???? ???? ?? ???????? ???? ?? ??? (Defense In Depth)

1
??????? ????? ??????

• ??? ????? ?????? ???? ??? ?????????

??? ????? ????? ????????? ?????
??? ???? ????
29/07/1387
2
??????

• ?? ??? ??? ??? ?????? ?? ???????? ????? ??? ????
  ????? ???? ? ???? ????? ? ???? ??? ????? ?? ??
  ?????? ???? ???? ? ???? ???? ????????? ????? ????
  ???????? ???? ?? ??? ?????? ??????.

3
???? ???? ?? ???????? ???? ?? ??? (Defense In
Depth)

• ???? ?? ??? ?? ???????? ???? ? ???? ???? ????
  ????? ??????? ? ????? ??? ????? ?? ?? ?? ????
  ???? ??? ?????? ??? ? ?? ????? ??? ?? ????? ????
  ???????? ??? ????? ???? ????? ?????? ?? ???? ??
  ?? ???? ?? ????? ????? ??? ??????? ????? ?? ?
  ????????? ??????? ???? ?????? ???????? ? ??????
  ????? ????? ? ?????? ????? ??? ???? ?????? ??
  ?????.

4
???? ???? ?? ???????? ???? ?? ??? (Defense In
Depth)

• ???? ???? ?? ???????? ????? ? ?????? ?????? ??
  ???? ????? ?? ???? ????? ? ????? ??????? ????
  ?????? ????? ? ????? ????? ?? ????? ????? ?
  ??????? ????? ?? ????.
• ????? ?????(Protection)? ????? ?? ????(Detection)
  ? ????? ?????(Response) ?? ???? ?????? ??? ?? ??
  ????? ?????? ?? ????? ?? ???? ???? ?? ?? ???? ?
  ?? ?? ?? ??? ???? ????? ? ???? ????.

5
Circle of Security
6
???? ???? ?? ???????? ???? ?? ??? (Defense In
Depth)

• ?????? ?? ? ??????? ????? ?? ???????? ??????????
  ?????? ??? ?? ????? ????? ?????? ???? ??? ??????
  ?? ????? ?? ????? ? ??? ?? ?? ???????? ????? ?
  ????? ??? ????? ???? ???? ?????? ?? ????? ??????
  ????? ?? ??????? ???? ???? ????? ????.

7
???? ???? ?? ???????? ???? ?? ??? (Defense In
Depth)
8
???? ???? ?? ???????? ???? ?? ??? (Defense In
Depth)
9
????? ???? ???????? ???? ?? ???

• ?????
• ????????
• ??????

10
Defense-in-Depth Strategy

• Information Assurance Strategy
• Ensuring confidentiality, integrity, and
  availability of data
• People
• Hire talented people, train and reward them
• Technology
• Evaluate, Implement, Test and Assess
• Operations
• Maintain vigilance, respond to intrusions, and be
  prepared to restore critical services

11
????? ???? ???????? ???? ?? ??? (?????)

• ???????? ?? ???? ???? ??????? ? ????? ?? ?? ?????
  ???????? ?????? ???? ? ?? ???? ????? ????? ??
  ??????? ???? ?? ????.
• ??? ?? ???????? ????? ?? ???????? ????? ?? ?
  ????? ??? ?????? ????? ???? ????? ? ???????? ?? ?
  ????? ???? ? ?? ???? ????? ?????? ????? ???? ??
  ????.

12
????? ???? ???????? ???? ?? ??? (?????)

• ?? ???? ?? ?????? ???? ?????? ???? ?? ????? ??
  ???? ???? ???? ??? ?? ????? ??? ???? ????
• ????? ????? ?? ? ?????????? ??? ????? ???? ????.
• ????? ????? ??? ???? ??? ?????? ???? ? ???????
  ??????? ?? ???? ????? ???????.
• ??????? ?????? ????? ??? ???????.
• ?????? ?????? ????? ??? ?????.
• ?????? ??????? ????? ? ??????? ??????.
• ?????? ???? ?????? ???? ??????? ? ?????? ?? ?????.

13
????? ???? ???????? ???? ?? ??? (????????)

