View
223
Download
3
Embed Size (px)
Citation preview
2
Agenda
• History and Trend
• 3Com’s Security Strategy
• Security Solutions– 3Com Tippingpoint IPS (Intrusion Prevention System)– 3Com X505 Firewall
• Correct solution
3Com Confidential 3
History And Trend
4
History And Trend – [ Virus & Worm ]
• 1949 : First virus program idea
• 1984 : Called “Virus” – (Fred Cohen)
• 1986 : First PC virus [Brain]
• 1987 : Lehigh
• 1988 : Jerusalem . . .
• 1992 : Total of 1300 known virus. [18 New Virus /Month]
• 2001 : Nimda
• 2003 : Blaster
• 2004 : Sasser
5
DesktopPCs
Switch
Router
Firewall
History And Trend - Historical Network Configuration
Trusted Zone
Financial
Engineering
Marketing
SalesCAD
Internet
6
History And Trend - Historical Network Configuration
FTP-21
HTTP-80
Sub 7-6776
Quake-26000
SMTP-25
From: 66.121.11.7
To: 115.13.73.1
7
History And Trend – [ What about atacks? ]
• Microsoft is the most popular O.S.
• Weak applications has vulnerabilities
• Protocol based vulnerabilities– TCP / IP– SMTP / FTP ...
• VoIP vulnerabilities
• Low level administration
~2500 known atack types !
8
History And Trend –Today’s Firewall Configurations
HTTP-80
FTP-21
SMTP-25
BackOrifice-31337
9
History And Trend - Summary
– Increasing rate of new vulnerabilities and decreasing time to patch– IT complexity hinders security practice implementation– Increasing number of attacks and attackers– Walk-in worms, e-mail attacks, spyware– More connected end points on the network– Increasing number of applications– VoIP Deployment– Lack of IT resources
Time, Business Growth
Security Demands
Business Security Capacity
SecurityGap
3Com Confidential 10
Customer Requirements ?
11
Customer Requirements
• High network performance and uptime
• High level information security
• Automated security control
• Centralized management
3Com Confidential 12
What is the best strategy?
3Com’s Security Strategy
13
3Com’s Security Strategy - What is the strategy ?
Secure Network• Overlaid or Embedded Security • Adaptive and Dynamic Protection• Automatic and Centrally Manageable
Converged Network• Multi-service Network• Synergy between infrastructure elements• Edge-to-Core Coverage
Customer Benefits• Business Continuity• Capital Efficiency and Cost Reduction• Corporate Control and Visibility
Security Converged
Networks
14
3Com’s Security Strategy - The 3Com Offer
• Inline, wire-speed blocking of malicious traffic
• Integrated Firewall, IPS, VPN, URL Filtering
• 3Com TippingPoint IPS
• 3Com X505
3Com Confidential 15
Security Solutions
Intrusion Prevention System 3Com Tippingpoint IPS
16
Security SolutionsSecurity Appliance Evolution
1998 1999 2000 2001 2002 2003 2004 2005 2006
Firewalls increasing in importance to
large enterprise
Firewall appliances equal
53% of mkt
Security is a choke point
Performance concerns begin to shift FW market
towards appliances
FW and IPSec bundled
IDS appliances equal 24% of mkt
FW/VPN appliances equal
63% of mkt
Layer 7 inspection and SSL VPN
introduced
ASICs, acceleration and
HA become commonplace
VoIP, L7 and multi-service
platforms drive performance requirements
Security proliferates in
switches
IDS/IPS appliances equal
49% of mkt
CKPT, ISS, & SCUR introduce
appliances
SSL / IPSec / FW / IPS appliances
begin to proliferate
Standalone SSL integrates other security services
Source: Frost & Sullivan
17
Traf
ficAno
mal
y
Security Solutions TippingPoint Closes the Gap with Intrusion Prevention
Proto
col
Anom
aly
Signa
ture
Vulne
rabi
lity
Ultra-High PerformanceCustom Hardware
5 Gbps Throughput Switch-Like Latency 250K Sessions/Second Total Flow Inspection 64K Rate Shaping Queues 10K Parallel Filters
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventio
nSystems
Filtering Methods
18
Security Solutions Application Protection – Defends Clients and Servers
• Performs Total Inspection at Layers 2-7
• Protects Vulnerabilities
• Protects Perimeter and Internal Network
• Provides Day-Zero Attack Protection
• Eliminates Emergency Patching Triage
• Prevents Application and O/S Damage/Downtime
Protect: Microsoft Applications
