Axent Technologies, Ltd The Leader in Integrated Firewall and VPN Solutions Raptor Firewall Products
Security Cannot Be Ignored >100M Users on WWW E Commerce Shift Billions Lost to Cyberthieves 150,000 Crooks on Net National Security Threats
Products Virtual Private Networks Encryption of Internet Packets between two systems/sites Huge costs savings and convienence Firewalls Perimeter security of internal network from the Internet Control over all connections going in and out
VPN Why Do It? Dedicated T-1 between offices $10k - $100k per month Economics Convenience Internet $2-4k/month Thousands of Modems $100s/month/person $15/month/person
VPN VPN Cost Justification Shave over 75% off your remote access costs 100 Users Dial in for 30 minutes per day VPN in for unlimited time per day Annual Cost: Dial in: $180,000 (does not include equipment cost) VPN: $42,000 (includes server, license, client and token software cost) $180.000 $160.000 $140.000 $120.000 $100.000 $80.000 $60.000 $40.000 $20.000 $0 1 year cost Dial In VPN
Mobile User to Office VPN Internet Hotel Small Office Home
Office to Office VPN Internet Branch Office Supplier/Partner
How It Works Packet Transforms 10.1.1.1 Hello, Bob Internet 128.1.1.1 204.1.1.1 172.168.1.1 Original Packet Hello, Bob To: 172.168.1.1 From: 10.1.11.1 Authentication 128-Bit Checksum To: 10.1.1.1 From: 172.168.1.1 MD-5 Checksum Hello, Bob Checksum: 54321 Encryption DES or 3-DES Hello, Bob To: 10.1.1.1 From: 172.168.1.1 MD-5 Checksum Encryption Header Key: 10101 New IP Header (Encapsulation) @#$%)*@#$%)*%^%&^_(#@( Encryption Header To: 204.1.1.1 From: 128.1.1.1
How It Works Packet Transforms 10.1.1.1 Internet 128.1.1.1 204.1.1.1 Hello, Bob 172.168.1.1 Checksum: 54321 Hello, Bob Hello, Bob To: 10.1.1.1 From: 172.168.1.1 To: 10.1.1.1 From: 172.168.1.1 MD-5 Checksum Original Packet Re-Checksum Key: 1010101 @#$%)*@#$%)*%^%&^_(#@( Encryption Header Decrypt @#$%)*@#$%)*%^%&^_(#@( Encryption Header To: 204.1.1.1 From: 128.1.1.1 Decapsulate
Products Virtual Private Networks Encryption of Internet Packets between two systems/sites Huge costs savings and convienence Firewalls Perimeter security of internal network from the Internet Control over all connections going in and out
Architecture Firewalls Router Internet Firewall Gateway Computer DMZ Web Server TCP/IP Subnet Firewall System
Architecture Firewall Types Stateful Packet Filter Application Level Firewall Per Packet Processing - CPU Intensive No Protection Against Application Level Attacks VERY Hard to Manage - Security holes appear due to mis-management Always routing packets - prone to fail- open Per Session Processing Protection against application level attacks EASY to manage Never routes packets - prone to fail-safe
Architecture Firewall Internals Host OUT Email Separation and Examination Raptor Host IN Mail Server TCP IP Network Interface Hardware 204.3.2.1 SMTP gwcontrol TCP IP Network Interface Hardware 10.1.1.1 TCP IP Network Interface Hardware Address Hiding
What Can a Firewall NOT Do? Prevent Session Hijacking Wait until a session is established through the firewall Prevent Snooping of network data Data is not encrypted Prevent Modification of network data Data is not checksummed Prevent Re-routing of network data Firewall cannot establish fixed routes Prevent spoofing of network messages Data not signed with a signature
Strengths/Uniqueness Firewalls Raptor Firewall Part of larger family of AXENT Security products 3rd generation application proxies High degree of security intelligence Enterprise features High performance Automatic System Hardening At installation Continuous thereafter Best Fit Rule Ordering 1st call customer support Stable Product
Raptor Firewall Authorization (Access Control) IP addresses, Services, Time, Users URL Filtering Application Level Controls and Attack Filtering Telnet, FTP, HTTP, SMTP, SQL*NET, CFIS, NNTP, NTP, RealAudio Authentication Strong - S/Key, ACE, CryptoCard, Defender Weak - Gateway, NT Domain, Radius, TACCAS+ Logging Passive security management Non-repudiation Notification Email, Beeper, SNMP, Audible, Custom Script Enterprise Features High Availability (Qualix and Veritas Support) Transparency Load Balancing of Servers Integrated VPN
Raptor Firewall Vulture - Continuous System Hardening and Suspcious Activity Monitoring SMTP TELNET WindowsNT - Intel Sun Solaris - Ultra Sparc HP/UX - PA-RISC FTP RealAudio HTTP GOPHER Generic Proxy Access Control / Logging / Management TCP/IP / VPN / Packet Filtering Future Proxies
Raptor Remote Firewall The Raptor Enterprise GUI is used to configure the remote gateway Raptor Remote Raptor Enterprise Internet Firewall to Firewall VPN Capability. Use the Internet as cheap private lease line.
Raptor Mobile Internet Encrypted IP Datagrams Router Dial up (PPP), ISDN, or LAN Raptor Firewall Network Level Encryption Smart Tunneling Various forms of authentication Integration with Raptor Firewall
Q & A