Download Dell SonicWALL Application Risk Management Report (SWARM)

Dell SonicWALL Application
Risk Management Report (SWARM)
Prepared for:
ACME Transportation, Inc.
Report on Firewall:
Cisco ASA 5515-X
Report Generated:
09/12/2012 12:56:50
Version:
02
Generated: 09/12/2012 12:56:50
- 1-
Dell SonicWALL Application
Risk Management Report (SWARM)
This report has been prepared by Dell™ SonicWALL™ Laboratories for three reasons.
First, to give you a general understanding of the threats your network, and your business faces today.
Second, to give you an understanding of how a Cisco PIX 515E like yours performed when tested at
Dell SonicWALL Laboratories against the same threats that your Cisco firewall faces every day, in
order to give you a clear picture of your current vulnerabilities.
Third, to introduce you to a Next-Generation Firewall option that you might find both superior to the
Cisco PIX 515E, and affordable for your business.
Today, intrusion and malware propagation techniques have evolved beyond simple port-based attacks.
Security threats now come in the form of embedded viruses and malware, and often leverage the user
populations of social networking hubs. Stateful packet inspection, the primary method of first-generation
firewalls in detecting threats - cannot provide adequate protection against intruders piggy-backing on
legitimate traffic.
Dell SonicWALL's Next-Generation Firewalls, leaving behind the first-generation model of stateful packet
inspection, offer a flexible and maintainable solution. Integrating multiple features onto a single platform, Dell
SonicWALL bundles together a set of powerful security management tools on a single physical device with an
easy-to-understand licensing structure.
For auditing needs, personal logs are kept by the Dell SonicWALL firewall. In providing a high-level overview
of the fictitious Efficient Transportation network, this report will:
•
Identify vulnerabilities detected
•
List high-risk applications and protocols
•
Present traffic distribution statistics by URL category and traffic type
•
Highlight the top 20 high-risk applications found
•
Highlight the top 20 high-bandwidth applications found
The appendix contains:
•
Risk definitions
•
In-use application descriptions
•
Detected vulnerabilities descriptions
•
Complete application list
Generated: 09/12/2012 12:56:50
- 2-
Dell SonicWALL Application
Risk Management Report (SWARM)
Vulnerabilities Detected
Integrating traditional end-point security protection into the firewall, Dell SonicWALL Gateway Anti-Virus,
Anti-Spyware, and Intrusion Prevention provide a platform for additional protection at the network boundary.
Security definitions are automatically delivered by Dell SonicWALL, ensuring both ease of use and up-to-date
monitoring. Dell SonicWALL scrutinizes both inbound and outbound traffic. By monitoring internal traffic,
Dell SonicWALL is able to identify infections on the internal network, rather than simply detecting attacks
from external sources.
Laboratory Failures of Cisco PIX 515E
The ASA 5515-X was configured in a standard route mode deployment with full IPS Inspection enabled for all
traffic traversing its path. Configuration of the IPS Engine and Virtual Sensor followed Cisco’s recommended
steps documented here:
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/modules_ips.html
In addition to these steps we un-retired (set Active) many of their older signatures so that we could provide
the most robust coverage of old and new exploits that could be generated by the security test tool.
Furthermore, all “Informational” signatures were upgraded to Cisco’s “LOW RISK” category in order to fully
leverage all 5,600+ signatures.
The results in this report show that, not only did the ASA 5515-X miss many of the exploits and malware, but
also it failed to recognize and then display the applications that these exploits were designed for. This is a
crucial piece of information that can be used to prevent and then thwart future attacks and is a key function
that all next generation firewall products should provide.
Upon completion of this test, the security test tool rated the Cisco ASA 5515-X with a coverage grade of B(or 80.3%). In total, 444 of the 2278 vulnerabilities presented were missed by the ASA 5515-X.
