Learn About Secure Computing

In this segment we discuss secure computer, secure firewalls and secure networks.

Hello and welcome to Web Informant.tv. I am David Strom your host and reviewer. Today we look at secure computings, secure firewall, network and applications protection device, formally known as Sidewinder. The Secure Firewall is efficient because it blocks a large percentage of traffic even before it hits your network. It has global knowledge of zero-day attacks that a standard signature base service wouldn't. Thanks to the reputation of trusted source service. Go to Policy Application Defense then TrustedSource where you can fine tune it for your particular needs, perform its filtering on all types of traffic both in and outbound and it's just the reputation scores as well. You can then incorporate TrustedSource's reputation score into particular policy rules. If we go to the Rules section, edit Internet Services rule, you can click on Enable TrustedSource and adjust the Slider as appropriate to block a filter particular IP addresses in real-time based on the reputation score. This will block or allow the administrator to further filter untrusted, potentially malicious sites that our users browse or malicious hacker of botnet might be trying to access your apps. For more information, see our separate Screencast video on TrustedSource. If we close out that Rule, I will show you another protective element, the ability to automatically detect threats based on the GeoLocation services. You can set policies based on where an IP address originates from in the world. We go on to Remote Desktop rule, edit this Source Endpoint pull-down menu to the GeoLocation (U.S. only) entry, or we could group a set of countries that we want to filter. This will specify more scrutiny based on source or destination IP. Another way to reduce inbound traffic is to automatically perform virus and malware scans and block their entry. Go to Policy > Application Defense, Virus Scanning and you can set the frequency of the signature downloads and on the Advanced Tab at AV scanners where attachment sizes increase. The Secure Firewall also has a full IPS signature service that can be configured according to type of attacks on a rule basis to get maximum performance. A lot of firewalls don't have much visibility into SSL and other encrypted protocols such as SSH, but this one does and of its bidirectional inspection of all traffic, go to Policy > Application Defense > Defense > HTTPS and you can turn on the decrypt traffic button under the Enforcement pane. And then turn on what you are going to be looking for, such as viruses or malware. This will eliminate threats that normally just pass through because of encrypted sessions on a standard inspection firewall. The product comes with a variety of pre-built application proxies to further isolate your servers and applications from the cruel outside world. Go to Policy > Rule Elements > Services and you will see this list. If you want to add a new one, you click on the plus (+) sign and you can see in the pull-down a list of pre-built application proxies available that you can use to hide your internal applications from discovery by attackers and prevent unauthorized access. Another feature is very granular control of applications in the proxies such as Citrix, Oracle, Web and VoIP servers. In the case of Citrix you can control particular features and turn off commands that your users might not require but the hacker would love to exploit such as drive mapping. You can also do some real-time auditing to. Go to Monitor, click View to see traffic that's coming into the box. You can click Stop and then you can browse the details of each event. When you first install the Windows based configuration tool, it needs to download the latest software updates to match the firmware on the firewall, which is a bit annoying. As you can see from the screen capture here. I would have liked to see just an SLL Web only interface but the Windows based tool did offer quick response times when making administrative changes. There is a large collection of reports and analysis tools that are available including a separate program from the configuration software. Here we are looking at the dashboard of the Secure Firewall Reporter which shows you consolidated look at various events, Port and Protocol Activity. You can mouse over and drill down to the alerts to examine what triggered things and for further analysis. If we click on the Devices Tab we can see what firewalls are running on our network and the status of its license and IP addresses. What I like with it you could set up each rule to block or allow particular elements which gives you a lot of flexibility with the product. Also I like the combination of different protective measures that work together to afford blended attacks. Bring up on the remote desktop the Reporting Tool and click on Security Center at the top of the screen and we get this unified threat analysis. There are tons of reports available here as a sample one showing a 3D_PIE chart of Source Destination Analysis. It also has CAN reports for regulatory auditors in the area of HIPAA, PCI and SOX. You can also see the results of how your rules are being applied and whether you need to reorder them or adjust them based on this report. While Secure Firewall CommandCenter product is ideal for managing policies and software updates for tens or hundreds of firewalls across your enterprise it adds yet another control console to the mix. I think there are four different tools to manage everything. CommandCenter also offers a way to segregate different administration rules to match particular tasks in larger organizations as we see here in this screen. Overall the product is very solid and unlike many other firewalls is a proven track record of significantly lower emergency security patches and search advisories. Which means reduce downtime and lower maintenance. See this web page here as an example where a common Telnet buffer overflow doesn't apply to the product. Thanks for watching Web Informant.tv. This has been David Strom. Feel free to send your comments to me at david@strom.com.