Tagesordnung WIN/IP-Forum

Similar documents
RELEASE NOTES. StoneGate Firewall/VPN v for IBM zseries

50. DFN Betriebstagung

Stonesoft 5.5. Firewall/VPN Reference Guide. Firewall Virtual Private Networks

StoneGate. High Availability Firewall and Multi-Link VPN. Security Availability Manageability Scalability

F IREWALL/VPN REFERENCE GUIDE

Gigabit SSL VPN Security Router

Securing Networks with PIX and ASA

F IREWALL/VPN INSTALLATION GUIDE

Firewall Defaults and Some Basic Rules

Gigabit Multi-Homing VPN Security Router

White Paper. McAfee Multi-Link. Always-on connectivity with significant savings

Gigabit Content Security Router

Whitepaper. StoneGate Multi-Link. Ensuring Always-on Connectivity with Significant Savings

Multi-Link - Firewall Always-on connectivity with significant savings

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Gigabit Multi-Homing VPN Security Router

McAfee Next Generation Firewall (NGFW) Administration Course

Network Security Firewall

Remote Firewall Deployment

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

F IREWALL/VPN INSTALLATION GUIDE

F IREWALL/VPN REFERENCE GUIDE

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

McAfee NGFW Installation Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

VPNC Interoperability Profile

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

StoneGate Reference Guide

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Stonesoft 5.4. Firewall Reference Guide. Firewall Virtual Private Networks

Cisco ASA, PIX, and FWSM Firewall Handbook

McAfee NGFW Reference Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

Load Balancing McAfee Web Gateway. Deployment Guide

Understanding the Cisco VPN Client

Availability Digest. Redundant Load Balancing for High Availability July 2013

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

version 1.0 Installation Guide

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Configuring the Transparent or Routed Firewall

INTRODUCTION TO FIREWALL SECURITY

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Lab Configuring Access Policies and DMZ Settings

Chapter 9 Firewalls and Intrusion Prevention Systems

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

Securing Cisco Network Devices (SND)

Chapter 4 Security and Firewall Protection

Configuring Windows Server 2008 Network Infrastructure

Firewalls. Chapter 3

Cisco RV 120W Wireless-N VPN Firewall

Stonesoft Corp. Stonegate Firewall and VPN

HP Intelligent Management Center Standard Software Platform

HP Intelligent Management Center Standard Software Platform

Intrusion Detection and Analysis for Active Response - Version 1.2. Installation Guide

StoneGate Installation Guide

Unified Services Routers

NETASQ MIGRATING FROM V8 TO V9

MCSE Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)

ExamPDF. Higher Quality,Better service!

Release Notes for Version

F-Secure Messaging Security Gateway. Deployment Guide

Load Balancing Smoothwall Secure Web Gateway

STONEGATE 5.2 I NSTALLATION GUIDE I NTRUSION PREVENTION SYSTEM

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Chapter 4 Firewall Protection and Content Filtering

Load Balancing Trend Micro InterScan Web Gateway

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Chapter 4 Firewall Protection and Content Filtering

ADMINISTRATION GUIDE Cisco Small Business

SonicOS Enhanced Release Notes

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

RuggedCom Solutions for

SonicOS Enhanced Release Notes

Load Balancing Bloxx Web Filter. Deployment Guide

1.6 HOW-TO GUIDELINES

Barracuda Link Balancer

Proof of Concept Guide

Using Microsoft Active Directory Server and IAS Authentication

Load Balance Router R258V

Load Balancing Barracuda Web Filter. Deployment Guide

Improving Network Efficiency for SMB Through Intelligent Load Balancing

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

SSL SSL VPN

2.5 TECHNICAL NOTE FTP

TABLE OF CONTENTS NETWORK SECURITY 1...1

LifeSize Transit Deployment Guide June 2011

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Endpoint Security VPN for Mac

Load Balancing Sophos Web Gateway. Deployment Guide

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Transcription:

