Embed Size (px)
Citation preview
Petros Lam
VP, Sales & MarketingThe Hong Kong School Net Ltd
School Network
Internet
WebSAMSHTTP Server
Router
Workstations
Wifi
Network Attack
WebSAMS Server
WebSAMS Crystal ReportWorkstation
NetworkFirewall
Teachers Server Intranet Server
Server Attack
Security Vulnerabilities Systems (Win2000, RH7.2)
Application (Web, PhPBB, FTP)
Security Vulnerabilities Systems (Win2000, RH7.2)
Application (Web, PhPBB, FTP)General Suggestions: • Security Audit• Upgrade Firewall• Update Systems and Applications FREQUENTLY• Change Password FREQUENTLY
General Suggestions: • Security Audit• Upgrade Firewall• Update Systems and Applications FREQUENTLY• Change Password FREQUENTLY
ApplicationFirewall
School Network
Internet
WebSAMSHTTP Server
Router
Workstations
Wifi
WebSAMS Server
WebSAMS Crystal ReportWorkstation
NetworkFirewall
Teachers Server Intranet Server
General Suggestions: • Security Audit• Upgrade Firewall• Update Systems and Application FREQUENTLY• Change Password FREQUENTLY
General Suggestions: • Security Audit• Upgrade Firewall• Update Systems and Application FREQUENTLY• Change Password FREQUENTLY
ApplicationFirewall
Difficulties in Daily Operation:
• Method and types of attacks change rapidly, difficult
for schools to follow the latest updates.
• Heavy teaching work load makes it difficult to
maintain and update such an complicated network security
environment by teachers themselves.
• Limited resources for schools to afford
expensive solutions and services for commercial use.
• Many companies only sell products and lack skills,
knowledge and the right to modify the
product they provide.
Difficulties in Daily Operation:
• Method and types of attacks change rapidly, difficult
for schools to follow the latest updates.
• Heavy teaching work load makes it difficult to
maintain and update such an complicated network security
environment by teachers themselves.
• Limited resources for schools to afford
expensive solutions and services for commercial use.
• Many companies only sell products and lack skills,
knowledge and the right to modify the
product they provide.
School Network
Internet
WebSAMSHTTP Server
Router
Workstations
Wifi
WebSAMS Server
WebSAMS Crystal ReportWorkstation
NetworkFirewall
Teachers Server Intranet Server
ApplicationFirewall
Regular update managed by Professional Team who developed SCHOOLWALL.
Tailored for Schools in Hong Kong.
User Friendly Interface – reduce time to learn and operate.
Affordable price
Regular update managed by Professional Team who developed SCHOOLWALL.
Tailored for Schools in Hong Kong.
User Friendly Interface – reduce time to learn and operate.
Affordable price
Latest and Upgraded Functions:
• User Friendly Interface• Packet Filtering• URL Filtering• Classroom Control
Finer access control Bandwidth control
• Application Protection Web FTP Email
• Statistics• Expansion Module
New User Friendly Interface
NAT Mapping
Filter Rule
Packet Filtering• Static NAT
URL FilteringTransparent Proxy (TCP/Port 80)Global default deny list
Classroom Control
• Additional control on a set of fixed IP addresses– Examples: IP range for staff, computer rooms
• Domain Blocking / Unblocking– Allow List : Default deny all but allow exception in domains– Deny List : Adding domain block list to global deny list– Deny All : Deny all access, no exceptions– Allow All : Allow all access (no blocking)
• Bandwidth Control– Guarantee Bandwidth– Maximum Bandwidth
• Example of adding “Deny List”
URL filter• Sendspace.com
+
Classroom Control
+Zone control “Deny List”• yahoo.com
G – Guarantee BandwidthM – Maximum Bandwidth
Maximum Bandwidth limt the download speed
Testing URL:ftp://download.speedtest.com.hk/100mb.zip
• Bandwidth Control
Classroom Control
Application Protection - Web
Setting up
Receiving Request
Analysis
Denied If not allowed
• Example of blocking SQL injection
Application Protection - FTP
Set a password retry limit to the connection.If exceed the limit, the IP will be banned for a fixed period of time.
Application Protection - Email
Anti-spam mechanisms:• DNSBL• Greylisting• SPF• DKIM• Sender White / Black Listing
Self define White / Black list
• Sender blacklisting
Statistics - Network Traffic
Bandwidth Graphs
Email Gateway Statistics
Statistics - Network Traffic
Expansion Module – Server Certificate
Comparison
Network Protection Investment Consequence
No Firewall $0 Serious!
Self Developed Firewall
Time of Teachers
Very difficult to upgrade
Commercial Firewall
Very Expensive
Lack maintenance and support
Very Affordable
Install, Update, Upgrade, Support
- VPN, Lab, Proxy, Filter
~The End~
Thank you!
