Date post: | 26-Mar-2015 |
Category: |
Documents |
Upload: | paige-keene |
View: | 251 times |
Download: | 7 times |
InstantScan InstantScan Content Manager Content Manager
L7 Networks L7 Networks [email protected]@L7-Networks.com
L7 Networks Inc.L7 Networks Inc.
AgendaCompany Profile• L7 Missions• L7 Investors
Layer-7 Content Manager• Part-I Market Demand• Part-II Solutions• Part-III Successful Cases
• Appendix-I Layer-7 App.• Appendix-II Product Spec.• Appendix-III Patents
Missions: Internal Network Security
Internal Threats
ExternalThreats
InstantLock Co-DefenderDefending Internal Attacks:Isolate virus-infected PCs
InstantBlock Application FirewallPreventing External Attacks/Thieves:Unified threat management
InstantQos Bandwidth Mgr.Shaping Internal Traffic:Manage P2P / streaming / VoIP / … by layer-7 in-depth classification
InstantScan Content Mgr.Catching Internal Thieves:Employee internet content / behavior management
L7 Investors
InstantScan InstantScan Content Manager Content Manager
L7 Networks Inc.L7 Networks Inc.
Part-IMarket Demands
Catching the Internal ThievesCatching the Internal Thieves
network performancenetwork performancekillerkiller
network performancenetwork performancekillerkiller
employee productivity killeremployee productivity killeremployee productivity killeremployee productivity killer
What are your employees doing at work?
Outlook for Outlook for emailsemails
Outlook for Outlook for emailsemails
Internet Internet Explorer Explorer for for web sitesweb sites
Internet Internet Explorer Explorer for for web sitesweb sites
MSN for MSN for chatschats
MSN for MSN for chatschats
Communicating for work?Communicating for work?Speak to lovers first!Speak to lovers first!
Looking for info for work?Looking for info for work?Check out stock price first!Check out stock price first!
BT, ED2K, XunleiBT, ED2K, XunleiBT, ED2K, XunleiBT, ED2K, Xunlei
Download a movie back Download a movie back home for fun!!home for fun!!
Survey & Studies
• Heavy Usage– Gartner: >30% enterprise, <1% control (2005)– Radicati Group: >80% enterprise (2008)
• Security Theats– WORM_KELVIR.A– WORM_FATSO.A– …
1. Employees with low productivity
2. Information Leakage or Virus
Price Book
3. Bandwidth stealers for downloads
P2P downloads•Illegal music•Illegal movies•……• ……
Bandwidth inadequate for• HTTP• Email• ERP• ……
Plug & Play
Content Manager
(stealth mode)
switch
L7
Firewall2005/03/25: NBL Editor’s Choice Beat Facetime, Akonix2005/12/01: National Innovation Awards
20 Mbps
10 Mbps
35 Mbps
Step.1Discovery
MSN file transferAnti-Virus
File Recording
Keyword block
IM Game
IM Chat
IM Streaming
P2P Bandwidth Mgmt.
Chat Recording
Step.2Normalization
Step.3Behavior Mgmt.
Step.4Content Mgmt.
Step.5Report Analysis
Interactive Behavior Mgmt.
Deep Content Inspection
Layer-7 to Layer-4 Normalization
Real-time Learning
Offline Report / Analysis
5-Step Content Management
1. Employees with low productivity
Instantly respondto employees in
Chat windows even IS doesn’t have an
IP address
2. Information Leakage or Virus
Price Book
Instant Warning
3. Bandwidth stealers for downloads
After installing InstantScan
P2P downloads•Illegal music•Illegal movies•……• ……
Mission critical app.• HTTP• Email• ERP• ……
Part-IISolutions
Solutions
NetworkPerformance
Layer-7Visibility
Employee Productivity
InternalSecurity
built-in backend reports for 3-level analysis: (1) index for productivity, performance, security; (2) dashboards for summary; (3) detailed reports for inspection
limit P2P / P2SP traffic and guarantee mission critical traffic such as ERP, VoIP, Web traffic
manage / filter / record / audit employee’s IM & Web behaviors and contents to increase their productivity
understand the real applications running by your employees
highspeed UTM hardware platform with intelligent 3-tier arch. for performance, availability, and reports
prevent internal network users from virus/worm or information leakage by P2P / tunnel software, spyware, WebMail, WebIM, etc.
