secui_mf2_v1.2.2_eng
TRANSCRIPT
Multi-Function Firewall 2nd Edition
1. Security Trends
2. About SECUI MF2
3. Special Advantages of SECUI MF2
4. SECUI MF2 Series
Multi-Function Firewall 2nd Edition
Security Trend
- Appearance of New Security Threats
- Change of Security Related External Environment
- Appearance of Next Generation Firewall
1. Security Trend
Appearance of New Security Threats Different from the Past
The appearance of new attack types using the limitations of existing UTM
Service Vulnerability
Malicious Code Inflow
Leak of Internal Info
Leak of Personal Info
Web
Vulnerability
Attack
Zombie
PC/DDoS
Application
http(80)
https(443)
4 SECUI.COM
Change of External Environment Related to Security
Web/Application security risk
Extended spread of mobile devices
Extended network bandwidth
Establishment and effectuation of Personal Information Protection Act
IPv4 depletion & suspension of assignment
Establishment of Regulations Related to Spread of Mobile Devices and Information Protection
Application Traffic Control
Increased Demand of High
Performance Devices
Mandatory Protection of Personal Info
Started Supplying
IPv6
5
1. Security Trend
SECUI.COM
Appearance of Next Generation Firewall
Appearance of Next Generation Firewall to cope with changing security threats
Functional Factors of Next Generation Firewall (NGFW)
Next-Generation Firewall UTM (Multi Function Firewall)
6
1. Security Trend
SECUI.COM
About SECUI MF2
- SECUI MF2
- SM DPI
- SC FDE
Multi-Function Firewall 2nd Edition
’11
’07
’03
’01
The next generation security product that has implemented the idea of Next-Generation Firewall
Software
UTM
Appliance
NGFW
2G
4G, 17G
1G
40G SECUI MF2 Series (NG Firewall)
SECUI NXG Series , eXshield (UTM, Multi Function Firewall)
NXG Series (Firewall, VPN)
secuiWall (Firewall)
2. About SECUI MF2
8 SECUI.COM
SM DPI (SECUI Multi-stage Deep Packet Inspection)
Blocks external attacks, prevents inflow of malicious codes, detects zombies while providing identification
and control functions of various applications through precise Deep Packet Inspection on multistage (multilayer)
IPS/DDoS Application Control Anti-Virus/Spam - Full support of PCRE signature & Option - Separate assignment of profile on virtual
domain - Applying the engine of exclusive Anti-DDoS
device
- Control on internet application - Multistage Application Control engine - Control of action with User ID by
application
- File-based of high detection rate - Stream-based method more than 10 times
faster than the File-based (Able to check unlimited size of files)
Policy Virtual Domain
IPS/DDoS
Application Control
Anti-Virus/Spam
DATA HEADER
9
2. About SECUI MF2
SECUI.COM
SC FDE (SECUI Clustering-based Flow Distribution Engine)
An integrated security platform implemented with 64 Bit SecuiOSTM and high performance Multi-Core
The latest hardware architecture combining Symmetrical Multi-Processing (SMP) and clustering technology
Applying load distribution processing technology which uses multi cores effectively to handle without
lowering of network speed
SECUI MF2 session distribution processing technology implementing optimum performance to multi core
Core
Core
Core
Core
Core Core
Core
Thread
Thread
Thread
Thread
Thread
Thread
Multi Core CPU
Reso
urce
Check
er
Balancer (Core Resource Flow)
NIC
NIC
NIC
NIC
NIC
NIC
Input Output
2. About SECUI MF2
FULL
Special Advantages of SECUI MF2
- Overview
- Application Control
- VPN (IPsec / SSL / Mobile)
- IPS & DDoS
- Web Filter
- Web Server Protection
- Anti - Virus
- Anti - Spam
- SMART HA
- SMART NAT ( Policy Based NAT )
- Improved Convenience of Policy Management
Special Advantages of SECUI MF2
SMART HA, By-Pass
LACP, LLCF
Multicast (PIM-SM, IGMP)
RIP, OSPF, BGP
SMART NAT (Policy Based)
PBR (Policy Based Routing)
Firewall
VPN
- IPSec VPN
- SSL VPN (Clientless)
- Mobile VPN
IPS & DDoS
Anti-Virus
Anti-Spam
- RBL (Real-time Blocking List)
Support
Application Control
Web Server Protection
Harmful Site Block
Anonymizer Site Block
3. Special Advantages of SECUI MF2
12 SECUI.COM
Application Control
Provides control feature on various internet applications using http/https from the development of web technology
Mounted with multistage Application Control engine through protocol analysis
- Action control with User ID by application regardless of user movement or IP change
13
3. Special Advantages of SECUI MF2
SECUI.COM
SOURCE DESTINATION Application Security Action
HR Team
Support Dept
HR Team_Web Mail Attachment
Support Dept_P2P Control
Development Team_1
Category Application Exception IP Exception User Message File
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Detect
Block
Block
Block
VPN (IPSec / SSL / Mobile)
Supports both international standard certification protocol and encryption algorithm, fully supports IPSec, SSL and Mobile VPN
Improved line management function: Automatic speed check, solves line failure, load distribution by line speed
Multi-Tunnel, Bonding and Load balancing functions for effective usage of xDSL multi-line
SSL VPN Supported Browser
