Presentation is loading. Please wait.

Presentation is loading. Please wait.

Funkwerk Enterprise Communication Funkwerk UTM Workshop 09.01.2007 Thilo Schmid – Funkwerk UTM Director Sales and Business Development.

Published byRoger Shelton Modified over 10 years ago

Similar presentations

Presentation on theme: "Funkwerk Enterprise Communication Funkwerk UTM Workshop 09.01.2007 Thilo Schmid – Funkwerk UTM Director Sales and Business Development."— Presentation transcript:

1

2 Funkwerk Enterprise Communication Funkwerk UTM Workshop 09.01.2007 Thilo Schmid – Funkwerk UTM Director Sales and Business Development

3 2 for internal use only! Funkwerk UTM What is Unified Thread Management (UTM)? Before UTM systems were on the market IT-Security was:  very complex  very expensive  difficult to integrate  difficult to administrate and to maintain  interaction between components rare  hard to keep up to date Firewall IDPS A-Virus = only for big companies A-Spam

4 3 for internal use only! Funkwerk UTM Unified Threat Management – Integrated “one size fits all” Protection Auto Prevention Firewall Anti-Spam VPN Intrusion Prevention Authentication Anti-Virus Application Level Gateway Funkwerk PacketAlarm UTM

5 4 for internal use only! Funkwerk UTM Idea of Funkwerk UTM UTM Definition Unified Threat Management (UTM) is a term first used by IDC in 2004 to describe a category of security appliances which integrates a range of security features into a single appliance. By definition UTM appliances combine … firewall, gateway anti-virus, intrusion detection and prevention capabilities into a single platform! Funkwerk Unified Thread Management (UTM) means:  one solution for all major security threads  based on corporate security standards  out-of-the-box  easy implementation and easy administration  security components interact by default  good pricing  one update mechanism = for all companies sizes

6 5 for internal use only! Funkwerk UTM Unified Threat Management Components Firewall, Application Level Gateway  Multi Inspection Firewall with easy to use rule editor  Application Level Gateway (HTTP, FTP, SMTP, POP3, DNS)  Network- and Port-Address-Translation (Redirect Services)  DHCP server  Ethernet and DSL-capable (PPPoE) VPN Gateway  PPTP,L2TP und IPSec  Encryption: DES, 3DES, AES, Blowfish, Twofish, Serpent, Cast  Authentication: SHA-1, MD5, IKE certificate  IPSec NAT Traversal  Certificate Server

7 6 for internal use only! Unified Threat Management Components Intrusion Prevention Engine  Blocks attacks in real-time before they reach the network  Protects from Worms, Trojans, network based attacks  Active inside the data stream  Flexible and easy implementation Auto Prevention  Easy adjustment through pre-defined policy levels  Definitions through Funkwerk expert team and automatic reaction to attacks  Reduces administration effort extremely  Online Update of policy levels  Feature only available with Funkwerk PacketAlarm UTM Funkwerk UTM

8 7 for internal use only! Auto/Prevention (Background)  Basic IPS Engines just offer a pure pattern base but without any deployment policy: what to do when which event shows up. There is no help to the administrator or the integrator (reseller) what to do and there is no value to such an “Marketing-IPS” (no reaction is more an IDS than an IPS). Unified Threat Management Components Funkwerk UTM Source www.commtouch.com  Funkwerk’s Auto Prevention offers a complete pre-defined IPS-policy or IPS-logic with a single click.  Two policy-levels are available: normal and strong  Levels can be applied for all attack groups or user selected groups  Each new IPS signature update already has the policy classification => automatic prevention of new attacks (!)  Single groups or patterns can still be adjusted

9 8 for internal use only! Anti-Spam  Anti-Spam for SMTP and POP3  Real-time replication with multiple Blackhole-Lists (RBL + ORDB)  Heuristic Analyse of the content  White- und Black-Lists can be added  MIME header Check  Reactions defined based on spam rating  Transmission of the spam parameter inside the header for individual use  Optional: Advanced Detection Engine Unified Threat Management Components Funkwerk UTM

10 9 for internal use only! Anti-Spam (Background)  Basic Engines look from “outside” on certain parameters of the email, e.g. words and content (text, html, pictures), subject, sender and server on blacklists or whitelists Unified Threat Management Components Funkwerk UTM Problem:  method causes false positives (Examples: moral, s-e-x, send text as picture, customer is on blacklists by accident)  fine-tuning is necessary but: If filter is to liberal then to much spam (false negative), if filter is to strict then false positives  languages  Commtouch Engine looks with sensors worldwide on appearance of mass mails and gives each mail an individual fingerprint.  causes almost no false positives  no fine-tuning  very good detection ratio Source www.commtouch.com

