Code : STM#530Code : STM#530

Samsung Electronics Co., Ltd.

OfficeServ7400 Security Introduction OfficeServ7400 Security Introduction

Distribution

EnglishED01

© Samsung Electronics Co., Ltd. 2

ObjectivesObjectives

After successful completion of the course the trainees should be able to execute the following activities.

© Samsung Electronics Co., Ltd. 3

ContentsContents

VPNVPN

IDSIDS

© Samsung Electronics Co., Ltd. 4

VPNVPN

© Samsung Electronics Co., Ltd. 5

OverviewOverview

IPSecSystem to system : Need GWIMS D-board

PPTP/L2TPSystem to Node or Server to Client (ex: PC)

Don’t need GWIMS D-board

본사

Internet

Private Line

Serial2Mbps

IPSec VPN TunnelingVPN Tunneling

Remote User

PP

TP, L

2TP

Serial2Mbps

Branch #1

Branch #2

Office

© Samsung Electronics Co., Ltd. 6

What’s VPN ?What’s VPN ?

Tunnel Mode (don’t support Transport mode)

Tunnel Protocol (IPSec, L2TP/PPTP)

Key Management : IKE, ISAKMAP, X.509, pre-shared

Authentication : MD5, SHA-1

Encryption : AES, 3DES

Transform Protocol : AH, ESP

Internet

Headquarters

MobileUser

BusinessPartner

Branch

Tunnel

VPN

VPN

VPN S/WRemoteaccess

Extranet

Intranet

VPN S/W

payload

VPN

payload

payload

payload

payload

payload

new header

encryption

payload

payload

payload

payload

payload

payload

© Samsung Electronics Co., Ltd. 7

comparisoncomparison

© Samsung Electronics Co., Ltd. 8

IPSecIPSec

Transport Mode

Tunnel Mode

IP headerIP header ESP headerESP header IP payloadIP payload

Authenticated

ESP trailerESP trailer ESP authESP auth

Encrypted

IP headerIP header AHAH IP payloadIP payload

Authenticated except for mutable fields in ‘IP header’

New IP headerNew IP header AHAH IP headerIP header IP payloadIP payload

Authenticated except for mutable fields in ‘New IP header’

New IP headerNew IP headerESP headerESP header

Authenticated

Encrypted

IP headerIP header IP payloadIP payload ESP trailerESP trailer ESP authESP auth

© Samsung Electronics Co., Ltd. 9

IKEIKE

Phase 1Generate IKE key

Main mode, aggressive mode

AuthenticationPre-shared key Digital SignaturePublic key encryptionRevised public key encryption

Phase 2Generate IPSEC key

Quick mode

© Samsung Electronics Co., Ltd. 10

OfficeServ VPNOfficeServ VPN

2. Choose Phase 1 / Phase 2 parameters.1. Configuration

3. Check status

© Samsung Electronics Co., Ltd. 11

Specifications of the OfficeServSpecifications of the OfficeServ

OS 7200OS 7200 OS 7400OS 7400

TunnelsTunnels 100 Tunnels100 Tunnels 1024 Tunnels1024 Tunnels

ChipChip Hifn 7951Hifn 7951 CN 1120CN 1120

ProtocolProtocol IPSec, PPTP, L2TPIPSec, PPTP, L2TP

ISAKMPISAKMP

EncryptionEncryption

AuthenticationAuthentication

Phase 1(main), Phase 2(quick)Phase 1(main), Phase 2(quick)

3DES3DES

Phase 1(main, aggressive), Phase 2(quick)

Phase 1(main, aggressive), Phase 2(quick)

3DES, AES3DES, AES

RSA, Pre-shared key, X.509RSA, Pre-shared key, X.509

© Samsung Electronics Co., Ltd. 12

IDSIDS

© Samsung Electronics Co., Ltd. 13

FunctionsFunctions

Real-time detection and response to network based attacks

backdoor, DoS, DDoS, anomalous network access, etc.

Using web managementSupport almost all kinds of protocol used in Internet Intrusion detection according to risk level

High, medium, low

Correspond to intrusion detectionLog auditIP blocking as linked with firewall

Report to admin using e-mail about detected attacks5 categories : Intrusion Type, Source IP, Destination IP, Port, Port scan

Rule update

© Samsung Electronics Co., Ltd. 14

Rule UpdateRule Update

Sourcefire VRT Certified RulesOfficial rules of snort.org (www.snort.org)

Three ways to obtain these rules:Subscribers (a charge)

– Online web subscriber– Receive real-time rules updates as they are available

Registered users (Free)

– Online web subscriber– Can access rule updates 5days after release to subscription u

sersUnregistered users (Free)

– Receive a static ruleset at the time of each major Snort Release

CANNOT use for GWIM (limited to commercial use!)

© Samsung Electronics Co., Ltd. 15

Rule UpdateRule Update

Open Community RulesetsSubmitted by members of the open source community

Release to users without basic testsnot to ensure that new rules will not break Snort

Distributed under the GPL

Freely available to all open source Snort users

© Samsung Electronics Co., Ltd. 16

Using SnortUsing Snort

Three main operational modesSniffer

Packet logger

Network Intrusion Detection System

(Forensic Data Analysis Mode)

© Samsung Electronics Co., Ltd. 17

Network EnvironmentNetwork Environment

WAN1 165.213.89.238

LAN10.0.0.1

ManagementPC

165.213.87.230

Internal Network

165.213.109.2 165.213.109.254

Untrusted NetworkMail Server

165.213.88.100Internet

• • • • •

165.213.146.134

Trusted Terminal

Important File Server

Send an attack packet pattern or packet pattern similar to attack

Send a packet pattern similar to attack

Samsung Electronics Co., Ltd.