ページ1に含まれる内容の要旨
SonicWALL TZ 180 TotalSecure
Administrator’s Guide
Introduction
SonicWALL TZ 180 TotalSecure is included in SonicWALL’s unified threat management solution
that integrates Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service into an
intelligent, real-time network security solution. This provides a comprehensive, yet layered
approach to securing your network.
Document Scope
This document contains the following subsections:
• “SonicWALL Gateway Anti-Virus”
• “SonicWALL Deep Pa
ページ2に含まれる内容の要旨
What is TotalSecure? Prevention Service delivers unified threat management directly on the SonicWALL security appliance gateway. Unlike other threat management solutions, SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service has the capacity to analyze files of any size in real-time without the need to add expensive hardware drive or extra memory. SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service includes a pro-active alerting mechanism that no
ページ3に含まれる内容の要旨
SonicWALL Gateway Anti-Virus SonicWALL Gateway Anti-Virus This section provides an overview to the SonicWALL Gateway Anti-Virus. This section contains the following subsections: • GAV Overview • How Does GAV Work? • Benefits • SonicWALL Gateway Anti-Virus/Intrusion Prevention Features • SonicWALL GAV Multi-Layered Approach • SonicWALL GAV Architecture GAV Overview SonicWALL Gateway Anti-Virus (SonicWALL GAV) is part of the SonicWALL Gateway Anti-Virus/Intrusion Prevention Service soluti
ページ4に含まれる内容の要旨
SonicWALL Gateway Anti-Virus SonicWALL Gateway Anti-Virus/Intrusion Prevention Features The Gateway Anti-Virus/Intrusion Prevention features are described below: • Integrated Deep Packet Inspection Technology - SonicWALL Gateway Anti-Virus/Intrusion Prevention Service features a configurable, high-performance deep packet inspection architecture that uses parallel searching algorithms up through the application layer to deliver increased application layer, Web and e-mail attack prevention. P
ページ5に含まれる内容の要旨
SonicWALL Gateway Anti-Virus of other stream-based protocols. This closes potential backdoors that can be used to compromise the network while also improving employee productivity and conserving Internet bandwidth. • Application Control - SonicWALL Gateway Anti-Virus/Intrusion Prevention Service provides the ability to prevent instant messaging and peer-to-peer file sharing programs from operating through the firewall, closing a potential back door that can be used to compromise the networ
ページ6に含まれる内容の要旨
SonicWALL Gateway Anti-Virus Remote Site Protection To protect the internal network, perform the following steps: Step 1 Users send typical e-mail and files between remote sites and the corporate office. Step 2 SonicWALL GAV scans and analyzes files and e-mail messages on the SonicWALL security appliance. Step 3 Viruses are found and blocked before infecting remote desktop. Step 4 Virus is logged and alert is sent to administrator. wan opt TZ 180 London, UK San Jose, CA Cairo, Egypt Houston, T
ページ7に含まれる内容の要旨
SonicWALL Gateway Anti-Virus Step 4 Virus is logged and alert is sent to administrator. Virus Discarded Alert Logged PRO 5060 HTTP File Downloads The process for HTTP File Downloads is described in the steps and diagram below: Step 1 Client makes a request to download a file from the Web. Step 2 File is downloaded through the Internet. Step 3 File is analyzed through the SonicWALL GAV engine for malicious code and viruses Step 4 If virus found, file discarded. Step 5 Virus is logged and alert s
ページ8に含まれる内容の要旨
SonicWALL Gateway Anti-Virus Server Protection The process for Server Protection is described in the steps below: Step 1 Outside user sends an incoming e-mail. Step 2 E-mail is analyzed through the SonicWALL GAV engine for malicious code and viruses before received by e-mail server. Step 3 If virus found, threat prevented. Step 4 E-mail is returned to sender, virus is logged, and alert sent to administrator. SonicWALL GAV Architecture SonicWALL GAV is based on SonicWALL's high performance DPIv2
ページ9に含まれる内容の要旨
SonicWALL Gateway Anti-Virus Stream Concurrency Limitations by SonicWALL Security Appliance Because SonicWALL GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis. Stream-concurrency are platform dependent as follows: GAV-Enabled Connections Concurrent GAV-Disabled Cache Size Compressed Connections (Concurrent File Downloads
ページ10に含まれる内容の要旨
SonicWALL Gateway Anti-Virus Note 8-bit encoding is handled natively for all email based protocols (SMTP, POP3, and IMAP) since no decoding is required for each encoding scheme. SMTP Capabilities: base64 decoding, zip (including archives) and gzip decompression. Prevention Mechanism: The message which contains the virus is removed from the head of the sent queue, thus preventing it from being resent, via 552 SMTP response and the connection is terminated. POP3 Capabilities: base64 decoding,
