Защита электронной почты и Web трафика при помощи Iron Port

W e b
Iro n P o rt
p a a n to n o @ c is c o .c o m
Iro n P o rt E S A
2 0 0 6 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d .
C is c o C o n fid e n tia l
1/53
IronPort E-m a i l S e c u ri ty A p p l i a nc e IronPort W EB S e c u ri ty A p p l i a nc e
Iro n P o rt E S A
2/53
Ir o n P o r t S e c u r ity A p p lia n c e s
Internet
Ir o n P o r t S e n d e rB a s e
Security A p p l ia n ce
EMAIL
Security A p p l ia n ce
W EB
Security M A N A G E M E N T A p p l ia n ce
Iro n P o rt E S A
3/53
I r o n P o r t E-m a i l S e c u r ity A p p lia n c e
Iro n P o rt E S A
4/53
Ir o n P o r t E S A ?
I r o n P o r t
In t e r n e t
I r o n P o r t
In t e r n e t
F ir e w a ll MT As A n t i -S p a m A n t i -V i r u s P o lic y E n f o r c e m e n t M a il R o u t in g G ro u p w a re
F ir e w a ll
Iro nP o rt E m a i l S ec u ri ty A p p l i a nc e
G ro u p w a re
U s e rs
Iro n P o rt E S A 2 0 0 6 C is c o S y s te m s , In c . A ll r ig h ts r e s e r v e d . C is c o C o n fid e n tia l
U s e rs 5/53
I R O N P O R T A S Y N C O S E M A I L
X 1 000 1
C6 00 5 000 e-m a i l
C3 00 1 000 5 000 e-m a i l
C1 00 1 000 e-m a i l
Iro n P o rt E S A
6/53
Ir o n P o r t A s y n c O S

A s y nc O S ,

7/53
Ir o n P o r t A s y n c O S
I r o n P o r t E m a il S e c u r it y A p p lia n c e
2 0 0
/ D o S
/ C o n n e c tio n s
1 0 ,0 0 0
B a c k u p -
Iro n P o rt E S A
8/53

V i r t u a l G a t e w a y ?
163.24.127.3
Internet
163.24.127.3
Internet
163.24.127.4 163.24.127.5
T L S
(r a t e l i m i t )
I P
Iro n P o rt
9/53
Iro n P o rt E S A

L D A P L D A P - , A c t i v e D i r e c t o r y D N S D N S - L o 8 0 2 . 1 Q V L A N o p b a c k i n t e r f a c e s
D N S
A lia s , m a s q u e r a d e r o u tin g ta b le s L D A P
Iro n P o rt E S A
10 /53
IronPort A nti-S pam

IronPort Reputation Filters , ,

11/53
IronPort S e nd e rB a s e
1 50
C o m p la in t R e p o r ts G lo b a l V o lu m e D a ta U R L W e b C r a w le r s IP B la c k lis ts & W h ite lis ts
S e n d e rB a s e
S e n d e rB a s e R e p u ta tio n S c o r e s -1 0 t o +1 0
12/53
IronPort S e nd e rB a s e
W e b

Ir o n P o r t
C ip h e r T r u s t B o rd e rW a re 4 0% 50%
80%

Ir o n P o r t
M c A f e e , T r e n d , S y m a n t e c , S o p h o s , C A , F -S e c u r e
1 3 *
t h e lis t e d
* 6/2005 6/2006. 1 7 5 o u t b r e a k s i d e n t i f i e d . C a l c u l a t e d a s p u b l i c l y p u b l i s h e d s i g n a t u r e s f r o m v e n d o rs .
5 + 1 50 + E m a i l W e b 2 5%
Iro n P , c . ig ts e Source: wo r wt E w S . A ci p h ert rus . com0 6 C a ni s dc o w S w y s w t e . m b sordI n erwA l al r re.h comr e s , e A r v ugd . us t 6C , i s 2 c 0o 0 C 6 o n f i d e n t i a l t 2 0
13/53
IronPort Reputation Filters 8 0 %

A n t i -S p a m E n g in e
R e p u ta tio n F ilte r in g
, ,
IronPort
&
14/53
S end erB ase
Iro n P o rt E S A
15/53
? Web Reputation ?E ?
? m ail Reputation
? ? ?
E m a i l r e p u t a t i o n
W e b r e p u t a t i o n
16/53
C ontex t A d aptiv e S c anning E ng ine (C A S E )

