Next-Generation Firewalls a reference

N0;('A;.('!"f.'3"%"/0B(%'D2/"X0;;' b0%'\7*;08&9'


V,('5"'N0;('A;.('!".X(/9-'

•  >2H4%\H.4%-".c41+9%T"%!".X(/9'M"*4/2.='J(#60%=' •  mQ5%9IM.4IQ3E%4#<41$G+?%9%#H4=E4H".4=%N+=P"$49e%I%4<41=%%% -  N2H4V"$2%I%&''`B%61I$G%NJ+2N$G+%I%L"1I"$3;%&''b% •  m"3E$4H4O;"%N2H4V"$2%$2%W$"_.8O"$"12U4$%d1"c2HH9X%;#"$Ud+23;%o%+4$.14H"%7a`'%

26H;+23G% -  ;$4I23")%%\668]C~B%l9"18]C~B%F4$."$.8]C~% •  RH4<2H%i44.61;$.)%`'''/%NJ+2N$G+?%I"%b'/%N"5G3E%9IM.2B%&aob%9=6641.%






L012*'g40,/0%.'6/('I%."/6/2-"' )C"<%4 !".X(/9'D2/"X0;;-'8')C"<%4'hiji'

J2-*('

0)2;2.='.('"f"*4."'

b4%26"/'!".X(/9-'

L*A[""'

D(/B%".' J+"*9'N(2%.'M(WX0/"'G"*+%(;(12"-'

M.(%"-(W' N0;('A;.('!".X(/9-' M(%2*YAPP' Y0.*+340/,' !IGAMg'

6+2(%'

A-.0/('

kJ(#lmkJ'

%2*+"'6;0="/-'

82-2(%0/2"-' *(#6;"."%"--'(['82-2(%'

A-'(['L0/*+'hiji'






L012*'g40,/0%.'6/('I%."/6/2-"' 6 (- * !".X(/9'D2/"X0;;-'8'6/(-2%*2'hijj'






Next-Generation Firewalls a reference






N0;('A;.('!".X(/9-'n'N/(,49.(87'C0,0'

NASpiqi'

NASpipi'

NASpihi'

&'%R<69%gZo7'%R<69%.E1"2.% 61"I"$U4$oaB'''B'''%9"99;4$9% a%*g>/%W7'%R;OXB%^%*g>%W7%R;OXB%7&% 3466"1%O;O2<;.%

7'%R<69%gZo`%R<69%.E1"2.% 61"I"$U4$o&B'''B'''%9"99;4$9% a%*g>/%W7'%R;OXB%^%*g>%W7%R;OXB%7&% 3466"1%O;O2<;.%

`%R<69%gZo&%R<69%.E1"2.% 61"I"$U4$o7B'''B'''%9"99;4$9% ^%*g>B%7&%3466"1%O;O2<;.%

NASoiqi'

NASoipi'

NASoihi'

7'%R<69%gZo`%R<69%.E1"2.% 61"I"$U4$o&B'''B'''%9"99;4$9% a%g>%W7'%R;OXB%a%*g>%W7%R;OX%

7'%R<69%gZo`%R<69%.E1"2.% 61"I"$U4$o&B'''B'''%9"99;4$9% ^%*g>B%7s%3466"1%O;O2<;.%

&%R<69%gZo&%R<69%.E1"2.% 61"I"$U4$o`''B'''%9"99;4$9% ^%*g>B%7s%3466"1%O;O2<;.%

NAShipi'

NAShihi'

NASpii'

7%R<69%gZo`''%S<69%.E1"2.% 61"I"$U4$o&`'B'''%9"99;4$9% a%*g>B%7s%3466"1%O;O2<;.%

`''%S<69%gZo&''%S<69%.E1"2.% 61"I"$U4$o7&`B'''%9"99;4$9% &%*g>B%7&%3466"1%O;O2<;.%