11 10 for internal use only! Unified Threat Management Components Anti-Virus, Anti-Spyware, Anti-Phishing  Gateway virus protection for HTTP, FTP, SMTP, POP3  Can handle multi-ziped files  Reactions: delete or quarantine  Definition of unwanted file formats  ClamAV included for free  Optional Update to Kaspersky Scan Engine User Authentication  Internal User Database  External LDAP Database  External RADIUS Database  Out-of-Band Authentication -> Funkwerk UTM

12 11 for internal use only! Unified Threat Management Components Out-of-band Authentication protocol independent user authentication from both, internal to external and external to internal Funkwerk UTM Example 1: Access from external e.g. OutlookWebAccess or SSH Intranet …. Example 2: user access restrictions With OOBA insecure and sensitive services can be secured  very flexible: no client is needed (https)  sensitive services still can be accessed https http, ssh http, ftp, pop3 With OOBA users can be authenticated  very flexible: no client is needed (https)  independent of the workstation’s IP

13 12 for internal use only! Unified Threat Management Components Flexible Event Logging Funkwerk UTM Log Layer (Sub-) System Events Firewall IPS Virus Mail Update......... Internal Log SMTP (Email) Syslog SNMP V2 (Tivoli, OpenView) 100.000 entries max. Auto delete of oldest 1000 Definition of Log Filter based on: Subsystem (FW, IPS, …) and Level (high, med., low, info)

14 13 for internal use only!  All-in-one security through PacketAlarm UTM’s Multi Layer Security Architecture  Very simple Installation through Setup-Wizard  Very easy config backup and roll-out with same configurations possible  Plug-and-secure functionality through Auto-Prevention (predefined prevention policies)  Security inside VPN connections (VPN-traffic still has to pass all security layers)  Centralized online signature and software update for all security components  Basic Spam and Virus Protection already included in base product  Virus scanning also for big files possible  Additional Kaspersky and Commtouch engine  User Authentication (OOBA, internal, LDAP, Radius, Certificates)  Centralized remote management solution  Easy configuration and administration (new FCI)  External logging via Syslog, SNMP and SMTP  flexible use – as stand alone system or in combination with existing security  Very good TCO Sales arguments Funkwerk UTM

15 14 for internal use only! Major security threads Funkwerk UTM Source: CRN 11/2006, IT-Security 2006 63,0 Information in percent, base: 265 / 190 answers (multiple answers possible) Misuse of user accounts 55,8 16,2 27,2 10,6 6,8 23,8 9,1 Virus’s /Worms/ Trojans Spam Misuse of E-Mail addresses Human miss-configuration Phishing External DoS attacks Guessed passwords

16 15 for internal use only! Unified Threat Management Components Funkwerk UTM Firewall VPN Anti-Virus Intrusion Detection & Prevention Anti-Spam Auto Prevention Multi Layer Security  Funkwerk UTM’s multi layer security architecture gives comprehensive security that is needed today on one single system.  All security layers inside Funkwerk UTM can be easily switched on or off.  If there is e.g. already a Firewall or an Anti-Virus-System installed these modules can be easily deactivated to fully integrate into existing security architectures.

17 16 for internal use only! Product line Funkwerk UTM - Matrix Retail prices in € already including first year of Software & Pattern Update Software & Pattern Update for platform per following year (user independent) Funkwerk UTM UTM 1100 UTM 1500 UTM 2100 UTM 2500 UTM 3500 (Gigabit) +50 User + 499 € +50 User + 499 € +Unlim. User + 2000 € +25 User + 300 € +25 User + 300 €

18 17 for internal use only! Software updates and patterns for: IPS Auto Prevention A-Virus A-SPAM The security process – Update is a must! We’re not only selling a product once – we’re selling a long term service !! Funkwerk UTM New pattern developed Download of new patterns Install and activate pattern new threat, (attack, vulnerability, virus) discovered

19 18 for internal use only! Stand-alone Solution small medium big Funkwerk UTM

20 19 for internal use only! Stand-alone Solution Funkwerk UTM LAN to LAN Routing & Security LAN to WAN Routing & Security LAN, WAN, DMZ Routing & Security server WAN

21 20 for internal use only! server Branch office solution Funkwerk UTM Security within VPN! Centralized remote management

22 21 for internal use only! Mixed Product Solution Router / UTM Funkwerk UTM DSL Modem X.21, ATM, FrameRelay, etc Security VPN ISDN or S2M Backup Special requirements on WAN

