network güvenliği ve atak Önleme Çözümleri akademik bilişim 2006 orhan ortaÇ...
Post on 18-Dec-2015
222 views
TRANSCRIPT
![Page 2: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/2.jpg)
2
Agenda
• History and Trend
• 3Com’s Security Strategy
• Security Solutions– 3Com Tippingpoint IPS (Intrusion Prevention System)– 3Com X505 Firewall
• Correct solution
![Page 3: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/3.jpg)
3Com Confidential 3
History And Trend
![Page 4: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/4.jpg)
4
History And Trend – [ Virus & Worm ]
• 1949 : First virus program idea
• 1984 : Called “Virus” – (Fred Cohen)
• 1986 : First PC virus [Brain]
• 1987 : Lehigh
• 1988 : Jerusalem . . .
• 1992 : Total of 1300 known virus. [18 New Virus /Month]
• 2001 : Nimda
• 2003 : Blaster
• 2004 : Sasser
![Page 5: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/5.jpg)
5
DesktopPCs
Switch
Router
Firewall
History And Trend - Historical Network Configuration
Trusted Zone
Financial
Engineering
Marketing
SalesCAD
Internet
![Page 6: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/6.jpg)
6
History And Trend - Historical Network Configuration
FTP-21
HTTP-80
Sub 7-6776
Quake-26000
SMTP-25
From: 66.121.11.7
To: 115.13.73.1
![Page 7: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/7.jpg)
7
History And Trend – [ What about atacks? ]
• Microsoft is the most popular O.S.
• Weak applications has vulnerabilities
• Protocol based vulnerabilities– TCP / IP– SMTP / FTP ...
• VoIP vulnerabilities
• Low level administration
~2500 known atack types !
![Page 8: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/8.jpg)
8
History And Trend –Today’s Firewall Configurations
HTTP-80
FTP-21
SMTP-25
BackOrifice-31337
![Page 9: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/9.jpg)
9
History And Trend - Summary
– Increasing rate of new vulnerabilities and decreasing time to patch– IT complexity hinders security practice implementation– Increasing number of attacks and attackers– Walk-in worms, e-mail attacks, spyware– More connected end points on the network– Increasing number of applications– VoIP Deployment– Lack of IT resources
Time, Business Growth
Security Demands
Business Security Capacity
SecurityGap
![Page 10: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/10.jpg)
3Com Confidential 10
Customer Requirements ?
![Page 11: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/11.jpg)
11
Customer Requirements
• High network performance and uptime
• High level information security
• Automated security control
• Centralized management
![Page 12: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/12.jpg)
3Com Confidential 12
What is the best strategy?
3Com’s Security Strategy
![Page 13: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/13.jpg)
13
3Com’s Security Strategy - What is the strategy ?
Secure Network• Overlaid or Embedded Security • Adaptive and Dynamic Protection• Automatic and Centrally Manageable
Converged Network• Multi-service Network• Synergy between infrastructure elements• Edge-to-Core Coverage
Customer Benefits• Business Continuity• Capital Efficiency and Cost Reduction• Corporate Control and Visibility
Security Converged
Networks
![Page 14: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/14.jpg)
14
3Com’s Security Strategy - The 3Com Offer
• Inline, wire-speed blocking of malicious traffic
• Integrated Firewall, IPS, VPN, URL Filtering
• 3Com TippingPoint IPS
• 3Com X505
![Page 15: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/15.jpg)
3Com Confidential 15
Security Solutions
Intrusion Prevention System 3Com Tippingpoint IPS
![Page 16: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/16.jpg)
16
Security SolutionsSecurity Appliance Evolution
1998 1999 2000 2001 2002 2003 2004 2005 2006
Firewalls increasing in importance to
large enterprise
Firewall appliances equal
53% of mkt
Security is a choke point
Performance concerns begin to shift FW market
towards appliances
FW and IPSec bundled
IDS appliances equal 24% of mkt
FW/VPN appliances equal
63% of mkt
Layer 7 inspection and SSL VPN
introduced
ASICs, acceleration and
HA become commonplace
VoIP, L7 and multi-service
platforms drive performance requirements
Security proliferates in
