The document discusses training on unified threat management systems and SSL VPN by Tulip Telecom, focusing on the increasing sophistication of security threats and the importance of cybersecurity for ISPs. It highlights the role of security as a service, SSL VPN technologies, and various access options for secure remote access to organizational resources. Additionally, the document outlines unified threat management strategies, including deep packet inspection, antivirus, and anti-spyware defenses to protect against complex cyber threats.

1. Training onUnified Threat Management Systems& SSL VPN (SaaS)By - Amarjit Singh & RishabhDangwalTulip Telecom Ltd.

2. ObjectivesSecurity awarenessLatest trends in securityDevice AwarenessSaving the world before bedtime, without worries :PThe notion of providing Security as a Service

3. We as an ISP have a tough enough job already..But..What about Security threats?How serious are they?Hackers are there..where are We ?What is the most effective and cost efficient way to handle them?

4. Current TrendsCyber-attacks are increasing in speed and sophistication exponentiallyBlended threats, hybrid attacks and APT’s..Getting automated tools is easy, increase in skid cultureSecurity costs money, Security problems cost money, time and lots of pain.

5. IntrudersAttack Sophistication vs. Intruder Technical KnowledgeCourtesy Emil on securityAuto CoordinatedCross site scripting“stealth” / advanced scanning techniquesHighStagedpacket spoofingdenial of servicedistributedattack toolssniffersIntruderKnowledgesweeperswww attacksautomated probes/scansGUIback doorsnetwork mgmt. diagnosticsdisabling auditshijacking sessionsburglariesAttackSophisticationexploiting known vulnerabilitiespassword crackingself-replicating codepassword guessingLow20111980198519901995

6. Software Vulnerabilities“99% of intrusions result from exploitation of known vulnerabilities” Source: 2001 CERT, Carnegie Mellon UniversityCause: programming bugs, bad testers, short sighted developmentThreat: lack of patches for the aboveLizamoonSQLi exploited 1.5 million + hosts

7. E-mail VirusesPrimary medium for distributing threatsTrojans – Easy to create, quick to deliver, easy to installHTML viruses on emailInnocent sounding Emails having malicious attachments containing: Macros, VB scripts, java scripts and html scripts

8. File Based ThreatsExample: Internet download

9. Viruses and malicious code infection:

10. P2P/Torrent

11. IM applications

12. Free software/shareware sites

13. Infected servers

14. Email

15. Threats bypass statefulpacket inspection firewalls

16. Once inside the network, others are easily affectedFurther..Unpatched servers are ticking bombsViruses uploaded to network drivesRemote exploitation possibleNimda virus

17. And we have got Spyware..Program that uses Internet without the User’s knowledgeApproximately 80% of computers have some form of Spyware (including corporate ones)Spread using shareware, pop ups,p2p,shareware..the usual suspectsGathering information:Browsing habits (sites visited, links clicked, etc.)Data entered into forms (including account names, passwords, text of Web forms and Web-based email, etc.)Key stokes and work habits

18. SpamUnsolicited EmailMultiple techniques to send mailsSpoof email addressImage only mailRandom textText mergingToken ManipulationURL hidingHTML Tag corruptionIncrease False positivesParse corruptionMetamorphic Spam TrojansAnd much much more..Leads to low productivity and server outages.

19. Network woes Label spoofingCore hidingReplay attacksCompromise of LIBAccess to LERAnd other MPLS security issues..

20. Router abuseTACACS+ forced session_id collisionsSophisticated Packet body DOSBoot iosmanipulationImproper tcl scripts (if present)External factorsSNMP compromise

21. And its just the Tip of Iceberg…(a.k.a Raising the Attack Standards by a Notch)Sophisticated DOS (Network, application)Advanced Persistent ThreatsSmartphone AbuseCertificate abuse (DigiNotar - PKIOverheid..)Key abuse (RSA, anyone ?)Kernel Rootkits/Bootkits

