Professional Documents
Culture Documents
06 NGFW Security Protection
06 NGFW Security Protection
06 NGFW Security Protection
Security Protection
Content Objective
Introduction 1. Understand the threat of user and server go
online and how NGFW can protect them from it.
Practice
深信服公司简介
1. NGFW Security Protection
Introduction
Protection introduction
Risk facing by internal user when accessing to internet :
( 2 ) Antivirus
Antivirus is mainly used filter the virus that pass through NGFW to protect a
specific area. NGFW can scanning on HTTP, FTP, POP3 and SMTP protocols.
( 3 ) Botnets
Botnet Detection refers to machine with a virus, Trojan infection trying to
communicate with the external network and AF recognizes the traffic then apply
blocking and logging based on user policies.
( 4 ) Web Filtering SG 代理
WEB Filtering is filter website access base on URL category and file filtering.
Security Protection
1.Access Control
Select
Source
User/Group
Select related
Services or Application
Select
Destination
User/Group
Select
service/
application
Security Protection
1.Anti Virus
Select protocol
type of virus d
efense
APT detection is
based on
Internal Network,
Select internel
zone
Security Options
Log event
options
Security Protection
1.Web Filter
SG
代
Security Protection
2.IPS
( 1 ) What is IPS ?
IPS (Intrusion Prevention System) is base on packet detection to discover potential
threats in internal system. Regardless operating system or applications running on
top of it are likely to have some security vulnerability, an attacker could exploit
these vulnerabilities with aggressive attack packets.
NGFW had built-in rules to protect against security vulnerabilities. NGFW will
compare the packet that enter to the network with the built-in vulnerability rules and
determine the purpose of this packet then decide whether to allow or deny these
SG 代理
packet enters the target area network base on user configuration.
Security Protection
2.IPS
( 2 ) IPS vulnerablity database
This is our IPS vulnerablity database,we classify each vulnerablity and mark
the treat leval.
SG 代理
Security Protection
2.IPS
( 3 ) IPS protecte objects
Client : Protect client avoid treat affected by the vulerablity not in client system or
software.
Server : Protect client avoid treat affected by the vulerablity not in client system or
software.
Brute force : Prevent user login system frequently by try lot of username and password
( 4 ) IPS rules type
Protect server and client avoid treat ( such as trojan.worm )
Protect server application ( such as mail .database )
Protect client software ( such as OA.IE )
SG 代理
Security Protection
2.IPS
( 5 ) IPS configurate
SG 代理
Security Protection
2.IPS
( 6 ) Use IPS/WAF/APT detection trigger affiliated source lockout
SG 代理
Security Protection
2.IPS
( 7 ) Trigger affiliated source lockout note
1.IPS/WAF/APT can set trigger affiliated source lockout
2.IPS/WAF/APT only deny action can trigger affiliated source lockout
3.If one ip lockout by trigger affiliated source lockout ,no flow can through NGFW
from this source ip
4.If one ip lockout by trigger affiliated source lockout ,this ip can login NGFW web
console but can’t login report center
5.Trigger affiliated source lockout can only lockout 1000
6.Lockout log can view from report center.
SG 代理
Security Protection
2.IPS
( 8 ) Modify IPS database
we marked the vulnerability as high,medium,low three level,Sometimes the
normal connection between outside and inside may false positived as a threat and
denied by NGFW,so we must modifythe IPS database.
SG 代理
Note