Integrated Threat Management Appliance 1
http://www.youtube.com/watch?v=F 7pYHN9iC9I 2
3
Denial of Service Attack (DoS) 4
THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry, Key-logger, Form-grabber, Spyware , RAM scraper Hacking Exploitation of backdoors, credentials theft and usage, SQL injection Misuse Abuse of System Access and privileges Social Email with Attachments, Instant Messaging, Phishing, Spam Error System Malfunctioning, Misconfiguration 5
Approach Screening of traffic at Perimeter Unified Solution Single console for management, updation and event logging /reporting Low latency Scalable Traffic Management 6
CORPORATE NKN PUB NETWORK ITM Appliance 7
Features Developed from open Source software Layer 2 to Layer 7 inspection Hardware design supports Deep packet Inspection Scalable Architecture Flexible Bandwidth management Secure VPN access Management console offers both local and remote administration 8
Components of ITMA • Firewall • Intrusion detection & Protection system • Gateway Antivirus • Gateway Antispam • Content Filtering 9
Stateful Packet Inspection Source Destination INSPECT 212.56.32.49 65.26.42.17 Stateful is limited Source Port Dest Port X inspection that can 80 Version | Service | Total Length Source Sequence Sequence ID | Flags | Fragment UDP Port only block on ports 2821 28474 TTL | Protocol | IP Checksum IP Option Syn state Source IP Address Destination No Data Inspection! none SYN UDP Port Destination IP Address IP Options Stateful Packet Inspection Firewall Traffic Path 10
Deep Packet Inspection Signature Database INSPECT INSPECT ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER Version | Service | Total Length 13FTP 50ICMP 115Instant Source Messenger 25IMAP 16INFO ID | Flags | Fragment UDP Port 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL TTL | Protocol | IP Checksum 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 Source IP Address 18RPC 124RSERVICES 13SCAN Destination 25SMTP 23SNMP 17TELNET UDP Port Destination IP Address 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT IP Options Deep Packet Inspection inspects all traffic moving through a Deep Stateful Packet Packet device Inspection Inspection Firewall Traffic Path 11
Deep Packet Inspection / Prevention Signature Database Comparing… ATTACK-RESPONSES 14BACKDOOR Version | Service | Total Length 58BAD-TRAFFIC 15DDOS 33DNS ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address 19DOS 18EXPLOIT >35FINGER Destination IP Address Version | Service | Total Length Version | Service | Total Length 13FTP 50ICMP 115Instant Version | Service | Total Length Messenger 25IMAP 16INFO Source Source ID | Flags | Fragment UDP TTL | Protocol | IP Checksum ID | Flags | Fragment ID | Flags | Fragment Source IP Address 7Miscellaneous44MS-SQL 24MS- UDP Port UDP Port Destination IP Address Length DATA SQL/SMB 19MULTIMEDIA 6MYSQL TTL | Protocol | IP Checksum TTL | Protocol | IP Checksum 2NETBIOS 25NNTP 2ORACLE Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Application Attack, 25P2P 51POLICY 21POP2 4POP3 Source IP Address Destination IP Address Destination Source IP Address Destination Source IP Address 18RPC 124RSERVICES 13SCAN UDP Worm or Trojan 25SMTP 23SNMP 17TELNET UDP Port UDP Port Checksum Destination IP Address Destination IP Address 14TFTP 9VIRUS 3WEB-ATTACKS Found ! 47WEB-CGI 312WEB-CLIENT IP Options IP Options Deep Packet Inspection with Intrusion Prevention can find and Stateful Deep block, application vulnerabilities, Packet Packet Inspection Inspection worms or Trojans. Firewall Traffic Path 12
