Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code : STM#530 Samsung Electronics Co., Ltd. OfficeServ7400 Security Introduction Distribution EnglishED01.

Published byAlyson Allen Modified over 8 years ago

Similar presentations

Presentation on theme: "Code : STM#530 Samsung Electronics Co., Ltd. OfficeServ7400 Security Introduction Distribution EnglishED01."— Presentation transcript:

1 Code : STM#530 Samsung Electronics Co., Ltd. OfficeServ7400 Security Introduction Distribution EnglishED01

2 © Samsung Electronics Co., Ltd. 2 Objectives After successful completion of the course the trainees should be able to execute the following activities.

3 © Samsung Electronics Co., Ltd. 3 Contents VPN VPN IDS IDS

4 © Samsung Electronics Co., Ltd. 4 VPN VPN

5 © Samsung Electronics Co., Ltd. 5 Overview IPSec System to system : Need GWIMS D-board PPTP/L2TP System to Node or Server to Client (ex: PC) Don’t need GWIMS D-board 본사 Internet Private Line Serial 2Mbps IPSec VPN Tunneling Remote User PPTP, L2TP Serial 2Mbps Branch #1 Branch #2 Office

6 © Samsung Electronics Co., Ltd. 6 What’s VPN ? Tunnel Mode (don’t support Transport mode) Tunnel Protocol (IPSec, L2TP/PPTP) Key Management : IKE, ISAKMAP, X.509, pre-shared Authentication : MD5, SHA-1 Encryption : AES, 3DES Transform Protocol : AH, ESP Internet Headquarters Mobile User Business Partner Branch Tunnel VPN VPN S/W Remote access Extranet Intranet VPN S/W payload VPN payload new header encryption payload

7 © Samsung Electronics Co., Ltd. 7 comparison

8 © Samsung Electronics Co., Ltd. 8 IPSec Transport Mode Tunnel Mode IP header ESP header IP payload Authenticated ESP trailer ESP auth Encrypted IP header AH IP payload Authenticated except for mutable fields in ‘IP header’ New IP header AH IP header IP payload Authenticated except for mutable fields in ‘New IP header’ New IP header ESP header Authenticated Encrypted IP header IP payload ESP trailer ESP auth

9 © Samsung Electronics Co., Ltd. 9 IKE Phase 1 Generate IKE key Main mode, aggressive mode Authentication Pre-shared key Digital Signature Public key encryption Revised public key encryption Phase 2 Generate IPSEC key Quick mode

10 © Samsung Electronics Co., Ltd. 10 OfficeServ VPN 2. Choose Phase 1 / Phase 2 parameters. 1. Configuration 3. Check status

11 © Samsung Electronics Co., Ltd. 11 Specifications of the OfficeServ OS 7200 OS 7400 Tunnels 100 Tunnels 1024 Tunnels Chip Hifn 7951 CN 1120 Protocol IPSec, PPTP, L2TP ISAKMP Encryption Authentication Phase 1(main), Phase 2(quick) 3DES Phase 1(main, aggressive), Phase 2(quick) Phase 1(main, aggressive), Phase 2(quick) 3DES, AES RSA, Pre-shared key, X.509

12 © Samsung Electronics Co., Ltd. 12 IDS IDS

13 © Samsung Electronics Co., Ltd. 13 Functions Real-time detection and response to network based attacks backdoor, DoS, DDoS, anomalous network access, etc. Using web management Support almost all kinds of protocol used in Internet Intrusion detection according to risk level High, medium, low Correspond to intrusion detection Log audit IP blocking as linked with firewall Report to admin using e-mail about detected attacks 5 categories : Intrusion Type, Source IP, Destination IP, Port, Port scan Rule update

14 © Samsung Electronics Co., Ltd. 14 Rule Update Sourcefire VRT Certified Rules Official rules of snort.org (www.snort.org)www.snort.org Three ways to obtain these rules: Subscribers (a charge) –Online web subscriber –Receive real-time rules updates as they are available Registered users (Free) –Online web subscriber –Can access rule updates 5days after release to subscription users Unregistered users (Free) –Receive a static ruleset at the time of each major Snort Release CANNOT use for GWIM (limited to commercial use!)

15 © Samsung Electronics Co., Ltd. 15 Rule Update Open Community Rulesets Submitted by members of the open source community Release to users without basic tests not to ensure that new rules will not break Snort Distributed under the GPL Freely available to all open source Snort users

16 © Samsung Electronics Co., Ltd. 16 Using Snort Three main operational modes Sniffer Packet logger Network Intrusion Detection System (Forensic Data Analysis Mode)

17 © Samsung Electronics Co., Ltd. 17 Network Environment WAN1 165.213.89.238 LAN 10.0.0.1 Management PC 165.213.87.230 Internal Network 165.213.109.2165.213.109.254 Untrusted Network Mail Server 165.213.88.100 Internet 165.213.146.134 Trusted Terminal Important File Server Send an attack packet pattern or packet pattern similar to attack Send a packet pattern similar to attack

18 Samsung Electronics Co., Ltd.

Download ppt "Code : STM#530 Samsung Electronics Co., Ltd. OfficeServ7400 Security Introduction Distribution EnglishED01."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -1/100- OfficeServ 7400 Enterprise IP Solutions Quick Install.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -1/100- OfficeServ 7400 Enterprise IP Solutions Quick Install.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google