• ?????? ?? ????? ? ???????? ??? ?????? ?? ?????
  ????? ???????? ???? ?? ????? ?? ????? ? ????? ??
  ???? ????? ??????? ?? ???.
• ???????? ? ?????? ?? ????? ????? ?? ? ?????????
  ???? ?? ????? ??????? ???? ?? ?? ???????? ?? ????
  ????? ?? ????? ??????? ???????? ? ???????? ????
  ?? ?? ?? ?????? ????? ????.
• ?? ??? ????? ?? ????? ?????? ????? ????? ???
  ???????? ???? ???? ????? ???????????? ??????
  ???????? ??????? ?? ??????? ?????? ???? ????????
  ???? ? ?????? ???? ???? ??????? ???? ????? ???
  ????? ???? ???? ???? ????.

14
????? ???? ???????? ???? ?? ??? (????????)

• ????? ???? ?? ?? Layered Security ?? ????? ???? ?
  ?????? ?? ????? ??? ??? ?? ???? ???? ?????? ???
  ???????? ???? ?? ??? ?? ????.
• ?? ???? ?? ??????? ???????? ? ????????(????? ?
  ?????) ???? ??? ?? ??? ?? ?? ????? ???? ????
  ????? ???? ???? ???????? ???? ??? ?? ??????
  ?????? ?????? ?? ????? ??? ??????? ???? ?? ?????
  ??? ????? ????? ???? ?????? ?? ????? ????? ??
  ????? ??????.

15
????? ???? ???????? ???? ?? ??? (??????)

• ????? ?? ??????(Operations) ? ?????? ?????? ????
  ?? ??? ??????? ????? ?????? ?? ?????? ?? ???
  ????? ???? ?? ????? ?? ?????. ?? ??? ????? ??????
  ?? ???? ??? ?? ?? ?? ???? ????
• ???????? ? ???? ????? ????? ??? ?????? ????? ??
  ?????? ???? ?????.
• ????? ??????? ????? ???? ?????? ???? ? ???????.
• ?????? ????? ?????? ????? ?? ?? ??? Patch ???
  ?????? ? ?????? ???? ???? ??? ???????? ???? ?????
  ? ???????? ???? ???????? ??????.

16
????? ???? ???????? ???? ?? ??? (??????)

• ????? ????? ??? ??????? ? ?????? ? ????? ??
  ?????????? ??? ????????.
• ??????? ????? ??? ?????? ?? ??????? ?? ?????????
  ?? ???????? ???? ??? ?? ????? ??? ?? ???? ???? ??
  ?????.
• ????? ????? ?? ????? ????? ?? ??? ????.
• ???? ????? ?? ????? ???? ????? ?? ????? ???????
  ?? ????? ????? ?????.
• ??????? ? ??????? ???? ?? ???? ?????.

17
Layered Security

• ?????? ???? ?? ?? Layered Security ??????? ??
  ???????? ???? ?? ??? ?? ????.

18
??? ?????? ???? ???

• ???? ?????? ??????? ? ???????? ????? ?? ??????
  ????? ???? ??? ???? ? ??? ???? ????? ??? ???? ??
  ?????? ???????? ????? ???? ???? ? ????? ???? ????
  ?? ????? ?? ???? ????? ???? ? ???? ??? ??? ?? ???
  ??????? ?? ?????? ? ????? ??? ?? ??????? ??????
  ??? ?????? ?? ??????? ??????? ???? ????.
• ???? ?? ??????? ??? ??????? ?????? ???? ??????
  ???? ?? ????? ????? ???? ?? ?????? ?? ????? ?
  ????? ?? ???? ????? ?? ???? ?????.
• ??? ???? ????? ?? ?? ???? ???? ???? ????? ???????
  ? ????? ?? ???? ? ????? ?????? ???? ???? ????????
  ?????? ? ?? ???? ???? ???? ???? ????? ?????? ???
  ??? ???? ????.

19
???? ? ???? ??? ??????? ?? ?????? ???? ??

• Perimeter
• Network
• Host
• Application
• Data

20
???? ? ???? ??? ??????? ?? ?????? ???? ??
21
Perimeter Security (???? ?????? ???? ???????)

• ??? ???? ?? ????? ????? ???? ???????? ?????? ?
  ????? ???? ??????? ?? ???? ???????
  ?????(???????)????? ?????.
• ???????? ??? ??? ???? ????? ? ??????? ? ?? ??
  ???? ????? ?? ???? ????? ?? ???? ?? ??? ? ???? ??
  ?? ??? ??????? ? ?????? ?? ?? ??????? ????? ?????
  Web server, Anti Server,DNS,E-mail Gateway ? ????
  ??????? ????? ?? ?? ??? ??? ??? ????? ???? ??
  ????? ?? ???? ? ?? ???? ??????? ??????? ????? ??
  ???? ?? ?? ???? ????.

