: : Protecting your infrastructure : :

Who We Are..

iDeras Features

Benefits

Q&A

Infosys Gateway Sdn Bhd.

Incorporated in 2007

Bumiputra owned Company

MSC Status Company

Registered with

Ministry of Finance (MOF), Kementah (MINDEF)

Malaysia Industry Council for Defence, Enforcement & Security(MIDES)

MATRADE, SME-CORP & OIC- CERT

Successfully innovated and developed a network security appliance with

continuous R&D for enhancement and future innovation

1st Malaysian developed unified network security product named iDERAS.

Global Certification Common Criteria EAL 2

For securing the complete ICT environment, we propose the following

components:

Malaysia First Unified Network Security Innovation, iDeras.

“Unified threat management (UTM) is a converged platform of point security products, particularly

suited to midsize and enterprise businesses . Typical feature sets fall into three main subsets;

1. Firewall

2. Intrusion Detection & Prevention System (IDPS)

3. Proxy Filter (Content Filtering, URL Filtering, Web Antivirus [AV])

UNLIMITED USERS

VPN

FIREWALL

CONTENT

FILTERING

IDPS

Features

TRAFFIC

SHAPER

CAPTIVE

PORTAL

A firewall, an appliance designed to prevent unauthorized access to your network

Monitor inbound and outbound network activity, identify suspicious network patterns that may

indicate potential harm to your environment and prevents it based on the rules set

Prevent access to harmful content, which may be harmful if opened or accessed.

VPN, to connect to a private network, such as a company's internal network, ensuring secured connectivity within your environment.

Direct users to a web page before granting access to the internet. Able to identify who is using your network.

Control of network traffic to optimize bandwidth, lower latency, and/or

increase usable bandwidth.

FirewallFIREWALL

FirewallFIREWALL

Firewall is the most important component of the UTM Box

Firewall rules control what traffic is allowed to enter an interface on the firewall

Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic

Option to log or not log traffic matching each rule.

Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)

FIREWALL

NAT

Virtual IPs

SCHEDULES

TRAFFIC SHAPER

Firewall: Other FunctionalitiesFIREWALL

Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address.

A tool to control the network traffic in order

to optimize or guarantee performance, lower

latency, and/or increase usable bandwidth by delaying packets that meet certain criteria.

Firewall rules can be scheduled so that they are only active at certain times of day or on certain specific days or days

of the week.

Virtual IP (VIP) feature provides IP addresses that can float

between two or more physical network nodes. These IP addresses are used to

provide redundancy for attached servers and VIPs

NAT (screenshots) cont… FIREWALL

Add Port Forwarding

Firewall: NAT: 1:1

When enabled, this automatically creates additional NATredirect rules for access to port forwards on yourexternal IP addresses from within your internalnetworks.

The NAT + proxy mode uses a helper program to sendpackets to the target of the port forward. It is useful insetups where the interface and/or gateway IP used forcommunication with the target cannot be accuratelydetermined at the time the rules are loaded.

Enables the automatic creation of additional NATredirect rules for access to 1:1 mappings of yourexternal IP addresses from within your internalnetworks.

Reflection on 1:1 mappings is only for the inboundcomponent of the 1:1 mappings. This functions thesame as the pure NAT mode for port forwards.

NAT: Outbound

NAT (screenshots) cont… FIREWALL

Automatically create outbound NAT rules whichassist inbound NAT rules that direct traffic back outto the same subnet it originated from.

Required for full functionality of the pure NAT modeof NAT Reflection for port forwards or NAT Reflectionfor 1:1 NAT.

This only works for assigned interfaces. Otherinterfaces require manually creating the outboundNAT rules that direct the reply packets back throughthe router.

ScheduleFIREWALL

Virtual IPsFIREWALL

Virtual IPs add knowledge of additional IP addresses to the firewall that are different from thefirewall's actual "real" interface addresses. Most often, these are used for NAT, but they can alsobe used for other functions such as clustering, binding services such as DNS, load balancing inpackages

Traffic ShaperTRAFFIC

SHAPER

Traffic shaping, also known as "packet shaping," is the practice of regulating network data transfer to assure a

certain level of performance, or quality of service (QoS). The practice involves delaying the flow of packets that

have been designated as less important or less desired than those of prioritized traffic streams. Regulating the

flow of packets into a network is known as "bandwidth throttling." Regulation of the flow of packets out of a

network is known as "rate limiting.”

Example : delaying packet flow when downloading video (which is rated as less important from the company

policy)

Traffic Shaper UI

Intrusion Detection & Prevention SystemIDPS

IDS

• Intrusion Detection System(IDS) is considered to be a passive-monitoring system, since the main function of an IDS product is to warn you of suspicious activity taking place − not prevent them.

• IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the event.

IPS

• Intrusion Prevention System(IPS) provides policies and rules for network traffic along with an IDS for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted.

• IPS has the capability of being able to prevent known intrusion signatures, but also some unknown attacks due to its database of generic attack behaviors.

Rules

• The rule header contains the information that defines the who, where, and what of a packet, as well as what to do in the event that a packet with all the attributes indicated in the rule should show up. The first item in a rule is the rule action. The rule action tells IPS what to do when it finds a packet that matches the rule criteria.

