Sepehr Firewalls Sepehr Sadra Tehran Co. Ltd. Ali Shayan December 2008.

Slides:



Advertisements
Similar presentations
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
Advertisements

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Service Providers & Data Link & Physical layers Week 4 Lecture 1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
網際網路協定基礎介紹 Data Communications and Computer Networks: A Business User’s Approach Fifth Edition (Chap 10)
Firewall Slides by John Rouda
1 Enabling Secure Internet Access with ISA Server.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
CNT-150VT. Question #1 Your name Question #2 Your computer number ##
Workshop 1: Introduction to TCP/IP
Module 3: Planning and Troubleshooting Routing and Switching.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
1 © 1999, Cisco Systems, Inc. The Cisco VPN 3080 Concentrator 0844_04F9_c
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 12 Windows on the Internet.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Chapter 6: Packet Filtering
Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.
9/15/2015© 2008 Raymond P. Jefferis IIILect Application Layer.
Cooperative Education – Networking Spring 2010 Network Team Saigon Institute of Technology.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Network Admin Course Plan Accede Institute Of Science & Technology.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
Defense Techniques Sepehr Sadra Tehran Co. Ltd. Ali Shayan November 2008.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
TCP/IP Protocols Contains Five Layers
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Cooperative Education – Networking Fall 2009 Network Team Saigon Institute of Technology.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
ACCESS CONTROL LIST.
Security fundamentals Topic 10 Securing the network perimeter.
Networking Material taken mainly from HowStuffWorks.com.
1 Bus topology network. 2 Data is sent to all computers, but only the destination computer accepts 02608c
1 Internet Protocols To support the Internet and all its services, many protocols are necessary Some of the protocols that we will look at: –Internet Protocol.
1 Interview Questions - What is the difference between TCP and UDP? - What is Nagle's Algorithm? - Describe the TCP handshaking process. - What is Slow.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Computer Communication: An example What happens when I click on
Transmission Control Protocol (TCP) Internet Protocol (IP)
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
InterVLAN Routing 1. InterVLAN Routing 2. Multilayer Switching.
Security fundamentals
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
CompTIA Security+ Study Guide (SY0-401)
Module 3: Enabling Access to Internet Resources
Planning and Troubleshooting Routing and Switching
Securing the Network Perimeter with ISA 2004
What the OSI Protocol Layers Do
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Virtual LANs.
The Open System Interconnection (OSI) Model & Network Protocols.
CompTIA Security+ Study Guide (SY0-401)
Firewalls Purpose of a Firewall Characteristic of a firewall
תרגול 11 – אבטחה ברמת ה-IP – IPsec
Firewalls Chapter 8.
Networking Essentials For Firewall-1 Administrators
Presentation transcript:

Sepehr Firewalls Sepehr Sadra Tehran Co. Ltd. Ali Shayan December 2008

2 Introduction GOS3 (GateMAN Operating System v3) User Interfaces: –GUI (GateSetUP) –CLI Log Log Analyzers –SLAT v2,3 (Sepehr Log Analysis Tool) –CBLR (Client Based Log Report) –Caser (Content Analysis System Extended Revision) LAN User Accounting –Authentication Server : gateauthd –Authentication Client : LAN Authenticator (web-based), GateAUTH (Windows Application) RAMA (Remote Access Monitoring Agent)

3 Firewall Platform Types Sepehr4100 Series –Sepehr4110 –Sepehr4108 –Sepehr4106 –Sepehr4104 –Sepehr4102 Sepehr3400

4 Sepehr4100 Series Hardware Specification 2 x 10/100/1000 Mbps UTP Ethernet Ports. 2 x GBICs PCI-Express Card. 4 x 10/100/1000 Mbps UTP Ethernet PCI-Express Card Bypass Module Fault Tolerant in Router Mode VPN Accelerator 3.2 GHz XEON CPU 2 GB RAM LCD Panel for limited configurations 19 inches rack mountable chassis with 1U height

6 Sepehr4110 Hardware Specification 10 x 10/100/1000 Mbps UTP Ethernet Ports. Fault Tolerant in Router Mode VPN Accelerator 3.2 GHz XEON CPU 2 GB RAM LCD Panel for limited configurations 19 inches rack mountable chassis with 1U height

7 Sepehr4108 Hardware Specification 6 x 10/100/1000 Mbps UTP Ethernet Ports. 2 x GBICs/SFPs PCI-Express Card. Fault Tolerant in Router Mode VPN Accelerator 3.2 GHz XEON CPU 2 GB RAM LCD Panel for limited configurations 19 inches rack mountable chassis with 1U height

8 Sepehr4106 Hardware Specification 2 x 10/100/1000 Mbps UTP Ethernet Ports. 4 x GBICs/SFPs PCI-Express Card. Fault Tolerant in Router Mode VPN Accelerator 3.2 GHz XEON CPU 2 GB RAM LCD Panel for limited configurations 19 inches rack mountable chassis with 1U height

Sepehr4100 Final Hardware

10 Sepehr 4104 Hardware Specification 4 x 10/100/1000 Mbps UTP Ethernet Ports. 3.2 GHz PIV CPU 1 GB RAM Bypass Module Fault Tolerant in Router Mode LCD Panel for limited configurations 19 inches rack mountable chassis with 1U height

