Sygate Enterprise Firewall

1
Sygate Enterprise Firewall

• Presented by
• ITS Enterprise Information Security
• S.A.T.E. Program

2
SygateCourse Outline

• Introduction to the Sygate Enterprise Firewall
• How Sygate works within UCSF
• Installing Sygate
• Overview of the Security Agent Software
• Navigating the Security Agent
• Testing Your Systems Vulnerability
• Monitoring Your System Logs on a Security Agent
• Summary and Questions

3
Introduction to the Sygate Enterprise Firewall

• What is Sygate?
• Why is Sygate important to UCSF?

4
How Sygate works within UCSF

• How UCSF Deploys Sygate
• The UCSF License for Sygate
• Support for Sygate

5
Installing Sygate

• Obtaining the Security Agent Software
• Installing the Security Agent Software
• Uninstalling the Security Agent Software
• Repairing a Security Agent Installation

6
Overview of the Security Agent Software

• Capabilities When Combined with the Management
  Server
• Some Options May Not Show on a Security Agent
• How Firewalls Work
• What Does the Security Agent Software Do?
• Key Features of the Security Agent
• What is the Management Server?
• Who is in Charge of the Security Agent?

7
Capabilities When Combined with the Management
Server

• Receives rules/policies from the Management
  Server that govern the way the computer can
  access the network
• Reports status and attack history to the
  Management Server for review by the administrator

8
Some Options May Not Show on a Security Agent
9
How Firewalls Work
10
What Does the Security Agent Software Do?

• Allow
• Block
• Ask

11
Key Features of the Security Agent

• Customized security policy
• Heartbeat synchronization
• Auto-Location Switching
• Multiple types
• Windows servers and Workstations
• Laptops
• Macintosh

12
What is the Management Server?

• Centralized point of control
• Deploys security policies to the Agents
• Sends out updated intrusion detection signatures
• Receives uploaded logs from Agents for review by
  the administrator

13
Who is in Charge of the Security Agent?

• Different Modes Mean Different Things
• Client Control
• Server Control
• Power User
• Your Mode Can Change at Any Time

14
Navigating the Security Agent
15
The System Tray Icon on a Security Agent
16
System Tray Icon

• If the color of the arrow is... ...then...
• RED ...traffic is being blocked by the Agent.

17
System Tray Icon

• If the color of the arrow is... ...then...
• BLUE ...traffic is flowing uninterrupted by the
  Agent.

18
System Tray Icon

• If the color of the arrow is... ...then...
• GRAY ...no traffic is flowing in that direction

19
Alert ModeFlashing System Tray Icon
20
To use the system tray icon, right click on it
and make choices from there.
21
Using the System Tray Icon in Client Control
22
Using the System Tray Icon in Power User Mode
23
What the System Tray Icon Tells You
24
Main Console
25
Traffic History Graphs
26
Running Applications Field
27
Running Applications Field Detail View
28
Running Applications Field Connection Detail
View
29
Testing Your Systems Vulnerability

• Quick Scan
• Stealth Scan
• Trojan Scan
• TCP Scan
• UDP Scan
• ICMP Scan

30
Monitoring Your System Logs on a Security Agent

• There are three logs enabled in the Security
  Agent that provide the ability to monitor traffic
  and attack history
• Security Log
• Traffic Log
• System Log
• Note There is a Packet Log that is only used for
  troubleshooting

31
Security Log
32
Traffic Log
33
System Log
34
V4.1 vs V5.1 Comparison of Supported Features
and Platforms

• Some 4.1 features and platforms are not supported
  in 5.1, and vice versa the 5.1 product offers
  new functionality not available in 4.1.
• 5.1 Agents are not supported on earlier versions
  of Windows Windows 95, 98, ME,and NT 4.0, nor on
  the Macintosh or Windows XPe operating systems.

35
V4.1 vs V5.1 Comparison of Supported Features
and Platforms

• Comparison of Software Components

36
V4.1 vs V5.1 Comparison of Supported Features
and Platforms
37
V4.1 vs V5.1 Comparison of Supported Features
and Platforms