Sonic WALL Introduction Firewall Anti Virus wall Anti

Sonic. WALL Introduction

제안 범위 Firewall Anti Virus wall Anti Spyware VPN/ SSL VPN IPS Anti Adware SONICWALL UTM Application Firewall Contents Filtering Do. S Attack Block Spam Block

About Sonic. WALL u 1991년도 설립, 보안 솔루션 시장의 글로벌 리더 u Global Sonic. WALL § § 19개국에 25개 지사 보유 직원 : 700여명 글로벌 기술 지원 : North America, Asia Pacific, Europe, Middle East & Africa, Latin America 38여 개국에서 소닉월 비즈니스 중 u Leader Sonic. WALL § § § 전세계적으로 수백만 명의 비즈니스 Visionaries Quadrant, Gartner Magic Quadrant SSL VPN 여러 저명한 제품 리뷰와 수상 u Sonic. WALL is a Trusted Partner § § § 전세계적으로 15, 000 Medallion 파트너 보유 CMP Channel 5 Star Program and ARC Award winner 전격적인 파트너 지원 및 제품 교육 지원

현재 엔터프라이즈 클래스 도전들 Network/Security 2차원적 배열은 사라짐 – 명백한 경계가 없어지고, 관리의 어려움이 증대됨 1998: 네트워크 경계 2008: 네트워크 확장 VOIP Users User Protection Corporate Data Centers Business Communication Protection External Users Saas, Web 2. 0 Real. Time Apps Productivity Controls Perimeter / Internal Security Access Control Customers or Suppliers Remote Access Remote Employees Traveling Users

현재 방화벽 솔루션의 해결할 과제들 Solutions Traffic Application Access 3 Application Layer Threats Software Vulnerabilities Protocol and Application Proxy Virus/Spyware/Adware/Worms Basic Applications Legacy System Access 2 IDS/IDP 1 Traditional Firewall u 솔루션들 간의 통합 부족은 관리의 중복, 복잡성 그리고 비용을 증가시킨다. u 성능감소와 지연은 실시간 트래픽 관리에 어려움을 준다.

기존 방화벽들의 한계 u 전통적인 방화벽은 네트워크와 트랜스포트 계층에서만 작용하고, application은 인 식 못함 u 어플리케이션 계층 내부에 숨겨진 공격, e. g SQL injection (HTTP URL / Datainput) INSPECT | Service | Total Length | Flags | Fragment | Protocol | IP Checksum Version DATA ID TTL Source IP Address Destination IP Address IP Options Typical Firewall Stateful Packet Inspection Data Goes Through Unchecked Traffic Path Source Dest Any 65. 26. 42. 17 Source Any Dest Port 80 PASS

Sonicwall Technology

Deep Packet Inspection - Scan Data portion INSPECT Protocol check / Signatures Database ATTACK-RESPONSES 14 BACKDOOR 58 BAD-TRAFFIC 15 DDOS 33 DNS 19 DOS 18 EXPLOIT >35 FINGER 13 FTP 50 ICMP 115 Instant Messenger 25 IMAP 16 INFO 7 Miscellaneous 44 MS-SQL 24 MSSQL/SMB 19 MULTIMEDIA 6 MYSQL 2 NETBIOS 25 NNTP 2 ORACLE 25 P 2 P 51 POLICY 21 POP 2 4 POP 3 18 RPC 124 RSERVICES 13 SCAN 25 SMTP 23 SNMP 17 TELNET 14 TFTP 9 VIRUS 3 WEB-ATTACKS 47 WEB-CGI 312 WEBCLIENT Sonic. WALL Unified Threat Management Stateful Packet Inspection Deep Packet Inspection Unified Threat Management Traffic Path