Mobile SSL VPN support OS
Intranet Web
Server 1
Web based ERP Server
Intranet Web
Server 2
Mobile SSL VPN
IPSec VPN
USB Client
SSL VPN
ERP Server
Web Server 2 ERP Server
Web Server 1 & 2, ERP Server
<Setting Access by User>
3. Special Advantages of SECUI MF2
14
※ SSL/Mobile scheduled for first half of 2012
SECUI.COM
IPS & DDoS
Fully supports NCSC(National Cyber Security Center), ECSC(Education Cyber Security Center),
PCRE(Perl Compatible Regular Expression) signature and option
Separate assignment of protection profile on virtual protection domain, flexible application of security policy
Powerful Anti-DDoS feature (Applying the engine of exclusive Anti-DDoS device)
Provides internal zombie PC monitoring and block feature
A Network B Network
Zombie PC
Virtual Domain (A)
Virtual Domain (B)
N/W IP Address
N/W IP Address
TCP Stream
Client Port
To Server Packet
Flooding Block
Anti Spoofing
SCAN Protection
3. Special Advantages of SECUI MF2
15
- Establishing individual security policy using Virtual Domain
- Internal zombie PC detection and network block
SECUI.COM
Anonymizer Servers
Web Filter
Improved URL Filter Feature
- Prevention of detour through IP address input (Auto update of IP address on URL)
- Precise block that has extended checked area with URI field without just checking URL
- The function to prepare and set up various warning pages by profile
Block of detoured access HTTP request using Anonymizer website (Auto update of Proxy server list)
Attempts Proxy server access to access a shopping mall http://28.135.57.2
http://www.casino.com
Anonymizer Server List Update
www.proxyserver.com …
Blocks detoured access of illegal website
Blocks direct access of illegal website
Internet
3. Special Advantages of SECUI MF2
16
Update Servers
SECUI.COM
Web Server Protection
Ban pattern block, Block of extension within URL (malicious code risks such as exe, dll or bat)
Command injection block, SQL injection block and XSS injection block features
Detects/blocks web robots gathering contents for indexing of search engine by periodic visits to website
Web Server User
Attacker
SQL Injection
XSS Injection
Command Line Injection
…
SQL XSS
Com- mand
17
3. Special Advantages of SECUI MF2
SECUI.COM
Anti-Virus
Uses both Stream-based method of fast search speed or File-based method of high detection rate
- Used by selecting Stream-based or File-based depending on the environment
- File-Based : Able to select 2 types of virus engines (high detection rate)
- Stream-Based: More than 10 times faster than the File-Based method (unlimited file size)
Prevents unnecessary waste of system resources by setting file extensions and names as exceptions
Anti-Virus Stream-Based Anti-Virus File-Based
Most Recently DB
3. Special Advantages of SECUI MF2
Output Input
Full Anti-Virus DB Buffer
(File) Scan (File)
Deliver (File)
Time
Output Input
Buffer Scan (Packet)
Deliver
Latency Time
18
Latency
SECUI.COM
Anti-Spam
Supports multi-language keyword filter with Global Anti-Spam solution
- Able to apply title, body and regular expression
Automatically checks whether sender domain is the actual domain through DNS Query
Supports RBL (Real time Blocking List) function
- RBL cache function support (using firewall black list)
Blocks non-allowed commands, allow/deny e-mail address, external spam detection server management
Mail-Server Receives only normal mails Mail Relay block
Session Limit per mail sender
Block keyword list
RBL
Non-allowed command block
Mail size limit
Spam Mail
Malicious Mail
Normal Mail
19
3. Special Advantages of SECUI MF2
SECUI.COM
SMART HA (High Availability)
Provides Advanced HA enabling combined usage of Router and Bridge modes
Raises availability of Port with HA Port Bonding function
Fast and convenient device extension with Plug-in
Supports safe replacement without influence of service with Hot Swap during HA member failure
External Network
Internal Network
DMZ Network
External Network
Internal Network
20
3. Special Advantages of SECUI MF2
L2 switch for HA L3
L3
HA
Failure Replacement Device
Occurrence of Failure
New Extension Plug-in Method
MAX 16 Units
Hot Swap Replacement
Bridge Mode Router Mode
SECUI.COM
SMART NAT (Policy Based NAT)
Securing flexibility of network configuration through PB NAT (Policy Based NAT) feature
Able to use NAT policy by as many as the number of policies
Can be simply implemented on all NAT of various types including 1:1, 1:M, N:M or 1:N
Client Web server (1.1.1.1)
External Internal
www.secu.com (2.2.2.101)
21
3. Special Advantages of SECUI MF2
SECUI.COM
Improved Convenience of Policy Management
Provides convenience of managing related policies through policy grouping
Maximizes convenience by adding Drag & Drop feature
Prevents unnecessary waste of policy resources by improving unused, non-referenced object/policy search feature
Even more convenient Policy Editing feature using policy Drag & Drop
Effective use of resources with unused object / policy search feature
22
3. Special Advantages of SECUI MF2
SECUI.COM
Firewall Policy Settings X
Do you wish to move?
