Advanced Network Protection with McAfee Next Generation Firewall
|
|
- Dina Bridges
- 8 years ago
- Views:
Transcription
1 Advanced Network Protection with McAfee Next Generation Firewall A SANS Product Review Written by Dave Shackleford June 2014 Sponsored by McAfee, part of Intel Security 2014 SANS Institute
2 Introduction Advanced Features: McAfee Next Generation Firewall In this review, McAfee Next Generation Firewall (McAfee NGFW) met the demands for next-generation firewall features, including: It was simple to add a new firewall node and remotely push policies to the devices. The integrated VPN features let us easily examine rules, such as a client-to-site VPN rule, test the connectivity and evaluate a site-to-site VPN connection. We evaluated these critical features for advanced, high-capacity firewalls by looking at McAfee NGFW s clustering configuration options. We tested the functionality of a firewall cluster and then built a simulated WAN connection with redundant ISP links to test a larger-scale deployment with multiple sites and distributed WAN connectivity; in both cases, failover happened seamlessly. Most importantly, when we evaluated the platform s Advanced Evasion Technique (AET) protection, it was able to stop sophisticated attacks even when we modified traffic and attack payloads to mimic their attempts to avoid detection. Attacks today incorporate increasingly sophisticated methods of social engineering and client-side software manipulation to exfiltrate data without detection. Some attackers leverage so-called spearphishing to entice employees to give up access information and spread their attacks to other enterprise systems; others use password crackers against compromised applications in order to gain further access rights to the network. The attackers might also set up channels for command and control communications with the compromised systems, as in the case of the Zeus or SpyEye bot infections. New types of network detection and prevention with the ability to inspect complex network traffic and correlate its results with additional information, such as user IDs and system names must replace traditional firewalls. Such technologies enable deeper investigation of network attacks and help analysts distinguish those from benign anomalies. These enhanced or next-generation firewalls may be able to completely replace other network protection systems such as IPS or traditional firewalls, although not in every case. The first major feature consideration for such systems is application inspection and identification. Conventional firewalls focus primarily on Layer 4 ports (e.g., ICMP, TCP and UDP), with some additional inspection of Layer 7 (applications), but next-generation firewalls go further, performing deeper analysis of traffic and looking for unusual protocol specifications and behavior. Another core feature for any next-generation firewall is the ability to track application traffic (particularly traffic identified as being potentially malicious or suspicious in nature) to specific users and systems within the environment. In order to do this, a next-generation firewall needs to integrate natively with user directory services such as Microsoft Active Directory or Lightweight Directory Access Protocol (LDAP). We had the opportunity to review McAfee Next Generation Firewall (McAfee NGFW) to see if it stands up to advanced threats and meets these requirements. We found McAfee NGFW s interface easy to access and use and its policies simple to create and push to devices. The VPN capabilities worked as advertised, and the ability to create simple rules that automatically create VPN tunnels can help organizations protect data in transit. Its availability and redundancy features were easy to configure and functioned properly, and McAfee NGFW caught the advanced evasion techniques we threw at it, demonstrating a sophisticated application and protocol assembly and interpretation engine that will certainly help organizations defend against advanced attacks in their networks. 1
3 Ease of Use and Policy Management The first use cases we evaluated with McAfee NGFW focused on basic functionality and operational simplicity. Adding New Firewalls to Manage To see how easy it was to use, we started with McAfee Security Management Center (SMC), which runs on Linux or Windows clients and provides a single pane of glass view that reduces the amount of resources needed to configure and manage firewalls. Once in the GUI, we simply right-clicked the firewall category, and added a single firewall object as shown in Figure 1. Figure 1. Adding a Firewall Object in Security Management Center A new window opened, in which we were able to enter information about the new device. As shown in Figure 2, we used SANS-Test as its host name. Figure 2. Initial Device Configuration Simplicity such as this provides real advantages to IT security teams who are strapped for resources and need a better way to add, change and configure firewalls from a central location. 2