22
Network Security (???? ?????? ????)

• ??? ???? ?? ?????? ???? ????? ?? ?????? ?? ??
  ??????????? ????? ??????? ????? ????? ? ????
  ??????? ???? ?? ?? ?? ??? ???? ??? ??????? ?????
  ?? ???? ?? ??????. ????????? ?? ?? ??? ???? ????
  ?? ????? ??????? ?? ????? IDS(Intrusion
  Detection System) ? IPS(Intrusion Prevention
  System) ?? ????? ??? ???? ? ????? ??????? ??
  ????.
• ????? ??? IDS ?? ????? ??? ?? ????? ???? ??????
  ???? ?? ???? ?? ????? ?? ???? ? IPS?? ??? ???
  ?????? ???? ???????? ???? ??????? ?? ????? ??
  ?????.

23
Host Security (???? ?????? ??????)

• ??? ??? ??????? ???? ?? ??????? ????? ???? ??
  ???? ??????? ?????? ??? ????? ??? ???????
  ????????? ? ???? ?????? ???? ? ???? ?? ?? ?? ???
  ??????? ???? ??? ????? ????? ?????????? ????????
  ? ??????? ?? ?? ???? ????? ???? ?? ??? ????? ? ??
  ??????? ?? ??? ??? ???? ????? ??????? ???????
  ?????? ?? ???? ?? ???.
• ?????????? ???? ????? ?? ???? ?? ?????? ????
  ??????? ??????? ? ????????? ??? Patch??? ???? ???
  ????? ???? ? ?????? ??? ??????? ????? ?? ??? ??
  ?? ????.

24
Application Security (???? ?????? ?????? ???
???????)

• ?????? ??? ???? ??????? ????? ???? ????? ???? ??
  ???? ????? ???? ?????? ????? ?????? ??? ???????
  ????? ??? ???? ???????? ? ????? ???????? ??????
  ???? ? ???? ?? ??????? ??????? ???? ? ?????? ??
  ???? ??????? ????? ?? ?????.
• ?? ???? ?? ??? ?????? ?? ??? ????? ????? ??????
  ???? ???????? ????? ????? ? ... ?????? ?? ??? ??
  ???? ?? ????? ????? ???? ????? ???????? ?? ?????.
• ?? ??? ?? ???? ??? ???? ?????? ?? ???? ???????? ?
  ???? ???? ????? ????? ?? ???????? ???? ?????? ??
  ???? ??????? ???? ?? ??????? ?????? ?? ??? ????.

25
Data Security (???? ?????? ???? ??)

• ????? ??????? ?? ??? ???? ????? ?? ?? ????? ?????
  ???????? ???? ? ???????? ???? ????? ??? ???????
  ????? ?? ????.
• ?????? ???? ??? ????? ?? ??? ????? ??? ????? ???
  ?? ??? ?????? ?? ????? ??? ?????? ??? ??? ?????
  ?????? ???????? ? ????? ?????? ?? ???? ? ????? ??
  ?????? ???? ?? ??????? ?? ?? ???? ???? ?? ????? ?
  ?? ???? ????? ????? ???? ? ????? ?? ????? ??????
  ?? ????.

26
Topics

• The Security Struggle
• Security Applications
• Web Security
• Email Security
• Network Security

27
The Security Struggle
MULTIPLYING THREATS
28
The growing demand for Internet Security

• Firewall
• 1995

• VPN
• URL Filter
• IDS
• Email Anti Virus
• Firewall
• 2000

• Central report tool
• Central config tool
• Central mgmt tool
• Signing/encryption
• VoIP Security
• VPN Remote access
• NAC
• Wireless security
• P2P filter
• IM filter
• Anti Spyware
• Multi protocol AV
• IPS
• VPN
• URL Filter
• IDS
• Email Anti Virus
• Firewall
• 2005

• App 3
• App 2
• App 1
• UTM Gateways
• Clean pipe
• 2010

29
Integrated Email, Web and Network Protection
30
Layered Security
Astaro Security Gateway V7
31
Integrated Management
32
Web Security
Network Security
Email Security
33
Spyware Protection

