Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

I2O Solutions - HDN Network Security Solution

585 views

Published on

HDN Network Security Solution. Please visit us at: www.I2OSolutions.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

I2O Solutions - HDN Network Security Solution

  1. 1. Industry’s 1st Security Switch www.handream.net HanDreamnet Apr 2, 2014
  2. 2. Is perimeter security adequate? 80% of IT breaches are perpetrated by internal traffic !!!! Outside Network Required  Auto detect / block  Block only harmful traffic  Cost effective solution  Easy Maintenance Well Prepared from Attack outside with IPS / Firewall No Active Protection from internal attack Backbone Layer Second damaged level from internal user attack Attack make the overall performance to be delayed. 2 Access Network (Internal) No real-time detect & protection from Attack / Hacking Very vulnerable if the attack raise from access level
  3. 3. Hacking Direct Attack Intended (Sniffing/Spoofing) HanDreamnet Solution SECURITY 3 Attack Network Attack (Flooding/DDoS) ISSUE Authentication  Provide internal user authentication  Easy management Network Resource Management  Intercept Massage or Files  Tapping Authentication(VoIP)  Network Down due to attack  Spread damage to the upper layer or peers
  4. 4. 4 Hacking IP & ARP spoofing Network trouble (Management Issue) IP Address conflicts Cable Loop Attacking DoS/DDoS/SCAN/TCP Syn flooding etc L2 Authentication Internal IP address management Current Network Threats How does your current L2/L3 switch prevent…
  5. 5. 5 HDN Switch Differentiator Active and Real Time Solutions for • DoS/DDoS Attacks • Advanced Persistent Threats • Cable Looping • Information Leakage
  6. 6. DoS/Harmful traffic from internal 6 현재 네트워크 문제점 Internet No internal security • Harmful traffic spread into internal network Effect on entire network • Internal attack effects on entire network Difficult to find out • Hard to find out where
  7. 7. DoS/Harmful traffic from internal 7 현재 네트워크 문제점 Secured internal network • No agent software required Protect entire network • Block harmful traffic only • Normal traffic can be passed Easy to find problem • Auto detection • Report function provide Internet
  8. 8. Solution for APT (Advanced Persistent Threat) 8 현재 네트워크 문제점 Blocking Point • Only blocking outbound packet Internal Network • Malware can spread internal network finding APT source • Hard to find APT source device or port of the switch Internet APT Malware Protection System
  9. 9. Solution for APT (Advanced Persistent Threat) 9 현재 네트워크 문제점 Block Point • SG switch can block malware without agent sofware Internal Network • Can be secured internal network Finding APT Source • Can find device and port Internet APT Protection VIPM
  10. 10. When security function is OFF 10 Server/Recorder Case 1: CCTV Normal Data Traffic Flow UDPP IP Camera
  11. 11. Attack to Camera using TCP Syn Flooding When security function is OFF 11 Syn Server/ Recorder Syn Hacked on empty port Operating stopped Could not respond to mass traffic IP Camera No Video Case 1: CCTV
  12. 12. Attack to Recorder using TCP Syn Flooding When Security function OFF 12 Syn Sever / Recorder Syn Operating stopped. Could not respond to mass traffic IP Camera Hacked on empty port No Video Case 1: CCTV
  13. 13. Case 2: ARP spoofing on CCTV When Security function OFF 13 Server/Recorder Normal Data Traffic Flow UUDPP IP Camera
  14. 14. Case 2: ARP spoofing on CCTV Image replacing by ARP Spoofing attack When Security function OFF 14 Server/Recorder Hacked on empty port IP Camera ARP Misidentify local server
  15. 15. Image replacing by ARP Spoofing attack When Security function OFF 15 Hacked on empty Server / Recorder port IP Camera UDP Misidentify local server Replacing image Replaced image is recorded Case 2: ARP spoofing on CCTV
  16. 16. 17 Cable Looping 현재 네트워크 문제점 Internet Cable looping by mistake • Broadcasting storm generated Network down • Entire network down • Service stop Difficult find out • Very hard to find out • Take long time to fix it
  17. 17. 18 현재 네트워크 문제점 Internet Secured internal network • Auto detect looping packet Protect entire network • Block broadcasting storm Easy to find out • Auto detection • Report function provide Cable Looping
  18. 18. 19 Information leakage 현재 네트워크 문제점 Internal data leaking • ID/Password stealing and wire tapping on VoIP Network speed down • Man In The Middle attack • Packet go through hackers PC Difficult to find out • No one catch ARP Spoofing attack
  19. 19. 20 현재 네트워크 문제점 Secured internal data • Auto detect ARP Spoofing Keep normal condition • Block Man In The Middle attack Easy to find out • Auto detection • Report function provide Information leakage
  20. 20. 21 Total Solution 현재 네트워크 문제점 Total Solution • Multi product required When Failure • Hard to find problem because multi vendor products • High installation, maintenance, and engineers Cost Internet NMS Access Management IP Management IP Manager Probe
  21. 21. 22 현재 네트워크 문제점 Internet VIPM Total Solution • SG Security Switch and VIPM • NMS, Authentication, IP management, Traffic monitoring When Failure • One vendor solution Cost • Cost effective for all mission • Security, NMS, Authentication, IP Management, TMS Total Solution