4 Ease of Use and Policy Management (CONTINUED) Network Interface Configuration Adding network interface configuration details to our firewall object was also simple. We configured two interfaces (Interface 0 for unprotected WAN traffic and secure, in-band management traffic and Interface 1 for protected LAN traffic), as shown in Figure 3. McAfee s plug and play configuration option uses a secure cloud service to configure and set up the device without any hands-on interaction required. Figure 3. McAfee NGFW Network Interface Configuration We then configured the device s basic functions via its command line interface (CLI), which we accessed via Telnet. Other options involve a direct connection through the device s serial interface, booting from a USB drive or using an innovative plug and play option. The latter uses a secure cloud service operated by McAfee to download and install the device s initial configuration and enables secure communication between the McAfee NGFW and SMC. McAfee NGFW receives its final configuration and associated policies without any hands-on interaction required. This process can reduce setup time to a few minutes of a non-expert user s day. 3
5 Ease of Use and Policy Management (CONTINUED) A simple menu-driven CLI wizard enabled us to configure the local device settings and then link the device to the placeholder object in SMC. One of the CLI wizard screens, for a single-device firewall with the host name SANS-SingleNode, is shown in Figure 4. Figure 4. CLI Wizard for New Device Setup Once we had linked a device to the corresponding object in SMC, we did all further work through the GUI. Adding Firewall Policies Through SMC, security analysts can create and reuse firewall policy templates for efficiency and simplicity. After completing the wizard and adding the new firewall into SMC, we uploaded a policy to the new device to block users from going to specific websites. In this case, we configured the rule to drop all traffic destined for Amazon.com, Box.net and Facebook. McAfee had already created a default policy template for our testbed, called NGFW_SingleNode. We pushed that policy, shown in Figure 5 with the ID of 15.1, to the device. Figure 5. Initial Policy Blocking Specific Site Access 4
6 Ease of Use and Policy Management (CONTINUED) Once the rule was applied, we did a simple test to see if it was working. We logged in to a test client workstation via Remote Desktop Protocol (RDP) and used its web browser to access a number of sites such as Amazon, Google and MSN; the last two were allowed, but access to Amazon was blocked. We confirmed this in the real-time logs in SMC. Figure 6 illustrates that the Amazon service and all other sites appearing in the red rows are blocked traffic. Figure 6. Blocked Access to Amazon.com In the next use case, we wanted to explicitly block access to a certain internal subnet from user bsmith (predefined in Active Directory by McAfee during the testbed setup). Using the SMC policy editor shown in Figure 7, we easily added the rule to the policy. Figure 7. Adding a Policy Rule 5
7 Ease of Use and Policy Management (CONTINUED) The rule we created had the ID of 15.2 and blocked any HTTP traffic from user bsmith and with a destination of a specified network subnet. The final rule set is shown in Figure 8. Figure 8. New NGFW Policy Rule in Place Testing this use case was simple: We used RDP to log in to a test workstation as several different users. First, we logged in as user Lisa Dataleak (ldataleak) and successfully accessed a website at IP address We then logged out, logged back in as user bsmith and attempted to access the same IIS site; this failed. The log from SMC is shown in Figure 9. Figure 9. User bsmith Blocked 6
8 Ease of Use and Policy Management (CONTINUED) Investigating a New Firewall Event We found troubleshooting easy to accomplish with the help of SMC s view of log events, which enables drill down into events to obtain detailed information such as the rule triggering the event. To begin our investigation of the firewall event, we drilled into the details of the event, which provided a simple visual representation of what happened, along with all the different fields in the generated event (shown in Figure 10). Figure 10. Detailed Event View We found it simple to add the McAfee NGFW to SMC. Creating some basic rules was fast and easy, as well. The rules worked perfectly, blocking traffic based on user IDs, IP addresses and URLs. 7
