funkwerk enterprise communication funkwerk utm workshop 09.01.2007 thilo schmid – funkwerk utm...

2 for internal use only!

Funkwerk UTMWhat is Unified Thread Management (UTM)?

Before UTM systems were on the market IT-Security was:

very complex very expensive difficult to integrate difficult to administrate and to maintain interaction between components rare hard to keep up to date

Fire

wal

l

IDPS

A-V

irus

= only for big companies

A-S

pam


Funkwerk UTMUnified Threat Management – Integrated “one size fits all” Protection

Auto Prevention

Firewall

Anti-Spam

VPN

Intrusio

n

Preven

tion

Authentic

ation

Ant

i-Viru

s

Application

LevelG

ateway

FunkwerkPacketAlarm

UTM


Funkwerk UTMIdea of Funkwerk UTM

UTM Definition

Unified Threat Management (UTM) is a term first used by IDC in 2004 to describe a category of security appliances which integrates a range of security features into a single appliance. By definition UTM appliances combine …

firewall, gateway anti-virus, intrusion detection and prevention capabilities into a single platform!

Funkwerk Unified Thread Management (UTM) means: one solution for all major security threads based on corporate security standards out-of-the-box easy implementation and easy administration security components interact by default good pricing one update mechanism

= for all companies sizes


Funkwerk UTMUnified Threat Management Components

Firewall, Application Level Gateway

Multi Inspection Firewall with easy to use rule editor Application Level Gateway (HTTP, FTP, SMTP, POP3, DNS) Network- and Port-Address-Translation (Redirect Services) DHCP server Ethernet and DSL-capable (PPPoE)

VPN Gateway PPTP,L2TP und IPSec Encryption: DES, 3DES, AES, Blowfish, Twofish, Serpent, Cast Authentication: SHA-1, MD5, IKE certificate IPSec NAT Traversal Certificate Server


Unified Threat Management Components

Intrusion Prevention Engine

Blocks attacks in real-time before they reach the network Protects from Worms, Trojans, network based attacks Active inside the data stream Flexible and easy implementation

Auto Prevention

Easy adjustment through pre-defined policy levels Definitions through Funkwerk expert team and automatic reaction to attacks Reduces administration effort extremely Online Update of policy levels Feature only available with Funkwerk PacketAlarm UTM

Funkwerk UTM


Auto/Prevention (Background)

Basic IPS Engines just offer a pure pattern base but without any deployment policy: what to do when which event shows up.

There is no help to the administrator or the integrator (reseller) what to do and there is no value to such an “Marketing-IPS” (no reaction is more an IDS than an IPS).


Funkwerk UTM

Source www.commtouch.com

Funkwerk’s Auto Prevention offers a complete pre-defined IPS-policy or IPS-logic with a single click. Two policy-levels are available: normal and strong Levels can be applied for all attack groups or user selected groups Each new IPS signature update already has the policy classification

=> automatic prevention of new attacks (!) Single groups or patterns can still be adjusted


Anti-Spam

Anti-Spam for SMTP and POP3 Real-time replication with multiple Blackhole-Lists (RBL + ORDB) Heuristic Analyse of the content White- und Black-Lists can be added MIME header Check Reactions defined based on spam rating Transmission of the spam parameter inside the header for individual use Optional: Advanced Detection Engine


Funkwerk UTM


Anti-Spam (Background)

Basic Engines look from “outside” on certain parameters of the email, e.g. words and content (text, html, pictures), subject, sender and server on blacklists or whitelists


Funkwerk UTM

Problem: method causes false positives (Examples: moral, s-e-x, send text as picture, customer is on blacklists by accident) fine-tuning is necessary but: If filter is to liberal then to much spam (false negative), if filter is to strict then false positives languages

Commtouch Engine looks with sensors worldwide on appearance of mass mails and gives each mail an individual fingerprint.

causes almost no false positives no fine-tuning very good detection ratio Source www.commtouch.com



Anti-Virus, Anti-Spyware, Anti-Phishing

Gateway virus protection for HTTP, FTP, SMTP, POP3 Can handle multi-ziped files Reactions: delete or quarantine Definition of unwanted file formats ClamAV included for free Optional Update to Kaspersky Scan Engine

User Authentication

Internal User Database External LDAP Database External RADIUS Database Out-of-Band Authentication ->

Funkwerk UTM



Out-of-band Authentication

protocol independent user authentication from both, internal to external and external to internal

Funkwerk UTM

Example 1: Access from external

e.g. OutlookWebAccess or SSH

Intranet ….