  22. 22. Regular vs. Security Switch Regular Switch SG Security Switch Dirty Clean 23 Sever SG Security Switch Normal Traffic Harmful Traffic • Detect/Block all kinds of internal attacks • No service interruption • Embedded proprietary security ASIC • Visible and audible alarm for Administrator • Web-Alert Sever L2 Switch Normal Traffic Harmful Traffic • No way to detect various harmful traffic • ACL is consuming time • No Alarm • No Alert • Threshold is not enough
  23. 23. Regular vs. Security Switch Function Regular Switch SG Security Switch Harmful Traffic Detection • Only over traffic can be detected • Manual troubleshooting • Decreased Performance • Can’t detect IPv6 attack • Detect all kinds of harmful traffic • Real time detect and block • No performance delay • IPv6 security features & function Isolate Harmful Traffic • Block Port or IP • Service impact • Blocked ONLY harmful traffic • Normal traffic is OK IP telephony tapping (ARP Spoofing) • Detect only dynamic IP (DHCP) • Detect Dynamic and Static too Cable Looping • Manual fix once it happened • Service impact until resolved. • Auto Detect and Block • No service impact NMS • No report feature • No function except configuration • Provide CIO Report • Shows malicious traffic status Power Redundancy (POE) • Internal and external redundancy • Internal redundancy Green IT • Possibly Yes • Save power consumption(max 50%) • 802.3az EEE Monitoring/ Management • Need to buy • Included
  24. 24. Spec comparison – Cisco vs HDN SG2024G Catalyst 2960S-24TS 25 Hardware & Interface Power Internal power redundancy External RPS 10/100/1000Base-T 24 24 1000 Base-X 4 4 Performance Forwarding Rate 71.4 Mpps 42 Mpps Flash / DRAM 256M 64M / 128M MAC address 32k 8k Layer 2 STP/RSTP/MSTP/PVST+ / PVRST+ Yes Yes Port Redundancy Smart Port Redundancy Flexbile Link Voice VLAN Yes Yes Ring Protocol Yes No UDLD, Cable diagnostic (TDR) Yes Yes QoS Queue per port 8 4 Security L2/L3/L4 ACL , ACL, Time based ACL, VLAN ACL Yes Yes DHCP Snooping, IPSG Yes Yes 802.1x (Multi user, MAC bypass…) Yes Yes Management Stacking No Yes CDP, DHCP Server, SNMPv1/2/3, TACACS+, RADIUS, IPv6 management, Yes Yes LLDP, LLDP-MED Flow Monitoring sFlow No
  25. 25. Security features comparison 26 SG2024G Catalyst 2960S-24TS Security features Set up/Release security policy automatically OK N/A Real time log & history for dropping attack on CLI OK N/A Real time report while Drop Attack traffic OK N/A Scan Attack OK N/A IP Spoofing attack OK N/A ARP Spoofing attack OK N/A NetBios flooding attack OK N/A Worm_port_Attack attack OK N/A TCP/UDP/ICMP DoS/DDoS_Attack OK N/A TCP SCAN_Attack OK N/A TCP/UDP/ICMP Flood_Attack OK N/A TCP Syn Flood Attack OK N/A Loop detection OK N/A
  26. 26. 27 Others vs. Security Switch Specification Wire Speed L2 function (STP/PVST+/VLAN/LACP) IPT function (Voice VLAN/Auto QoS/PoE) General security function (ACL, DHCP Snooping, DAI, IPSG etc) Special security function (hardware based, smart detection, attack, hacking, spoofing) Management (free NMS, security log, real time detection report, remote-configuration) Reliability & Certification (1U internal power redundancy, IPv4/IPv6 CC certified, IPv6 Ready Logo) TAC support system
  27. 27. MDS Engine Main Technology 28
  28. 28. Detect Malicious traffic No signature based update MAC source/dest address Cable disconnected, Loop Detection MAC Flooding, MAC falsify , ARP Attack IP Spoofing, DHCP Attack, ICMP Attack TCP Syn flooding (DoS/DDoS/Random Attack) UDP flooding, Scanning Network Attack Protection (Layer 4 level) 29 Protocol (TCP/UDP/ICMP) TCP/UDP dest port Port pattern/IP pattern IP source/dest address/port IP range TCP flags Detection count Cable Loopback Test
  29. 29. MDS Security Engine: 6 Cube Analysis of user traffic based on S-IP, S-port, D-port, D-IP, Protocol and Multi-dimension Security Engine Attack Packet Analysis 30 DoS DDoS DDoS(spoofed) Flash crowds,Worms(spoofed) Sensor Log MD Protection Engine RT Packet Gathering Module Switching Fabric Protection DDoS Class DoS Class Scan Class Random Class Security Filter Module (0011) Response Entropy of user traffic.
  30. 30. MDS Security Engine: 6 Cube MDS DoS : Src IP 192.168.254.200 attacks Dst IP 192.168.254.1 and Port 445. 31
  31. 31. MDS Security Engine: 6 Cubes 6 Cube based on RPGM (Real-Time Packet Gathering Module) 32
  32. 32. VNM Monitoring Software 33
  33. 33. VNM(Visual Node Manager) 34 Network management  Simple Management  Fast Resolution  Detail CIO Report
  34. 34. VNM(Visual Node Manager) 35 Visual & Audible Alarm  Provides visual alarm with lightning symbol on attacked ports  Provides audible alarm when it triggers.
  35. 35. VNM (Visual Node Manager) Auto-Config / Backup configuration files 36  Detects new device automatically.  Backup configuration files from all distributed switches(show it through vnm)
  36. 36. 37 Copyright©2013 By Handreamnet Co., Ltd. All rights reserved Auto-Config ① ② ③ ④ 1. New IP assign 2. Assign Subnet 3. Assign G/W 4. Assign SNMP Config 37
  37. 37. 38 Easy Installation Intelligent Security Who needs? High Performance L2 Level Authentication Easy Maintenance Hacking Security Authentication

×