![Page 1: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/1.jpg)
0
Introducing Intelligent Application Switch – L4 & L7 Switch
![Page 2: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/2.jpg)
목 차
1. Radware 회사 소개2. Radware 장비 및 L4 Switch 소개3. SynApps & Dos Shield 소개4. L7 Switch 소개5. Radware 구성 예 및 실제 Network 구성도6. Technical Tip7. Case Study8. Q&A
![Page 3: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/3.jpg)
• We are a public company since Sept. ‘99 (NASDAQ: RDWR)
• Member of the RAD group
• Sold in over 50 countries
• More than 200 distributors world wide
1. Radware 회사 소개
![Page 4: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/4.jpg)
2. Radware 장비 및 L4 Switch 소개
![Page 5: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/5.jpg)
1x10G+7x1G+16x1FEAS3
8x1FEAS1
2x1G+8x1FEAS1
7x1GAS2
5x1G+16x1FEAS2
Physical Interface System
128M256M512MMaximum Memory
9.6Gbps19.2Gbps44GbpsBackplane Speed
266MHz500MHZ500MHzProcessor Speed
MPC 7410MPC 7410MPC7410 + Network Proc.Processor Model
AS1AS2AS3특징
2. Radware 장비 및 L4 Switch 소개
![Page 6: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/6.jpg)
2. Radware 장비 및 L4 Switch 소개
![Page 7: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/7.jpg)
2. Radware 장비 및 L4 Switch 소개
![Page 8: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/8.jpg)
2. Radware 장비 및 L4 Switch 소개
![Page 9: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/9.jpg)
CID
Http or ftp or Spam Mail Gateway Solution
Internal Network
Http Scanner
Mail Server
Spam Mail Scanner
2. Radware 장비 및 L4 Switch 소개
![Page 10: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/10.jpg)
Firewall /Firewall / VPN Gateway loadVPN Gateway load--balancing
Local clients
Access router
FireProofFireProof
Firewall 1 /VPN
Gateway 1
IDS
Firewall 2 /VPN
Gateway 2
2. Radware 장비 및 L4 Switch 소개
![Page 11: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/11.jpg)
IDS Gateway load-balancing (Fireproof)
2. Radware 장비 및 L4 Switch 소개
![Page 12: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/12.jpg)
•A layer of services available on any and all Radware Products
5 key areas that SynApps addresses
SynAppsTMFailures
Non-optimization
Non-differentiation Security
DoS Attacks
Application Security
DoSShield
BandwidthManagement
Traffic Redirection
HealthMonitoring
3. SynApps & Dos Shield 소개
![Page 13: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/13.jpg)
Health Monitoring
![Page 14: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/14.jpg)
Full Path Health Monitoring
End users
WSD
Web servers Application servers
Database servers
Web serversApplication
servers
Access router
Database servers
Checking Health…Health Passed
Checking Health…Health Failed
3. SynApps & Dos Shield 소개
![Page 15: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/15.jpg)
Traffic Redirection
![Page 16: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/16.jpg)
Traffic RedirectionContent Inspection – Traffic Flow
Internal NetworkFirewall
HTTP SMTP Filter
Trusted Traffic
3. SynApps & Dos Shield 소개
![Page 17: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/17.jpg)
Bandwidth Management
![Page 18: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/18.jpg)
Classify(Priority or VRRP)
PolicyEnforcement
• CBQ
• WRR
• RED
• Rules
• Filters
• Priorities
• BW allocation
Two Stage Classification
![Page 19: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/19.jpg)
Bandwidth ManagementPriority queues
Traffic
Classifier
Real time
Priority 0
Priority 2
Priority 1
Priority 3
Priority 5
Priority 4
Priority 6
Priority 7
VOIP
ERP
IM
SMTP
3. SynApps & Dos Shield 소개
![Page 20: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/20.jpg)
분류 (Classification)
• Configured rule
• Source IP address or network
• Destination IP address or network
• Filters - enhanced parameters matching
– Protocol - TCP, UDP,other IP
– Application port
– Packet based text matching
- including any type of content, URL or cookie
• Filter grouping
• Direction – one way or bi-directional
• Action - block or forward
![Page 21: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/21.jpg)
정책 시행 (Policy enforcement)
Class Based Queuing – (CBQ)
• Traffic is classified and queued according to priority
• More suitable for management by traffic limitations
• Ensures there is no starvation of any class
• Built-in support for borrowing bandwidth between classes
![Page 22: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/22.jpg)
Weighted Round Robin (WRR)
• Each class is queued according to its priority
• Packets are forwarded from the queues according to priority
• Until bandwidth limitation is met
• Optimal for management according to priority
정책 시행 (Policy enforcement)
![Page 23: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/23.jpg)
Random Early Drop (RED)
• Packets are dropped according to priority in cases were queues are overflowed
• This dropping method first effects the rate of lower priority queues (unlike the competition)
정책 시행 (Policy enforcement)
![Page 24: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/24.jpg)
Application Security
![Page 25: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/25.jpg)
Application Security
Access Router
Firewall 2
Firewall 1
FireProofFireProofLocal Clients
IDS Farm
• Real-time packet inspection & attack mitigation• 1,000 + attack signatures• Configurable & updated
ATTACK
Attack inProgress!
