N0;('A;.('!"f.'3"%"/0B(%'D2/"X0;;' b0%'\7*;08&9'
V,('5"'N0;('A;.('!".X(/9-'
• >2H4%\H.4%-".c41+9%T"%!".X(/9'M"*4/2.='J(#60%=' • mQ5%9IM.4IQ3E%4#<41$G+?%9%#H4=E4H".4=%N+=P"$49e%I%4<41=%%% - N2H4V"$2%I%&''`B%61I$G%NJ+2N$G+%I%L"1I"$3;%&''b% • m"3E$4H4O;"%N2H4V"$2%$2%W$"_.8O"$"12U4$%d1"c2HH9X%;#"$Ud+23;%o%+4$.14H"%7a`'%
26H;+23G% - ;$4I23")%%\668]C~B%l9"18]C~B%F4$."$.8]C~% • RH4<2H%i44.61;$.)%`'''/%NJ+2N$G+?%I"%b'/%N"5G3E%9IM.2B%&aob%9=6641.%
L012*'g40,/0%.'6/('I%."/6/2-"' )C"<%4 !".X(/9'D2/"X0;;-'8')C"<%4'hiji'
J2-*('
0)2;2.='.('"f"*4."'
b4%26"/'!".X(/9-'
L*A[""'
D(/B%".' J+"*9'N(2%.'M(WX0/"'G"*+%(;(12"-'
M.(%"-(W' N0;('A;.('!".X(/9-' M(%2*YAPP' Y0.*+340/,' !IGAMg'
6+2(%'
A-.0/('
kJ(#lmkJ'
%2*+"'6;0="/-'
82-2(%0/2"-' *(#6;"."%"--'(['82-2(%'
A-'(['L0/*+'hiji'
L012*'g40,/0%.'6/('I%."/6/2-"' 6 (- * !".X(/9'D2/"X0;;-'8'6/(-2%*2'hijj'
Next-Generation Firewalls a reference
N0;('A;.('!".X(/9-'n'N/(,49.(87'C0,0'
NASpiqi'
NASpipi'
NASpihi'
&'%R<69%gZo7'%R<69%.E1"2.% 61"I"$U4$oaB'''B'''%9"99;4$9% a%*g>/%W7'%R;OXB%^%*g>%W7%R;OXB%7&% 3466"1%O;O2<;.%
7'%R<69%gZo`%R<69%.E1"2.% 61"I"$U4$o&B'''B'''%9"99;4$9% a%*g>/%W7'%R;OXB%^%*g>%W7%R;OXB%7&% 3466"1%O;O2<;.%
`%R<69%gZo&%R<69%.E1"2.% 61"I"$U4$o7B'''B'''%9"99;4$9% ^%*g>B%7&%3466"1%O;O2<;.%
NASoiqi'
NASoipi'
NASoihi'
7'%R<69%gZo`%R<69%.E1"2.% 61"I"$U4$o&B'''B'''%9"99;4$9% a%g>%W7'%R;OXB%a%*g>%W7%R;OX%
7'%R<69%gZo`%R<69%.E1"2.% 61"I"$U4$o&B'''B'''%9"99;4$9% ^%*g>B%7s%3466"1%O;O2<;.%
&%R<69%gZo&%R<69%.E1"2.% 61"I"$U4$o`''B'''%9"99;4$9% ^%*g>B%7s%3466"1%O;O2<;.%
NAShipi'
NAShihi'
NASpii'
7%R<69%gZo`''%S<69%.E1"2.% 61"I"$U4$o&`'B'''%9"99;4$9% a%*g>B%7s%3466"1%O;O2<;.%
`''%S<69%gZo&''%S<69%.E1"2.% 61"I"$U4$o7&`B'''%9"99;4$9% &%*g>B%7&%3466"1%O;O2<;.%
&`'%S<69%gZo7''%S<69%.E1"2.% 61"I"$U4$o`'B'''%9"99;4$9% ^%3466"1%O;O2<;.%
PA-200
•
•
7''%S<69%d1"c2HH%.E14=OE6=.% W\668]C%"$2
*"3%0>-%.E14=OE6=.% saB'''%52_%9"99;4$9% 7B'''%$"c%9"99;4$9%6"1%9"34$#% &`%]>*"3%0>-%.=$$"H9o.=$$"H% ;$."1i23"9% &`%**!%0>-%l9"19%
• • •
q%I;1.=2H%14=."19% 7'%9"3=1;.,%N4$"9% &`'%52_%$=5<"1%4i%64H;3;"9%
