Professional Documents
Culture Documents
Proposol McAfee Firewall Enterprise - V8
Proposol McAfee Firewall Enterprise - V8
Trang - 1
MC LC
I. Nhng thch thc hin nay cho mt h thng tng la...........................................................3 II. Gii thiu McAfee Firewall Enterprise.......................................................................................3 II.1 Tng quan gii php McAfee Firewall Enterprise....................................................................3 II.2 M t k thut ca McAfee Firewall Enterprise.......................................................................4 III. Cc tnh nng chnh ca McAfee Firewall 8.0..........................................................................5 III.1 Nhn dng v iu khin ng dng (Application Identify and control).................................5 III.2 IPSEC VPN..............................................................................................................................5 III.3 Pht hin/ngn chn xm nhp (Instrusion Detection/Prevention System-IDS/IPS).............6 III.4 Cc tnh nng Unified Threat Management (UTM)................................................................8 III.4.1 Anti-virus...........................................................................................................................8 III.4.2 URL Filtering....................................................................................................................8 III.4.3 Files Blocking....................................................................................................................9 III.4.4 Quality of Service (QoS): .................................................................................................9 III.4.5 Xc thc:............................................................................................................................9 III.4.6 DNS...................................................................................................................................9 III.4.7 Lc ni dung cc ng dng m ho (Encrypted content inspection):............................10 III.5 Bo v trc cc tn cng c mc nguy him cao (Attack protection):..........................10 III.6 Global Threat Intelligence:.....................................................................................................10 III.7 Tnh nng mng (Networking):..............................................................................................12 III.8 High Available (HA)..............................................................................................................13 III.9 Bo co v to bo co (monitor and report).........................................................................13 IV. Cu hnh thit b:.......................................................................................................................15 IV.1 Cu hnh phn cng thit b...................................................................................................15 IV.2 Kh nng x l ca cc dng thit b .................................................................15
Trang - 2
Trang - 3
Thit b McAfee Firewall Enterprise hng nm vn lun c ci tin kh nng bo mt, thnh phn quan trng nht ca McAfee Firewall Enterprise l h iu hnh SecureOS. McAfee Firewall Enterprise nhn bng sng ch cng ngh Type Enforcement v l thit b c mc bo v ng dng mm do. Trong nm 2006, McAfee Firewall Enterprise nhn c chng nhn FIPS 140-2 v tip tc dn u trong cc tng la bo v cho ng dng, vi chng ch Common Criteria (CC) EAL4+. II.2 M t k thut ca McAfee Firewall Enterprise McAfee Firewall Enterprise cho php bo v h thng t nhng ngi dng tri php v nhng k tn cng, v bo v ngi dng ni b khi h truy cp Internet. McAfee Firewall Enterprise l thit b c kt hp tt c cc tnh nng bo mt Internet bn trong mt thit b. McAfee Firewall Enterprise phng v chng li tt c cc cuc tn cng ca hacker, malwares nhm vo h thng mng, phng v trc cc tn cng c nhn dng, cha c nhn dng. McAfee Firewall Enterprise a ra nhiu tnh chuyn bit nh sau: Nhn dng v iu khin ng dng (Application Identify and control). Mng ring o vi cng ngh m ho IPSEC (IPSEC VPN). Pht hin/ngn chn xm nhp (Instrusion Detection/Prevention System-IDS/IPS) Phng chng Virus (Anti-virus) Lc web (URL Filtering) File blocking iu khin bng thng (QoS) Xc thc (Authenticate) Lc ni dung cc ng dng m ho SSL (SSL Inspection) Bo v trc cc tn cng c mc nguy him cao (Attack protection) Global Threat Intelligent Tnh nng mng (Networking) High Available Bo co v to bo co (Monitor and report) Trang - 4
Cng (Port)
Categories
Kh nng thc thi (Capabilities) Da vo cc chc nng ph c nhng thm vo trong ng dng. V d: yahoo messenger ngoi ng dng chat cn c th send file hay share photo, . Mc nguy him (Risk) Da vo tc hi ca ng dng gy ra cho doanh nghip. V d: nhng trang web cho share file hay web sex thng tim n rt nhiu spyware.
