Presentation is loading. Please wait.

Presentation is loading. Please wait.

SANGFOR NGAF V7.4 Associate

Similar presentations


Presentation on theme: "SANGFOR NGAF V7.4 Associate"— Presentation transcript:

1 SANGFOR NGAF V7.4 Associate
NGAF Introduction

2 New Threats, New Security
Security Trend A large number of new applications built on the HTTP/HTTPS standard protocol A number of threats to rely on the spread of the spread of the application Gartner report: 75% of the attack from the application layer Difficulties of O&M for Network Security Traditional Security Model is Outdated ! No Visibility of Users, Traffic and IT Assets ! No Real-Time Detection, No Post-Event Detection, Slow Response ! Difficulties of O&M for Network Security, Time Wasted ! Low Performance for L7 Application Layer Security !

3 Security evolution TECHNOLOGY SECURITY Firewall NGFW/APT IPS…UTM WAF
Packet filter Stateful ACL Signature Anomaly Heuristic DPI Malware Sandboxing Http/Web-based attack Automatic policy learning Firewall 1990s’ IPS…UTM 2000s’ NGFW/APT 2000s’-2010s’ WAF 2000s’-2010s’ SECURITY Insufficient detection capability Lack of detection tool High cost has limited deployment of advanced security solutions

4 Security evolution Total threat prevention Total Cost of Ownership
Firewall 1990s’ Packet filter Stateful ACL IPS 2000s’ Signature Anomaly Heuristic APT/NGFW 2000s’-2010s’ DPI Malware Sandboxing WAF 2000s’-2010s’ Http/Web-based attack Automatic policy learning Affordable Total Threat Prevention to All Business Networks Total threat prevention Total Cost of Ownership Risk mitigation NGFW+ WAF in one box Security effectiveness Decryption security operation

5 NGAF Function Network security Business Visibility APP security
Traffic identification BM APP security protection IPS WAF Authentication Core business Bandwidth guarantee OA APT Anti-virus NAT Legitimate business Bandwidth limitation potential threat Dos/DDoS unknown Threat Illegal business Block VPN Backtracking Sandbox App control log Network security log Report Center Traffic log Risk Assessment Real-time vulnerability analysis WEB Scanner Once analysis Multi-core Cross-module Efficient algorithm High performance

6 Deployment NGAF has flexible network adaptability, could deploy as route mode, bridge mode, virtual wire mode, hybrid mode, mirror mode, HA(High availability), support RIP, OSPF as well. Route mode Bridge mode Mix mode Mirror mode

7 Configuration wizard Configuration wizard make deployment easier. It can meet most normal scenarios and generate policy automatically.

8 IPSEC VPN and SSL VPN NGAF provide three type VPN, IPSEC VPN, SSL VPN, SANGFOR VPN. User can work at anywhere with VPN.

9 User Authentication Authentication effectively identify legal users.
NGAF can also do authentication with third-party server, like AD server, radius.

10 Bandwidth Management Traffic visibility Granularity:
BW Guarantee: Min& Max, priority BW Limit: Max, priority Downlink & uplink control Per user max bandwidth Flexibility Application, URL, user, schedule, dst. IP, Sub-interface, VLAN BM can limit the non-work related traffic , protect the core business and the core user's bandwidth, enhance bandwidth value. Traffic visibility

11 Content Security Access control based on application.
More than 1200 applications and 3000 rules. Deep identification Intelligent identification

12 Content Security Content policy Contain 3 functions:
Mail protection: mail attachments virus detection, mail attachments filtering, malicious link detection, XSS attack detection, Collision Attack URL filtering: HTTP(GET), HTTP(POST), HTTPS filtering File protection: HTTP/ FTP download/upload virus detection and file type filtering

13 DOS/DDOS DOS attack :DOS (Denial of Service) , is an attempt to make a machine or network resource unavailable to its intended users. DDOS attack:DDOS (Distributed Denial of service) is a lot of DOS attack on a machine or network resource. NGAF anti-DOS/DDOS have two type “outside attack” and “inside attack”. Inbound attack:Mainly for protect internal server not being attack from external zone. Outbound attack:Mainly for protect device itself or LAN traffic.