switches
IDS/IPS appliances equal
49% of mkt
CKPT, ISS, & SCUR introduce
appliances
SSL / IPSec / FW / IPS appliances
begin to proliferate
Standalone SSL integrates other security services
Source: Frost & Sullivan
![Page 17: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/17.jpg)
17
Traf
ficAno
mal
y
Security Solutions TippingPoint Closes the Gap with Intrusion Prevention
Proto
col
Anom
aly
Signa
ture
Vulne
rabi
lity
Ultra-High PerformanceCustom Hardware
5 Gbps Throughput Switch-Like Latency 250K Sessions/Second Total Flow Inspection 64K Rate Shaping Queues 10K Parallel Filters
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventio
nSystems
Filtering Methods
![Page 18: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/18.jpg)
18
Security Solutions Application Protection – Defends Clients and Servers
• Performs Total Inspection at Layers 2-7
• Protects Vulnerabilities
• Protects Perimeter and Internal Network
• Provides Day-Zero Attack Protection
• Eliminates Emergency Patching Triage
• Prevents Application and O/S Damage/Downtime
Protect: Microsoft Applications
& Operating Systems Oracle Applications Linux O/S VoIP
From: Worms/Walk-in Worms Viruses Trojans DDoS Attacks Internal Attacks Unauthorized Access
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventionSystems
![Page 19: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/19.jpg)
19
Security Solutions Infrastructure Protection – Defends Network Equipment
• Protects Network Equipment Vulnerabilities
• Protects Against Anomalous Traffic Behavior– Automatic Baselining– Rate Limit, Block, or Alert on Thresholds
• Supports Custom IP filters, ACLs
Protect: Routers (e.g. Cisco IOS)
Switches Firewalls (e.g. Netscreen OS,
CheckPoint FW1)
VoIP
From: Worms/ Walk-in Worms Viruses Trojans DDoS Attacks SYN Floods Traffic Anomalies
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventionSystems
![Page 20: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/20.jpg)
20
Protect: Bandwidth Server Capacity Mission-Critical Traffic
From: Peer-to-Peer Apps Unauthorized Instant
Messaging Unauthorized
Applications DDoS Attacks
Security Solutions Performance Protection – Defends Overall Network Performance
• Increases Network Performance Even When Not Under Attack
• Rate Limits Non-Mission Critical Applications– Eliminates Bandwidth Hijacking– Controls Rogue Applications– Eliminates Misuse and Abuse– Controls Peer-to-Peer Traffic
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventionSystems
![Page 21: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/21.jpg)
21
Security Solutions Quarantine Automatic Protection
TippingPoint IPS
Clients
Safe Zone
Access Switches
SMS
Quarantine Process1. Client Authenticates via SMS2. SMS acts as Radius proxy,
learns MAC/Switch/Port from Switch via RADA
RADIUS
Core
Breach to Containment in under 5 seconds
3. EVENT: Illegal Activity4. SMS resolves IP to MAC5. MAC Address is placed into a
blacklist and policy set6. SMS forces re-authentication
of compromised device7. Device is contained within the
set policy at the access switch ingress port1
2
6
5 4
3
7
![Page 22: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/22.jpg)
22
Security Solutions Security Management System
• Hardware is included with SMS purchase and software ispre-installed
• Installation Ease
• Scalable
• Enterprise-wide security policy management– Port-by-port policy– Device-by-device
policy
![Page 23: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/23.jpg)
23
Switch
Router
Firewall
Security Solutions IPS and Switching Infrastructure
Home Users Using WLAN/Broadband
Mobile Users
Connected to LAN
Mobile Devices
WAPFinancial
Engineering
Mkt
Mail SalesCAD
Supplier Connected
to Sales Server
TrustedZone
Internet
![Page 24: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/24.jpg)
24
Security Solutions TippingPoint Product Line
Security Management
System
50 Mbps1x10/100/1000
Segment
100 Mbps1x10/100/1000
Segment
200 Mbps2x10/100/1000
Segment
400 Mbps4x10/100/1
000Segment
1.2 Gbps4x10/100/1000
Segment
2.0 Gbps4x10/100/1000
Segment
5.0 Gbps4x10/100/1
000Segment
![Page 25: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/25.jpg)
25
Security Solutions Automatic Digital Vaccines