III.2 IPSEC VPN McAfee Firewall Enterprise tch hp chc nng VPN cng vi m ho IPSEC gip cho cc chi nhnh ca cng ty ti cc a im khc nhau v nhn vin dnh nhiu thi gian lm vic ra khi vn phng c th kt ni vo h thng cng ty mt cch an ton v ngi qun tr c th d dng thit lp cc chnh sch bo mt chung cho cc i tng ny. McAfee Firewall Enterprise h tr VPN c hai mc: Gatway to gateway: McAfee Firewall Enterprise c trin khai ti tt c cc gateway ca cc vn phng v cc cu hnh VPN c thc hin trn cc firewall ny. McAfee Firewall Enterprise Trang - 5
Client to gateway: McAfee Firewall Enterprise c trin khai ti gateway ca vn phng, cc nhn vin t ni khc phi cu hnh trn my ca mnh kt ni v vn phng
III.3 Pht hin/ngn chn xm nhp (Instrusion Detection/Prevention System-IDS/IPS) Chc nng Pht hin/ngn chn xm nhp (Instrusion Detection/Prevention System-IDS/IPS) h tr trn McAfee Firewall Enterprise thc hin gim st cc s kin xy ra trong mt h thng my tnh hoc mng v phn tch chng tm ra cc du hiu ca s xm nhp. Cc du hiu ny c l vic thc hin cc hnh ng bt hp php hoc vt qua nhng c ch bo mt ca my tnh hay ca mng. Cc v xm nhp c th l do k tn cng truy cp vo h thng t Internet, hoc ngi dng hp php mun truy cp vo c quyn m h khng c php vao h thng may chu, v hay ngi dng hp php lm dng c quyn. McAfee Firewall Enterprises IPS da trn c s d liu du hiu nhn bit d tm v phng chng tn cng nhm vo h thng mng. Mt du hiu nhn dang c nhn dng bi 3 yu t: danh mc i tng (Category attribute) va dch v mng (network service) c th b tn cng bi hacker, mc nguy him ca tn cng (Threat level attribute), mc ch tn cng (class type attribute). McAfee Firewall Enterprise Trang - 6
McAfee Firewall Enterprise h tr trn 10.000 du hiu nhn bit tn cng, cac du hiu ngay c cp nht t ng t McAfee. Quan tri co th cu hinh, chinh du hiu va nhom du hiu tn cng, thc thi chinh sach am bao ngn chn hiu qua tn cng n web, khai thac l hng bao mt mang, h iu hanh, worms... Khi pht hin mt tn cng McAfee Firewall s a ra hnh ng phn ng li. McAfee Firewall Enterprise cho php nh ngha hnh ng i vi mt du hiu nhn bit c th da trn mc nguy him v mc ch tn cng ca hacker. Allow no audit: Cho php d liu i qua Firewall v khng thc hin bt k hnh ng no. Allow : Cho php d liu i qua Firewall, kim tra v ghi nhn li lung d liu ny. Hnh ng ny thng dng cho cc lung d liu xut hin bt thng, v b nghi ng l mt cuc tn cng. Drop : Ngt nhng gi tin b nghi ng l tn cng v cho php nhng gi tin ng tin cy i qua. Firewall s ghi nhn s kin ny v khng cnh bo cho ngi gi l c gi tin b bc b. Deny : Tng t nh Drop nhng Firewall s gi thng bo cho ngi gi bit l kt ni ny b ng, ng thi firewall s ghi nhn li s kin ny. Deny no audit: Tng t nh Deny nhng Firewall s khng ghi nhn li s kin ny. Blackhole: Ph nhn tt c lu lng truy cp t cc my c th trong mt thi gian v ghi nhn li s kin ny. Firewall s cnh bo nhng k tn cng. Hnh ng ny c s dng khi chc chn tt c lu lng n t mt a ch l c hi.
