Next Generation Firewalls
1 like725 views
Next generation firewalls aim to provide integrated threat protection through consolidation of gateway functions in virtual appliances with enterprise-class features for all segments. They aim to keep up with evolving intelligence-based threats by providing end-to-end policy compliance across all devices, including mobile, and virtualization capabilities for multi-tenant environments. Firewalls have evolved over 25 years from basic packet filtering to deep packet inspection to address more sophisticated threats that can bypass policies by posing as legitimate traffic.
Next Generation Firewalls
- 1. LHSSS-3 Next Generation Firewalls Harsh Jangra Director – Technical Operations (Security) www.LearnHackingSecurity.com
- 2. Can you keep up? • Intelligence • Consolidation of gateway functions » Reduce emphasis on human » Simplification intervention • Enterprise-class features available for all • End-to-end protection segments » Policy compliance for all » Not limited to large appliances devices, including mobile • Growth of WLANs • Virtualization » Mobile enterprise » Virtual appliances » Multi-tenant environments
- 3. Firewalls Evolution • Firewalls developed over 25 years ago » Initial protection by blocking traffic by port, protocol, or IP address • From packet filtering to circuit level to proxy to deep packet inspection… • Threat landscape evolved from primitive to more sophisticated » Able to pose as legitimate traffic & bypass policies » Business processes evolved as well • Firewall policies disabled over time to allow critical applications to pass through
- 4. Integrated Threat Protection in Action Problem: Error message: “Drops” copy of itself on “Innocent” Video Link: system and attempts to Redirects to malicious Website propagate “Out of date” Flash player error: “Download” malware file Solution: Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm
- 5. Integrated Threat Protection in Action • Application Control: Unwanted Services and P2P Limiting Botnet command channel, compromised Facebook applications, independent of port or protocol • Intrusion Prevention: Vulnerabilities and Exploits Browser and website attack code crafted by hackers and criminal gangs. • Web Filtering: Multiple categories and Malicious sites Botnet command, phishing, search poisoning, inappropriate content • Vulnerability Management: Real time exploit updates Multiple scanning points Firewall Gate, Analyzer, Web, DB, and Scan • Antispam: Unsolicited messages Phishing, Malware, Social Engineering and Junk • Antivirus: All malicious code Documents, macros, scripts, executable Delivered via Web, Email, USB, Instant messaging, social networks, etc.
- 6. LHS Connections and Updates #harsh_ jangra #HackingTechnoS Get Latest Facebook Hacking & Security Updates Security Updates Connect with us Subscribed on Facebook.com/HackingTechn Hands-On Labs LHS/ePaper ologies
- 7. Resources http://www.eCoreTechnoS.com www.LearnHackingSecurity.com http://www.HackingTechnologies.com http://www.GetHackingSecurity.com
Editor's Notes
- #5: Here is an example of our approach in action. This is the Koobface attack, which is still active in the wild.Starts as a link to a non-existent video on a malicious site sent via IM, email, or webmail. The first layer of protection is web filtering to block access to the site. If the user clicks on the link, he would receive a phony alert telling him his player is not working, and to download a non-existent new version on a malicious site. By clicking on the “OK” button on the phony Error message, the user is actually instructing his system to install the virus. Antivirus protection would detect the file that the user is trying to install, and block itOnce installed, the worm would try to propagate. The IPS technology would detect the propagation effort, and block it before it could succeed.