Moving from Reactive to Proactive – DeepNines and ESU 3 Nate Jackson, Territory Manager Greg Jackson, Vice President of Technical Services Martin Rosas,

Slides:

Advertisements

Similar presentations

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

Advertisements

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Firewalls and Intrusion Detection Systems

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

MIGRATION FROM SCREENOS TO JUNOS based firewall

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Adding WAN Optimisation to Boost Storage Sales Success Blue Coat in a Virtual World.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Norman SecureSurf Protect your users when surfing the Internet.

Barracuda Networks Confidential 1 Barracuda Web Filter Overview 1 Barracuda Networks Confidential11 Barracuda Web Filter Overview.

CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance---

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© British Telecommunications plc Network Filtering.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

Barracuda Web Filter Overview. Introduction to the Barracuda Web Filter Integrated content filtering and Web security –Regulate leisure browsing Adult,

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

1 1 Hosted Network Security EarthLink Complete™ Data.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Module 7: Advanced Application and Web Filtering.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Bill Jensen Bashar Kachachi Session Code: SIA309.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

APPLICATION PERFORMANCE MANAGEMENT The Next Generation.

Infrastructure Consolidation Cloud/SaaS Web 2.0 Converged Communications Virtualization Mobile Devices.

Module 10: Windows Firewall and Caching Fundamentals.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Computer Networks & FirewallsUniversity IT Security Office - Tom Davis, CISSP University IT Security Officer Office of the Vice.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Defining Network Infrastructure and Network Security Lesson 8.

CompTIA Security+ Study Guide (SY0-401)

Barracuda Web Filtering Service

Securing the Network Perimeter with ISA 2004

How a Stateful Firewall Works

Threat Management Gateway

CompTIA Security+ Study Guide (SY0-401)

Firewalls Chapter 8.

Unit 8 Network Security.

Using Software Restriction Policies

Presentation transcript:

Moving from Reactive to Proactive – DeepNines and ESU 3 Nate Jackson, Territory Manager Greg Jackson, Vice President of Technical Services Martin Rosas, Director of Technical Services July 23, 2008

Introduction – Nate Jackson9:00 – 9:10 Product “Walk-Thru” – Greg Jackson 9:10 – 12:00 Lunch 12:00 – 12:30 Policy Builds – Martin Rosas 12:30 – 3:30 Agenda

A Large Network Solution ESU 3 provides content filtering to 17 of its 18 membering school districts. The content filtering solution must be able to support at least 17,000 concurrent users with bandwidth speeds of at least 150 Mbps. Advanced Content Control ESU 3 requires a solution that has advance content control features – block/filter ports other than port 80; block/filter Google and Yahoo safe searches; block/filter protocols such as: IM, P2P, File Sharing, IRC; and block pop advertising. Granular Filtering Policies Each of the participating school districts would like the ability to create filtering policies by directory groups and/or IP addresses. Robust Proxy Prevention Students within ESU 3 have been exploiting the existing content filtering/content control portfolio by using circumvention techniques, commonly referred to as remote web proxies. ESU 3 requires robust proxy prevention against anonymous proxies, URL translation servers, and any other circumvention techniques. Challenges and Needs Challenges and Needs ESU 3 Requirements

Solution ESU 3 has deployed an iTrust suite at each of the 17 participating school district as well as at the ESU 3 central office. Each iTrust suite includes… Real-time network visibility and monitoring Granular URL filtering Deep Packet Inspection Traffic Shaping/Bandwidth Management Intrusion Prevention System Gateway AV Reporting ESU 3 has deployed an iTrust suite at each of the 17 participating school district as well as at the ESU 3 central office. Each iTrust suite includes… Real-time network visibility and monitoring Granular URL filtering Deep Packet Inspection Traffic Shaping/Bandwidth Management Intrusion Prevention System Gateway AV Reporting DeepNines iTrust Suite Solution A Large Network Solution Advanced Content Control Granular Filtering Policies Robust Proxy Prevention

A Large Network Solution Each of the 17 participating school district as well as the ESU 3 central office has been fitted with an iTrust Suite that fits their network needs. The iTrust suite is licensed on bandwidth. This method allows the districts to grow or decrease without having to incur additional charges. Additionally, it ensures that every computer is covered in the event there is an overage on the concurrent sessions subscribed to. ESU 3 is licensed for 250 Mbps (to the outside world). Advanced Content Control The DeepNines iTrust suite performs deep packet inspection (DPI, or layer 7) of every packet, port, and protocol both ingress and egress. (over 155 protocols and all ports) Image searches can be blocked by URL or also by DPI. The breadth of images searches go beyond Google and Yahoo, such as Ask, Alta Vista, etc. Protocols such as IM, P2P, etc are not only subject to the iTrust’s URL module but also its DPI engine. The DPI engine leverages industry signatures as well as custom K12 signatures created by DeepNines. Pop-ups can be blocked by both the URL and DPI engines. Challenges and Needs Addressed with DeepNines Solution

Granular Filtering Policies By deploying an iTrust server-appliance at each district, the solution can be deployed behind local network address translation (NAT). Therefore, granular filtering policies (based on Active, E, and/or Open Directories) can be created. For each iTrust server-appliance 64 URL filtering policies can be created. The iTrust suite has an aggregate white list, as well as, a white list available for each group as defined by AD, Edir or Open Directory. Robust Proxy Prevention Traffic is inspected by both the URL filter and DPI. The iTrust suite has 100’s of custom proxy signatures which are proprietary to DeepNines. No longer does the website URL need to be known as DPI can tell if it is a proxy by examining layer 7 connections. The iTrust suite blocks not only anonymous proxies and URL translation servers, but also Circumventors, Tor’s, SSL based proxies, CGI, PHP, Transparent, SOCK v4 and v5, Gopher, Streaming, Google proxies, host based proxies (ultrasurf, Yourfreedom, Pass1), SSH tunnels, PC Anywhere, etc. The iTrust suite provides the most robust proxy protection in the industry, as guaranteed by our customers. Challenges and Needs Addressed with DeepNines Solution

Nate Jackson, Territory Manager (303) office (720) cell Role - Point of escalation for resolution of technical or service related issues, Renewals, upgrades, etc, quarterly check in meetings. Tom Knight, Vice President of Sales ext 220 office Role – Executive escalation. Nate Jackson, Territory Manager (303) office (720) cell Role - Point of escalation for resolution of technical or service related issues, Renewals, upgrades, etc, quarterly check in meetings. Tom Knight, Vice President of Sales ext 220 office Role – Executive escalation. Technical Services Technical Services Organization (866) DEEP9-12 Brett Juergens – Assigned Security Engineer (214) ext 214 office Role – Technical support. Wade Dykes – Assigned Security Engineer – Technical support (214) ext 234 office Role – Technical support. Martin Rosas – Director of Technical Services ext 222 office Role – Point of escalation for resolution of technical or service related issues. Greg Jackson – Vice President of Technical Services (214) ext 231 office Role - Executive escalation. Technical Services Organization (866) DEEP9-12 Brett Juergens – Assigned Security Engineer (214) ext 214 office Role – Technical support. Wade Dykes – Assigned Security Engineer – Technical support (214) ext 234 office Role – Technical support. Martin Rosas – Director of Technical Services ext 222 office Role – Point of escalation for resolution of technical or service related issues. Greg Jackson – Vice President of Technical Services (214) ext 231 office Role - Executive escalation. Account Team DeepNines Support Team