• • • • •
%
$ $ $ $ $ $ $
>29;I$G%3EH2#;LB%+4$.14H2%."6H4.,%NJH4V$G%3EH2#;L% W7q#<X%% r_."1$G%77'o&&'\F%$2%7&0CF%$26JT"3G%N#14T% >\8&''%T"%54V$K%$254$.4I2.%#4%123+=% a%_%Aa`%7'o7''o7'''%]op%641.9% 7%_%Aa`%7'o7''%SRSm%641.% F4$94H"%641.% A4N5M1,)%(c%_%b#%_%7l%.2HH% $ &q35%c%_%7s:`35%#%_%a:`35%.2HH%
%
• Společnost Palo Alto Networks • Světová špička v oblasti síťové bezpečnosti - Společnost založena v roce 2005, první prodej v roce 2007
• Zakladatel Next-generation firewallů, které rozpoznají a kontrolují více než
1300 síťových aplikací
- Vrací pojmu “firewall” původní význam - Hlavní inovace: App-ID™, User-ID™, Content-ID™
Evoluce E2"71-'*%6F"G&*'0"
Evoluce H2",*16%6F"G0'I1&&"
Evoluce J2"KL?"G0'I1&&"
C2.2%!499% >1"I"$U4
%$0>-%
Y")' D2;."/2%1'
A%B82/4-' HNM'
D2/"X0;;' \$U9625%
]>IsB% C,$25;3% A4=U$O%
Evoluce M2"70%N."G0'I1&&"
Síťové aplikace p se mění…
port ≠ síťová služba IP adresa ≠ uživatel paket ≠ obsah přenášených dat
…moderní firewall by musí tyto změny následovat.
Next Generation firewall
App-ID Identifikace aplikace
User-ID Identifikace uživatele
Content-ID Rozpoznání obsahu
H,"%BZ90*"'n'<79;0,'r-6$*+4' Z;./0*"' \668]C~% H,"%BZ90*"'06;290*"' ' •
7:%>14.K+J%641."5%^'%9+=."L$M%Ymm>%614I4N%
•
&:%"9.H;%$"B%.2+%4%T2+Q%614I4N%9"%."#,%9+=."L$M%T"#$J%
•
q:%"%."$.4%614I4N%VJ#4=3G%2%64I4H"$%%
•
a:%>14L%dH.14IJ$G%614I4N=%9+1N"%LG9H2%641.?%#$"9%T;V% 9+=."L$M%$"9.2LG%%
•
::::%614.4V"%$"9.2$#21#}%T"%$4IQ5%9.2$#21#"5}%
M2%1;"SN0--'N0/0;;";'N/(*"--2%1c' sMNkt'A/*+2."*.4/"' M2%1;"'N0--' • p6"12U4$9%4$3"%6"1%
623+".%
- m12
3%3H299;d32U4$%W266%
;#"$Ud32U4$X%
- l9"1oO14=6%5266;$O% - F4$."$.%932$$;$O%|%
.E1"2.9B%lA!9B%34$d#"$U2H% #2.2%
• p$"%64H;3,%
N0/0;;";'N/(*"--2%1' • g=$3U4$896"3;d3%6212HH"H%
6143"99;$O%E21#c21"% "$O;$"9%
• *"6212."%#2.2o34$.14H%
6H2$"9%
u6'.('hi3)6-K'P(X'P0."%*='
!"SM.0%,0/,vb"'%(8R'M.0%,0/,' !"#$%& ' ()*(+$, -%.($(/$(0%1.-+234/1%566, 4/2$4"+# 100% 80%
83%
78%
77%
73%
60%
60%
60%
55%
54%
51%
40%
42%
20%
*4=13")%%>2H4%\H.4% -".c41+9% "##$%&'()*!+,'-.! '*/!0%,1!0.#)234! 5#2%*-!6787!
