Professional Documents
Culture Documents
Fortinet - giải Pháp Firewall
Fortinet - giải Pháp Firewall
Chun b cho:
Lp bi:
Techhorizon
Version
Ni dung
0.1
To ti liu
Xem xt
Ngy
Tn v chc v
Nhn ti liu
Ngy
Tn v chc v
Mc Lc
MC LC.........................................................................................................................................3
1.
2.
1.2.
1.3.
2.2.
3.
2.1.2.
2.1.3.
2.2.2.
2.2.3.
S lng nhn vin hin ti trn 1,500 nhn vin k thut v nghin cu pht
trin
L cng ty duy nht t c 8 chng nhn ca ICSA Lab v 2 chng ch NSS Lab
Cc sn phm bo mt ca Fortinet gm :
Fortigate Firewall : thit b bo mt tng la + VPN, c th tch hp cc tnh nng
Antivirus, IPS, AntiSpam, Web filtering, Application Control, Data Leak Prevention
FortiMail
thit
chuyn
dng
bo
ring
thng
khi
Antivirus/Worm/Spyware v AntiSpam
FortiAnalyzer : thit b ghi log tp trung v phn tch log, scan h thng tm ra l
hng
FortiManager : thit b qun l tp trung thit b Fortigate v FortiClient, cho php
ngi qun tr qun l, cu hnh, update v p dng chnh sch bo mt chung cho tt
t cc thit b Fortigate & FortiClient trong ton h thng
FortiClient : phn mm personal firewall + VPN cho ngi s dng di ng. C th mua
thm license c thm cc tnh nng Antivirus, AntiSpam & Web filtering
Fortiguard subscription service : license ng k s dng v update cc tnh nng
Antivirus, IPS, AntiSpam v Wen filtering. License c th mua mi hng nm hoc nhiu
nm
Forticare service : dch v h tr k thut, gia tng thi gian bo hnh ca sn phm
cng nh update cc OS/firmware mi nht cho sn phm. dch v ny c th mua hng
nm hoc nhiu nm.
Ngoi ra cn rt nhiu c quan chnh ph ang s dng v trin khai gii php
VPN ca Fortinet nh : UBND LNG SN, H TNH, HI PHNG, BNH NH,
PH YN, QUNG NGI, THNG TN X VIT NAM,
1.2.
1.3.
2.1.1.
FortiASIC : H thng
trnh c thit k ngay trn phn cng cho php bo v mng theo thi gian thc. Vi
cng ngh mch in t thit k theo ng dng (Application-specific integrated circuit ASIC), FortiASIC gm 3 thnh
kim sot trng thi (stateful inspection) m bo mt lp ng dng v qut ton din
ni dung gi tin (application level security and content protection). Bng vic qut su
gi tin v bo mt lp ng dng, Fortigate gip ngi dng ngn chn c cc e da
v nguy c tn cng vo h thng m cc c ch ngn chn truyn thng khng thc
hin c, loi b cc on code nguy him nm su hoc ngy trang bn trong gi tin.
Ti u mng WAN tit kim bng thng v gim chi ph vn hnh mng
10
2.1.2.
Antivirus: Phng chng ln n 60.000 loi vi-rt & t ng cp nht (push update)
thng qua h thng khong 50 cm server t khp ni trn ton th gii.
Lun lun c bo v trc cc loi virt mi v Fortinet c i ng k s cao cp
nghin cu, update lm vic 24x7
Chi ph u t thp (TCO) v Fortinet tnh license trn thit b (license per box) ch
khng tnh license theo ngi dng (license per user)
Tnh nng Antivirus ca Fortinet c chng nhn bi ICSALab, NSS v 100 Buletin
Intrusion Prevention System (IPS) :
Chc nng IPS ca Fortinet cung cp mt gii php ton din v ngn chn v phng
nga cc hnh thc tn cng vo cc ng dng v d liu quan trng ca doanh nghip,
cc hnh thc tn cng c th l cc cuc tn cng xut pht t bn ngoi v k c bn
trong h thng mng.
Cc tnh nng ni bt :
Kh nng nhn dng trn 7000 hnh thc tn cng & t ng cp nht (push
update) thng qua h thng khong 50 cm server t khp ni trn ton th
gii
Chi ph u t thp (TCO) v Fortinet tnh license trn thit b (license per box)
ch khng tnh license theo ngi dng (license per user)
11
T l pht hin spam cao nht (trn 97,4%) nh cng ngh lc Bayesian,
Heuristics, h tr RBL, ORDB, d tm DNS, lc theo theo t kha hay cm t,
Cung cp cc kh nng phng chng v ngn chn th rc tin tin nht thng
qua i ng k s nghin cu v pht trin ca Fortinet trn ton cu.