Virus Events
Viruses are self replicating programs that spread from machine to machine. Dell SonicWALL Gateway AntiVirus has detected the following viruses at the gateway:
Total Virus Events: 94
Sample of Events: 8 / 94
Name
Type
Count
Malformed.wri.BP.2
Exploit
2
Malformed.torrent.BP.1
Exploit
2
Malformed.pdf.BP.49
Exploit
3
Malformed.pdf.BP.19
Exploit
3
Malformed.pdf.BP.7
Exploit
4
Malformed.eot.BP.4
Exploit
4
MhtRedir.ITS.data.1
Exploit.HTML
1
Malformed.asf.BP.1
Exploit
3
Generated: 09/12/2012 12:56:50
- 3-
Dell SonicWALL Application
Risk Management Report (SWARM)
Spyware Events
Spyware is a type of malware. Spyware collects information on users without their consent and can pose a
serious threat to internal networks by exposing sensitive information. Dell SonicWALL Anti-Spyware has
detected the following spyware at the gateway:
Name
Type
Count
Malformed-File rtx.MT.1
Spyware
1
Intrusion Events
Intrusion detection is comprised of a multitude of events, ranging from scanning attacks to suspected botnet
behavior. Dell SonicWALL IDP has detected the following intrusion attempts at the gateway:
Total Virus Events: 215
Sample of Events: 21 / 215
Name
Type
Count
Oracle Java Plugin Sandbox
Restriction Bypass
Intrusion
1
RPC Portmapper TCP Traffic
Intrusion
5
Suspicious SMTP Traffic 2
Intrusion
10
Mozilla Firefox QueryInterface
Memory Corruption 1
Intrusion
1
Client Application Shellcode
Exploit 2
Intrusion
4
Server Application Shellcode
Exploit 9
Intrusion
8
IBM Lotus Domino Web Access
DoS
Intrusion
1
Time-To-Live Exceeded in Transit
Intrusion
56
Windows Explorer Folder GUID
Intrusion
Remote Code Execution (MS06045)
Windows DNS Server RPC Interface
Intrusion
Buffer Overflow 2 (MS07-029)
3
2
Apache Byte-Range Filter DoS
Intrusion
1
PING BSDtype
Intrusion
9
Cisco IOS Web Server XSS 1
Intrusion
2
VML File HTTP Download 3
Intrusion
8
PING
Intrusion
59
Generated: 09/12/2012 12:56:50
- 4-
Dell SonicWALL Application
Risk Management Report (SWARM)
Tripwire Format String Attack 1
Intrusion
1
Suspicious TFTP Write Request
Intrusion
5
Trend Micro ServerProtect
EarthAgent Buffer Overflow
Intrusion
1
Windows Mail Remote Program
Execution
Intrusion
1
Suspicious POP Traffic 3
Intrusion
2
Linux Kernel SNMP NAT Netfilter
Memory Corruption 1
Intrusion
1
*Vulnerability descriptions are provided in Appendix 3.
Top URL categories in use
Web traffic is often one of the largest contributors to total network traffic. Dell SonicWALL's Content Filtering
Service splits web destinations into over 50 dynamically updated categories. Both traditional and nextgeneration traffic management options are available for each category, resulting in robust and granular
control.
The top 3 categories of web destinations detected during the audit period are presented below:
Information
Technology/Computer:
33.3%
News and Media: 33.3%
Advertisement: 33.3%
0
5
10
15
20
25
30
35
Generated: 09/12/2012 12:56:50
- 5-
Dell SonicWALL Application
Risk Management Report (SWARM)
Network traffic by type
Different types of network traffic perform different purposes. While infrastructure traffic between devices are
a necessary component of every network, other forms of traffic may be unwanted. By differentiating
between types of traffic, Dell SonicWALL identifies possible improvements for the allocation of resources on
your network. You may want to identify bandwidth thresholds and implement application controls for each
type of traffic.
The top 4 types of network traffic detected during the audit period are presented below:
None: 4.924%
Application: 80.168%
Network Infrastructure:
0.525%
Browser: 14.383%
Generated: 09/12/2012 12:56:50
- 6-
Dell SonicWALL Application
Risk Management Report (SWARM)
Top 25 applications by risk factor
Application vulnerabilities are often exploited by hackers to infiltrate private networks. Dell SonicWALL tracks,
logs and ranks traffic flowing through Efficient Transportation’s network.