• SANS• CERT• Vendor Advisories• Bugtraq• VulnWatch• PacketStorm• Securiteam
Digital Vaccine Automatically Delivered to Customers
Vulnerability Analysis
Raw Intelligence Feeds
Vaccine Creation
Scalable distribution network using Akamai’s 9,700 servers
in 56 countries
@RISKWeekly Report
Filter Types• Signature • Vulnerability • Traffic and/or Statistical Anomaly
![Page 26: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/26.jpg)
26
Security Solutions Summary of Core IPS Features
Feature Benefit
Purpose-Built Custom ASIC Hardware Platform
Extensible Platform for Uncompromising Security and Networking
50Mb – 5Gb Performance Scalable Solutions for Perimeter and Internal Protection
Switch-Like Latency Inline Network Deployment Without Impacting Network Performance
Inline Attack Blocking Effective Proactive Attack Termination
Recommended Settings Automatic Security, both out of the box and ongoing
Rate Shaping Bandwidth Management and Network Performance Protection
Complete Filtering Methods
(signature, protocol anomaly, vulnerability, traffic anomaly)
Proactive Accurate and Comprehensive Attack Filtering
DDoS SYN Proxy and Connection Rate Limiters
Advanced Protection for Evolving DDoS Attacks
![Page 27: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/27.jpg)
27
Security Solutions Select TippingPoint Customers
![Page 28: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/28.jpg)
28
Security Solutions TippingPoint Awards
Frost and Sullivan 2005 Network Security Infrastructure Protection Entrepreneurial Company of the YearTippingPoint was named the 2005 Network Security Infrastructure Protection Entrepreneurial Company of the Year by Frost & Sullivan.
Information Security Magazine2004 Product of the YearTippingPoint was selected by Information Security Magazine as "2004 Product of the Year" for Intrusion Prevention Systems.
SC Magazine Best Buy of 2004TippingPoint's was selected by SC Magazine as a "Best Buy in 2004" for intrusion prevention
SC Global Awards 2005 – Principal AwardsTippingPoint was named the Best Security Solution in the 2005 SC Global Awards for the best overall solution for dealing with today’s threats to information security and the protection of corporate information assets.
IDG Network Awards 2004 WinnerTippingPoint is the winner of the "Network Protection Product of the Year" from IDG and TechWorld.com. The prestigious IDG awards recognize the very best in the industry and reward companies for innovative and effective use of networking technology.
SC Magazine Best BuyTippingPoint was selected by SC Magazine as a "Best Buy" in their group test of intrusion prevention products.
Common Criteria CertificationTippingPoint is the first Intrusion Prevention System (IPS) to obtain all four government-validated protection profiles: analyzer, sensor, scanner and system.
SANS "Trusted Tool"TippingPoint’s Intrusion Prevention System has been selected as a "Trusted Tool" by the SANS Institute, the world's premier security research and training organization.
NSS Gold AwardTippingPoint’s Intrusion Prevention System is the first and only product to win the coveted NSS Gold Award in the IPS space.
eWeek Excellence AwardTippingPoint's Intrusion Prevention Systems received the "Enterprise Resource Protection" eWeek Excellence Award announced in the April 5, 2004 issue of eWeek Magazine.
InfoWorld 100University of Dayton, a TippingPoint customer, was recognized as a technological leader and awarded with the 'InfoWorld 100' for its advancements made through implementing TippingPoint's Intrusion Prevention Systems.
eWeek Labs Analyst's Choice AwardTippingPoint's IPS ably handled both real and staged attacks on week Labs' test network, attached to the Internet for nearly a week.
The Tolly Group "Up To Spec"Performance and security benchmark. TippingPoint's IPS demonstrated 100% security accuracy at 2 Gbps.
CompTIA "Best New Product"TippingPoint's Intrusion Prevention Systems were named "Best New Product" in the hardware category at the Executive Breakaway 2003 Conference hosted by CompTIA in Halifax, Canada.
University Business Magazine "Show Stopper" AwardTippingPoint's Intrusion Prevention Systems were awarded the "Show-Stopper" at the 2003 Educause Conference in Anaheim, California.
