00 Introduction for sangfor more important
- 1. SANGFOR NGAF V8.0.35 Associate NGAF Introduction
- 2. Introduction 1 Deployment 2 VPN 3 User Authentication 4 4 Bandwidth Management 5 Network Security 6 Device Management 7
- 4. New Threats, New Security • A large number of new applications built on the HTTP/HTTPS standard protocol • A number of threats to rely on the spread of the spread of the application • Gartner report: 75% of the attack from the application layer • Difficulties of O&M for Network Security • No Visibility of Users, Traffic and IT Assets ! • No Real-Time Detection, No Post-Event Detection, Slow Response ! • Difficulties of O&M for Network Security, Time Wasted ! • Low Performance for L7 Application Layer Security ! Traditional Security Model is Outdated ! Security Trend
- 5. Security evolution Firewall 1990s’ IPS…UTM 2000s’ NGFW/APT 2000s’-2010s’ WAF 2000s’-2010s’ • Http/Web- based attack • Automatic policy learning • DPI • Malware • Sandboxing • Signature • Anomaly • Heuristic • Packet filter • Stateful • ACL TECHNOLOGY SECURITY • Insufficient detection capability • Lack of detection tool • High cost has limited deployment of advanced security solutions
- 6. Security evolution WAF 2000s’-2010s’ • Http/Web- based attack • Automatic policy learning IPS 2000s’ • Signature • Anomaly • Heuristic Firewall 1990s’ • Packet filter • Stateful • ACL APT/NGFW 2000s’-2010s’ • DPI • Malware • Sandboxing Risk mitigation NGFW+ WAF in one box Security effectiveness Decryption security operation Total threat prevention Total Cost of Ownership Affordable Total Threat Prevention to All Business Networks
- 7. NGAF Function Network security Business Visibility APP security High performance Traffic identification BM Illegal business Block Core business Bandwidth guarantee OA Legitimate business Bandwidth limitation APP security protection WAF unknown Threat Multi- core Cross- module Efficient algorithm Once analysis potential threat IPS APT Anti-virus Backtracking Sandbox App control log Traffic log Network security log Risk Assessment Report Center Authentication NAT Dos/DDoS VPN WEB Scanner Real-time vulnerability analysis
- 9. Deployment NGAF has flexible network adaptability, could deploy as route mode, bridge mode, virtual wire mode, mixed mode, mirror mode, HA(High availability), support RIP, GRE,OSPF as well. Route Mode Bridge Mode Mixed Mode Mirror Mode
- 10. 3. VPN
- 11. IPSEC VPN, SANGFOR VPN & SSL VPN NGAF provide three type VPNs, IPSEC VPN, SSL VPN, SANGFOR VPN. User can work at anywhere with VPN.
- 13. User Authentication Authentication effectively identify legal users. NGAF can also do authentication with third-party server, like AD server, radius.
- 15. Bandwidth Management BM can limit the non-work related traffic , protect the core business and the core user's bandwidth, enhance bandwidth value. Granularity: • BW Guarantee: Min& Max, priority • BW Limit: Max, priority • Downlink & uplink control • Per user max bandwidth Flexibility • Application, URL, user, schedule, dst. IP, Sub- interface, VLAN Traffic visibility
- 17. Content Security Access control based on application. NGAF recognizes more than 10000 applications and rules. Deep identification Advanced identification
- 18. Content Security Contain 3 functions: • Mail protection: mail attachments virus detection, mail attachments filtering, XSS attack detection, Collision Attack • URL filtering: HTTP(GET), HTTP(POST), HTTPS filtering • File protection: HTTP/ FTP download/upload virus detection and file type filtering Content policy
- 19. DOS/DDOS DOS attack :DOS (Denial of Service) , is an attempt to make a machine or network resource unavailable to its intended users. DDOS attack:DDOS (Distributed Denial of service) is a lot of DOS attack on a machine or network resource. NGAF anti-DOS/DDOS have two type “outside attack” and “inside attack”. Inbound attack:Mainly for protect internal server not being attack from external zone. Outbound attack:Mainly for protect device itself or LAN traffic.