0% Sharepoint
iTunes
MS RPC
Skype
BitTorrent MSN Voice
Ooyla
Mediafire
Applications That are Capable of Tunneling 36
Networking (73)
18
18
Collaboration (46) 8
Media (24)
12
6
General-Internet (17)
7
10
Business-Systems (15) 0
25
17
2
12
13
4 41 25
50
Client-server (78)
Browser-based (66)
Network-protocol (19)
Peer-to-peer (12)
75
eMule
Teamviewer
• 67% aplikací používá port 80, port 443, nebo dynamické porty • 190 je client/server • 175 aplikací dokáže tunelovat ostatní aplikace skze SSL nebo SSH
HL'
C"9".%$"TL29.MTPG3E%]S%26H;+23G%NT;P.M$Q3E%I%NfL29.$M$Q3E%41O2$;N23G3E% S?V"%64=VG.%mF>o^'B% mF>oaaqB%$"<4%E46% 641.,%
%0Q3E4NG%64=V;.J% ."3E$4H4O;"%%
]S%%% I21;2$., %
u14c9"18<29"#%
b'%
b'%
7'%
q'%
b'%
FH;"$.8*"1I"1% >""18.486""1% F"H+"5%
q'% '% 7''%
q'% '% 7''%
7'% '% &'%
&'% '% `'%
q'% '% 7''%
S?V"%6D"$JP".% 94=<41,%
>4=VGIJ%9"%614% ;$d+4IJ$G%% 52Hc21"5%
p<92E=T"% N$J5K% N12$;."H$49U%
H,"%BZ90*"'n'<79;0,'r-6$*+4' Z;./0*"' u-"/SHwc' H,"%BZ90*"'4a280.";"' % •
7:%"%N2%]>%___:___:___:___%9+=."L$M% =V;I2."H%\%2%$"<4%=V%T"%.25%=V;I2."H%u%
•
&:%\+3"6.23"%6DG9.=6=%$2%NJ+H2#M% T"#$4N$2L$K%;#"$Ud+23"%=V;I2."H"%$"<4% 9+=6;$,%%
' !
u-"/SHw'S'A1"%.'6/('Aw'
J('6(4a2e#'."*+%(;(12"'u-"/'Hw' <&-97#"'' P(1(87%&'0'F"6(/B%1' • •
M"*4/2.='N(;2*='
Výsledné reporty na uživatele a skupiny Filtrovat logy na libovolného uživatele
• •
>2O"%a^%
\6H;+2L$G%+4$.14H2%$2%=V;I2."H"%$"<4%9+=6;$=%% A4NH;P"$G%2%54V$49.%14N#MH"$G%614I4N=%4#%% N$J5Q3E%2%$"N$J5Q3E%=V;I2."H?
