140 likes | 289 Vues
ISP’s privet customers security Secure ‘in-the-cloud’ Internet access for home users. Agenda. 1. Introducing today’s ISP’s privet customer. 2. Security problems and limitation for Home users. 3. Deployment Examples. Case Study – Bezeq International ISP. 4.
 
                
                E N D
ISP’s privet customers securitySecure ‘in-the-cloud’ Internet access for home users.
Agenda 1 Introducing today’s ISP’s privet customer 2 Security problems and limitation for Home users 3 Deployment Examples Case Study – Bezeq International ISP 4
Introducing ISP’s privet customer Biggest volume of throughput is being used by privet/home users. • Privet Home users internet usage has evolved beyond recognition last few years: • IM application provide easy to use file transfer. • P2P applications became a common usage. • Web sites intelligence growth (video, flash, dynamic, interactive, webmail, etc.) • VOIP / MOIP are becoming a standard. • Percentage of throughput being used by inappropriate content is growing rapidly : • Viruses distribution over various protocols growth • Web content - inappropriate and hostile content • SPAM distribution growing rapidly • Unapproved access
Home users are aware of the Risks. • Multiple Threat Types • Various Application Entry Points • Different Functions • Threat Payload Intent Varies • Broad Range of Propagation Techniques • Application Threat Vector • Viruses & Spyware • Spam & Directory Harvest Attacks • Web Phishing • Network Threat Vector • Network Worms • DDOS/DOS • IP Packet Capture • Spoofing & Man-In-The-Middle Unified Management
Internet access levels and layers Home users are getting massive throughput • Internet access has grown by bandwidth and technologies: • xDSL technologies – up to 12mb down stream, and 4mb up stream. • Cable technologies - .up to 8mn down stream, and 4mb up stream. • Ethernet / Fiber to the home – 10/100/1000mb access lines. • Wireless – current technologies up to 56mb and growing. • Additional services requires bandwidth growth : • VOIP – rooming phone number over ip phone applications. • Video On demand / Music on demand streaming portals. • TV over IP. • Online gaming / gaming networks • Interactive advanced on line e-buying.
Agenda 1 Introducing today’s ISP’s privet customer 2 Security problems and limitation for Home users 3 Deployment Examples Case Study – Bezeq International ISP 4
Home users security solution. Most host based security solutions are imperfect by design • Host based Security solution limitations (AV, FW, etc): • Running mostly on Windows operating system only. • Requires installation and may cause OS problems. • License purchase for each computer. • Creates massive performance degradation for older computers hardware. • Requires reinstallation every once in a while for new versions. • Protects against hostile traffic and data after reaching the computer. • ISP’s problems : • Endless growth of attacks from infected home users accounts. • Support centers over use by home users with problems with out sufficient knowledge. • User complains on speed (attacks reaching to the computers and from the computers using the bandwidth)
Agenda 1 Introducing today’s ISP’s privet customer 2 Security problems and limitation for Home users 3 Deployment Examples Case Study – Bezeq International ISP 4
Deployment of Home Users security solution. ISP’s can implement the solution in various methods. • Forwarding entire traffic to the FortiGate device: • Won’t require additional hardware for application switching. • Will give the ability to provide additional advanced services. • Will require higher range of a FortiGate device (entire traffic routed). • Forwarding only required ports for inspection: • Will require additional hardware for application switching. • A lower range of a FortiGate hardware will be sufficient. • Identification of paying customers by IP addressing is required. • limited options to inspect advanced services (random ports forwarding problem)
Agenda 1 Introducing today’s ISP’s privet customer 2 Security problems and limitation for Home users 3 Deployment Examples Case Study – Bezeq International ISP 4
Bezeq International - Home security Overview • Bezeq International ISP and Aladdin developed for 8 month business and technical case to provide home users Antivirus solution for HTTP. • Unexpected customers growth for the first 8 days after services announced collapsed the Aladdin system based on 5 x DL360 servers . • First 8 days after service launch, 5000 + home users both the service! <show’s home customers aware to security issues and whiling to pay!> • Fortinet with Bezeq International who is already a Fortinet MSSP for business customers with VDOM’s, used 1 VDOM to provide a solution As Soon As Possible. Solution is based upon: • Different set of context on the redback system.[ <username>#AV@IBezint ] • Users connected to this context are auto inserted into L3 MPLS VPN. • Redistributing IP addressing in to a VDOM with RIP • Republishing home users to the internet using the FortiGate over RIP • All traffic of home users is being routed thru the FortiGate’s VDOM and only required application checks are being preformed over the traffic (AV for now). • Opening a wide options for feature services for home users, (now being tested web filtering and AV over a different context using a different VDOM) • Order for a dedicated 5001 will be issued end of October 06.
Bezeq International - Solution Redback Redback Solution implementation took 25 minuets!
Every 24 hours Automatic report for the specific VDOM is initiated.
Thank You! For more information please visithttp://www.fortinet.com