Date post: | 05-Apr-2018 |
Category: |
Documents |
Upload: | justingoldberg |
View: | 223 times |
Download: | 0 times |
of 13
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
1/13
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
2/13
2
Key Features and Concepts Objectives
> Upon completion of this module, you should be familiar with thefollowing:
Key Features of the X505
Device Appearance
Key Concepts and Functional Areas of the X505
> Security Zones and Interfaces
> Firewall
> Content Filtering
> VPN
> IPS
> System Administration
Deployment Modes/Scenario
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
3/13
3
X505 Key Features
> Stateful Packet Inspection Firewall
> Industry Standards Compliant VPN
> Fully Featured IPS> Flexible security zone deployment
> User Authorization
> Zone Based Rate Limiting> Content Filtering
> Manual URL Filtering
> Application specific rate limiting
> Multicast Routing
> RIP
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
4/134
Device Appearance
>
No LCD Panel> 2 inches high, slightly taller than 1U (1U=1.75)
> DB9 Console Port (115200BPS-8-None-1)
> (4) 10/100 Ethernet Ports (NO Auto-MDI)> (1) 10/100 Management Port
Unused in most installations
Will go away as of X5/X506 (Management will be in-line) Exists due to sharing of platform (200E)
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
5/135
Security Zones
> What is a Security Zone
A security zone is a network segment or VLAN where access can bepoliced as traffic passes in and out of a security zone
NOTE: Policed means Firewall, IPS and Content Filtering A user can define multiple security zones, based on their network
security needs
Common security zones are LAN, WAN, DMZ and VPN
Think of Zones as a Layer 2 construct
LAN
WAN
DMZ
LAN2 VPN
> A network with 5 Security Zones
> Traffic (shown in red) passes from onezone to another only if policy permits
> No policy enforcement within a zone!Only between zones
x505
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
6/136
Network Interfaces
> Network Interfaces define how the X505 integrates with the layer 3network
> A Network Interface can represent multiple security zones.
Example: Internal Network Interface could represent LAN1, LAN2, and VPN
> There is one external Network Interface (i.e. WAN Zone assigned bydefault)
Static DHCP x-Series acts as DHCP Client on by default
PPPoE
PPTP
L2TP
> There can be many internal Network Interfaces
Each with Static IP Addressing for the interface
Clients can be static or DHCP You must enable NAT for internal clients to get NATed to public IP addresses.
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
7/137
X505 Deployment Modes
LAN WANDMZ
External Interface> Full transparent deployment
LAN WANDMZ
External InterfaceInternal I/F> Transparent DMZ> NAT / Routed LAN
LAN WANDMZ
External I/FInternal I/F Internal I/F> Full routed / NAT deployment
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
8/138
Firewall
> Firewall Rules enforce policy between zones (i.e. From the WANzone to LAN zone)
> Rules are evaluated from the top down with an implicit deny at theend
> Network and Service Objects define who can access what
> Options:
Rate Limiting
Schedules
Group Authorization
Content Filtering
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
9/139
Content Filtering
> Subscription Service (requires DV Gold Package)
> Block access to Gambling, Porn, Hate Speech, etc.
> Manual URL Filtering> Custom response page
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
10/13
10
Virtual Private Networks
> Hardware Accelerated
DES, 3DES, AES-256
>
Keying Modes Manual, IKE + Preshared Key, IKE + X.509 Cert
> Site to Site VPNs
IPSec/L2TP/PPTP
DHCP Relay over VPN
Tunnel on Demand or Static Tunnel
> Client to Site VPNs
IPSec/L2TP/PPTP
RADIUS or Local Authentication
> Termination to VPN Security Zone
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
11/13
11
Intrusion Prevention System
> The X505 have Virtual IPS Segments as opposed to physical portsas seen on the TippingPoint IPS series
> Virtual IPS Segments must be created before IPS policing takeseffect
> IPS policy is implemented between zones, not within zones
> By default, IPS rules apply to all configured virtual IPS segments
> Order of Packet Inspection
Firewall IPS
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
12/13
12
System Administration
> Administration
Local Security Manager (LSM) Web GUI
CLI SSH over the network
CLI Direct Terminal Configuration
> Updates
TippingPoint OS (TOS) Upgrades
Manual and Automatic Digital Vaccine (DV) Updates
> System Snapshots
> System Health/Status
> User Administration
Define users for local administration
Define users for VPN access
> Privilege Groups Assign users to privilege groups for authorization
> Logs/Events
System/Audit Logs
Traffic Event Logs IPS Logs
7/31/2019 Tippingpoint X505 Training - 01 Key Concepts
13/13
13
X505 Deployment Scenario