06 NGFW Security Protection

SANGFOR NGFW
Security Protection
Content Objective
Introduction 1. Understand the threat of user and server go
online and how NGFW can protect them from it.
Content Security 1. Grasp the content security application

scenarios and configuration
IPS 1. Understand vulnerabilities onclient and server
which NGFW can protect, and how to modify IP
S protection rules.
2. Master IPS application scenarios and configur
ation
Integrate Applications 1. Learn how to configure the appropriate
Security Policy protection policies based on user requirement
NGFW Security Features
Security Content, IPS

SANGFOR
NGAF
Case Study
Practice
深信服公司简介
1. NGFW Security Protection
Introduction
Protection introduction
Risk facing by internal user when accessing to internet :
（ 1 ） Unauthorized access, illegal user traffic

（ 2 ） DDOS attacks, ARP spoofing
（ 3 ） Unwanted access (office hours using P2P,
Streaming Video)
（ 4 ） Illegal access (access to pornography,
gambling sites)
（ 5 ） Unwanted access (unknown script and plug
ins)
SG 代理
（ 6 ） Insecure access (web, mail-borne viruses)
（ 7 ） Botnet and Backdoor attack by using
vulnerabilities of PC
Protection introduction
Internal User Protection
Unauthorized access, illegal traffic Authentication
DDOS attacks, ARP spoofing Firewall
Unwanted access (P2P, Streaming Media) Application Control
Illegal access (access to pornography, gambling sites) Web Filtering
Insecure access (web, mail-borne viruses) Gateway Antivirus
Backdoor attack by using vulnerabilities of PC IPS

2. Security Protection
2.1.Security Content Introduction
2.2.IPS Introduction
Security Protection
1.Access Control
Access control include : application control, anti-virus, anti-malware ,web filter.

（ 1 ） Application Control
Application control policy can be control base on the application / service to do
two-way access control. There is a default deny all services / application control
policy.
Service Control ： By matching source address, destination address, protocol
number, source port, destination port to perform filter action
SG 代理
Application Control ： By matching packets to perform filter action, you need to
pass after allow certain number of packets to pass through in order to determine the
type of application
Security Protection
1.Access Control
（ 2 ） Antivirus
Antivirus is mainly used filter the virus that pass through NGFW to protect a
specific area. NGFW can scanning on HTTP, FTP, POP3 and SMTP protocols.
（ 3 ） Botnets
Botnet Detection refers to machine with a virus, Trojan infection trying to
communicate with the external network and AF recognizes the traffic then apply
blocking and logging based on user policies.
（ 4 ） Web Filtering SG 代理
WEB Filtering is filter website access base on URL category and file filtering.
Security Protection
1.Access Control
Select
Source
User/Group
Select related
Services or Application
Select
Destination
User/Group
Select
service/
application
Security Protection
1.Anti Virus
Select protocol
type of virus d
efense
For a list of file types sp

ecified in antivirus, you c
an manually fill in the file
type, only HTTP and FT
P antivirus antivirus
supported
Access to certain URL / I

P data is not for virus def
ense, only for HTTP
Security Protection
1. APT Detection
APT detection is
based on
Internal Network,
Select internel
zone
Security Options
Log event
options
Security Protection
1.Web Filter
HTTP （ get ） :Unable

to visit certain websites
HTTP （ post ） :Can
open webpage but
can't upload file
HTTPS:Select to
enforce policy on https
websites
SG
代
Security Protection
2.IPS
（ 1 ） What is IPS ？
IPS (Intrusion Prevention System) is base on packet detection to discover potential
threats in internal system. Regardless operating system or applications running on
top of it are likely to have some security vulnerability, an attacker could exploit
these vulnerabilities with aggressive attack packets.
NGFW had built-in rules to protect against security vulnerabilities. NGFW will
compare the packet that enter to the network with the built-in vulnerability rules and
determine the purpose of this packet then decide whether to allow or deny these
SG 代理
packet enters the target area network base on user configuration.
Security Protection
2.IPS
（ 2 ） IPS vulnerablity database
This is our IPS vulnerablity database,we classify each vulnerablity and mark
the treat leval.
SG 代理
Security Protection
2.IPS
（ 3 ） IPS protecte objects
Client ： Protect client avoid treat affected by the vulerablity not in client system or
software.
Server ： Protect client avoid treat affected by the vulerablity not in client system or
software.
Brute force ： Prevent user login system frequently by try lot of username and password
（ 4 ） IPS rules type
Protect server and client avoid treat （ such as trojan.worm ）
Protect server application （ such as mail .database ）
Protect client software （ such as OA.IE ）
SG 代理
Security Protection
2.IPS
（ 5 ） IPS configurate
SG 代理
Security Protection
2.IPS
（ 6 ） Use IPS/WAF/APT detection trigger affiliated source lockout
SG 代理
Security Protection
2.IPS
（ 7 ） Trigger affiliated source lockout note
1.IPS/WAF/APT can set trigger affiliated source lockout
2.IPS/WAF/APT only deny action can trigger affiliated source lockout
3.If one ip lockout by trigger affiliated source lockout ,no flow can through NGFW
from this source ip
4.If one ip lockout by trigger affiliated source lockout ,this ip can login NGFW web
console but can’t login report center
5.Trigger affiliated source lockout can only lockout 1000
6.Lockout log can view from report center.
SG 代理
Security Protection
2.IPS
（ 8 ） Modify IPS database
we marked the vulnerability as high,medium,low three level,Sometimes the
normal connection between outside and inside may false positived as a threat and
denied by NGFW,so we must modifythe IPS database.
SG 代理
Note
1.NGFW application control default deny all,you should

allow some by yourself
2.File filter in web filter can’t prevent download and upload

by FTP
3.The source zone in IPS rules is the threat source.
4.Server protection and endpoint protection use different

SG 代
IPS database,because the way of attack is different.
www.sangfor.com

06 NGFW Security Protection

Uploaded by

Copyright:

Available Formats

You might also like

06 NGFW Security Protection

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

06 NGFW Security Protection

Uploaded by

Copyright:

Available Formats

SANGFOR NGFW

Content Security 1. Grasp the content security application

Security Content, IPS

（ 1 ） Unauthorized access, illegal user traffic

Unauthorized access, illegal traffic Authentication

DDOS attacks, ARP spoofing Firewall

Unwanted access (P2P, Streaming Media) Application Control

Illegal access (access to pornography, gambling sites) Web Filtering

Insecure access (web, mail-borne viruses) Gateway Antivirus

Backdoor attack by using vulnerabilities of PC IPS

Access control include : application control, anti-virus, anti-malware ,web filter.

For a list of file types sp

Access to certain URL / I

HTTP （ get ） :Unable

1.NGFW application control default deny all,you should

2.File filter in web filter can’t prevent download and upload

3.The source zone in IPS rules is the threat source.

4.Server protection and endpoint protection use different

You might also like