McAfee Firewall Enterrpise cho php nh ngha mt nhm cc du hiu nhn bit (group signature) tn cng, mt nhm cc hnh ng tng ng v mc nguy him ca tn cng (response mapping). McAfee Firewall Enterprise IPS c thc thi trn nguyn tc kim sot truy cp (access control rule). Mi nguyn tc kim sot truy cp s dng mt nhom du hiu nhn bit. v mt nhom hanh ng ap tra ng ph vi mt tn cng hay mt lung d liu b nghi ng l mt tn cng. Vic nh ngha nhom du hiu nhn bit v hanh ng ap tra cho chc nng IPS thc thi trn chinh sach gip tng hiu nng ca thit b v trnh vic chn nhm lu lng ch b nghi ng l tn cng. V d v tin trnh thc thi IPS (IPS processing) trn Oracle: Mt tn cng Oracle c pht hin bi mt Oracle access control rule trn firewall. Kim tra chc nng IPS c bt trn Oracle access control rule. Tn cng ny c nhn dng bi signature DB-Oracle trong signature group Database. Firewall kim tra response mapping cho tn cng ny l g v thc thi n.
Trang - 7
III.4 Cc tnh nng Unified Threat Management (UTM) III.4.1 Anti-virus Application Defenses: l cng ngh phng chng virus tt nht c tch hp thm vo cc m dun nhm bo v cho lung mail v lung web. McAfee c nhn gii thng l hng bo mt ng u ngnh cng nghip phng chng virus c thi gian cp nht mu virus nhanh nht, thnh phn phng chng virus cng c tch hp vi thit b McAfee Firewall Enterprise. Gii php phng chng tn cng bo v trc cc nguy c tn cng ca viruses, worms, trojans, spyware, v cc on m c, c nhng vo thit b nhm ngn chn cc nguy c bo mt i vi h thng mng ca doanh nghip III.4.2 URL Filtering Thit b McAfee Firewall Enterprise s dng cng ngh McAfee SmartFilter qun l ni dung v ngi dng truy cp Internet. McAfee SmartFilter c c s d liu cha hng triu a ch URL c phn loi da trn ni dung. McAfee SmartFilter gi chnh sch ti thit b McAfee Firewall Enterprise do vy chnh sch i vi yu cu duyt Web s lun trng thi cho php hoc t chi truy cp.: URL Filtering: McAfee SmartFilter c tch hp trn thit b McAfee Firewall Enterprise v bo v h thng mng khi tn cng ca virus, Trojan, worm c gn km vo trang Web. IM & P2P Filters: ngn chn ngi dng s dng cc phn mm chat, chia s ngang hng (p2p) v cc on m c. Anti-Virus Filters: cung cp kh nng phng chng m c cho tng ng dng nh: viruses, Trojans, spyware, ActiveX. User Authentication: xc thc vi h thng Active Directory, LDAP, Aladdin SafeWord, NT Domain, RADIUS, v SecurID. Java & ActiveX Filters: lc cc on m nh Java applets v ActiveX content
Trang - 8
III.4.3 Files Blocking McAfee Firewall Enterprise cung cp ngn chn cc loi file da trn m MIME ca tng loi file (MIME type), h tr hng trm MIME khc nhau. McAfee Firewall Enterprise phn loi MIME theo cc kiu di y: Application Model Audio Multi-part Chemical Text Image Video Message x-conference III.4.4 Quality of Service (QoS): m bo tc x l lung d liu theo mc u tin khc nhau v tn dng bng thng sn c. QoS gip cho cc cng ty c ng truyn hn ch nhng phi p ng nhu cu quan trng v kinh doanh hoc phi m bo cc kt ni ca h thng. Qun tr c th cu hnh QoS trn mi cng mng ca thit b McAfee Firewall Enterprise v qun tr c th phn loi mc u tin v ng truyn cho tng loi ng dng. III.4.5 Xc thc: McAfee Firewall Enterprise cho php phn quyn truy cp cho ngi dng c nhn hay nhm ngi dng. Ngi dng v cc nhm c th c lu tr trn cc c s d liu: Windows Active Directory, LDAP, RADIUS, hoc chng thc SafeWord. III.4.6 DNS McAfee Firewall Enterprise tch hp thm tnh nng Hosted DNS, khi dch v DNS server s c chy ngay chnh trn thit b, nhm ngn chn cc tn cng vo h thng mng. C th cu hnh hosted DNS theo 2 cch: Hosted Single Server DNS: Mt DNS server c chy (hosted) trn thit b McAfee Firewall Enterprise. Khi thit b s x l tt c cc truy vn DNS. Hosted DNS c bo v McAfee Firewall Enterprise Trang - 9
