5. Definition of Threat - Continue Threat Definition Attack from Phishing The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user information e-mail Spam Electronic junk mail or junk newsgroup postings e-mail Keylogger Monitor keyboard, and take your information with out notice. web Malware Short for malicious( 惡意 ) software, software designed specifically to damage or disrupt a system , such as a virus or a Trojan horse web/ E-mail Spyware Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Nuisance spyware, which does not cause harm; while Malicious spyware will harm the PC or system. web Rootkit A rootkit is a type of malicious software that is activated each time your system boots up . Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard. network / Web Zombies A zombie is a computer that has been infected by a malicious software application, called a "bot". Once the bot is installed, the zombie computer can be controlled by a remote malicious user without the knowledge or permission of the computer's rightful owner web/network
19. STM150, STM300, STM600 STM150 STM300 STM600 Customer type Small to Medium Networks Medium-sized Networks Medium-sized Networks Recommended Number of Concurrent Users 20 - 150 Up to 300 Up to 600 Concurrently Scanned HTTP Connections 1,000 2,000 4,000 HTTP Throughput (Mb/s) 43 148 239 SMTP Throughput (emails/hour) 139,000 420,000 960,000
20.
21. STM150, STM300, STM600- Skus Take EU sku as example Model SKU Description List Price STM150EW STM150EW-100EUS Bundle ProSecure™ Web and Email Threat Management Appliance STM150 (Hardware including 1-year Web, 1-year Email, and 1-year Software Maintenance & Upgrades) STM150 STM150-100EUS Hardware ProSecure™ Web and Email Threat Management Appliance STM150 (Additional Web and/or Email Subscription Required) STM150E STM150E-10000S 1 Year Email Threat Management Subscription for STM150 STM150E3 STM150E3-10000S 3 Year Email Threat Management Subscription for STM150 STM150M STM150M-10000S 1 Year Support & Maintenance Subscription for STM150 STM150M3 STM150M3-10000S 3 Year Support & Maintenance Subscriptions for STM150 STM150W STM150W-10000S 1 Year Web Threat Management Subscription for STM150 STM150W3 STM150W3-10000S 3 Year Web Threat Management Subscription for STM150
22.
23.
24. UTM10, UTM25 UTM10 UTM25 Customer type Small Networks Small Networks Recommended Number of Concurrent Users 1 - 15 10 - 30 AV Throughput 31 Mbps 45 Mbps Stateful Packet Inspection Firewall Throughput 133 Mbps 153 Mbps WAN Ports / LAN Ports (Gigabit) WAN 1 / LAN 4 WAN 2 / LAN 4 Concurrent Sessions 8,000 20,000 Web (HTTP, HTTPS, FTP) ● ● Email (SMTP, POP3, IMAP) ● ● Site to Site VPN Tunnel 10 25 SSL VPN for Remote Access 5 13
25. UTM10, UTM25- Skus Model SKU Description List Price UTM10 EW UTM10 EW-100EUS Bundle ProSecure™ Web and Email Threat Management Appliance UTM10 (Hardware including 1-year Web, 1-year Email, and 1-year Software Maintenance & Upgrades) UTM10 UTM10 -100EUS Hardware ProSecure™ Web and Email Threat Management Appliance UTM10 (Additional Web and/or Email Subscription Required) UTM10 E UTM10 E-10000S 1 Year Email Threat Management Subscription for UTM10 S UTM10 E3 UTM10 E3-10000S 3 Year Email Threat Management Subscription for UTM10 UTM10 M UTM10 M-10000S 1 Year Support & Maintenance Subscription for UTM10 UTM10 M3 UTM10 M3-10000S 3 Year Support & Maintenance Subscriptions for UTM10 UTM10 W UTM10 W-10000S 1 Year Web Threat Management Subscription for UTM10 UTM10 W3 UTM10 W3-10000S 3 Year Web Threat Management Subscription for UTM10
26.
27. Partners – Best of breed Technology Partners brings Enterprise Grade Security to SMB Technology NETGEAR STM NETGEAR UTM Competition Anti-Virus Malware Trojans Phishing Full 1.6 Million Signatures Full 600K Signatures Fortinet : Clam AV open source + their own 60K AV signatures. Watchguard : AVG 40K AV signatures. Sonicwall : Clam AV open source + their own 3.2K (TZ180/190) 27K (TZ210/NSA) Checkpoint : Kaspersky Lite SafeStream 11K Barracuda : Clam AV open source + their own 100K AV signatures. ZyXEL : Kaspersky Lite SafeStream + their own 15K Anti-SPAM Hybrid in-the-cloud 50 Millions sources Hybrid in-the-cloud Fortinet : RBL approach (Public Black Lists) Watchguard : Commtouch Sonicwall : RBL approach (Public Black Lists) Checkpoint : SpamAssassin (Open source) Barracuda : SpamAssassin (Open source) ZyXEL : Mailshell Web Content- Filtering 100 M URLs 64 categories 100 M URLs 64 categories Fortinet : Self + unknown Watchguard : SurfControl (Websense) Sonicwall : Self + unknown Checkpoint : SurfControl (Websense) Barracuda : SpamAssassin (Open source) ZyXEL : Blue Coat
28.
Editor's Notes
Web & e-mail security is the 80% important of threat
HTTP: H yper T ext T ransfer P rotocol, is a protocol used to transfer files from a Web server onto a browser in order to view a Web page that is on the Internet FTP: File Transfer Protocol , is a protocol used to upload files from a workstation to a FTP server or download files from a FTP server to a workstation HTTPS: URLs that require an SSL connection start with https: instead of http :. SSL: S ecure S ockets L ayer
Benefit of in the cloud service: no need to save code in HD, real time detecting.
So that no limit in languages. / Better performance/ effectively stopping an outbreak before it becomes widespread.
SPI/IPS/DoS stateful packet inspection (SPI) a stateful firewall (any firewall that performs stateful packet inspection ( SPI ) or stateful inspection ) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected. Intrusion prevention (IPS), IDS It provides policies and rules for network traffic along with an intrusion detection system for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted DoS Attack : Short for d enial- o f- s ervice attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic . Anomaly : 異常
Probe: 探針
VPN: Short for v irtual p rivate n etwork, a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. SSL: Short for S ecure S ockets L ayer , a protocol developed by Netscape for transmitting private documents via the Internet . IPsec : Short for IP Sec urity, a set of protocols developed by the IETF ( I nternet E ngineering T ask F orce ) to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs) .
IM control: Noon time can use MSN, but not during other time.