Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secured Connectivity Release 6.1.0

Published byClifton McCoy Modified over 7 years ago

Similar presentations

Presentation on theme: "Secured Connectivity Release 6.1.0"— Presentation transcript:

1 Secured Connectivity Release 6.1.0
Barracuda NG Firewall Secured Connectivity Release Corporate Firewall Criteria v4.2 The first Microsoft Azure Certified security solution provider Reader‘s Choice Awards Best Security Hardware Vendor Silver Winner

2 Transportation Financial Retail Manufacturing Industry Broadcasting
Government NGO Healthcare Legal Security Food Reference Customers We are not focusing on a single business – everywhere when it comes to multiple remote sites

3 Operations Deployment Security Connectivity
Central Management & Lifecycle Granular Admin Concept Revision Control Troubleshooting GTI & Live Status Cost Control Reporting Scalable Deployment Disaster Recovery Multi-Tentancy Hardware Virtual Cloud Operations Deployment Security Connectivity VPN IPS/IDS Stateful Firewall SSL Interception User Awareness AV / ATD / Web Filter Application Detection VPN Multiple ISP Traffic Intelligence Wan Optimization Traffic Shaping / QoS Virtual WAN Balancing Application-Based Link Selection

4

5 Full NG featureset Full NG featureset:
- Traditional Stateful Firewall (DoS, DDoS, Anti-Spoofing, Port Scan etc) - Geo IP (Source & Destination) - Inline Malware scanning (for HTTP/HTTPS) - Inline URL filtering - SSL Interception (Full & Light) - QoS - Customizable Block Page & Continue - Inline SaveSearch & YouTube for Schools

6 App Detection - Protect the Business
Control and throttle acceptable traffic Preserve bandwidth and speed-up business critical applications Example of an Application ruleset: 1) Block unwanted traffic like „P2P“ 2) Allow „Facebook“ and „Twitter“ on Lunch Breack but block all other „Social“ content based on URL category. 3) Everything goes for „MGMT“ users 4) Lower priority for „Updates“ for everyone 5) Give business critical application highes priority but the application must use HTTP/HTTPS

7 User Awareness Transparent Authentication via DS Agent
TS Agent for MS and Citrix Terminal Server Non transparent authentication provides via Portal login like - MSAD, LDAP, TACACS, LOCAL DB etc…

8 Advanced Threat Detection
Prevent malicious files – even unknown ones – from entering the organization and avoid network breaches. Identify zero-day malware exploits, targeted attacks, advanced persistent threats and other advanced malware which routinely bypass traditional signature based IPS and anti-virus engines. Granular Control over PDFs, EXEs/MSIs/DLLs, Android APKs, Microsoft Office files, and compressed files and archives Full interoperability with the integrated SSL Inspection files can be extracted and checked in order to detect advanced malware in the encrypted stream Cloud-based emulation allows resource intensive file emulation to be offloaded to the Barracuda Cloud Learning local cryptographic hash database for emulation optimization Multiple and simultaneous OS environments for emulated files Automatic notifications in case malware activity is identified can help minimize the time for reaction of the administrator in order to mitigate the network breach Available for hardware and virtual appliances as well as for Microsoft Azure and the Amazon AWS Cloud to fit your IT strategy as you standardize across hypervisors for network security and securely leverage public cloud infrastructures.

9 Advanced Threat Detection
Sharing ATD signatures and hashes with the Barracuda Cloud

10

11 Application-Based Provider Selection
IPS selection based on applications, application category and/or URLfilter category

12 Adaptive WAN Virtualization
xDSL xDSL MPLS MPLS

13 Adaptive WAN Virtualization
xDSL xDSL Surfing: 50% Class2 50% Class1 MPLS MPLS VoIP 50%: NoDelay Business 50%: Class1

14 Adaptive WAN Virtualization
xDSL xDSL MPLS VoIP: 70% NoDelay Business: 70% Class1 20% Class2 Surfing: 10% Class3 MPLS

15 Adaptive WAN Virtualization
No surfing xDSL xDSL MPLS MPLS 3G VoIP: 90% NoDelay Business: 90% Class1 10% Class2 No surfing 3G Only important applications

16 Adaptive WAN Virtualization
xDSL xDSL MPLS VoIP: 70% NoDelay Business: 70% Class1 20% Class2 Surfing: 10% Class3 MPLS 3G 3G

17 Adaptive WAN Virtualization
xDSL xDSL Surfing: 50% Class2 50% Class1 MPLS MPLS VoIP 50%: NoDelay Business 50%: Class1 3G 3G

18 Up to 24 Transports for one Tunnel
Virtual WAN Balancing Up to 24 Transports for one Tunnel Session Balancing Packet Balancing Paket balancing has only really a benefit if you have same up/down stream for ISPs and the same latency.