3. SynApps & Dos Shield 소개
![Page 26: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/26.jpg)
Attack In Progress
![Page 27: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/27.jpg)
Attack In Progress
![Page 28: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/28.jpg)
Hacking Log Report
Hacking Type
Source, Destination IP
![Page 29: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/29.jpg)
DoS Shield
![Page 30: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/30.jpg)
• 고용량 대역폭 상황을 위한 디자인
• 공격 감지를 위해 트래픽 Sampling
• DoS Shield는 실시간으로 공격 감지 및 차단
• 일반 트래픽은 일상적으로 처리
• 공격 signature을 사용자 정의
• Report Only / Block Modes
3. SynApps & Dos Shield 소개
![Page 31: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/31.jpg)
NoYesProtection from 1000+ attacks
YesNoProtection in Gbit speeds
YesNoSampling
YesYesDoS Protection
Dos ShieldApplicationSecurity
3. SynApps & Dos Shield 소개
![Page 32: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/32.jpg)
4. L7 Switch 소개
전형적인 공격
Access Router
Local Clients
Attack!
Primary Attack – “gatekeeper” 장애Secondary Attack – 정보 소실, 페이지 손실, etc
![Page 33: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/33.jpg)
-TCP/UDP/IP/ICMP등 모든 포트에 대한 Content filtering 지원
-Network Worm Virus 차단 지원
-시간, 횟수, 대여폭, session reset 지원
-포트 단위로 별도 rule 적용 지원
- Hacking 공격(land attack, smurf attack, icmp flooding, Backdoor, DOS, DDOS )등 차단
- Spam mail 차단 지원
- QOS 기능 지원
- IDS 또는 IPS 기능 지원
L7 Switch ?
![Page 34: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/34.jpg)
성능
보안
가용성
![Page 35: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/35.jpg)
유해 트래픽 이란?
DOS (Denial Of Service)DDOS (Distributed Denial Of Service)WormScanningP2P ServiceHacking 공격
Fragmentation 공격
Spam mail등등..
사용자가 시스템이나 네트워크 장비의 리소스를 독점하거나, 파괴하여서다른 사용자들에게 올바른 서비스를 제공하지 못하게 만드는 것을 말한다.
