McAfee Desktop Firewall, TEPUM Secura
McAfee Desktop Firewall, TEPUM Secura
McAfee Desktop Firewall, TEPUM Secura
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0<br />
[ Ayrıntılı bilgi için; info@secura.com.tr ]
Agenda<br />
• Problems facing today’s IT environment<br />
• New <strong>Desktop</strong> <strong>Firewall</strong> 8.0 features & benefits<br />
• Real world example of <strong>Desktop</strong> <strong>Firewall</strong> in action<br />
• Summary<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 2
VirusScan Enterprise<br />
+ <strong>Desktop</strong> <strong>Firewall</strong><br />
VirusScan<br />
Enterprise<br />
E-Business<br />
Server<br />
VirusScan<br />
Wireless<br />
<strong>Desktop</strong><br />
<strong>Firewall</strong><br />
VirusScan ASaP<br />
desktop and server protection with<br />
online management reporting<br />
WebShield Appliance<br />
http,ftp,smtp,pop3<br />
GroupShield<br />
e-mail server<br />
Entercept<br />
system security products<br />
ePolicy Orchestrator<br />
management console<br />
NetShield<br />
file and print<br />
server/filers<br />
ThreatScan<br />
viral vulnerability<br />
assessment<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 3
Problems facing today’s IT environments<br />
• The network is the battle ground<br />
• Defending the client<br />
• Controlling the client<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 4
Problems Defending<br />
• Blended threats like SQLSlammer, Klez, BugBear, Fizzer,<br />
and Sobig cause damage<br />
• Anti-Virus alone cannot stop all new threats<br />
• Anti-virus alone cannot contain all threats from spreading<br />
• Spyware and other unwanted applications are everywhere<br />
• Increased numbers of mobile users & wireless hot spots<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 5
Problems Controlling<br />
• Locking down a desktop computer is not easy<br />
• Users like to install their own software from the Internet<br />
• User change configurations without IT permission<br />
• Clients with old protection and security policies continually<br />
connect to the network<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 6
Reducing Vulnerability with <strong>Desktop</strong> <strong>Firewall</strong><br />
Before Virus<br />
(Proactive)<br />
After Virus<br />
(Reactive)<br />
•Proactively help<br />
prevent Spyware and<br />
unwanted programs.<br />
•Proactively reduce the<br />
speed of attack<br />
Fix<br />
Delivery<br />
Traditional<br />
AV Tools<br />
•Proactively prevent<br />
insecure clients<br />
accessing the network<br />
•Proactively reduce<br />
the chance of attack<br />
success<br />
•Proactively reduce<br />
the exposure to attack<br />
Time<br />
6 Months 3 Months 0<br />
3 Hours 6 Hours<br />
3 Days<br />
Virus<br />
Discovered<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 7
How <strong>Desktop</strong> <strong>Firewall</strong> Works?<br />
Client<br />
Intrusion Detection System<br />
NEW Application Monitoring<br />
Network<br />
Packet/Application <strong>Firewall</strong><br />
Policy Enforcement<br />
&<br />
Graphical Reporting<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 8
<strong>McAfee</strong> Protection<br />
VirusScan Enterprise<br />
+ <strong>Desktop</strong> <strong>Firewall</strong><br />
VirusScan<br />
Enterprise<br />
E-Business<br />
Server<br />
VirusScan<br />
Wireless<br />
<strong>Desktop</strong><br />
<strong>Firewall</strong><br />
WebShield Appliance<br />
http,ftp,smtp,pop3<br />
ePolicy Orchestrator<br />
management console<br />
NetShield<br />
file and print<br />
server/filers<br />
VirusScan ASaP<br />
desktop and server protection with<br />
online management reporting<br />
GroupShield<br />
e-mail server<br />
Entercept<br />
system security products<br />
ThreatScan<br />
viral vulnerability<br />
assessment<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 9
New feature in <strong>Desktop</strong> <strong>Firewall</strong> 8.0<br />
• Application Monitoring<br />
• Quarantine Mode<br />
• Auto Learn & Audit Mode<br />
• Updateable IDS Signatures<br />
• Time Based Rules<br />
• Non IP Protocol Support<br />
• Split Learn Mode<br />
• Block by Domain Name<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 10
Application Monitoring<br />
• Application Creation<br />
• Application Creation is the action of an application<br />
running<br />
• Benefit<br />
• Prevents malicious programs, spyware, Trojans from running<br />
• Suppresses some adware popup driven by executables<br />
• Enables Administrator to enforce the Common Operating<br />
Environment (COE)<br />
• Without the need to remove local admin rights<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 11
Application Monitoring<br />
• Application Hooking<br />
• ‘Hooking’ is the act of injecting code into another process<br />
• Benefit<br />
• Some processes will do this legitimately<br />
• If a process ‘Hooks’ into Internet Explorer and allowed to access<br />
the network, the hooking application can fool the firewall into<br />
thinking it is Internet Explorer<br />
• Prevent sophisticated attacks such as browser hijacking<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 12
Application Monitoring<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 13
Quarantine Mode<br />
• Prevent none compliant systems connecting to the network<br />
• Benefit<br />
• Increase network security by automatically checking client security<br />
