall Network Performance

• Protect
• Bandwidth
• Server Capacity
• Mission-Critical Traffic
• From
• Peer-to-Peer Apps
• Unauthorized Instant Messaging
• Unauthorized Applications
• DDoS Attacks

Application Protection
Intrusion Prevention Systems
Infrastructure Protection
Performance Protection

• Increases Network Performance Even When Not Under
  Attack
• Rate Limits Non-Mission Critical Applications
• Eliminates Bandwidth Hijacking
• Controls Rogue Applications
• Eliminates Misuse and Abuse
• Controls Peer-to-Peer Traffic

21
Security Solutions Quarantine Automatic
Protection

• Quarantine Process
• Client Authenticates via SMS
• SMS acts as Radius proxy, learns MAC/Switch/Port
  from Switch via RADA

RADIUS

1. EVENT Illegal Activity

1. SMS resolves IP to MAC
2. MAC Address is placed into a blacklist and policy
   set
3. SMS forces re-authentication of compromised
   device
4. Device is contained within the set policy at the
   access switch ingress port

2
SMS
4
5
Safe Zone
1
3
Core
6
TippingPoint IPS
7
Access Switches
Clients
Breach to Containment in under 5 seconds
22
Security Solutions Security Management System

• Hardware is included with SMS purchase and
  software ispre-installed
• Installation Ease
• Scalable
• Enterprise-wide security policy management
• Port-by-port policy
• Device-by-device policy

23
Security Solutions IPS and Switching
Infrastructure
Internet
Home Users Using WLAN/Broadband
Router
Mobile Devices
Firewall
Mkt
Supplier Connectedto Sales Server
Financial
WAP
Switch
Engineering
TrustedZone
Mobile Users Connected to LAN
CAD
Mail
Sales
24
Security Solutions TippingPoint Product Line
25
Security Solutions Automatic Digital Vaccines

• SANS
• CERT
• Vendor Advisories
• Bugtraq
• VulnWatch
• PacketStorm
• Securiteam