![Page 36: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/36.jpg)
-네트워크를 지나는 패킷을 실시간으로 H/W적으로
감시
-Bit 또는 Octet 단위 검사 가능
-Virus 에 감염된 패킷 차단 및 세션 단절 수행
-Bridge Mode 방식을 이용, 네트워크 성능저하방지
Network 접근 방식
Client Internet
Packet sniffing
Virus Scan SwitchClient Internet
Server
Gateway 접근 방식
-L4 스위치의 Redirction 기능을 이용,
네트워크를 지나는 패킷을 S/W적으로 감시
-Virus에 감염된 패킷 차단 및 치료 후
전달 가능
-네트워크 성능 저하 유발
Switch
구성방식
-Gateway 접근 방식, Network 접근 방식 (Packet Sniffing)
Virus Wall Virus Wall 특징특징 및및 구성구성
![Page 37: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/37.jpg)
OX차단 후 메일 공지
XOIP 주소, 서비스 포트로 차단
2FE5G + 16FENetwork Interface
Software 수동 Update사용자 정의 가능, 향후 자동 Update 예정DB Pattern Update
Hard-diskMemoryVirus DB 저장
E-mail Virus 만 차단ONetwork Virus & E-mail Virus 차단
XOL7 Payload 정보 차단
XOQOS 지원
Server + SoftwareSwitch장비 형태
최대10M 최대 1G (L7시)성능
Gateway 방식(L4 사용 필)Network 방식 (L7 독자적 사용) 구성 방식
Virus ServerRadware FP AS2 (L7 Switch)
L7 Switch & Virus Gateway
![Page 38: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/38.jpg)
Security levels
• Radware is the only vendor that provides complete security from the Network layer up to the Application layer
Router Layer 3
Firewall / VPN / L4 SwitchLayer 4
L7 Switch Layer 7
![Page 39: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/39.jpg)
OXOQOS
OXXWorm 차단
Worm 차단Session 차단
(ip와 port로)Routing 차단추세
Attack DB & L7 Layer에서 차단
일부 DOS 차단ACL을 빼고
Routing만 사용특징
OXXDDOS 공격 차단
OX (일부 가능)XDOS 공격 차단
IDS & IPS 가능X (제한적)XIDS & IPS 지원
743지원 LayerHeader & ContentACL(IP, Port)ACL(IP, Port)차단 방식
L7 filteringL4(IP, Port)로filteringRouting주기능
Radware L7 SwitchFirewallRouter
Router & Firewall & L7 Switch
![Page 40: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/40.jpg)
Radware L7 Switch (ASII)
- TCP/UDP/IP/ICMP등 모든 포트에 대한 Content filtering 지원- Network Worm Virus 차단 지원- 시간, 횟수, 대여폭, session reset 지원- 포트 단위로 별도 rule 적용 지원- Hacking 공격(land attack, smurf attack, icmp flooding, Backdoor, DOS, DDOS )등 차단
- Spam mail 차단 지원- Attack pattern DB- Scan 공격 감지 및 차단- Fragmentation Attack 차단- QOS 기능 지원(P2P Service 제어) - IDS 또는 IPS 기능 지원- L2 Wire-speed
![Page 41: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/41.jpg)
Version(4)
Destination IP Address (32)
Options (0 or 32 if any)
Data (varies if any)
1Bit 0 Bit 15 Bit 16 Bit 31Header
Length (4)Priority & Type
of Service (8) Total Length (16)
Identification (16) Flags(3) Fragment offset (13)
Time to live (8) Protocol (8) Header checksum (16)
Source IP Address (32)
20Bytes
IP Datagram
![Page 42: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/42.jpg)
Source port (16) Destination port (16)
Sequence number (32)