H,"%BZ90*"',;"'4a280.";"'
Jak to funguje
What else is Harris using
Filter on Skype and user Harris
H,"%BZ90*"'n'<79;0,'r-6$*+4' Z;./0*"' • J(%."%.SHwc' • V(%./(;0'()-0+4' • 7:%2+K%94=<41,B%4#+2N,olA!%$"<4%T;$K%E14N<,% 4<92E=T"%%2+.=JH$G%#2.4IQ%.4+%% • &:%2+K%#4+=5"$.,%2%94=<41,%6D;3EJN"TG%2% 4#3EJN"TG%N%2%#4%41O2$;N23"%%% • q:%k#4B%34%2%4#+=#%9;%9.2E=T"%% • a:%k."14=%26H;+23"%$"<4%614.4+4H%+%.45=% 64=VGIJ%% • `:%Z;H#g;1"%8%#"."+3"%$4IQ3E%#49=#% $"N$J5Q3E%E14N"<%
Spolupráce jednotlivých funkcí
Google Talk
GMail
HTTP
SSL
Port Number - TCP
b"',0%7'06;290*"'6(8(;"%0x'' W\668]CX'
L7'9',0%:'06;290*2'4a280.";'?2' -9462%0'6C&-.46x' Wl9"1%]CX'
b097',0.0'-"'-9/<'06;290*2' 6C"%7>&x'' WF4$."$.%]CX' Příchozí směr Prevence škodlivému SW • IPS • Malware • Anti-virus • Kategorizace webu • Šifrované a komprimované soubory Odchozí směr Data leakage control • Čísla kreditních karet • Document fingerprinting
\&."'509:',(94#"%.='-94."?%$' 6C2*+7<&'0'(,*+7<&'<'80>&' (/10%2<0*"'x'
Integrated Threat Prevention
% Antivirus % Anti-Spyware % Vulnerability Protection % URL Fitrace % File Blocking % Data Filtering % DoS Protections
0=H$"12<;H;.,% r_6H4;.9% C2$O"14=9%g;H"% m,6"9%
Botnets and Malware
H%."1/0B8"' G+/"0.'' N/"8"%B(%'
l$+$4c$% mE1"2.9%
]$i"3."#%Z"<% >2O"9%
Profil - AntiVirus
Profil: Anti-Spyware Profil
Profil - Vulnerability Protections
URL Filtering
N/(Z;'n'D2;"'T;(*92%1''
N/(Z;'S'w0.0'D2;."/2%1''
Profil – DoS Protection
AJJ' •
Application Command Center (ACC) •
•
Používané aplikace, URLs, bezpečnostní hrozby, data filtering activity =
Přehled, analýza, reakce
D2/"X0;;'N(;2*2"-'
w"Z%2*"'N(;2*='%0'<79;0,$'1"(;(90*"'
3"(;(90*"'n',0;>&'%7-./(5'6/(' )"<6"?%(-.%&'0%0;R<4'
QoS a Traffic Shaping
F"6(/B%1'
J('5"'Y2;,D2/"'' •
Analyzuje a identifikuje neznámí malware na základě chování ve virtuálním sandbox prostředí • Hledá více než 70 typů podezřelého (typického) chování
•
Automaticky generuje signatury pro identifikaci malwaru • Distribuuje zpětně signatury na všechny firewally skrze standardní „threat updates“
•
Poskytuje k nahlédnutí forenzní analýzu zjištěného malwaru a jeho chování • Činnost na koncovém počítači • Aplikace které používá (zneužívá) pro doručení malwaru • URLs odkud byl malware stažen.
b09'Y2;,D2/"'[4%145"'x' F45621"%.4%k$4c$%g;H"9% *2$#<4_%r$I;14$5"$.% *;O$2.=1"%R"$"12.41% \#5;$%Z"<%>41.2H% Unknown Files From Untrusted Zones
Firewall Submits File to WildFire Cloud
New Signatures Delivered to ALL Firewalls. Portal provides malware forensics
Y2;,D2/"'Y")'N(/.0;'
Z;H#g;1"%c"<%641.2H%8%Ej69)ooc;H#d1":62H42H.4$".c41+9:345%
Y2;,D2;"'w0-+)(0/,'
w".02;%&'F"6(/.'n'M.0.4-d' yL0;X0/"_' !"#$%& 9):'%*!*':.,!'*/!;<,!)=!2.:)3.!>),3,!&)*3'&3./!?@!,':#$.4!ABB.'/.2!,C::'2%.,!