_at_RISK Weekly Report
Digital Vaccine Automatically Delivered to
Customers

• Filter Types
• Signature
• Vulnerability
• Traffic and/or Statistical Anomaly

Scalable distribution network using Akamais
9,700 servers in 56 countries
26
Security Solutions Summary of Core IPS Features
Feature Benefit
Purpose-Built Custom ASIC Hardware Platform Extensible Platform for Uncompromising Security and Networking
50Mb 5Gb Performance Scalable Solutions for Perimeter and Internal Protection
Switch-Like Latency Inline Network Deployment Without Impacting Network Performance
Inline Attack Blocking Effective Proactive Attack Termination
Recommended Settings Automatic Security, both out of the box and ongoing
Rate Shaping Bandwidth Management and Network Performance Protection
Complete Filtering Methods (signature, protocol anomaly, vulnerability, traffic anomaly) Proactive Accurate and Comprehensive Attack Filtering
DDoS SYN Proxy and Connection Rate Limiters    Advanced Protection for Evolving DDoS Attacks
27
Security Solutions Select TippingPoint Customers
28
Security Solutions TippingPoint Awards
SC Global Awards 2005 Principal
AwardsTippingPoint was named the Best Security
Solution in the 2005 SC Global Awards for the
best overall solution for dealing with todays
threats to information security and the
protection of corporate information assets.
Common Criteria CertificationTippingPoint is
the first Intrusion Prevention System (IPS) to
obtain all four government-validated protection
profiles analyzer, sensor, scanner and system.
SC Magazine Best BuyTippingPoint was selected by
SC Magazine as a "Best Buy" in their group test
of intrusion prevention products.
IDG Network Awards 2004 WinnerTippingPoint is
the winner of the "Network Protection Product of
the Year" from IDG and TechWorld.com. The
prestigious IDG awards recognize the very best in
the industry and reward companies for innovative
and effective use of networking technology.
Frost and Sullivan 2005 Network Security
Infrastructure Protection Entrepreneurial Company
of the YearTippingPoint was named the 2005
Network Security Infrastructure Protection
Entrepreneurial Company of the Year by Frost
Sullivan.
eWeek Labs Analyst's Choice AwardTippingPoint's
IPS ably handled both real and staged attacks on
week Labs' test network, attached to the Internet
for nearly a week.
Information Security Magazine 2004 Product of the
YearTippingPoint was selected by Information
Security Magazine as "2004 Product of the Year"
for Intrusion Prevention Systems.
NSS Gold AwardTippingPoints Intrusion
Prevention System is the first and only product
to win the coveted NSS Gold Award in the IPS
space.
The Tolly Group "Up To Spec"Performance and
security benchmark. TippingPoint's IPS
demonstrated 100 security accuracy at 2 Gbps.
CompTIA "Best New Product"TippingPoint's
Intrusion Prevention Systems were named "Best New
Product" in the hardware category at the
Executive Breakaway 2003 Conference hosted by
CompTIA in Halifax, Canada.
eWeek Excellence AwardTippingPoint's Intrusion
Prevention Systems received the "Enterprise
Resource Protection" eWeek Excellence Award
announced in the April 5, 2004 issue of eWeek
Magazine.
SC Magazine Best Buy of 2004TippingPoint's was
selected by SC Magazine as a "Best Buy in 2004"
for intrusion prevention
InfoWorld 100University of Dayton, a
TippingPoint customer, was recognized as a
technological leader and awarded with the
'InfoWorld 100' for its advancements made through
implementing TippingPoint's Intrusion Prevention
Systems.
SANS "Trusted Tool"TippingPoints Intrusion
Prevention System has been selected as a "Trusted
Tool" by the SANS Institute, the world's premier
security research and training organization.
University Business Magazine "Show Stopper"
AwardTippingPoint's Intrusion Prevention Systems
were awarded the "Show-Stopper" at the 2003
Educause Conference in Anaheim, California.
29
Security Solutions3Com X505 Firewall
30
Integrated Security Platform Built on IPS
Bandwidth Management
Multicast Routing
Web Filtering
Firewall
VPN
Provide support for next generation IP
conferencing applications
IPSec VPN to transform the Internet into a secure
converged network for multi-site connectivity
To protect against offensive web content and
enforce acceptable usage policies
QoS and bandwidth management to improve network
performance and provide policy based traffic
shaping
Traditional firewall technology to provide access
control and policy enforcement
IPS
Industry leading TippingPoint IPS technology and
Digital Vaccine protection
IPS is the core function that creates value in,
and serves as the foundation of, the X505. All
other features are accessories to the IPS core.
31
What is the TippingPoint X505

• Integrated Security Platform GA 12/1/05
• Combining Market Leading IPS with
• Firewall, IPSec-VPN, Web content filtering,
  routing policy based traffic shaping
• Same TippingPoint Digital Vaccine
• Same Threat Suppression Engine
• Enhanced Local Security Manager
• Extreme Flexibility
• For example Apply IPS and traffic shaping inside
  VPN tunnels
• Delivering Secure Converged Networks
• For Distributed Multisite Organizations
• All-in-One Integrated Security Platform
• FW, IPS, VPN, Routing, Multicast, NAT, Web
  Filtering, Traffic Shaping, etc
• Device status/Health/TOS/DV updates capability at
  GA. Cannot configure the IPS policy from SMS.
  Future roadmap will have full SMS support

32
TippingPoint X505 Hardware

• Hardware
• Rack mountable form factor
• 4 x 10/100 Ethernet ports
• Inbuilt IPSec hardware acceleration (up to
  AES-256)
• On-box URL filtering
• Performance
• 50 Mbps IPS
• 50 Mbps IPSec VPN (3DES/AES-256)
• 100 Mbps Firewall Throughput
• Supports over 1,000 VPN tunnels
• 5000 Connections per second
• 128,000 Concurrent Sessions

33
TippingPoint Closes the Gap with Intrusion
Prevention
Protocol Anomaly
Signature
Vulnerability
Traffic Anomaly

• SANS
• CERT
• Vendor Advisories
• Bugtraq
• VulnWatch
• PacketStorm
• ZDI

Intrusion Prevention Systems
_at_RISK Weekly Report
Filtering Methods
34
TippingPoint X505 Firewall

