McAfee Desktop Firewall, TEPUM Secura
McAfee Desktop Firewall, TEPUM Secura
McAfee Desktop Firewall, TEPUM Secura
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0<br />
[ Ayrıntılı bilgi için; info@secura.com.tr ]
Agenda<br />
• Problems facing today’s IT environment<br />
• New <strong>Desktop</strong> <strong>Firewall</strong> 8.0 features & benefits<br />
• Real world example of <strong>Desktop</strong> <strong>Firewall</strong> in action<br />
• Summary<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 2
VirusScan Enterprise<br />
+ <strong>Desktop</strong> <strong>Firewall</strong><br />
VirusScan<br />
Enterprise<br />
E-Business<br />
Server<br />
VirusScan<br />
Wireless<br />
<strong>Desktop</strong><br />
<strong>Firewall</strong><br />
VirusScan ASaP<br />
desktop and server protection with<br />
online management reporting<br />
WebShield Appliance<br />
http,ftp,smtp,pop3<br />
GroupShield<br />
e-mail server<br />
Entercept<br />
system security products<br />
ePolicy Orchestrator<br />
management console<br />
NetShield<br />
file and print<br />
server/filers<br />
ThreatScan<br />
viral vulnerability<br />
assessment<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 3
Problems facing today’s IT environments<br />
• The network is the battle ground<br />
• Defending the client<br />
• Controlling the client<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 4
Problems Defending<br />
• Blended threats like SQLSlammer, Klez, BugBear, Fizzer,<br />
and Sobig cause damage<br />
• Anti-Virus alone cannot stop all new threats<br />
• Anti-virus alone cannot contain all threats from spreading<br />
• Spyware and other unwanted applications are everywhere<br />
• Increased numbers of mobile users & wireless hot spots<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 5
Problems Controlling<br />
• Locking down a desktop computer is not easy<br />
• Users like to install their own software from the Internet<br />
• User change configurations without IT permission<br />
• Clients with old protection and security policies continually<br />
connect to the network<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 6
Reducing Vulnerability with <strong>Desktop</strong> <strong>Firewall</strong><br />
Before Virus<br />
(Proactive)<br />
After Virus<br />
(Reactive)<br />
•Proactively help<br />
prevent Spyware and<br />
unwanted programs.<br />
•Proactively reduce the<br />
speed of attack<br />
Fix<br />
Delivery<br />
Traditional<br />
AV Tools<br />
•Proactively prevent<br />
insecure clients<br />
accessing the network<br />
•Proactively reduce<br />
the chance of attack<br />
success<br />
•Proactively reduce<br />
the exposure to attack<br />
Time<br />
6 Months 3 Months 0<br />
3 Hours 6 Hours<br />
3 Days<br />
Virus<br />
Discovered<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 7
How <strong>Desktop</strong> <strong>Firewall</strong> Works?<br />
Client<br />
Intrusion Detection System<br />
NEW Application Monitoring<br />
Network<br />
Packet/Application <strong>Firewall</strong><br />
Policy Enforcement<br />
&<br />
Graphical Reporting<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 8
<strong>McAfee</strong> Protection<br />
VirusScan Enterprise<br />
+ <strong>Desktop</strong> <strong>Firewall</strong><br />
VirusScan<br />
Enterprise<br />
E-Business<br />
Server<br />
VirusScan<br />
Wireless<br />
<strong>Desktop</strong><br />
<strong>Firewall</strong><br />
WebShield Appliance<br />
http,ftp,smtp,pop3<br />
ePolicy Orchestrator<br />
management console<br />
NetShield<br />
file and print<br />
server/filers<br />
VirusScan ASaP<br />
desktop and server protection with<br />
online management reporting<br />
GroupShield<br />
e-mail server<br />
Entercept<br />
system security products<br />
ThreatScan<br />
viral vulnerability<br />
assessment<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 9
New feature in <strong>Desktop</strong> <strong>Firewall</strong> 8.0<br />
• Application Monitoring<br />
• Quarantine Mode<br />
• Auto Learn & Audit Mode<br />
• Updateable IDS Signatures<br />
• Time Based Rules<br />
• Non IP Protocol Support<br />
• Split Learn Mode<br />
• Block by Domain Name<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 10
Application Monitoring<br />
• Application Creation<br />
• Application Creation is the action of an application<br />
running<br />
• Benefit<br />
• Prevents malicious programs, spyware, Trojans from running<br />
• Suppresses some adware popup driven by executables<br />
• Enables Administrator to enforce the Common Operating<br />
Environment (COE)<br />
• Without the need to remove local admin rights<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 11
Application Monitoring<br />
• Application Hooking<br />
• ‘Hooking’ is the act of injecting code into another process<br />
• Benefit<br />
• Some processes will do this legitimately<br />
• If a process ‘Hooks’ into Internet Explorer and allowed to access<br />
the network, the hooking application can fool the firewall into<br />
thinking it is Internet Explorer<br />
• Prevent sophisticated attacks such as browser hijacking<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 12
Application Monitoring<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 13
Quarantine Mode<br />
• Prevent none compliant systems connecting to the network<br />
• Benefit<br />
• Increase network security by automatically checking client security<br />
