DOCSLIB.ORG

Deep Edge 2.5 Service Pack 2 Administrator's Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Deep Edge 2.5 Service Pack 2 Administrator's Guide Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/home.aspx © 2014 Trend Micro Incorporated. All Rights Reserved.Trend Micro, the Trend Micro t-ball logo, Trend Micro Antivirus, Deep Discovery, TrendLabs, TrendEdge, and Smart Protection Network are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Document Part No.: CTEM26692_140930 Release Date: November 2014 Protected by U.S. Patent No.: Patents pending. This documentation introduces the main features of the product and/or provides installation instructions for a production environment. Read through the documentation before installing or using the product. Detailed information about how to use specific features within the product may be available in the Trend Micro Online Help and/or the Trend Micro Knowledge Base at the Trend Micro website. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at [email protected]. Evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Table of Contents About This Manual About This Manual ........................................................................................... ix Deep Edge Documentation .............................................................................. x Audience ............................................................................................................. xi Document Conventions ................................................................................... xi About Trend Micro .......................................................................................... xii Chapter 1: Deep Edge Next Generation Firewall Deep Edge Overview ..................................................................................... 1-2 What's New ..................................................................................................... 1-2 Main Features .................................................................................................. 1-9 Security Protection ................................................................................. 1-9 Operations Control .............................................................................. 1-10 Visibility and Monitoring .................................................................... 1-10 Network Connectivity ......................................................................... 1-11 Chapter 2: Getting Started Logging on to the Web Console .................................................................. 2-2 Accessing the Setup Wizard .......................................................................... 2-2 Changing the Deep Edge System Password ............................................... 2-3 Configuration Overview ................................................................................ 2-4 Summary of Operations ................................................................................ 2-5 Chapter 3: Processing and Identifying Traffic Network Traffic Overview ............................................................................ 3-2 Interfaces .......................................................................................................... 3-2 Editing Network Interfaces .................................................................. 3-2 i Deep Edge Administrator's Guide Monitoring Hosts ................................................................................... 3-5 Interface Bandwidth Settings ................................................................ 3-5 About VLANs ........................................................................................ 3-5 DNS .................................................................................................................. 3-7 DNS Best Practice Suggestions ............................................................ 3-7 Configuring DNS Settings .................................................................... 3-8 Addresses ......................................................................................................... 3-8 About Addresses and Address Objects .............................................. 3-9 Address Object Parameters .................................................................. 3-9 Adding Address Objects ..................................................................... 3-10 Configuring Address Objects ............................................................. 3-11 Viewing Address Objects .................................................................... 3-11 Deleting Address Objects ................................................................... 3-11 Deployment Settings .................................................................................... 3-12 About Deployment Modes ................................................................. 3-12 Bridging Interfaces ....................................................................................... 3-20 Important Notes About Bridging Interfaces ................................... 3-20 Adding a Bridge .................................................................................... 3-21 Removing a Network Bridge .............................................................. 3-23 Routing Traffic .............................................................................................. 3-25 About Static Routes ............................................................................. 3-25 About Policy-based Route Management .......................................... 3-28 About Dynamic Route Management ................................................ 3-31 Network Address Translation (NAT) ....................................................... 3-45 NAT Rules ............................................................................................ 3-46 Services ........................................................................................................... 3-50 About DNS Forwarding ..................................................................... 3-50 About DHCP ........................................................................................ 3-51 About Dynamic DNS .......................................................................... 3-54 Virtual Private Network .............................................................................. 3-58 User VPN .............................................................................................. 3-58 Secure Socket Layer Virtual Private Network ................................. 3-62 Mobile VPN .......................................................................................... 3-79 Customizing the VPN Portal ........................................................... 3-103 ii Table of Contents Site-to-Site VPN ......................................................................................... 3-104 IPsec Connections ............................................................................. 3-104 Site-to-site VPN Policies ................................................................... 3-107 Advanced IPsec Configuration ........................................................ 3-110 IPSec Status ......................................................................................... 3-111 IPsec Troubleshooting ...................................................................... 3-111 Chapter 4: Policies, Objects, and Security About Policies ................................................................................................. 4-2 How Firewall Policies Work ................................................................. 4-2 About Policy Rules ................................................................................. 4-2 About Policy Objects ................................................................................... 4-10 About Addresses and Address Objects ............................................ 4-11 About Zones and Zone Objects ........................................................ 4-11 About Services and Service Objects .................................................. 4-13 About Applications and Application Objects .................................. 4-15 About URL Category Objects ............................................................ 4-17 About Schedules and Schedule Objects ........................................... 4-29 About Action Profiles .......................................................................... 4-30 About Security Settings ............................................................................... 4-34 Network Intrusion Protection ............................................................ 4-35 IPS Security ........................................................................................... 4-36 Anti-Malware Security ......................................................................... 4-38 Anti-Spam Security .............................................................................. 4-47 WRS Profiles ........................................................................................