&`'%S<69%gZo7''%S<69%.E1"2.% 61"I"$U4$o`'B'''%9"99;4$9% ^%3466"1%O;O2<;.% 




PA-200

• 

• 

7''%S<69%d1"c2HH%.E14=OE6=.% W\668]C%"$2*"3%0>-%.E14=OE6=.% saB'''%52_%9"99;4$9% 7B'''%$"c%9"99;4$9%6"1%9"34$#% &`%]>*"3%0>-%.=$$"H9o.=$$"H% ;$."1i23"9% &`%**!%0>-%l9"19%

•  •  • 

q%I;1.=2H%14=."19% 7'%9"3=1;.,%N4$"9% &`'%52_%$=5<"1%4i%64H;3;"9%

•  •  •  •  • 

%

$  $  $  $  $  $  $ 

>29;I$G%3EH2#;LB%+4$.14H2%."6H4.,%NJH4V$G%3EH2#;L% W7q#<X%% r_."1$G%77'o&&'\F%$2%7&0CF%$26JT"3G%N#14T% >\8&''%T"%54V$K%$254$.4I2.%#4%123+=% a%_%A‚a`%7'o7''o7'''%]op%641.9% 7%_%A‚a`%7'o7''%SRSm%641.% F4$94H"%641.% A4N5M1,)%(c%_%b#%_%7l%.2HH% $  &q35%c%_%7s:`35%#%_%a:`35%.2HH%

% 




•  Společnost Palo Alto Networks •  Světová špička v oblasti síťové bezpečnosti -  Společnost založena v roce 2005, první prodej v roce 2007

•  Zakladatel Next-generation firewallů, které rozpoznají a kontrolují více než

1300 síťových aplikací

-  Vrací pojmu “firewall” původní význam -  Hlavní inovace: App-ID™, User-ID™, Content-ID™






Evoluce E2"71-'*%6F"G&*'0"






Evoluce H2",*16%6F"G0'I1&&"






Evoluce J2"KL?"G0'I1&&"

C2.2%!499% >1"I"$U4

%$0>-%

Y")' D2;."/2%1'

A%B82/4-' HNM'

D2/"X0;;' \$U9625%

]>IsB% C,$25;3% A4=U$O%






Evoluce M2"70%N."G0'I1&&"






Síťové aplikace p se mění…

port ≠ síťová služba IP adresa ≠ uživatel paket ≠ obsah přenášených dat

…moderní firewall by musí tyto změny následovat. 




Next Generation firewall

App-ID Identifikace aplikace

User-ID Identifikace uživatele

Content-ID Rozpoznání obsahu 




H,"%BZ90*"'n'<79;0,'r-6$*+4' Z;./0*"' \668]C~% H,"%BZ90*"'06;290*"' ' • 

7:%>14.K+J%641."5%^'%9+=."L$M%Ymm>%614I4Nƒ%

• 

&:%‚"9.H;%$"B%.2+%4%T2+Q%614I4N%9"%."#,%9+=."L$M%T"#$Jƒ%

• 

q:%‚"%."$.4%614I4N%VJ#4=3G%2%64I4H"$%ƒ%

• 

a:%>14L%dH.14IJ$G%614I4N=%9+1N"%LG9H2%641.?%#$"9%T;V% 9+=."L$M%$"9.2LG%ƒ%

• 

::::%614.4V"%„$"9.2$#21#}%T"%„$4IQ5%9.2$#21#"5}%






M2%1;"SN0--'N0/0;;";'N/(*"--2%1c' sMNkt'A/*+2."*.4/"' M2%1;"'N0--' •  p6"12U4$9%4$3"%6"1%

623+".%

-  m12…3%3H299;d32U4$%W266%

;#"$Ud32U4$X%

-  l9"1oO14=6%5266;$O% -  F4$."$.%932$$;$O%|%

.E1"2.9B%lA!9B%34$d#"$U2H% #2.2%

•  p$"%64H;3,%

N0/0;;";'N/(*"--2%1' •  g=$3U4$896"3;d3%6212HH"H%

6143"99;$O%E21#c21"% "$O;$"9%

•  *"6212."%#2.2o34$.14H%

6H2$"9%

u6'.('hi3)6-K'P(X'P0."%*=' 




!"SM.0%,0/,vb"'%(8R'M.0%,0/,' !"#$%& ' ()*(+$, -%.($(/$(0%1.-+234/1%566, 4/2$4"+# 100% 80%

83%

78%

77%

73%

60%

60%

60%

55%

54%

51%

40%

42%

20%

*4=13")%%>2H4%\H.4% -".c41+9% "##$%&'()*!+,'-.! '*/!0%,1!0.#)234! 5#2%*-!6787!