9 VPN Policies and Access Management The next use cases we reviewed focused on VPN policies and access control. McAfee s VPN capabilities are part of McAfee NGFW s included feature set and include the ability to have an augmented VPN which combines multiple VPNs into one logical VPN with IPsec. Configuring the VPN is a simple process; one first creates a gateway in SMC, drags and drops remote sites (e.g., a branch office) to add to the configuration and, finally, deploys the updated configuration. In the first example, we established a client VPN connection to the firewall. We entered credentials into the VPN client for user bsmith. Figure 11 shows the status of the VPN authentication process. Figure 11. Starting the VPN Client Authentication Process 8
10 VPN Policies and Access Management (CONTINUED) Simultaneously, we monitored the McAfee NGFW logs in SMC to see the IPSec authentication process, shown in Figure 12 by the white rows of the table. Figure 12. VPN IPSec Authentication The policy rule in place for this use case explicitly forbids the use of RDP to a specific network zone by user bsmith while on a VPN connection, as shown in Figure 13. Figure 13. RDP Discard Rule We tested this rule by logging into a client workstation as user bsmith, and then attempting to RDP to The connection failed, as demonstrated in NGFW logs (see Figure 14). Figure 14. RDP Connection Discarded for bsmith We then disconnected the VPN client as bsmith, logged in again as user ldataleak and successfully initiated an RDP connection to For the second VPN scenario, we tested a site-to-site VPN connection with NGFW rules in place to allow file transfers with FTP. First, we logged in to a desktop system as the user bsmith, then used WinSCP to log in to the host using the FTP protocol. While the connection was occurring, we viewed the logs in SMC, as shown in Figure 15. Figure 15. FTP Events for bsmith 9
11 VPN Policies and Access Management (CONTINUED) We right-clicked on the events shown and selected View Rule; this displayed a rule enforcing a site-to-site VPN connection between the internal network and the branch range (defined elsewhere in SMC), as shown in Figure 16. Figure 16. Site-to-Site VPN Rule This rule allowed any services between the specified source and destination, as long as a site-to-site VPN was in place. More detail on the events generated with the FTP transfer are shown in Figure 17. Figure 17. Site-to-Site VPN Connection Event Details We found the process of setting up both client-to-site and site-to-site VPN connections to be quick and simple, while generating rules in the McAfee NGFW platform that leveraged VPN connectivity (or behaved in specific fashions depending on connection state) was also easy. Such rules are invaluable for organizations looking to ensure connection security before certain types of communication are allowed. 10
12 Availability and Redundancy Settings and Options The next category of configuration options we tested centered on availability. Given that the McAfee NGFW may replace existing firewall and network platforms, it must be highly available and operate seamlessly in a load-balanced and clustered configuration. The native clustering features of McAfee NGFW replace external load balancers, simplifying network design and making troubleshooting simpler than before. A McAfee NGFW cluster supports up to 16 physical devices and provides native, onthe-box load balancing of the network traffic. Another convenient feature of McAfee s clustering technology is its ability to support a mixed physical and code environment, which enables an organization to perform upgrades in either sphere without taking down the cluster. McAfee NGFW s native clustering features simplify network design and make troubleshooting simple. The first use case we walked through was adding a new node to an existing cluster, a straightforward process in SMC. First, we right-clicked on the icon for our firewall cluster (which McAfee had set up for our testing with two nodes) and selected Add Node; in the pop-up window, we noted the new node s One Time Generated Password, outlined in red in Figure 18. Figure 18. New Cluster Node with One-Time Password 11
13 Availability and Redundancy Settings and Options (CONTINUED) Then we used the CLI wizard to connect the new node to SMC; the step where we finalized the connection and entered the one-time password is shown in Figure 19. Figure 19. Finalizing Connectivity to SMC After refreshing the new node s policy in SMC, the third cluster node connected successfully, as denoted by its green icon in Figure 20. Figure 20. Completed Firewall Cluster 12
14 Availability and Redundancy Settings and Options (CONTINUED) To test the availability aspects of the cluster, we took one of the nodes offline (in this case, node 2) as a simulated node failure or maintenance outage. This process is shown in Figure 21. Figure 21. Taking a Cluster Node Offline Using the bsmith account, we browsed to several YouTube videos and started them from a workstation. The traffic continued in this configuration (nodes 1 and 3 online, and node 2 offline) without fail. We then took node 1 offline and the traffic continued through node 3 (the remaining node), as shown by the HTTP events in Figure 22. Figure 22. Cluster Node 3 Passing YouTube Traffic 13
