Professional Documents
Culture Documents
August. 2013
[0]
Background
[1]
APT Attack
Increase Ransomware
Illegally obtain data
Crash the OS
[2]
DB Security
Firewall
Patch Management
Integrated RMS
Virus Vaccine
Security Printer
Control System
Forensic
[3]
[4]
AND
AND
THEN
BUT
[5]
L7 DPI Platform
[6]
MAC Header
IP Header
TCP/UDP
Payload
Servers
MAC Header
IP Header
TCP/UDP
Payload
Firewall
MAC Header
IP Header
TCP/UDP
Payload
Router
MAC Header
IP Header
TCP/UDP
Payload
Switch
MAC Header
IP Header
TCP/UDP
Payload
[7]
Wire-Speed
Signature
Traffic Management
Traffic Management for all sessions that pass through the devices
Traffic Record
Data (L7) based Real time checking
Header
MAC
MAC
Address
Address
00:06:C4:00:00:01
Data
IP Address
192.168.0.1
TCP Port
80
Layer 3
Layer 4
Layer 2
Packet Contents
Get/image/nroconference.jpg
HTTP/1.1 + DATA
Layer 5~7
Identify
Various Application
Categorize
Per User/Group
Cloud-based
Extra-Firewall
Intelligence
Control/Certify
Multi-Layer
Packet Analyze
[9]
[10]
DPI Platforms
[11]
Consist with PPM(Packet Processing Module) and Application Host based on parallel processing technology
Able to access and analyze data traffic without latency based on wire speed DPI platform
Application Host
Application
Application
OS (Linux)
Hardware
Direct Memory Access Channel
PPM
Network Packet
PPM
[12]
Network Packet
Key Specialty
Platform
Provide 3 kind of Platform for proper line speed
10 / 20 / 80 G 3 different capacity Platform
Application Host
System Environment
Signature Library
Traffic Management
Before Traffic
Recognition
FIO
PPM
Analyze Flow
A. Host
Known Flow
After Traffic
Recognition
Traffic Control By Policy
FIO
PPM
[13]
A. Host
Packet Handler
20N
10S
[14]
10 G GBIC X 8 Port
Physical
Dimensions : 3U
Power : Max 980W (AC/DC )
Weight : 30.4Kg
Operating temperature & humidity : Centigrade 0 ~ 50,
Humidity 5 ~ 95%
Storage
Max 8 x 2 TB Raid(1,3,5,10)
Packet
Processing
Module
Host
Host Memory
Management
&
Provisioning
Network
Redundancy
Latency &
Max flow
Number
Traffic
Management
Signature
Matching
[15]
L7+64PH
[16]
L7+80N
L7+80N
L7+80N
L7+80N
[17]
10G
x
32Port
Technical Specifications
Network
Interface
Physical
Dimensions : 2U
Power : Max 760W (AC/DC )
Weight: 16.8Kg
Operation environment : 0 ~ 50, Humidity 5 ~
95%(None-condensable)
Storage
Max 4 x 2 TB Raid(1,3,5,10)
Packet
Processing
Module
Host
Host Memory
Management &
Provisioning
Network
Redundancy
Traffic
Management
Signature
Matching
Latency &
Max flow
[18]
Technical Specifications
Network
Interface
Physical
Dimensions : 2U
Weight : 9.8Kg
Power : Max 280W (AC/DC )
Storage
Max 2 x 2 TB Raid(1,3,5,10)
Packet
Processing
Module
Host
Host Memory
Management &
Provisioning
Network
Redundancy
Latency &
Max flow
Signature
Matching
[19]
Category
Count
File Transfer
119
17
Messaging
34
AIM Official Client, Google Talk, ICQ Messenger, mIRC, SKYPE, MSN
Messenger
Networking
270
SNS
27
Remote Access
30
Games
103
Streaming Media
37
Adobe Flash Player, Apple Quick Time, FaceTime, RTP, RTSP, Windows
Media Player, Youtube
Web Services
88
Total Count
833+
Protocol
[20]
Category
Protocol
File Transfer
Messaging
Networking
Line, My people
SNS
Remote Access
Crazy Remote
Shopping Mall
Streaming Media
Web Services
Total Count
Me Today, Cyworld
[21]
Daum TV Pot
Service
Handler
HTTP ?