0% Sharepoint

iTunes

MS RPC

Skype

BitTorrent MSN Voice

Ooyla

Mediafire

Applications That are Capable of Tunneling 36

Networking (73)

18

18

Collaboration (46) 8

Media (24)

12

6

General-Internet (17)

7

10

Business-Systems (15) 0

25

17

2

12

13

4 41 25

50

Client-server (78)

Browser-based (66)

Network-protocol (19)

Peer-to-peer (12)

75

eMule

Teamviewer

•  67% aplikací používá port 80, port 443, nebo dynamické porty •  190 je client/server •  175 aplikací dokáže tunelovat ostatní aplikace skze SSL nebo SSH 


HL'

C"9".%$"TL29.MTPG3E%]S%26H;+23G%NT;P.M$Q3E%I%NfL29.$M$Q3E%41O2$;N23G3E% S?V"%64=VG.%mF>o^'B% mF>oaaqB%$"<4%E46% 641.,%

%0Q3E4NG%64=V;.J% ."3E$4H4O;"%%

]S%%% I21;2$., %

u14c9"18<29"#%

b'†%

b'†%

7'†%

q'†%

b'†%

FH;"$.8*"1I"1% >""18.486""1% F"H+"5%

q'†% '% 7''†%

q'†% '% 7''†%

7'†% '% &'†%

&'†% '% `'†%

q'†% '% 7''†%

S?V"%6D"$JP".% 94=<41,%

>4=VGIJ%9"%614% ;$d+4IJ$G%% 52Hc21"5%



p<92E=T"% N$J5K% N12$;."H$49U%









H,"%BZ90*"'n'<79;0,'r-6$*+4' Z;./0*"' u-"/SHwc' H,"%BZ90*"'4a280.";"' % • 

7:%‚"%N2%]>%___:___:___:___%9+=."L$M% =V;I2."H%\%2%$"<4%=V%T"%.25%=V;I2."H%uƒ%

• 

&:%\+3"6.23"%6DG9.=6=%$2%NJ+H2#M% T"#$4N$2L$K%;#"$Ud+23"%=V;I2."H"%$"<4% 9+=6;$,%ƒ%

' !






u-"/SHw'S'A1"%.'6/('Aw'






J('6(4a2e#'."*+%(;(12"'u-"/'Hw' <&-97#"'' P(1(87%&'0'F"6(/B%1' •  • 

M"*4/2.='N(;2*='

Výsledné reporty na uživatele a skupiny Filtrovat logy na libovolného uživatele

•  • 

>2O"%a^%

\6H;+2L$G%+4$.14H2%$2%=V;I2."H"%$"<4%9+=6;$=%% A4NH;P"$G%2%54V$49.%14N#MH"$G%614I4N=%4#%% N$J5Q3E%2%$"N$J5Q3E%=V;I2."H?






H,"%BZ90*"',;"'4a280.";"'






Jak to funguje

What else is Harris using

Filter on Skype and user Harris 




H,"%BZ90*"'n'<79;0,'r-6$*+4' Z;./0*"' • J(%."%.SHwc' • V(%./(;0'()-0+4' •  7:%‚2+K%94=<41,B%4#+2N,olA!%$"<4%T;$K%E14N<,% 4<92E=T"%%2+.=JH$G%#2.4IQ%.4+%ƒ% •  &:%‚2+K%#4+=5"$.,%2%94=<41,%6D;3EJN"TG%2% 4#3EJN"TG%N%2%#4%41O2$;N23"%ƒ%% •  q:%k#4B%34%2%4#+=#%9;%9.2E=T"%ƒ% •  a:%k."14=%26H;+23"%$"<4%614.4+4H%+%.45=% 64=VGIJ%ƒ% •  `:%Z;H#g;1"%8%#"."+3"%$4IQ3E%#49=#% $"N$J5Q3E%E14N"<%






