Docstoc

Endian Unified Threat Management

Document Sample
Endian Unified Threat Management Powered By Docstoc
					Endian Unified Threat Management                                  file:///home/lmarzke/Desktop/endian.html




          Endian Unified Threat Management
          Introduction/Demo to Endian UTM
          lmarzke


          Lee Marzke (4AERO.com)
          Infrastructure Consultant:


          Software Development organizations
          Specialize in SCM, Process, PM, Tools

          Just Enough Agile


          Virtualization (VMware, NetAPP SAN )

          2 to 200 hosts




          Endian Unified Threat Management ( UTM )
          UTM Components
          Security
          Filtering
          Network Services


          Form Factor
          Software Appliance

          Hardware Appliance


          Unified Threat Management is:                        (1)
          Consolidated Security

          Multi-zone Firewall / Proxy (HTTP, FTP, SMTP, DNS)
          Web and Email AV
          Intrusion Detection (SNORT in-line)
          OpenVPN



1 of 14                                                                             07/08/2010 01:53 PM
Endian Unified Threat Management                                            file:///home/lmarzke/Desktop/endian.html


          Filtering
          URL, Content , Attachment Filtering

          Email Anti-Spam, Bayesian Learning Filter


          Unified Threat Management is:                                (2)
          Network Services
          DHCP, DNS, Time, QoS
          Misc Services

          Dynamic DNS
          NTOP traffic monitor

          * Hotspot / radius server


          pfSense, IPCOP, Smoothwall -vs- UTM


          Security <-----------> Administration Cost
          One server per job <--->              Combined Functions
          Minimal Functions <--->               More Functions


          You could also argue that more security functions for the same budget gives you more security.


          Endian (Bolzano, Italy)
          Open Source (community) software appliance
          Virtual Firewall Appliance (VM)

          Commercial software appliance w/ support
          Network Portal for managing devices on support
          Hardware Appliances 10 - 2500 users


          Firewall Architecture
          4 zones (Red/Orange/Green/Blue) +
          VPN (purple) zone




2 of 14                                                                                       07/08/2010 01:53 PM
Endian Unified Threat Management                                  file:///home/lmarzke/Desktop/endian.html




          UTM at 4AERO




                                  Web GUI (1)
                                  Dashboard
                                  Network Interface(s) and Status

                                  Hardware Status (RRD)
                                  current traffic graphs (RRD)


          Web GUI (1a)


3 of 14                                                                             07/08/2010 01:53 PM
Endian Unified Threat Management              file:///home/lmarzke/Desktop/endian.html




          Web GUI (2) - Status Connections




          Web GUI (2a) Status HW RRD Graphs



4 of 14                                                         07/08/2010 01:53 PM
Endian Unified Threat Management                   file:///home/lmarzke/Desktop/endian.html




          Web GUI (2b)        Status Traffic RRD Graphs




5 of 14                                                              07/08/2010 01:53 PM
Endian Unified Threat Management               file:///home/lmarzke/Desktop/endian.html




          Web GUI (3) Network Hosts




          Web GUI 4 Services DHCP fixed leases




          Web GUI (4a) Services IDS (Snort in-line)




6 of 14                                                          07/08/2010 01:53 PM
Endian Unified Threat Management               file:///home/lmarzke/Desktop/endian.html




          Web GUI 5 Firewall OUT




          Web GUI 5a Firewall port forwards



7 of 14                                                          07/08/2010 01:53 PM
Endian Unified Threat Management           file:///home/lmarzke/Desktop/endian.html




          Web GUI 5b Firewall Interzone




          Web GUI 6 Proxy HTTP




8 of 14                                                      07/08/2010 01:53 PM
Endian Unified Threat Management             file:///home/lmarzke/Desktop/endian.html




          Web GUI 6a Proxy HTTP Content Filter




          Web GUI 7 VPN




9 of 14                                                        07/08/2010 01:53 PM
Endian Unified Threat Management                   file:///home/lmarzke/Desktop/endian.html




       Demo System
       Lenovo X61 Laptop
       VMware Workstation
       Endian UTM VM -->
                     Private Network
       Windows XP (green)     <--


       Example Use Cases (1)
       Filter Web (HTTP) Traffic
       HTTP Proxy

       Modes
       Manual Proxy setup in Browser

       Automatic Proxy detection (WPAD, or PAC)
       Transparent
       Optional Authentication
       Internal, AD, Radius
       Filtering
       AntiVirus, URL's, Content, Attachments


       Example Use Cases (2)
       Email Filtering
       POP3 Proxy
       ( Spam and AV )




10 of 14                                                             07/08/2010 01:53 PM
Endian Unified Threat Management                               file:///home/lmarzke/Desktop/endian.html


       SMTP Proxy
       Both Inbound and Outbound filtering

       ( Spam, AV, Attachments )
       Bayesian Spam Learning ( Site Wide )

       SPAM Training Service
       SPAM folder on IMAP
       HAM folder on IMAP


       Example Use Cases (3)
       Prevent client DNS attacks
       DNS Proxy

       Rewrite port 53 requests to use Endian specified DNS
       Redirect known spyware requests
       Change NS based on domain


       Example Use Cases (4)
       Internal Hosts ( ~ split DNS )
       Specify internal IP for external domain names
       Allows external URL's to work internally.


       Example Use Cases (5)
       Redundant Uplinks
       Network/Interfaces/Uplink Editor
       Network/Routing/Policy Routing


       Example Use Cases (6)
       Assign Fixed DHCP leases
       Services/DHCP
       Advantages of Static, without the hassle
       Great for Laptops !


       Example Use Cases (7)


11 of 14                                                                         07/08/2010 01:53 PM
Endian Unified Threat Management                                         file:///home/lmarzke/Desktop/endian.html


       Intrusion Detection (Snort)
       Services/IDS

       Default is to Warn, Click to Block
       IDS traffic enabled case-by-case using Firewall Rules


       Example Use Cases (8)
       Enable Quality of Service (QoS)
       Services/QoS/Devices
       Set Uplink/Downlink speeds
       Classes
       Default (High, Medium, Low, Bulk )

       Rules
       Based on MAC, IP, zone, or TOS


       Example Use Cases (9)
       Setup OpenVPN
       Services/VPN/OpenVPN
       Add user
       Download cacert.pem to client
       Install Endian OpenVPN client ( Commerical version only ) -or-
       Install OpenVPN and scripts as required.


       Command Line
       Serial Console optional ( at install time )

       Config Files
       Normal configuration files

       /var/efw/ , /etc/endian/services

       Scripts
       Endian scripts in /usr/local/bin ( python )


       Enterprise Features


12 of 14                                                                                   07/08/2010 01:53 PM
Endian Unified Threat Management                                   file:///home/lmarzke/Desktop/endian.html


       * = Not Available in Community
       Multi-WAN fail-over

       RAID 1 ( if 2 disks available during install )
       * High Availability (Hot Spare )

       * Endian Network ( remote Portal for upgrades, control )


       Endian Network




       Open Source -vs- Commercial Support
       Open Source (Community)

       Many open-source packages
       Many menu options
       Testing / support by community
       I've found ~10% of functions broken in new releases

       Commercial
       Released after Community 'shake-out'
       Email support from Endian

       Production quality


       Commercial Pricing
       Software Subscription - $250+ per year
       Hardware $750 to $10k +



       Commercial Demos or Pricing Quotes



13 of 14                                                                             07/08/2010 01:53 PM
Endian Unified Threat Management    file:///home/lmarzke/Desktop/endian.html


       Contact lmarzke@4aero.com


       Questions




14 of 14                                              07/08/2010 01:53 PM