![Page 29: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/29.jpg)
3Com Confidential 29
Security Solutions3Com X505 Firewall
![Page 30: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/30.jpg)
30
Provide Provide support for support for
next next generation IP generation IP conferencing conferencing applicationsapplications
Provide Provide support for support for
next next generation IP generation IP conferencing conferencing applicationsapplications
Multicast Multicast RoutingRouting
Multicast Multicast RoutingRoutingFirewallFirewallFirewallFirewallBandwidth Bandwidth
ManagementManagementBandwidth Bandwidth
ManagementManagement VPNVPNVPNVPN
QoS and QoS and bandwidth bandwidth
management management to improve to improve
network network performance performance and provide and provide policy based policy based
traffic shapingtraffic shaping
QoS and QoS and bandwidth bandwidth
management management to improve to improve
network network performance performance and provide and provide policy based policy based
traffic shapingtraffic shaping
Traditional Traditional firewall firewall
technology to technology to provide provide access access
control and control and policy policy
enforcementenforcement
Traditional Traditional firewall firewall
technology to technology to provide provide access access
control and control and policy policy
enforcementenforcement
IPSec VPN to IPSec VPN to transform the transform the Internet into a Internet into a
secure secure converged converged network for network for multi-site multi-site
connectivityconnectivity
IPSec VPN to IPSec VPN to transform the transform the Internet into a Internet into a
secure secure converged converged network for network for multi-site multi-site
connectivityconnectivity
Web Web FilteringFiltering
Web Web FilteringFiltering
To protect To protect against against
offensive web offensive web content and content and
enforce enforce acceptable acceptable
usage policiesusage policies
To protect To protect against against
offensive web offensive web content and content and
enforce enforce acceptable acceptable
usage policiesusage policies
Integrated Security Platform Built on IPS
IPSIPSIPSIPSIndustry leading TippingPoint IPS technology and Digital Vaccine protectionIndustry leading TippingPoint IPS technology and Digital Vaccine protectionIndustry leading TippingPoint IPS technology and Digital Vaccine protectionIndustry leading TippingPoint IPS technology and Digital Vaccine protection
IPS is the core function that creates value in, and serves as the foundation of, the X505. All other features are accessories to the IPS core.
![Page 31: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/31.jpg)
31
What is the TippingPoint X505
• Integrated Security Platform – GA 12/1/05– Combining Market Leading IPS with …
• Firewall, IPSec-VPN, Web content filtering, routing & policy based traffic shaping
– Same TippingPoint Digital Vaccine– Same Threat Suppression Engine– Enhanced Local Security Manager
• Extreme Flexibility– For example: Apply IPS and traffic shaping inside VPN tunnels
• Delivering Secure Converged Networks– For Distributed Multisite Organizations
• “All-in-One” Integrated Security Platform• FW, IPS, VPN, Routing, Multicast, NAT, Web Filtering, Traffic Shaping, etc
– Device status/Health/TOS/DV updates capability at GA. Cannot configure the IPS policy from SMS. Future roadmap will have full SMS support
![Page 32: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/32.jpg)
32
TippingPoint X505 Hardware
• Hardware– Rack mountable form factor– 4 x 10/100 Ethernet ports – Inbuilt IPSec hardware acceleration (up to AES-256)– On-box URL filtering
• Performance– 50+ Mbps IPS– 50+ Mbps IPSec VPN (3DES/AES-256)– 100+ Mbps Firewall Throughput– Supports over 1,000 VPN tunnels– 5000 Connections per second– 128,000 Concurrent Sessions
![Page 33: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/33.jpg)
33
Proto
col
Anom
aly
Signa
ture
Vulne
rabi
lity
Traf
ficAno
mal
y
TippingPoint Closes the Gap with Intrusion Prevention
Infrastructure Protection
Application Protection
Performance Protection
Filtering Methods
IntrusionPreventio
nSystems
Vulnerability Analysis
Raw Intelligence Feeds
Weekly Vaccine Distribution
@RISKWeekly Report
• SANS• CERT• Vendor Advisories• Bugtraq• VulnWatch• PacketStorm• ZDI
![Page 34: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/34.jpg)
34
TippingPoint X505 Firewall
• Stateful packet inspection– Numerous built-in application layer gateways (SIP, H323,
etc)
