Multi-Function Firewall 2nd Edition

1. Security Trends

2. About SECUI MF2

3. Special Advantages of SECUI MF2

4. SECUI MF2 Series

Multi-Function Firewall 2nd Edition

Security Trend

- Appearance of New Security Threats

- Change of Security Related External Environment

- Appearance of Next Generation Firewall

1. Security Trend

Appearance of New Security Threats Different from the Past

The appearance of new attack types using the limitations of existing UTM

Service Vulnerability

Malicious Code Inflow

Leak of Internal Info

Leak of Personal Info

Web

Vulnerability

Attack

Zombie

PC/DDoS

Application

http(80)

https(443)

4 SECUI.COM

Change of External Environment Related to Security

Web/Application security risk

Extended spread of mobile devices

Extended network bandwidth

Establishment and effectuation of Personal Information Protection Act

IPv4 depletion & suspension of assignment

Establishment of Regulations Related to Spread of Mobile Devices and Information Protection

Application Traffic Control

Increased Demand of High

Performance Devices

Mandatory Protection of Personal Info

Started Supplying

IPv6

5

1. Security Trend

SECUI.COM

Appearance of Next Generation Firewall

Appearance of Next Generation Firewall to cope with changing security threats

Functional Factors of Next Generation Firewall (NGFW)

Next-Generation Firewall UTM (Multi Function Firewall)

6

1. Security Trend

SECUI.COM

About SECUI MF2

- SECUI MF2

- SM DPI

- SC FDE

Multi-Function Firewall 2nd Edition

’11

’07

’03

’01

The next generation security product that has implemented the idea of Next-Generation Firewall

Software

UTM

Appliance

NGFW

2G

4G, 17G

1G

40G SECUI MF2 Series (NG Firewall)

SECUI NXG Series , eXshield (UTM, Multi Function Firewall)

NXG Series (Firewall, VPN)

secuiWall (Firewall)

2. About SECUI MF2

8 SECUI.COM

SM DPI (SECUI Multi-stage Deep Packet Inspection)

Blocks external attacks, prevents inflow of malicious codes, detects zombies while providing identification

and control functions of various applications through precise Deep Packet Inspection on multistage (multilayer)

IPS/DDoS Application Control Anti-Virus/Spam - Full support of PCRE signature & Option - Separate assignment of profile on virtual

domain - Applying the engine of exclusive Anti-DDoS

device

- Control on internet application - Multistage Application Control engine - Control of action with User ID by

application

- File-based of high detection rate - Stream-based method more than 10 times

faster than the File-based (Able to check unlimited size of files)

Policy Virtual Domain

IPS/DDoS

Application Control

Anti-Virus/Spam

DATA HEADER

9

2. About SECUI MF2

SECUI.COM

SC FDE (SECUI Clustering-based Flow Distribution Engine)

An integrated security platform implemented with 64 Bit SecuiOSTM and high performance Multi-Core

The latest hardware architecture combining Symmetrical Multi-Processing (SMP) and clustering technology

Applying load distribution processing technology which uses multi cores effectively to handle without

lowering of network speed

SECUI MF2 session distribution processing technology implementing optimum performance to multi core

Core

Core

Core

Core

Core Core

Core

Thread

Thread

Thread

Thread

Thread

Thread

Multi Core CPU

Reso

urce

Check

er

Balancer (Core Resource Flow)

NIC

NIC

NIC

NIC

NIC

NIC

Input Output

2. About SECUI MF2

FULL

Special Advantages of SECUI MF2

- Overview

- Application Control

- VPN (IPsec / SSL / Mobile)

- IPS & DDoS

- Web Filter

- Web Server Protection

- Anti - Virus

- Anti - Spam

- SMART HA

- SMART NAT ( Policy Based NAT )

- Improved Convenience of Policy Management

Special Advantages of SECUI MF2

SMART HA, By-Pass

LACP, LLCF

Multicast (PIM-SM, IGMP)

RIP, OSPF, BGP

SMART NAT (Policy Based)

PBR (Policy Based Routing)

Firewall

VPN

- IPSec VPN

- SSL VPN (Clientless)

- Mobile VPN

IPS & DDoS

Anti-Virus

Anti-Spam

- RBL (Real-time Blocking List)

Support

Application Control

Web Server Protection

Harmful Site Block

Anonymizer Site Block

3. Special Advantages of SECUI MF2

12 SECUI.COM

Application Control

Provides control feature on various internet applications using http/https from the development of web technology

Mounted with multistage Application Control engine through protocol analysis

- Action control with User ID by application regardless of user movement or IP change