Headerlength (4)
Acknowledgement number (32)
Reserved (6) Code bits (6) Window (16)
Checksum (16) Urgent (16)
Options (0 or 32 if any)
Data (varies)
20Bytes
Bit 0 Bit 15 Bit 16 Bit 31
TCP Segment Format
![Page 43: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/43.jpg)
Source port (16) Destination port (16)
Length (16)
Data (if any)
1Bit 0 Bit 15 Bit 16 Bit 31
Checksum (16)
8Bytes
UDP Segment Format
![Page 44: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/44.jpg)
L7 스위치에서 새로운 바이러스 차단방법
![Page 45: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/45.jpg)
L7 스위치 차단방법
![Page 46: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/46.jpg)
Radware에 적용한 유해 트래픽 차단 정책
• 과다 인입시, 시스템 오동작 및 서비스 장애 발생
• 특정 목적지 IP로 1초에 1000회 이상 인입되는 TCP
패킷을 차단 (Syn-Flooding)
Standard-
syn-urg
• 해킹과 공격 위험 증가 및 일부장비 장애 발생
• 공격대상 선정을 위한 UCP Port 및 IP Address
Scanning 차단과 Back-Door 접근 차단
Standard-
UDP-Scan
• 과다 인입시, 시스템 오동작 및 서비스 장애 발생
• 특정 목적지 IP로 1초에 500회 이상 인입되는 UDP
패킷을 차단
Standard-
UDP-flooding
• 해킹과 공격 위험 증가 및 일부장비 장애 발생
• 공격대상 선정을 위한 TCP Port 및 IP Address
Scanning차단과 Back-Door 접근 차단
Standard-
TCP-Scan
• 과다 인입시, 시스템 오동작 및 서비스 장애 발생
• 브로드캐스트 혹은 멀티캐스트 주소와 필요치 않은
ICMP ECHO 응답에 대해 보내지는 ICMP 패킷 차단
Standard-
Smurf-Dst
• 과다 인입시, 일부 시스템 오동작 및 서비스 장애 발생
• 출발지 와 목적지 IP가 같은 패킷들을 차단
Standard-
Land-Attack
• 과다 인입시, 시스템 오동작 및 서비스 장애 발생
• 특정 IP로 1초에 150회 이상 인입되는 ICMP 차단
Standard-
ICMP-Flood
• 과다 인입시, 시스템 오동작 및 서비스 장애 발생
• 에러가 있는 fragment offset 및 fragment 길이
정보를 가진 IP packet fragment를 차단
Standard -
Fragments–Flag
• 비정상적인 Offset,Fragment Bit, 크기의 ICMP 차단
• 과다 인입시, 시스템 오동작 및 서비스 장애 발생
Standard-
Fragmented–ICMP
정책설정화면상세설명정책명칭
![Page 47: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/47.jpg)
• MS 시스템에서 파일 공유를 위해 제공하는 서비스
이며, 불규칙하게 타 시스템 정보 획득을 위해 트래
픽을 발생 시킴
• 불규칙적으로 발생하는 Netbios 트래픽이 우리은행
보안망에 부하를 일으키고 있음
• Netbios 사용 서비스 포트 차단
(TCP:137,138,139 & UDP:137,138,139)
Sim_Netbios
TCP&UDP
• 네트워크와 메일을 통해 전송되며, 레지스트리변경,
스팸 메일발송, 특정포트 오픈(TCP:10168, 20168)
• TCP:10168과 20168 이용 트래픽 차단
Lovgate Worm
• TCP:139을 이용하며 과다 인입 시, 서비스장애 및
시스템 감염됨
• TCP:139 트래픽중, TCP data 부분에 “scrsvr.exe”를 포함하는 트래픽을 차단
OpaSoft-3 Worm
• TCP:139을 이용하며 과다 인입 시, 서비스장애 및
시스템 감염됨
• TCP:139 트래픽중, TCP data 부분에 “ACACACAC”를 포함하는 트래픽을 차단
OpaSoft-2 Worm
• UDP:137을 이용하며 과다 인입 시, 서비스장애 및
시스템 감염됨
• UDP:137 트래픽중, UDP data 부분에 “AAAAAAAA”를 포함하는 트래픽을 차단
OpaSoft-1 Worm
• 과다 인입시 서비스 장애 및 시스템이 감염됨
• TCP:80 트래픽중, Tcp data 부분에 “Default.ida”를포함하는 트래픽을 차단
Code-red Worm
default
정책설정화면상세설명정책명칭
Radware에 적용한 유해 트래픽 차단 정책
![Page 48: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/48.jpg)
• MS 시스템에서 보안파일 공유를 위해 제공하는
서비스를 이용하며 자가 복제 및 전파하며, 백도어
및 악성 IRCbot이 설치됨.
