1. ZoneRanger Management Through Firewalls Jeff Olson Regional Sales Manager [email_address] Improve Security. Remove Complexity. Reduce Cost.
2.
3. True Security = No Traffic The only completely risk-free solution is NOT passing any protocols through the firewall. Remedy Concord CiscoWorks NNM Trusted Network DMZ / Untrusted Network SNMP ICMP Syslog Netflow X X X X X X X X
4. Security Analysis of Management Protocols ICMP None Authentication Encryption Easy to Spoof None Yes SNMP v1 / v2c Yes SSH Good Good No FTP In the Clear None No Syslog None None Yes NetFlow None None Yes sFlow None None Yes TFTP None None Yes HTTPS Good Good No HTTP In the Clear None No SNMP v3 Simplistic Good None Good No
5.
6.
7. Firewall Rules - 1 Management Application Server DMZ Device The simplified view… The reality Management Application Server DMZ Device ICMP SNMP Syslog SSH NetFlow sFlow …
9. Proxy Firewall Example: SNMP Get/Set Get Request Get Response Management Application Server DMZ Device Get Request Get Response Management Application Server DMZ Device Get Response Proxy Firewall Get Request