Sonic. WALL UTM (통합 위협 관리) “Highest Risk” Threats Network Threats Simple Do. S Attack IP Spoof Smurf Attack ati on 1. 2. 3. 4. tic his Att ac k. S op Typical Threats Downloaded or emailed Viruses Easy to acquire Spyware Misuse of network resources Intelligent UTM Protection Scan Unlimited Size Files & Users Block / Control Applications such as Skype/MSN (allow MSN for some gp, block others or no file transfer) Content Filtering/Control (Web/FTP/Email) & Phishing Scan VPN traffic - “Clean VPN” – Protection for VPN Users Typical UTM Protection Limited scanning for Viruses/Worms/Trojans Inbound Spyware protection SMTP, HTTP, IMAP support Web Content Filtering Current Firewalls Port blocking TCP/IP Rules IP Routing Link Layer Routers Firewalls Other UTM Deeper Inspection & Greater Performance Sonic. WALL Unified Threat Management Rootkits (take control) Hidden malware in large files Spyware communication outbound Phishing attacks Viruses transmitted to network drives Skype/Instant Messenger threats Sonic. WALL UTM

어플리케이션의 가시성 u 기존의 Port 및 Protocol 검사와는 다른 Sonic. Wall에 의해 창안된 RFDPI(특허) 기술은 Application Classification, Inspection 및 Real Time Scanning을 제공한다. Control, Block 또는 Bandwidth Limit 는 모든 사용자에게 적용된다. Non-Business Related Permit Business Related Applications Corporate Network HTTP TCP IM Email Block or Bandwidth limit Non-Business Related Applications

Application Firewall Screen Shot

Example 2) 정의할 수 있는 어플리케이션의 행위들 § 대역폭 관리 § Reset Connection/ Drop Packet § HTTP redirect / block page § FTP error reply to clients § Block SMTP email and send notification reply to senders § Disable email attachment-add text to sender 3) Link (1) & (2) by policy § Apply to subnet / IP / Per-user § Either or both inbound or outbound

Example: BT traffic control BT 101010 128 kbps BT Traffic 101010 looks for IPS signature list with content = BT Client Activities § Match Smaller bandwidth pipe § Not match Full bandwidth BT seeds Non-BT 101010 § Deep Packet Inspection (DPI) engine Non-BT Servers 101010 u Calling IPS signatures to control BT bandwidth BT client Browser

Example: Block Confidential Email u E-mail를 통한 기밀자료 전송 차단 mail. your_company. com § Deep Packet Inspection (DPI) engine looks for Email 내 용 = 포함한 컨텐츠내용 “회사 기밀문서” § 정책: 송신 email 프로토콜 § 행위- SMTP email 차단 § 다른 실제적인 예: FTP/Email/web로 오토케드/비지오 파 일(회사 설계 도안) 전송 차단 From: rluk@sonicwall. com To: peter_chan@your_company. com Subject: Design road map Hi Peter, *** This is a Company Confidential document *** ……………. . SMTP client (Outlook Express) Normal email

Sonic. WALL Network Security Appliance 24

Sonic. WALL NSA Lineup – 3 Q 08 NSA E 7500 NSA E 6500 NSA E 5500 New NSA 4500 NSA 3500 NSA 240 SKU: 01 -SSC-8760 NSA 2400 SKU: 01 -SSC-7020 2 -Core CPU 256 Mb RAM 6 Gb. E Interfaces Customer: Small Organizations Key Upsell: §Provides scalable deployment options for midsize networks § 3 Gb. E, 6 FE, § 6 10/1000 §WWAN (3 G/Modem) §Port. Shield interfaces for WAN/WAN failover, LAN and DMZ SKU: 01 -SSC-7016 NSA 5000 SKU: 01 -SSC-7042 SKU: 01 -SSC-7012 8 -Core CPU 512 Mb RAM 6 Gb. E 8 -Core CPU 1 Gb RAM 6 Gb. E Interfaces Customer: Branch Office Key Upsell: • 4 -Core design provides a 60% increase in threat prevention performance Customer: Branch Office Key Upsell: § 8 -Core design provides a 150% increase in threat prevention performance Customer: Branch Office Key Upsell: §Increased memory allowing additional VPN aggregation §Gigabit level §Includes Stateful 4 -Core CPU 512 Mb RAM 6 Gb. E firewall performance §Increase in Application Firewall policies High Availability for increased network reliability §Increase in VPN performance §Includes Stateful High Availability for increased network reliability § 100% Increase in Application Firewall policies SKU: 01 -SSC-7004 SKU: 01 -SSC-7008 E-Class Support 24 x 7 SKU: 01 -SSC-7260 8 -Core CPU 1 Gb RAM 8 Gb. E Interfaces SKU: 01 -SSC-7000 E-Class Support 24 x 7 SKU: 01 -SSC-7257 E-Class Support 24 x 7 SKU: 01 -SSC-7254 16 -Core CPU 1 Gb RAM 8 Gb. E Interfaces 16 -Core CPU 2 Gb RAM 4 Gb. E + 4 SFP Customer: Large Enterprise Key Upsell: § 8 10/1000 interfaces for high speed connectivity to WAN, LAN and DMZ networks Customer: Large Enterprise Key Upsell: § 16 -Core design provides 75% increase in threat prevention performance Customer: Large Enterprise Key Upsell: §Top of the line NSA appliance providing Gigabit level threat prevention §Dedicated interface for Stateful High Availability § 4 Gb. E + 4 SFP for Stateful High Availability §LCD information center §Dedicated 3 rd level 24 x 7 support interfaces provide fiber and copper interface options §Hot swappable power supplies/fans §Dedicated 3 rd level 24 x 7 support