13

3. Special Advantages of SECUI MF2

SECUI.COM

SOURCE DESTINATION Application Security Action

HR Team

Support Dept

HR Team_Web Mail Attachment

Support Dept_P2P Control

Development Team_1

Category Application Exception IP Exception User Message File

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Detect

Block

Block

Block

VPN (IPSec / SSL / Mobile)

Supports both international standard certification protocol and encryption algorithm, fully supports IPSec, SSL and Mobile VPN

Improved line management function: Automatic speed check, solves line failure, load distribution by line speed

Multi-Tunnel, Bonding and Load balancing functions for effective usage of xDSL multi-line

SSL VPN Supported Browser

Mobile SSL VPN support OS

Intranet Web

Server 1

Web based ERP Server

Intranet Web

Server 2

Mobile SSL VPN

IPSec VPN

USB Client

SSL VPN

ERP Server

Web Server 2 ERP Server

Web Server 1 & 2, ERP Server

<Setting Access by User>

3. Special Advantages of SECUI MF2

14

※ SSL/Mobile scheduled for first half of 2012

SECUI.COM

IPS & DDoS

Fully supports NCSC(National Cyber Security Center), ECSC(Education Cyber Security Center),

PCRE(Perl Compatible Regular Expression) signature and option

Separate assignment of protection profile on virtual protection domain, flexible application of security policy

Powerful Anti-DDoS feature (Applying the engine of exclusive Anti-DDoS device)

Provides internal zombie PC monitoring and block feature

A Network B Network

Zombie PC

Virtual Domain (A)

Virtual Domain (B)

N/W IP Address

N/W IP Address

TCP Stream

Client Port

To Server Packet

Flooding Block

Anti Spoofing

SCAN Protection

3. Special Advantages of SECUI MF2

15

- Establishing individual security policy using Virtual Domain

- Internal zombie PC detection and network block

SECUI.COM

Anonymizer Servers

Web Filter

Improved URL Filter Feature

- Prevention of detour through IP address input (Auto update of IP address on URL)

- Precise block that has extended checked area with URI field without just checking URL

- The function to prepare and set up various warning pages by profile

Block of detoured access HTTP request using Anonymizer website (Auto update of Proxy server list)

Attempts Proxy server access to access a shopping mall http://28.135.57.2

http://www.casino.com

Anonymizer Server List Update

www.proxyserver.com …

Blocks detoured access of illegal website

Blocks direct access of illegal website

Internet

3. Special Advantages of SECUI MF2

16

Update Servers

SECUI.COM

Web Server Protection

Ban pattern block, Block of extension within URL (malicious code risks such as exe, dll or bat)

Command injection block, SQL injection block and XSS injection block features

Detects/blocks web robots gathering contents for indexing of search engine by periodic visits to website

Web Server User

Attacker

SQL Injection

XSS Injection

Command Line Injection

…

SQL XSS

Com- mand

17

3. Special Advantages of SECUI MF2

SECUI.COM

Anti-Virus

Uses both Stream-based method of fast search speed or File-based method of high detection rate

- Used by selecting Stream-based or File-based depending on the environment

- File-Based : Able to select 2 types of virus engines (high detection rate)

- Stream-Based: More than 10 times faster than the File-Based method (unlimited file size)

Prevents unnecessary waste of system resources by setting file extensions and names as exceptions

Anti-Virus Stream-Based Anti-Virus File-Based

Most Recently DB

3. Special Advantages of SECUI MF2

Output Input

Full Anti-Virus DB Buffer

(File) Scan (File)

Deliver (File)

Time

Output Input

Buffer Scan (Packet)

Deliver

Latency Time

18

Latency

SECUI.COM

Anti-Spam

Supports multi-language keyword filter with Global Anti-Spam solution

- Able to apply title, body and regular expression

Automatically checks whether sender domain is the actual domain through DNS Query

Supports RBL (Real time Blocking List) function

- RBL cache function support (using firewall black list)

Blocks non-allowed commands, allow/deny e-mail address, external spam detection server management

Mail-Server Receives only normal mails Mail Relay block

Session Limit per mail sender

Block keyword list

RBL

Non-allowed command block

Mail size limit

Spam Mail

Malicious Mail

Normal Mail

19

3. Special Advantages of SECUI MF2

SECUI.COM

SMART HA (High Availability)

Provides Advanced HA enabling combined usage of Router and Bridge modes

Raises availability of Port with HA Port Bonding function

Fast and convenient device extension with Plug-in

Supports safe replacement without influence of service with Hot Swap during HA member failure

