Resumo do conteúdo contido na página número 1
SonicWALL TZ 180 TotalSecure
Administrator’s Guide
Introduction
SonicWALL TZ 180 TotalSecure is included in SonicWALL’s unified threat management solution
that integrates Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service into an
intelligent, real-time network security solution. This provides a comprehensive, yet layered
approach to securing your network.
Document Scope
This document contains the following subsections:
• “SonicWALL Gateway Anti-Virus”
• “SonicWALL Deep Pa
Resumo do conteúdo contido na página número 2
What is TotalSecure? Prevention Service delivers unified threat management directly on the SonicWALL security appliance gateway. Unlike other threat management solutions, SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service has the capacity to analyze files of any size in real-time without the need to add expensive hardware drive or extra memory. SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service includes a pro-active alerting mechanism that no
Resumo do conteúdo contido na página número 3
SonicWALL Gateway Anti-Virus SonicWALL Gateway Anti-Virus This section provides an overview to the SonicWALL Gateway Anti-Virus. This section contains the following subsections: • GAV Overview • How Does GAV Work? • Benefits • SonicWALL Gateway Anti-Virus/Intrusion Prevention Features • SonicWALL GAV Multi-Layered Approach • SonicWALL GAV Architecture GAV Overview SonicWALL Gateway Anti-Virus (SonicWALL GAV) is part of the SonicWALL Gateway Anti-Virus/Intrusion Prevention Service soluti
Resumo do conteúdo contido na página número 4
SonicWALL Gateway Anti-Virus SonicWALL Gateway Anti-Virus/Intrusion Prevention Features The Gateway Anti-Virus/Intrusion Prevention features are described below: • Integrated Deep Packet Inspection Technology - SonicWALL Gateway Anti-Virus/Intrusion Prevention Service features a configurable, high-performance deep packet inspection architecture that uses parallel searching algorithms up through the application layer to deliver increased application layer, Web and e-mail attack prevention. P
Resumo do conteúdo contido na página número 5
SonicWALL Gateway Anti-Virus of other stream-based protocols. This closes potential backdoors that can be used to compromise the network while also improving employee productivity and conserving Internet bandwidth. • Application Control - SonicWALL Gateway Anti-Virus/Intrusion Prevention Service provides the ability to prevent instant messaging and peer-to-peer file sharing programs from operating through the firewall, closing a potential back door that can be used to compromise the networ
Resumo do conteúdo contido na página número 6
SonicWALL Gateway Anti-Virus Remote Site Protection To protect the internal network, perform the following steps: Step 1 Users send typical e-mail and files between remote sites and the corporate office. Step 2 SonicWALL GAV scans and analyzes files and e-mail messages on the SonicWALL security appliance. Step 3 Viruses are found and blocked before infecting remote desktop. Step 4 Virus is logged and alert is sent to administrator. wan opt TZ 180 London, UK San Jose, CA Cairo, Egypt Houston, T
Resumo do conteúdo contido na página número 7
SonicWALL Gateway Anti-Virus Step 4 Virus is logged and alert is sent to administrator. Virus Discarded Alert Logged PRO 5060 HTTP File Downloads The process for HTTP File Downloads is described in the steps and diagram below: Step 1 Client makes a request to download a file from the Web. Step 2 File is downloaded through the Internet. Step 3 File is analyzed through the SonicWALL GAV engine for malicious code and viruses Step 4 If virus found, file discarded. Step 5 Virus is logged and alert s
Resumo do conteúdo contido na página número 8
SonicWALL Gateway Anti-Virus Server Protection The process for Server Protection is described in the steps below: Step 1 Outside user sends an incoming e-mail. Step 2 E-mail is analyzed through the SonicWALL GAV engine for malicious code and viruses before received by e-mail server. Step 3 If virus found, threat prevented. Step 4 E-mail is returned to sender, virus is logged, and alert sent to administrator. SonicWALL GAV Architecture SonicWALL GAV is based on SonicWALL's high performance DPIv2
Resumo do conteúdo contido na página número 9
SonicWALL Gateway Anti-Virus Stream Concurrency Limitations by SonicWALL Security Appliance Because SonicWALL GAV does not have to perform reassembly, there are no file-size limitations imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are also performed on a single-pass, per-packet basis. Stream-concurrency are platform dependent as follows: GAV-Enabled Connections Concurrent GAV-Disabled Cache Size Compressed Connections (Concurrent File Downloads
Resumo do conteúdo contido na página número 10
SonicWALL Gateway Anti-Virus Note 8-bit encoding is handled natively for all email based protocols (SMTP, POP3, and IMAP) since no decoding is required for each encoding scheme. SMTP Capabilities: base64 decoding, zip (including archives) and gzip decompression. Prevention Mechanism: The message which contains the virus is removed from the head of the sent queue, thus preventing it from being resent, via 552 SMTP response and the connection is terminated. POP3 Capabilities: base64 decoding,