Sonic. WALL E-Class Product Spec Feature NSA E 7500* NSA E 6500* NSA E 5500* Node Count Unrestricted Sonic. OS Enhanced 5. 0 Multi-Core 16 Core 600 Mhz 16 Core 550 Mhz 8 Core 550 Mhz Interfaces (4) 10/1000 Copper Gigabit Ports, (4) SFP Ports, 1 Gbe HA port (8) 10/100/1000 Copper Gigabit Ports, 1 Gbe HA port Stateful Firewall Throughput 5. 6 Gbps 5 Gbps 3. 9 Gbps UTM Throughput 1. 7 Gbps 1. 59 Gbps 850 Mbps UTM GAV Throughput 1. 84 Gbps 1. 69 Gbps 1. 0 Gbps UTM IPS Throughput 2. 58 Gbps 2. 3 Gbps 2. 0 Gbps 3 Gbps 2. 7 Gbps 1. 7 Gbps Power Supplies Dual Hot Swappable Single Power Supply Cooling System (Fans) Dual Hot Swappable Visual Information Display Yes Yes Console Port Yes Yes (Future Use) Sonic. OS Version VPN Performance Modular Expandability

NSA Series Spec. NSA 2400 NSA 3500 NSA 4500 NSA 5000 Interfaces 3 Gb. E, 6 FE, (3 G/Modem) 6 Gb. E Processor 2 -core 4 -core 8 -core RAM 256 MB 512 MB 1 GB Firewall Performance 600 Mbps 775 Mbps 1. 5 Gbps 2. 75 Gbps 3. 5 Gbps VPN Performance 150 Mbps 300 Mbps 625 Mbps 1. 0 Gbps 1. 5 Gbps IMIX Performance 195 Mbps 235 Mbps 580 Mbps 700 Mbps 950 Mbps IPS Performance** 195 Mbps 275 Mbps 750 Mbps 1. 4 Mbps 1. 7 Mbps GAV Performance** 115 Mbps 160 Mbps 350 Mbps 690 Mbps 800 Mbps Full UTM Performance** 110 Mbps 150 Mbps 240 Mbps 600 Mbps 800 Mbps Total Connections 25, 000/35, 000** * 48, 000 128, 000 450, 000 600, 000 HA A/P w/Statesync (opt) A/P w/Statesync

Sonic. WALL TZ Series 성능 New Feature TZ 100 Series TZ 180 Series TZ 200 Series TZ 210 Series Unrestricted 10/25 Unrestricted Interface 5 Ethernet 7 Ethernet 5 Ethernet 2 GBE, 5 FE Sonic. OS Standard/Enhanced Standard Enhanced N/A Yes N/A Stateful Throughput 100 Mbps 90 Mbps 100 Mbps 200 Mbps Gateway Anti-Virus Throughput 35 Mbps 10 Mbps 50 Mbps 70 Mbps Intrusion Prevention Throughput 50 Mbps 15 Mbps 70 Mbps 110 Mbps 6, 000 8, 000 10, 000 250 100/250 250 30 Mbps 75 Mbps Site-to-Site VPN Tunnels(Max) 5 2/10 10 15 Global VPN Clients (Maximum) 5 5/50 10 15 Sonic Points Supported 1 16 2 16 Node Upgrade to Sonic. OS Enhanced Connections Policies 3 DES/AES Throughput