Spolupráce jednotlivých funkcí

Google Talk

GMail

HTTP

SSL

Port Number - TCP

b"',0%7'06;290*"'6(8(;"%0x'' W\668]CX'

L7'9',0%:'06;290*2'4a280.";'?2' -9462%0'6C&-.46x' Wl9"1%]CX'

b097',0.0'-"'-9/<'06;290*2' 6C"%7>&x'' WF4$."$.%]CX' Příchozí směr Prevence škodlivému SW •  IPS •  Malware •  Anti-virus •  Kategorizace webu •  Šifrované a komprimované soubory Odchozí směr Data leakage control •  Čísla kreditních karet •  Document fingerprinting 




\&."'509:',(94#"%.='-94."?%$' 6C2*+7<&'0'(,*+7<&'<'80>&' (/10%2<0*"'x'






Integrated Threat Prevention

%  Antivirus %  Anti-Spyware %  Vulnerability Protection %  URL Fitrace %  File Blocking %  Data Filtering %  DoS Protections

0=H$"12<;H;.,% r_6H4;.9% C2$O"14=9%g;H"% m,6"9%

Botnets and Malware

H%."1/0B8"' G+/"0.'' N/"8"%B(%'

l$+$4c$% mE1"2.9%

]$i"3."#%Z"<% >2O"9%






Profil - AntiVirus






Profil: Anti-Spyware Profil






Profil - Vulnerability Protections






URL Filtering






N/(Z;'n'D2;"'T;(*92%1''






N/(Z;'S'w0.0'D2;."/2%1''






Profil – DoS Protection






AJJ' • 

Application Command Center (ACC) • 

• 

Používané aplikace, URLs, bezpečnostní hrozby, data filtering activity =

Přehled, analýza, reakce






D2/"X0;;'N(;2*2"-'






w"Z%2*"'N(;2*='%0'<79;0,$'1"(;(90*"'






3"(;(90*"'n',0;>&'%7-./(5'6/(' )"<6"?%(-.%&'0%0;R<4'






QoS a Traffic Shaping






F"6(/B%1'






J('5"'Y2;,D2/"'' • 

Analyzuje a identifikuje neznámí malware na základě chování ve virtuálním sandbox prostředí •  Hledá více než 70 typů podezřelého (typického) chování

• 

Automaticky generuje signatury pro identifikaci malwaru •  Distribuuje zpětně signatury na všechny firewally skrze standardní „threat updates“

• 

Poskytuje k nahlédnutí forenzní analýzu zjištěného malwaru a jeho chování •  Činnost na koncovém počítači •  Aplikace které používá (zneužívá) pro doručení malwaru •  URLs odkud byl malware stažen.






b09'Y2;,D2/"'[4%145"'x' F45621"%.4%k$4c$%g;H"9% *2$#<4_%r$I;14$5"$.% *;O$2.=1"%R"$"12.41% \#5;$%Z"<%>41.2H% Unknown Files From Untrusted Zones

Firewall Submits File to WildFire Cloud

New Signatures Delivered to ALL Firewalls. Portal provides malware forensics






Y2;,D2/"'Y")'N(/.0;'

Z;H#g;1"%c"<%641.2H%8%Ej69)ooc;H#d1":62H42H.4$".c41+9:345%






Y2;,D2;"'w0-+)(0/,'






w".02;%&'F"6(/.'n'M.0.4-d' yL0;X0/"_' !"#$%& 9):'%*!*':.,!'*/!;<,!)=!2.:)3.!>),3,!&)*3'&3./!?@!,':#$.4!ABB.'/.2!,C::'2%.,!