External Network

Internal Network

DMZ Network

External Network

Internal Network

20

3. Special Advantages of SECUI MF2

L2 switch for HA L3

L3

HA

Failure Replacement Device

Occurrence of Failure

New Extension Plug-in Method

MAX 16 Units

Hot Swap Replacement

Bridge Mode Router Mode

SECUI.COM

SMART NAT (Policy Based NAT)

Securing flexibility of network configuration through PB NAT (Policy Based NAT) feature

Able to use NAT policy by as many as the number of policies

Can be simply implemented on all NAT of various types including 1:1, 1:M, N:M or 1:N

Client Web server (1.1.1.1)

External Internal

www.secu.com (2.2.2.101)

21

3. Special Advantages of SECUI MF2

SECUI.COM

Improved Convenience of Policy Management

Provides convenience of managing related policies through policy grouping

Maximizes convenience by adding Drag & Drop feature

Prevents unnecessary waste of policy resources by improving unused, non-referenced object/policy search feature

Even more convenient Policy Editing feature using policy Drag & Drop

Effective use of resources with unused object / policy search feature

22

3. Special Advantages of SECUI MF2

SECUI.COM

Firewall Policy Settings X

Do you wish to move?

Notice

Yes No

Basic Search Advanced Search

Advanced Search only provides the search results on applied policies

Policies being edited are not included in the search target

Check applied policies

Inflow Zone

Source IP

Destination IP

Internal Network

Protocol

Port

Port

Search non-referred policies Non-referred days

Search

Object Search

NO. Policy ID

SECUI MF2 Series

- Line up

- Spec

- Certificates (National Cyber Security Center CC, IPv6, TTA)

- SECUI CA

24

4. SECUI MF2 Series SECUI CA (Central Analyzer)

Provides a separate program which conveniently gathers the log of small devices to administrator PC

Monitors Dashboard, Top10 info and trend graph, etc. real-time from the administrator PC

Able to view detailed logs with convenient conditional search on all logs

Provides perfect security audit and customer support Report as a form of CSV(excel) file

Syslog Transmission

Console PC

System Info

(CPU, Memory, HDD) User Option Screen

(Security Log, Top10 Log)

Traffic Trend graph

(By Action and Protocol)

SECUI.COM

4. SECUI MF2 Series SECUI CA (3D dashboard)

Provides 3D Visualized Dashboard and Log Viewer for intuitive monitoring and security control

Visualizes traffic based on traffic and session information of source and destination IP

Monitoring by sorting according to the direction of traffic by the classification of All, Input and Output

25

1. Expresses IP and Port as sphere

2. Size of sphere and thickness of line

depending on the amount of traffic

1. All

2. In Out

3. Out In

SECUI.COM

Perf

orm

ance

MF2 1000

MF2 500

MF2 100

MF2 6000

MF2 2000

MF2 3000

Small Scale Network

Medium Scale Network

Large Scale Network

Firewall Max 500Mbps Firewall Max 2Gbps Firewall Max 4Gbps Firewall Max 10Gbps Firewall Max 20Gbps (10G Interface)

Firewall Max 40Gbps

(10G Interface)

Line Up 4. SECUI MF2 Series

26 SECUI.COM

SECUI MF2 100 SECUI MF2 500 SECUI MF2 1000 SECUI MF2 2000 SECUI MF2 3000 SECUI MF2 6000

H/W

Chassis

HDD - 250GB 500GB 1TB 2TB 2TB

1G Copper

(bypass) 4 Ports(2) 6 Ports(2) 6 Ports(4) 8 Ports(8) 8 Ports(8) 8 Ports(8)

1G Fiber - - 2 Ports 8 Ports 4 Ports option

10G Fiber - - - - 4 Ports 8 Ports

Power Supply Single Single Single Dual Dual Dual

Perfor-

mance Firewall Max 500Mbps 2 Gbps 4 Gbps 10 Gbps 20 Gbps 40 Gbps

Expansion Modules

1G Fiber ByPass 2-port 1G Fiber ByPass Module (MF2 2000, 3000, 6000)

10G Fiber ByPass 2-port 10G Fiber ByPass Module (MF2 3000, 6000)

Specification

27

4. SECUI MF2 Series

SECUI.COM

28

Certificates (National Cyber Security Center CC, IPv6, TTA)

Certificate No. TTA-V-N-11-058, 059, 060

Model Name SECUI MF2 100, 6000, 1000

Scope of Certificate IPv6 Router Core Suitability and Interoperability

Certificate No. NISS-0342-2011

Model Name SECUI MF2 V1.0

Logo ID 02-C-000648

Version SecuiOS V2.0(64bit)

4. SECUI MF2 Series

Scope of Certificate IPv6 Router Scope of Certificate FW+VPN(EAL4)

SECUI.COM