Load more

Recommended publications
  • Avoiding Network and Host Detection Using Packet Bit-Masking
    Avoiding Network and Host Detection using Packet Bit-masking George Stergiopoulos a, Eirini Lygerou, Nikolaos Tsalis, Dimitris Tomaras and Dimitris Gritzalis Information Security & Critical Infrastructure Protection Laboratory, Department of Informatics, Athens University of Economics & Business, 76 Patission Ave., Athens GR-10434, Greece Keywords: Network Security, Detection, Attack, Evasion, Intrusion Detection, Host, Siem, Malware, TCP, Packet, Transport, Layer, Payload, Shell, Data Leakage, DLP. Abstract: Current host and network intrusion detection and prevention systems mainly use deep packet inspection, sig- nature analysis and behavior analytics on traffic and relevant software to detect and prevent malicious activity. Solutions are applied on both system and network level. We present an evasion attack to remotely control a shell and/or exfiltrate sensitive data that manages to avoid most popular host and network intrusion techniques. The idea is to use legitimate traffic and victim-generated packets that belong to different contexts and reuse it to communicate malicious content without tampering their payload or other information (except destination IP). We name the technique “bit-masking”. The attack seems able to exfiltrate any amount of data and execution time does not seem to affect detection rates. For proof, we develop the “Leaky-Faucet” software that allows us to (i) remotely control a reverse shell and (ii) transfer data unnoticed. The validation scope for the presented attack includes evading 5 popular NIDS, 8 of the most popular integrated end-point protection solutions and a Data Leakage Prevention system (DLP); both on the network and host session level. We present three different variations of the attack able to transfer (i) shell commands, (ii) large chunks of data, and (iii) malicious code to a remote command and control (CnC) center.
    [Show full text]
  • Network Security Firewalls & Vpns
    CS 419: Computer Security Week 11: Network Security Firewalls & VPNs © 2020 Paul Krzyzanowski. No part of this Paul Krzyzanowski content, may be reproduced or reposted in whole or in part in any manner without the permission of the copyright owner. Network Security Goals • Confidentiality: sensitive data & systems not accessible • Integrity: data not modified during transmission • Availability: systems should remain accessible Gateway Router Internal subnet Internet Dragon artwork by Jim Nelson. © 2012 Paizo Publishing, LLC. Used with permission. November 17, 2020 CS 419 © 2020 Paul Krzyzanowski 2 Firewalls November 17, 2020 CS 419 © 2020 Paul Krzyzanowski 3 Firewall • Separate your local network from the Internet – Protect the border between trusted internal networks and the untrusted Internet • Approaches – Packet filters – Application proxies – Intrusion detection / intrusion protection systems November 17, 2020 CS 419 © 2020 Paul Krzyzanowski 4 Packet Filters November 17, 2020 CS 419 © 2020 Paul Krzyzanowski 5 Screening router Border router (gateway router) – Router between the internal network(s) and external network(s) – Any traffic between internal & external networks passes through the border router Instead of just routing the packet, decide whether to route it • Screening router = Packet filter Allow or deny packets based on – Incoming & outgoing interfaces – Source & destination IP addresses – Protocol (e.g., TCP, UDP, ICMP, IGMP, RSVP, etc.) – Source & destination TCP/UDP ports, ICMP command November 17, 2020 CS 419 © 2020 Paul
    [Show full text]
  • About the Barracuda Nextgen Firewall F-Series