& Operating Systems Oracle Applications Linux O/S VoIP
From: Worms/Walk-in Worms Viruses Trojans DDoS Attacks Internal Attacks Unauthorized Access
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventionSystems
19
Security Solutions Infrastructure Protection – Defends Network Equipment
• Protects Network Equipment Vulnerabilities
• Protects Against Anomalous Traffic Behavior– Automatic Baselining– Rate Limit, Block, or Alert on Thresholds
• Supports Custom IP filters, ACLs
Protect: Routers (e.g. Cisco IOS)
Switches Firewalls (e.g. Netscreen OS,
CheckPoint FW1)
VoIP
From: Worms/ Walk-in Worms Viruses Trojans DDoS Attacks SYN Floods Traffic Anomalies
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventionSystems
20
Protect: Bandwidth Server Capacity Mission-Critical Traffic
From: Peer-to-Peer Apps Unauthorized Instant
Messaging Unauthorized
Applications DDoS Attacks
Security Solutions Performance Protection – Defends Overall Network Performance
• Increases Network Performance Even When Not Under Attack
• Rate Limits Non-Mission Critical Applications– Eliminates Bandwidth Hijacking– Controls Rogue Applications– Eliminates Misuse and Abuse– Controls Peer-to-Peer Traffic
Infrastructure Protection
Application Protection
Performance Protection
IntrusionPreventionSystems
21
Security Solutions Quarantine Automatic Protection
TippingPoint IPS
Clients
Safe Zone
Access Switches
SMS
Quarantine Process1. Client Authenticates via SMS2. SMS acts as Radius proxy,
learns MAC/Switch/Port from Switch via RADA
RADIUS
Core
Breach to Containment in under 5 seconds
3. EVENT: Illegal Activity4. SMS resolves IP to MAC5. MAC Address is placed into a
blacklist and policy set6. SMS forces re-authentication
of compromised device7. Device is contained within the
set policy at the access switch ingress port1
2
6
5 4
3
7
22
Security Solutions Security Management System
• Hardware is included with SMS purchase and software ispre-installed
• Installation Ease
• Scalable
• Enterprise-wide security policy management– Port-by-port policy– Device-by-device
policy
23
Switch
Router
Firewall
Security Solutions IPS and Switching Infrastructure
Home Users Using WLAN/Broadband
Mobile Users
Connected to LAN
Mobile Devices
WAPFinancial
Engineering
Mkt
Mail SalesCAD
Supplier Connected
to Sales Server
TrustedZone
Internet
24
Security Solutions TippingPoint Product Line
Security Management
System
50 Mbps1x10/100/1000
Segment
100 Mbps1x10/100/1000
Segment
200 Mbps2x10/100/1000
Segment
400 Mbps4x10/100/1
000Segment
1.2 Gbps4x10/100/1000
Segment
2.0 Gbps4x10/100/1000
Segment
5.0 Gbps4x10/100/1
000Segment
25
Security Solutions Automatic Digital Vaccines
• SANS• CERT• Vendor Advisories• Bugtraq• VulnWatch• PacketStorm• Securiteam
Digital Vaccine Automatically Delivered to Customers
Vulnerability Analysis
Raw Intelligence Feeds
Vaccine Creation
Scalable distribution network using Akamai’s 9,700 servers
in 56 countries
@RISKWeekly Report
Filter Types• Signature • Vulnerability • Traffic and/or Statistical Anomaly
26
Security Solutions Summary of Core IPS Features
Feature Benefit
Purpose-Built Custom ASIC Hardware Platform
Extensible Platform for Uncompromising Security and Networking
50Mb – 5Gb Performance Scalable Solutions for Perimeter and Internal Protection
Switch-Like Latency Inline Network Deployment Without Impacting Network Performance
Inline Attack Blocking Effective Proactive Attack Termination
Recommended Settings Automatic Security, both out of the box and ongoing
Rate Shaping Bandwidth Management and Network Performance Protection
Complete Filtering Methods
(signature, protocol anomaly, vulnerability, traffic anomaly)
Proactive Accurate and Comprehensive Attack Filtering
DDoS SYN Proxy and Connection Rate Limiters
Advanced Protection for Evolving DDoS Attacks
27
Security Solutions Select TippingPoint Customers
28
Security Solutions TippingPoint Awards
Frost and Sullivan 2005 Network Security Infrastructure Protection Entrepreneurial Company of the YearTippingPoint was named the 2005 Network Security Infrastructure Protection Entrepreneurial Company of the Year by Frost & Sullivan.
