Download presentation
Presentation is loading. Please wait.
Published byAlyson Allen Modified over 9 years ago
1
Code : STM#530 Samsung Electronics Co., Ltd. OfficeServ7400 Security Introduction Distribution EnglishED01
2
© Samsung Electronics Co., Ltd. 2 Objectives After successful completion of the course the trainees should be able to execute the following activities.
3
© Samsung Electronics Co., Ltd. 3 Contents VPN VPN IDS IDS
4
© Samsung Electronics Co., Ltd. 4 VPN VPN
5
© Samsung Electronics Co., Ltd. 5 Overview IPSec System to system : Need GWIMS D-board PPTP/L2TP System to Node or Server to Client (ex: PC) Don’t need GWIMS D-board 본사 Internet Private Line Serial 2Mbps IPSec VPN Tunneling Remote User PPTP, L2TP Serial 2Mbps Branch #1 Branch #2 Office
6
© Samsung Electronics Co., Ltd. 6 What’s VPN ? Tunnel Mode (don’t support Transport mode) Tunnel Protocol (IPSec, L2TP/PPTP) Key Management : IKE, ISAKMAP, X.509, pre-shared Authentication : MD5, SHA-1 Encryption : AES, 3DES Transform Protocol : AH, ESP Internet Headquarters Mobile User Business Partner Branch Tunnel VPN VPN S/W Remote access Extranet Intranet VPN S/W payload VPN payload new header encryption payload
7
© Samsung Electronics Co., Ltd. 7 comparison
8
© Samsung Electronics Co., Ltd. 8 IPSec Transport Mode Tunnel Mode IP header ESP header IP payload Authenticated ESP trailer ESP auth Encrypted IP header AH IP payload Authenticated except for mutable fields in ‘IP header’ New IP header AH IP header IP payload Authenticated except for mutable fields in ‘New IP header’ New IP header ESP header Authenticated Encrypted IP header IP payload ESP trailer ESP auth
9
© Samsung Electronics Co., Ltd. 9 IKE Phase 1 Generate IKE key Main mode, aggressive mode Authentication Pre-shared key Digital Signature Public key encryption Revised public key encryption Phase 2 Generate IPSEC key Quick mode
10
© Samsung Electronics Co., Ltd. 10 OfficeServ VPN 2. Choose Phase 1 / Phase 2 parameters. 1. Configuration 3. Check status
11
© Samsung Electronics Co., Ltd. 11 Specifications of the OfficeServ OS 7200 OS 7400 Tunnels 100 Tunnels 1024 Tunnels Chip Hifn 7951 CN 1120 Protocol IPSec, PPTP, L2TP ISAKMP Encryption Authentication Phase 1(main), Phase 2(quick) 3DES Phase 1(main, aggressive), Phase 2(quick) Phase 1(main, aggressive), Phase 2(quick) 3DES, AES RSA, Pre-shared key, X.509
12
© Samsung Electronics Co., Ltd. 12 IDS IDS
13
© Samsung Electronics Co., Ltd. 13 Functions Real-time detection and response to network based attacks backdoor, DoS, DDoS, anomalous network access, etc. Using web management Support almost all kinds of protocol used in Internet Intrusion detection according to risk level High, medium, low Correspond to intrusion detection Log audit IP blocking as linked with firewall Report to admin using e-mail about detected attacks 5 categories : Intrusion Type, Source IP, Destination IP, Port, Port scan Rule update
14
© Samsung Electronics Co., Ltd. 14 Rule Update Sourcefire VRT Certified Rules Official rules of snort.org (www.snort.org)www.snort.org Three ways to obtain these rules: Subscribers (a charge) –Online web subscriber –Receive real-time rules updates as they are available Registered users (Free) –Online web subscriber –Can access rule updates 5days after release to subscription users Unregistered users (Free) –Receive a static ruleset at the time of each major Snort Release CANNOT use for GWIM (limited to commercial use!)
15
© Samsung Electronics Co., Ltd. 15 Rule Update Open Community Rulesets Submitted by members of the open source community Release to users without basic tests not to ensure that new rules will not break Snort Distributed under the GPL Freely available to all open source Snort users
16
© Samsung Electronics Co., Ltd. 16 Using Snort Three main operational modes Sniffer Packet logger Network Intrusion Detection System (Forensic Data Analysis Mode)
17
© Samsung Electronics Co., Ltd. 17 Network Environment WAN1 165.213.89.238 LAN 10.0.0.1 Management PC 165.213.87.230 Internal Network 165.213.109.2165.213.109.254 Untrusted Network Mail Server 165.213.88.100 Internet 165.213.146.134 Trusted Terminal Important File Server Send an attack packet pattern or packet pattern similar to attack Send a packet pattern similar to attack
18
Samsung Electronics Co., Ltd.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.