CyberGuard

About This Presentation

Title:

CyberGuard

Description:

'CyberGuard makes the world's strongest, fastest, most reliable and easy to ... GTA GNAT Box. IBM eNetwork. Lucent Managed Firewall. NAI Gauntlet. Netguard. Netscreen ... – PowerPoint PPT presentation

Number of Views:123

Avg rating:3.0/5.0

Slides: 90

Provided by: SIN119

Category:

more less

Transcript and Presenter's Notes

Title: CyberGuard

1
CyberGuard

A World Class Solution

2
Agenda/Topics to Be Covered

Company Overview
Key Selling Advantages
World Class Architecture
World Class Performance
World Class Appliances
World Class Software
Low Total Cost of Ownership
The CyberGuard Difference

3
CyberGuard

Company Overview

4
CyberGuard Overview

CyberGuard makes the worlds strongest,
fastest, most reliable and easy to manage
firewalls in the business

5
History of Company

1967 Datacraft Real-time Simulation Control
1974 Harris Computer Systems Division
1994 Harris Computer Systems Corporation
1996 CyberGuard Corporation
2000 Introduction of premium firewall appliances

6
History in Security
7
CyberGuard Fast Facts

Leading global network security company
Harris Corporation spin-off
World headquarters in Ft. Lauderdale, Fla.
11 domestic offices
Branch offices in the U. K. and Singapore
Worldwide reseller network

8
CyberGuard Fast Facts

Worldwide customer support services
Blue-chip customer base
Leading banks and financial institutions
(worldwide)
U.S. government agencies
Global ASPs, ISPs, large Web hosting companies
Major telecom
Large data centers

9
CyberGuard Mission

Official
Win the global high-end security market by
delivering the worlds best network security
products and services
Unofficial
To kick Check Points ASS in the High End of
Network Security Market

10
Network Security Leader

1987 - Security product first developed
for classified US Navy program
1994 - First commercial firewall to
incorporate B1 OS and network (Orange
Book)
1997 - First firewall to achieve ITSEC
E3 certification

11
Network Security Leader

December 2000
Worlds first firewall appliances to earn Common
Criteria EAL4 certification

12
Network Security Experts

Award-winning team of developers
World-class customer support pros
Dynamic executive team with track record of
success
Security experts quoted by media
Keynote speakers at seminars and conferences
worldwide

13
CyberGuard

World Class Security

14
Key Selling Features

Security Architecture
Filtering
Proxies
Hardened Operating System
Appliance and Software Performance
Industry Recognition
Appliances
Intuitive Software
Low Total Cost of Ownership

15
CyberGuard Security Architecture

Static Packet Filtering
Dynamic Stateful Packet Filtering
Generic Proxies
Dedicated Proxies
Hardened Operating System
Utilization of Multi Level Security

16
Packet Filtering and Proxies
Link Header
IP Header
APP Header
TCP Header

Source/Destination IP Address

Source/Destination Port
Sequence/Acknowledgement Numbers
Connection State

Stateful / Dynamic Packet Filtering

Application Protocol State
Control Application Commands

17
Hardened Operating System
Firewall Proxies Hardened O/S MLS
Firewall Proxies
Security
Firewall DPF
Firewall SPF

Firewall
Auditing
Alarming

Router with Filtering
No Solution
Time
18
CyberGuard Hardened O/S

CyberGuard purchased SCO UnixWare source code
Modified the kernel to build a secure OS.
The firewall and OS conformed to the NSA Orange
Book B1 status.
CyberGuard is the first firewall to ever achieve
this certification
Later earned support for NSA B2 functionality

19
CyberGuard B1 Certificate
20
Multi-Level Security

Mandatory Access Control (MAC)
Security based on System not User
Creates Separation based on Labels
Access / privileges are based on Label
Examples
Top Secret Level 4 Clearance
Secret Level 3 Clearance
Classified Level 2 Clearance
Unclassified Level 1 Clearance

21
MLS Separation Example

Can User send data to the Database?
Can Database receive data from User?
Can Database send data to User?
Can User receive data from Database?

22
Multi-Level Security

Label Separation / Clearance defines User access
No Read Up
No Write Down

23
Multi-Level Security
Read Down
You cannot read Information above your level
You cannot change Information below your level
Write Up
24
CyberGuard MLS

All key systems are at level 0
Hardened O/S
Network Tables
Audit Trail
Configuration files
It is impossible to modify (write down to )
system files
The firewall itself is immune to penetration via
the Operating System

25
CyberGuard MLS
26
MLS defeats mistakes

3 mistakes that could cripple a non MLS system
Allow telnet to connect to firewall
Allow telnet to connect to firewall AND give user
a password
Allow telnet to connect to firewall, give user a
password AND give user a SU account
Not with CyberGuard MLS

27
Security Attack
Security Attack
Network Attack
Sample Unsecured Operating System
Non-Secure Application Software
Secure Application Software
Non-Secure Network
Non-Secure O/S
Computer Hardware
28
(No Transcript)
29
CyberGuard Fast Fact

Never been Hacked
NO properly configured CyberGuard system has
ever been hacked.

