Multi-Function Firewall 2nd Edition

Multi-Function Firewall 2nd Edition

1. Security Trends

2. About SECUI MF2

3. Special Advantages of SECUI MF2 4. SECUI MF2 Series

Security Trend
- Appearance of New Security Threats
- Change of Security Related External Environment - Appearance of Next Generation Firewall

Appearance of New Security Threats Different from the Past

1. Security Trend

The appearance of new attack types using the limitations of existing UTM

Application
http(80)

Service Vulnerability

Malicious Code Inflow

https(443)
Zombie PC/DDoS

Leak of Internal Info

Leak of Personal Info Web Vulnerability Attack

SECUI.COM

Change of External Environment Related to Security

1. Security Trend

Establishment of Regulations Related to Spread of Mobile Devices and Information Protection

Web/Application security risk Extended spread of mobile devices Extended network bandwidth
Establishment and effectuation of Personal Information Protection Act
IPv4 depletion & suspension of assignment Application Traffic Control

Increased Demand of High Performance Devices

Started Supplying IPv6

Mandatory Protection of Personal Info

SECUI.COM

Appearance of Next Generation Firewall

1. Security Trend

Appearance of Next Generation Firewall to cope with changing security threats

Functional Factors of Next Generation Firewall (NGFW)

UTM (Multi Function Firewall)

Next-Generation Firewall

SECUI.COM

About SECUI MF2

- SECUI MF2
- SM DPI - SC FDE

Multi-Function Firewall 2nd Edition

2. About SECUI MF2

The next generation security product that has implemented the idea of Next-Generation Firewall

11 07 03 01

NGFW
40G

SECUI MF2 Series (NG Firewall)

UTM
4G, 17G
Appliance 2G Software 1G

SECUI NXG Series , eXshield

(UTM, Multi Function Firewall)

NXG Series (Firewall, VPN)

secuiWall (Firewall)
8

SECUI.COM

SM DPI

(SECUI Multi-stage Deep Packet Inspection)

2. About SECUI MF2

Blocks external attacks, prevents inflow of malicious codes, detects zombies while providing identification and control functions of various applications through precise Deep Packet Inspection on multistage (multilayer)

IPS/DDoS
- Full support of PCRE signature & Option - Separate assignment of profile on virtual domain - Applying the engine of exclusive Anti-DDoS device

Application Control
- Control on internet application - Multistage Application Control engine - Control of action with User ID by application

Anti-Virus/Spam
- File-based of high detection rate - Stream-based method more than 10 times faster than the File-based (Able to check
unlimited size of files)

Policy

Virtual Domain

IPS/DDoS

Application Control

Anti-Virus/Spam

DATA

HEADER

SECUI.COM

SC FDE

(SECUI Clustering-based Flow Distribution Engine)

2. About SECUI MF2

An integrated security platform implemented with 64 Bit SecuiOSTM and high performance Multi-Core The latest hardware architecture combining Symmetrical Multi-Processing (SMP) and clustering technology Applying load distribution processing technology which uses multi cores effectively to handle without lowering of network speed

Balancer (Core Resource Flow)

Resource Checker
NIC

Multi Core CPU

Core
Thread Thread

FULL

NIC

Input
NIC

Core

Thread Thread

Output

Core
NIC NIC NIC

Thread Thread

Core Core Core Core

SECUI MF2 session distribution processing technology implementing optimum performance to multi core

Special Advantages of SECUI MF2

- Overview - Application Control - VPN
(IPsec / SSL / Mobile)

- Anti - Virus - Anti - Spam - SMART HA

- IPS & DDoS - Web Filter

- Web Server Protection

- SMART NAT

( Policy Based NAT )

- Improved Convenience of Policy Management

Special Advantages of SECUI MF2

Firewall

3. Special Advantages of SECUI MF2

Application Control
Web Server Protection Harmful Site Block Anonymizer Site Block

VPN
- IPSec VPN - SSL VPN (Clientless) - Mobile VPN

SMART HA, By-Pass IPS & DDoS Anti-Virus Anti-Spam - RBL (Real-time Blocking List) Support LACP, LLCF Multicast (PIM-SM, IGMP) RIP, OSPF, BGP

SMART NAT (Policy Based)

PBR (Policy Based Routing) 12

SECUI.COM

Application Control
Mounted with multistage Application Control engine through protocol analysis

3. Special Advantages of SECUI MF2

Provides control feature on various internet applications using http/https from the development of web technology - Action control with User ID by application regardless of user movement or IP change

SOURCE
HR Team Support Dept

DESTINATION

Application Security
HR Team_Web Mail Attachment Support Dept_P2P Control Development Team_1