Painless Installation?
Firewall/VPN
Inline-IDP
Virus Wall
Spam Wall
Content Mgmt.
What if IM behaves like Web Proxy?
WebSense / BlueCoat / FaceTime / IM Logic / Akonix require to setup every client to connect to the IM Proxy
IMProxy
WebProxy
What if IM is tunneled in WebMSN/Mail/HTTP/…?
IM P
roxy
data path
IM@
HTTP cann
ot b
e m
anag
ed
Tunne
led
IM c
anno
t be
man
aged
Check website for comparison
DHCPServer
Step 0. No Modification of Networks
switch
ManagementServer
switch
Firewall/Router
Proxy
IM in port-80, proxy, socks4/5 can still be managed
ADServer
IS
Even in wireless/dhcp env, still can be managed by AD
3-Tier Architecture
Powerful reporting and alerts
Plug & play installation without modifying network arch.
Friendly user interfaces
20 Mbps
10 Mbps
35 Mbps
Step.1Discovery
MSN file transferAnti-Virus
File Recording
Keyword block
IM Game
IM Chat
IM Streaming
P2P Bandwidth Mgmt.
Chat Recording
Step.2Normalization
Step.3Behavior Mgmt.
Step.4Content Mgmt.
Step.5Report Analysis
Interactive Behavior Mgmt.
Deep Content Inspection
Layer-7 to Layer-4 Normalization
Real-time Learning
Offline Report / Analysis
5-Step Content Management
Step 1. Discovery (App. View)
Watch applications’ sessions and highlight tunneled IM sessions
Step 2. Setup L7 Policy
Scheduled updates to Application Patterns to manage application usage by defined time schedules
Step 3.1 Setup IM Policy for Individuals
IM management for individuals by (1) specific IM accounts, (2) learning, (3) registration, (4) AD name, (5) AD group
Step 3.2 Setup IM Behavior Mgmt.
Define permission levels to facilitate individual IM policy deployment
Step 3.3 Setup IM Peers
Limit the peer for chat by individuals or groups
Step 3.4 Self-Defined Policy Violation Warning Messages
Multi-language support for all languages
Step 3.4 Setup Bandwidth PipesDivide outbound bandwidth pipes by mouse drags
Divide inbound bandwidth pipes by mouse drags
Step 4.1 Setup IM Chat Content Management
Right click to define your own chatting keywords / groups
Step 4.2 Setup IM File Transfer Content Management
Right click to define your own filename keywords/groups
Step 4.3 Setup IM File Transfer Anti-Virus
Anyone who is infected with virus will be notified the name of the virus
Step 5.1 Multi-level Auditing Levels
3-levels: admin/mis/audit to separate operating and auditing parties
Step 5.2 Ranking by app. usage
Step 5.3 Ranking by traffic volume
Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats
Step 5.4 Scheduled Reports in HTML/PDF/XLS Formats
Part-IIISuccessful
Cases
Accounting & Auditing
Anyone who is auditing others should have themselves well-audited so as to assist customers to be compliant tovarious regulations.
Manufacturing
Confidential information should be kept as private as possible. InstantScan isable to detect varieties of tunneled software which may cause a lot ofsecurity holes for information leakage.
Semiconductor
Confidential design sheet is the core technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
IC Design
Confidential design sheet is the core technology of IC design and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
Banking & Stocks
With a heavy usage of IM across the stocktransactions, they do need a tool to log andrecord what the customers have issued tothe brokers, and what the brokers havespoken to the internal dealers.
Photodiode
Confidential design sheet is the core technology of Photodiode and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
Electronics
Confidential price book is the core value of us to sale the chips and must be kept as private as possible. Anyone who use IM to transfer confidential files can be caught with strong evidence.
Media
Confidential news are invaluable if they are kept in secret.However, journalists communicate largely with IM so theycan share the resources. What is worse, internal staffsmay also use IM to tell other staffs in other companies. However, IM is extremely convenient for communicationsamong internal staffs. We need L7 to control them.
Spin-off from the D-Link corporation, Alpha continued tosue VIA Technology for the stolen confidential designs. Inthe mean time, Alpha Networks put 4 InstantScan boxesat the outbound links to control the use of IM so as togather the information of IM usage.
