Training on<br />Unified Threat Management Systems<br />& SSL VPN (SaaS)<br />By - <br />Amarjit Singh & RishabhDangwal<br...
Objectives<br />Security awareness<br />Latest trends in security<br />Device Awareness<br />Saving the world before bedti...
We as an ISP have a tough enough job already..But..<br />What about Security threats?<br />How serious are they?<br />Hack...
Current Trends<br />Cyber-attacks are increasing in speed and sophistication exponentially<br />Blended threats, hybrid at...
Intruders<br />Attack Sophistication vs. Intruder Technical Knowledge<br />Courtesy Emil on security<br />Auto Coordinated...
Software Vulnerabilities<br />“99% of intrusions result from exploitation of known vulnerabilities”<br />					Source: 2001...
E-mail Viruses<br />Primary medium for distributing threats<br />Trojans – Easy to create, quick to deliver, easy to insta...
File Based Threats<br /><ul><li>Example: Internet download
Viruses and malicious code infection:
P2P/Torrent
IM applications
Free software/shareware sites
Infected servers
Email
Threats bypass statefulpacket inspection firewalls
Once inside the network, others are easily affected</li></li></ul><li>Further..<br />Unpatched servers are ticking bombs<b...
And we have got Spyware..<br />Program that uses Internet without the User’s knowledge<br />Approximately 80% of computers...
Spam<br />Unsolicited Email<br />Multiple techniques to send mails<br />Spoof email address<br />Image only mail<br />Rand...
Network woes <br />Label spoofing<br />Core hiding<br />Replay attacks<br />Compromise of LIB<br />Access to LER<br />And ...
Router abuse<br />TACACS+ forced session_id collisions<br />Sophisticated Packet body DOS<br />Boot iosmanipulation<br />I...
And its just the Tip of Iceberg…(a.k.a Raising the Attack Standards by a Notch)<br />Sophisticated DOS (Network, applicati...
Obsolete Defenses<br />Firewalls work on port blocking strategy<br />Reactive approach<br />Stateful Packet Inspection (SP...
How TULIP can provide security ?<br />SaaS – Security as a Service<br />SSL-VPN<br />Unified Threat Management<br />
What is SSL VPN TECHNOLOGY? <br />Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access t...
The Landscape with SSL VPN<br />
Why SSL  VPN <br />      SSL VPN solutions offer a flexible and highly secure way to extend network resources to virtually...
Business challenge for EMS<br />
The Landscape with Tulip Managed SSL<br />
Complete Client-side Cleanup<br />Cleanup of end users system at end of session.<br />Configurable options of cache cleanu...
Authentication Mechanisms<br />Vast range of Authentication mechanisms to choose from<br />Supported Authentication mechan...
End-point compliance<br />SSL VPN End-point security service<br /><ul><li> Check devices before & during session
 Ensure device compliance with corporate policy
 Remediate devices when needed
 Cross platform support</li></ul>Virus<br /><ul><li> No anti-virus installed
 No personal firewall
User granted minimal access
 No Anti-Virus Installed
 Personal Firewall enabled
 User remediated  install anti-virus
 Once installed, user granted access</li></ul>Airport Kiosk Mobile User<br />Home PC User<br /><ul><li> AV Real-Time Prote...
 Personal Firewall Enabled
 Virus Definitions Up To Date
Upcoming SlideShare
Loading in …5
×

Corporate Security Issues and countering them using Unified Threat Management Systems and SSL VPN

3,723 views

Published on

An insightful presentation on corporate security and countering them using Unified Threat management Systems.

by
Rishabh Dangwal and Amarjit Singh

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,723
On SlideShare
0
From Embeds
0
Number of Embeds
753
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Corporate Security Issues and countering them using Unified Threat Management Systems and SSL VPN