bi thit b McAfee Firewall Enterprise c cng ha (hardened OS), chng li cc tn cng nhm thm nhp vo h thng mng. Hosted Split Server DNS: Hai DNS Servers c chy (hosted) trn thit b McAfee Firewall Enterprise. Mt server c dng cho bn ngoi (external burb) v mt server c s dng cho bn trong h thng mng (internal burb). C hai server s c bo v bi thit b McAfee Firewall Enterprise c cng ha (hardened OS), chng li cc tn cng nhm thm nhp vo h thng mng. III.4.7 Lc ni dung cc ng dng m ho (Encrypted content inspection): McAfee Firewall Enterprise c th gii m, kim tra, v ti m ha kt ni c m ha cho c lung d liu vo (inbound traffic) v ra (outbound traffic) h thng. McAfee Firewall Enterprise c th kim tra ni dung v thc thi kim sot truy cp vo cc ng dng m ho bng phng thc SSL. V d: ta c th ch cho php HTTPS qua h thng trong khi t chi cc ng dng khc dng SSL m ho. III.5 Bo v trc cc tn cng c mc nguy him cao (Attack protection): Thit b McAfee Firewall Enterprise c kh nng bo v nhiu tng d liu, thit b c tch hp nhiu tnh nng nhm bo h h thng mng trc cc tn cng bit v cha bit. Cc tnh nng bo v bao gm: 1. Network Defenses: McAfee Firewall Enterprise c cu hnh ngn chn mt danh sch ln cc nguy c ti tng lin kt d liu, tng mng v tng vn chuyn trong m hnh OSI. D liu truyn i khng ng vi cc chun giao thc s b ngn chn, lung d liu s c kim tra theo danh sch b mu tn cng c cu hnh. 2. Application Defenses: cung cp kh nng tinh chnh vic bo v ti tng ng dng. Vic cu hnh bo v ti tng ng dng c th c cu hnh thc thi cc chun Request for Comments (RFC) v cc tham s c cho php. Cc tham s c th c cu hnh bao tiu , dng lnh, phin bn, v kch thc ca files. Thm vo , McAfee Firewall Enterprise cung cp cc dch v kim tra bao gm: anti-virus filtering, reputation-based filtering, and URL-based web filtering. McAfee Firewall Enterprise h tr tnh nng Application Defense cho cc giao thc sau: Citrix FTP Generic (required) H.323 HTTP IIOP Mail (Sendmail) (SMTP SIP SNMP SOCKS SSH T120
III.6 Global Threat Intelligence: Global Threat Intelligence l trung tm nghin cu cc mi e da trn Internet ca McAfee, Global Threat Intelligence s dng hng triu server thu thp thng tin t cc a ch IP, tn domain, cc URL c th, cc tp tin, hnh nh v cc tin nhn email thi gian thc. Global Threat Intelligence c McAfee Firewall Enterprise Trang - 10
kh nng pht hin ni gi zombie v cc mi e da mi, bao gm c cc phn mm c hi, khai thc zero-day, cc phn mm to ra th rc v tn cng web.
McAfee Firewall Enterprise s dng d liu t Global Threat Intelligence nhm nng cao kh nng bo mt cho h thng doanh nghip. nh gi mc nguy him ca cc trang web da trn TrustedSource (TrustedSource web reputation): McAfee TrustedSource a thit lp mt b mu tiu chun mi nhm phat hin cc mi e doa mt cach chu ng, nhn din qua hanh vi, signatures, da trn thng tin t Internet va thit bi lu tr. TrustedSource t chi cac kt ni nu c nhn dang la bad senders, nhng trang web bi ly nhim, may chu a bi chim dung tr thanh zombie TrustedSource chn c hn 70% khi lng truy cp khng mong mun ngay tai mang vanh ai, giup tit kim bng thng trong qua trinh x ly.
Trang - 11
Xc nh v tr a l ca kt ni (Geo-Location): Chc nng Geo-Location xc nh v tr a l ca mt a ch IP, gip doanh nghip xy dng cc quy tc kim sot truy cp, c th cho php hoc t chi cc kt ni da vo v tr a l ca cc vng trn ton th gii. V d: ta c cho php ngi dng truy cp vo nhng trang web t USA v cm truy cp vo nhng trang web t Trung Quc.