policies before allowing them to communicate on the network.<br />
• Protects the network from out-of-date anti-virus and <strong>Desktop</strong><br />
<strong>Firewall</strong> software and policies.<br />
• Keeps potentially dangerous traffic off the network.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 14
Auto Learn & Audit Mode<br />
• Administrative ePO option to automatically learn rules<br />
• Benefit<br />
• Automatically learn rules for <strong>Desktop</strong> <strong>Firewall</strong> without user<br />
intervention.<br />
• Administrators can easily audit learned rules from a central console<br />
and refine policies.<br />
• Easy configuration to avoid blocking legitimate application - a worry<br />
for administrators<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 15
Updateable IDS Signatures<br />
• Enables IDS protection to be<br />
updated with Signatures files.<br />
• IDS Signature updates are available<br />
on a monthly basis.<br />
• Benefit<br />
• provide continually enhanced<br />
intrusion detection<br />
• Offers rapid protection against<br />
tomorrow’s threats.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 16
Time Based Rules<br />
• Individual firewall rules can<br />
have a time restriction applied<br />
to them.<br />
• Rules can either disable or<br />
switch permissions (i.e.. Allow<br />
rule becomes a Block rule)<br />
when the time period expires.<br />
• Benefit<br />
• Time based rules enable<br />
flexible policies to be set so<br />
that rules are only active on<br />
certain times or days<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 17
NON IP Protocols<br />
• 120 IP-based protocols.<br />
• WiFi (802.11x), NetBEUI, IPX, and<br />
AppleTalk.<br />
• Benefit<br />
• Multiple protocol rules provide greater<br />
levels of network security by filtering a<br />
broad range of network traffic.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 18
Split Learn Mode<br />
• Enables administrators to customize<br />
learn mode for either incoming,<br />
outgoing or both<br />
• Benefit<br />
• Allow Learn Mode to learn<br />
incoming or outbound or both<br />
• Provides flexible rule learning<br />
capabilities<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 19
Block by domain name<br />
• Simply add domains that you wish to block access to.<br />
• Benefit<br />
• Enables entire internet domains to be easily blocked,<br />
• maintaining rules becomes easier.<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 20
Evolution of Threats<br />
• 1994: Michelangelo – 6 months<br />
• 1997: Cap – 2 months<br />
• 1999: Melissa – 1 day<br />
• 2000: Loveletter – 4 hours<br />
• 2001: CodeRed/Nimda – 1 hour?<br />
• 2003: Slammer - 10 minutes<br />
14,000<br />
12,000<br />
10,000<br />
8,000<br />
6,000<br />
6250<br />
12500<br />
• 2004: Threat X – Seconds?!?<br />
4,000<br />
2,000<br />
2777<br />
0<br />
Code Red Nimda Goner<br />
Source: <strong>McAfee</strong> AVERT<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 21
Proactive Protection Against Blended Threats<br />
Multiple attack methods are now common<br />
Internet Explorer (HTTP)<br />
OutLook (SMTP/MAPI)<br />
File Sharing (Network)<br />
IIS Web Server (HTTP)<br />
Peer2Peer Exploit<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 22
How DTFW Would Have prevented Bugbear.b<br />
• The worm is received via email (i.e. Outlook)<br />
• Possibly self-executes on opening the email<br />
• Attempts to send spoofed email directly over SMTP<br />
• Also drops a backdoor on TCP port 1080<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 23
How DTFW Would Have prevented Bugbear.b<br />
• DTFW adds a protective ‘shield’ around the client<br />
• Only allowing ‘approved’ apps and services<br />
• Blended attacks are contained - never leaving the client<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 24
How DTFW Would Have prevented Bugbear.b<br />
• Instead of an infected client further infecting others<br />
• The worm’s traffic is instead blocked<br />
• The threat is instead, contained<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 25
Other Real World Examples of Proactive Protection with<br />
<strong>Desktop</strong> <strong>Firewall</strong><br />
• Preventing Fizzer<br />
• Uses network to spread<br />
• Worm uses:- SMTP(25), KaZaa, IRC(6667), AIM(5190), HTTP,<br />
and RAS to spread<br />
• Attempts to terminate AV software<br />
• <strong>Desktop</strong> <strong>Firewall</strong> deals with this<br />
• By default blocks these ports so worm could not spread if it arrived<br />
in your inbox<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 26
Summary<br />
• The Network is the battle ground<br />
• Proactively prevents & contains the spread of unknown threats that<br />
AV alone can not.<br />
• <strong>Desktop</strong> <strong>Firewall</strong> proactive protects against blended threats –<br />
BugBear, Fizzer etc.<br />
• Centralized management and reporting with <strong>McAfee</strong> ePolicy<br />
Orchestrator<br />
• Top New Features<br />
• Prevent unwanted applications from running or hooking<br />
• Prevent insecure clients connecting to the network and causing<br />
damage<br />
• Update able intrusion detection system<br />
• Easy administration of firewall rules<br />
<strong>McAfee</strong> <strong>Desktop</strong> <strong>Firewall</strong> 8.0, Page 27
Teşekkür Ederiz.<br />
[ Ayrıntılı bilgi için; info@secura.com.tr ]