ページ11に含まれる内容の要旨
SonicWALL Intrusion Prevention Service Prevention Mechanism: The connection is terminated, preventing the user from receiving the malicious payload. FTP Capabilities: zip (including archives) and gzip decompression. FTP stateful code follows data port negotiations, allowing FTP data to be inspected across any operating TCP port. Suppresses the use of the FTP 'REST' (restart) request to prevent the sectional retrieval and reassembly of potentially malicious content. "The suppression of the 'R
ページ12に含まれる内容の要旨
SonicWALL Intrusion Prevention Service What is a Zone? A Zone is a logical grouping of one or more interfaces and/or VLANs designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following strict physical interface scheme. Zone-based security is a powerful and flexible method of managing both internal and external network segments, allowing the administrator to separate and protect critical internal network resources fro
ページ13に含まれる内容の要旨
SonicWALL Anti-Spyware SonicWALL Anti-Spyware SonicWALL Anti-Spyware is included within the SonicWALL Gateway Anti-Virus (GAV), Anti-Spyware and Intrusion Prevention Service (IPS) unified threat management solution. SonicWALL GAV, Anti-Spyware and IPS delivers a comprehensive, real-time gateway security solution for your entire network. This section provides an overview to the SonicWALL Anti-spyware. This section contains the following subsections: • The Spyware Threat • SonicWALL Anti-Spy
ページ14に含まれる内容の要旨
SonicWALL Anti-Spyware clients and reset those connections. For example, when spyware has been profiling a user's browsing habits and attempts to send the profile information home, the SonicWALL security appliance identifies that traffic and resets the connection. The SonicWALL Anti-Spyware Service provides the following protection: • Blocks spyware delivered through auto-installed ActiveX components, the most common vehicle for distributing malicious spyware programs. • Scans and logs spyw
ページ15に含まれる内容の要旨
SonicWALL Content Filtering Service - Premium SonicWALL Content Filtering Service - Premium This section provides an overview to the SonicWALL Content Filtering Service. This section contains the following subsections: • CFS Overview • How Does CFS Premium Work? • Benefits CFS Overview SonicWALL Content Filtering Services Premium (CFS Premium) enforces protection and productivity policies for businesses, schools and libraries to reduce legal and privacy risks while minimizing administrati
ページ16に含まれる内容の要旨
SonicWALL Deep Packet Inspection SonicWALL Deep Packet Inspection This section provides an overview to the SonicWALL Intrusion Prevention Service (DPI). This section contains the following subsections: • DPI Overview • How Does DPI Work? • Benefits DPI Overview Deep Packet Inspection (DPI) looks at the data portion of the packet. The Deep Packet Inspection technology includes intrusion detection and intrusion prevention. Intrusion detection finds anomalies in the traffic and alerts the adm
ページ17に含まれる内容の要旨
SonicWALL Deep Packet Inspection Figure 1 Deep Packet Inspection Flow Diagram The following steps describe how the SonicWALL Deep Packet Inspection Architecture functions: 1. Pattern Definition Language Interpreter uses signatures that can be written to detect and prevent against known and unknown protocols, applications and exploits. 2. TCP packets arriving out-of-order are reassembled by the Deep Packet Inspection framework. 3. Deep Packet Inspection engine preprocessing involves norm
ページ18に含まれる内容の要旨
SonicWALL Security Dashboard This section provides an introduction to the Security Dashboard feature. This section contains the following subsections: • Security Dashboard Overview • What is Security Dashboard? • How Does the Security Dashboard Work? • Benefits SonicWALL TZ 180 TotalSecure 18����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
ページ19に含まれる内容の要旨
SonicWALL Security Dashboard Security Dashboard Overview The SonicWALL Security Dashboard provides reports of the latest threat protection data from a single SonicWALL appliance and aggregated threat protection data from SonicWALL security appliances deployed globally. The SonicWALL Security Dashboard displays automatically upon successful authentication to a SonicWALL security appliance running SonicOS 3.8 firmware or later, and can be viewed at any time by navigating to the System > Securi
ページ20に含まれる内容の要旨
SonicWALL Security Dashboard Each report includes a graph of threats blocked over time and a table of the top blocked threats. Reports, which are updated hourly, can be customized to display data for the last 12 hours, 14 days, 21 days, or 6 months. For easier viewing, SonicWALL Security Dashboard reports can be transformed into a PDF file format with the click of a button. Figure 2 provides the default view of the SonicWALL Security Dashboard. Figure 2 SonicWALL Security Dashboard SonicWALL
