endian unified threat management - 4aero...
TRANSCRIPT
Endian Unified Threat Management
Introduction/Demo to Endian UTMlmarzke
Lee Marzke (4AERO.com)
Infrastructure Consultant:
Software Development organizations
Specialize in SCM, Process, PM, Tools
Just Enough Agile
Virtualization (VMware, NetAPP SAN )
2 to 200 hosts
Endian Unified Threat Management ( UTM )
UTM Components
Security
Filtering
Network Services
Form Factor
Software Appliance
Hardware Appliance
Unified Threat Management is: (1)
Consolidated Security
Multi-zone Firewall / Proxy (HTTP, FTP, SMTP, DNS)
Web and Email AV
Intrusion Detection (SNORT in-line)
OpenVPN
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
1 of 14 07/08/2010 01:53 PM
Filtering
URL, Content , Attachment Filtering
Email Anti-Spam, Bayesian Learning Filter
Unified Threat Management is: (2)
Network Services
DHCP, DNS, Time, QoS
Misc Services
Dynamic DNS
NTOP traffic monitor
* Hotspot / radius server
pfSense, IPCOP, Smoothwall -vs- UTM
Security <-----------> Administration Cost
One server per job <---> Combined Functions
Minimal Functions <---> More Functions
You could also argue that more security functions for the same budget gives you more security.
Endian (Bolzano, Italy)
Open Source (community) software appliance
Virtual Firewall Appliance (VM)
Commercial software appliance w/ support
Network Portal for managing devices on support
Hardware Appliances 10 - 2500 users
Firewall Architecture
4 zones (Red/Orange/Green/Blue) +VPN (purple) zone
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
2 of 14 07/08/2010 01:53 PM
UTM at 4AERO
Web GUI (1)
Dashboard
Network Interface(s) and Status
Hardware Status (RRD)
current traffic graphs (RRD)
Web GUI (1a)
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
3 of 14 07/08/2010 01:53 PM
Web GUI (2) - Status Connections
Web GUI (2a) Status HW RRD Graphs
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
4 of 14 07/08/2010 01:53 PM
Web GUI (2b) Status Traffic RRD Graphs
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
5 of 14 07/08/2010 01:53 PM
Web GUI (3) Network Hosts
Web GUI 4 Services DHCP fixed leases
Web GUI (4a) Services IDS (Snort in-line)
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
6 of 14 07/08/2010 01:53 PM
Web GUI 5 Firewall OUT
Web GUI 5a Firewall port forwards
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
7 of 14 07/08/2010 01:53 PM
Web GUI 5b Firewall Interzone
Web GUI 6 Proxy HTTP
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
8 of 14 07/08/2010 01:53 PM
Web GUI 6a Proxy HTTP Content Filter
Web GUI 7 VPN
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
9 of 14 07/08/2010 01:53 PM
Demo System
Lenovo X61 Laptop
VMware Workstation
Endian UTM VM -->
Private Network
Windows XP (green) <--
Example Use Cases (1)
Filter Web (HTTP) Traffic
HTTP Proxy
Modes
Manual Proxy setup in Browser
Automatic Proxy detection (WPAD, or PAC)
Transparent
Optional Authentication
Internal, AD, Radius
Filtering
AntiVirus, URL's, Content, Attachments
Example Use Cases (2)
Email Filtering
POP3 Proxy
( Spam and AV )
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
10 of 14 07/08/2010 01:53 PM
SMTP Proxy
Both Inbound and Outbound filtering
( Spam, AV, Attachments )
Bayesian Spam Learning ( Site Wide )
SPAM Training Service
SPAM folder on IMAP
HAM folder on IMAP
Example Use Cases (3)
Prevent client DNS attacks
DNS Proxy
Rewrite port 53 requests to use Endian specified DNS
Redirect known spyware requests
Change NS based on domain
Example Use Cases (4)
Internal Hosts ( ~ split DNS )
Specify internal IP for external domain names
Allows external URL's to work internally.
Example Use Cases (5)
Redundant Uplinks
Network/Interfaces/Uplink Editor
Network/Routing/Policy Routing
Example Use Cases (6)
Assign Fixed DHCP leases
Services/DHCP
Advantages of Static, without the hassle
Great for Laptops !
Example Use Cases (7)
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
11 of 14 07/08/2010 01:53 PM
Intrusion Detection (Snort)
Services/IDS
Default is to Warn, Click to Block
IDS traffic enabled case-by-case using Firewall Rules
Example Use Cases (8)
Enable Quality of Service (QoS)
Services/QoS/Devices
Set Uplink/Downlink speeds
Classes
Default (High, Medium, Low, Bulk )
Rules
Based on MAC, IP, zone, or TOS
Example Use Cases (9)
Setup OpenVPN
Services/VPN/OpenVPN
Add user
Download cacert.pem to client
Install Endian OpenVPN client ( Commerical version only ) -or-
Install OpenVPN and scripts as required.
Command Line
Serial Console optional ( at install time )
Config Files
Normal configuration files
/var/efw/ , /etc/endian/services
Scripts
Endian scripts in /usr/local/bin ( python )
Enterprise Features
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
12 of 14 07/08/2010 01:53 PM
* = Not Available in Community
Multi-WAN fail-over
RAID 1 ( if 2 disks available during install )
* High Availability (Hot Spare )
* Endian Network ( remote Portal for upgrades, control )
Endian Network
Open Source -vs- Commercial Support
Open Source (Community)
Many open-source packages
Many menu options
Testing / support by community
I've found ~10% of functions broken in new releases
Commercial
Released after Community 'shake-out'
Email support from Endian
Production quality
Commercial Pricing
Software Subscription - $250+ per year
Hardware $750 to $10k +
Commercial Demos or Pricing Quotes
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
13 of 14 07/08/2010 01:53 PM
Contact [email protected]
Questions
Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html
14 of 14 07/08/2010 01:53 PM