19 Virtual WAN Acceleration
De-Duplication & Data Caching Multiple Transport modes (Encapsulation) Compression (Stream/Packet) Application Acceleration De-Duplication Compression Application Accel. Caching TCP encapsulation De-Duplication Compression UDP encapsulation Transport mode, compression, application acceleration, de-duplication can be set independently for each transport. Various setup are possible to fulfill the needs. HYBRID encapsulation

20 Dynamic Meshed VPN Classic Hub & Spoke setup

21 Dynamic Meshed VPN Hub detects traffic between branches
Hub (HQ) detects traffic between branches e.g. VoIP

22 Dynamic Meshed VPN Hub triggers automatic configuration update
Hub (HQ) will update automatically Branches which communicate to each other directly

23 Dynamic Meshed VPN Branches create temporary tunnel
Branches create a temporary tunnel - Tunnel is displayed on hub - Hub-branch tunnels stay active (for other connections and for failover)

24 Effective Operations VPN is hard to setup, to maintain, to troubleshoot? Easiest and fastest way to create VPN tunnels in the market. Even more faster with Fully-meshed VPN.

25

26 Hardware Deployment

27 Virtual Deployment

28 Cloud Deployment

29 Rollout Process = Disaster Recovery
Ist „CEO“ proof… Take a USB jumpdrive, put the configuration file (box.par) and the ISO image on. Plug it into the NG, reboot and wait until a „beep“ occurs, plug off the jumpdrive and reboot – DONE.

30

31 Management & Control

32 Barracuda NG Control Center
For efficient and flexible management, Barracuda offers five different control centers. C400 (hardware appliance) and VC400 (virtual appliance fof VMware, KVM, XenCitrix) Unlimited firewalls (recommended 20) 1 tenant (one range, one cluster) Multiadmin support Role-based administration Revision control system Central statistics Central syslog (host/relay) Firewall audit collector/viewer NG access monitor C610 (hardware appliance) and VC610 (virtual appliance fof VMware, KVM, XenCitrix) The above plus: Unlimited firewall (recommend 200 hardware-based; unlimited, but depending on hardware for virtual appliance) Multitenancy on cluster-base Barracuda NG Earth PKI Service VC820 Unlimited firewall (depending on hardware for virtual appliance) Multitenancy on range-base (5 tenants included; more available for purchase) High Availability license included

33 Live Status Polling Live Status polling
Multi-tenancy configuration and managed topology Easy roll-out, maintenance and disaster recovery Repository links & object database Granular administration concept Centralized lifecyle management Graphical VPN tunnel editor (drag‘n‘drop)

34 Hirarchical Multi-Tenancy Concept
“The control of a large force is the same principle as the control of a few men: It is merely a question of dividing up their numbers.” *Sun Tzu – The Art of War The CC configuration is a hierarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

35 Hirarchical Multi-Tenancy Concept
Global Range Europe The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

36 Hirarchical Multi-Tenancy Concept
Global Range Europe Cluster Austria The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

37 Hirarchical Multi-Tenancy Concept
Global Range Europe Cluster Austria Box Vienna The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

38 Hirarchical Multi-Tenancy Concept
Global Range Europe Cluster Austria Box Vienna The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level Admin access to single gateway

39 Hirarchical Multi-Tenancy Concept
Global Range Europe Cluster Austria Admin access to country Box Vienna The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

40 Hirarchical Multi-Tenancy Concept
Global Range Europe Admin access to continent Cluster Austria Box Vienna The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

41 Hirarchical Multi-Tenancy Concept
Global Range Europe Admin access to global enviroment Cluster Austria Box Vienna The CC configuration is a hirarchical tree. - Splitted up into Ranges - Every Range as Clusters - Every Cluster has Boxes (the actual NG firewall gateway) - The admin scope can be set on „box“, „cluster“ or „range“ level