23 22 for internal use only! Mixed Product Solution UTM / WLAN Funkwerk UTM Telecommuters, customers, public etc. e.g. hotel, hospital, office …

24 23 for internal use only! Mixed Product Solution Funkwerk UTM

25 24 for internal use only! Cross selling Basic ideas of FEC cross selling:  in every router project there must be security as you connect two or more networks  in every VoIP project there must be security as connection to the internet or VoIP providers is necessary  in every WLAN project there must be security as people access networks Funkwerk UTM

26 25 for internal use only! Funkwerk UTM Roadmap 2007 Step 1 – Jan. 2007  Product launch Funkwerk PacketAlarm UTM 1500 and UTM 2100 Step 2 – April 2007  Product launch Funkwerk PacketAlarm UTM 1100 and UTM 2500 Step 3 – Q3 / 2007  IMAP Proxy, Traffic shaping, Policy Based Routing, Content Check/Filter, DOS protection, RIP Step 4 – Q4 / 2007  Integration into FEC network management system (NMS)

27 Funkwerk Enterprise Communication Vertriebsunterstützung und Partnerprogramm

28 27 for internal use only! Inhalte nicht übersetzt in engl. Siehe Deutsch

29 Funkwerk Enterprise Communication Funkwerk PacketAlarm IDS und IPS

30 29 for internal use only! Introduction – The Security Problem Hybrid Threats like e.g. MS Blaster, Nimda, Code Red and SQL Slammer have proven, that Routers, Firewalls and Anti-Virus Systems are not enough to protect today’s company networks. Firewall Anti/Virus Nimda Code Red MS Blaster SQL Slammer SDP TCP/IPPayload depth of inspection Depth of inspection

31 30 for internal use only! PacketAlarm – First Class Security Scalable High-Level Security for every usage scenario. IDSIPSUTM SDP TCP/IPPayload depth of inspection

32 31 for internal use only! PacketAlarm IDS Features The solution: The PacketAlarm product family Intrusion Detection System (IDS)  High-Speed Intrusion Detection Engine  Monitors the complete data traffic in the whole network segment  Stores detailed attack data and can send out alerts  Powerful Vulnerability Scanner  Invisible inside the network  No influence on the performance and the traffic (passive sniffing)  Anomaly Detection  Event-Correlation  Traffic-trace  Automatic Software- and Pattern Update  Easy and simple configuration and administration  Central management and forensic over multiple systems

33 32 for internal use only! PacketAlarm IPS Features The solution: The PacketAlarm product family Intrusion Prevention System (IPS)  High-Speed Intrusion Prevention Engine  Active inside the data stream  Prevents actively from Worms, Trojans, network attacks etc. by blocking  Stores detailed attack data and can send out alerts  Automatic Software- and Pattern Update  Easy configuration and administration  Anomaly Detection  Traffic-Trace  Uses multiple correlation techniques to solve „false positive“ topic  Easy and flexible integration through implementation layer 2 or 3  High Availability option  Central management and forensic over multiple systems

34 33 for internal use only! Target markets for IDS:  medium to large size companies and enterprises IDS Examples:  Backbones of ISPs, Telcos  Network areas with a high demand on security and availability (IDS = passive sniffing) like production networks, power-plants, military, confidential and top secret development data, etc. Target markets for IPS:  medium to large size companies and enterprises IPS Examples:  Networks where Layer 3 integration is too costly (IPS in Layer 2 does not affect layer 3 infrastructure like routing, gateways etc. = easy implementation)  When only IPS functionality is needed (Firewall and IPS) e.g. securing internal server farms Target Markets PacketAlarm IDS/IPS Target customer segments

35 34 for internal use only! Product line IDS: IDS/IPS Product Line The solution: The PacketAlarm product family PacketAlarm IDS 100 Unlimited user, for 100 Mbit/s networks PacketAlarm IDS 250 Unlimited user, for 1000 Mbit/s networks Product line IPS: PacketAlarm IPS 100 Unlimited user, for 100 Mbit/s networks PacketAlarm IPS 250 Unlimited user, for 1000 Mbit/s networks

36 35 for internal use only! Funkwerk UTM - So what are we waiting for??

Download ppt "Funkwerk Enterprise Communication Funkwerk UTM Workshop 09.01.2007 Thilo Schmid – Funkwerk UTM Director Sales and Business Development."

Similar presentations

1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
All-In-One Security Overview The most benefits for your dollar, period.

All-In-One Security Overview The most benefits for your dollar, period.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Firewalls: General Principles & Configuration (in Linux)

Firewalls: General Principles & Configuration (in Linux)

Similar presentations

Ads by Google