C A S E
? ? ? M i c r o s o f t O u t l o o k c l i e n t I P - d i a l -u p I P - I P - ? & U R L / DNS-
http://www.profusenet.com/
Iro n P o rt E S A
17/53
1 0 X , j u n k - 1 0 H e 0 ,0 0 lp D 0 e s k
w e b r e p u t a t i o n & 2 X , -
18/53
C a p E x
Iro n P o rt E S A
2 0 %
2 , 0 0 0 4 0
F o r t u n e 1 0 0
19/53
IronPort Virus Outbreak Filters M c A f ee

:
S op h os
1 3
20 /53
Iro n P o rt E S A
21/53
IronPort V irus O utb reak Filters
Iro n P o rt V O u tb re a k
ir u s F ilte r s

22/53
V i r u s O u t b r e a k F i l t e r s
&
T=0
z ip (e x e )
T=5
-z ip (e x e ) 5 0 5 5 K .
T=1 0
z ip (e 5 0 x e ) 5 5 K
T=8

Iro n P o rt E S A
23/53
IronPort V irus O utb reak Filters

K u k u d r o -A F eeb s . AG T r o j / S t i n x-W Y a b e. G B a g l e-G T M yt o b -H J Nyxem-D ( K a ma S u t r a ) L o o k s k y. G
27/6/0 6 21/6/0 6 15/6/0 6 16/5/0 6 21/4/0 6 19 /4/0 6 16/1/0 6 6/1/0 6

V ir u s th a t s p r e a d s v ia z ip p e d w o r d d o c u m e n t. A r r iv e s a s a n e m a il a tt a c h m e n t c la im in g t o b e s e n t v ia " P r o t e c t e d E -M a i l s e r v i c e . IR C b a c k d o o r T r o ja n . T r o ja n th a t a tte m p ts t o d o w n lo a d f u r t h e r m a lic io u s c o d e . In s ta lls b a c k d o o r a n d c o m m u n ic a t e s v ia H T T P , th u s b y p a s s in g f ir e w a ll f ilt e r s .
L e a d T im e ( : )
3 :3 8 17:46 11:12 13 :0 9 18 :28 3 2:57 1:27 3 5:40
T u r n s o f f a n t i -v i r u s a p p l i c a t i o n s o f i n f e c t e d P C t o a v o i d d e te c tio n . D e le te s m o s t d o c u m e n t s o n t h ir d d a y o f e v e r y m o n t h . In s ta lls k e y s tr o k e lo g g e r s o n t o in f e c t e d P C s .
- 1 3 -1 7 5
24/53
*June 2005 Jul y 2006 . C a l c ul a t ed a s p ub l i c l y p ub l i s h ed s i g na t ur es f r o m t h e f o l l o w i ng v end o r s : S o p h o s , T r end M i c r o , C o m I r*o ut P ero r tA E s S s 2005esJul ec2 2006C S i . s y c mo S a ynts tec m a s ,ndI n c M . A c lA l r f i ee.t s I r f e ss ei g r vnae d t .ur e t C i m i s eo i s C onon f t i d a e v n a t i a i l la b l e, f i r s t p ub l i c l y p ub l i s h ed a l er t t i m e i s us ed . p n June Ao c i a t , F -S y 0 ur 6 e, 0 e g h c
SenderBase
IN T E R N E T

25/53
Iro n P o rt E S A
M c A fe e + S o p h o s + Ir o n P o r t
M c A fe e S o p h o s

S o p h o s M c A f e e

T C O
M a i l F l o w M o n i t o r
26/53
Iro n P o rt E S A
27/53

L D A P (n o t i f i c a t i o n )
28/53
D o m a in K e y S ig n in g
Ir o n P o r t B o u n c e V e r ific a tio n a tta c k s (