Never Hacked!
30
Competitive Vulnerabilities
Vulnerabilities reported over the last year
CERT (Computer Emergency Response Center)
www.cert.org CIAC (Computer Incident Advisory
Committee) www.ciac.llnl.gov Bug Traq
Vulnerability Database www.securityfocus.com CVE
(Common Vulnerability and Exposure) cve.mitre.org
31
O/S Vulnerabilities

Popular is not always better
CyberGuard Hardened O/S / MLS eliminates
vulnerabilities

32
CyberGuard Security Recap

Static Packet Filtering
Dynamic Stateful Packet Filtering
Generic Proxies
Dedicated Proxies
Hardened Operating System
Utilization of Multi-Level Security

33
CyberGuard

Industry Performance

34
Largest Companies Give CyberGuard Highest
Overall Satisfaction Rate
in 2001 Information Security User Survey
January, 2001 Information Security Magazine
Average Ratings Based on Scale of 1 to 5
35
Largest Companies Give CyberGuard Highest
Overall Satisfaction Rate
in 2001 Information Security User Survey
Average Ratings Based on Scale of 1 to 5
36
Companies With More Than 50,000 Employees,
CyberGuard Gets The Only Perfect Score.
January, 2001 Information Security Magazine
Average Ratings Based on Scale of 1 to 5
37
(No Transcript)
38
Industry Press

CyberGuard's STARLord firewall is a monster in
more ways than one. Physically, it is a 4U
rack-mount chassis that weighs nearly as much as
a Bill Gates' wallet. Functionally, it comes with
every feature a would-be hacker hates to see
excellent logging and alerting features, as well
as some of the best firewall services.

InternetWeek Evaluation of STARLord vs. Cisco
Pix March 26, 2001
39
Industry Press

In bundling the CyberGuard software with a
dedicated hardware platform, CyberGuard has
produced an excellent range of firewall
appliances that offer high levels of performance
and are remarkably easy to use.

40
Industry Press

Two Enterprise class firewalls go head to head
Cisco and CyberGuard receive top honors for
throughput

41
(No Transcript)
42
(No Transcript)
43
Industry Certifications

Common Criteria EAL4
First Firewall appliance to earn EAL4
certification
ITSEC Level 3
First Company to earn certification in Europe and
Australia
Conformed NSA Orange Book
Level B1 B2
First Firewall to earn B level certification

44
Common Criteria Certification

14 Countries Recognize
Differentiates products by recommended level of
security for which to apply product
Evaluation is based upon
Development Facilities
Product tested
Documentation
Reviewed and tested
Vulnerability tested

45
Common Criteria Certification
Level of Assurance

CyberGuard Firewall
BorderWare Firewall 6.1
Cisco Secure Pix Firewall limited feature set

EAL4
EAL3

Lucent Managed Firewall
Check Point Firewall-1 4.0 limited feature set
Cisco Secure PIX Firewall limited feature set
WatchGuard

EAL2
46
ITSEC Certification

Information Technology System Evaluation
Certification
Unbiased evaluation of system security features
Definition of a Security Target
Assessment by independent group (CLEF)
Evidence of Security
System Correctness
Configuration Control
Development Environment
Operational Documentation
Operational Environment
Comprehensive Evaluation Report

CyberGuard Earned Level 3 Top Certification
47
Conformed to NSA Orange Book Certification

Government Standard
A1 Most Secure
B3
B2
B1
C2
C1
Non Secure (DAC)

CyberGuard MLS
No Read Up No Write Down
48
CyberGuard

World Class Products

49
CyberGuard Products

FireSTAR
KnightSTAR
STARLord
High Availability
VPN
Consulting

50
CyberGuard FireSTAR

Fast Facts
Targeted to small to mid-sized business
56K T1 speeds
Excellent for large companies with franchise or
multiple remote office locations
555,000 simultaneous connections
200 Mbps performance
Single Processor
128 MB RAM
6 high-performance 10/100 Ethernet ports
Compact 1U size

51
CyberGuard FireSTAR

Self-contained appliance for lower
bandwidth environments
Ultra-high security
Fast, reliable
Easy to install, deploy
Simple to administer
Easy to monitor, analyze, respond
Scales with KnightSTAR
and STARLord

52
CyberGuard KnightSTAR

Fast Facts
Targeted at mid to large enterprise-sized
business, Web Service Providers, Telecoms
T1 T3 speeds
1.2 million simultaneous connections
950 Mbps performance
5 high performance 10/100 Ethernet ports
Dual Processors
256 MB RAM (expandable up to 1GB)
Size 5U or 2U to save rack space

53
CyberGuard KnightSTAR

Premium appliance firewall
Set up and ready-to-use in
less than 30 minutes
Ultra-high security
Fast
Reliable
Easy to deploy
Easy to manage
Perfect for Web service providers,
telecoms