Sonic. WALL simple configuration Seoul HQ CISCO B/B Users NSA 7500 Metro line SERVERs INTERNET Busan Metro line S/W HUB VPN 암호화 tunnel NSA 2400 USERs Incheon ADSL S/W HUB TZ 180 Total. Secure USERs

Sonic. WALL CC 인증 획득 EAL 4+

소닉월은 엔터프라이즈 시장으로 확대 강화 u u 2007년 7월 § SSL VPN 시장에서 엔터프라이즈 급에 해당하는 Aventail 사를 인수 2007년 10월 § 멀티코어 아키텍처 와 RFDPI (Patented Reassembly-Free Deep Packet Inspection technology) 시장 최초 § E-Class Network Security Appliance (NSA) Series (up to 5. 5 Gbps UTM) 출시 u 2008년 4월 § Network World Review (NSA E 7500; 4/7/2008) 지에서 최고의 성능 입증.

Sonic. WALL SSL Sonic. WALL Aventail SSL VPNs 39

비즈니스 환경의 변화 u 기업 네트워크 환경의 변화 1997: 네트워크 경계 2007: 자원 경계 VOIP Users Internal Users Corporate Data Centers Customer or Supplier Behind a Firewall Employee at a Kiosk Traveling Executives Employee Using a Wireless Hotspot External Users Customers or Suppliers Remote Access Corporate Data Centers 기업 업무 환경이 분산 네트워크로 변화하고 있다. Day Extenders Employee PDA User

IPSec vs SSL-VPN < IPSec VPN> < SSL VPN>

World Market Share : SSL-VPN Check Point * 2007 1 Q : Sonic. WALL과 Aventail이 합병되기 전임. * 출처 : Garter Magic Quadrant: 2007 1 Q

Global Leader : Sonic. WALL (SSL-VPN)

Sonic. WALL SSL-VPN Appliances Performance EX-2500 EX-1600 EX-750 SSL-VPN 4000 SSL-VPN 200 Small Business SME Mid Size Business Large Enterprises

Sonic. WALL Aventail : The Best-of-Breed SSL VPN Solution u인증된 기술 리더 § § 오늘날의 차세대 VPN 기술(SSL VPN) 최초로 제안 어떤 회사보다 SSLVPN 개발에 투자를 집중 (Only SSLVPN만 투자) SSL VPN 선구자: 업계 최초로 SSL VPN 제품화 (1997) 세계 2, 000개 이상의 Aventail 고객 보유 u대표 수상 내역 SSL VPN Best in Class In the Leader quadrant, Gartner SSL VPN Magic Quadrant – 6 times Forrester: Best Core SSL VPN Functionality, Manageability and Frost & Sullivan: Best in Class SSL Usability, and Mobility Support VPN for Remote Access Connectivity u. Market validation: 서비스 제공자, 고객, 기술 파트너들이 아벤테일 리더임을 인증

Remote Access Control is the Answer u SSL-기반 접근제어 어플라이언스의 성공적인 적용을 위한 새로운 접근 구조 제시 Detect Protect Connect 접속 디바이스 상에서 디 바이스 무결성 확인 사용자 및 디바이스 별 강 력하고 세밀한 접근 정책 쉽고 안전한 보안 접속 메 커니즘 제공 Remote Access Traveling Employee at a Kiosk Aventail Remote Access Controllers Day Extender Employee Using a Wireless Hotspot Directories Applications LDAP Web Apps LDAP Employee PDA User AD RADIUS Extranet Access Customer/Supplier Behind a Firewall Corporate Data Center Internal Access Business Partner from any Browser Internal Users Client/Server Apps File Shares Databases Vo. IP