• 보안파일 공유 서비스 포트 차단 (TCP:445)
Delot_bwm Worm
• Nimda 변종이며, 과다 인입시, 서비스 장애 및
시스템이 감염됨
• TCP:25,110을 사용하는 메일 트래픽중, Tcp data
부분에 “sample.exe”를 포함하는 메일 트래픽을
차단
Nimda-Sample Worm
• MS-SQL의 취약점을 이용하여 공격하며, 과다 인입
시 네트워크속도저하, 시스템을 공격하며 감염
• 취약점 서비스 포트인 UDP:1434를 차단
Slammer-SQL worm
• 과다 인입시 서비스 장애 및 시스템이 감염됨
• TCP:80 트래픽중, Tcp data 부분에 “root.exe”를포함하는 트래픽을 차단
Nimda-root worm
• 과다 인입시 서비스 장애 및 시스템이 감염됨
• TCP:80 트래픽중, Tcp data 부분에 “cmd.exe”를포함하는 트래픽을 차단
Nimda-CMD worm
• 불법자료 획득을 위한 불법자료 서버 접속용 서비스
• 불법자료 서버들에 접속을 위해 대량의 트래픽 이용
• 불법 서버의 서비스 포트를 이용해 차단
(TCP:4661,4662)
당나귀 P2P
서비스
• 불법자료 획득을 위한 불법자료 서버 접속용 서비스
• 불법자료 서버들에 접속을 위해 대량의 트래픽 이용
• 불법 서버의 서비스 포트를 이용해 차단
(UDP:5101,7674,22321,4665)
소리바다 P2P
서비스
정책설정화면상세설명정책명칭
Radware에 적용한 유해 트래픽 차단 정책
![Page 49: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/49.jpg)
• IRC 및 P2P서비스등을 통해 감염되며, 백도어 설치
스팸메일 전송
• Worm이 사용하는 IRC 및 P2P 서비스 포트를 차단
(TCP:2018,2019,2020.2021)
Fizzer worm
• 메일과 네트웍을 통해 감염되며, 레지스트리 변경
백도어 설치되며 스팸메일 전송.
• TCP:25,110 이용하는 메일 트래픽중, 송신인이
“[email protected]” 인 스팸메일 차단
Sobic Worm
• 메일과 네트웍을 통해 감염되며, 레지스트리 변경
백도어 설치되며 스팸메일 전송.
• TCP:25,110 이용하는 메일 트래픽중, 송신인이
“[email protected]” 인 스팸메일 차단
Palyh Worm
정책설정화면상세설명정책명칭
Radware에 적용한 유해 트래픽 차단 정책
![Page 50: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/50.jpg)
Radware MIB로 작성된 통계 데이터
![Page 51: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/51.jpg)
유해트래픽 발생 건수에 대한 통계 데이터
![Page 52: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/52.jpg)
<유해 트래픽 별 발생 Source IP Top>
![Page 53: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/53.jpg)
<유해 트래픽 별 발생 Source IP Top>
![Page 54: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/54.jpg)
Configware Insite
![Page 55: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/55.jpg)
Configware Insite
![Page 56: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/56.jpg)
Configware Insite
![Page 57: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/57.jpg)
RadwareRadware를를 통한통한 QOS QOS 지원지원
![Page 58: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/58.jpg)
P2P 서비스를 10M로 제한한 예
서비스 별 QOS 적용 ( L7 Switch – FireProof )
- 내부적으로 알고 있는 서비스에 1.5배의 서비스에 대해 Rule 설정- 새로운 바이러스에 대해 급격한 서비스 장애 예방
QOS 설정
![Page 59: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/59.jpg)
대역폭대역폭 제한제한 예예
![Page 60: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/60.jpg)
- Switch 기반의 Anti-Virus Scanning & Blocking , TCP Reset
- 성능 저하가 없는 네트워크 구축
- Secured Network 구축이 가능한 솔루션, 주요한 Hacking 공격과 Virus 차단, IDS 기능 지원
- 자유로운 망 구조 구축이 가능한 Switch 솔루션 & 관리용 1개의 IP로 구성 (구성상 BRIDGE)
- In-Bound & Out-Bound 트래픽에 대한 방향성 설정이 가능
- 새로운 Virus에 대해 대처 용이, 네트워크 바이러스 차단
-Virus의 IP-Address 정보를 통한 신속한 조치
- Layer4 수준(port & ip-address)뿐 아니라 Header & Payload(Content) 부분도 검색을 하기 때문에 보다 수준 높은 보안을 설정
- Attack DB로 쉬운 관리 가능
L7 Switch 구축 시 장점?