Gateway Anti-Virus and Content Control Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER Version | Service | Total Length Version | Service | Total Length 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO Source Source ID | Flags | Fragment ID | Flags | Fragment 7Miscellaneous44MS-SQL 24MS- UDP Port UDP Port SQL/SMB 19MULTIMEDIA 6MYSQL Virus TTL | Protocol | IP Checksum TTL | Protocol | IP Checksum 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 File! Destination Destination Source IP Address Source IP Address 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET UDP Port UDP Port m m Destination IP Address Destination IP Address AuctionSite 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT IP Options IP Options Stateful Deep Gateway Content Packet Packet Anti-Virus Inspection Inspection Inspection Anti-Spyware Firewall Traffic Path 13
Security Must Be Updated Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS AV Database 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant IPS Database Messenger 25IMAP 16INFO Spy Database 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 Content 18RPC 124RSERVICES 13SCAN Filtering 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS Database 47WEB-CGI 312WEB-CLIENT Content Stateful Deep Gateway Content Anti-Virus Filtering Packet Packet Anti-Virus Inspection Service Inspection Inspection Anti-Spyware Firewall Traffic Path 14
Architecture • Rapid Increase in data traffic is addressed by implementing multiple cores • Load Spreading of the packets across pools of core for parallel processing • Share network I/O between cores • Inter-core communication • Increases the capability and performance ITMA Packet Processor- QoRIQ 15
Technical Specifications Function Generic Features offered Functionalities in ITMA 3000+ signatures A Viruses Detection & Worms Blocking Threat Vectors Detection & Spyware Blocking Detection & Phishing Blocking B Technologies Content Processor Content processor Modular / Scalable Modular / Scalable 1 Architecture Distributed Distributed architecture Architecture 16
Technical Specifications Contd. Function Generic Features offered Functionalities in ITMA Processors H/w based Accelerators Gigabit Ports 4 Console port RJ45 1 2 Platform USB Ports 2 Form factor Rack Mounted High Availability Serial & Parallel features Modes of operation 3 Operating System Embedded Linux Firewall Throughput (Gbps) 2.5 System 4 Performance New 5000 sessions/second 17
Technical Specifications Contd. Function Generic Features offered Functionalities in ITMA Concurrent System 100000 Performance sessions Antivirus Throughput 1.5 (Gbps) IPS Throughput 1.5 (Gbps) ITMA Throughput 1.5 (Gbps) Authenticated unlimited Users/Nodes 18
Threat Management with event logging features C OSI Layers 2 to 4 Access Control Criteria User identity, Source Identity IPS, Web filter, Application filter, ITM Policies Antivirus, Anti spam, Bandwidth Mgt, Default 1 Stateful Firewall Denial H.323 NAT Traversal, 802.1q VLAN Support, Other features DoS & DDoS attack prevention, MAC & IP- MAC filtering, PAT Virus, Worm, Trojan Detection & Removal Spyware, Malware, Antivirus / Anti 2 Phishing protection Spyware Automatic virus signature database update Scanning of HTTP, FTP, SMTP, POP3, IMAP, IM, VPN tunnels Block by file types 19
Technical Specifications Contd. Function Generic Features offered in Functionalities ITMA Real-time Blacklist (RBL), MIME header check Filter based on message header, size, sender, recipient Redirect spam mails to dedicated email address. Image-spam filtering 3 Anti Spam Zero hour virus Outbreak protection Subject line tagging IP address Black list/White list spam Notification through Digest IP Reputation-based spam filtering 20
Technical Specifications Contd. Function Generic Features offered in Functionalities ITMA Multiple IPS Policies user-based policy creation 4 Intrusion Prevention Protocol Anomaly Detection DDoS attack prevention Networking D Appl. & User Identity Bandwidth based Bandwidth Mgt. 1 Management Category-based Bandwidth restriction General E ICSA Firewall Checkmark UTM Level 5 Certification 1 Certifications VPNC - Basic and AES interoperability (Certification process progressively) 21
Institutes involved PSA Office PIU NKN ECIL, HYDERABAD : SETS, CHENNAI 22
THANK YOU 23
Recommend
More recommend