15 Availability and Redundancy Settings and Options (CONTINUED) Our second use case for availability focused on McAfee NGFW s Multi-Link feature, which adds redundancy and provides quality of service (QoS) and bandwidth aggregation capabilities for more efficient traffic management. We created a simple Multi-Link using two ISP connections defined by McAfee in the test environment, as shown in Figure 23. Figure 23. New Multi-Link Connection We then added a network address translation (NAT) rule to our firewall cluster, directing it to use the Multi-Link, as shown in Figure 24. Figure 24. New Multi-Link NAT Rule 14
16 Availability and Redundancy Settings and Options (CONTINUED) Once the Multi-Link was established and online, we took one of its ISP connections down manually, as shown in Figure 25. Figure 25. Disabling One ISP Connection in a Multi-Link With the same bsmith account, we verified that YouTube videos continued playing seamlessly when the link was disabled, verifying the immediate failover condition, as we did earlier when we took two out of three firewall nodes offline. Redundancy and availability is a critical aspect to any firewall deployment, and ensuring uninterrupted connectivity for users and systems is paramount. McAfee NGFW makes the creation of redundant clusters and multi-links for ISP connectivity very easy and manageable. We also verified that all traffic flowed without interruption, even when cluster nodes and links were forced offline. 15
17 Packet Inspection and Reassembly with AET McAfee NGFW s AET (Advanced Evasion Technique) protection includes a number of built-in packet reassembly and inspection techniques that can detect and prevent attacks that disguise their traffic via multiple techniques such as these: 1 In addition, attackers can randomize the payload data with tools that leverage these extensions. The NGFW platform can easily reverse this process, taking advantage of the same tcp_paws libraries that attackers use. This technique bypasses the signature matching used by most IPS and firewall platforms, but McAfee NGFW can reconstruct unusual, nonstandard fragmented packets for analysis with the same ipv4_frag libraries that attackers use. This places the highest (most significant) byte of a packet first, instead of last (the normal order), confusing the firewall or IPS into thinking the packets are benign because they don t match any entries in the signature database for malicious programs. McAfee NGFW uses the Microsoft RPC big-endian libraries to analyze this type of traffic and foil this attack. For our test, we used the publicly available McAfee Evader attack simulator, which can generate well-known exploits (similar to those from Metasploit and other attack frameworks) to attack systems and test the efficacy of defense systems. 2 1 PAWS is described in IETF RFC 1323,
18 Packet Inspection and Reassembly with AET (CONTINUED) We tested a number of well-known attacks that modern defense systems should always catch, such as exploits attacking unpatched Windows systems missing the MS patch. The Evader system configuration is shown in Figure 26. Figure 26. Evader Target Configuration The tool was targeting a Windows XP SP2 desktop system in our test environment, one that we knew to be susceptible to all the attacks preloaded into Evader. All attacks were going through a single-device firewall; the Windows Calculator application would open upon successful exploit of the XP desktop s vulnerability. 17
19 Packet Inspection and Reassembly with AET (CONTINUED) For this test, we attempted three different exploits with IPv4 fragmentation, big-endian encoding, TCP timestamp and other evasions. When we ran these through the firewall cluster, McAfee NGFW decoded and normalized the traffic, performing a horizontal data stream analysis that examined all the protocol layers and detected all of the exploits hidden in the protocol layers; meanwhile, our target remained untouched. Logs of the attempts displayed in SMC are shown in Figure 27. Figure 27. Evasion Techniques Successfully Detected In this screenshot, all the red events are blocked attack traffic that correspond to the attacks we generated using the Evader tool. The green events are unrelated. McAfee NGFW handled all the protocol anomaly detection and packet inspection automatically in software so we did not need to spend any time configuring protocol handlers to see accurate detection and prevention actions successfully taken. 18