Information Security Magazine2004 Product of the YearTippingPoint was selected by Information Security Magazine as "2004 Product of the Year" for Intrusion Prevention Systems.
SC Magazine Best Buy of 2004TippingPoint's was selected by SC Magazine as a "Best Buy in 2004" for intrusion prevention
SC Global Awards 2005 – Principal AwardsTippingPoint was named the Best Security Solution in the 2005 SC Global Awards for the best overall solution for dealing with today’s threats to information security and the protection of corporate information assets.
IDG Network Awards 2004 WinnerTippingPoint is the winner of the "Network Protection Product of the Year" from IDG and TechWorld.com. The prestigious IDG awards recognize the very best in the industry and reward companies for innovative and effective use of networking technology.
SC Magazine Best BuyTippingPoint was selected by SC Magazine as a "Best Buy" in their group test of intrusion prevention products.
Common Criteria CertificationTippingPoint is the first Intrusion Prevention System (IPS) to obtain all four government-validated protection profiles: analyzer, sensor, scanner and system.
SANS "Trusted Tool"TippingPoint’s Intrusion Prevention System has been selected as a "Trusted Tool" by the SANS Institute, the world's premier security research and training organization.
NSS Gold AwardTippingPoint’s Intrusion Prevention System is the first and only product to win the coveted NSS Gold Award in the IPS space.
eWeek Excellence AwardTippingPoint's Intrusion Prevention Systems received the "Enterprise Resource Protection" eWeek Excellence Award announced in the April 5, 2004 issue of eWeek Magazine.
InfoWorld 100University of Dayton, a TippingPoint customer, was recognized as a technological leader and awarded with the 'InfoWorld 100' for its advancements made through implementing TippingPoint's Intrusion Prevention Systems.
eWeek Labs Analyst's Choice AwardTippingPoint's IPS ably handled both real and staged attacks on week Labs' test network, attached to the Internet for nearly a week.
The Tolly Group "Up To Spec"Performance and security benchmark. TippingPoint's IPS demonstrated 100% security accuracy at 2 Gbps.
CompTIA "Best New Product"TippingPoint's Intrusion Prevention Systems were named "Best New Product" in the hardware category at the Executive Breakaway 2003 Conference hosted by CompTIA in Halifax, Canada.
University Business Magazine "Show Stopper" AwardTippingPoint's Intrusion Prevention Systems were awarded the "Show-Stopper" at the 2003 Educause Conference in Anaheim, California.