Resumo do conteúdo contido na página número 11
SonicWALL Intrusion Prevention Service Prevention Mechanism: The connection is terminated, preventing the user from receiving the malicious payload. FTP Capabilities: zip (including archives) and gzip decompression. FTP stateful code follows data port negotiations, allowing FTP data to be inspected across any operating TCP port. Suppresses the use of the FTP 'REST' (restart) request to prevent the sectional retrieval and reassembly of potentially malicious content. "The suppression of the 'R
Resumo do conteúdo contido na página número 12
SonicWALL Intrusion Prevention Service What is a Zone? A Zone is a logical grouping of one or more interfaces and/or VLANs designed to make management, such as the definition and application of Access Rules, a simpler and more intuitive process than following strict physical interface scheme. Zone-based security is a powerful and flexible method of managing both internal and external network segments, allowing the administrator to separate and protect critical internal network resources fro
Resumo do conteúdo contido na página número 13
SonicWALL Anti-Spyware SonicWALL Anti-Spyware SonicWALL Anti-Spyware is included within the SonicWALL Gateway Anti-Virus (GAV), Anti-Spyware and Intrusion Prevention Service (IPS) unified threat management solution. SonicWALL GAV, Anti-Spyware and IPS delivers a comprehensive, real-time gateway security solution for your entire network. This section provides an overview to the SonicWALL Anti-spyware. This section contains the following subsections: • The Spyware Threat • SonicWALL Anti-Spy
Resumo do conteúdo contido na página número 14
SonicWALL Anti-Spyware clients and reset those connections. For example, when spyware has been profiling a user's browsing habits and attempts to send the profile information home, the SonicWALL security appliance identifies that traffic and resets the connection. The SonicWALL Anti-Spyware Service provides the following protection: • Blocks spyware delivered through auto-installed ActiveX components, the most common vehicle for distributing malicious spyware programs. • Scans and logs spyw
Resumo do conteúdo contido na página número 15
SonicWALL Content Filtering Service - Premium SonicWALL Content Filtering Service - Premium This section provides an overview to the SonicWALL Content Filtering Service. This section contains the following subsections: • CFS Overview • How Does CFS Premium Work? • Benefits CFS Overview SonicWALL Content Filtering Services Premium (CFS Premium) enforces protection and productivity policies for businesses, schools and libraries to reduce legal and privacy risks while minimizing administrati
Resumo do conteúdo contido na página número 16
SonicWALL Deep Packet Inspection SonicWALL Deep Packet Inspection This section provides an overview to the SonicWALL Intrusion Prevention Service (DPI). This section contains the following subsections: • DPI Overview • How Does DPI Work? • Benefits DPI Overview Deep Packet Inspection (DPI) looks at the data portion of the packet. The Deep Packet Inspection technology includes intrusion detection and intrusion prevention. Intrusion detection finds anomalies in the traffic and alerts the adm
Resumo do conteúdo contido na página número 17
SonicWALL Deep Packet Inspection Figure 1 Deep Packet Inspection Flow Diagram The following steps describe how the SonicWALL Deep Packet Inspection Architecture functions: 1. Pattern Definition Language Interpreter uses signatures that can be written to detect and prevent against known and unknown protocols, applications and exploits. 2. TCP packets arriving out-of-order are reassembled by the Deep Packet Inspection framework. 3. Deep Packet Inspection engine preprocessing involves norm
Resumo do conteúdo contido na página número 18
SonicWALL Security Dashboard This section provides an introduction to the Security Dashboard feature. This section contains the following subsections: • Security Dashboard Overview • What is Security Dashboard? • How Does the Security Dashboard Work? • Benefits SonicWALL TZ 180 TotalSecure 18����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Resumo do conteúdo contido na página número 19
SonicWALL Security Dashboard Security Dashboard Overview The SonicWALL Security Dashboard provides reports of the latest threat protection data from a single SonicWALL appliance and aggregated threat protection data from SonicWALL security appliances deployed globally. The SonicWALL Security Dashboard displays automatically upon successful authentication to a SonicWALL security appliance running SonicOS 3.8 firmware or later, and can be viewed at any time by navigating to the System > Securi
Resumo do conteúdo contido na página número 20
SonicWALL Security Dashboard Each report includes a graph of threats blocked over time and a table of the top blocked threats. Reports, which are updated hourly, can be customized to display data for the last 12 hours, 14 days, 21 days, or 6 months. For easier viewing, SonicWALL Security Dashboard reports can be transformed into a PDF file format with the click of a button. Figure 2 provides the default view of the SonicWALL Security Dashboard. Figure 2 SonicWALL Security Dashboard SonicWALL