22. Obsolete DefensesFirewalls work on port blocking strategyReactive approachStateful Packet Inspection (SPI) :Provides source / destination / state intelligence Provides NATStateful firewalls cannot protect against multilayer threatsIs limited in nature

23. How TULIP can provide security ?SaaS – Security as a ServiceSSL-VPNUnified Threat Management

24. What is SSL VPN TECHNOLOGY? Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access to an organization’s resources. A VPN is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between two endpoints. Because a VPN can be used over existing networks such as the Internet, it can facilitate the secure transfer of sensitive data across public networks.Concept - SSL VPN

25. The Landscape with SSL VPN

26. Why SSL VPN SSL VPN solutions offer a flexible and highly secure way to extend network resources to virtually any remote user with access to the Internet and a web browser. Organizations can customize access and extend the reach of their corporate network to individuals based on their role, including the teleworker, contractor, or business partner.

27. Business challenge for EMS

28. The Landscape with Tulip Managed SSL

29. Complete Client-side CleanupCleanup of end users system at end of session.Configurable options of cache cleanup includes. Cookies Temporary Internet Files Browser History Visited URL’s Downloaded Program FilesCleanup all traces of users access and data downloaded at the end of session.

30. Authentication MechanismsVast range of Authentication mechanisms to choose fromSupported Authentication mechanisms Local Database RADIUS Active Directory (AD) LDAP RSA Secure ID Certificate based Authentication. Biometrics. SMSTwo-Factor or Multi-Factor Authentication Support for One Time Password (OTP) and Public Key Infrastructure (PKI) Tokens

31. End-point complianceSSL VPN End-point security service Check devices before & during session

32. Ensure device compliance with corporate policy

33. Remediate devices when needed

34. Cross platform supportVirus No anti-virus installed

35. No personal firewall

36. User granted minimal access

37. No Anti-Virus Installed

38. Personal Firewall enabled

39. User remediated  install anti-virus

40. Once installed, user granted accessAirport Kiosk Mobile UserHome PC User AV Real-Time Protection running

41. Personal Firewall Enabled

42. Virus Definitions Up To Date

43. User granted full accessManaged PC User

44. End Point Security & DLP

45. There are Three different access options with SSL VPN PHAT : Private Hyper Access Transport QAT : Quick Access Terminal WAT : Web Access TerminalAccess options with SSL VPN

46. What is WAT Web Access Terminal (WAT) is clientless access modes where user needs just a browser to establish SSL VPN connection. Using WAT user can access web applications such as Outlook Web Access (OWA), Intranet, Share Point, web-based databases, etc from any location like Airport kiosk, Cyber Café, etc. What is PHAT Private Hyper Access Transport (PHAT) is one of the modes to access the Virtual Private Network (VPN). It’s small footprint web deployed software that gets installed on user’s machine. PHAT client provide IPSec like functionality to give full access to network. What is QAT Quick Access Terminal (QAT) is an intermediate client between the PHAT Client and the WAT Client. The users can access TCP based client applications without installing PHAT on their machines. Once configured by the Administrator for a particular group, QAT is started from the web portal.Access options with SSL VPN

47. Tunneling modesSplit tunnel: Application traffic targeted specifically for VPN subnets is routed over SSL VPN tunnel to SSL VPN-Plus Gateway. Rest of the traffic flows follows normal LAN path. Full tunnel:All Application traffic is sent to SSL VPN-Plus Gateway over SSL VPN tunnel for routing. In this case, complete data from user’s machine can be monitored on SSL VPN-Plus Gateway. If local subnets are not excluded for user, the user won’t be able to access local LAN also.

