* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Dell SonicWALL Application Risk Management Report (SWARM)
Survey
Document related concepts
Computer network wikipedia , lookup
Server Message Block wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Wireless security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Internet protocol suite wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Deep packet inspection wikipedia , lookup
Transcript
Dell SonicWALL Application Risk Management Report (SWARM) Prepared for: ACME Transportation, Inc. Report on Firewall: Cisco ASA 5515-X Report Generated: 09/12/2012 12:56:50 Version: 02 Generated: 09/12/2012 12:56:50 - 1- Dell SonicWALL Application Risk Management Report (SWARM) This report has been prepared by Dell™ SonicWALL™ Laboratories for three reasons. First, to give you a general understanding of the threats your network, and your business faces today. Second, to give you an understanding of how a Cisco PIX 515E like yours performed when tested at Dell SonicWALL Laboratories against the same threats that your Cisco firewall faces every day, in order to give you a clear picture of your current vulnerabilities. Third, to introduce you to a Next-Generation Firewall option that you might find both superior to the Cisco PIX 515E, and affordable for your business. Today, intrusion and malware propagation techniques have evolved beyond simple port-based attacks. Security threats now come in the form of embedded viruses and malware, and often leverage the user populations of social networking hubs. Stateful packet inspection, the primary method of first-generation firewalls in detecting threats - cannot provide adequate protection against intruders piggy-backing on legitimate traffic. Dell SonicWALL's Next-Generation Firewalls, leaving behind the first-generation model of stateful packet inspection, offer a flexible and maintainable solution. Integrating multiple features onto a single platform, Dell SonicWALL bundles together a set of powerful security management tools on a single physical device with an easy-to-understand licensing structure. For auditing needs, personal logs are kept by the Dell SonicWALL firewall. In providing a high-level overview of the fictitious Efficient Transportation network, this report will: • Identify vulnerabilities detected • List high-risk applications and protocols • Present traffic distribution statistics by URL category and traffic type • Highlight the top 20 high-risk applications found • Highlight the top 20 high-bandwidth applications found The appendix contains: • Risk definitions • In-use application descriptions • Detected vulnerabilities descriptions • Complete application list Generated: 09/12/2012 12:56:50 - 2- Dell SonicWALL Application Risk Management Report (SWARM) Vulnerabilities Detected Integrating traditional end-point security protection into the firewall, Dell SonicWALL Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention provide a platform for additional protection at the network boundary. Security definitions are automatically delivered by Dell SonicWALL, ensuring both ease of use and up-to-date monitoring. Dell SonicWALL scrutinizes both inbound and outbound traffic. By monitoring internal traffic, Dell SonicWALL is able to identify infections on the internal network, rather than simply detecting attacks from external sources. Laboratory Failures of Cisco PIX 515E The ASA 5515-X was configured in a standard route mode deployment with full IPS Inspection enabled for all traffic traversing its path. Configuration of the IPS Engine and Virtual Sensor followed Cisco’s recommended steps documented here: http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/modules_ips.html In addition to these steps we un-retired (set Active) many of their older signatures so that we could provide the most robust coverage of old and new exploits that could be generated by the security test tool. Furthermore, all “Informational” signatures were upgraded to Cisco’s “LOW RISK” category in order to fully leverage all 5,600+ signatures. The results in this report show that, not only did the ASA 5515-X miss many of the exploits and malware, but also it failed to recognize and then display the applications that these exploits were designed for. This is a crucial piece of information that can be used to prevent and then thwart future attacks and is a key function that all next generation firewall products should provide. Upon completion of this test, the security test tool rated the