Example 2: user access restrictions

With OOBA insecure and sensitive services can be secured

very flexible: no client is needed (https) sensitive services still can be accessed

https

http, ssh http, ftp, pop3

With OOBA users can be authenticated

very flexible: no client is needed (https) independent of the workstation’s IP



Flexible Event Logging

Funkwerk UTM

Log Layer

(Sub-) System Events

FirewallIPS

VirusMail

Update.........

Internal Log SMTP (Email)

Syslog SNMP V2(Tivoli, OpenView)

100.000 entries max.Auto delete of oldest 1000

Definition of Log Filter based on: Subsystem (FW, IPS, …) andLevel (high, med., low, info)


All-in-one security through PacketAlarm UTM’s Multi Layer Security Architecture Very simple Installation through Setup-Wizard Very easy config backup and roll-out with same configurations possible Plug-and-secure functionality through Auto-Prevention (predefined prevention policies) Security inside VPN connections (VPN-traffic still has to pass all security layers) Centralized online signature and software update for all security components Basic Spam and Virus Protection already included in base product Virus scanning also for big files possible Additional Kaspersky and Commtouch engine User Authentication (OOBA, internal, LDAP, Radius, Certificates) Centralized remote management solution Easy configuration and administration (new FCI) External logging via Syslog, SNMP and SMTP flexible use – as stand alone system or in combination with existing security Very good TCO

Sales arguments

Funkwerk UTM


Major security threads

Funkwerk UTM

Source: CRN 11/2006, IT-Security 2006

63,0

Information in percent, base: 265 / 190 answers (multiple answers possible)

Misuse of user accounts

55,8

16,2

27,2

10,6

6,8

23,8

9,1

Virus’s /Worms/ Trojans

Spam

Misuse of E-Mail addresses

Human miss-configuration

Phishing

External DoS attacks

Guessed passwords



Funkwerk UTM

Firewall

VPN

Anti-Virus

Intrusion Detection & Prevention

Anti-Spam

Auto Prevention

Multi Layer Security

Funkwerk UTM’s multi layer security architecture gives comprehensive security that is needed today on one single system. All security layers inside Funkwerk UTM can be easily switched on or off. If there is e.g. already a Firewall or an Anti-Virus-System installed these modules can be easily deactivated to fully integrate into existing security architectures.


UTM 3500 - -

UTM 25005.999,-999,-

7.999,-

UTM 21002.499,-449,-

2.998,- 3.497,-

UTM 15001.099,-209,-

1.399,- 1.698,-

UTM 1100799,-199,-

10 25 50 75 100 150 200 250 unl.

HW

Pla

tform

User

Product line Funkwerk UTM - Matrix

Retail prices in € already including first year of Software & Pattern UpdateSoftware & Pattern Update for platform per following year (user independent)

Funkwerk UTM

UTM 1100

UTM 1500

UTM 2100

UTM 2500

UTM 3500(Gigabit)

+50 User+ 499 €

+50 User+ 499 €

+Unlim. User+ 2000 €

+25 User+ 300 €

+25 User+ 300 €


Software updatesand

patterns for:IPS

Auto PreventionA-VirusA-SPAM

The security process – Update is a must!

We’re not only selling a product once – we’re selling a long term service !!

Funkwerk UTM

New pattern developed

Download of new patterns

Install and activate pattern

new threat, (attack, vulnerability, virus)

discovered


Stand-alone Solution

small

mediumbig

Funkwerk UTM


Stand-alone Solution

Funkwerk UTM

LAN to LANRouting & Security

LAN to WANRouting & Security

LAN, WAN, DMZRouting & Security

server

WAN WAN


server

Branch office solution

Funkwerk UTM

Security within VPN!