• Blocks downloads of spyware, adware, and other
  malicious software
• Prevents infected systems from sending
  information back to the spyware server
• Checks against a database of known spyware URLs
• Gateway spyware blocking complements desktop
  anti-spyware tools

34
Virus Protection for the Web

• Block viruses, worms, trojans, and other
  malware before they reach desktops
• Scans HTTP and FTP traffic
• Web ftp downloads
• Web-based email (MSN Hotmail, Yahoo! Mail)
• Dual virus scanners with multiple detection
  methods
• Virus signatures, heuristic analysis
• Database of more than 300,000 virus signatures
• Frequent automatic updates
• Flexible management
• Can specify file formats and text strings to block

35
Content Filtering (URL Blocking)

• Enforces policies on appropriate use of the web
• Administrators can define web use policies
  based on pre-defined categories of web sites
• Nudity, gambling, criminal activities, shopping,
  drugs, job search, sports,
  entertainment, etc.
• Sophisticated classification techniques
• text classification, recognition of symbols and
  logos
• Whitelists and blacklists to tailor access for
  groups of users
• Measure and report on activities

36
Email Security
Web Security
Network Security
Email Security
37
Virus Protection for Email

• Block viruses, worms, trojans, and other
  malware before they reach email servers of
  desktops
• Scans SMTP and POP3 traffic
• Dual virus scanners with multiple detection
  methods
• Virus signatures, heuristic analysis
• Database of more than 300,000 virus signatures
• Frequent automatic updates
• Flexible management
• Can specify file formats and text strings to
  block
• Emails and attachments can be dropped, rejected
  with message to sender,
  passed with a warning, quarantined
• Gateway virus protection supplements desktop
  virus scanning.

38
Spam Protection

• Identifies and disposes unsolicited emails (spam)
• Scans SMTP and POP emails
• Multiple methods to identify spam
• Realtime Blackhole Lists, header and text
  analysis, whitelists, blacklists, URL scanning,
  greylisting, BATV, SPF record checking
• Heuristic methods create a spam score
  based on probability
• Flexible management
• Emails and attachments can be dropped, rejected
  with message to sender, passed with a warning,
  quarantined
• User can individually release blocked messages
  via daily spam report or end user portal

39
Protection Against Phishing

• Phishing
• Criminals imitate emails from banks, credit card
  companies, eBay and other sources to obtain
  confidential user information
• Astaro identifies and blocks phishing emails
  through several techniques
• Virus scanner identifies phishing signatures
• URL filtering database captures phishing servers
  in the suspicious category
• Content downloaded from web sites will be blocked
  if it matches patterns of phishing content

40
Email Security
Web Security
Network Security
41
Email Encryption

• En-/Decryption and Digital Signatures for Emails
• supports OpenPGP and S/MIME
• Completely transparent
• No additional Software on Client required
• Easy Setup
• Only three configuration steps to start
• Central Management of all keys and certificates
• No key or certificate distribution required
• Allows Content/Virus scanning even for encrypted
  SMTP emails

42
Network Security
43
Firewall

• Stateful Packet Inspection
• Packet filtering inspects packet headers
• Stateful packet inspection tracks events across
  a session to detect violations of normal
  processes
• Time-based rules and Policy-based routing
• Application-Level Deep Packet Filtering
• Scans packet payloads to enforce
  protocol-specific rules
• Security proxies to simplify management
• HTTP, FTP, POP3, SMTP, DNS, Socks, Ident
• NAT (Network Address Translation) and
  masquerading
• DoS (Denial of Service Attack) protection
• Transparent mode eases administration

44
Virtual Private Network (VPN) Gateway

• Encrypts data to create a secure private
  communications tunnel over the public Internet
• Supports IPSec, SSL, L2TP, and PPTP VPNs
• Windows, Linux, Unix and MacOS x clients
• Advanced encryption
• Supports all major encryption methods
• Many authentication methods
• Internal certificate authority
• Full Public Key Infrastructure (PKI) support
• Supports VPN tunnels based on dynamic IP
  interface addresses (DynDNS)

45
Intrusion Protection

• Identifies and blocks application- and protocol-
  related probes and attacks
• Database of over 6,000 patterns and rules
• Probing, port scans, interrogations, host sweeps
• Attacks on application vulnerabilities
• Protocol exploitations
• Intrusion detection and prevention
• Notify administrator, or block traffic
  immediately
• Powerful management interface
• One click to enable or disable complete rule
  sets e.g. for email- or webservers