3Com Confidential 29
Security Solutions3Com X505 Firewall
30
Provide Provide support for support for
next next generation IP generation IP conferencing conferencing applicationsapplications
Provide Provide support for support for
next next generation IP generation IP conferencing conferencing applicationsapplications
Multicast Multicast RoutingRouting
Multicast Multicast RoutingRoutingFirewallFirewallFirewallFirewallBandwidth Bandwidth
ManagementManagementBandwidth Bandwidth
ManagementManagement VPNVPNVPNVPN
QoS and QoS and bandwidth bandwidth
management management to improve to improve
network network performance performance and provide and provide policy based policy based
traffic shapingtraffic shaping
QoS and QoS and bandwidth bandwidth
management management to improve to improve
network network performance performance and provide and provide policy based policy based
traffic shapingtraffic shaping
Traditional Traditional firewall firewall
technology to technology to provide provide access access
control and control and policy policy
enforcementenforcement
Traditional Traditional firewall firewall
technology to technology to provide provide access access
control and control and policy policy
enforcementenforcement
IPSec VPN to IPSec VPN to transform the transform the Internet into a Internet into a
secure secure converged converged network for network for multi-site multi-site
connectivityconnectivity
IPSec VPN to IPSec VPN to transform the transform the Internet into a Internet into a
secure secure converged converged network for network for multi-site multi-site
connectivityconnectivity
Web Web FilteringFiltering
Web Web FilteringFiltering
To protect To protect against against
offensive web offensive web content and content and
enforce enforce acceptable acceptable
usage policiesusage policies
To protect To protect against against
offensive web offensive web content and content and
enforce enforce acceptable acceptable
usage policiesusage policies
Integrated Security Platform Built on IPS
IPSIPSIPSIPSIndustry leading TippingPoint IPS technology and Digital Vaccine protectionIndustry leading TippingPoint IPS technology and Digital Vaccine protectionIndustry leading TippingPoint IPS technology and Digital Vaccine protectionIndustry leading TippingPoint IPS technology and Digital Vaccine protection
IPS is the core function that creates value in, and serves as the foundation of, the X505. All other features are accessories to the IPS core.
31
What is the TippingPoint X505
• Integrated Security Platform – GA 12/1/05– Combining Market Leading IPS with …
• Firewall, IPSec-VPN, Web content filtering, routing & policy based traffic shaping
– Same TippingPoint Digital Vaccine– Same Threat Suppression Engine– Enhanced Local Security Manager
• Extreme Flexibility– For example: Apply IPS and traffic shaping inside VPN tunnels
• Delivering Secure Converged Networks– For Distributed Multisite Organizations
• “All-in-One” Integrated Security Platform• FW, IPS, VPN, Routing, Multicast, NAT, Web Filtering, Traffic Shaping, etc
– Device status/Health/TOS/DV updates capability at GA. Cannot configure the IPS policy from SMS. Future roadmap will have full SMS support
32
TippingPoint X505 Hardware
• Hardware– Rack mountable form factor– 4 x 10/100 Ethernet ports – Inbuilt IPSec hardware acceleration (up to AES-256)– On-box URL filtering
• Performance– 50+ Mbps IPS– 50+ Mbps IPSec VPN (3DES/AES-256)– 100+ Mbps Firewall Throughput– Supports over 1,000 VPN tunnels– 5000 Connections per second– 128,000 Concurrent Sessions
33
Proto
col
Anom
aly
Signa
ture
Vulne
rabi
lity
Traf
ficAno
mal
y
TippingPoint Closes the Gap with Intrusion Prevention
Infrastructure Protection
Application Protection
Performance Protection
Filtering Methods
IntrusionPreventio
nSystems
Vulnerability Analysis
Raw Intelligence Feeds
Weekly Vaccine Distribution
@RISKWeekly Report
• SANS• CERT• Vendor Advisories• Bugtraq• VulnWatch• PacketStorm• ZDI
34
TippingPoint X505 Firewall