Tagesordnung WIN/IP-Forum Mittwoch 19.10.2005 9:00 11:00 Uhr 9:00-9:15 Uhr Bericht des WiN-Labors Verena Venus, WiN-Labor RRZE Erlangen 9:15-9:30 Uhr Customer Network Management für das G-WiN, X-WiN und GEANT Andreas Hanemann,CNM-Team LRZ München 9:30-10:00 Uhr StoneGate Security Platform Technical Overview Tuukka Helander, Stonesoft Germany GmbH 10:00-10:30 Uhr Netzwerk Security im wired und wireless Umfeld (am Beispiel von HP ProCurve Komponenten) Frank Eckenfels, HP Deutschland 10:30 11:00 Uhr Kundenrouter im X-WiN - Optimale Nutzung der neuen Angebote und mehr Sicherheit für den Zugangsrouter Henning Irgens, Dimension Data Berlin Steffen Göpel, Dimension Data München

StoneGate Security Platform Technical Overview 43. DFN-Betriebstagung Tuukka Helander Network Security Specialist

About Stonesoft! Sound Business Practices! Established 1990! Listed on Helsinki Stock Exchange (HEX) Since 1999! Debt free, strong cash position! Recognized in Security and Business Continuity! About 270 employees! 22 locations in 17 countries! Solutions sold on all the continents Slide 2 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

StoneGate Security Platform Slide 3 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Traditional Network Topology Slide 4 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Slide 5 Copyright 2001-2005 Stonesoft Corp. All rights reserved. The Problem

StoneGate With High Availability Slide 6 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Links Remain Active Slide 7 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

StoneGate Architecture GUI Clients Adminstrators use GUI clients to configure, monitor and manage the system Management Server VPN Engines Implements Multi-Link VPN, Authentication, Monitoring and Logging Log Server Firewall Engines Implements Access Control, Multi-Layer Inspection, NAT, VPN, Authentication, Monitoring and Logging Alert Server StoneGate Management Center Unified concepts and notifications IPS Analyzer Analyzer receives events (sensors or other sources), combines the events and makes further analysis IPS Sensors Sensor captures the network traffic and analyzes it Slide 8 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Supported Platforms! Firewall/VPN gateway! Intel i386, i486, i586, i686 or compatible! IBM eserver zseries TM and iseries TM! Java-based management system! Microsoft Windows 2000, XP! Red Hat Linux Enterprise 3! Fedora Core 3! Solaris 8 and 9! VPN Client! Microsoft Windows operating systems Slide 9 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Multi-Layer Inspection! Combines three firewall technologies:! packet filtering! stateful inspection! application layer inspection! Application layer security with Protocol Agents! Security level can be chosen for each rule! Adjustable timeouts for connections and different TCP states Slide 10 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Protocol Agent! Handles complex protocols (e.g. FTP, Oracle, H.323), including NAT at layer 7! Enforces protocol standards! Redirects connections to Content Inspection Server! Flexible and configurable! No performance penalty like in proxy firewalls! Independent processes, doesn t burden fwd Slide 11 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Integrated Operating System! Operating system designed for firewall and VPN use! Includes only modules needed by StoneGate! e.g. sshd included in the standard installation no telnetd! Read-only file system for critical HD areas! No additional security patches needed! Patches included in StoneGate releases! Firewalls remotely upgradeable from centralized management server Slide 12 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

IPsec Compliant VPN! Supported algorithms:! Cipher: AES-128, AES-256, DES, 3DES, Blowfish, Twofish, CAST-128 and NULL! Message Digest: MD5 and SHA-1! Supported user authentication methods:! RADIUS, TACACS+ or LDAP(S) back-end protocols! Client certificates! Smart Cards (PKCS#11, PKCS#15, Microsoft CAPI)! USB tokens! Built-in active traffic filter on VPN Client! Includes Application Security Slide 13 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Firewall/VPN Gateway Clustering! Built-in high availability and load balancing within 2 to 16 gateways! Evolved from StoneBeat FullCluster, which has over 8 000 installations! Managed as single firewall/vpn gateways! Configuration across a cluster is always unified! Fully transparent to the users is Slide 14 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Unicast and Multicast CVI Mode! All nodes share the same (unicast or multicast) MAC address! Multicast mode can be used with IGMP! All nodes receive all packets, but each connection is handled by one node only! Nodes communicate over a heartbeat link Slide 15 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

