:: Protecting your infrastructure :: Who We Are.. iDeras Features - - PowerPoint PPT Presentation

:: Protecting your infrastructure ::

Who We Are.. iDeras Features Benefits Q&A

Infosys Gateway Sdn Bhd. Incorporated in 2007

Bumiputra owned Company MSC Status Company Registered with Ministry of Finance (MOF), Kementah (MINDEF) Malaysia Industry Council for Defence, Enforcement & Security(MIDES) MATRADE, SME-CORP & OIC- CERT Successfully innovated and developed a network security appliance with continuous R&D for enhancement and future innovation 1st Malaysian developed unified network security product named iDERAS.

Global Certification Common Criteria EAL 2

For securing the complete ICT environment, we propose the following components:

• Malaysia First Unified Network Security Innovation, iDeras.

“Unified threat management (UTM) is a converged platform of point security products, particularly suited to midsize and enterprise businesses . Typical feature sets fall into three main subsets; 1. Firewall 2. Intrusion Detection & Prevention System (IDPS) 3. Proxy Filter (Content Filtering, URL Filtering, Web Antivirus [AV])

UNLIMITED USERS

VPN

FIREWALL CONTENT FILTERING

IDPS

Features

TRAFFIC SHAPER CAPTIVE PORTAL

A firewall, an appliance designed to prevent unauthorized access to your network Monitor inbound and outbound network activity, identify suspicious network patterns that may indicate potential harm to your environment and prevents it based on the rules set Prevent access to harmful content, which may be harmful if opened or accessed. VPN, to connect to a private network, such as a company's internal network, ensuring secured connectivity within your environment. Direct users to a web page before granting access to the

• internet. Able to identify who is using your network.

Control of network traffic to optimize bandwidth, lower latency, and/or increase usable bandwidth.

Firewall

FIREWALL

Firewall

FIREWALL

Firewall is the most important component of the UTM Box Firewall rules control what traffic is allowed to enter an interface on the firewall Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic Option to log or not log traffic matching each rule. Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)

FIREWALL

NAT Virtual IPs SCHEDULES TRAFFIC SHAPER

Firewall: Other Functionalities

FIREWALL

Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. A tool to control the network traffic in order to optimize or guarantee performance, lower latency, and/or increase usable bandwidth by delaying packets that meet certain criteria. Firewall rules can be scheduled so that they are only active at certain times of day or on certain specific days or days

• f the week.

Virtual IP (VIP) feature provides IP addresses that can float between two or more physical network

• nodes. These IP addresses are used to

provide redundancy for attached servers and VIPs

NAT (screenshots) cont…

FIREWALL

Add Port Forwarding Firewall: NAT: 1:1

When enabled, this automatically creates additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks. The NAT + proxy mode uses a helper program to send packets to the target of the port forward. It is useful in setups where the interface and/or gateway IP used for communication with the target cannot be accurately determined at the time the rules are loaded.

Enables the automatic creation of additional NAT redirect rules for access to 1:1 mappings of your external IP addresses from within your internal networks. Reflection on 1:1 mappings is only for the inbound component of the 1:1 mappings. This functions the same as the pure NAT mode for port forwards.

NAT: Outbound

NAT (screenshots) cont…

FIREWALL

Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from. Required for full functionality of the pure NAT mode

• f NAT Reflection for port forwards or NAT Reflection

for 1:1 NAT. This only works for assigned interfaces. Other interfaces require manually creating the outbound NAT rules that direct the reply packets back through the router.

Schedule

FIREWALL

Virtual IPs

FIREWALL

Virtual IPs add knowledge of additional IP addresses to the firewall that are different from the firewall's actual "real" interface addresses. Most often, these are used for NAT, but they can also be used for other functions such as clustering, binding services such as DNS, load balancing in packages

Traffic Shaper

TRAFFIC SHAPER

Traffic shaping, also known as "packet shaping," is the practice of regulating network data transfer to assure a certain level of performance, or quality of service (QoS). The practice involves delaying the flow of packets that have been designated as less important or less desired than those of prioritized traffic streams. Regulating the flow of packets into a network is known as "bandwidth throttling." Regulation of the flow of packets out of a network is known as "rate limiting.” Example : delaying packet flow when downloading video (which is rated as less important from the company policy) Traffic Shaper UI

Intrusion Detection & Prevention System

IDPS

IDS

• Intrusion Detection System(IDS) is considered to be a passive-monitoring system, since the main function of

an IDS product is to warn you of suspicious activity taking place − not prevent them.

• IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the

event.

IPS

• Intrusion Prevention System(IPS) provides policies and rules for network traffic along with an IDS for alerting

system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted.

• IPS has the capability of being able to prevent known intrusion signatures, but also some unknown attacks

due to its database of generic attack behaviors.

Rules

• The rule header contains the information that defines the who, where, and what of a packet, as well as what

to do in the event that a packet with all the attributes indicated in the rule should show up. The first item in a rule is the rule action. The rule action tells IPS what to do when it finds a packet that matches the rule criteria.

• There are 5 available default actions in IPS, alert, log, pass, activate, and dynamic.

IDPS Rules

IDPS

IDPS( Screenshot..)