These applications represent the 25 most vulnerable applications on Efficient Transportation’s network:
Application
Category
Sessions
Kilobytes
eMule
P2P
3
3
Skype
IM
2,136
39,945
Wget
DOWNLOAD-APPS
21
2,686
SSH
REMOTE-ACCESS
6
456
Remote Frame Buffer (VNC)
REMOTE-ACCESS
4
140
Flash Video (FLV)
MULTIMEDIA
4
98
AIM
IM
8
45
Free Download Manager
DOWNLOAD-APPS
2
25
Yahoo! Messenger
IM
2
3
IRC
IM
2
2
Document
FILE-TYPES-HTTP
147
4,258
Shockwave Flash (SWF)
MULTIMEDIA
15
1,705
Executable
FILE-TYPES-HTTP
27
1,510
Archive
FILE-TYPES-HTTP
30
872
Icecast
MULTIMEDIA
6
632
MPEG-4
MULTIMEDIA
20
476
MP3
MULTIMEDIA
7
463
CUPS
MISC-APPS
10
176
QuickTime
MULTIMEDIA
3
127
CA ARCserve Backup
BACKUP-APPS
6
72
RealMedia
MULTIMEDIA
11
55
RTSP
MULTIMEDIA
6
52
Nullsoft Winamp
MULTIMEDIA
2
41
vsFTPd FTP Server
MISC-APPS
61
38
LDAP v3
MISC-APPS
2
37
*Risk type definitions provided in Appendix 1. Application descriptions provided in Appendix 2.
Generated: 09/12/2012 12:56:50
- 7-
Risk
Dell SonicWALL Application
Risk Management Report (SWARM)
Top 25 applications by bandwidth consumed
Excessive demand, often the result of large downloads or streaming of video, can produce an unacceptable
strain on your network infrastructure.
These applications represent the 25 biggest consumers of Efficient Transportation’s network bandwidth:
Application
Category
Sessions
Kilobytes
Skype
IM
301
314
Document
FILE-TYPES-HTTP
44
249
MP3
MULTIMEDIA
3
75
CIFS
PROTOCOLS
14
33
vsFTPd FTP Server
MISC-APPS
56
27
RealMedia
MULTIMEDIA
8
13
Google Crawler
MISC-APPS
3
11
SSH
REMOTE-ACCESS
3
7
Shockwave Flash (SWF)
MULTIMEDIA
4
7
Non-SSL traffic over SSL port
PROXY-ACCESS
15
6
SIP
VoIP-APPS
6
6
MySQL Server
DATABASE-APPS
11
5
Icecast
MULTIMEDIA
4
5
Telnet
REMOTE-ACCESS
8
3
RSYNC
BACKUP-APPS
4
3
Executable
FILE-TYPES-HTTP
2
3
RTSP
MULTIMEDIA
4
2
Remote Frame Buffer (VNC)
REMOTE-ACCESS
6
2
Microsoft Remote Desktop
REMOTE-ACCESS
2
2
WS_FTP Server
MISC-APPS
4
2
SCCP
VoIP-APPS
3
2
Serv-U FTP Server
MISC-APPS
3
2
Oracle
DATABASE-APPS
3
2
Generated: 09/12/2012 12:56:50
- 8-
Risk
Dell SonicWALL Application
Risk Management Report (SWARM)
NDMP
INFRASTRUCTURE
6
2
Quicktime
MULTIMEDIA
3
1
*Risk type definitions provided in Appendix 1. Application descriptions provided in Appendix 2.
Application intelligence, control and visualization
Dell SonicWALL puts network control back into the hands of IT administrators. While some applications are
business critical and require access to large amounts of bandwidth, other applications are non-productive
and require throttling or blocking. Rulesets based on port or protocol require constant updates as
applications evolve. Dell SonicWALL makes the job easy for administrators with a robust identification
scheme, granular control options and detailed visualization tools.
Application intelligence
Scanning every byte of every packet of network traffic, Dell SonicWALL identifies applications without relying
on port or protocol specific rules.
•
Deep Packet Inspection of traffic tunneling over SSL
•
Supports custom application signatures
•
Integrated data leakage prevention and logging
Application control
Bandwidth management policies are placed at the administrator's fingertips, and pre-defined logical
categories are available alongside traditional application and user options. Application signatures are pushed
by Dell SonicWALL and eliminate the hassle of ruleset updates.
•
Dynamically updated database containing thousands of application and content-based
signatures
•
Customizable actions, such as Set User Message
•
Predefined actions, such as Bypass DPI
Application visualization
Flow Monitor provides visuals for application traffic, ingress and egress bandwidth, web traffic, and general
user activity, supplying administrators with the crucial information necessary for maintaining a productive
network under rapidly changing conditions.
•
Real-time data on everything from potential network threats to URLs visited
•
Customizable filter views for repeat access
•
Widget creation, such as a pie chart view
Generated: 09/12/2012 12:56:50
- 9-
Dell SonicWALL Application
Risk Management Report (SWARM)
Appendix 1: Risk definitions
This application is resource hungry and can contribute significantly to network bandwidth.