- 20. APT The infected viruses/Trojans PC attempt to communicate with the C&C server, NGAF identify the traffic, block and record the log according to the user policy, help customers to locate the infected PC and block its network traffic, to avoid some illegal malicious data into the client, provide a better protective effect. NGAF Malware Signature Database contains 12 type: trojan, adware, malware, spy, backdoor, worm, exploit, hack tool, virus, malware site, locky virus, mobile botnet. It is more than 400,000 signatures.
- 21. Sandbox Detection in SandBox Environment: • Process creation • File system modifications • Registry modification 1. Suspicious Traffic Reporting 2. Sandbox Detection is Performed 4.2 Cloud Sync Update 4.1 Safety Rules Delivered 3. Generate Security Rules
- 22. IPS IPS (Intrusion Prevention System) is base on packet detection to discover potential threats in internal system. Regardless operating system or applications running on top of it are likely to have some security vulnerability, an attacker could exploit these vulnerabilities with aggressive attack packets. NGAF had built-in rules to protect against security vulnerabilities. NGAF will compare the packet that enter to the network with the built-in vulnerability rules and determine the purpose of this packet then decide whether to allow or deny these packet enters the target area network base on user configuration.
- 23. WAF Server protection mainly used to prevent attack from un-trusted zone (such as the Internet) on the target server. Currently NGFW focused on providing protection on Web and FTP applications. • Web App Protection , SQL injection, XSS attack, Trojan horse, Website scan, WEBSHELL, CSRF, OS command injection, File inclusion, Path traversal, Information disclosure, Web site vulnerabilities • Application hiding, Hide application server version to prevent the attacker found the appropriate holes from the version information • Password Protection, prevent attacker brute force user passwords • Privilege control, prevent malicious files uploaded to the protected URL path. • DLP, provides scanning on sensitive data (plain text) in HTTP server, block when data leak is found and filter downloading file type
- 24. WAF Web protection OS Command Injection SQL Injection XSS Attack CSRF Website Trojan Website scan WEBSHELL File Inclusion Path Traversal Information disclosure
- 25. Security Solution This is the Sangfor next-generation security solution with coordination among cloud, endpoint and boundary appliances, building a wholesome and comprehensive security system that can give advisory prior to, protect during, detect and respond after an intrusion event, give risk analytics and advisory from security engines in Cloud, detection and response from endpoint protection agent, detection and protection on boundary appliance.
- 26. Monitor Monitor can be used to query and statistics of each function module generated log. For example, you can check out the WEB application protection blocking attacks, and can query to attack the source IP, target IP and other detailed information. Can count the server in the specified time by the number of DOS attacks, etc..
- 28. How to login NGAF Default IP address of manage port (EHT0): 10.251.251.251 Default username/password is admin/admin
- 29. How to upgrade NGAF You can upgrade NGAF with Firmware Updater. Click ‘update’ to upgrade the device. You can press ‘F10’ to get more details.
- 30. How to restore NGAF to defaults 1. Connect to NGAF with firmware updater. 2. Press F10, and choose the Restore Factory Defaults. 3. Choose the corresponding update package and restore it. Restore NGAF with updater:
- 31. How to restore NGAF to defaults Go to System > Maintenance > Backup/Restore, restore NGAF to defaults with WebUI:
- 32. How to reset the NGAF password Restore password with USB Drive: 1. Create an empty txt file named reset-password.txt or Copy the reset-password.txt file to the root directory of U Disk; 2. Insert the U disk, restart the device; 3. When the device can normally log on the WebUI, pull out the U disk; 4. See the results of the U disk file reset-password.log,If the recovery is successful, record the restored console password in this file, otherwise the log is recorded the recovery failure information. Notes: 1.This TXT file can be directly on the windows system to establish a empty TXT file, the file name to reset-password.txt; 2.The txt file must be in the root directory of the U disk; 3.U disk can be single or multiple partitions. A single partition of the U disk format must be FAT32; multi partition U disk must put the txt file in the first partition, and the first partition format must be FAT32.
- 33. Thank you ! tech.support@sangfor.com community.sangfor.com Sangfor Technologies (Headquarters) Block A1, Nanshan iPark, No.1001 Xueyuan Road, Nanshan District, Shenzhen, Guangdong Province, P. R. China (518055)