How to use Secure Firewall to protect your network

As enterprises depend more on Internet-based applications, it becomes harder to defend your network against blended exploits and attacks that target your specific applications. You need something like this product which is more than a standard firewall that typically relies on intrusion prevention and signature based defenses. Secure Firewall is a network and application security device with numerous protective features built-in that are especially useful for protecting your critical applicatio

Video Transcription

Hello and welcome to Web Informant.tv. I am David Strom, your host and reviewer. Today, we look at Secure Computing's Secure Firewall, network and applications protection device. Formally known as Sidewinder. The Secure Firewall is efficient because it blocks a large percentage of traffic even before it hits your network. It has global knowledge of zero-day attacks that a standard signature based service wouldn't. Thanks to the reputation of Trusted Source Service. Go to Policy Application Defense, then TrustedSource where you can find Tune In for your particular needs, performance filtering on all types of traffic both in and outbound and it's just the reputation scores as well. You can then incorporate TrustedSource's reputation score into particular policy rules. If we go to the Rules section, edit Internet Services rule, you can click on Enable TrustedSource and adjust the Slider as appropriate to block a filter, particular IP addresses in real-time based on the reputation score. This will block or allow the administrator to further filter untrusted potentially malicious sites that our users browse, or malicious hacker of Botnet might be trying to access your apps. For more information, see our separate screen cast video on TrustedSource. If we close out that Rule, I'll show you another protective element, the ability to automatically detect threats based on the geolocation services. You can set policies based on where an IP address originates from in the world. We go into Remote Desktop rule, edit the Source Endpoint, pull-down menu to the Geolocation US Only entry, or we can group a set of countries that we want to filter. This will specify more scrutiny based on source or destination IP. Another way to reduce in-down traffic is to automatically perform virus and malware scans and block their entry. Go to Policy, Application Defense, Virus Scanning, and you can set the frequency of the Signature downloads, and on the Advanced Tab, add AV scanners when attachment sizes increase. The Secure Firewall also has a full IPS signature service that can be configured according to type of the text on a rule basis to get maximum performance. A lot of firewalls don't have much visibility into SSL and other encrypted protocol such as SSH, but this one does and off as bidirectional inspection of all traffic, go to Policy, Application Defense, Defense HTTPs, and you can turn on the Decrypt Traffic button under the Enforcement pane, and then turn on what you are going to be looking for, such as viruses or Malware. This will eliminate threats that normally just pass through because of encrypted sessions on a standard inspection firewall. The product comes with a variety of pre-built application proxies to further isolate your servers and applications from the cruel outside world. Go to Policy, Rule Elements, Services and you'll see this list. If you want to add a new one, you click on the Plus(+) sign, and you can see in the pull-down a list of pre-built application proxies available, that you can use to hide your internal applications from discovery by attackers and prevent unauthorized access. Another feature is very granular control of applications in the proxies such as Citrix, Oracle, Web, and VoIP servers. In the case of Citrix, you can control particular features and turn off commands that your users might not require, but that a hacker would love to exploit, such as drive mapping. You can also do some real-time auditing too. Go to Monitor, click View to see traffic that's coming into the box. You can click Stop, and then you can browse the details of each event. When you first install the Windows based configuration tool, it needs to download the latest software updates to match the Firmware on the firewall which is a bit annoying, as you can see from the screen capture here, I would have like to see just an SSL web only interface, but the Windows based tool did offer quick response times when making administrative changes. There is a large collection of reports and analysis tools that are available including a separate program from the configuration software. Here we are looking at a Dashboard of the Secure Firewall Reporter, which shows you a consolidated look at various events, port and protocol activity. You can mouse over and drill-down to the alerts to examine what triggered things, and for further analysis. If we click on the Devices Tab, we can see what firewalls are running our network, and the status of its license and IP addresses. What I like was that you could setup each rule to block or allow particular elements which gives you a lot of flexibility with the product. Also, I like the combination of different protective measures that work together to thwart blended attacks. Bring up on the remote desktop the Reporting tool and click on Security Center at the top of the screen, and we get this unified Threat Analysis Center. There are tons of reports available here as a sample one showing a 3D Pie chart of source, destination analysis. It also has reports for regulatory auditors in the areas of HIPAA, PCI, and SOX. You can also see the results of how your rules are being applied and whether you need to reorder them, or adjust them based on this report. Well, Secure Firewall CommandCenter product is ideal for managing policies and software updates for tens or hundreds of firewalls across your enterprise. It adds yet another control console to the mix. I think there are four different tools to manage everything. CommandCenter also offers a way to segregate different administration roles to match particular tasks in larger organizations as we see here in the screen. Overall, the product is very solid and unlike many other firewalls has a proven track record of a significantly lower emergency security patches and CERT advisories which means reduced down-time and lower maintenance. See this web page here as an example where a common Telnet Buffer Overflow doesn't apply to the product. Thanks for watching Web Informant.tv. This has been David Strom, feel free to send your comments to me at david@strom.com.