code : stm#530 samsung electronics co., ltd. officeserv7400 security introduction distribution...
TRANSCRIPT
Code : STM#530Code : STM#530
Samsung Electronics Co., Ltd.
OfficeServ7400 Security Introduction OfficeServ7400 Security Introduction
Distribution
EnglishED01
© Samsung Electronics Co., Ltd. 2
ObjectivesObjectives
After successful completion of the course the trainees should be able to execute the following activities.
© Samsung Electronics Co., Ltd. 5
OverviewOverview
IPSecSystem to system : Need GWIMS D-board
PPTP/L2TPSystem to Node or Server to Client (ex: PC)
Don’t need GWIMS D-board
본사
Internet
Private Line
Serial2Mbps
IPSec VPN TunnelingVPN Tunneling
Remote User
PP
TP, L
2TP
Serial2Mbps
Branch #1
Branch #2
Office
© Samsung Electronics Co., Ltd. 6
What’s VPN ?What’s VPN ?
Tunnel Mode (don’t support Transport mode)
Tunnel Protocol (IPSec, L2TP/PPTP)
Key Management : IKE, ISAKMAP, X.509, pre-shared
Authentication : MD5, SHA-1
Encryption : AES, 3DES
Transform Protocol : AH, ESP
Internet
Headquarters
MobileUser
BusinessPartner
Branch
Tunnel
VPN
VPN
VPN S/WRemoteaccess
Extranet
Intranet
VPN S/W
payload
VPN
payload
payload
payload
payload
payload
new header
encryption
payload
payload
payload
payload
payload
payload
© Samsung Electronics Co., Ltd. 8
IPSecIPSec
Transport Mode
Tunnel Mode
IP headerIP header ESP headerESP header IP payloadIP payload
Authenticated
ESP trailerESP trailer ESP authESP auth
Encrypted
IP headerIP header AHAH IP payloadIP payload
Authenticated except for mutable fields in ‘IP header’
New IP headerNew IP header AHAH IP headerIP header IP payloadIP payload
Authenticated except for mutable fields in ‘New IP header’
New IP headerNew IP headerESP headerESP header
Authenticated
Encrypted
IP headerIP header IP payloadIP payload ESP trailerESP trailer ESP authESP auth
© Samsung Electronics Co., Ltd. 9
IKEIKE
Phase 1Generate IKE key
Main mode, aggressive mode
AuthenticationPre-shared key Digital SignaturePublic key encryptionRevised public key encryption
Phase 2Generate IPSEC key
Quick mode
© Samsung Electronics Co., Ltd. 10
OfficeServ VPNOfficeServ VPN
2. Choose Phase 1 / Phase 2 parameters.1. Configuration
3. Check status
© Samsung Electronics Co., Ltd. 11
Specifications of the OfficeServSpecifications of the OfficeServ
OS 7200OS 7200 OS 7400OS 7400
TunnelsTunnels 100 Tunnels100 Tunnels 1024 Tunnels1024 Tunnels
ChipChip Hifn 7951Hifn 7951 CN 1120CN 1120
ProtocolProtocol IPSec, PPTP, L2TPIPSec, PPTP, L2TP
ISAKMPISAKMP
EncryptionEncryption
AuthenticationAuthentication
Phase 1(main), Phase 2(quick)Phase 1(main), Phase 2(quick)
3DES3DES
Phase 1(main, aggressive), Phase 2(quick)
Phase 1(main, aggressive), Phase 2(quick)
3DES, AES3DES, AES
RSA, Pre-shared key, X.509RSA, Pre-shared key, X.509
© Samsung Electronics Co., Ltd. 13
FunctionsFunctions
Real-time detection and response to network based attacks
backdoor, DoS, DDoS, anomalous network access, etc.
Using web managementSupport almost all kinds of protocol used in Internet Intrusion detection according to risk level
High, medium, low
Correspond to intrusion detectionLog auditIP blocking as linked with firewall
Report to admin using e-mail about detected attacks5 categories : Intrusion Type, Source IP, Destination IP, Port, Port scan
Rule update
© Samsung Electronics Co., Ltd. 14
Rule UpdateRule Update
Sourcefire VRT Certified RulesOfficial rules of snort.org (www.snort.org)
Three ways to obtain these rules:Subscribers (a charge)
– Online web subscriber– Receive real-time rules updates as they are available
Registered users (Free)
– Online web subscriber– Can access rule updates 5days after release to subscription u
sersUnregistered users (Free)
– Receive a static ruleset at the time of each major Snort Release
CANNOT use for GWIM (limited to commercial use!)
© Samsung Electronics Co., Ltd. 15
Rule UpdateRule Update
Open Community RulesetsSubmitted by members of the open source community
Release to users without basic testsnot to ensure that new rules will not break Snort
Distributed under the GPL
Freely available to all open source Snort users
© Samsung Electronics Co., Ltd. 16
Using SnortUsing Snort
Three main operational modesSniffer
Packet logger
Network Intrusion Detection System
(Forensic Data Analysis Mode)
© Samsung Electronics Co., Ltd. 17
Network EnvironmentNetwork Environment
WAN1 165.213.89.238
LAN10.0.0.1
ManagementPC
165.213.87.230
Internal Network
165.213.109.2 165.213.109.254
Untrusted NetworkMail Server
165.213.88.100Internet
• • • • •
165.213.146.134
Trusted Terminal
Important File Server
Send an attack packet pattern or packet pattern similar to attack
Send a packet pattern similar to attack