policies before allowing them to communicate on the network.<br />
• Protects the network from out-of-date anti-virus and <strong>Desktop</strong><br />
<strong>Firewall</strong> software and policies.<br />
• Keeps potentially dangerous traffic off the network.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 14
Auto Learn & Audit Mode<br />
• Administrative ePO option to automatically learn rules<br />
• Benefit<br />
• Automatically learn rules for <strong>Desktop</strong> <strong>Firewall</strong> without user<br />
intervention.<br />
• Administrators can easily audit learned rules from a central console<br />
and refine policies.<br />
• Easy configuration to avoid blocking legitimate application - a worry<br />
for administrators<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 15
Updateable IDS Signatures<br />
• Enables IDS protection to be<br />
updated with Signatures files.<br />
• IDS Signature updates are available<br />
on a monthly basis.<br />
• Benefit<br />
• provide continually enhanced<br />
intrusion detection<br />
• Offers rapid protection against<br />
tomorrow’s threats.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 16
Time Based Rules<br />
• Individual firewall rules can<br />
have a time restriction applied<br />
to them.<br />
• Rules can either disable or<br />
switch permissions (i.e.. Allow<br />
rule becomes a Block rule)<br />
when the time period expires.<br />
• Benefit<br />
• Time based rules enable<br />
flexible policies to be set so<br />
that rules are only active on<br />
certain times or days<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 17
NON IP Protocols<br />
• 120 IP-based protocols.<br />
• WiFi (802.11x), NetBEUI, IPX, and<br />
AppleTalk.<br />
• Benefit<br />
• Multiple protocol rules provide greater<br />
levels of network security by filtering a<br />
broad range of network traffic.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 18
Split Learn Mode<br />
• Enables administrators to customize<br />
learn mode for either incoming,<br />
outgoing or both<br />
• Benefit<br />
• Allow Learn Mode to learn<br />
incoming or outbound or both<br />
• Provides flexible rule learning<br />
capabilities<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 19
Block by domain name<br />
• Simply add domains that you wish to block access to.<br />
• Benefit<br />
• Enables entire internet domains to be easily blocked,<br />
• maintaining rules becomes easier.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 20
Evolution of Threats<br />
• 1994: Michelangelo – 6 months<br />
• 1997: Cap – 2 months<br />
• 1999: Melissa – 1 day<br />
• 2000: Loveletter – 4 hours<br />
• 2001: CodeRed/Nimda – 1 hour?<br />
• 2003: Slammer - 10 minutes<br />
14,000<br />
12,000<br />
10,000<br />
8,000<br />
6,000<br />
6250<br />
12500<br />
• 2004: Threat X – Seconds?!?<br />
4,000<br />
2,000<br />
2777<br />
0<br />
Code Red Nimda Goner<br />
Source: <strong>McAfee</strong> AVERT<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 21
Proactive Protection Against Blended Threats<br />
Multiple attack methods are now common<br />
Internet Explorer (HTTP)<br />
OutLook (SMTP/MAPI)<br />
File Sharing (Network)<br />
IIS Web Server (HTTP)<br />
Peer2Peer Exploit<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 22
How DTFW Would Have prevented Bugbear.b<br />
• The worm is received via email (i.e. Outlook)<br />
• Possibly self-executes on opening the email<br />
• Attempts to send spoofed email directly over SMTP<br />
• Also drops a backdoor on TCP port 1080<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 23
How DTFW Would Have prevented Bugbear.b<br />
• DTFW adds a protective ‘shield’ around the client<br />
• Only allowing ‘approved’ apps and services<br />
• Blended attacks are contained - never leaving the client<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 24
How DTFW Would Have prevented Bugbear.b<br />
• Instead of an infected client further infecting others<br />
• The worm’s traffic is instead blocked<br />
• The threat is instead, contained<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 25
Other Real World Examples of Proactive Protection with<br />
<strong>Desktop</strong> <strong>Firewall</strong><br />
• Preventing Fizzer<br />
• Uses network to spread<br />
• Worm uses:- SMTP(25), KaZaa, IRC(6667), AIM(5190), HTTP,<br />
and RAS to spread<br />
• Attempts to terminate AV software<br />
• <strong>Desktop</strong> <strong>Firewall</strong> deals with this<br />
• By default blocks these ports so worm could not spread if it arrived<br />
in your inbox<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 26
Summary<br />
• The Network is the battle ground<br />
• Proactively prevents & contains the spread of unknown threats that<br />
AV alone can not.<br />
• <strong>Desktop</strong> <strong>Firewall</strong> proactive protects against blended threats –<br />
BugBear, Fizzer etc.<br />
• Centralized management and reporting with <strong>McAfee</strong> ePolicy<br />
Orchestrator<br />
• Top New Features<br />
• Prevent unwanted applications from running or hooking<br />
• Prevent insecure clients connecting to the network and causing<br />
damage<br />
• Update able intrusion detection system<br />
• Easy administration of firewall rules<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 27
Teşekkür Ederiz.<br />
[ Ayrıntılı bilgi için; info@secura.com.tr ]