As the largest multi-level company in the world, Amway continued to make itself conform to the toughest regulations in order to keep its electrical communicationsas secure as possible, just like what it had done to weband emails.
Confidential patents are invaluable if they are kept in secret. Biochemistry has become the most emergentIndustry that can boost revenue in the century. Just likewhat health-care industry has emphasized, the data of thepatient or people under experiments is extremely proprietary and never be leaked to anyone else. L7’sInstantScan helps to control the usage of IM.
Benefits for Deploying InstantScan
• Discovery– See who is actually using the network for what, especially in multi-
culture environments which mix a huge number of applications.
• L7 Firewall: IM / P2P / Tunnel / Streaming / VoIP / File-Transfer / …– Effective control the applications in your networks, either blocking or
shaping
• Content Manager: IM & Web– Selectively log/record employees' activities and contents for regulations
and compliance.– Actively control the activities/contents instead of just logging/recording
to prevent confidential information leakage while improving productivity.
• Report & Analysis– log and archive for potential legal discovery needs or other purposes– Indication of employees' policy violations or productivity.
Layer-7
Content Manager
Appendix-IFAQ
1. L7 support what applications?
• Check Appendix II or L7 Web Portal
Large(<1000)
Huge(<3000 people)
Tiny(<30)
Medium(< 150)
Small(<70)
2. Target customers and competitorsActively mgmt. + auditing
Passive auditing
IS-100
IS-1000
IS-5000Competitor: Facetime/Akonix/ImLogicInstallation: WinFunction: EvenPrice: win (no need to have 2 devices)
Competitor BlueCoat has dominated the proxy market by huge number of deployed proxies. Emphasize L7’s IM/P2P advantage while unneeded to change their proxy architecture
IS-10
IS-50
UTM-oriented market. Need passive sniffing instead of active management. So L7 integrates IS+IB+IQ to penetrate this market
Appendix-IIL7
Applications
20 Mbps
10 Mbps
35 Mbps
Step.1Monitor
MSN file transferAnti-Virus
File Recording
Keyword block
IM Game
IM Chat
IM Streaming
P2P Bandwidth Mgmt.
Chat Recording
Step.2Normalization
Step.3Behavior Mgmt.
Step.4Content Mgmt.
Step.5Report Analysis
Interactive Behavior Mgmt.
Deep Content Inspection
Layer-7 to Layer-4 Normalization
Real-time Learning
Offline Report / Analysis
Normalization: Step 1~Step 2
General Applications
• No mater which port they use– HTTP– SMTP– POP3– IMAP– FTP
Instant Messenger (IM)• MSN: 6.2, 7.0, 7.5, 8.0 beta, Windows Live Messenger 8.0• Yahoo Messenger: 5.5, 6.0, 7.0, 8.0 beta, 8.0• ICQ: 2003pro, 4.14lite, 5.0• AIM: 5.9• QQ:
– YamQQ-2003II, QQ-2003II, QQ-2003III, YamQQ-2004III, QQ-2004 formal edition, – YamQQ 2005 Formal Edition, QQ 2005 Beta2, – QQ 2005 Simplified Chinese Formal edition (include 珊瑚蟲增強包 v4.0 Formal Edition)– qqfile: QQ2006Beta2, qqshare: QQ2006Beta2
