Part 1. Network security (UTM firewall router), next-generation firewall (NGFW), SSL firewall and NFV.
Hello, I'm security defender PR.
Before we begin, this firewall episode consists of two episodes.
The first one is for beginners, and the purpose is to unify the information and terminology of the firewall.
The second installment is a mid-level security guard who will talk about the future direction of firewall development.
You can see. you can control
All the security guys who are looking at this article can see and control the issues that arise with the security equipment.
What's the basic device for network security?" And you'll be the first to post a firewall (UTM).
That's how important it is and a firewall is essential to protect my PC and server.
If you're interested in security, there's probably a host firewall in the form of software that Windows provides.
These days, the router's performance has improved, and it also includes firewall capabilities, so there are some cases where the router replaces the firewall.
But today I'm going to talk about the features and configurations of the equipment I've covered under the theme of commercialized network firewalls (UTM) and tell you how additional security tips can help you improve your firewall utilization.
Then I'll run fast.
In the greeting, the firewall (UTM) is the basic equipment for network security.
I think it's faster to talk about it while looking at the network diagram.
This configuration is a simple one for our office.
Internet network on top of top, firewall on top, PC and printer on backbone switch, internal network and internal network below
There are VoIP (Internet) phones, etc.
The DMZ Zone on the right is a web firewall, switches, servers... We have web servers, DB servers, business servers, etc.
Firewall configuration is in L3 routing mode.
The internal and DMZ networks communicate using firewalls as gateways.
Note that the most commonly used configurations in firewall configurations are TP mode and L3 mode.
TP mode stands for "Trans Parent" and is also known as transparent mode and operates with L2.
That means the firewall is not routing.
L2 and L3 are two-tier datalinks (Datalog) and three-tier networks (Network) in the OSI layer 7 of the network.
In addition, there are redundant HA configurations, active-standby / active-active configurations, and bypass configurations, but today we're just going to start with L3.
I'm comparing firewalls to gateways.
A system that authorizes or blocks access by security policies when an enterprise or individual's IT assets are accessed from the outside or from the inside to the outside, such as a gate.
It is used to protect information resources from hacking attacks and to control external systems to be accessed by internal users.
It's not that difficult, is it?
It's a very simple device. Open and close and what? To explain the Internet traffic, or the network protocol, if I explain the OSI 7 Layer (layer 7), TCP/IP 4 Layer (layer 4), Transport TCP, UDP, ECN, and DCCP, you might want to say "Fill in explanation" and turn it off, so we'll deal with it in the next network time.
It's just a protocol for network communication.
You need to be aware of the important ports on the list of TCP/UDP ports to get back to your confused mind and get out of this novice security guard.
There are 0 to 65535, and the typical ports used are FTP 20,21, SSH, TELENET 23, SMTP 25, DNS 53, HTTP 80,88, and POP3 110.
When you apply the firewall policy, you naturally memorize frequently used ports.
Here's a security tip!!!
You can change the typical port from dynamic port interval 49152 to 65535, as shown in the table above, to prevent external scans from inferring open ports even if you know them.
For example, you typically use FTP 20 or 21, but you change it to 60000, so you can avoid auto-scan attacks outside through FTP vulnerabilities to some extent.
Number 0 to 1023: Well-known port
Number 1024 to 49151: Registered port
Number 49152 to 65535 : Dynamic port
Security Tip Second!!!
Make sure to set the Outgoing policy. Outgoing security policy from inside to outside.
Why is this important?
When I'm a security engineer, it's not difficult to set an outgoing policy.
But it's very annoying.
So they just open up the ALL.
Why? It takes a lot of time, and it's really tiring to check the traffic going out from the inside and open it one by one.
I don't know what kind of port they're using, and I don't want the inside staff or the boss to blame me for nothin' about it.
So I just open them all up.
However, the internal PC is zombieized by APT attacks, viruses, and so on, so there is a very strong preventive effect when you try to leak information to the outside or communicate with an external C&C server.
Although there are slight differences among equipment manufacturers, security policies are applied in the order that traffic is numbered from top to bottom in a TOP-DOWN manner.
If the firewall you're using in your office is the last policy, ANY ANY Close, and the policy right up there is the Outgoing policy, and if it's open to ALL, you need to dump traffic and block it one by one.
It's very annoying, but... The company I love and my personal information is precious.
I highly recommend it.
We're done with one. "firewall"
Second, firewall (UTM). Did you notice that I use the same term?
UTM is an integrated device that combines multiple security features with a single hardware.
Key features include firewall, VPN, IPS, Anti-DDoS, web filtering, Anti-Virus, and spam blocking.
In recent years, the security market is finding it hard to find products that use only firewall features.
UTM has dealt with the firewall market, and existing firewall manufacturers have added UTM capabilities.
Usually, you add VPN to the firewall feature, but you also use IPS or Qos at the same time.
It's because each manufacturer has its pros and cons and its performance impact is huge.
Usually, foreign-made equipment performs well and domestic-made equipment lacks function.
But as we move on to the next-generation firewall market, those words have all become obsolete.
UTM's Good and Bad theorem
Advantages Multiple functions can be handled in one piece of equipment and network configuration can be simplified.
There may be a disadvantageous performance issue and the purchase of licenses by the required functions may increase costs.
Lastly, let's cheer up a bit more.
Next generation firewall.
The next generation of firewalls looks like they have a name and they look expensive, right?
Yes. It was the last one to come to the market and as you expected, it has many functions.
And it's expensive.
This is how the equipment develops.
Firewall → UTM → NGFW (next-generation firewall)
Why did the New Generation Firewall come out?
Attacks have always evolved rapidly, but security equipment has not evolved at all.
Shall we come back around?
Do you only sit on a PC at work these days?
Companies and users are doing their jobs anywhere through mobile or tablet devices and in an efficient environment by deploying critical corporate business systems or ERP groupware in the mainstream cloud.
Here, traditional firewalls and UTMs hit their limits.
It's called Generation One, and the packet filter firewall is in the mid-1980s.
Typically included in Router, it controls and blocks ports per IP, and the user's traffic has evolved into applications, but the firewall remains the same.
UTM added a variety of security needs and was able to handle a variety of functions due to the evolution of hardware, but it faced the limits of performance issues just by raising firewalls + IPS + VPN.
The next generation of firewalls is a product that improves both of the above issues.
First, improve performance issues for UTM equipment.
Second is the product that adds application control.
We designed independent CPU and memory according to the functions needed to improve performance, and we can control the user's ID and password for L7 applications.
You have a lot of questions about the next generation of firewalls from companies that use firewalls or UTMs, including instant messaging, SNS, mail sending/receiving, web filtering, and APT defense.
Typical products include Paloalto, Fortinet, Checkpoint, and domestic products include Secure Eye, Ahnlab, Xgate, and Hansol Nexge.
More recently, APT adds detection blocking with blue coats, SMT, FireEye, and more that provide cloud-based information.
We're also expanding our defenses against advanced threat attacks.