Embed Size (px)
Citation preview
Guidance to Improved Information Security
SonicWALL Solutions for Federal Government
8.5.08
Need for Internet Security
Changing Nature of Attacks
Critical infrastructures reliant on Internet
Full-blown cyber “shadow” war: Systematic probing and attacks by hostile entities
Exploitation of application vulnerabilities
Dramatic increase in the speed and sophistication of blended threats New threats, Spyware, Phishing, Wireless
threats Compounded by human factors and social
engineering
NIST Guidance*
Risk-Based Protection Strategies
Defense-in-breadth considerations include:
Diversification of the portfolio of information technology assets within the organization;
Management of the complexity of the information systems within the organization;
Application of a balanced set of management, operational, and technical safeguards and countermeasures to organizational information systems to achieve defense-in-depth;
Detection and response to breaches of information system boundaries;
Restrictions on the use of information technologies based on the risks incurred by the deployment of such technologies
* NIST Special Publication 800-39, Oct. 2007
NIST Guidance*
Diversification of Information Technology Assets
Homogeneity in hardware and software components can increase risk
Diversifying the portfolio of information technology products translates into greater difficulty in completing attacks
The degree of information technology asset diversification should be commensurate with organizational risk
* NIST Special Publication 800-39, Oct. 2007
NIST Guidance*
Continuous Monitoring
Effective information security programs should include an aggressive continuous monitoring program
An effective organization-wide continuous monitoring program includes: Configuration management and control processes for
organizational information systems; Security impact analyses of changes to the organization’s
information systems Assessment of selected security controls in the
information systems Security status reporting to appropriate organizational
officials.* NIST Special Publication 800-39, Oct. 2007
Our Solutions Address Key Security Concerns
Network Security UTM
Secure Content Management
Secure Operational Continuity
Secures and protects
networks from viruses,
Trojans, worms and other malware
Prevents web-based and
email-based malware from entering your
network
The ultimate back up for digital and
natural disasters
Global Management SystemAn easy way to monitor, manage and report on your network
SonicWALL Advantages
Lower costs of acquisition and implementation
Lower total cost of ownership (TCO)
Lower energy consumption appliances
Reduced thermal footprint/lower temperature operations
Solutions FIPS Certified or on certification track with Common Criteria
Company coordinates with NIST
SonicWALL Broad Solution Suite
A HeterogeneousSecurity Environment
SonicOS firmware
Purpose-built and hardened
Common Criteria certified (v5.0.1 on Network Security Appliance [NSA] Series)
Competes with Cisco and Juniper
A proven platform with 13+ years in the field and over 1MM installations
A dynamic platform with constant adaptation and refinementachieving Evaluation Assurance Level (EAL) 4+
Inclusion of devices utilizing SonicOS isin alignment with NIST guidance on creating
a heterogeneous security environment.
Guidance to Solutions – Intrusion Prevention
NSA** UTM Firewalls 25K signature capability
Unified Threat Management: Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention (GAV/IPS)
Content Filtering Service (CFS)
GMS management and ViewPoint reporting
Multi-core specialized security microprocessors for industry-leading throughput with Load Balancing
FIPS 140-2 Level 2 Encryption
Application Layer Inspection
Optional 802.11b/g Wireless LAN
NIST Guidance* – Signature-Based Detection
Security Capabilities
Information Gathering Capabilities
Logging Capabilities
Detection and Prevention Capabilities
Management
Application Layer
Wireless IDPS
* NIST Special Publication 800-94, Feb. 2007** NSA = Network Security Appliance
Hidden threats
Firewall Traffic Path
Network communication, like email, file transfers and web sessions are packetized
Typical User Activity
4 3 2 1
Typical Network Traffic: EmailOur World View
Firewall View
Traffic = multiple packets of information
DATA
HE
AD
ER
One Packet = Header info and Data
Intrusion Prevention:SonicWALL Approach
Firewall Traffic Path
INSPECT
Version | Service | Total Length
ID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP AddressIP Options
SourceUDP Port
DestinationUDP Port
UDPLength
UDP Checksum
Source
212.56.32.49
Destination
65.26.42.17
Source Port
823747
Dest Port
80Sequence
28474
Sequence
2821
Syn state
SYN
IP Option
none
StatefulPacket
Inspection
Typical Firewalls
Stateful is limited inspection that can only block on ports
No Data Inspection!
Packets go through unchecked!