Action

Category

Application

Exception IP

Exception User

Message

File

Detect Detect Detect Detect Detect Detect Block Detect Detect Detect Detect

Detect Detect Detect Detect Block Detect Detect Detect Detect Block Detect

13

SECUI.COM

VPN

(IPSec / SSL / Mobile)

3. Special Advantages of SECUI MF2

Supports both international standard certification protocol and encryption algorithm, fully supports IPSec, SSL and Mobile VPN Improved line management function: Automatic speed check, solves line failure, load distribution by line speed Multi-Tunnel, Bonding and Load balancing functions for effective usage of xDSL multi-line

<Setting Access by User>

SSL VPN Supported Browser

ERP Server

USB Client

Web Server 2 ERP Server

SSL VPN

Intranet Web Server 1

Web Server 1 & 2, ERP Server Mobile SSL VPN support OS

Mobile SSL VPN Web based ERP Server IPSec VPN Intranet Web Server 2

SSL/Mobile scheduled for first half of 2012

14

SECUI.COM

IPS & DDoS

PCRE(Perl Compatible Regular Expression) signature and option

3. Special Advantages of SECUI MF2

Fully supports NCSC(National Cyber Security Center), ECSC(Education Cyber Security Center), Separate assignment of protection profile on virtual protection domain, flexible application of security policy Powerful Anti-DDoS feature (Applying the engine of exclusive Anti-DDoS device) Provides internal zombie PC monitoring and block feature

Virtual Domain (B)

N/W

IP Address

Virtual Domain (A)

N/W

TCP Stream Flooding Block

Client Port Anti Spoofing

To Server Packet SCAN Protection

IP Address

- Establishing individual security policy using Virtual Domain

Zombie PC

- Internal zombie PC detection and network block

A Network

B Network

15

SECUI.COM

Web Filter
Improved URL Filter Feature

3. Special Advantages of SECUI MF2

- Prevention of detour through IP address input (Auto update of IP address on URL) - Precise block that has extended checked area with URI field without just checking URL - The function to prepare and set up various warning pages by profile

Block of detoured access HTTP request using Anonymizer website (Auto update of Proxy server list)

Anonymizer Servers

Attempts Proxy server access to access a shopping mall http://28.135.57.2

Blocks detoured access of illegal website

Anonymizer Server List Update

Blocks direct access of illegal website

www.proxyserver.com

Internet

http://www.casino.com

Update Servers

16

SECUI.COM

Web Server Protection

Command injection block, SQL injection block and XSS injection block features

3. Special Advantages of SECUI MF2

Ban pattern block, Block of extension within URL (malicious code risks such as exe, dll or bat) Detects/blocks web robots gathering contents for indexing of search engine by periodic visits to website

Attacker
SQL Injection XSS Injection Command Line Injection

SQL
User

XSS
Web Server

Command

17

SECUI.COM

Anti-Virus

3. Special Advantages of SECUI MF2

Uses both Stream-based method of fast search speed or File-based method of high detection rate - Used by selecting Stream-based or File-based depending on the environment - File-Based : Able to select 2 types of virus engines (high detection rate) - Stream-Based: More than 10 times faster than the File-Based method (unlimited file size) Prevents unnecessary waste of system resources by setting file extensions and names as exceptions

Anti-Virus File-Based

Anti-Virus Stream-Based

Input

Output

Input

Output

Buffer (File)

Scan (File)

Deliver (File)

Full Anti-Virus DB

Buffer

Scan Deliver (Packet)

Most Recently DB

Latency

Time

Latency
18

Time

SECUI.COM

Anti-Spam
Supports multi-language keyword filter with Global Anti-Spam solution
- Able to apply title, body and regular expression

3. Special Advantages of SECUI MF2

Automatically checks whether sender domain is the actual domain through DNS Query Supports RBL (Real time Blocking List) function - RBL cache function support (using firewall black list) Blocks non-allowed commands, allow/deny e-mail address, external spam detection server management

Malicious Mail Normal Mail

Mail Relay block

Spam Mail

Session Limit per mail sender Block keyword list RBL Non-allowed command block Mail size limit 19

Receives only normal mails

Mail-Server

SECUI.COM

SMART HA

(High Availability)

3. Special Advantages of SECUI MF2

Provides Advanced HA enabling combined usage of Router and Bridge modes Raises availability of Port with HA Port Bonding function Fast and convenient device extension with Plug-in

Supports safe replacement without influence of service with Hot Swap during HA member failure
Router Mode Bridge Mode
L3
New Extension Plug-in Method
Hot Swap Replacement

