LHSSS-3




    Next Generation Firewalls
    Harsh Jangra
    Director – Technical Operations (Security)
    www.LearnHackingSecurity.com
Can you keep up?
• Intelligence                  • Consolidation of gateway functions
  » Reduce emphasis on human      » Simplification
    intervention
                                • Enterprise-class features available for all
• End-to-end protection           segments
  » Policy compliance for all
                                  » Not limited to large appliances
    devices, including mobile
                                • Growth of WLANs
• Virtualization
                                  » Mobile enterprise
  » Virtual appliances
  » Multi-tenant environments
Firewalls Evolution

                      • Firewalls developed over 25 years ago
                        » Initial protection by blocking traffic by
                          port, protocol, or IP address
                          • From packet filtering to circuit level to proxy to deep
                            packet inspection…
                      • Threat landscape evolved from primitive to
                        more sophisticated
                        » Able to pose as legitimate traffic & bypass policies
                        » Business processes evolved as well
                          • Firewall policies disabled over time to allow critical
                            applications to pass through
Integrated Threat Protection in Action
Problem:



                                                                          Error message:
                                                                          “Drops” copy of itself on
 “Innocent” Video Link:                                                   system and attempts to
 Redirects to malicious Website                                           propagate

                                      “Out of date” Flash player error:
                                      “Download” malware file



Solution:
 Integrated Web Filtering
 Blocks access to malicious Website

 Network Antivirus
 Blocks download of virus

 Intrusion Protection
 Blocks the spread of the worm
Integrated Threat Protection in Action
  • Application Control: Unwanted Services and P2P Limiting
   Botnet command channel, compromised Facebook applications, independent of port or protocol

  • Intrusion Prevention: Vulnerabilities and Exploits
   Browser and website attack code crafted by hackers and criminal gangs.

  • Web Filtering: Multiple categories and Malicious sites
   Botnet command, phishing, search poisoning, inappropriate content

  • Vulnerability Management: Real time exploit updates
    Multiple scanning points Firewall Gate, Analyzer, Web, DB, and Scan

  • Antispam: Unsolicited messages
    Phishing, Malware, Social Engineering and Junk

  • Antivirus: All malicious code
    Documents, macros, scripts, executable
    Delivered via Web, Email, USB, Instant messaging, social networks, etc.
LHS Connections and Updates



                    #harsh_ jangra
                    #HackingTechnoS

                                      Get Latest       Facebook
                                      Hacking &
                                                       Security Updates
                                      Security Updates Connect with us
                                      Subscribed on
                                                       Facebook.com/HackingTechn
                    Hands-On Labs     LHS/ePaper       ologies
Resources




      http://www.eCoreTechnoS.com         www.LearnHackingSecurity.com




   http://www.HackingTechnologies.com   http://www.GetHackingSecurity.com

Next Generation Firewalls

  • 1.
    LHSSS-3 Next Generation Firewalls Harsh Jangra Director – Technical Operations (Security) www.LearnHackingSecurity.com
  • 2.
    Can you keepup? • Intelligence • Consolidation of gateway functions » Reduce emphasis on human » Simplification intervention • Enterprise-class features available for all • End-to-end protection segments » Policy compliance for all » Not limited to large appliances devices, including mobile • Growth of WLANs • Virtualization » Mobile enterprise » Virtual appliances » Multi-tenant environments
  • 3.
    Firewalls Evolution • Firewalls developed over 25 years ago » Initial protection by blocking traffic by port, protocol, or IP address • From packet filtering to circuit level to proxy to deep packet inspection… • Threat landscape evolved from primitive to more sophisticated » Able to pose as legitimate traffic & bypass policies » Business processes evolved as well • Firewall policies disabled over time to allow critical applications to pass through
  • 4.
    Integrated Threat Protectionin Action Problem: Error message: “Drops” copy of itself on “Innocent” Video Link: system and attempts to Redirects to malicious Website propagate “Out of date” Flash player error: “Download” malware file Solution: Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm
  • 5.
    Integrated Threat Protectionin Action • Application Control: Unwanted Services and P2P Limiting Botnet command channel, compromised Facebook applications, independent of port or protocol • Intrusion Prevention: Vulnerabilities and Exploits Browser and website attack code crafted by hackers and criminal gangs. • Web Filtering: Multiple categories and Malicious sites Botnet command, phishing, search poisoning, inappropriate content • Vulnerability Management: Real time exploit updates Multiple scanning points Firewall Gate, Analyzer, Web, DB, and Scan • Antispam: Unsolicited messages Phishing, Malware, Social Engineering and Junk • Antivirus: All malicious code Documents, macros, scripts, executable Delivered via Web, Email, USB, Instant messaging, social networks, etc.
  • 6.
    LHS Connections andUpdates #harsh_ jangra #HackingTechnoS Get Latest Facebook Hacking & Security Updates Security Updates Connect with us Subscribed on Facebook.com/HackingTechn Hands-On Labs LHS/ePaper ologies
  • 7.
    Resources http://www.eCoreTechnoS.com www.LearnHackingSecurity.com http://www.HackingTechnologies.com http://www.GetHackingSecurity.com

Editor's Notes

  • #5 Here is an example of our approach in action. This is the Koobface attack, which is still active in the wild.Starts as a link to a non-existent video on a malicious site sent via IM, email, or webmail. The first layer of protection is web filtering to block access to the site. If the user clicks on the link, he would receive a phony alert telling him his player is not working, and to download a non-existent new version on a malicious site. By clicking on the “OK” button on the phony Error message, the user is actually instructing his system to install the virus. Antivirus protection would detect the file that the user is trying to install, and block itOnce installed, the worm would try to propagate. The IPS technology would detect the propagation effort, and block it before it could succeed.