'()#*+,&-.(/)0& D%,3!)=!:)/%E./!2.-%,32@!1.@,4!E$.,4!'*/!#2)&.,,.,!,3'23./!)2!,3)##./F!






w".02;%&'F"6(/.'n'M.0.4-d' yT"%21%&_'






3;()0;N/(."*.'N(/.0;'n'A4.(/2<0*"K'mHNK'\N!'






J;2"%.'n'M"/8"/'''MMPlHNM"*'\N!'






mHN'n'm(-.'H%[('N/(Z;"' F4%IP"3E$4%5?V"5"%+4$.14H4I2.%$2%+4$34IQ3E%9.2$;3G3E% ‡%m(-.'H%[(' 4%>414I$JIJ%2%+4$.14H=T"%I"1N;%<MVG3G3E%Z;$#4c9%$2%+4$34IK%9.2$;3;B%%I"1N;%RH4<2H>14."3.%2O"$.2%% %2%#45K$4IK%T5K$4%E49.2:% ‡%A%BS82/4-%% 4%k4$.14H=T"%\0%|%.,6B%614#=+.B%IQ14<3"B%I"1N;B%1"2H%U5"%614."3U4$%2%#2.=5%649H"#$GE4%932$=:% ‡%A%BS-6=X0/"%% 4%k4$.14H2%|%.,6B%614#=+.B%IQ14<3"B%I"1N;B%1"2H%U5"%614."3U4$%2%#2.=5%649H"#$GE4%932$=%:% ‡%w2-9')0*946'' 4%k4$.14H2%#;9+%<23+=6%94yc21"%2%L29%649H"#$GE4%<23+=6=:% ‡%w2-9'"%*/=6B(%'' 4%k4$.14H2%$2%#2.2%"$31,6U4$%94yc21"%2%9.2I%P;i14I2$KE4%#;9+=:%% ‡%D2/"X0;;' 4%k4$.14H2%8%IQ14<3"B%I"1N"%2%9.2I%ic%WN26$=.4%8%I,6$=.4X:% ‡%N0.*+'#0%01"#"%.' 4%k4$.14H2%$2%3E,<MTG3G%62.3E"%4#%+4$+1K.1$GE4%IQ14<3":%% ‡%J4-.(#'J+"*9-' 4%k4$.14H2%%96"3;d3+Q3E%6143"9?%$26D:%%1"O;9.1,%+",9%$2%+4$34IK%9.2$;3;B%<MVG3G%6143"9,:::%

%%






mHN'n'L(a%(-B'9(%./(;='






mHN'n'N/(Z;='0'-9462%='

*4=13"%h4$"% \334=$U$O%

C9.%h4$"% CSh%

*13%]>% \334=$.8$".%

C9.%]>% \334=$.8% *"1I"19%

\334=$U$O%

CSh%

\334=$.8$".%

\$,%

]$."1$".%

\$,%

\334=$.8% *"1I"19% \$,%

Y]>%614dH"% C;9+% r$31,6U4$% -48Y]>% Y29%\0%2$#% Y29%gZ%

\3U4$% \HH4c% #"$,% \HH4c%






mHN'S'P(1(87%&'0'/"6(/B%1'






3;()0;N/(."*.'S'P(1(87%&'






L(a%(-B'%0-0<"%&'' \2-2)2;2.='

‡  \66H;32U4$B%=9"1%2$#%34$."$.% I;9;<;H;.,%c;.E4=.%;$H;$"% #"6H4,5"$.%

G/0%-60/"%.'H%SP2%"'

‡  ]>*%c;.E%266%I;9;<;H;.,%ˆ%34$.14H% ‡  F4$94H;#2U4$%4i%]>*%ˆ%lA!% dH."1;$O%

D2/"X0;;'F"6;0*"#"%.'

‡  g;1"c2HH%1"6H23"5"$.%c;.E%266% I;9;<;H;.,%ˆ%34$.14H% ‡  g;1"c2HH%/%]>*% ‡  g;1"c2HH%/%]>*%/%lA!%dH."1;$O%






w$9452'<0'6(<(/%(-.' 50%^80*;0829z-9=8"/0^*<'