• Miranda: v0.4• Gaim: v1.30• Trillian: Basic 3.0• Google talk beta• Webim: include web-msn, web-aol, web-yahoo, web-icq
– http://www.e-messenger.net/, http://e-messenger.net/, http://vweb.e-messenger.net/, – http://start.e-messenger.net/, http://hanoi.e-messenger.net, http://www.meebo.com/,– http://www.iloveim.com/, http://x??.iloveim.com/, http://hanoi.e-messenger.net,– http://webmessenger.msn.com/, http://www.icq.com/icq2go/, http://aimexpress.aim.com/– http://www.ebuddy.com
Peer-to-Peer (P2P)• Bittorrent:
– BitComet 0.54 / 0.6 / 0.67, Bitspirit 2.7, Mxie 0.6.0.2, utorrent 1.5, azureus 2.4• Kuro: m6, 2005 5.18• Edonkey:
– Emule 0.42b/0.44d/0.45b, edonkey2000 V1.0, Overnet tested-version, utorrent v1.5, azureus v2.4• ezPeer+ v1.0beta• Directconnect: directconnect 2.205, dc++ 0.668• OpenFT: crazaa v3.55, Kceasy v0.14• Pigo: pigo v3.1, 100bao v1.2.0a• Kugoo: v2.03, v2.055, v3.10• Ares: 1.04• poco:
– poco 2005– pp point (pp奌奌通 ) v2006
• Fasttrack:– kazaa 2.7 / 3.0 / 3.2– grokster 2.6/2.6.5– iMesh 4.5 build 151 / 5.20 / 6.5
• Gnutella:– ezpeer: 1999A6, 1999A10, BearShare Pro 4.6.2, Shareaza 2.1.0.0, Morpheus 4.6.1/ 4.7.1– Gnucleus 1.55, 2.0.9.0, Mxie 0.6.0.2, Foxy 1.8.6
Voice Over IP (VoIP)
• Skype: – 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.5beta, 2.5.0.113
• SkypeOut: – 1.4, 2.0
• SIP: – TelTel 0.8.5.3, Wagaly TelTel 0.8.4, MSN Voice 7.5 , Yahoo Voic
e 7.0
• H323: – NetMeeting: 3.01
Tunnel Ware
• hopster: Release 17• Httptunnel: v3.2, 3.4• Realtunnel: v0.9.9, 1.0.1• VNN: 2.1, 3.0• Softether: 1.0, 2.0• Tor: v0.1.0.1X, v0.1.1.22• JAP 00.05.022• YourFreedom 20060725-01
Remote Access
• Windows remote desktop• VNC (Virtual Network Computing)
– vnc, Ultra VNC 1.0.1, Win v3.3.7
• Symantec pcAnywhere 10.5 / 11• NetOP Remote Control v9.00• Remote Administrator 2.2
Streaming• RTSP:
– http://www.haody99.com/, MediaPlayer 10.0, RealPlayer 10.5– QuickTime 6.5, 7.0, KKBox: v1.0, v2.0, v2.2, RealOne 1.0, 2.0– MMS(Multimedia Messaging Service), – Yahoo music
• (http://music.yahoo.com/, http://tw.music.yahoo.com/, http://music.yahoo.com.cn/)
• - Shoutcast: – winamp 5.111 / 5.24– JetAudio 6.2– Icecast 2.3
• Live365: Radio365 1.11 build17• Google Video(http://video.google.com/)• AOL Radio(http://music.aol.com/radioguide/bb.adp)• iTunes 6.0• TVAnts 1.0• PeerCast 0.1217• Napster (www.napster.com)• qqtv (qq直播 ; tv.qq.com) 3.2• ppstream 1.0• Webs-tv (http://www.webs-tv.net)
Appendix-IIIProduct
Comparison
L7 vs. Facetime vs. Akonix vs. IM Logic
Facetime’s Solution
Require clients to assign proxy to IM Auditor
What if not set the proxy?
Limited solution. Cannot control P2P bandwidth. Can block Skype
Akonix’s Solution (I)
Require clients to assign proxy to IM Auditor
What if not set the proxy?
Limited solution. Cannot control P2P bandwidth.
Cannot manage Skype
Akonix’s Solution (II)
Limited solution.
Cannot control P2P bandwidth.