![Page 61: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/61.jpg)
5. Case Study
![Page 62: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/62.jpg)
Backbone
Network Network 구성도구성도
Radware 적용Virus packet
Block
1Gbps1Gbps
1Gbps 1Gbps
Internet
![Page 63: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/63.jpg)
L 2L 2
L 2 L 2 L 2
L 2
증권사
L4+L7
L4
![Page 64: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/64.jpg)
고객 수용용 Router
대학 가입자 Router/Switch
유해차단 시스템 FP
Backbone
교육망
유해 트래픽 차단 (Network Virus)동일 Mac-address가 들어오더라도 처리무한 Mac address 처리Static-Forwarding Link Loss Carry Forward 기능 지원
![Page 65: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/65.jpg)
L4 Switch
DNS
Router
L4 Switch
DNS
L7 Switch
DNS DNS 적용도적용도
적용 전 적용 후
Router In-addr.arpa
![Page 66: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/66.jpg)
International line
Domestic Backbone Network
Cache Server
국제망국제망 구성도구성도
![Page 67: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/67.jpg)
PublicNetwork
Main S/W II(Public)
Main S/W I(Public)
Virus WallL4 Switch
2 * GE
Web/infra , Billing
Web Server Farm
My home
Web Server Farm
1Gbps
1Gbps
Internet Backbone L2 Switch
Club / BBS
Web Server Farm
1Gbps
Include“ARM”
Include“ARM”
Virus WallL4 Switch
1~2Gbps
기업기업 망망 구성도구성도
![Page 68: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/68.jpg)
Fireproof AS II Fireproof AS II
SwitchSwitch
Switch Switch
Fireproof AS IISwitch
Fireproof AS II
Fireproof AS II
Switch
Fireproof AS II
Switch Switch
SwitchSwitch
Fireproof AS IIFireproof AS II
Switch
1Gbps
범 례범 례
10/100Mbps
Router Router
Internet Internet
증권사증권사 구성도구성도
Switch
![Page 69: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/69.jpg)
Web Server
Internet
Routing Switch
Building 3
Routing Switch
Routing Switch
Routing SwitchBuilding 2
Routing Switch
Routing Switch
Routing Switch
100 BASE-TX
Data Center
100 BASE-TX
대학대학 구성도구성도 –– L7L7
![Page 70: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/70.jpg)
Web Server or Cache server
Internet
Routing Switch
Building 3
Routing Switch
Routing Switch
Routing SwitchBuilding 2
Routing Switch
Routing Switch
Routing Switch
100 BASE-TX
Data Center
100 BASE-TX
대학대학 구성도구성도 –– L4 + L7L4 + L7
SLB + Virus-filtering
![Page 71: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/71.jpg)
D사 구성도
Alpine3808
L 2
RND
MAKING A VIRTUAL WORLD REAL
WWSD
WSD-H PlatformWSD with Synapps
L 2
Firewall
WSD (L4)
KIDCKIDC
![Page 72: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/72.jpg)
L사 구성도Internet
SiSiSiSi
Static Forwarding (L7)
![Page 73: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/73.jpg)
internetinternet
DMZ DMZ
AS I AS I
AS II
건물건물BB
AS II
건물건물AA
A사 구성도
![Page 74: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/74.jpg)
Security Solutions
Anti-Virus
Cache
URL Filtering
IDS Farm
Passive SSL
Firewall/VPNs
SSL Acceleration
SwitchServerFarms
FireProof
CID
CertainT
SynApps Enabled
![Page 75: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/75.jpg)
관리용 회선
관리용 회선
6. Technical Information - TIP
No IP on Interface
![Page 76: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/76.jpg)
7. Why Radware ?
1. Stability- Hanaro(2001.10~Now), Thrunet(2002.1~Now), KT(2002.5~Now)Dacom(2002.1~Now, 2003.3~Now)ISP에서 다년간 검증 완료, 대학, 금융권, 일반 기업등에서 검증 완료
2. Intelligent Application Switch을 제공하는 전문 업체- L4 (WSD, CSD, FP, CSD, CID, PeerDirector, CT-100), L7의 전문 스위치 장비를 생산하는 전문 업체본사의 빠른 고객 지원, 앞서가는 L7 기능, 빠른 고객 요구 수용
3. Market Trend & Market Leading, Market Share- 국내외 L7 시장의 경향과 시장 점유율, 시장의 선두 주자로후발 업체들에 자극을 주고 있는 상황.특히 국내 점유율은 1위를 고수하고 있음.
![Page 77: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/77.jpg)
8. Q&A
![Page 78: Introducing Intelligent Application Switch – L4 & L7 Switch · Radware 회사소개 ... Solution Internal Network Http Scanner Mail Server Spam Mail Scanner 2. Radware 장비및L4](https://reader033.vdocuments.site/reader033/viewer/2022050114/5f4b8c3eddfd472d17714cb5/html5/thumbnails/78.jpg)