Cisco ASA 5515-X with a coverage grade of B(or 80.3%). In total, 444 of the 2278 vulnerabilities presented were missed by the ASA 5515-X. Virus Events Viruses are self replicating programs that spread from machine to machine. Dell SonicWALL Gateway AntiVirus has detected the following viruses at the gateway: Total Virus Events: 94 Sample of Events: 8 / 94 Name Type Count Malformed.wri.BP.2 Exploit 2 Malformed.torrent.BP.1 Exploit 2 Malformed.pdf.BP.49 Exploit 3 Malformed.pdf.BP.19 Exploit 3 Malformed.pdf.BP.7 Exploit 4 Malformed.eot.BP.4 Exploit 4 MhtRedir.ITS.data.1 Exploit.HTML 1 Malformed.asf.BP.1 Exploit 3 Generated: 09/12/2012 12:56:50 - 3- Dell SonicWALL Application Risk Management Report (SWARM) Spyware Events Spyware is a type of malware. Spyware collects information on users without their consent and can pose a serious threat to internal networks by exposing sensitive information. Dell SonicWALL Anti-Spyware has detected the following spyware at the gateway: Name Type Count Malformed-File rtx.MT.1 Spyware 1 Intrusion Events Intrusion detection is comprised of a multitude of events, ranging from scanning attacks to suspected botnet behavior. Dell SonicWALL IDP has detected the following intrusion attempts at the gateway: Total Virus Events: 215 Sample of Events: 21 / 215 Name Type Count Oracle Java Plugin Sandbox Restriction Bypass Intrusion 1 RPC Portmapper TCP Traffic Intrusion 5 Suspicious SMTP Traffic 2 Intrusion 10 Mozilla Firefox QueryInterface Memory Corruption 1 Intrusion 1 Client Application Shellcode Exploit 2 Intrusion 4 Server Application Shellcode Exploit 9 Intrusion 8 IBM Lotus Domino Web Access DoS Intrusion 1 Time-To-Live Exceeded in Transit Intrusion 56 Windows Explorer Folder GUID Intrusion Remote Code Execution (MS06045) Windows DNS Server RPC Interface Intrusion Buffer Overflow 2 (MS07-029) 3 2 Apache Byte-Range Filter DoS Intrusion 1 PING BSDtype Intrusion 9 Cisco IOS Web Server XSS 1 Intrusion 2 VML File HTTP Download 3 Intrusion 8 PING Intrusion 59 Generated: 09/12/2012 12:56:50 - 4- Dell SonicWALL Application Risk Management Report (SWARM) Tripwire Format String Attack 1 Intrusion 1 Suspicious TFTP Write Request Intrusion 5 Trend Micro ServerProtect EarthAgent Buffer Overflow Intrusion 1 Windows Mail Remote Program Execution Intrusion 1 Suspicious POP Traffic 3 Intrusion 2 Linux Kernel SNMP NAT Netfilter Memory Corruption 1 Intrusion 1 *Vulnerability descriptions are provided in Appendix 3. Top URL categories in use Web traffic is often one of the largest contributors to total network traffic. Dell SonicWALL's Content Filtering Service splits web destinations into over 50 dynamically updated categories. Both traditional and nextgeneration traffic management options are available for each category, resulting in robust and granular control. The top 3 categories of web destinations detected during the audit period are presented below: Information Technology/Computer: 33.3% News and Media: 33.3% Advertisement: 33.3% 0 5 10 15 20 25 30 35 Generated: 09/12/2012 12:56:50 - 5- Dell SonicWALL Application Risk Management Report (SWARM) Network traffic by type Different types of network traffic perform different purposes. While infrastructure traffic between devices are a necessary component of every network, other forms of traffic may be unwanted. By differentiating between types of traffic, Dell SonicWALL identifies possible improvements for the allocation of resources on your network. You may want to identify bandwidth thresholds and implement application controls for each type of traffic. The top 4 types of network traffic detected during the audit period are presented below: None: 4.924% Application: 80.168% Network Infrastructure: 0.525% Browser: 14.383% Generated: 09/12/2012 12:56:50 - 6- Dell SonicWALL Application Risk Management Report (SWARM) Top 25 applications by risk factor Application vulnerabilities are often exploited by hackers to infiltrate private networks. Dell SonicWALL tracks, logs and ranks traffic flowing through Efficient Transportation’s network. These applications represent the 25 most vulnerable applications on Efficient Transportation’s network: Application Category Sessions Kilobytes eMule P2P 3 3 Skype IM 2,136 39,945 Wget DOWNLOAD-APPS 21 2,686 SSH REMOTE-ACCESS 6 456 Remote Frame Buffer (VNC) REMOTE-ACCESS 4 140 Flash Video (FLV) MULTIMEDIA 4 98 AIM IM 8 45 Free Download Manager DOWNLOAD-APPS 2 25 Yahoo! Messenger IM 2 3 IRC IM 2 2 Document FILE-TYPES-HTTP 147 4,258 Shockwave Flash (SWF) MULTIMEDIA 15 1,705 Executable