In te rn e t )
b o u n c e
29/53

9 %
Misdirected Bounces Not D iscernib l e F rom L eg itim a te Bounces : ?
* : I r o n P o r t T h r e a t O p e r a t io n s C e n te r , e I N T IE r o R n P N o E r t T E S E A M A I L T R A F 2 F 0 0 I C6 C E i s M c o E S R y s G t e E m N s , C I n Y c . : A S l l P r i g A h M t s r B s e O r v U e d N . C E C i Ms c oE C S o S n A f i d G e n E t i aS l A R E C O M P R O M I S I N G
N E T W O R K S , A p r il 2 0 0 6 .
30 /53

9 %
: b i l l i n g @y ou r c om p a n y . c om
: joe1@en t er p r i s e. c om , ja n e8 8 @en t er p r i s e. c om
RETURN TO S END ER
y ou r c om p a n y . c om
5 5
55%%
F F 5 5 0 0 0 0 --
*Source: IronPort Threat Operations Center, IN TE R N E T E M A IL TR A F F IC E M E R G E N CY : SPA M
B OU N CE M E SSA G E S A R E COM PR OM ISIN G
N E TW OR K S, A pril 2 0 0 6 .
Iro n P o rt E S A
31/53
IronPort Bounce Verification

BV
Internet
BV
H e l p D e s k
32/53
D om ainK ey s
Internet
IS P
DNS
3 0 0 M + D o m a i n K e y s 5 C A
33/53
IronPort W E B S e c u ri ty A p p l i a nc e
Iro n P o rt E S A
34/53
W e b
M A N A G E M E N T T O O L S
L 4 T r a ffic M o n ito r
U R L F ilte r s
W e b R e p u ta tio n F ilte r s
A n t i -M a l w a r e S y s te m
Ir o n P o r t A s y n c O S W e b S e c u r ity P la tfo r m
S350 50 0 0
S6 50 50 0 0
Iro n P o rt E S A
35/53
S im u lta n e o u s T C P C o n n e c tio n s H T T P T r a n s a c tio n s P e r H o u r A v e ra g e L a te n c y
1 0 0 , 0 0 0 du p l ex 1 0 M u nb u rdened, 5-7 M b u rdened 5-1 5 m i l l i sec o nds
E a si l y h a ndl es si g ni f i c a nt t ra f f i c sp i k es S erves u p t o 1 0 -2 5K u sers ( t ra f f i c p ro f i l e dep endent ) Preserves end-u ser b ro w si ng ex p eri enc e
Iro n P o rt E S A
36/53
L 4 T r a ffic M o n ito r

, 8 0 -
Iro n P o rt E S A
37/53
U R L

52 , 21 M + , ~ 3 . 5B w e b - 1 /3 -

2 4 x 7
38/53
W e b R e p u ta tio n F ilte r s

U R L C a te g o r iz a tio n D a ta H T M L C o n te n t D a ta U R L B e h a v io r U R L W h ite lis ts U R L B la c k lis ts
D o m a in R e g is tr a r In fo r m a tio n
G lo b a l V o lu m e D a ta
C o m p r o m is e d H o s t L is ts W e b C r a w le r D a ta N e tw o r k O w n e r s
D y n a m ic IP A d d r e s s e s
SenderBase D at a
W eb R ep u t at i o n Sc o res ( W BR S) -1 0 t o + 1 0
O f f l i n e d a t a ( F 5 0 0 , G 2 0 0 0 ) W e b S ite H is to r y
K n o w n T h r e a ts U R L s
Iro n P o rt E S A
39/53

I IR R O O N N P P O O R R WW EE BB RR EE PP UU TT AA F F I IL L T T E E R R S S TT T T I IO O N N I IR R O O N N P P O O R R T T A A N N T T I I -M-M A A L L W W A A R R E E SS YY SS TT EE MM
U R L
IronPort Web Reputation Filters IronPort A nti-M alw are S y stem
Iro n P o rt E S A
40 /53
I r o n P o r t A n t i -M a l w a r e S y s t e m

5 0 %
Ir o n P o r t D V S E n g in e
Domains / U R L s U se r A g e nt s C ont e nt T y p e
IP A d d r e sse s A r c h iv e s/ C ont aine r s
C h e c k su ms & H ash e s C L S I Ds O b je c t B inar ie s
Iro n P o rt E S A
41/53
Ir o n P o r t D V S E n g in e