The application is also be a well known facilitator of malicious activity, and is often used to
infect end points. Some peer to peer services, such as eMule, fall into this category.
This application may be either resource hungry or may provide a service that circumvents
normal network rules. Allowing this application to run may result in users unknowingly
downloading malicious files. Some proxy services, such as Potential Ultrasurf, fall into this
category. It also includes some peer to peer applications, such as BitComet.
This application may not have a legitimate purpose on the network. The application can also
be a source of unwanted traffic to the internal network. Some messenger services, such as
Meebo, fall into this category.
This application is a common source of network traffic.
Generated: 09/12/2012 12:56:50
- 10-
Dell SonicWALL Application
Risk Management Report (SWARM)
Appendix 2: Application descriptions
CIFS
In computer networking Server Message Block (SMB) also known as Common Internet File System (CIFS)
operates as an application-layer network protocol mainly used to provide shared access to files printers serial
ports and miscellaneous communications between nodes on a network. It also provides an authenticated
inter-process communication mechanism. Most usage of SMB involves computers running Microsoft
Windows where it was known as quotMicrosoft Windows Networkquot before the subsequent introduction
of Active Directory.
Document
The PDF file format or Portable Document Format was created by Adobe Systems to help users in facilitating
the exchange of document files.
Executable
Executable and Linking Format files (.exe) are a common standard file format for executable files and libraries.
Google Crawler
Google Crawler is Google Inc.'s web spider or program that searches the Internet for websites recursively
indexing pages their content the links between pages etc. to build the Google Search Engine.
IRC
Internet Relay Chat (IRC) is an application layer protocol which provides internet chat in real time. Group
communication can be conducted in discussion forums called channels but the protocol also allows for
one-to-one communication via private message. Some of the popular IRC clients for Windows are mIRC
Miranda IM Trillian and XChat. While IRC does not specifically provide file transfer functionality savvy users
can use customized scripts for their IRC client to create file servers.
Icecast
Icecast is a streaming media server project for broadcasting music that requires a streaming application or
source encoder.
MP3
MP3 is an extremely common digital audio encoding format that uses a form of lossy data compression.
Microsoft Remote Desktop
Microsoft Terminal Services also known as Remote Desktop Services extends distributed computing by
allowing PCs to operate in a server-based computing environment. Remote Desktop Services are crossplatform functional.
MySQL Server
MySQL is a relational database management system that runs as a server providing multi-user access to a
number of databases.
Generated: 09/12/2012 12:56:50
- 11-
Dell SonicWALL Application
Risk Management Report (SWARM)
NDMP
Network Data Management Protocol (NDMP) is a protocol that provides for the efficient transport of data
between network area storage and other backup devices.
Non-SSL traffic over SSL port
Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols
that provide communication security over the Internet. SSL ports usually exclusively used by SSLTLS traffic.
Oracle
Oracle Database the relational database management system (RDBMS) is produced by Oracle Corporation.
Oracle relies on a group of simultaneous processes interacting in the background to enhance and monitor
database performance. As with IBM's DB2 Oracle is available to user in various editions each with varying
degrees of functionality.
Quicktime
The QuickTime client uses HTTP to download digital content for users to view in the QuickTime player.
QuickTime is an application that supports a number of media standards.
RSYNC
rync is a freeware application for synchronizing files and directories from one location to another on Unix
systems. rsync also attempts to minimize data transfer by using delta encoding.
RTSP
RTSP (Real-Time Streaming Protocol) is a protocol for streaming media that lets a client system remotely
control a media server. RTSP is often used with QuickTime and RealMedia players.
RealMedia
This event indicates that a RealMedia compatible client application is attempting to download content.
RealPlayer for example is a multimedia client application supporting a broad range of media standards.
Remote Frame Buffer (VNC)
Remote Frame Buffer (RFB) is a protocol to provide remote access to graphical user interfaces. RFB can be
used by users with both Windows and Mac operating systems. More recent iterations of RFB contain more
advanced compression security and file transfer features. RFB is used is Virtual Network Computing and while
it has great flexibility as it pixel-based other protocols such as RDP have a greater understanding of the
desktop and send simpler higher-level commands.
SCCP
Skinny or SCCP is a lightweight protocol that provides communication with the Cisco Call Manager.
SIP
The Session Initiation Protocol (SIP) is an application-layer signaling protocol widely used for establishing and
tearing down multimedia communication sessions for voice and video transmission over the Internet.