FILE-TYPES-HTTP 27 1,510 Archive FILE-TYPES-HTTP 30 872 Icecast MULTIMEDIA 6 632 MPEG-4 MULTIMEDIA 20 476 MP3 MULTIMEDIA 7 463 CUPS MISC-APPS 10 176 QuickTime MULTIMEDIA 3 127 CA ARCserve Backup BACKUP-APPS 6 72 RealMedia MULTIMEDIA 11 55 RTSP MULTIMEDIA 6 52 Nullsoft Winamp MULTIMEDIA 2 41 vsFTPd FTP Server MISC-APPS 61 38 LDAP v3 MISC-APPS 2 37 *Risk type definitions provided in Appendix 1. Application descriptions provided in Appendix 2. Generated: 09/12/2012 12:56:50 - 7- Risk Dell SonicWALL Application Risk Management Report (SWARM) Top 25 applications by bandwidth consumed Excessive demand, often the result of large downloads or streaming of video, can produce an unacceptable strain on your network infrastructure. These applications represent the 25 biggest consumers of Efficient Transportation’s network bandwidth: Application Category Sessions Kilobytes Skype IM 301 314 Document FILE-TYPES-HTTP 44 249 MP3 MULTIMEDIA 3 75 CIFS PROTOCOLS 14 33 vsFTPd FTP Server MISC-APPS 56 27 RealMedia MULTIMEDIA 8 13 Google Crawler MISC-APPS 3 11 SSH REMOTE-ACCESS 3 7 Shockwave Flash (SWF) MULTIMEDIA 4 7 Non-SSL traffic over SSL port PROXY-ACCESS 15 6 SIP VoIP-APPS 6 6 MySQL Server DATABASE-APPS 11 5 Icecast MULTIMEDIA 4 5 Telnet REMOTE-ACCESS 8 3 RSYNC BACKUP-APPS 4 3 Executable FILE-TYPES-HTTP 2 3 RTSP MULTIMEDIA 4 2 Remote Frame Buffer (VNC) REMOTE-ACCESS 6 2 Microsoft Remote Desktop REMOTE-ACCESS 2 2 WS_FTP Server MISC-APPS 4 2 SCCP VoIP-APPS 3 2 Serv-U FTP Server MISC-APPS 3 2 Oracle DATABASE-APPS 3 2 Generated: 09/12/2012 12:56:50 - 8- Risk Dell SonicWALL Application Risk Management Report (SWARM) NDMP INFRASTRUCTURE 6 2 Quicktime MULTIMEDIA 3 1 *Risk type definitions provided in Appendix 1. Application descriptions provided in Appendix 2. Application intelligence, control and visualization Dell SonicWALL puts network control back into the hands of IT administrators. While some applications are business critical and require access to large amounts of bandwidth, other applications are non-productive and require throttling or blocking. Rulesets based on port or protocol require constant updates as applications evolve. Dell SonicWALL makes the job easy for administrators with a robust identification scheme, granular control options and detailed visualization tools. Application intelligence Scanning every byte of every packet of network traffic, Dell SonicWALL identifies applications without relying on port or protocol specific rules. • Deep Packet Inspection of traffic tunneling over SSL • Supports custom application signatures • Integrated data leakage prevention and logging Application control Bandwidth management policies are placed at the administrator's fingertips, and pre-defined logical categories are available alongside traditional application and user options. Application signatures are pushed by Dell SonicWALL and eliminate the hassle of ruleset updates. • Dynamically updated database containing thousands of application and content-based signatures • Customizable actions, such as Set User Message • Predefined actions, such as Bypass DPI Application visualization Flow Monitor provides visuals for application traffic, ingress and egress bandwidth, web traffic, and general user activity, supplying administrators with the crucial information necessary for maintaining a productive network under rapidly changing conditions. • Real-time data on everything from potential network threats to URLs visited • Customizable filter views for repeat access • Widget creation, such as a pie chart view Generated: 09/12/2012 12:56:50 - 9- Dell SonicWALL Application Risk Management Report (SWARM) Appendix 1: Risk definitions This application is resource hungry and can contribute significantly to network bandwidth. The application is also be a well known facilitator of malicious activity, and is often used to infect end points. Some peer to peer services, such as eMule, fall into this category. This application may be either resource hungry or may provide a service that circumvents normal network rules. Allowing this application to run may result in users unknowingly downloading malicious files. Some proxy services, such as Potential Ultrasurf, fall into this category. It also includes some peer to peer applications, such as BitComet. This application may not have a legitimate purpose on the network. The application can also be a source of unwanted traffic to the internal network. Some messenger services, such as Meebo, fall into this category. This application is a common source of