• There are 5 available default actions in IPS, alert, log, pass, activate, and dynamic.

IDPS Rules IDPS

IDPS( Screenshot..)

Alerts

IDPS IPS Alerts & Block malicious site

Logging and Alerting System & Output Modules: process alerts and logs and generate final

output. All the traffics whichever match the rules has been enabled, will trigger alert

IDPS( Screenshot..)

Blocked

IDPS IPS Alerts & Block malicious site

Blocks: All the traffics whichever match the rules has been enabled, will trigger alert then it will

block and blocked host will be listed in Block Page.

Content Filtering (Proxy)CONTENT

FILTERING

Proxy limits the web access for some users to a list of

accepted/well known web servers and/or URLs only.

Block access to some listed or blacklisted web servers and URLs matching list of regular expressions or words for the

users.

Redirect blocked URLs to an info page or redirect banners to an

empty GIF.

Have different access rules based on time of day, day of the

week, date etc.

Will generate the logs for all the access or blocked URLs/ IPs

for the session

Content Filtering (Proxy)

CONTENT

FILTERING

In addition to the PROXY function, rules can be customised to add onto the blocklist (Kindly refer to the above diagram).

These are the additional expressions

Content Filtering (Proxy)

CONTENT

FILTERING

Other Functionalities

VPN

Captive Portal

GlobalBlock

DHCP SERVER

Mail Reporting

Monitoring Graph

VPNVPN

iDeras software offers three options for VPN connectivity, IPsec , OpenVPN , and PPTP .

IPsec

IPsec allows connectivity with any device supporting standard IPsec. This is most commonly used for site tosite connectivity to other iDeras installations, other open source firewalls (m0n0wall, etc.), and most allcommercial firewall solutions (Cisco, Juniper, etc.). It can also be used for mobile client connectivity.

OpenVPN

OpenVPN is a flexible, powerful SSL VPN solution supporting a wide range of client operating systems.

PPTP Server

PPTP was a popular VPN option because nearly every OS has a built in PPTP client, including every Windowsrelease since Windows 95 OSR2. However, it's now considered insecure and should not be used.

VPN (screenshots) cont…

Enabling OPEN VPN

VPN

GlobalBlockGlobalBlock

Global Blocks allows: Blocking individual countries All incoming and outgoing traffic can be blocked using global block. Restrict spammers from selected countries. Global block allows users to add IP Block list

GlobalBlockGlobalBlock(Screenshots cont….)

Captive PortalCAPTIVE

PORTAL

The Captive Portal allows the IT Administrator to direct users to a web page before Internet access is permitted. From

that page, IT Admin can either let users access the Internet after clicking through, or require authentication.

Captive Portal Status

Online Users

Captiveportal Status

Captiveportal Status

Captive PortalCAPTIVE

PORTAL

User List

Captive PortalCAPTIVE

PORTAL

DHCP Server

Monitoring

Taffic

Packets

The packets can also be monitored through the sameMonitoring Graphs. The Graph will show you thepackets passing per second through the selectedinterface or blocked. The same colour combination isfollowed with RED showing packets per second comingin the network and GREY showing packets per secondgoing out of the network.

The monitoring Graphs are depicted in different colour patterns which mostly is RED, BLUE and GREY. It is customizable so it can be assigned to any aspect the client wishes to monitor. For example if the client wishes to monitor traffic passing or blocking through an interface then the RED will be Traffic blocked coming in and GREY will be traffic blocked going out from the network through the selected interface.

Email Reports

Web Server Mail Server FTP Server DB Server Domain

Server

Application

Server

W/station 02

W/station 01

W/station 03

W/station 03

W/station 02

W/station 01

W/station 03

W/station 02

W/station 01

Branch Office Branch Office Branch Office

Datacenter

Internet

IMPLEMENTATION

iDeras UTM promises to be

security in a boxThe BENEFITS are endless, but here are a few of the relevant qualities of using iDeras within your

organization:

Lower up-front cost

Generally speaking, a single

all-in-one appliance costs less than buying

multiple dedicated systems. No user license based on

additional functionalities

used.

Simplicity

A single purchase covers every

security need, and all the security features can be controlled and

configured from a single management

console. Only a single vendor will be

in-charge for the maintenance of the

device.

Ease of management

The proposed solution will have a unified console to manage all its features. This will provide ease of management to

the users.

Minimal Training

Only one product training is required,

therefore reducing technical training day required in

order to understand the

nature of the product.

The BENEFITS are endless, but here are a few of the relevant qualities of using iDeras within your organization:

Lower maintenance

costs

Significantly reduce the

amount you pay for service

contracts and ongoing

support. You only pay yearly maintenance

support charges.

Less space

Require less space to store

this equipment, where Unified

Threat Management’s

has the ability to fit all the services into a small, self-

contained package can be really appealing.

Lower power consumption

One power supply means

less power used and less

lost while reducing line voltage to the levels network

devices use.

Easier to install and configure

A one-appliance set

up means there is just a

couple of wires to

connect and one interface to use setting

the device.

Fully integrated

The UTM device’s many features are designed to

work together without leaving

gaps in your protection or

creating interoperability

challenges.

iDeras UTM promises to be

security in a box