    Firewalls in the Cloud - Microsoft Azure White Paper Barracuda • Firewalls in the Cloud - Microsoft Azure 2 Introduction A packet-inspection firewall is necessary for securing a data center’s network perimeter. At a minimum, it helps block basic IP-level attacks, port-scanning, and other Layer 3 - 4 threats. But as network services have evolved, so too has the complexity of attacks upon them, quickly defeating mere circuit, or even transport-layer protection. More recently, application-layer firewalls have played a critical role in blocking many new and advanced security threats, and are widely seen as a “must-have” for security-conscious organizations that handle application traffic at their network edge. However, the growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach - into data centers not owned by your corporate IT group. Now, we will look at the requirements for cloud application security, and how a new category of threat defense - the cloud firewall - can deliver all of the benefits of traditional network security in a virtualized form-factor. This whitepaper covers following: “Security Challenges” (page 3) “Cloud Security Requirements” (page 3) “Microsoft Azure Native Network Security” (page 4) “Workload Security Gaps” (page 5) “The Next-Generation Firewall” (page 6) “Application Firewalls in the Cloud” (page 7) “Deployment Scenarios” (page 8) “Summary” (page 12) Barracuda • Firewalls in the Cloud - Microsoft Azure 3 Security Challenges The idea of virtual security appliances is not new; they have existed on Windows platforms for more than five years, providing deep content inspection and advanced security in a more portable and easily-deployed format.
    [Show full text]
  • Deep Packet Inspection (DPI) – Look Beyond Layer 3 & 4 Headers – Need to Know Something About Application Protocols & Formats
    Computer Security 12.Network Security: Conversation Isolation VPNs & TLS Firewalls Paul Krzyzanowski Rutgers University Fall 2019 November 20, 2019 CS 419 © 2019 Paul Krzyzanowski 1 Network Layer Conversation Isolation: Virtual Private Networks (VPNs) November 20, 2019 CS 419 © 2019 Paul Krzyzanowski 2 Fundamental Layer 2 & 3 Problems • IP relies on store-and-forward networking – Network data passes through untrusted hosts – Routes may be altered to pass data through malicious hosts • Packets can be sniffed (and new forged packets injected) • Ethernet, IP, TCP & UDP – All designed with no authentication or integrity mechanisms – No source authentication on IP packets – they might be forged – TCP session state can be examined or guessed … … and then TCP sessions can be hijacked – Man-in-the-middle attacks are possible • ARP, DHCP, DNS protocols – Can be spoofed to redirect traffic to malicious hosts • Internet route advertisement protocols are not secure – Can redirect traffic to malicious routers/hosts November 20, 2019 CS 419 © 2019 Paul Krzyzanowski 3 Solution: Use private networks Connect multiple geographically-separated private subnetworks together 192.168.1.0/24 192.168.2.0/24 Gateway Gateway Router Router Private network line Internal subnet Internal subnet But this is expensive … and not feasible in many cases (e.g., cloud servers) November 20, 2019 CS 419 © 2019 Paul Krzyzanowski 4 What’s a tunnel? Tunnel = Packet encapsulation Treat an entire IP datagram as payload on the public network 192.168.1.0/24 192.168.2.0/24 Internet
    [Show full text]
  • Check Point Software Technologies, Inc
    FireWall-1_GX.book Page 1 Tuesday, March 27, 2007 10:03 AM FireWall-1 GX Administration Guide Version 4.0 October 2006 FireWall-1_GX.book Page 2 Tuesday, March 27, 2007 10:03 AM FireWall-1_GX.book Page 3 Tuesday, March 27, 2007 10:03 AM © 2003-2006 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC,
    [Show full text]