20 Conclusion After testing the various configuration options and features of McAfee Next Generation Firewall, we declared that the system works as advertised in all categories. Through McAfee Security Management Center, all functions were readily available and easy to find. We successfully added a new node to a firewall cluster, pushed a policy to the device and tested that the policy was functioning properly. Then, we created a new policy that restricted traffic from a specific user and tested this successfully as well. McAfee NGFW s VPN capabilities were simple to configure and evaluate. We created and tested client-based and site-to-site VPN policies. Both successfully enforced policies based on a variety of conditions over a VPN connection. Availability features such as clustering and multiple WAN links were easy to configure. When tested, both worked with various components disabled, and we never experienced a disruption in traffic passing through the devices. Finally, McAfee NGFW s advanced evasion detection capabilities worked as expected. We sent a number of well-known exploits through the firewall cluster, using several different protocol and application evasion tactics, and it caught all of them. In short, McAfee NGFW was simple to configure and offered powerful firewalling and threat detection capabilities, while providing highly available and redundant connectivity and sophisticated, policy-based connection security. 19
21 About the Author is the founder and principal consultant with Voodoo Security, a SANS analyst, instructor and course author, and a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vexpert and has extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft and CTO for the Center for Internet Security. Dave is the author of the Sybex book Virtualization Security. Recently, Dave coauthored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance. Sponsor SANS would like to thank this paper s sponsor: 20
McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.
Optimize your defense, resilience, and efficiency. Table of Contents Need Stronger Network Defense? Network Concerns Security Concerns Cost of Ownership Manageability Application and User Awareness High
More informationBlind as a Bat? Supporting Packet Decryption for Security Scanning
Sponsored by VSS Monitoring Blind as a Bat? Supporting Packet Decryption for Security Scanning November 2012 A SANS Whitepaper Written by: Dave Shackleford Options for SSL Inspection Page 2 Implementing
More informationMcAfee Next Generation Firewall
McAfee Next Generation Firewall Design and Implementation Guide Next Generation Network Design Guide McAfee Next Generation Firewall Design and Implementation Guide Page 1 Table of Contents INTRODUCTION
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationMcAfee Next Generation Firewall (NGFW) Administration Course
McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationSecurity Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2
Sponsored by McAfee Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2 May 2013 A SANS Whitepaper Written by Dave Shackleford The ESM Interface Page 2 Rapid Event
More informationResults of Testing: Juniper Branch SRX Firewalls
Executive Summary : Juniper Branch SRX Firewalls by Joel Snyder / Opus One prepared for Juniper Networks June 2012 Copyright 2012 : Juniper Branch SRX Firewalls Table of Contents Introduction....1 Firewall
More informationJuniper Networks Integrated Firewall and IPSec VPN Evaluators Guide
Juniper Networks Integrated Firewall and IPSec VPN Evaluators Guide How to configure and test firewall, VPN and Deep Inspection functionality Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationChapter 12 Supporting Network Address Translation (NAT)
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
More informationSoftware. Quidview 56 CAMS 57. XLog NTAS 58
Software Quidview 56 CAMS 57 XLog NTAS 58 55 Quidview Quidview Network Management System Quidview network management software is a suite of scalable tools for simplifying the network management and maintenance.
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationnappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.
nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances The information contained in this document represents the current view of Microsoft Corporation on the issues discussed
More informationSOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.
SOLUTION GUIDE Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management. North America Radware Inc. 575 Corporate Dr Suite 205 Mahwah, NJ 07430
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More informationScaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform
Sponsored by LogRhythm Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform September 2013 A SANS Analyst Program Review Written by
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationNovell Access Manager SSL Virtual Private Network
White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...