• Policy Classification– Services (pre-defined, custom & groups)– Source / Destination Security Zone– Source / Destination IP Address / Address group– Schedule – Time of day / day of week– User Authentication – forces user auth for access to policy
• Policy Actions– Deny / Allow / Content Filter– Traffic Shape
![Page 35: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/35.jpg)
35
TippingPoint X505 VPN
• Low latency IPSec hardware crypto– DES, 3DES, AES-128, AES-192 &
AES-256
• Keying Modes– Manual, IKE + shared secret, IKE +
X509 Cert
• Support for VPN Clients– Native IPSec, PPTP, L2TP/IPSec
(Microsoft standard)
• Advanced Features– Ability to terminate tunnel into any
security zone– IP Multicast routing over IPSec
(PIM-DM)– IKE keep alive / NAT traversal– DHCP over VPN
TippingPoint X505
Regional Office
Wide Area
TippingPoint X505
TippingPoint X505
Branch Offices
VPN
Mobile Workers
Zone 1DMZZone 2Wireless
![Page 36: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/36.jpg)
36
Internet
VPN
Dynamic allocation of bandwidth to maximize resources– By policy– Both inbound & outbound directions– For any application– Both inside & outside of VPN tunnel– Multiple policies create various zones
TippingPoint X505 Traffic Shaping
Internet
Corporate LAN Traffic – Medium QoS
IP TelephoneAuthenticated VPN Zone
GuestInternet Only
EmployeeAuthenticated VPN Zone
VoIP Traffic – High QoS
Guest HTTP Traffic – Low QoS
![Page 37: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/37.jpg)
37
• Hardware– Rack mountable form factor– 4 x 10/100 Ethernet ports– 1 x dedicated 10/100 management port– Inbuilt IPSec hardware acceleration (up to
AES-256)• Performance
– 50+ Mbps IPS– 50+ Mbps IPSec VPN (3DES/AES-256)– 100+ Mbps Firewall Throughput– Support over 1,000 VPN tunnels– Supports 50 independent VLAN policies
• IPS– Industry leading – same DV as TippingPoint
dedicated IPS systems– Application, Infrastructure & Performance,
Spyware, Phishing, P2P & ZDI protection• Firewall
– Stateful packet inspection– Object based policy engine– NAT, PAT, virtual servers– Inter-VLAN & VPN firewall enforcement
TippingPoint X505 Summary• VPN
– DES, 3DES, AES-256– Manual key, IKE PSK, X509 certificates– Terminate onto any security zone– Support PPTP, L2TP/IPSec & IPSec VPN clients
• Web Content Filtering– Manual allow / deny lists– Keyword / regular expression– Content Filter service (40+ categories) – supplied in conjunction
with SurfControl Inc• Traffic Shaping
– Stateful, policy based traffic shaping (zone, service, schedule, etc)– Full policy control (application, service, zone, schedule, etc)– Inbound / outbound rate limiting– Inside / outside VPN tunnel– Guaranteed, maximum, priority
• Routing– Static, RIP v1/2– IP multicast over VPN (PIM-DM & IGMP)
![Page 38: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/38.jpg)
38
Security SolutionsUnified Enterprise Management
WANTopology
Intuitive Device Management
WAN Usage / Profiling
Remote LAN Topology
Root cause analysisUnified fault management for LAN,
WAN, Voice & Security
Unified bulk software upgrade / configuration backup
VPN Topology & Monitoring
Remote LAN Monitoring
Secure IX
+
Unbeatable Combination
=
Network Configuration Snapshot & Rollback
![Page 39: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/39.jpg)
Correct Solution ?
3Com Confidential 39
![Page 40: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/40.jpg)
40
Risc Point
WAN
INTERNET
DMZ Network
Web Mail
User LAN
Server LAN
Risc Point
Risc Point
Risc Point
![Page 41: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/41.jpg)
41
Security SolutionsTippingPoint – The Company
• The Proven Leader in Intrusion Prevention (Nasdaq: TPTI COMS)– Launched industry’s first intrusion prevention solution, January 2002– Awarded major industry accolades for Intrusion Prevention– TippingPoint becomes a division of 3Com Corporation, January 2005
• 125 employees based in Austin, Texas (growing daily!)
• Research Leaders of the Industry– Digital Vaccine group monitors cyber threats– Provide intelligence for SANS @Risk newsletter– Founded VOIPSA
• Best-of-breed Technology and Execution– Tens of millions of dollars invested in core technology R&D– Solutions are built first for network performance, then security capabilities– Highly parallel, custom packet-processing ASIC technology
• 10,000 Parallel Filters• Microsecond Latencies
– Patent-pending technologies (10) that deliver unmatched performance
![Page 42: Network Güvenliği Ve Atak Önleme Çözümleri Akademik Bilişim 2006 Orhan ORTAÇ orhan_ortac@3com.com](https://reader035.vdocuments.pub/reader035/viewer/2022062407/56649d265503460f949fcbed/html5/thumbnails/42.jpg)
?
3Com Confidential 42