III.7 Tnh nng mng (Networking): 1. nh tuyn (Routing): McAfee Firewall Enterprise h tr cc giao thc nh tuyn tnh (Static route) v ng (RIP, OSPF, BGP, PIM-SM) cho lung d liu. 2. Tnh nng kt hp cc card mng vo mt nhm (Link Aggregation): Tnh nng Link Aggregation cho php kt hp nhiu card mng li thnh mt nhm nhm tng bng thng v kh nng d phng cho cc kt ni t Firewall n cc thit b mng. McAfee Firewall Enterprise h tr hai hnh thc cu Link Aggregation: a. LACP: Cc card mng s c nhm li thnh mt nhm, bng thng trn nhm s bng tng bng thng ca cc card mng trn nhm , cc traffic s c phn ti u trn tt c cc card mng. V d: Nu ta nhm 3 card mng vo mt nhm (mi card mng c bng thng l 1 Gbps) th Firewall c th truyn d liu vi tc ti a l 3 Gbps.
b. Redundant: Cc card mng s c nhm vo thnh mt nhm nhng ch c mt card mng trng thi hot ng, nu c s c xy ra trn kt ni ca card mng ny th cc card mng khc trong nhm s thay th, nhm m bo cho kt ni trong h thng khng b gin on.
Trang - 12
3. Network Address Translation (NAT) McAfee Firewall Enterprise h tr cc hnh thc NAT: Source NAT Destination NAT (address redirection) Service PAT III.8 High Available (HA) tng kh nng x l v d phng khi c s c xy ra trn thit b. McAfee Firewall Enterprise h tr chc nng s dng cng lc nhiu thit b, HA McAfee Firewall Enterprise h tr hai c ch: Load-Sharing: 2 thit b Firewall Enterprise hot ng song song vi nhau v cng x l d liu chia ti cho nhau. Khi c s c xy ra trn 1 thit b th thit b kia vn hot ng bnh thng. Failover: 2 thit b McAfee Firewall Enterprise chy song song vi nhau nhng ch c 1 thit b x l thng tin v thit b kia trong trng thi sn sng thay th khi thit b chnh c s c xy ra. III.9 Bo co v to bo co (monitor and report) Bo co l mt phn khng th thiu c i vi doanh nghip. Cng c bo co McAfee Firewall Reporter i kem vi thit b McAfee Firewall Enterprise hon ton min ph v a gianh c giai thng trong linh vc quan ly cac s kin an ninh (Security Event Management-SEM) cung cp kha nng gim st tng quan, gi canh bao va tao bao cao. McAfee Firewall Reporter c th hin th y chi tit thng tin ca mt gi tin i qua firewall nh: IP ngun, IP ch, giao thc, port, kiu ng dng, cnh bo cc mi nguy hi, cc hnh thc tn cng,
Trang - 13
McAfee Firewall Reporter d dang tao ra hn 800 mu bao cao hoa thun tin theo doi miu ta lu lng mang theo cc chun: Sarbanes-Oxley (SOX), Payment Card Industry Security Standards (PCI DSS) Council, Gramm-Leach-Bliley Act (GLBA) , Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA).
Trang - 14
IV.2 Kh nng x l ca cc dng thit b Model Firewall performance Stateful Inspection throughput Application Filtering throughput Anti-virus IPSec VPN throughput 410 1 Gbps 750 Mbps 600 Mbps 115 Mbps 200 Mbps 510 2 Gbps 1.5 Gbps 1.2 Gbps 275 Mbps 275 Mbps 1100 6 Gbps 3 Gbps 2.5 Gbps 500 Mbps 300 Mbps 2100 6 Gbps 3 Gbps 2.5 Gbps 500 Mbps 300 Mbps 2150 10 Gbps 5 Gbps 3.5 Gbps 850 Mbps 400 Mbps 2150 VXXX 6 Gbps 5 Gbps 4 Gbps 850 Mbps 400 Mbps 4150 12 Gbps 6.5 Gbps 5 Gbps 1 Gbps 700 Mbps
Trang - 15