• Stateful packet inspection– Numerous built-in application layer gateways (SIP, H323,
etc)
• Policy Classification– Services (pre-defined, custom & groups)– Source / Destination Security Zone– Source / Destination IP Address / Address group– Schedule – Time of day / day of week– User Authentication – forces user auth for access to policy
• Policy Actions– Deny / Allow / Content Filter– Traffic Shape
35
TippingPoint X505 VPN
• Low latency IPSec hardware crypto– DES, 3DES, AES-128, AES-192 &
AES-256
• Keying Modes– Manual, IKE + shared secret, IKE +
X509 Cert
• Support for VPN Clients– Native IPSec, PPTP, L2TP/IPSec
(Microsoft standard)
• Advanced Features– Ability to terminate tunnel into any
security zone– IP Multicast routing over IPSec
(PIM-DM)– IKE keep alive / NAT traversal– DHCP over VPN
TippingPoint X505
Regional Office
Wide Area
TippingPoint X505
TippingPoint X505
Branch Offices
VPN
Mobile Workers
Zone 1DMZZone 2Wireless
36
Internet
VPN
Dynamic allocation of bandwidth to maximize resources– By policy– Both inbound & outbound directions– For any application– Both inside & outside of VPN tunnel– Multiple policies create various zones
TippingPoint X505 Traffic Shaping
Internet
Corporate LAN Traffic – Medium QoS
IP TelephoneAuthenticated VPN Zone
GuestInternet Only
EmployeeAuthenticated VPN Zone
VoIP Traffic – High QoS
Guest HTTP Traffic – Low QoS
37
• Hardware– Rack mountable form factor– 4 x 10/100 Ethernet ports– 1 x dedicated 10/100 management port– Inbuilt IPSec hardware acceleration (up to
AES-256)• Performance
– 50+ Mbps IPS– 50+ Mbps IPSec VPN (3DES/AES-256)– 100+ Mbps Firewall Throughput– Support over 1,000 VPN tunnels– Supports 50 independent VLAN policies
• IPS– Industry leading – same DV as TippingPoint
dedicated IPS systems– Application, Infrastructure & Performance,
Spyware, Phishing, P2P & ZDI protection• Firewall
– Stateful packet inspection– Object based policy engine– NAT, PAT, virtual servers– Inter-VLAN & VPN firewall enforcement
TippingPoint X505 Summary• VPN
– DES, 3DES, AES-256– Manual key, IKE PSK, X509 certificates– Terminate onto any security zone– Support PPTP, L2TP/IPSec & IPSec VPN clients
• Web Content Filtering– Manual allow / deny lists– Keyword / regular expression– Content Filter service (40+ categories) – supplied in conjunction
with SurfControl Inc• Traffic Shaping
– Stateful, policy based traffic shaping (zone, service, schedule, etc)– Full policy control (application, service, zone, schedule, etc)– Inbound / outbound rate limiting– Inside / outside VPN tunnel– Guaranteed, maximum, priority
• Routing– Static, RIP v1/2– IP multicast over VPN (PIM-DM & IGMP)
38
Security SolutionsUnified Enterprise Management
WANTopology
Intuitive Device Management
WAN Usage / Profiling
Remote LAN Topology
Root cause analysisUnified fault management for LAN,
WAN, Voice & Security
Unified bulk software upgrade / configuration backup
VPN Topology & Monitoring
Remote LAN Monitoring
Secure IX
+
Unbeatable Combination
=
Network Configuration Snapshot & Rollback
Correct Solution ?
3Com Confidential 39
40
Risc Point
WAN
INTERNET
DMZ Network
Web Mail
User LAN
Server LAN
Risc Point
Risc Point
Risc Point
41
Security SolutionsTippingPoint – The Company
• The Proven Leader in Intrusion Prevention (Nasdaq: TPTI COMS)– Launched industry’s first intrusion prevention solution, January 2002– Awarded major industry accolades for Intrusion Prevention– TippingPoint becomes a division of 3Com Corporation, January 2005
• 125 employees based in Austin, Texas (growing daily!)
• Research Leaders of the Industry– Digital Vaccine group monitors cyber threats– Provide intelligence for SANS @Risk newsletter– Founded VOIPSA
• Best-of-breed Technology and Execution– Tens of millions of dollars invested in core technology R&D– Solutions are built first for network performance, then security capabilities– Highly parallel, custom packet-processing ASIC technology
• 10,000 Parallel Filters• Microsecond Latencies
– Patent-pending technologies (10) that deliver unmatched performance
?
3Com Confidential 42