  1. 1. Training on<br />Unified Threat Management Systems<br />& SSL VPN (SaaS)<br />By - <br />Amarjit Singh & RishabhDangwal<br />Tulip Telecom Ltd.<br />
  2. 2. Objectives<br />Security awareness<br />Latest trends in security<br />Device Awareness<br />Saving the world before bedtime, without worries :P<br />The notion of providing Security as a Service <br />
  3. 3. We as an ISP have a tough enough job already..But..<br />What about Security threats?<br />How serious are they?<br />Hackers are there..where are We ?<br />What is the most effective and cost efficient way to handle them?<br />
  4. 4. Current Trends<br />Cyber-attacks are increasing in speed and sophistication exponentially<br />Blended threats, hybrid attacks and APT’s..<br />Getting automated tools is easy, increase in skid culture<br />Security costs money, Security problems cost money, time and lots of pain.<br />
  5. 5. Intruders<br />Attack Sophistication vs. Intruder Technical Knowledge<br />Courtesy Emil on security<br />Auto Coordinated<br />Cross site scripting<br />“stealth” / advanced scanning techniques<br />High<br />Staged<br />packet spoofing<br />denial of service<br />distributed<br />attack tools<br />sniffers<br />Intruder<br />Knowledge<br />sweepers<br />www attacks<br />automated probes/scans<br />GUI<br />back doors<br />network mgmt. diagnostics<br />disabling audits<br />hijacking <br />sessions<br />burglaries<br />Attack<br />Sophistication<br />exploiting known vulnerabilities<br />password cracking<br />self-replicating code<br />password guessing<br />Low<br />2011<br />1980<br />1985<br />1990<br />1995<br />
  6. 6. Software Vulnerabilities<br />“99% of intrusions result from exploitation of known vulnerabilities”<br /> Source: 2001 CERT, Carnegie Mellon University<br />Cause: programming bugs, bad testers, short sighted development<br />Threat: lack of patches for the above<br />LizamoonSQLi exploited 1.5 million + hosts<br />
  7. 7. E-mail Viruses<br />Primary medium for distributing threats<br />Trojans – Easy to create, quick to deliver, easy to install<br />HTML viruses on email<br />Innocent sounding Emails having malicious attachments containing: <br />Macros, VB scripts, java scripts and html scripts<br />
  8. 8. File Based Threats<br /><ul><li>Example: Internet download
  9. 9. Viruses and malicious code infection:
  10. 10. P2P/Torrent
  11. 11. IM applications
  12. 12. Free software/shareware sites
  13. 13. Infected servers
  14. 14. Email
  15. 15. Threats bypass statefulpacket inspection firewalls
  16. 16. Once inside the network, others are easily affected</li></li></ul><li>Further..<br />Unpatched servers are ticking bombs<br />Viruses uploaded to network drives<br />Remote exploitation possible<br />Nimda virus<br />
  17. 17. And we have got Spyware..<br />Program that uses Internet without the User’s knowledge<br />Approximately 80% of computers have some form of Spyware (including corporate ones)<br />Spread using shareware, pop ups,p2p,shareware..the usual suspects<br />Gathering information:<br />Browsing habits (sites visited, links clicked, etc.)<br />Data entered into forms (including account names, passwords, text of Web forms and Web-based email, etc.)<br />Key stokes and work habits<br />
  18. 18. Spam<br />Unsolicited Email<br />Multiple techniques to send mails<br />Spoof email address<br />Image only mail<br />Random text<br />Text merging<br />Token Manipulation<br />URL hiding<br />HTML Tag corruption<br />Increase False positives<br />Parse corruption<br />Metamorphic Spam Trojans<br />And much much more..<br />Leads to low productivity and server outages.<br />
  19. 19. Network woes <br />Label spoofing<br />Core hiding<br />Replay attacks<br />Compromise of LIB<br />Access to LER<br />And other MPLS security issues..<br />
  20. 20. Router abuse<br />TACACS+ forced session_id collisions<br />Sophisticated Packet body DOS<br />Boot iosmanipulation<br />Improper tcl scripts (if present)<br />External factors<br />SNMP compromise<br />
  21. 21. And its just the Tip of Iceberg…(a.k.a Raising the Attack Standards by a Notch)<br />Sophisticated DOS (Network, application)<br />Advanced Persistent Threats<br />Smartphone Abuse<br />Certificate abuse (DigiNotar - PKIOverheid..)<br />Key abuse (RSA, anyone ?)<br />Kernel Rootkits/Bootkits<br />
  22. 22. Obsolete Defenses<br />Firewalls work on port blocking strategy<br />Reactive approach<br />Stateful Packet Inspection (SPI) :<br />Provides source / destination / state intelligence <br />Provides NAT<br />Stateful firewalls cannot protect against multilayer threats<br />Is limited in nature<br />