Firewall Traffic Path
INSPECT
Version | Service | Total Length
ID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP AddressIP Options
SourceUDP Port
DestinationUDP Port
UDPLength
UDP Checksum
SonicWALL Signatures
ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT
INSPECT
StatefulPacket
Inspection
DeepPacket
Inspection
SonicWALL – Deep Packet
Deep Packet Inspection inspects all traffic moving through a device – 98% more inspection
Version | Service | Total Length
ID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP AddressIP Options
SourceUDP Port
DestinationUDP Port
UDPLength
UDP Checksum
Why SonicWALL is preferable:
Version | Service | Total LengthID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP Address
Version | Service | Total LengthID | Flags | FragmentTTL | Protocol | IP Checksum
Source IP AddressDestination IP Address
Version | Service | Total LengthID | Flags | FragmentTTL | Protocol | IP Checksum
Source IP AddressDestination IP Address
SonicWALLReal Time
Scanning Engine
All solutions: Memory Limited Scanning Engine
Mem
ory
Real-time ScanningScanning
Memory Full - Scanning Stopped
Scanning StoppedScanning
Protection for ALL Traffic and ALL Users # of Users Traffic
max
min
max
min
# of Users Traffic
max
min
max
min
Network Use
Network Use
Gateway Anti-Virus Scan through unlimited file sizes Scan through unlimited
connections Scan over more protocols than any
similar solution Anti-Spyware/Phishing for protection
against malicious programs Blocks the installation of spyware Blocks spyware that is emailed
and sent internally Applications Layer Threat Protection:
Full protection from vulnerabilities, buffer overflows, worms, blended threats
Content control, application blocking for control over IM, P2P and other apps and SPAM RBL blocking
Fully updateable with pro-active intelligence and alerting
Data Center
WLANZone
UserZone
Unified Threat Management
Wireless UTM
InternalProtection
PRO Series as In-line Threat Solution
• Full L2-7 signature- based inspection• Application awareness
Intrusion Prevention: SonicWALL Unified Threat Management
24x7 Signature Updates
Deep Inspection EngineDeep Inspection Engine
FORWARDINGFORWARDINGENGINEENGINE
FORWARDINGFORWARDINGENGINEENGINE
RATE LIMITERRATE LIMITER
EGRESS PACKETHANDLING
EGRESS PACKETHANDLING
REFRAGREFRAG
BW MANAGEMENTBW MANAGEMENT
ROUTINGROUTING
NETWORKNETWORKI/O ENGINEI/O ENGINENETWORKNETWORKI/O ENGINEI/O ENGINE
INGRESS PACKETHANDLING
INGRESS PACKETHANDLING
BW MANAGEMENTBW MANAGEMENT
DEFRAGDEFRAG
FLOW ORDERFLOW ORDER
STREAM REASS’MSTREAM REASS’M
PKT INSPECTION SERVICESPKT INSPECTION SERVICES
L3L3
L4L4
L7L7
IKEIKE
FWFW
FLOW CLASSIFIERFLOW CLASSIFIER
L2L2 Fast
Path
Forward
Drop
Rules, Identity Mgmt and Policies
Rules, Identity Mgmt and Policies
IPSIPS A/VA/V CFSCFS VPNVPN OtherOther
FLOW VECTOR BUS
Flow Queue
Purpose Built Hardened OSPerformance tunedFirst to market scalable inspection
techniquesFlexible security pathsUnified Threat ManagementEasy to Deploy – plug/play
Intrusion Prevention:SonicWALL Approach
Behind every appliance:
Unified Threat Management
Guidance to Solutions – Wireless
SonicWALL NSA** and TZ Series
Wireless cards and access points
Secure wireless roaming
IEEE 802.11a/b/g options
Multiple SSID support
Central management
Rogue access point detection
Intrusion detection, wireless firewalling, virtual access point (VAP), and content filtering
Granular security policy enforcement
NIST Guidance – Client Devices
Access Points
Wireless Bridges
IEEE 802.11a/b/g
Configuration/change control and management includes security feature enhancements and patches
Standardized configurations to reflect security policy
* NIST Special Publication 800-48 Aug. 2007** NSA = Network Security Appliance
Guidance to Solutions- VPNs
SonicWALL E-Class SSL-VPN
Central Reporting and Management
High Capacity and Availability
Tokenless Two-factor Authentication, and RSA support
Granular Access Control
Mobile Device Support
Endpoint Control: Client Interrogation and Session Protection
NIST Guidance* Manageability
High Availabilityand Scalability
Portal Customization
Authentication
Encryption and Integrity Protection
Access Control
Endpoint Security Controls
Intrusion Prevention
* NIST Special Publication 800-113, Sept. 2007
SSL-VPN can be an all-in-one solutionfor all user to remotely access applications Mobile workers, Teleworkers,
Partners, Contractors
Not just for laptops Desktops, PDAs, Smartphones
Integrates on existing infrastructure
Opens new opportunities to access applications from the field and provide better services
Supporting Telework
CONFIDENTIAL All Rights Reserved19
SSL-VPN
Suppliers
H Q Tele-Workers
Mobile Users
Supporting Telework
Reduces traffic congestion
Reduces public infrastructure costs
Reduces air pollution
Reduces real-estate costs
Reduces office-operations costs
Increases employee satisfaction
Accommodates disabilities
Helps meet regulatory compliance
Improves public image
CONFIDENTIAL All Rights Reserved20
Guidance to Solutions – Email Security
SonicWALL E-ClassEmail Security
Hardened OS
Inbound and outbound e-mail protection
Dual-layer Commercial Anti-Virus
Anti-spam; Anti-phishing
DHA, DoS, Zombie andOther Attack Protection
Attachment Scanning
Group and user management
Robust Policy Management
Monitoring, Reporting and Log Management
NIST Guidance* Hardening the email
server
Malware scanning
Spam filtering
Phishing filter