More informationInternet and Intranet Calling with Polycom PVX 8.0.1
Internet and Intranet Calling with Polycom PVX 8.0.1 An Application Note Polycom PVX is an advanced conferencing software application that delivers Polycom's premium quality audio, video, and content sharing
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationVPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide. http://www.peplink.com - 1 - Copyright 2015 Peplink
Peplink Balance http://www.peplink.com - 1 - Copyright 2015 Peplink Introduction Introduction Understanding Peplink VPN solutions Peplink's VPN is a complete, seamless system that tightly integrates your
More informationPowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
More informationTechNote. Configuring SonicOS for MS Windows Azure
Network Security SonicOS Contents Overview...1 Deployment Considerations...2 Supported Platforms...2 Configuring a Policy-Based VPN...2 Configuring a Route-Based VPN...17 Overview This TechNote details
More informationHow To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On
Transport and Security Specification 15 July 2015 Version: 5.9 Contents Overview 3 Standard network requirements 3 Source and Destination Ports 3 Configuring the Connection Wizard 4 Private Bloomberg Network
More informationBarracuda Link Balancer
Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationFirewall Feature Overview
Networking P A L O A LT O N E T W O R K S : F i r e w a l l F e a t u r e O v e r v i e w Firewall Feature Overview A next-generation firewall restores application visibility and control for today s enterprises
More informationESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows
ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows Products Details ESET Endpoint Security 6 protects company devices against most current threats. It proactively looks for suspicious activity
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationDirect or Transparent Proxy?
Direct or Transparent Proxy? Choose the right configuration for your gateway. Table of Contents Direct Proxy...3 Transparent Proxy...4 Other Considerations: Managing authentication made easier.....4 SSL
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationEXPLORER. TFT Filter CONFIGURATION
EXPLORER TFT Filter Configuration Page 1 of 9 EXPLORER TFT Filter CONFIGURATION Thrane & Thrane Author: HenrikMøller Rev. PA4 Page 1 6/15/2006 EXPLORER TFT Filter Configuration Page 2 of 9 1 Table of Content
More informationVantage Report. User s Guide. www.zyxel.com. Version 3.0 10/2006 Edition 1
Vantage Report User s Guide Version 3.0 10/2006 Edition 1 www.zyxel.com About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the Vantage
More informationInstalling and Using the vnios Trial
Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationForcepoint Stonesoft Management Center
Datasheet Forcepoint Stonesoft Management Center EFFICIENT, CENTRALIZED MANAGEMENT OF FORCEPOINT STONESOFT NEXT GENERATION FIREWALLS IN DISTRIBUTED ENTERPRISE ENVIRONMENTS FORCEPOINT STONESOFT MANAGEMENT
More informationAssuring Your Business Continuity
Assuring Your Business Continuity Q-Balancer Range Offering Business Continuity, Productivity, and Security Q-Balancer is designed to offer assured network connectivity to small and medium business (SME)
More informationImplementing Core Cisco ASA Security (SASAC)
1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.
More informationMcAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course
McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course The McAfee Firewall Enterprise System Administration course from McAfee University is a fast-paced,
More informationWhat s New in ISA Server 2004 ISA Server 2004 contains a fullfeatured,
Microsoft Internet Security and Acceleration (ISA) Server 2004 is the advanced application-layer inspection firewall, VPN, and Web cache solution that enables enterprise customers to maximize existing
More informationSecurity and the Mitel Networks Teleworker Solution (6010) Mitel Networks White Paper
Security and the Mitel Networks Teleworker Solution (6010) Mitel Networks White Paper Release 2 October 2003 Copyright Copyright 2003 Mitel Networks Corporation. This document is unpublished and the following
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationEasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks
EasyConnect Any application - Any device - Anywhere As cloud computing and mobile devices continue to reshape the way people work, workforces are becoming increasingly mobile. In order to remain competitive,
More informationHP ProLiant DL320 Firewall/VPN/Cache Server User Guide
HP ProLiant DL320 Firewall/VPN/Cache Server User Guide Running Microsoft Internet Security and Acceleration Server 2004 June 2005 (Third Edition) Part Number 341672-003 Copyright 2004, 2005 Hewlett-Packard
More informationRelease Version 4.1 The 2X Software Server Based Computing Guide
Release Version 4.1 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationBasic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation
Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationChapter 15: Advanced Networks
Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical
More informationM2M Series Routers. Port Forwarding / DMZ Setup
Introduction Port forwarding enables programs or devices running on your LAN to communicate with the internet as if they were directly connected. Many internet services and applications use designated
More informationSYMETRIX SOLUTIONS: TECH TIP August 2014
Controlling Symetrix SymNet, Jupiter and Integrator Series Products over the Internet Note: All the information below applies to the AirTools Voice Processor 2x and AirTools Multiband Processor 2m as well.