! One of the nodes works as a dispatcher:! has the cluster MAC address! distributes the packets! can also process the packets! Dispatcher change is informed with gratuitous ARP! No need for switch configuration Dispatcher CVI Mode Slide 16 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Outbound ISP Load Balancing (1/3) SYN Internet RST Client Server SYN! The SYN packet from the client reaches StoneGate SYN! StoneGate replicates the SYN packet through all ISPs with different source NAT LAN SYN SYN-ACK! The server replies to all SYN packets with a SYN-ACK! The ISP that delivers SYN- ACK packet fastest will be used for the connection! RST will be sent through the other ISPs Slide 17 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Outbound ISP Load Balancing (2/3) Internet Server! The fastest ISP for that destination is cached after the probing! When a new connection to the same destination is established, the cached ISP will be used LAN Client Slide 18 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Outbound ISP Load Balancing (3/3) Internet Server! If the connection cannot be established through the cached ISP, the probing is done again! The first SYN packet is sent through the cached ISP! If the connection times out, the client resends the SYN packet LAN Client SYN timeout Slide 19 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Inbound ISP Load Balancing (1/3) Client Internet DNS Server DMZ! Client performs a DNS lookup! DNS server returns multiple IP addresses, one for each ISP! The client connects the server by using one of the given IP addresses! StoneGate translates the IP address to the private address of the server! Return packets are routed via the same ISP Server Slide 20 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Inbound ISP Load Balancing (2/3) Internet Client! Typically client can use another one of the given IP addresses, if the connection cannot be established using the first one DNS Server DMZ Server Slide 21 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Inbound ISP Load Balancing (3/3) Client Internet ping ping DNS Server DDNS ping! StoneGate probes all ISPs periodically to ensure connectivity! Probing is done by pinging defined IP addresses! If ping fails, the ISP is considered to be down, and StoneGate sends DDNS update to remove the corresponding IP address(es) DMZ Server Slide 22 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Server Load Balancing Monitoring Agent protocol Ping! Connections are balanced based on server availability! Firewall monitors servers using Ping or Monitoring Agent! Can be used with Multi-Linking Slide 23 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Multi-Link VPN (1/2) SITE A ISP A ISP B ISP C Internet ISP X ISP Y! Multi-Link VPN creates subtunnels using each possible combination of end-point IP addresses! Multi-Link monitors the status and performance of all subtunnels and allocates traffic based on that! If a subtunnel fails, traffic will be failed over to other subtunnels SITE B Slide 24 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Multi-Link VPN (2/2) SITE A Leased line ISP A ISP B ISP C Internet ISP X ISP Y! Also IP based private links can be used as a part of the Multi-Link VPN! Links can be defined as backup links! Also applies to ISP s! Backup links will be used only if all primary links fail SITE B Slide 25 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Hassle-free Engine Installation! 5 minute installation! StoneGate installed as a single package! No need to separately install and harden the OS! No need to install an add-on HA solution! Turns a standard server into a firewall/vpn appliance after a short installation wizard Slide 26 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Automating Alert Escalation! Alert Center allows defining with a rule base how alerts are forwarded, escalated and acknowledged Slide 27 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Slide 28 Copyright 2001-2005 Stonesoft Corp. All rights reserved. Reporting

Remote Upgrade! Upgrade through GUI! No local physical action needed! Only delta is sent! Secured through TLS connection and checksum! Old version operative until new one ready! Version roll-back possible Slide 29 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Remote OS Management! Interface configuration! VLAN tagging (IEEE 802.1q)! Dynamic IP! DHCP Relay! Static routes! IP multicast and policy routing supported! ARP entries! Automatically generated for NAT! Syslog comes into the firewall log Slide 30 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Routing and Anti-spoofing! Drag and drop static routes, and anti-spoofing rules will be automatically generated Slide 31 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Rule Base Templates! Security policies are based on templates! Inherited rules cannot be modified in the policies! Policies follow the template changes automatically Slide 32 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Sub Rule Bases! Set of rules which share some common component! skip all sub-rules if the Jump rule does not match! e.g. all HTTP related rules in one sub-rule base Slide 33 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Logging! Log data sent to the Log Server! Stored locally on the firewall if log server cannot be connected! Informative and user friendly log browsing! Powerful log data management tools Slide 34 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Reference: RWTH Aachen! Dynamic Load Balancing! Scalability! Transparent Failover! Convenient Management! Software solution upgradeable to 10Gbps environment Slide 35 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

Stonesoft Germany GmbH Lyoner Str. 15 60528 Frankfurt am Main Office Central Region Tel: +49-69-4272968-0 Fax: +49-69-4272968-99 E-mail info.germany@stonesoft.com Website www.stonesoft.com Slide 36 Copyright 2001-2005 Stonesoft Corp. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information