integrated threat
play

Integrated Threat Management Appliance 1 - PowerPoint PPT Presentation

Aug 31, 2023 •468 likes •719 views

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3 Denial of Service Attack (DoS) 4 THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry,

  1. Integrated Threat Management Appliance 1

  2. http://www.youtube.com/watch?v=F 7pYHN9iC9I 2

  3. 3

  4. Denial of Service Attack (DoS) 4

  5. THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry, Key-logger, Form-grabber, Spyware , RAM scraper Hacking Exploitation of backdoors, credentials theft and usage, SQL injection Misuse Abuse of System Access and privileges Social Email with Attachments, Instant Messaging, Phishing, Spam Error System Malfunctioning, Misconfiguration 5

  6. Approach  Screening of traffic at Perimeter  Unified Solution  Single console for management, updation and event logging /reporting  Low latency  Scalable  Traffic Management 6

  7. CORPORATE NKN PUB NETWORK ITM Appliance 7

  8. Features  Developed from open Source software  Layer 2 to Layer 7 inspection  Hardware design supports Deep packet Inspection  Scalable Architecture  Flexible Bandwidth management  Secure VPN access  Management console offers both local and remote administration 8

  9. Components of ITMA • Firewall • Intrusion detection & Protection system • Gateway Antivirus • Gateway Antispam • Content Filtering 9

  10. Stateful Packet Inspection Source Destination INSPECT 212.56.32.49 65.26.42.17 Stateful is limited Source Port Dest Port X inspection that can 80 Version | Service | Total Length Source Sequence Sequence ID | Flags | Fragment UDP Port only block on ports 2821 28474 TTL | Protocol | IP Checksum IP Option Syn state Source IP Address Destination No Data Inspection! none SYN UDP Port Destination IP Address IP Options Stateful Packet Inspection Firewall Traffic Path 10

  11. Deep Packet Inspection Signature Database INSPECT INSPECT ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER Version | Service | Total Length 13FTP 50ICMP 115Instant Source Messenger 25IMAP 16INFO ID | Flags | Fragment UDP Port 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL TTL | Protocol | IP Checksum 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 Source IP Address 18RPC 124RSERVICES 13SCAN Destination 25SMTP 23SNMP 17TELNET UDP Port Destination IP Address 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT IP Options Deep Packet Inspection inspects all traffic moving through a Deep Stateful Packet Packet device Inspection Inspection Firewall Traffic Path 11

  12. Deep Packet Inspection / Prevention Signature Database Comparing… ATTACK-RESPONSES 14BACKDOOR Version | Service | Total Length 58BAD-TRAFFIC 15DDOS 33DNS ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address 19DOS 18EXPLOIT >35FINGER Destination IP Address Version | Service | Total Length Version | Service | Total Length 13FTP 50ICMP 115Instant Version | Service | Total Length Messenger 25IMAP 16INFO Source Source ID | Flags | Fragment UDP TTL | Protocol | IP Checksum ID | Flags | Fragment ID | Flags | Fragment Source IP Address 7Miscellaneous44MS-SQL 24MS- UDP Port UDP Port Destination IP Address Length DATA SQL/SMB 19MULTIMEDIA 6MYSQL TTL | Protocol | IP Checksum TTL | Protocol | IP Checksum 2NETBIOS 25NNTP 2ORACLE Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Application Attack, 25P2P 51POLICY 21POP2 4POP3 Source IP Address Destination IP Address Destination Source IP Address Destination Source IP Address 18RPC 124RSERVICES 13SCAN UDP Worm or Trojan 25SMTP 23SNMP 17TELNET UDP Port UDP Port Checksum Destination IP Address Destination IP Address 14TFTP 9VIRUS 3WEB-ATTACKS Found ! 47WEB-CGI 312WEB-CLIENT IP Options IP Options Deep Packet Inspection with Intrusion Prevention can find and Stateful Deep block, application vulnerabilities, Packet Packet Inspection Inspection worms or Trojans. Firewall Traffic Path 12

  13. Gateway Anti-Virus and Content Control Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER Version | Service | Total Length Version | Service | Total Length 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO Source Source ID | Flags | Fragment ID | Flags | Fragment 7Miscellaneous44MS-SQL 24MS- UDP Port UDP Port SQL/SMB 19MULTIMEDIA 6MYSQL Virus TTL | Protocol | IP Checksum TTL | Protocol | IP Checksum 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 File! Destination Destination Source IP Address Source IP Address 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET UDP Port UDP Port m m Destination IP Address Destination IP Address AuctionSite 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT IP Options IP Options Stateful Deep Gateway Content Packet Packet Anti-Virus Inspection Inspection Inspection Anti-Spyware Firewall Traffic Path 13