'()#*+,&-.(/)0& D%,3!)=!:)/%E./!2.-%,32@!1.@,4!E$.,4!'*/!#2)&.,,.,!,3'23./!)2!,3)##./F!
w".02;%&'F"6(/.'n'M.0.4-d' yT"%21%&_'
3;()0;N/(."*.'N(/.0;'n'A4.(/2<0*"K'mHNK'\N!'
J;2"%.'n'M"/8"/'''MMPlHNM"*'\N!'
mHN'n'm(-.'H%[('N/(Z;"' F4%IP"3E$4%5?V"5"%+4$.14H4I2.%$2%+4$34IQ3E%9.2$;3G3E% %m(-.'H%[(' 4%>414I$JIJ%2%+4$.14H=T"%I"1N;%<MVG3G3E%Z;$#4c9%$2%+4$34IK%9.2$;3;B%%I"1N;%RH4<2H>14."3.%2O"$.2%% %2%#45K$4IK%T5K$4%E49.2:% %A%BS82/4-%% 4%k4$.14H=T"%\0%|%.,6B%614#=+.B%IQ14<3"B%I"1N;B%1"2H%U5"%614."3U4$%2%#2.=5%649H"#$GE4%932$=:% %A%BS-6=X0/"%% 4%k4$.14H2%|%.,6B%614#=+.B%IQ14<3"B%I"1N;B%1"2H%U5"%614."3U4$%2%#2.=5%649H"#$GE4%932$=%:% %w2-9')0*946'' 4%k4$.14H2%#;9+%<23+=6%94yc21"%2%L29%649H"#$GE4%<23+=6=:% %w2-9'"%*/=6B(%'' 4%k4$.14H2%$2%#2.2%"$31,6U4$%94yc21"%2%9.2I%P;i14I2$KE4%#;9+=:%% %D2/"X0;;' 4%k4$.14H2%8%IQ14<3"B%I"1N"%2%9.2I%ic%WN26$=.4%8%I,6$=.4X:% %N0.*+'#0%01"#"%.' 4%k4$.14H2%$2%3E,<MTG3G%62.3E"%4#%+4$+1K.1$GE4%IQ14<3":%% %J4-.(#'J+"*9-' 4%k4$.14H2%%96"3;d3+Q3E%6143"9?%$26D:%%1"O;9.1,%+",9%$2%+4$34IK%9.2$;3;B%<MVG3G%6143"9,:::%
%%
mHN'n'L(a%(-B'9(%./(;='
mHN'n'N/(Z;='0'-9462%='
*4=13"%h4$"% \334=$U$O%
C9.%h4$"% CSh%
*13%]>% \334=$.8$".%
C9.%]>% \334=$.8% *"1I"19%
\334=$U$O%
CSh%
\334=$.8$".%
\$,%
]$."1$".%
\$,%
\334=$.8% *"1I"19% \$,%
Y]>%614dH"% C;9+% r$31,6U4$% -48Y]>% Y29%\0%2$#% Y29%gZ%
\3U4$% \HH4c% #"$,% \HH4c%
mHN'S'P(1(87%&'0'/"6(/B%1'
3;()0;N/(."*.'S'P(1(87%&'
L(a%(-B'%0-0<"%&'' \2-2)2;2.='
\66H;32U4$B%=9"1%2$#%34$."$.% I;9;<;H;.,%c;.E4=.%;$H;$"% #"6H4,5"$.%
G/0%-60/"%.'H%SP2%"'
]>*%c;.E%266%I;9;<;H;.,%%34$.14H% F4$94H;#2U4$%4i%]>*%%lA!% dH."1;$O%
D2/"X0;;'F"6;0*"#"%.'
g;1"c2HH%1"6H23"5"$.%c;.E%266% I;9;<;H;.,%%34$.14H% g;1"c2HH%/%]>*% g;1"c2HH%/%]>*%/%lA!%dH."1;$O%
w$9452'<0'6(<(/%(-.' 50%^80*;0829z-9=8"/0^*<'