Generated: 09/12/2012 12:56:50
- 12-
Dell SonicWALL Application
Risk Management Report (SWARM)
SSH
Secure Shell (SSH) is both a set of standards and a network protocol for opening a secure channel between a
remote and local computer. SSH provides encryption to aid in security for users connecting to a remote
system over the Internet.
Serv-U FTP Server
Serv-U FTP Server is a secure and streamlined product which provides a FTP Server for Microsoft Windows
environments.
Shockwave Flash (SWF)
The SWF file format (also known as Shockwave Flash) delivers text audio graphics and video over the Internet
and is supported by Adobe Flash Player and Adobe AIR software.
Skype
Skype is an application that allows users to make voice calls over the Internet using a proprietary VoIP
network called the Skype protocol. After a user installs client software calls to fellow Skype users are free-ofcharge while calls to landlines and mobile phones can be made for a fee. Additional features include instant
messaging file transfer and video conferencing. Skype is owned by eBay Inc.
Telnet
TELNET Protocol provides a basic eight-bit bi-directional protocol that can be used for communications on
LANs and the Internet. Due to its lack of encryption it is advised that the use of Telnet be blocked.
WS_FTP Server
WS_FTP (WinSock File Transfer Protocol) is a FTP client produced by Ipswitch Inc. headquartered in
Lexington Massachusettes.
vsFTPd FTP Server
vsFTPd (Very Secure FTP Daemon) is an FTP server for UNIX-based systems. vsFTPd also supports IPv6 and
SSL.
Appendix 3: Vulnerability Descriptions
Oracle Java Plugin Sandbox Restriction Bypass
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01 1.4.2_04 and possibly earlier
versions does not properly restrict access between Javascript and Java applets during data transfer which
allows remote attackers to load unsafe
RPC Portmapper TCP Traffic
This signature indicates RPC Portmapper traffic over TCP.
Suspicious SMTP Traffic 2
This signature indicates suspicious byte pattern in SMTP traffic.
Generated: 09/12/2012 12:56:50
- 13-
Dell SonicWALL Application
Risk Management Report (SWARM)
Mozilla Firefox QueryInterface Memory Corruption 1
Mozilla Firefox 1.5 Thunderbird 1.5 if Javascript is enabled in mail and SeaMonkey before 1.0 might allow
remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and
Navigator objects which leads to memory corr
Client Application Shellcode Exploit 2
This signature detects and blocks a suspicious byte pattern sent from a server upon connection
establishment.
Server Application Shellcode Exploit 9
This signature indicates suspicious byte pattern being sent to a server application.
IBM Lotus Domino Web Access DoS
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a
large e-mail message as demonstrated using a large image attachment.
Time-To-Live Exceeded in Transit
Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically
generated in response to errors in IP datagrams or for diagnostic or routing purposes.BRBR ICMP traffic may
be used to map a network or help
Windows Explorer Folder GUID Remote Code Execution (MS06-045)
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events which allows remote userassisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains
encoded sequences and whose extension contai
Windows DNS Server RPC Interface Buffer Overflow 2 (MS07-029)
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in
Microsoft Windows 2000 Server SP 4 Server 2003 SP 1 and Server 2003 SP 2 allows remote attackers to
execute arbitrary code via a long zone name containing
Apache Byte-Range Filter DoS
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service
(memory consumption) via an HTTP header with a large Range field.
PING BSDtype
Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically
generated in response to errors in IP datagrams or for diagnostic or routing purposes.BRBR ICMP traffic may
be used to map a network or help
Cisco IOS Web Server XSS 1
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to
inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP
interface to the contents of memory buf
Generated: 09/12/2012 12:56:50
- 14-
Dell SonicWALL Application
Risk Management Report (SWARM)
VML File HTTP Download 3
Vector Markup Language (VML) is a deprecated XML language used to produce vector graphics. In 2001 SVG
became a W3C Recommendation as a language for describing two-dimensional vector and mixed
vectorraster graphics in XML.p Integer overflow in the V
PING
Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically
generated in response to errors in IP datagrams or for diagnostic or routing purposes.BRBR ICMP traffic may
be used to map a network or help
Tripwire Format String Attack 1
Format string vulnerability in Tripwire commercial 4.0.1 and earlier including 2.4 and open source 2.3.1 and
earlier allows local users to gain privileges via format string specifiers in a file name which is used in the
generation of an email report.
Suspicious TFTP Write Request
This signature indicates malformed write request being sent to TFTP server.