More informationSecurity Administration R77
Security Administration R77 Validate your skills on the GAiA operating system Check Point Security Administration R77 provides an understanding of the basic concepts and skills necessary to configure Check
More informationFirewalls, IDS and IPS
Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More informationMcAfee SMC Installation Guide 5.7. Security Management Center
McAfee SMC Installation Guide 5.7 Security Management Center Legal Information The use of the products described in these materials is subject to the then current end-user license agreement, which can
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationFirewalls und IPv6 worauf Sie achten müssen!
Firewalls und IPv6 worauf Sie achten müssen! Pascal Raemy CTO Asecus AG pascal.raemy@asecus.ch Asecus AG Asecus AG Security (Firewall, Web-Gateway, Mail-Gateway) Application Delivery (F5 Neworks with BIGIP)
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationContents. Platform Compatibility. SonicOS
SonicOS Contents Platform Compatibility... 1 Licensing... 2 Key Features... 2 Known Issues... 5 Resolved Issues... 7 Upgrading SonicOS Image Procedures... 8 Related Technical Documentation... 13 Platform
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationPrestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version 3.40 12/2004
Prestige 202H Plus ISDN Internet Access Router Quick Start Guide Version 3.40 12/2004 Table of Contents 1 Introducing the Prestige...3 2 Hardware Installation...4 2.1 Rear Panel...4 2.2 The Front Panel
More informationStep-by-Step Configuration
Step-by-Step Configuration Kerio Technologies Kerio Technologies. All Rights Reserved. Printing Date: August 15, 2007 This guide provides detailed description on configuration of the local network which
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationSTONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE
STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE V IRTUAL PRIVATE NETWORKS C ONTENTS Introduction to the Scenarios... 3 Scenario 1: Gateway-to-Gateway With Pre-Shared Secrets... 3 Configuring
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationTest Case 3 Active Directory Integration
April 12, 2010 Author: Audience: Joe Lowry and SWAT Team Evaluator Test Case 3 Active Directory Integration The following steps will guide you through the process of directory integration. The goal of
More informationRanch Networks for Hosted Data Centers
Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch
More informationReference to common tasks
APPENDIXA This section provides how-to information for common tasks that you need to know how to do before you can effectively work with the vcom Command Center. Creating and editing domains Working with
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationSSL VPN Technical Primer
4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses
More informationWhy Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs
Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and
More informationANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239
ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239 Check Point Firewall Software and Management Software I. Description of the Item Up gradation, installation and commissioning of Checkpoint security gateway
More informationConfiguring an IPsec VPN to provide ios devices with secure, remote access to the network
Configuring an IPsec VPN to provide ios devices with secure, remote access to the network This recipe uses the IPsec VPN Wizard to provide a group of remote ios users with secure, encrypted access to the
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationWhite Paper. McAfee Multi-Link. Always-on connectivity with significant savings
McAfee Multi-Link Always-on connectivity with significant savings Table of Contents Executive Summary...3 How McAfee Multi-Link Works...4 Outbound traffic...4 Load balancing...4 Standby links for high
More informationChapter 15. Firewalls, IDS and IPS
Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet
More informationCompliance and Security Challenges with Remote Administration
Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges
More informationNETASQ MIGRATING FROM V8 TO V9
UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationBarracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More information