Alerts

IDPS

• IPS Alerts & Block malicious site

 Logging and Alerting System & Output Modules: process alerts and logs and generate final

• utput. All the traffics whichever match the rules has been enabled, will trigger alert

IDPS( Screenshot..)

Blocked

IDPS

• IPS Alerts & Block malicious site

 Blocks: All the traffics whichever match the rules has been enabled, will trigger alert then it will block and blocked host will be listed in Block Page.

Cont Content ent Fil ilter tering ing (Pro (Proxy) xy)

CONTENT FILTERING

Proxy limits the web access for some users to a list of accepted/well known web servers and/or URLs only. Block access to some listed or blacklisted web servers and URLs matching list of regular expressions or words for the users. Redirect blocked URLs to an info page or redirect banners to an empty GIF. Have different access rules based on time of day, day of the week, date etc. Will generate the logs for all the access or blocked URLs/ IPs for the session

Content

• ntent Filter

iltering ing (Pr (Proxy) xy)

CONTENT FILTERING

In addition to the PROXY function, rules can be customised to add onto the blocklist (Kindly refer to the above diagram).

These are the additional expressions

Content

• ntent Filter

iltering ing (Pr (Proxy) xy)

CONTENT FILTERING

Other Functionalities

VPN Captive Portal GlobalBlock DHCP SERVER Mail Reporting Monitoring Graph

VPN

VPN

iDeras software offers three options for VPN connectivity, IPsec , OpenVPN , and PPTP . IPsec

• IPsec allows connectivity with any device supporting standard IPsec. This is most commonly used for site to

site connectivity to other iDeras installations, other open source firewalls (m0n0wall, etc.), and most all commercial firewall solutions (Cisco, Juniper, etc.). It can also be used for mobile client connectivity. OpenVPN

• OpenVPN is a flexible, powerful SSL VPN solution supporting a wide range of client operating systems.

PPTP Server

• PPTP was a popular VPN option because nearly every OS has a built in PPTP client, including every Windows

release since Windows 95 OSR2. However, it's now considered insecure and should not be used.

VPN (screenshots) cont…

Enabling OPEN VPN

VPN

GlobalBlock

GlobalBlock

Global Blocks allows:

• Blocking individual countries
• All incoming and outgoing traffic can be blocked using global block.
• Restrict spammers from selected countries.
• Global block allows users to add IP Block list

GlobalBlock

GlobalBlock(Screenshots cont….)

Captive Portal

CAPTIVE PORTAL

The Captive Portal allows the IT Administrator to direct users to a web page before Internet access is permitted. From that page, IT Admin can either let users access the Internet after clicking through, or require authentication. Captive Portal Status Online Users

Captiveportal Status Captiveportal Status

Captive Portal

CAPTIVE PORTAL

User List

Captive Portal

CAPTIVE PORTAL

DHCP Server

Monitoring

Taffic Packets

The packets can also be monitored through the same Monitoring Graphs. The Graph will show you the packets passing per second through the selected interface or blocked. The same colour combination is followed with RED showing packets per second coming in the network and GREY showing packets per second going out of the network. The monitoring Graphs are depicted in different colour patterns which mostly is RED, BLUE and GREY. It is customizable so it can be assigned to any aspect the client wishes to monitor. For example if the client wishes to monitor traffic passing or blocking through an interface then the RED will be Traffic blocked coming in and GREY will be traffic blocked going out from the network through the selected interface.

Email Reports

Web Server Mail Server FTP Server DB Server Domain Server Application Server W/station 02 W/station 01 W/station 03 W/station 03 W/station 02 W/station 01 W/station 03 W/station 02 W/station 01 Branch Office Branch Office Branch Office Datacenter Internet

IMPLEMENTATION

iDeras UTM promises to be security in a box

The BENEFITS are endless, but here are a few of the relevant qualities of using iDeras within your

• rganization:

Lower up-front cost

Generally speaking, a single all-in-one appliance costs less than buying multiple dedicated

• systems. No user

license based on additional functionalities used.

Simplicity

A single purchase covers every security need, and all the security features can be controlled and configured from a single management

• console. Only a

single vendor will be in-charge for the maintenance of the device.

Ease of management

The proposed solution will have a unified console to manage all its

• features. This will

provide ease of management to the users.

Minimal Training

Only one product training is required, therefore reducing technical training day required in

• rder to

understand the nature of the product.

The BENEFITS are endless, but here are a few of the relevant qualities of using iDeras within your

• rganization:

Lower maintenance costs

Significantly reduce the amount you pay for service contracts and

• ngoing
• support. You
• nly pay yearly

maintenance support charges.

Less space

Require less space to store this equipment, where Unified Threat Management’s has the ability to fit all the services into a small, self- contained package can be really appealing.

Lower power consumption

One power supply means less power used and less lost while reducing line voltage to the levels network devices use.

Easier to install and configure

A one- appliance set up means there is just a couple of wires to connect and

• ne interface

to use setting the device.

Fully integrated

The UTM device’s many features are designed to work together without leaving gaps in your protection or creating interoperability challenges.

iDeras UTM promises to be security in a box