Failure Replacement Device

External Network

External Network

MAX 16 Units

Occurrence of Failure DMZ Network

Internal Network

Internal Network
L3

HA L2 switch for HA

20

SECUI.COM

SMART NAT

(Policy Based NAT)

3. Special Advantages of SECUI MF2

Securing flexibility of network configuration through PB NAT (Policy Based NAT) feature Able to use NAT policy by as many as the number of policies Can be simply implemented on all NAT of various types including 1:1, 1:M, N:M or 1:N

www.secu.com (2.2.2.101)

Client

Web server
(1.1.1.1)

External
21

Internal

SECUI.COM

Improved Convenience of Policy Management

Provides convenience of managing related policies through policy grouping Maximizes convenience by adding Drag & Drop feature

3. Special Advantages of SECUI MF2

Prevents unnecessary waste of policy resources by improving unused, non-referenced object/policy search feature

Firewall Policy Settings X

Basic Search

Advanced Search

Advanced Search only provides the search results on applied policies Policies being edited are not included in the search target
Check applied policies Inflow Zone
Internal Network

Protocol Port Port Non-referred days

Notice
Do you wish to move? Yes No

Source IP Destination IP

Search non-referred policies

Search

Object Search
NO. Policy ID

Even more convenient Policy Editing feature using policy Drag & Drop

Effective use of resources with unused object / policy search feature

22
SECUI.COM

SECUI MF2 Series

- SECUI CA
- Line up - Spec - Certificates (National Cyber Security Center CC, IPv6, TTA)

SECUI CA

(Central Analyzer)

4. SECUI MF2 Series

Provides a separate program which conveniently gathers the log of small devices to administrator PC Monitors Dashboard, Top10 info and trend graph, etc. real-time from the administrator PC Able to view detailed logs with convenient conditional search on all logs

Provides perfect security audit and customer support Report as a form of CSV(excel) file
System Info User Option Screen (Security Log, Top10 Log) (CPU, Memory, HDD)

Syslog Transmissio

Traffic Trend graph

(By Action and Protocol)
Console PC 24

SECUI.COM

SECUI CA

(3D dashboard)

4. SECUI MF2 Series

Provides 3D Visualized Dashboard and Log Viewer for intuitive monitoring and security control Visualizes traffic based on traffic and session information of source and destination IP

Monitoring by sorting according to the direction of traffic by the classification of All, Input and Output

1. All 2. In 3. Out Out In

1. Expresses IP and Port as sphere 2. Size of sphere and thickness of line depending on the amount of traffic
25
SECUI.COM

Line Up

4. SECUI MF2 Series

MF2 6000

MF2 3000

Performance

MF2 1000 MF2 500 MF2 100

MF2 2000

Firewall Max

500Mbps

Firewall Max

2Gbps Firewall Max 4Gbps

Firewall Max 10Gbps Firewall Max 20Gbps (10G Interface)

Firewall Max 40Gbps (10G Interface)

Small Scale Network

Medium Scale Network

Large Scale Network

26

SECUI.COM

Specification

4. SECUI MF2 Series

SECUI MF2 100 Chassis HDD 1G Copper (bypass) 1G Fiber 10G Fiber 4 Ports(2) -

SECUI MF2 500

SECUI MF2 1000

SECUI MF2 2000

SECUI MF2 3000

SECUI MF2 6000

250GB 6 Ports(2) -

500GB 6 Ports(4) 2 Ports -

1TB 8 Ports(8) 8 Ports -

2TB 8 Ports(8) 4 Ports 4 Ports

2TB 8 Ports(8) option 8 Ports

H/W

Power Supply
Performance

Single

Single

Single

Dual

Dual

Dual

Firewall Max

500Mbps

2 Gbps

4 Gbps

10 Gbps

20 Gbps

40 Gbps

1G Fiber ByPass Expansion Modules 10G Fiber ByPass

2-port 1G Fiber ByPass Module (MF2 2000, 3000, 6000) 2-port 10G Fiber ByPass Module (MF2 3000, 6000)

27

SECUI.COM

Certificates
CC, IPv6, TTA)

(National Cyber Security Center

4. SECUI MF2 Series

Certificate No. NISS-0342-2011 Model Name SECUI MF2 V1.0

Logo ID 02-C-000648 Version SecuiOS V2.0(64bit) Scope of Certificate IPv6 Router

Certificate No. TTA-V-N-11-058, 059, 060 Model Name SECUI MF2 100, 6000, 1000

Scope of Certificate FW+VPN(EAL4)

Scope of Certificate IPv6 Router Core Suitability and Interoperability

28

SECUI.COM