Easy to Use. Easy to Control. Aventail Remote Access Control Platform Detect Protect Connect Aventail® End Point Control™ (EPC™): 엔드 디바이스의 식별 및 보안 상태를 탐지 Aventail® Unified Policy™: 모든 리소스 유형과 액세스 방법을 단 하나의 규칙 세트로 정의 Aventail® Smart Access™ and Smart Tunneling™: 최적의 액세스 방법을 자동으로 투명하게 판단하고 배치

Detect – End Point Control u EPC는 디바이스의 연결 허용 전에 해당 디바이스의 현재 상태(Managed or Nonmanaged)와 식별, 전체 신뢰 수준을 판단함. EPC Device Interrogation For Device Identity Interrogate by Device Profile q Mapped Directory q IT Managed q Windows Domain q Non-Managed q Windows Mobile Membership q Macintosh q Device Watermark/ q Linux Certificate q Any Resident File Work. Place Access (Clientless Web Access) And Device Integrity q Malware Scans q Anti-Virus q Registry Key q Windows O/S Level q Personal Firewall q Anti-Spyware With Data Security q Cache Control q Secure Desktop Corporate Network Vo. IP Applications File Shares Connect Access (Client-Installed Access) Traditional Client/Server Applications

Protect – Unified Policy u 아벤테일의 ‘객체 기반 단일 관리 정책’은 모든 장치와 유저를 위해서 ACL을 구성 하거나 관리함에 있어 편의성을 보장 § 단지 1개의 rule set이 모든 응용 어플리케이션과 리소스로 접근하는 사용자의 권한 및 장치의 ‘신뢰’ 수준을 포함. – ACL을 통해 SSL-VPN에서 모든 object들을 정의. § ACL은 ALLOW, DENY, QUARANTINE 동작의 형태로 생성 되며, 생성하는 방식이 매우 간단. Access Control List User/ Group Marketing All Sales Policy Zones Access Control List Users/Groups Resources All Device Rule Type Resource Type Trusted Allow CRM Any Allow OWA Semi & Allow Citrix Trusted Unknown Quarantin Remediat e ion Links Trusted Deny None w/ Malicious Program

Protect – Virtual Keyboard JUNIPER don’t have virtual keyboard!!!

Connect – Smart Access to Unmanaged Devices u Work. Place Access: 어떤 디바이스라도 웹 베이스 어플리케이션 기반의 클라이언 트리스 접근성 제공 https: //myhomepage. mycompany. com

Connect – Aventail Connect Tunnel u Easy provisioning Work. Place portal 또는 표준 소프트웨 어 배포 방식 u Split tunneling 추가된 보안을 위한 제어 u Auto updating agent는 항상 SSL VPN appliance와 동기 화를 통해 안정성을 확보 u NAT Mode 다양한 사용자 기반을 위한 간단한 구성 제공 u Unified policy 동일한 접근 제어 옵션 제공 (Work. Place portal, Allow, Quarantine, Deny Zones)

Connect – 단말 보안 접속 게이트웨이 Unmanaged Devices u 아벤테일은 모든 디바이스, 어플리케이션, 사용자의 사용편이성, 보안, 생산력을 위해 집중화된 관리를 하기 위한 단일 원격 접속 컨트롤을 제공 Aventail® Work. Place™ Web-Based Applications Clientless browser access for Web apps, client/server apps and file shares Kiosk Users Business Partners Teleworkers PDA/Smartphone Users File Shares Aventail® Connect™ Managed Devices A Web-delivered client, for complete network access and unmatched ease-of-use Internal Users Wireless LANs Aventail® Connect Mobile™ IT-Managed Devices Mobile PDA & Smartphone Users Service Edition: Application-to. Application Aventail Remote Access Controller Thin Client/ Server Applications Traditional Client/Server Applications

Sonic. WALL Aventail SSL VPN Appliances EX-2500 EX-1600 최대 2, 000명의 동시 접속자 지원 License Upgradeable (50/100/250/500/1 k/2 k users) • 최대 250명의 동시접속자 지원 • License Upgradeable • (25/50/100/250 users) Built-in HA (high availability) Active-Active 추가 로드 밸런서가 필요 없음 EX 750 • 최대 50명의 동시접속자 지원 • License Upgradeable • (10/25/50 users)

해외 Reference