network traffic. Generated: 09/12/2012 12:56:50 - 10- Dell SonicWALL Application Risk Management Report (SWARM) Appendix 2: Application descriptions CIFS In computer networking Server Message Block (SMB) also known as Common Internet File System (CIFS) operates as an application-layer network protocol mainly used to provide shared access to files printers serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows where it was known as quotMicrosoft Windows Networkquot before the subsequent introduction of Active Directory. Document The PDF file format or Portable Document Format was created by Adobe Systems to help users in facilitating the exchange of document files. Executable Executable and Linking Format files (.exe) are a common standard file format for executable files and libraries. Google Crawler Google Crawler is Google Inc.'s web spider or program that searches the Internet for websites recursively indexing pages their content the links between pages etc. to build the Google Search Engine. IRC Internet Relay Chat (IRC) is an application layer protocol which provides internet chat in real time. Group communication can be conducted in discussion forums called channels but the protocol also allows for one-to-one communication via private message. Some of the popular IRC clients for Windows are mIRC Miranda IM Trillian and XChat. While IRC does not specifically provide file transfer functionality savvy users can use customized scripts for their IRC client to create file servers. Icecast Icecast is a streaming media server project for broadcasting music that requires a streaming application or source encoder. MP3 MP3 is an extremely common digital audio encoding format that uses a form of lossy data compression. Microsoft Remote Desktop Microsoft Terminal Services also known as Remote Desktop Services extends distributed computing by allowing PCs to operate in a server-based computing environment. Remote Desktop Services are crossplatform functional. MySQL Server MySQL is a relational database management system that runs as a server providing multi-user access to a number of databases. Generated: 09/12/2012 12:56:50 - 11- Dell SonicWALL Application Risk Management Report (SWARM) NDMP Network Data Management Protocol (NDMP) is a protocol that provides for the efficient transport of data between network area storage and other backup devices. Non-SSL traffic over SSL port Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols that provide communication security over the Internet. SSL ports usually exclusively used by SSLTLS traffic. Oracle Oracle Database the relational database management system (RDBMS) is produced by Oracle Corporation. Oracle relies on a group of simultaneous processes interacting in the background to enhance and monitor database performance. As with IBM's DB2 Oracle is available to user in various editions each with varying degrees of functionality. Quicktime The QuickTime client uses HTTP to download digital content for users to view in the QuickTime player. QuickTime is an application that supports a number of media standards. RSYNC rync is a freeware application for synchronizing files and directories from one location to another on Unix systems. rsync also attempts to minimize data transfer by using delta encoding. RTSP RTSP (Real-Time Streaming Protocol) is a protocol for streaming media that lets a client system remotely control a media server. RTSP is often used with QuickTime and RealMedia players. RealMedia This event indicates that a RealMedia compatible client application is attempting to download content. RealPlayer for example is a multimedia client application supporting a broad range of media standards. Remote Frame Buffer (VNC) Remote Frame Buffer (RFB) is a protocol to provide remote access to graphical user interfaces. RFB can be used by users with both Windows and Mac operating systems. More recent iterations of RFB contain more advanced compression security and file transfer features. RFB is used is Virtual Network Computing and while it has great flexibility as it pixel-based other protocols such as RDP have a greater understanding of the desktop and send simpler higher-level commands. SCCP Skinny or SCCP is a lightweight protocol that provides communication with the Cisco Call Manager. SIP The Session Initiation Protocol (SIP) is an application-layer signaling protocol widely used for establishing and tearing down multimedia communication sessions for voice and video transmission over the Internet. Generated: 09/12/2012 12:56:50 - 12- Dell SonicWALL Application Risk Management Report (SWARM) SSH Secure Shell (SSH) is both a set of standards and a network protocol for opening a secure channel between a remote and local computer. SSH provides encryption to aid in security for users connecting to a remote system over the Internet. Serv-U FTP Server Serv-U FTP Server is a secure and streamlined product which provides a FTP Server for Microsoft Windows environments. Shockwave Flash (SWF) The SWF file format (also known as Shockwave Flash) delivers text audio graphics and video over the Internet and is supported by Adobe Flash Player and Adobe AIR software. Skype Skype is an application that allows users to make voice calls over the Internet using a proprietary VoIP network called the Skype protocol. After a user installs client software calls to fellow Skype users are free-ofcharge while calls to landlines and mobile phones can be made for a fee. Additional features include instant messaging file transfer and video conferencing. Skype is owned by eBay Inc. Telnet TELNET Protocol provides a basic eight-bit bi-directional protocol that can be used for communications on LANs and the Internet. Due to its lack of encryption it is advised that the use of Telnet be blocked. WS_FTP Server WS_FTP (WinSock File Transfer Protocol) is a FTP client produced by Ipswitch Inc. headquartered in Lexington Massachusettes. vsFTPd FTP Server vsFTPd (Very Secure FTP Daemon) is an FTP server for UNIX-based systems. vsFTPd also supports IPv6 and SSL. Appendix 3: Vulnerability Descriptions Oracle Java Plugin Sandbox Restriction Bypass The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01 1.4.2_04 and possibly earlier versions does not properly restrict access between Javascript and Java applets during data transfer which allows remote attackers to load unsafe RPC Portmapper TCP Traffic This signature indicates RPC Portmapper traffic over TCP. Suspicious SMTP Traffic 2 This signature indicates suspicious byte pattern in SMTP traffic. Generated: 09/12/2012 12:56:50 - 13- Dell SonicWALL Application Risk Management Report (SWARM) Mozilla Firefox QueryInterface Memory Corruption 1 Mozilla Firefox 1.5 Thunderbird 1.5 if Javascript is enabled in mail and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects which leads to memory corr Client Application Shellcode Exploit 2 This signature detects and blocks a suspicious byte pattern sent from a server upon connection establishment. Server Application Shellcode Exploit 9 This signature indicates suspicious byte pattern being sent to a server application. IBM Lotus Domino Web Access DoS Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message as demonstrated using a large image attachment. Time-To-Live Exceeded in Transit Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.BRBR ICMP traffic may be used to map a network or help Windows Explorer Folder GUID Remote Code Execution (MS06-045) Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events which allows remote userassisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded sequences and whose extension contai Windows DNS Server RPC Interface Buffer Overflow 2 (MS07-029) Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4 Server 2003 SP 1 and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing Apache Byte-Range Filter DoS The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. PING BSDtype Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.BRBR ICMP traffic may be used to map a network or help Cisco IOS Web Server XSS 1 Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buf Generated: 09/12/2012 12:56:50 - 14- Dell SonicWALL Application Risk Management Report (SWARM) VML File HTTP Download 3 Vector Markup Language (VML) is a deprecated XML language used to produce vector graphics. In 2001 SVG became a W3C Recommendation as a language for describing two-dimensional vector and mixed vectorraster graphics in XML.p Integer overflow in the V PING Internet Control Message Protocol (ICMP) is part of the Internet Protocol Suite. ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes.BRBR ICMP traffic may be used to map a network or help Tripwire Format String Attack 1 Format string vulnerability in Tripwire commercial 4.0.1 and earlier including 2.4 and open source 2.3.1 and earlier allows local users to gain privileges via format string specifiers in a file name which is used in the generation of an email report. Suspicious TFTP Write Request This signature indicates malformed write request being sent to TFTP server. Trend Micro ServerProtect EarthAgent Buffer Overflow Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168 which triggers an overflow in the CAgRpcClientCreateBindin Windows Mail Remote Program Execution Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the s Suspicious POP Traffic 3 This signature indicates suspicious byte pattern in POP (Post Office Protocol) traffic. Linux Kernel SNMP NAT Netfilter Memory Corruption 1 The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of ran Microsoft Active Directory LDAP Request DoS 1 (MS08-003) Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003 and Active Directory Application Mode (ADAM) on XP and Server 2003 allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP Appendix 4: Complete Application List 35 applications have been identified on your network. They are ranked in descending order of kilobytes transferred. Applications in red indicate a risk level of yellow or higher. Generated: 09/12/2012 12:56:50 - 15- Dell SonicWALL Application Risk Management Report (SWARM) 1. Skype (314) 2. Document (249) 3. MP3 (75) 4. CIFS (33) 5. vsFTPd FTP Server (27) 6. RealMedia (13) 7. Google Crawler (11) 8. SSH (7) 9. Shockwave Flash (SWF) (7) 10. Non-SSL traffic over SSL port (6) 11. SIP (6) 12. MySQL Server (5) 13. Icecast (5) 14. Telnet (3) 15. RSYNC (3) 16. Executable (3) 17. RTSP (2) 18. Remote Frame Buffer (VNC) (2) 19. Microsoft Remote Desktop (2) 20. WS_FTP Server (2) 21. SCCP (2) 22. Serv-U FTP Server (2) 23. Oracle (2) 24. NDMP (2) 25. Quicktime (1) 26. RSS (1) 27. IBM DB2 (1) 28. RPC Portmapper (1) 29. IRC (1) 30. X Font Server (1) 31. AOL Radio (1) 32. CFNetwork (1) 33. Nullsoft Winamp (1) 34. Kerberos Kadmin (1) 35. (1) In summary If your network security perimeter more than three years old, it is time to move to a Next-Generation firewall. As you have seen, threats are now coming into your network through the application layer where older firewalls cannot detect them. Social networking and streamed media open new vulnerabilities and personal Internet consumption saps productivity. In addition, your old firewall is a bottleneck and is likely slowing down your entire network. There are three main reasons to upgrade to a Next-Generation Firewall: • to prevent threats from entering your network through the application layer • to improve network performance getting all the bandwidth you’re paying for • to see and control who is doing what on your network which can help keep employees focused Generated: 09/12/2012 12:56:50 - 16- Dell SonicWALL Application Risk Management Report (SWARM) Here are 5 important things to look for when considering a replacement for your Cisco ASA 5515-X firewall: Does the firewall scan any size files across all protocols? Fortinet, Cisco, Juniper and WatchGuard firewalls have file size limitations Does the firewall perform deep packet inspections? Cisco and Check Point firewalls require additional modules or “blades.” Does the firewall’s performance degrade when security services are turned on? Palo Alto Networks, Fortinet, Cisco, Juniper, Check Point, and WatchGuard firewalls experience performance degradation when security services are enabled Does the firewall enable application throttling, analysis and visualization? None of these vendors provides all these services. Is it affordable to own? Not if you are forced to purchase additional hardware and you can’t manage everything yourself. The Dell SonicWALL Customer Advantage program makes it affordable to move up to a Next-Generation Firewall. In fact, you’ll get a sizable credit for your old firewall. Our Secure Upgrade Plus offer provides an upgrade path from current Dell SonicWALL products as well as a trade-in path from competitors' products. Click here to get the details. Copyright 2013 Dell Inc. All rights reserved. Dell SonicWALL is a trademark of Dell Inc. and all other Dell SonicWALL product and service names and slogans are trademarks of Dell Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners. While every effort is made to ensure that the content of this report is accurate, the report is provided on an “as is” basis and Dell SonicWALL makes no representations or warranties in relation to the accuracy or completeness of the information found on it. While the content of this report is provided in good faith, we do not warrant that the information will be kept up to date, be true, accurate and not misleading, or that this report will always (or forever) be available for use. 17 Confidential - For internal use only