Centralized remote management


Mixed Product Solution Router / UTM

Funkwerk UTM

DSL Modem

X.21, ATM,

FrameRelay, etc

Security

VPN

ISDN or S2M Backup

Special requirements on WAN


Mixed Product Solution UTM / WLAN

Funkwerk UTM

Telecommuters, customers, public etc.

e.g. hotel, hospital, office …


Mixed Product Solution

Funkwerk UTM


Cross selling

Basic ideas of FEC cross selling:

in every router project there must be security as you connect two or more networks in every VoIP project there must be security as connection to the internet or VoIP providers is necessary in every WLAN project there must be security as people access networks

Funkwerk UTM


Funkwerk UTMRoadmap 2007

Step 1 – Jan. 2007

Product launch Funkwerk PacketAlarm UTM 1500 and UTM 2100

Step 2 – April 2007

Product launch Funkwerk PacketAlarm UTM 1100 and UTM 2500

Step 3 – Q3 / 2007

IMAP Proxy, Traffic shaping, Policy Based Routing, Content Check/Filter, DOS protection, RIP

Step 4 – Q4 / 2007

Integration into FEC network management system (NMS)

Funkwerk Enterprise Communication

Vertriebsunterstützung und

Partnerprogramm


Inhalte nicht übersetzt in engl. Siehe Deutsch

Funkwerk Enterprise Communication

Funkwerk PacketAlarm IDS und IPS


Introduction – The Security Problem

Hybrid Threats like e.g. MS Blaster, Nimda, Code Red and SQL Slammer have proven, that Routers, Firewalls and Anti-Virus

Systems are not enough to protect today’s company networks.

Firewall

Anti/VirusNimda

Code Red

MS Blaster

SQL Slammer

S D P

TCP/IP Payload

depth of inspection

Depth of inspection


PacketAlarm – First Class SecurityScalable High-Level Security for every usage scenario.

IDS IPS UTM

S D P

TCP/IP Payload

depth of inspection


PacketAlarm IDS FeaturesThe solution: The PacketAlarm product family

Intrusion Detection System (IDS)

High-Speed Intrusion Detection Engine Monitors the complete data traffic in the whole network segment Stores detailed attack data and can send out alerts Powerful Vulnerability Scanner Invisible inside the network No influence on the performance and the traffic (passive sniffing) Anomaly Detection Event-Correlation Traffic-trace Automatic Software- and Pattern Update Easy and simple configuration and administration Central management and forensic over multiple systems


PacketAlarm IPS FeaturesThe solution: The PacketAlarm product family

Intrusion Prevention System (IPS)

High-Speed Intrusion Prevention Engine Active inside the data stream Prevents actively from Worms, Trojans, network attacks etc. by blocking Stores detailed attack data and can send out alerts Automatic Software- and Pattern Update Easy configuration and administration Anomaly Detection Traffic-Trace Uses multiple correlation techniques to solve „false positive“ topic Easy and flexible integration through implementation layer 2 or 3 High Availability option Central management and forensic over multiple systems


Target markets for IDS:

medium to large size companies and enterprises

IDS Examples:

Backbones of ISPs, Telcos Network areas with a high demand on security and availability (IDS = passive sniffing) like production networks, power-plants, military, confidential and top secret development data, etc.

Target markets for IPS:

medium to large size companies and enterprises

IPS Examples:

Networks where Layer 3 integration is too costly (IPS in Layer 2 does not affect layer 3 infrastructure like routing, gateways etc. = easy implementation) When only IPS functionality is needed (Firewall and IPS) e.g. securing internal server farms

Target Markets PacketAlarm IDS/IPSTarget customer segments


Product line IDS:

IDS/IPS Product LineThe solution: The PacketAlarm product family

PacketAlarm IDS 100

Unlimited user, for 100 Mbit/s networks

PacketAlarm IDS 250


Product line IPS:PacketAlarm IPS 100


PacketAlarm IPS 250



Funkwerk UTM - So what are we waiting for??

funkwerk enterprise communication funkwerk utm workshop 09.01.2007 thilo schmid – funkwerk utm...

Documents