11 Sepehr 4102 Hardware Specification 2 x 10/100 Mbps UTP Ethernet Ports 2 x 10/100/1000 Mbps UTP Ethernet Ports 2.8 GHz PIV CPU 1 GB RAM Bypass Module Fault Tolerant in Router Mode LCD Panel for limited configurations 19 inches rack mountable chassis with 1U height

12 Sepehr 3400 Hardware Specification 4 x 10/100 Mbps UTP Ethernet Ports 1 GHz CPU 1 GB RAM Fault Tolerant in Router Mode VPN Accelerator 19 inches rack mountable chassis with 1U height

13 Firewall Engine Types Without any Extension FL : Full Log –Firewall with all features –Logging the Header of the Packets (Log Packet, Log Connection, Log NAT) –Logging the Content of Packet FLV : Full Log Visualize –Firewall with all features –Logging the Header of the Packets (Log Packet, Log Connection, Log NAT) –Logging the Content of Packet –Events Visualizer (

14 Sepehr 4100 Series, Sepehr 3400 Firewall with ALL Firewalling Features Logging the Header of the Packets and Connections -Log Packet -Log Connection -Log NAT Statistical Log Analyzer (SLAT 2) Client Based Log Analyzer (CBLR) Authentication

15 Sepehr 4100 FL Series, Sepehr 3400 FL Firewall with ALL Firewalling Features Logging the Header of the Packets and Connections Log Packet Log Connection Log NAT Logging the Body of the Packets and Connections –Log Content Statistical Log Analyzer (SLAT 2) Client Based Log Analyzer (CBLR) Authentication RAMA

16 Sepehr 4100 FLV Series, Sepehr 3400 FLV Firewall with ALL Firewalling Features Logging the Header of the Packets and Connections Log Packet Log Connection Log NAT Logging the Body of the Packets and Connections –Log Content Statistical Log Analyzer (SLAT 2) Client Based Log Analyzer (CBLR) Events Visualizer (Caser) Authentication RAMA

17 Working Modes Bridge Router Compound Mode

18 Traffic Shaping Per Firewall Network Interface Frames per second limitation on input/output frames per port Bits per second limitation on input/output bits per port. By Protocol Type By Source/Destination MAC address By Source/Destination IP address By Source/Destination Port Number Per TCP connection bandwidth limitation

19 Packet Filtering Packet filtering based on input/output directions. Packet filtering based on input/output interfaces.

20 Packet Filtering (continued) Mac Protocol filtering by type (ARP, Reverse ARP, IP, IPX, …, and RAW frames) Internet Protocol filtering by type (ICMP, IGMP, TCP, …, and RAW packets) and Source/Destination address TCP/UDP filtering by Source/Destination port ICMP filtering by type and code

21 Checksum Full IP Datagram filtering with Automatic IP Checksum Control ( Layer 2 ) Checksum Checking (inbound) on TCP, UDP or ICMP Packets ( Layer 3 ) –Accept if correct –Drop if incorrect –Accept if incorrect Checksum Calculating (outbound) on TCP, UDP or ICMP Packets ( Layer 3 )

22 Tight TCP State-full Inspection TCP Checksum Checking TCP Sequence Number Checking and Tracing in Stream Syn/Ack/Fin State Transition Control and Violation Avoidance Out of sequence TCP packet alignment.

23 Application Layer Filtering Application layer protocol monitoring and violation control. -HTTP -SMTP -FTP -TELNET

24 HTTP URL Filtering URL filtering with user defined URL database to filter: -Domains -Sub-domains -Directories White list URL databases Regular expression databases

25 SMTP Filtering SMTP filtering with respect expressions of -username -domain-name - sender/receiver databases.

26 FTP Filtering Downloading files Uploading files

27 VPN IPSec, IKE Gateway to Gateway –Sepehr to Sepehr –Sepehr to Cisco –Sepehr to Windows 2003 Server Gateway to workstation –Sepehr to Windows 2000, XP

28 NAT Hide Source NAT with replacing –Source IP Address (Single, Subnet, Range, Database) –Source Port Number (Single, Range, Database) Hide Destination NAT with replacing –Destination IP Address (Single, Subnet, Range, Database) –Destination Port Number (Single, Range, Database) Hide Source and Destination Simultaneously –Source/Destination IP Address (Single, Subnet, Range, Database) –Source/Destination Port Number (Single, Range, Database) NATing on Router and Bridge Mode

29 VLAN VLAN definition on Ethernet Ports –Bridging between Ethernet ports which have same Cluster ID –Routing between VLANs Truncking Support (802.1q) Multi Point Installation and configuration

30 Fault Tolerance Routing Mode Virtual Routing Redundancy Protocol (VRRP)

31 Log Server Remote Log Archiving Directly or Indirectly Connection to Firewall Specific Protocol Log Archiving –Time –Volume FIFO for Archived Log Files

32 References [1] Sepehr S. T. Co. LTD, Sepehr Firewalls, October 2008.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.