NO
YES
Server -> Device
One way Packet ?
NO
YES
Payload Size
> 1368 Byte ?
NO
YES
Packet Count >
30 ?
NO
pax_pkt_stream_cbfn_rc_e
__user_packet_callback_cbfn(uint8_t* user_ctx,
struct pax_packet_cbf_stanza_s* cbf_stanza,
/*IN*/
struct pax_packet_cbf_stanza_user_ack_s* stanza_ack, /*OUT*/
uint8_t* reserved1,
uint64_t reserved2,
uint64_t reserved3
)
{
struct transports_hdr_port_info_swab_s *l4_hdr_swab = (struct
transports_hdr_port_info_swab_s *)(cbf_stanza->pkt_ptr + cbf_stanza->l4_offset);
if (80 == ntohs(l4_hdr_swab->src_port) || 80 == ntohs(l4_hdr_swab->dst_port) )
{
// Identification is done..
// Indicate UPDATED BAR Id and also cut lose this flow from further callbacks.
stanza_ack->user_bar_id = __g_new_app_idx;
stanza_ack->cbf_disposition = (pax_pkt_strm_cbf_rc_cut_loose_flow_e |
pax_pkt_strm_cbf_rc_service_id_updtd_e );
} else
stanza_ack->user_bar_id = cbf_stanza->bar_id;
}
YES
Recognize as Daum TV Pot
[22]
Programmable Platform
L7+ Packet Handling API
Libpcap API
pax_register_for_packet_stream
(pax_devices_handles_arr[start_index],
NULL, __user_packet_callback_cbfn)
pax_pkt_stream_cbfn_rc_e
__user_packet_callback_cbfn (
uint8_t* user_ctx,
struct pax_packet_cbf_stanza_s* cbf_stanza,
/*IN*/
struct pax_packet_cbf_stanza_user_ack_s* stanza_ack, /*OUT*/
uint8_t* reserved1, uint64_t reserved2, uint64_t reserved3 )
Struct pcap_pkthdr {
struct timeval ts;
bpf_u_int32 caplen;
bpf_u_int32 len;
};
Struct pax_packet_cbf_stanza_s {
unit8_t pkt_ptr ;
unit16_t pkt len ;
unit16_t l3_offset ;
unit16_t l4_offset ;
unit16_t payload_offset ;
unit32_t bar_id ;
unit32_t expression_id ;
/* times stamp */
/* length of portion present */
/* length of packet (off wire) */
[23]
Management Tool
Traffic Management
Traffic Management
Statistics
System
[24]
Box Performance
[25]
850
Signature
Installed
L7+10S
L7+80N
L7+20N
Next Generation leader of Extended Network
Breaking Point
[26]
100
80
60
40
20
0
80
128
256
512
1024
1280
1518
RFC2544 Throughput ( % )
[27]
CPS Summary
[28]
[29]
Category
Service Recognition
Test
Process Flow
Numbers
Simultaneously
New Flow
Per Second
Latency
[30]
Remark
Usages
[31]
Billing Solution
- Billing Per Packet base
- Real Time / Mobile
Business
Platform
System Tracking
Security
Solution
DPI Platforms
Network Performance
Performance
Contents
Security
- L7 Based QoS
- L2~L7 Integrated Management
- Payload based control and Management
[32]
[33]
Mobile Web
PC Web
00
12
23
Personalized
Advertising
[34]
[35]
DPI Guard
DPI Guard
DPI Guard
DPI Guard
Reporting &
Analysis
DPI Guard
NMS
A Network
B Network
[36]
[37]
None Cached
Cached
Contents
DPI Based
Policy Engine
GTP Tunnel
Decryption
Encryption
GPRS Network
[38]
MDM
WiFi AP
Manager
Mobile VPN
Manager
AAA
GPKI
Internal Network
IPSec
Server
Mobile VPN
GW
Subscriber
mOffice
Server
Provide Integrated
Security System
WiFi AP
Manager
New Security
System
Mobile VPN
Manager
AAA
GPKI
Internal Network
Mobile VPN
GW
Subscriber
Next Generation leader of Extended Network
[39]
IPSec
Server
DPI
System
mOffice
Server
Thank you
Next Generation leader of Extended Network
[40]