  23. 23. How TULIP can provide security ?<br />SaaS – Security as a Service<br />SSL-VPN<br />Unified Threat Management<br />
  24. 24. What is SSL VPN TECHNOLOGY? <br />Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access to an organization’s resources. A VPN is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between two endpoints. Because a VPN can be used over existing networks such as the Internet, it can facilitate the secure transfer of sensitive data across public networks.<br />Concept - SSL VPN <br />
  25. 25. The Landscape with SSL VPN<br />
  26. 26. Why SSL VPN <br /> SSL VPN solutions offer a flexible and highly secure way to extend network resources to virtually any remote user with access to the Internet and a web browser. Organizations can customize access and extend the reach of their corporate network to individuals based on their role, including the teleworker, contractor, or business partner.<br />
  27. 27. Business challenge for EMS<br />
  28. 28. The Landscape with Tulip Managed SSL<br />
  29. 29. Complete Client-side Cleanup<br />Cleanup of end users system at end of session.<br />Configurable options of cache cleanup includes.<br /> Cookies<br /> Temporary Internet Files<br /> Browser History<br /> Visited URL’s<br /> Downloaded Program Files<br />Cleanup all traces of users access and data downloaded at the end of session.<br />
  30. 30. Authentication Mechanisms<br />Vast range of Authentication mechanisms to choose from<br />Supported Authentication mechanisms<br /> Local Database<br /> RADIUS<br /> Active Directory (AD)<br /> LDAP<br /> RSA Secure ID<br /> Certificate based Authentication. <br /> Biometrics.<br /> SMS<br />Two-Factor or Multi-Factor Authentication<br /> Support for One Time Password (OTP) and Public Key Infrastructure (PKI) Tokens<br />
  31. 31. End-point compliance<br />SSL VPN End-point security service<br /><ul><li> Check devices before & during session
  32. 32. Ensure device compliance with corporate policy
  33. 33. Remediate devices when needed
  34. 34. Cross platform support</li></ul>Virus<br /><ul><li> No anti-virus installed
  35. 35. No personal firewall
  36. 36. User granted minimal access
  37. 37. No Anti-Virus Installed
  38. 38. Personal Firewall enabled
  39. 39. User remediated  install anti-virus
  40. 40. Once installed, user granted access</li></ul>Airport Kiosk Mobile User<br />Home PC User<br /><ul><li> AV Real-Time Protection running
  41. 41. Personal Firewall Enabled
  42. 42. Virus Definitions Up To Date
  43. 43. User granted full access</li></ul>Managed PC User<br />
  44. 44. End Point Security & DLP <br />
  45. 45. There are Three different access options with SSL VPN<br /> PHAT : Private Hyper Access Transport <br /> QAT : Quick Access Terminal <br /> WAT : Web Access Terminal<br />Access options with SSL VPN<br />
  46. 46. What is WAT <br />  Web Access Terminal (WAT) is clientless access modes where user needs just a browser to establish SSL VPN connection. Using WAT user can access web applications such as Outlook Web Access (OWA), Intranet, Share Point, web-based databases, etc from any location like Airport kiosk, Cyber Café, etc.<br /> <br />What is PHAT <br /> Private Hyper Access Transport (PHAT) is one of the modes to access the Virtual Private Network (VPN). It’s small footprint web deployed software that gets installed on user’s machine. PHAT client provide IPSec like functionality to give full access to network.<br /> <br />What is QAT <br /> Quick Access Terminal (QAT) is an intermediate client between the PHAT Client and the WAT Client. The users can access TCP based client applications without installing PHAT on their machines. Once configured by the Administrator for a particular group, QAT is started from the web portal.<br />Access options with SSL VPN<br />
  47. 47. Tunneling modes<br />Split tunnel: Application traffic targeted specifically for VPN subnets is routed over SSL VPN tunnel to SSL VPN-Plus Gateway. Rest of the traffic flows follows normal LAN path. <br />Full tunnel:All Application traffic is sent to SSL VPN-Plus Gateway over SSL VPN tunnel for routing. In this case, complete data from user’s machine can be monitored on SSL VPN-Plus Gateway. If local subnets are not excluded for user, the user won’t be able to access local LAN also.<br />
  48. 48. Scenario 1Alternate Backup Link<br />SSL<br />Server<br />www<br />ADSL<br />Link<br />X<br />Primary <br />Link<br />Tulip IDC<br />Remote <br />Location<br />Tulip Connect<br />MPLS Backbone<br />ERP<br />Servers<br />Central Location<br />