14 APT The infected viruses/Trojans PC attempt to communicate with the C&C server, NGAF identify the traffic, block and record the log according to the user policy, help customers to locate the infected PC and block its network traffic, to avoid some illegal malicious data into the client, provide a better protective effect. NGAF Malware Signature Database contains 12 type: trojan, adware, malware, spy, backdoor, worm, exploit, hack tool, virus, malware site, locky virus, mobile botnet. It is more than 400,000 signatures.

15 Sandbox 2. Sandbox Detection 4.2 Cloud Sync Update is Performed
3. Generate Security Rules Detection in SandBox Environment: Process creation File system modifications Registry modification 4.1 Safety Rules Delivered 1. Suspicious Traffic Reporting

16 IPS IPS (Intrusion Prevention System) is base on packet detection to discover potential threats in internal system. Regardless operating system or applications running on top of it are likely to have some security vulnerability, an attacker could exploit these vulnerabilities with aggressive attack packets. NGAF had built-in rules to protect against security vulnerabilities. NGAF will compare the packet that enter to the network with the built-in vulnerability rules and determine the purpose of this packet then decide whether to allow or deny these packet enters the target area network base on user configuration.

17 WAF Server protection mainly used to prevent attack from un-trusted zone (such as the Internet) on the target server. Currently NGFW focused on providing protection on Web and FTP applications. Web App Protection , SQL injection, XSS attack, Trojan horse, Website scan, WEBSHELL, CSRF, OS command injection, File inclusion, Path traversal, Information disclosure, Web site vulnerabilities Application hiding, Hide application server version to prevent the attacker found the appropriate holes from the version information Password Protection, prevent attacker brute force user passwords Privilege control, prevent malicious files uploaded to the protected URL path. DLP, provides scanning on sensitive data (plain text) in HTTP server, block when data leak is found and filter downloading file type

18 WAF Web protection OS Command Injection CSRF Website scan WEBSHELL
SQL Injection Website Trojan XSS Attack File Inclusion Path Traversal Information disclosure

19 Report Center Data centers can be used to query and statistics of each function module generated log. For example, you can check out the WEB application protection blocking attacks, and can query to attack the source IP, target IP and other detailed information. Can count the server in the specified time by the number of DOS attacks, etc..

20 How to login NGAF Default IP address of manage port (EHT0): Default username/password is admin/admin Version

21 How to upgrade NGAF You can upgrade NGAF with Firmware Updater.
Click ‘update’ to upgrade the device. You can press ‘F10’ to get more details.

22 How to restore NGAF to defaults
Restore NGAF with updater: 1. Connect to NGAF with firmware updater. 2. Press F10, and choose the Restore Factory Defaults. 3. Choose the corresponding update package and restore it.

23 How to restore NGAF to defaults
Restore NGAF with WebUI:

24 How to reset the NGAF password
Restore password with USB Drive: 1. Create an empty txt file named reset-password.txt or Copy the reset-password.txt file to the root directory of U Disk; 2. Insert the U disk, restart the device; 3. When the device can normally log on the WebUI, pull out the U disk; 4. See the results of the U disk file reset-password.log,If the recovery is successful, record the restored console password in this file, otherwise the log is recorded the recovery failure information. Notes: 1.This TXT file can be directly on the windows system to establish a empty TXT file, the file name to reset- password.txt; 2.The txt file must be in the root directory of the U disk; 3.U disk can be single or multiple partitions. A single partition of the U disk format must be FAT32; multi partition U disk must put the txt file in the first partition, and the first partition format must be FAT32.

25 Thank you ! tech.support@sangfor.com www.sangfor.com
Sangfor Technologies (Headquarters) Block A1, Nanshan iPark, No.1001 Xueyuan Road, Nanshan District, Shenzhen, Guangdong Province, P. R. China (518055)


Download ppt "SANGFOR NGAF V7.4 Associate"

Similar presentations


Ads by Google