54
CyberGuard STARLord

Fast Facts
Targeted at large enterprises and high bandwidth
users
T3 OC3 to OC12 speeds
730 Mbps sustained throughput
1.1 million simultaneous connections
Redundant (3) Power supplies, hot swap fans,
automatic thermal control, and intrusion sensing
Quad Xeon Processors
KOA Motherboard
2 64 bit 66 MHz PCI Slots
4 64 bit 33 MHz PCI Slots
RAID Disks for performance and fault tolerance
Size 4U

55
CyberGuard STARLord

Fast
Secure
Flexible
Reliable
Easy to administer
Unlimited users
Central management
Perfect for high bandwidth
users, large enterprises

56
CyberGuard Appliance Recap

Top Industry awards and Certifications
Common Criteria EAL4
ITSEC Level 3
Conformed to NSA Orange Book B1 and B2
FireSTAR
555,000 simultaneous connections
200 Mbps throughput
KnightSTAR
1.2 million simultaneous connections
950 Mbps throughput
STARLord
1.1 million simultaneous connections
750 Mbps throughput

57
CyberGuard

World Class Software

58
CyberGuard Software Agenda

Ease of Installation
Intuitive Navigation
Licensing
Packet-Filtering Rules
Set up Proxies
Reporting and Auditing
Alerts
Help

59
Ease of Installation

Ready to configure and run out of the box
System image available on single, bootable CD-ROM
that provides clean installs in less than 15
minutes
JavaScript initial configuration utility provided
Simple, documented local installation procedures
Personality Disk eliminates need for keyboard,
monitor, mouse

60
Ease of Installation

Power On
Insert CD
Insert Personality disk
Thats it!

15 Minutes!
61
Intuitive Navigation

Common Design
Left / Right click functionality
Easily Recognizable tool and menu bars
Convenient Duplicate and Copy options
Multiple ways of accomplishing the same task

62
(No Transcript)
63
System User Types

FSO Firewall Security Officer
FSM Firewall Security Monitor
(Read Only)
Unprivileged Network user
Proxy Proxy only user

64
Licensing

Easy access to Web site license agent to unlock
features
Competition charges fees per IP address
Unlimited User licensing

65
Packet Filtering

Convenient Highlight and Edit
Easily set up Timeout parameters
Simple toggle on / off switches
Drop down menus for common requests

66
(No Transcript)
67
Rules Editor

Time-based rules

68
Setup Proxies

FTP
Gopher
HTTP
LDAP
NNTP
Lotus Notes
Real Audio
Remote Login

SQLNet
SMTP
SSL
Telnet
X-Windows
System / X11
Load Equalizer
Port Guard

69
(No Transcript)
70
Automatic Log Archiving
71
Alerts

CyberGuards firewalls provide built-in
capabilities for monitoring network events and
activating alarms when hackers attempt to
penetrate the system

72
Alert Management

Alert notification via
SNMP trap
E-mail
Pager
System log
Respond from anywhere via secure browser
(security policy permitting)
Central monitoring of multiple firewalls

73
Central Alert Management
74
Examine Help

Intuitive
Easy Access
Specific

75
World Class Software Recap

Easy to install (15 minutes)
Easy to Navigate
Rapid user / rule setup
Toggles
Drop Downs
Simple to audit and receive alerts
Convenient Central Management

76
CyberGuard

Low Total Cost of Ownership

77
Low Total Cost of Ownership

Ease of Installation
Ease of Integration
Intuitive User Interface
No patches necessary to improve security
Convenient Central Management
One Stop Hardware and Software Support

78
Ease of Installation

Installation in 15 minutes
Analyze Investment Considerations
Time
Opportunity Costs
Value
How much is an organization wasting on 4 hour
installations?

79
Ease of Integration

Browser Based Configuration
Control to which interfaces listen for
connections
JavaScript initial configuration utility provided
Save time with simple, documented local
installation procedures
Personality Disk eliminates need for keyboard,
monitor, mouse and can configure system at boot
Remotely configurable on the Internet in less
than 10 minutes

80
Intuitive User Interface

Set up Users Quickly
Save time with Duplicate and Copy Rules tool
Easy to run reports and audits
Get the answers now with Situation Specific Help
Reduce workload with Alert monitoring

81
Patch Technology

No wasted time patching Known Software
Vulnerabilities
No additional workload fixing Operating System
Vulnerabilities
No Crisis Management fixing
New Vulnerabilities
Hardware Compatibilities
Software Bugs
Security Upgrade patches

82
Convenient Central Management

Centrally Manage all Firewalls from one location
Centrally manage alerts
Dramatically reduce risk (fewer users at the box)
Reduce lost wage and administrative costs by
administering a solution once

83
Support

Save time and energy by speaking to a
knowledgeable, human voice who has the answer
No Crisis Management sourcing who to call?
Is it Hardware or Software Support?
Reduce Total Procurement costs by sourcing one
support team

84
Low Total Cost of Ownership