  49. 49. Scenario 2Instant Connectivity<br />Remote Customer<br />Location <br />Tulip Connect<br />Not yet Installed<br />Or getting delayed<br />(TNF)<br />SSL<br />Server<br />www<br />ADSL<br />Link<br />Primary <br />Link<br />Tulip IDC<br />Remote <br />Location<br />Tulip Connect<br />MPLS Backbone<br />Customer<br />Location Ready<br />ERP<br />Servers<br />Central Location<br />30<br />
  50. 50. Scenario 3Extranet Connectivity<br />SSL<br />Server<br />www<br />Tulip IDC<br />Dealer<br />Locations<br />Primary <br />Link<br />Tulip Connect<br />MPLS Backbone<br />Remote <br />Location<br />ERP<br />Servers<br />Central Location<br />31<br />
  51. 51. Scenario 4Enterprise Mobility<br />SSL<br />Server<br />www<br />Roaming Executives<br />Tulip IDC<br />User Moves<br />Out<br />Cyber Cafe<br />Primary <br />Link<br />Tulip Connect<br />MPLS Backbone<br />Remote <br />Location<br />User<br />ERP<br />Servers<br />Central Location<br />32<br />
  52. 52. The New Standard - UTM<br />Unified Threat Management / eXtensible Threat Management<br />Integration of Firewall <br />Deep Packet Inspection <br />Intrusion Prevention for blocking network threats<br />Anti-Virus for blocking file based threats<br />Anti-Spyware for blocking Spyware<br />Faster updates to the dynamic changing threat environment and elimination of False Positives<br />Multilayered security<br />Inhouse / Multivendor Approach<br />
  53. 53. Spans Through 6 layers of OSI model<br /><ul><li>QOS and ACL implementation
  54. 54. Application Specific Integrated Circuits (ASIC’s) Network and Coprocessors for dedicated tasks
  55. 55. Evolved security</li></li></ul><li>Deep Packet Inspection- Unified Threat Mgt.<br />Zone based security<br />Protect internally<br />Gateway Anti-Virus<br />Scan through unlimited files sizes<br />Scan through unlimited connections<br />Scan over more protocols than any similar solution<br />Anti-Spyware for protection against malicious programs<br />Blocks the installation of spyware<br />Blocks Spyware that is emailed and sent internally <br />Applications Layer Threat Protection:<br />Full protection from Trojan, worm, blended and polymorphic threats<br /><ul><li> Full L2-7 signature- based inspection
  56. 56. Application awareness</li></ul>PRO Series as a Prevention Solution<br />PS/GAV Dynamic Updates<br />DPI<br />DPI<br />DPI<br />DPI: Intrusion Prevention<br />/Gateway AV/ Anti-Spy<br />Server Zone<br />Dept Zone <br />User Zone<br />Diagram courtesy Sonicwall<br />
  57. 57. Security Must Be Updated<br />Signature Database<br />ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT<br />AV Database<br />IPS Database<br />Spy Database<br />Content<br />Filtering<br />Database<br /><ul><li>Stateful inspection deals with only port scanning, no data is examined.
  58. 58. Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans.</li></ul>Content<br />Inspection<br />Stateful<br />PacketInspection<br />Anti-Virus<br />Content<br />Filtering Service<br />Deep<br />PacketInspection<br />Gateway<br />Anti-Virus<br />Anti-Spyware<br />Firewall Traffic Path<br />Diagram courtesy Sonicwall<br />
  59. 59. The 10 Defense Layers to Fight Spam<br /><ul><li>High performance
  60. 60. Easily scalable</li></ul>Image courtesy Sonicwall<br />
  61. 61. Unified Threat Management Appliance<br />Content Filtering<br />Reporting & Reverse monitoring<br />Secure Wireless<br />High Availability - Appliance <br />ISP Load Balancing/Failover<br />Central Management<br />Secured MPLS by MSSP (and link termination)<br />Firewall<br />VPN<br />Basic bandwidth Management<br />Gateway AV, Intrusion Prevention and Anti-spyware<br />Modified for Router monitoring by combining with MSSP<br />Trusted Certificate Management<br />
  62. 62. Deep , Dynamic, Real-Time Protection<br /><ul><li>Real time threat scanning engine at the gateway
  63. 63. AV/AS/IDS/IPS
  64. 64. Protection from: Viruses, spyware, worms, trojans, app vulnerabilities
  65. 65. External and Internal protection
  66. 66. Reassembly-free engine
  67. 67. Scans & decompresses unlimited number of files & file sizes
  68. 68. Supports over 80 protocol types including
  69. 69. SMTP, IMAP, POP3 Email, HTTP – Web, FTP – File Transfer
  70. 70. Peer to Peer Transfers, NetBios – Intra LAN Transfers, any stream-based protocol
  71. 71. Updateable database by an expert signature team
  72. 72. DOS protection from 22 types of DOS attacks
  73. 73. Application DOS prevention using EPS monitoring
  74. 74. MSSP convergenace</li></li></ul><li>Value Innovation Philosophy<br />Affordable<br />Reduces the Total cost of ownership<br />Simple<br />Unified AIO solution and easy to manage<br />Powerful<br />Integrated-Realitime-Dynamic<br />
  75. 75. Thank You.<br />
  76. 76. Questions ?<br />

×