1. StoneGateStoneGateStoneGateStoneGate SSL VPNSSL VPNSSL VPNSSL VPN ,,,, .28.05.2013

2. 3. = : = :, , ... 4. , : ? ? ? ? ....! 5. :1. - , , 2. - , . ...3. , , , , , - ... , , .. 6. () ( )Visibility (!) ( , , )BYOD; ( );Compliance ( ) incident management . ( ) 7. 8. Stonesoft HIPS 9. StoneGateStoneGate SMC : , ... StoneGate Firewall/VPN : Multilink ( ); VPN rypto Pro + ; + -;StoneGate IPS : ; StoneGate SSL VPN: NAC, SSO 15 ; Authentification server , MobileID, FederatedID;IPSFWSSLSMCAs 10. 11. StonegateSSL VPN ! 12. SSL VPNSSL VPN : (LDAP) SSL VPN Management Console SMC :. Authentication Server (SMC) 13. StoneGate SSL VPN : A... (authentication) () (authorization) ()(assessment) (Access control) / (abolish) (accounting) (Auditing) (Action rights) 14. 15. ? - . https:yoursite.ru , 16. ? . IPSec - ( ) - . 17. SSL VPNTCP/443 (SSL) TCP/UDP (ANY)DMZLDAPMS ADOracleNovellRadiusRSAAPP serverCitrixOracle DbFile shareLotusMS ExchangeSSH ServerWeb portal DMZ . HTTP HTTPS.Internet SSL 18. :::: Web , Web , . , WEB. () ; . ( ) ; IPSEC ; ; . 19. 20. 6 15 (, + AD brute-force) 21. RADIUS CLIENTSStaticPasswordMobileIDSyncMobileIDChallengeMobileTextSMS 22. email SMSOpenLDAPActiveDirectoryeDirectoryIBMOracleAny LDAP 23. FederatedAuthentication , /SSO SAML ADFS 24. 2. SAML Request4. SAML Response3. Stonesoft Auth(SMS, MobileID, etc)5. Authenticatedwith SSO1. LoginUSERAuthenticationServerIdentityProviderUser DomainServiceProviderService Provider DomainServicein the Cloud 25. 26. 27. Firewall , OS, Key logger? , IP-forwarding &network bridging ////, Real time SSL VPNGatewayRemote userAPP serverCitrixOracle DbFile shareLotusMS ExchangeSSH ServerWeb portal Firewall 28. 29. SINGLE SIGN-ON SSL SSO SSO - SSO 30. 31. 32. 33. 34. 35. .... AssessmentAssessmentAssessmentAssessment authenticationauthenticationauthenticationauthentication AccountingAccountingAccountingAccounting ,,,, AccessAccessAccessAccess Action policyAction policyAction policyAction policyAntivirus =Antivirus =Antivirus =Antivirus = P Firewall =P Firewall =P Firewall =P Firewall = Registry =Registry =Registry =Registry = Integrity (files)=Integrity (files)=Integrity (files)=Integrity (files)=Serial ,Serial ,Serial ,Serial , ==== = = = = ,,,,+ + + + = = = = WebWebWebWeb = , = = , = = , = = , = CRMCRMCRMCRM = ,= ,= ,= , telnettelnettelnettelnet = = = = TimeoutTimeoutTimeoutTimeout = 6 = 6 = 6 = 6 = = = = , , , , , , , , . . . .Antivirus =Antivirus =Antivirus =Antivirus = P Firewall =P Firewall =P Firewall =P Firewall = Integrity (files)=Integrity (files)=Integrity (files)=Integrity (files)=SerialSerialSerialSerial = = = = locklocklocklock----outoutoutout = = = = ,,,,++++ FileFileFileFile = ,= ,= ,= , WebWebWebWeb = = = = DownloadDownloadDownloadDownload====TimeoutTimeoutTimeoutTimeout = 6 = 6 = 6 = 6 ,,,,, , , , . . . .Antivirus =Antivirus =Antivirus =Antivirus = P FirewallP FirewallP FirewallP Firewall = = = = RegistryRegistryRegistryRegistry = = = = = = = = ,,,, PfirewallPfirewallPfirewallPfirewallEmailEmailEmailEmail Web mail =Web mail =Web mail =Web mail = webwebwebweb ==== read onlyread onlyread onlyread onlyTimeout = 1/2Timeout = 1/2Timeout = 1/2Timeout = 1/2 CRMCRMCRMCRM read onlyread onlyread onlyread onlyMailMailMailMail , , , , . . . .Antivirus =Antivirus =Antivirus =Antivirus = P Firewall =P Firewall =P Firewall =P Firewall = = = = = . . . . 36. , . 37. 38. 39. 40. SSLSSLSSLSSL----GOSTGOSTGOSTGOST:::: ; (), ; ; Single Sign On (SSO) Federated ID; (securitychecks);End-Point (, ); ; ! 41. SSL VPN appliance, - (Nginx) :2400 19 .+ :, 42. 43. InternetInternalInternalISPISPAISPISPBrouterrouterAvailability/Load BalancingAvailability/Load BalancingFirewallsFirewallsMalware/Email/Threat AnalysisMalware/Email/Threat AnalysisVPNVPNAvailability/Load BalancingAvailability/Load BalancingIPSIPSDMZDMZAvailability/Load BalancingAvailability/Load BalancingSSL VPNSSL VPNWebServerWebServerSIEM/LoggingSIEM/Logging2-Factor Authentication2-Factor AuthenticationNetwork MonitoringNetwork MonitoringIDSIDSIPSIPSBranch Office FW+VPNBranch Office FW+VPNISPISPAISPISPCBranch Office FW + VPNBranch Office FW + VPN + each vendors devicemanagementWANOptimizationWANOptimization 44. InternetInternalInternalISPISPAISPISPBrouterrouterDMZDMZWebServerWebServerBranch Office FW+VPNBranch Office FW+VPNISPISPAISPISPCBranch Office FW + VPNBranch Office FW + VPN !Firewall/HA/VPN/Load Balancing/WebFiltering/Antivirus/Anti-SPAM/DLPFirewall/HA/VPN/Load Balancing/WebFiltering/Antivirus/Anti-SPAM/DLPIPSIPSIDSIDSMulti-factor Authentication & ID ManagementSecurity Management, Alerting, Reporting,LoggingThird party device monitoringTransparent Layer-2 firewall, inline IPSsensorDeep Packet and HTTPS InspectionApplication Awareness and ControlDeep Packet and HTTPS InspectionWeb FilteringAntivirus and Anti-SPAMSite-to-Site fully meshed VPNClient VPNISP load balancingServer load balancing 45. 020000400006000080000100000120000 1 2 3, $ StoneSoft 46. SSL VPN ! ! ( ) . 1(1) 3(3) 2(2) . 47. (),, ! 48. / 49. StoneGate SSL - Mail for Exchange Active Sync Proxy; SSL Exchange ; ; ;DeviceID locking = ;SSO Exchange; , ,, . 50. 51. , , .! ! ! 52. - RADIUS- FederatedIDTicket-SSO 53. ? a2cloud. 54. 55. ???--! : ! 56. StatusmonitoringLog ViewingStatistics &ReportingAdministrationTools 57. 58. Security collaborationSolution partners 59. StoneSoft... 60. StoneSoft ! 61. !Info.russia@stonesoft.com8 (495) 787-99-36