Firewalls: The Next Generation. Rick Coloccia Network Manager coloccia@geneseo.edu

Similar documents
Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Chapter 11 Cloud Application Development

Networking for Caribbean Development

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Guideline on Firewall

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Network Agent Quick Start

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Internet Ideal: Simple Network Model

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Full version is >>> HERE <<<

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Cisco Actualtests Exam Questions & Answers

Configuration Example

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

NetFlow Tips and Tricks

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

The Cisco ASA 5500 as a Superior Firewall Solution

Security Technology: Firewalls and VPNs

FatPipe Networks

Firewall Defaults and Some Basic Rules

High Performance NGFW Extended

Cisco Remote Management Services for Security

Cisco PIX vs. Checkpoint Firewall

How To Get A Fortinet Security System For Free

Cisco ASA 5500 Series IPS Solution

Government of Canada Managed Security Service (GCMSS) Attachment 2.1: Historical Information

A Study of Network Security Systems

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

SonicWALL Team Nordic Recommendations for safe Unified Threat Management (UTM) Deployments*

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Role of Firewall in Network. Security. Syed S. Rizvi. CS 872: Computer Network Security. Fall 2005

FIREWALLS & CBAC. philip.heimer@hh.se

Introducing IBM s Advanced Threat Protection Platform

DataCentred Cloud Services Pricing MediaCityUK, Manchester Flexible, Open Source, Cost Effective

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Intelligent. Data Sheet

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

ACL Compliance Director FAQ

How To Choose A Network Firewall

BlackRidge Technology Transport Access Control: Overview

Polycom. RealPresence Ready Firewall Traversal Tips

Unified Threat Management, Managed Security, and the Cloud Services Model

Configuration Example

How Cisco IT Protects Against Distributed Denial of Service Attacks

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

WAN Traffic Management with PowerLink Pro100

Next-Generation Firewalls: CEO, Miercom

Configuration Example

Lab Testing Summary Report

Cisco AnyConnect Secure Mobility Solution Guide

Netsweeper Whitepaper

Next Generation Network Firewall

PRODUCT CATEGORY BROCHURE

Cisco Small Business ISA500 Series Integrated Security Appliances

The Leading Security Suites

Overview. Firewall Security. Perimeter Security Devices. Routers

On-Premises DDoS Mitigation for the Enterprise

Securing and Monitoring BYOD Networks using NetFlow

Cisco NetFlow Generation Appliance (NGA) 3140

Firewall Design Principles

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Cisco EXAM Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product.

Layer-2 Design: Link Balancers Simplified

Introduction to Computer Security Benoit Donnet Academic Year

Middleboxes. Firewalls. Internet Ideal: Simple Network Model. Internet Reality. Middleboxes. Firewalls. Globally unique idenpfiers

Deploying Firewalls Throughout Your Organization

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

Firewall and UTM Solutions Guide

VMware vcloud Air Networking Guide

Masters Project Proxy SG

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Basics of Internet Security

Chapter 9 Firewalls and Intrusion Prevention Systems

Using Palo Alto Networks to Protect the Datacenter

NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

Flow Analysis Versus Packet Analysis. What Should You Choose?

BroadScan. Security Appliances. in-one Security Solution for SMB Combining Performance, ease of use and affordability. A Breakthrough all-in

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Firewall Presentation. Mike Shinn Casey Priester

Lab Testing Detailed Report DR January Competitive Testing of Web Security Devices

Bandwidth Primer The basic conditions and terms used to describe information exchange over networks.

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Chapter 7. Firewalls

Why Upgrade to the New CyberoamOS?

HP Helion Configuration

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Transcription:

Firewalls: The Next Generation Rick Coloccia Network Manager coloccia@geneseo.edu

Session Overview Evolution of the Firewall Packet Filters Stateful Firewalls Application Firewalls Single Appliance No More Today Next Generation Firewalls Buyer s Questions All-in-One Devices At Geneseo Elsewhere? Q & A

Evolution of the Firewall Firewalls were born in roughly 1990 Hardware and Software based firewalls We are focusing on the hardware devices only

Packet Filters Most Basic Firewall Option Compare incoming and outgoing packets to lists of source and destination addresses & ports drop reject (send notice of denial) permit Environment: T1s, 10 mbps LANs

Stateful Firewalls Packet Filters & Connection Tracking Add a unique rule to the control list: Packets matching a known active connection will be allowed by the firewall; others will be rejected. In other words: if a host on the inside asked for it, let it in Environment: T3s, dawning of metro-ethernet, 100 and 1000 mbps LANs Administration within the realm of the network administrators

Application Firewalls Understand various network applications, and can react in ways unique and specific to each application. Web Application Firewalls SPAM Firewalls Proxy Servers Bandwidth Management Devices P2P management devices Intrusion detection/prevention systems

Application Firewalls Metro-Ethernet connections of 500 mbps or more to Campuses 1 and 10 gbps connections within campus networks The Cloud is here to stay Huge bandwidth needs Home users have 10-50 mbps connection and demand high speed connections to campus. Highspeed network connectivity is a must! Hosts have up to 128 GB of RAM and tremendous processing power

Single Appliance No More The single firewall appliance is no longer sufficient Web administrators, mail administrators, security compliance officers, and network administrators all have a role in managing campus security. What was once a part time role held by one person has evolved into a complicated web of security systems. Campus security relies on layers. Like an onion.

Today Security is now designed in a layered fashion in many environments Basic stateful firewalling remains in use Web Application firewalls focus their protection on your web sites, and on your home-grown web software Proxy servers minimize bandwidth consumption by caching content locally

Today Proxy servers minimize bandwidth consumption by caching content locally Intrusion prevention systems protect networks by dropping packets that match complex signatures (either of specific exploits or of more general vulnerabilities) SPAM filters control inbound and outbound mail delivery, by comparing messages to algorithms based on white lists and black lists, signatures, and message contents

Today Multiple administrators are typically used to address several issues: cross training areas of expertise legal issues - maintaining some separation between security personnel and system administrators

Next Generation Firewalls Next-generation firewalls expand upon traditional firewall behavior by adding various elements to each firewall rule, including application, user identity, and reputation. Check Point Palo Alto SonicWall Fortinet Barracuda Stone Soft Sentinel IPS Tipping Point And more

Buyer s Questions First determine your security posture! What would you want a firewall to do? Know this before talking to a vendor! Network design considerations: How is your network built? Are there multiple points of entry? What protocols are in play? IPv4, IPv6? Multicast? Any experimental protocols?

Buyer s Questions How much staff time can you commit to deployment and maintenance of a security appliance? What is your budget? How concerned are you about diversifying security vendors? All your eggs in the same basket Best of breed

All-in-One Devices They are not without their application: Sites small in size Sites with limited personnel Sites where layered security is less important because of the types and classes of data being protected Sites where network designs would be negatively impacted by multiple security devices

At Geneseo, What & Why HP Tipping Point (IPS, Copyright Compliance) Cisco ASR 1000 Series Aggregation Services Router (Access Control Lists) Cisco ASA 5500 Series Adaptive Security Appliance (Stateful Firewall) Cisco ASA 5500 Series Adaptive Security Appliance (VPN) Bluecoat PacketShaper (Bandwidth Management) IronPort Spam Firewalls (Email filtering)

Elsewhere? What are you doing? Why?

Questions? Rick Coloccia Network Manager SUNY Geneseo 585-245-5577 coloccia@geneseo.edu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information