  14. Security Must Be Updated Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS AV Database 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant IPS Database Messenger 25IMAP 16INFO Spy Database 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 Content 18RPC 124RSERVICES 13SCAN Filtering 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS Database 47WEB-CGI 312WEB-CLIENT Content Stateful Deep Gateway Content Anti-Virus Filtering Packet Packet Anti-Virus Inspection Service Inspection Inspection Anti-Spyware Firewall Traffic Path 14

  15. Architecture • Rapid Increase in data traffic is addressed by implementing multiple cores • Load Spreading of the packets across pools of core for parallel processing • Share network I/O between cores • Inter-core communication • Increases the capability and performance ITMA Packet Processor- QoRIQ 15

  16. Technical Specifications Function Generic Features offered Functionalities in ITMA 3000+ signatures A Viruses Detection & Worms Blocking Threat Vectors Detection & Spyware Blocking Detection & Phishing Blocking B Technologies Content Processor Content processor Modular / Scalable Modular / Scalable 1 Architecture Distributed Distributed architecture Architecture 16

  17. Technical Specifications Contd. Function Generic Features offered Functionalities in ITMA Processors H/w based Accelerators Gigabit Ports 4 Console port RJ45 1 2 Platform USB Ports 2 Form factor Rack Mounted High Availability Serial & Parallel features Modes of operation 3 Operating System Embedded Linux Firewall Throughput (Gbps) 2.5 System 4 Performance New 5000 sessions/second 17

  18. Technical Specifications Contd. Function Generic Features offered Functionalities in ITMA Concurrent System 100000 Performance sessions Antivirus Throughput 1.5 (Gbps) IPS Throughput 1.5 (Gbps) ITMA Throughput 1.5 (Gbps) Authenticated unlimited Users/Nodes 18

  19. Threat Management with event logging features C OSI Layers 2 to 4 Access Control Criteria User identity, Source Identity IPS, Web filter, Application filter, ITM Policies Antivirus, Anti spam, Bandwidth Mgt, Default 1 Stateful Firewall Denial H.323 NAT Traversal, 802.1q VLAN Support, Other features DoS & DDoS attack prevention, MAC & IP- MAC filtering, PAT Virus, Worm, Trojan Detection & Removal Spyware, Malware, Antivirus / Anti 2 Phishing protection Spyware Automatic virus signature database update Scanning of HTTP, FTP, SMTP, POP3, IMAP, IM, VPN tunnels Block by file types 19

  20. Technical Specifications Contd. Function Generic Features offered in Functionalities ITMA Real-time Blacklist (RBL), MIME header check Filter based on message header, size, sender, recipient Redirect spam mails to dedicated email address. Image-spam filtering 3 Anti Spam Zero hour virus Outbreak protection Subject line tagging IP address Black list/White list spam Notification through Digest IP Reputation-based spam filtering 20

  21. Technical Specifications Contd. Function Generic Features offered in Functionalities ITMA Multiple IPS Policies user-based policy creation 4 Intrusion Prevention Protocol Anomaly Detection DDoS attack prevention Networking D Appl. & User Identity Bandwidth based Bandwidth Mgt. 1 Management Category-based Bandwidth restriction General E ICSA Firewall Checkmark UTM Level 5 Certification 1 Certifications VPNC - Basic and AES interoperability (Certification process progressively) 21

  22. Institutes involved PSA Office PIU NKN ECIL, HYDERABAD : SETS, CHENNAI 22

  23. THANK YOU 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Alberta Integrated Threat & Risk Assessment Alberta Integrated Threat & Risk Assessment

Alberta Integrated Threat & Risk Assessment Alberta Integrated Threat & Risk Assessment

Alberta Integrated Threat & Risk Assessment Alberta Integrated Threat & Risk Assessment Center Center (I- -TRAC) TRAC) (I Sgt. Dellrae Sharpe Sgt. Dellrae Sharpe April 11, 2011 April 11, 2011 Facts Facts Between 2000-2006 in

502 views • 21 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
SAAB AVITRONICS Naval Integrated EW systems NAME Pat Clarke DATE 21 April 2009 The Threat

SAAB AVITRONICS Naval Integrated EW systems NAME Pat Clarke DATE 21 April 2009 The Threat