Trend Micro ServerProtect EarthAgent Buffer Overflow
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174
allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168 which triggers an
overflow in the CAgRpcClientCreateBindin
Windows Mail Remote Program Execution
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain
programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same
base name as an executable program at the s
Suspicious POP Traffic 3
This signature indicates suspicious byte pattern in POP (Post Office Protocol) traffic.
Linux Kernel SNMP NAT Netfilter Memory Corruption 1
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote
attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in
snmp_trap_decode that trigger (1) frees of ran
Microsoft Active Directory LDAP Request DoS 1 (MS08-003)
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003 and
Active Directory Application Mode (ADAM) on XP and Server 2003 allows remote attackers to cause a denial
of service (hang and restart) via a crafted LDAP
Appendix 4: Complete Application List
35 applications have been identified on your network. They are ranked in descending order of kilobytes
transferred. Applications in red indicate a risk level of yellow or higher.
Generated: 09/12/2012 12:56:50
- 15-
Dell SonicWALL Application
Risk Management Report (SWARM)
1. Skype (314)
2. Document (249)
3. MP3 (75)
4. CIFS (33)
5. vsFTPd FTP Server (27)
6. RealMedia (13)
7. Google Crawler (11)
8. SSH (7)
9. Shockwave Flash (SWF) (7)
10. Non-SSL traffic over SSL port (6)
11. SIP (6)
12. MySQL Server (5)
13. Icecast (5)
14. Telnet (3)
15. RSYNC (3)
16. Executable (3)
17. RTSP (2)
18. Remote Frame Buffer (VNC) (2)
19. Microsoft Remote Desktop (2)
20. WS_FTP Server (2)
21. SCCP (2)
22. Serv-U FTP Server (2)
23. Oracle (2)
24. NDMP (2)
25. Quicktime (1)
26. RSS (1)
27. IBM DB2 (1)
28. RPC Portmapper (1)
29. IRC (1)
30. X Font Server (1)
31. AOL Radio (1)
32. CFNetwork (1)
33. Nullsoft Winamp (1)
34. Kerberos Kadmin (1)
35. (1)
In summary
If your network security perimeter more than three years old, it is time to move to a Next-Generation firewall.
As you have seen, threats are now coming into your network through the application layer where older
firewalls cannot detect them. Social networking and streamed media open new vulnerabilities and personal
Internet consumption saps productivity. In addition, your old firewall is a bottleneck and is likely slowing down
your entire network.
There are three main reasons to upgrade to a Next-Generation Firewall:
•
to prevent threats from entering your network through the application layer
•
to improve network performance getting all the bandwidth you’re paying for
•
to see and control who is doing what on your network which can help keep
employees focused
Generated: 09/12/2012 12:56:50
- 16-
Dell SonicWALL Application
Risk Management Report (SWARM)
Here are 5 important things to look for when considering a replacement for your Cisco ASA 5515-X firewall:
Does the firewall scan any size files across all protocols?
Fortinet, Cisco, Juniper and WatchGuard firewalls have file size limitations
Does the firewall perform deep packet inspections?
Cisco and Check Point firewalls require additional modules or “blades.”
Does the firewall’s performance degrade when security services are turned on?
Palo Alto Networks, Fortinet, Cisco, Juniper, Check Point, and WatchGuard firewalls experience performance
degradation when security services are enabled
Does the firewall enable application throttling, analysis and visualization?
None of these vendors provides all these services.
Is it affordable to own?
Not if you are forced to purchase additional hardware and you can’t manage everything yourself.
The Dell SonicWALL Customer Advantage program makes it affordable to move up to a Next-Generation
Firewall. In fact, you’ll get a sizable credit for your old firewall. Our Secure Upgrade Plus offer provides an
upgrade path from current Dell SonicWALL products as well as a trade-in path from competitors' products.
Click here to get the details.
Copyright 2013 Dell Inc. All rights reserved. Dell SonicWALL is a trademark of Dell Inc. and all other Dell SonicWALL product and service
names and slogans are trademarks of Dell Inc. Other product and company names mentioned herein may be trademarks and/or
registered trademarks of their respective owners. While every effort is made to ensure that the content of this report is accurate, the report
is provided on an “as is” basis and Dell SonicWALL makes no representations or warranties in relation to the accuracy or completeness of
the information found on it. While the content of this report is provided in good faith, we do not warrant that the information will be kept
up to date, be true, accurate and not misleading, or that this report will always (or forever) be available for use.
17
Confidential - For internal use only