42 Granular Configuration Levels
Global Asia Europe R2 / W2 Admin A: R/W=50, Austria only Admin B: R/W=20, Europe only R99 / W80 R99 / W10 Italy Austria R99 / W10 R99 / W60 Graz Vienna Read Level R W Write Level R80 / W50 The administration concept is evenmore powerful by using „Configuration Levels“. Every node has its own „read“ and „write“ level. As lower the number as higher the permissions. The „root“ user is „-1“. Per default all nodes have read=99 and write=2. Example: „Admin A“ has level „50“. That means he can read/write box „Vienna“ but only read cluster „Austria“. „Admin B“ has level „20“. That means he can read/write the whole cluster „Austria“ but only read the range „Europe“. R80 / W20

43 Revision Control System
Integrated „Revision Control System“. Every change on every config node is logged in a own version. Who did changed what and when. Its possible to revert to any former version at any time.

44 Lifecycle Management NG Firewall HW VF SF CL
Regardless which deployment 1 Installation Image… 1 Major Release Update… 1 Minor Release Update… 1 Hotfix… …. for everything! Centralized and Schedulable Distribution Installation Regardless if a NG hardware appliance, a NG virtual appliance, NG in the cloud or just the software on a 3rd party server is used. Its always the same software. So one installation image, one major update, one minor update, one hotfix for everything.

45 Consolidated Configuration
Daily Task for 100 firewalls 10 minutes Daily Task for 100 firewalls 16 hours Daily Task for 1 firewall 10 minutes In our experience, it takes 10 minutes per day to manage a single firewall Example: Changing root password on one gateway takes 10sec. Do it on 100 gateways and will take a way longer. With NG CC and the global config node templates and global object database, you link all 100 boxes to one config file and just change the root password there and all gateways get this change.

46 Simple Licensing Base Hardware License [F] Virtual License [VF] Software License [SF] Maintenance Energize Update [EU] Instant Replacement [IR] Premium Support [PS] Additional Malware Protection [M] Advanced Thread Detection [A] SSLVPN/NAC [V] A very simple licensing for NG. There are only 9 licenses per gateway possible.

47 Troubleshooting

48 All you need to know with just 1-click
Realtime information & manipulation „Live“ Tab(active connections) - Live session table of active connections. - Detailed information about application

49 All you need to know with just 1-click
Historic information „History“ Tab (recent connections) Allowed traffic (allowed via rule) Blocked traffic (based on rule) Dropped traffic (based on AV, IPS or URL violation) Failed traffic (traffic which was allowed by rule but did not establish because Host or Port unreachable) Unique in the marked is also to show the SRC and DST NAT IPs in the live session table as well in the history.

50 All you need to know with just 1-click
Application Context Application Context Trying to discover intention of an applicaton Showing Youtube video ID and jump on this video

51 Threat Monitor „Threat Monitor“ Tab
Shows all detected threats for IPS, AV, Protocol Detection, ATD

52 Application Monitor and Drilldown
„Monitor“ Tab (Applications only) First Image shows Monitor in general Second Image shows drilldown for „facebook“

53 Reporting, Alerting, Logging & Statistics

54 Customized Reports Create customizable Top-Reports for:
Applications & Categories Sources & Destinations Geo Locations (SRC/DST) URLs & URL Categories Risk & Usage Protocols Users Schedulable and automated Reports are generated on-demand on the box directly or via „NG Report Creator“ tool for windows. Reporter create scheduled reports (once a day, week, month) and distribute it via . Consolidated reports for more than one box are available Anonymized reports for management are available for privacy reasons.

55 Splunk Integration Splunk integration with own „Barracuda NG firewall app“.

56 Security Information & Event Management
Logs (Support for Syslog, IPFIX, NetFLOW) Lancope Partnership Firewall Audit Log Eventing and Notifications SNMP (Service & Traps) Statictics

57

Download ppt "Secured Connectivity Release 6.1.0"

Similar presentations

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
BalaBit Shell Control Box

BalaBit Shell Control Box
QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.

QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director

1 Monday, June 27, 2011Copyright© 2011 Dragnet Dragnet ® Cloud Service Introduction Matthew McLeod, Managing Director
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Similar presentations

Ads by Google