• Stateful packet inspection
• Numerous built-in application layer gateways
  (SIP, H323, etc)
• Policy Classification
• Services (pre-defined, custom groups)
• Source / Destination Security Zone
• Source / Destination IP Address / Address group
• Schedule Time of day / day of week
• User Authentication forces user auth for access
  to policy
• Policy Actions
• Deny / Allow / Content Filter
• Traffic Shape

35
TippingPoint X505 VPN

• Low latency IPSec hardware crypto
• DES, 3DES, AES-128, AES-192 AES-256
• Keying Modes
• Manual, IKE shared secret, IKE X509 Cert
• Support for VPN Clients
• Native IPSec, PPTP, L2TP/IPSec (Microsoft
  standard)
• Advanced Features
• Ability to terminate tunnel into any security
  zone
• IP Multicast routing over IPSec (PIM-DM)
• IKE keep alive / NAT traversal
• DHCP over VPN

36
TippingPoint X505 Traffic Shaping
Internet
Guest Internet Only
Guest HTTP Traffic Low QoS
VPN
Corporate LAN Traffic Medium QoS
Employee Authenticated VPN Zone
IP Telephone Authenticated VPN Zone
VoIP Traffic High QoS
Internet

• Dynamic allocation of bandwidth to maximize
  resources
• By policy
• Both inbound outbound directions
• For any application
• Both inside outside of VPN tunnel
• Multiple policies create various zones

37
TippingPoint X505 Summary

• Hardware
• Rack mountable form factor
• 4 x 10/100 Ethernet ports
• 1 x dedicated 10/100 management port
• Inbuilt IPSec hardware acceleration (up to
  AES-256)
• Performance
• 50 Mbps IPS
• 50 Mbps IPSec VPN (3DES/AES-256)
• 100 Mbps Firewall Throughput
• Support over 1,000 VPN tunnels
• Supports 50 independent VLAN policies
• IPS
• Industry leading same DV as TippingPoint
  dedicated IPS systems
• Application, Infrastructure Performance,
  Spyware, Phishing, P2P ZDI protection
• Firewall
• Stateful packet inspection
• Object based policy engine
• NAT, PAT, virtual servers
• Inter-VLAN VPN firewall enforcement

• VPN
• DES, 3DES, AES-256
• Manual key, IKE PSK, X509 certificates
• Terminate onto any security zone
• Support PPTP, L2TP/IPSec IPSec VPN clients
• Web Content Filtering
• Manual allow / deny lists
• Keyword / regular expression
• Content Filter service (40 categories)
  supplied in conjunction with SurfControl Inc
• Traffic Shaping
• Stateful, policy based traffic shaping (zone,
  service, schedule, etc)
• Full policy control (application, service, zone,
  schedule, etc)
• Inbound / outbound rate limiting
• Inside / outside VPN tunnel
• Guaranteed, maximum, priority
• Routing
• Static, RIP v1/2
• IP multicast over VPN (PIM-DM IGMP)

38
Security SolutionsUnified Enterprise Management


Secure IX
Unbeatable Combination
39
Correct Solution ?
40
Risc Point
41
Security SolutionsTippingPoint The Company

• The Proven Leader in Intrusion Prevention
  (Nasdaq TPTI ? COMS)
• Launched industrys first intrusion prevention
  solution, January 2002
• Awarded major industry accolades for Intrusion
  Prevention
• TippingPoint becomes a division of 3Com
  Corporation, January 2005
• 125 employees based in Austin, Texas (growing
  daily!)
• Research Leaders of the Industry
• Digital Vaccine group monitors cyber threats
• Provide intelligence for SANS _at_Risk newsletter
• Founded VOIPSA
• Best-of-breed Technology and Execution
• Tens of millions of dollars invested in core
  technology RD
• Solutions are built first for network
  performance, then security capabilities
• Highly parallel, custom packet-processing ASIC
  technology
• 10,000 Parallel Filters
• Microsecond Latencies
• Patent-pending technologies (10) that deliver
  unmatched performance

42
?