Notice
Yes No
Basic Search Advanced Search
Advanced Search only provides the search results on applied policies
Policies being edited are not included in the search target
Check applied policies
Inflow Zone
Source IP
Destination IP
Internal Network
Protocol
Port
Port
Search non-referred policies Non-referred days
Search
Object Search
NO. Policy ID
SECUI MF2 Series
- Line up
- Spec
- Certificates (National Cyber Security Center CC, IPv6, TTA)
- SECUI CA
24
4. SECUI MF2 Series SECUI CA (Central Analyzer)
Provides a separate program which conveniently gathers the log of small devices to administrator PC
Monitors Dashboard, Top10 info and trend graph, etc. real-time from the administrator PC
Able to view detailed logs with convenient conditional search on all logs
Provides perfect security audit and customer support Report as a form of CSV(excel) file
Syslog Transmission
Console PC
System Info
(CPU, Memory, HDD) User Option Screen
(Security Log, Top10 Log)
Traffic Trend graph
(By Action and Protocol)
SECUI.COM
4. SECUI MF2 Series SECUI CA (3D dashboard)
Provides 3D Visualized Dashboard and Log Viewer for intuitive monitoring and security control
Visualizes traffic based on traffic and session information of source and destination IP
Monitoring by sorting according to the direction of traffic by the classification of All, Input and Output
25
1. Expresses IP and Port as sphere
2. Size of sphere and thickness of line
depending on the amount of traffic
1. All
2. In Out
3. Out In
SECUI.COM
Perf
orm
ance
MF2 1000
MF2 500
MF2 100
MF2 6000
MF2 2000
MF2 3000
Small Scale Network
Medium Scale Network
Large Scale Network
Firewall Max 500Mbps Firewall Max 2Gbps Firewall Max 4Gbps Firewall Max 10Gbps Firewall Max 20Gbps (10G Interface)
Firewall Max 40Gbps
(10G Interface)
Line Up 4. SECUI MF2 Series
26 SECUI.COM
SECUI MF2 100 SECUI MF2 500 SECUI MF2 1000 SECUI MF2 2000 SECUI MF2 3000 SECUI MF2 6000
H/W
Chassis
HDD - 250GB 500GB 1TB 2TB 2TB
1G Copper
(bypass) 4 Ports(2) 6 Ports(2) 6 Ports(4) 8 Ports(8) 8 Ports(8) 8 Ports(8)
1G Fiber - - 2 Ports 8 Ports 4 Ports option
10G Fiber - - - - 4 Ports 8 Ports
Power Supply Single Single Single Dual Dual Dual
Perfor-
mance Firewall Max 500Mbps 2 Gbps 4 Gbps 10 Gbps 20 Gbps 40 Gbps
Expansion Modules
1G Fiber ByPass 2-port 1G Fiber ByPass Module (MF2 2000, 3000, 6000)
10G Fiber ByPass 2-port 10G Fiber ByPass Module (MF2 3000, 6000)
Specification
27
4. SECUI MF2 Series
SECUI.COM
28
Certificates (National Cyber Security Center CC, IPv6, TTA)
Certificate No. TTA-V-N-11-058, 059, 060
Model Name SECUI MF2 100, 6000, 1000
Scope of Certificate IPv6 Router Core Suitability and Interoperability
Certificate No. NISS-0342-2011
Model Name SECUI MF2 V1.0
Logo ID 02-C-000648
Version SecuiOS V2.0(64bit)
4. SECUI MF2 Series
Scope of Certificate IPv6 Router Scope of Certificate FW+VPN(EAL4)
SECUI.COM