48. Scenario 1Alternate Backup LinkSSLServerwwwADSLLinkXPrimary LinkTulip IDCRemote LocationTulip ConnectMPLS BackboneERPServersCentral Location

49. Scenario 2Instant ConnectivityRemote CustomerLocation Tulip ConnectNot yet InstalledOr getting delayed(TNF)SSLServerwwwADSLLinkPrimary LinkTulip IDCRemote LocationTulip ConnectMPLS BackboneCustomerLocation ReadyERPServersCentral Location30

50. Scenario 3Extranet ConnectivitySSLServerwwwTulip IDCDealerLocationsPrimary LinkTulip ConnectMPLS BackboneRemote LocationERPServersCentral Location31

51. Scenario 4Enterprise MobilitySSLServerwwwRoaming ExecutivesTulip IDCUser MovesOutCyber CafePrimary LinkTulip ConnectMPLS BackboneRemote LocationUserERPServersCentral Location32

52. The New Standard - UTMUnified Threat Management / eXtensible Threat ManagementIntegration of Firewall Deep Packet Inspection Intrusion Prevention for blocking network threatsAnti-Virus for blocking file based threatsAnti-Spyware for blocking SpywareFaster updates to the dynamic changing threat environment and elimination of False PositivesMultilayered securityInhouse / Multivendor Approach

53. Spans Through 6 layers of OSI modelQOS and ACL implementation

54. Application Specific Integrated Circuits (ASIC’s) Network and Coprocessors for dedicated tasks

55. Evolved securityDeep Packet Inspection- Unified Threat Mgt.Zone based securityProtect internallyGateway Anti-VirusScan through unlimited files sizesScan through unlimited connectionsScan over more protocols than any similar solutionAnti-Spyware for protection against malicious programsBlocks the installation of spywareBlocks Spyware that is emailed and sent internally Applications Layer Threat Protection:Full protection from Trojan, worm, blended and polymorphic threats Full L2-7 signature- based inspection

56. Application awarenessPRO Series as a Prevention SolutionPS/GAV Dynamic UpdatesDPIDPIDPIDPI: Intrusion Prevention/Gateway AV/ Anti-SpyServer ZoneDept Zone User ZoneDiagram courtesy Sonicwall

57. Security Must Be UpdatedSignature DatabaseATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENTAV DatabaseIPS DatabaseSpy DatabaseContentFilteringDatabaseStateful inspection deals with only port scanning, no data is examined.

58. Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans.ContentInspectionStatefulPacketInspectionAnti-VirusContentFiltering ServiceDeepPacketInspectionGatewayAnti-VirusAnti-SpywareFirewall Traffic PathDiagram courtesy Sonicwall

59. The 10 Defense Layers to Fight SpamHigh performance

60. Easily scalableImage courtesy Sonicwall

61. Unified Threat Management ApplianceContent FilteringReporting & Reverse monitoringSecure WirelessHigh Availability - Appliance ISP Load Balancing/FailoverCentral ManagementSecured MPLS by MSSP (and link termination)FirewallVPNBasic bandwidth ManagementGateway AV, Intrusion Prevention and Anti-spywareModified for Router monitoring by combining with MSSPTrusted Certificate Management

62. Deep , Dynamic, Real-Time ProtectionReal time threat scanning engine at the gateway

63. AV/AS/IDS/IPS

64. Protection from: Viruses, spyware, worms, trojans, app vulnerabilities

65. External and Internal protection

66. Reassembly-free engine

67. Scans & decompresses unlimited number of files & file sizes

68. Supports over 80 protocol types including

69. SMTP, IMAP, POP3 Email, HTTP – Web, FTP – File Transfer

70. Peer to Peer Transfers, NetBios – Intra LAN Transfers, any stream-based protocol

71. Updateable database by an expert signature team

72. DOS protection from 22 types of DOS attacks

73. Application DOS prevention using EPS monitoring

74. MSSP convergenaceValue Innovation PhilosophyAffordableReduces the Total cost of ownershipSimpleUnified AIO solution and easy to managePowerfulIntegrated-Realitime-Dynamic

75. Thank You.

76. Questions ?