V E R D IC T E N G IN E 1
IRO N N PO IRO PO DD VV SS EE NN
RT RT G G ININ E E
V E R D IC T E N G IN E 2
V E R D IC T E N G IN E N
R R E E P P U U T T A A T T I I O O N N -BA SE D D V V E E R R D D I I C C T T C C A A C C H H I I N N G G -BA SE
Iro n P o rt E S A
42/53
Web Security Monitor

System Overview W eb T ra f f ic T ren d s Site A c tivity Site D eta il C l ien t A c tivity C l ien t D eta il C a teg o ry D eta il M a l wa re D eta il s M a l wa re T ren d s L 4 T ra f f ic M o n ito r W eb R ep u ta tio n
Iro n P o rt E S A
43/53
Iro n P o rt E S A
44/53
Email Security Manager Email Security Mo nito r
Iro n P o rt E S A
45/53
IronPort Security Manager

L D A P , A D , N e tw o rk
B lo c k F T P A llo w M e d ia f ile s
A llo w a ll U R L c a te g o r ie s
B lo c k e x e c u t a b le s B lo c k a ll m a lw a r e A llo w S k y p e M o n it o r a ll t r a f f ic
B lo c k g a m b lin g s ite s
A llo w e x e c u ta b le s
IT
A llo w a ll a p p lic a tio n s A llo w a ll p r o t o c o ls
Iro n P o rt E S A
46/53
S N M P
2 0 + F T P , S C P , S y s lo g
47/53
I ronP ort M-Series
Iro n P o rt E S A
48/53
Iro n P o rt E S A
49/53
: C is co
C i s c o

I r o n P o r t .
3 4 ,0 0 0
I r o n P o r t
E m a il s e c u r ity m a n a g e r
M a il F lo w C e n tr a l
-- B a ile y S z e to M a n a g e r , M e s s a g in g S y s te m s , C IS C O S Y S T E M S
Iro n P o rt E S A
50 /53
G a r tn e r , M e ta , R a d ic a ti, ID C , F o r r e s te r , B lo o r

3 8 1 0 0 8 1 0 IS P
Iro n P o rt E S A
51/53
Iro n P o rt E S A
52/53
Iro n P o rt E S A
53/53

Защита электронной почты и Web трафика при помощи Iron Port

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Защита электронной почты и Web трафика при помощи Iron Port

Загружено:

Авторское право:

Доступные форматы

W e b

IronPort E-m a i l S e c u ri ty A p p l i a nc e IronPort W EB S e c u ri ty A p p l i a nc e

I r o n P o r t E-m a i l S e c u r ity A p p lia n c e

C3 00 1 000 5 000 e-m a i l

IronPort A nti-S pam

IronPort Reputation Filters , ,

IronPort Reputation Filters 8 0 %

S end erB ase

C ontex t A d aptiv e S c anning E ng ine (C A S E )

IronPort Virus Outbreak Filters M c A f ee

IronPort V irus O utb reak Filters

IronPort V irus O utb reak Filters

27/6/0 6 21/6/0 6 15/6/0 6 16/5/0 6 21/4/0 6 19 /4/0 6 16/1/0 6 6/1/0 6

Ir o n P o r t B o u n c e V e r ific a tio n a tta c k s (

Misdirected Bounces Not D iscernib l e F rom L eg itim a te Bounces : ?

*Source: IronPort Threat Operations Center, IN TE R N E T E M A IL TR A F F IC E M E R G E N CY : SPA M

B OU N CE M E SSA G E S A R E COM PR OM ISIN G

IronPort Bounce Verification

S im u lta n e o u s T C P C o n n e c tio n s H T T P T r a n s a c tio n s P e r H o u r A v e ra g e L a te n c y

1 0 0 , 0 0 0 du p l ex 1 0 M u nb u rdened, 5-7 M b u rdened 5-1 5 m i l l i sec o nds

IronPort Web Reputation Filters IronPort A nti-M alw are S y stem

IP A d d r e sse s A r c h iv e s/ C ont aine r s

C h e c k su ms & H ash e s C L S I Ds O b je c t B inar ie s

Web Security Monitor

Email Security Manager Email Security Mo nito r

IronPort Security Manager

A llo w a ll a p p lic a tio n s A llo w a ll p r o t o c o ls

I ronP ort M-Series

Вам также может понравиться