SAAB AVITRONICS Naval Integrated EW systems NAME Pat Clarke DATE 21 April 2009 The Threat ASM Survey in the East Mediterranean and Black Sea Ukraine SS-N-12 Romania Russia AS-4 SS-N-2 a+c SS-N-2 c+d AS-11 AS-7 SS-N-12 AS-13

548 views • 35 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue

The Piracy Threat Problem 1 : Unauthorized over production of IC $$ Lost revenue opportunities Synthesis, Verification & Test for Secure ICs Undesired exposure of proprietary technology Protecting Integrated Circuits Problem

94 views • 8 slides
Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides
Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force Los Angeles RWQCB Presentation September 15, 2011 Prologue Low-Threat Policy: An Evolutionary Process STATE WATER RESOURCES CONTROL BOARD

528 views • 31 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

357 views • 23 slides
How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR 2010 Introduction Cause Current threat around IEDs is continuously changing Little known about possible future threat Goal List

210 views • 16 slides
and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

Harmful Algal Blooms, Agricultural Initiatives, and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy (Fisheries, Recreation, Tourism etc.) Sources: both Urban & Rural Whats Agricultures

520 views • 24 slides
Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

The Virginia Model of School Threat Assessment June 19, 2019 Dewey Cornell, Ph.D. The Virginia Model of School Threat Assessm ent Dewey Cornell, Ph.D. Curry School of Education University of Virginia 434-924-8929 Email:

299 views • 15 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University

Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University

Peer-to-peer Sender Authentication for Email Vivek Pathak and Liviu Iftode Rutgers University Email Trustworthiness Sender can be spoofed Need for Sender Authentication Importance depends on sender Update on Spam Filters

1.02k views • 55 slides
SpamResist: Making Peer-to-Peer Tagging SpamResist: Making Peer-to-Peer Tagging Systems Robust to

SpamResist: Making Peer-to-Peer Tagging SpamResist: Making Peer-to-Peer Tagging Systems Robust to

SpamResist: Making Peer-to-Peer Tagging SpamResist: Making Peer-to-Peer Tagging Systems Robust to Spam Systems Robust to Spam Ennan Ennan Zhai, Zhai, Ruichuan Ruichuan Chen, Eng Keong hen, Eng Keong Lua* Lua* Long Zhang, Long Zhang,

648 views • 64 slides
Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i . i o FARSIGHT SECURITY DISCUSSION POINTS Attack Trends A Historical View Attack Vectors in Recent Years Evolution of Mitigation

634 views • 29 slides
Academic and Research Network of Slovenia Marko Bona Arnes Some facts abo t Slo enia Some

Academic and Research Network of Slovenia Marko Bona Arnes Some facts abo t Slo enia Some

Academic and Research Network of Slovenia Marko Bona Arnes Some facts abo t Slo enia Some facts about Slovenia 2 mio inhabitants 20 000 km2 20.000 km2 borders to Italy, Austria, H Hungary and Croatia d C i 4

429 views • 18 slides
Marketplace Ads for Goods Marketplace Ads for Services Spam conversion experiment

Marketplace Ads for Goods Marketplace Ads for Services Spam conversion experiment

Marketplace Ads for Goods Marketplace Ads for Services Spam conversion experiment Experimented with Storm March 21 April 15, 2008 Instrumented roughly 1.5% of Storm s total output Pharmacy E-card Campaigns Campaign Postcard

938 views • 49 slides
CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley tcrosley@cs With material from Franzi, Adrian Sham, and various sources Reminders Homework #3, due May 23th, 8pm (Tomorrow!) Lab #3 due

638 views • 40 slides
Yahoo! Communities Architectures Ian Flint November 9, 2007 1 Agenda What makes Yahoo!

Yahoo! Communities Architectures Ian Flint November 9, 2007 1 Agenda What makes Yahoo!

Yahoo! Communities Architectures Ian Flint November 9, 2007 1 Agenda What makes Yahoo! Yahoo!? Hardware Infrastructure Software Infrastructure Operational Infrastructure Process Examples 2 What makes Yahoo!

478 views • 26 slides
Exploring the Insecurity of Google Account Registration Protocol via Model Checking Tian Xie,

Exploring the Insecurity of Google Account Registration Protocol via Model Checking Tian Xie,

Exploring the Insecurity of Google Account Registration Protocol via Model Checking Tian Xie, Sihan Wang, Guan-Hua Tu, Chi-Yu Li and Xinyu Lei IEEE Symposium Series on Computational Intelligence (SSCI) 2019 Presentation Outline Background

452 views • 29 slides

More recommend