Cannot manage Skype
Cannot manage MSN / Yahoo / AOL / ICQ over random ports
IMLogic’s Solution
L7 Networks’ Solution
Award-winning test report
NBL Test Report (2005/2/23)
Test item 3.1: IM to be managedFacetime Akonix L7 Networks Abocom
MSN ○ ○ ○ ○
AOL ○ ○ ○ ○
QQ ╳ ╳ ○ ○
ICQ ○ ○ ○ ○
Yahoo ○ ○ ○ ○
Skype ╳ ╳ ○ ○
NBL Test Report (2005/2/23)
Test item 3.1.1: MSN ManagementFacetime Akonix L7 Networks Abocom
Message OK OK OK N/A
File transfer OK FP OK N/A
Voice OK FN OK N/A
Image FP OK OK N/A
Game FP OK OK N/A
FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23)
Test item 3.1.2: Yahoo! ManagementFacetime Akonix L7 Networks Abocom
Message OK OK OK N/A
File transfer OK OK OK N/A
Voice FP FP OK N/A
Image OK OK OK N/A
Game FP FP OK N/A
FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23)
Test item 3.1.3: QQ ManagementFacetime Akonix L7 Networks Abocom
Message N/A N/A N/A N/A
File transfer N/A N/A N/A N/A
Voice N/A N/A N/A N/A
Image N/A N/A N/A N/A
Game N/A N/A N/A N/A
FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23)
Test item 3.1.4: ICQ ManagementFacetime Akonix L7 Networks Abocom
Message OK OK OK N/A
File transfer FP FP OK N/A
Voice OK FN OK N/A
Image OK FN OK N/A
Game OK FN OK N/A
FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23)
Test item 3.1.5: AOL ManagementFacetime Akonix L7 Networks Abocom
Message OK OK OK N/A
File transfer FP OK OK N/A
Voice OK FP OK N/A
Image OK OK OK N/A
Game OK FN OK N/A
FP: False positive, FN: False negative, N/A: Not available
NBL Test Report (2005/2/23)
Test item 3.1: Action to be takenFacetime Akonix L7 Networks Abocom
Blocking ○ ○ ○ ○
Filtering ○ ○ ○ ╳Intervening ○ ○ ○ ╳Recording ○ ○ ○ ╳
Bandwidth Control ╳ ╳ ○ ╳Virus Detection ○ ○ ╳ ╳
Virus scanning is supported in advanced version
NBL Test Report (2005/2/23)
Test item 3.1: Object to be managedFacetime Akonix L7 Networks Abocom
IP address ╳ ○ ○ ○
IM user account ○ ○ ○ ╳
Appendix-IV
Patents
Patent-1: PostACK TCP BW. Mgmt.(1)
• Contributed to IEEE– IEEE Transactions on Computers, Vol.53, No.3, March 2004:
Assessing and Improving TCP Rate Shaping over Enterprise Edges
– IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management Systems
– IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways
– IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs
Patent-1: PostACK TCP BW. Mgmt.(2)
• Packeteer– TCP Rate Control
• Window sizing
• L7– PostACK
• Delaying the reverse ACK
P2P/BT@HTTPP2P/BT@HTTP
Step 3. Cut-ThrStep 3. Cut-ThrForwardingForwarding
Patent-2: SoftASIC® Classification
……..Yahoo app. patternAOL app. patternMSN app. patternBT app. pattern………
Step 1. ReassemblyStep 1. Reassembly
patt
ern
matc
hin
gp
att
ern
matc
hin
g
Step 2. Match!!Step 2. Match!!
At most first 10 pkts can judge if this HTTP is At most first 10 pkts can judge if this HTTP is BTBT(average case: first 3 pkts can finish the process)(average case: first 3 pkts can finish the process)
Patent-3: Multi-Stage Inspection(1)
Firewall/VPN
Inline-IDP
Virus Wall
Spam Wall
Content Mgmt.
IMProxy
WebProxy
•Standard@Any•HTTP•Proxy@HTTP@Any•Socks4@Any•Socks5@Any•….
IM P
roxy
data path
IM@
HTTP cann
ot b
e m
anag
ed
Tunne
led
IM c
anno
t be
man
aged
MSN@Socks@AnyMSN@Socks@Any
Patent-3: Multi-Stage Inspection(2)
……..Yahoo app. patternAOL app. patternMSN app. patternBT app. pattern………
Step 1. Strip HeadersStep 1. Strip Headers(socks4/5)(socks4/5)
patt
ern
matc
hin
gp
att
ern
matc
hin
g
Step 2. Match!!Step 2. Match!!
IM Content Mgmt.Engine
Step 3. RedirectStep 3. Redirect
MSN@Socks@AnyMSN@Socks@Any
Patent-4: Inline-Proxy Stack(2)
QueueQueue
Inline-Proxy TCP Stack
IM/Web Content Mgmt.Engine
Emulate original Emulate original IP/port while swapping sequence #IP/port while swapping sequence #
Benefits:Benefits:• True inline plug & play proxy stackTrue inline plug & play proxy stack• Stable user-space programmingStable user-space programming• Easy for SMP parallel processingEasy for SMP parallel processing
Layer-7
Content Mgmt.
Expert