Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Ids & ips
Ähnlich wie Ids & ips (20)
Mehr von Lan & Wan Solutions
Mehr von Lan & Wan Solutions (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Ids & ips
- 1. © Copyright Fortinet Inc. All rights reserved. Inside FortiOS IDS & IPS Versione 5.2.4 – Mar 2015 Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche
- 3. 3 FortiOS 5.2 Feature Set ATP OSS Support AAA Central Mgmt. Integrations Configuration Visibility Log & Report Diagnostics Management Anti-Malware IPS Application Control Web Filtering Email Filtering Firewall VPN DLP User & Device Identity SSL inspection Security Functions Wireless Controller Switch Controller Endpoint Manager Token Server Vulnerability Scanner Extensions :::::::::: Virtual Domains :::::::::: Virtual Systems Routing NAT/CGN WAN Link / Server LB Wan Optimization Network Functions L2/Switching IPv6 QoS High Availability NAT/Route Transparent Sniffer Operating Modes LAN WiFi WAN Network Interface Physical Appliance (+ASICS) Hypervisor Cloud Platform * Features may varied by models
- 4. 4 Overview IPS IPS Signatures Over 7,000+ Signatures Integrated FortiGuard IPS encyclopedia Zero-day Threat Protection & Research Custom Signatures Rate based Signatures Signature Filtering User Quarantine, Packet Logging DOS Protection Rate based - set thresholds for various types of network operations Deployment Options Sniffer Mode Bypass Interface & FortiBridge Low latency, superior coverage and cost/performance integrated IPS 2012 NSS Security Value Map
- 5. 5 IPS Sensor Regular IPS Signatures Protect against » Known Vulnerability & Zero day exploits » Protocol abnormalities Details Pop-Up linked to FortiGuard IPS encyclopedia Filtered by IPS Severity OS Protocol Applications Target (Client/Server)
- 6. 6 Rate Based Signatures Brute force protection by blocking subsequent requests when threshold (incident per defined sec.) is reached » Definable block duration » Various tracking methods IPS Sensor IPS
- 7. 7 FortiGuard Service Outstanding Detection Rate 100% resistance to evasions, 97.9% Detection rate (NSS Test 2011) Vigorous Benchmark Testing Tested on over 4 different tools Weekly Determine & Improve effectiveness of a security device to detect network vulnerabilities IPS
- 8. 8 FortiGuard Service FortiGuard Center FortiGuard Encyclopedia – detailed description of known threats IPS Updates log (RSS Feed) Vulnerability Advisories Threat Monitor – Top attacks by geographic breakdowns Zero-Day Research • Reported over 153 vulnerabilities, 124 of which have been disclosed and fixed by the appropriate vendor(s) IPS
- 9. 9 Performance IPS 0 20 40 60 80 100 120 140 160 Latency (μs) NSS IPS Latency (July 2012) Check Point 12600 Stonesoft 1302 Juniper IDP 8000 Sourcefire 3D8120 Sourcefire 3D8260 Sourcefire 3D8250 SonicWALL SuperMassive IBM GX7800 PA 5020 HP/TippingPoint 6100N McAfee M-8000 FortiGate 3240C FortiGate 3240C also beats all IPS competition with Lowest Latency
- 10. 10 Packet Logging Forensic Tool Packet Capture triggered IPS signatures Can be saved as pcap file for forensic studies Can be either log to disk, FortiAnalyzer or FortiCloud IPS
- 11. 11 User Quarantine Intelligently blocks attackers from launching further attack » Most attacks are conducted via several steps. Eg. port scan, followed by more targeted hacking activities Free up IPS resources since traffic is now stopped by firewall. Manually or set expiry time to remove from banned list User Quarantine Attackers IP Address Antivirus IPS DLP Duration Endpoint Control IPS
- 12. 12 Advanced Features IPS NGIPS Contextual Awareness » Correlate with related information such as users & applications Automation » Automated impact assessment for quick policy tuning with FortiView » Network behavior analysis using Threat Score
- 13. 13 DOS Sensors DOS Protection Detects and mitigate traffic that is is part of a DoS attack Applied as DOS Policies prior of Firewall Policies Rate based: set thresholds for various types of network operations Sensor list can be updated only when the firmware image is upgraded on the unit. TCP UDP ICMP Packet Rate to a Destination IP TCP_SYN_FLOOD UDP_FLOOD ICMP_FLOOD Packet Rate from a Source IP TCP_PORT_SCAN UDP_SCAN ICMP_SWEEP # of Concurrent Sessions to a Destination IP TCP_DST_SESS UDP_DST_SESS ICMP_DST_SESS # of Concurrent Sessions From a Source IP TCP_SRC_SESS UDP_SRC_SESS ICMP_SRC_SESS IPS
- 14. 14 Contattaci Gratuitamente … Certified experts in Fortimail and email security Certified experts in Fortiweb and web application firewall protection Certified experts in FortiAp, FortiWifi and wireless security CONTACTS Tel. +39 049 8843198 DIGIT (5) contacts@lanewan.it www.lanewan.it In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica- zione, raggiungendo la qualifica di Partner Of Excellence.