Chi ph u t thp (TCO) v Fortinet tnh license trn thit b (license per box)
ch khng tnh license theo ngi dng (license per user)
Ngn chn v kha cc trang web nguy him nh P2P, mo danh, gin ip
Online URL checker : cng c gip ngi dng kim tra mc nguy hi ca
trang Web.
12
Chi ph u t thp (TCO) v Fortinet tnh license trn thit b (license per box)
ch khng tnh license theo ngi dng (license per user)
Data leak prevention: Cho php xc nh hnh dng ca cc d liu nhy cm.
Gim st lu lng mng v ngn chn thng tin nhy cm t h thng mng (chng
hn nh email, HTTP )
Application control: Ngn chn cc mi e da v malware phc tp chng hn nh
Facebook, Skype, IM. Mc khc, gim st v kim sot cc ng dng trn mng bo
mt thng tin nhy cm.
Ngn chn nhiu ng dng m khng s dng ng cc port truyn thng.
Pht hin trn 2000 ng dng ca lu lng mng ci thin kim sot qua truyn
thng mng
WAN Optimization (ti u mng WAN)
Lm tng hiu sut mng bng vic lm gim s lng d liu c truyn qua
mng WAN.
H tr cc dch v nh: CIFS, FTP hoc giao thc HTTP cng nh cc traffic TCP
..
13
c Fortinet cho php s dng th (c update) trong vng 1 thng tnh t ngy
ng k s dng sn phm.
2.1.3.
14
Americas TAC
California
APAC TAC
Japan
EMEA TAC
France
APAC
China
APAC TAC
Malaysia
Fortinet cho ngi s dng c khong thi gian l 365 ngy (tnh t ngy license
c pht hnh) ng k cc license Fortiguard v Forticare vi Fortinet. Nu
qu thi gian l 365 ngy m ngi s dng khng ng k th license s khng
cn hiu lc.
Thi gian tnh license bt u t lc khch hng hon tt thnh cng vic ng
k. Fortinet cng khng tr li thi gian hiu lc ca license trong trng hp
license c ca khch hng ht hn trc thi gian thc hin ng k mi.
2.2.
2.2.1.
Cc thit b firewall vng ngoi vi phi tch hp sn cc tnh nng an ninh mng p
ng cc yu cu gii php nh sau:
Xy dng h thng phng chng virus cho ton h thng mng khi cc my ch
v my trm truy cp ra bn ngoi Internet. V vy, hiu xut qut virus trn
firewall phi t ti thiu trn Mbps
15
Kim sot v ngn chn mt s ng dng (nh Instant Message, P2P, ng dng
download, cc chng trnh remote access ) khi cc users cc b truy cp ra
bn ngoi Internet.
16
2.2.2.
Lp bo v trung tm d liu:
Thit b firewall vng ny phi tch hp sn cc tnh nng an ninh mng p ng nhu
cu gii php nh sau:
17
Gia tng phng chng xm nhp, ngn chn cc loi virus, su worm v cc loi
tn cng vo cc lp ng dng ca trung tm d liu. ng thi, do s lng ln
users cc b v s lng ln cc chi nhnh truy cp vo vng trung tm rt ln
cho nn nng lc x l IPS vo vng trung tm phi t ti thiu ln hn 2Gbps
v c kh nng m rng trong khong t 3 n 5 nm. H thng IPS gm cc
c im nh sau:
18
Da trn thng tin c sn v nhn dng tn cng (Signaturebased): Cc du hiu v tn cng c nhp vo CSDL ca IPS
v cp nht nh k t nh sn xut. Khi IPS nhn thy lung d
liu chy qua Router c du hiu ging vi nhng du hiu tn
cng m n ang c, n s phn ng li bng cch ngt kt ni
ca k tn cng, chn IP ca k v gi cnh bo n nh
qun tr ng thi ghi li ton b qu trnh tn cng iu tra
v sau.
Tnh nng Client Reputation cho php thng k v gim st tng hnh vi
ngi dng, t c c s cch ly cc mi e da nguy hi nghi ng.
Xy dng h thng phng chng virus cho ton h thng mng khi cc my ch
v my trm truy cp ra bn ngoi Internet. V vy, hiu xut qut virus trn
firewall phi t ti thiu trn 900Mbps
19
2.2.3.
20
21