Content Filtering
Blacklist and Whitelist capabilities
* NIST Special Publications SP800-45/114, Feb. / Nov. 2007
Guidance to Solutions – Back-Up and Recovery
SonicWALL Continuous Data Protection
Desktop, Laptop, Server Backup
Continuous Data Protection
File Versioning
Open-file Backup
Policy Based Backup
Active Directory Backup
Site-to-Site Backup
Encryption
Central Administration
Remote Administration
NIST Guidance* Ensuring that
information stored on telework devicesis backed up
Encrypting files stored on telework devices and removable media
Storage encryption
* NIST Special Publication SP800-114, Nov. 2007
Guidance to Solutions – Security Management
SonicWALL GMS Centralized security and network
management
Active monitoring of heterogeneous network : single site to thousands of distributed devices
VPN deployment and configuration
Allows for customized security polices
Granular filters can isolate individual users or groups
Active device monitoring and alerting
Isolate rogue hosts on network segments
NIST Guidance* Access Control
Audit and Accountability
Configuration Management
Identification and Authentication
Maintenance
System and Communications Protection
System and Information Integrity
* NIST Special Publication SP800-53, Dec. 2006
The SonicWALL Global Management System delivers higher quality service to the government, builds efficiencies, and increases security, availability and performance of your security infrastructure
Security management
Change Control
IT Process and Control
ReportingPolicy Management
A powerful and intuitive tool to centrally manage, monitor, and upgrade thousands of security appliances
A configuration engine to deploy a distributed VPN network
A tool to distribute security services to security appliances
A reporting engine to provide reports and daily logs of firewall activities
Central Management & ReportingInfrastructure Management
Global Management System
GMS Server DB Web Client
Management Tunnels
Designed to provide enterprises with flexible, powerful and intuitive solution to centrally and remotely manage and rapidly deploy SonicWALL appliances and security policy configurations.
GMS Delivers Secure Compliance Enforcement
•GMS Delivers Policy and Management Enforcement through:
Centralized Management (Encrypted and Authenticated)
Strong Access Control (Read, Write, etc.)
Comprehensive Audit Trails (Monitoring, Reporting, Logging)
Dynamic Vulnerability Management (Unified Threat Management Subscriptions)
SonicWALL ViewPoint Reporting
Intelligent and Comprehensive: To help administrators optimize security, management growth and plan for future needs, ViewPoint provides understanding of:
Network events Activity of threats Employee Internet usage Bandwidth consumption
Easy-to-use Web-based reporting tool that provides administrators with insight into the health of their network including both performance and security
SonicWALL®, Inc. is a global and publicly held company that designs, develops, and
manufactures network security, secure remote access, Web and e-mail security, data backup and recovery, and policy and
management solutions.
SonicWALL is Financially Solid
Founded 1991
Publicly traded since 1999
Financially solid (over $200 million in cash)
$30 million invested in research and development 2006
30% year-over-year growth
Market-leading Solutions
Sources: IDC Quarterly Security Appliance Tracker Q4 2005; Infonetics Network Security Appliances and Software, Quarterly Worldwide Market Share and Forecast Q1’06
For four quarters in a row, we are For four quarters in a row, we are the worldwide leader in unitsthe worldwide leader in units
Unified Threat Unified Threat ManagementManagement
For the 2nd year in a row, we For the 2nd year in a row, we are the leader in units selling for are the leader in units selling for
$490-$1,499 in $490-$1,499 in
Security AppliancesSecurity Appliances
We introduced our first SSL-VPN We introduced our first SSL-VPN solution in Q3’05 and quickly solution in Q3’05 and quickly
moved to the leading unit market moved to the leading unit market share position in share position in
SSL-VPNSSL-VPN
#3
Introduced SCM solution in Q4’04 Introduced SCM solution in Q4’04 and soon became a leadingand soon became a leading
Web Filtering Web Filtering Appliance ProviderAppliance Provider
#1
#1
#1
Enterprise Enterprise Security and Security and ProductivityProductivity
Remote / Remote / Branch Office Branch Office
SolutionsSolutions
Client Client SolutionsSolutions
Management Management SolutionsSolutions
SonicWALLSolutions
Integrated, Dedicated and Distributed Solutions
Completely integrated gateway securityPurpose built dedicated content securityDeployment specific remote office solutionsUnique, fully integrated, distributed wireless connectivity
Ultra-high performance, first to market deep packet inspection
Dynamic, automated services and updates
Scalable enterprise management, reporting and policy control
The SonicWALL Advantage
SonicWALL Qualifications
Enables Federal Information Security Management Act compliance
Installed Base proven in the field
FIPS Certifications –FIPS 140-2, Level 2
Low cost of entry, ease of deployment, and ease of management
Lower TCO
GSA schedule Pricing; Made in USA Letter of Supply,
Solid channel distribution
SonicWALL Serving Federal Govt
U.S. House of Representatives
Thank You!
CONFIDENTIAL All Rights Reserved34
