Technical Presales Presentation CRYPTTECH INFORMATION SECURITY INTELLEGIENCE CRYPTOLOG LOG MANAGEMENT SYSTEM & 5651 REG. CRYPTOSIM SECURITY INFORMATION MANAGEMENT CRYPTOSPOT HOTSPOT SOLUTION
Crypt tech technical-presales
Jun 20, 2015
Crypt tech technical-presales
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Technical Presales Presentation
CRYPTTECHINFORMATION SECURITY INTELLEGIENCE
CRYPTOLOGLOG MANAGEMENT SYSTEM & 5651 REG.
CRYPTOSIMSECURITY INFORMATION MANAGEMENT
CRYPTOSPOTHOTSPOT SOLUTION
Agenda CryptTech Information
Log Management Systems and Advantages
CryptoLOG
General Overview, Features, Capabilites, Benchmarks
General Architecture Structure
Network Configuration, Alternative Deployments
Product Components / Logsource -Plugin Implementation
Communication Architecture
Reporting Module
Log Collection Methods: CryptologAgent, Share, DBConn, Syslog, Snmp, Opsec
Correlation / Secuirty and Alarm Module
Agenda – Cont.
CryptoSPOT, HotSPOT/WiFi Solutions
General Overview, Features, Capabilites, Benchmarks
General Architecture Structure
Network Configuration, Alternative Deployments
Product Components / Logsource -Plugin Implementation
Communication Architecture
Reporting Module
User Management
WHO ARE WE?
WHAT DOES CRYPTTECH DO?
WHERE MAY YOU FIND US?
CRYPTTECH
CryptTech INFORMATION SECURITY INTELLIGENCE
Established in 2006 June
Service and Projects on Information Security Sector
Contributing Turkish Economy by producing and developing own Products
20 Persons, 12 Engineer.
Small size Research & Development Company
LogManagement, Security Information Management, HotSpot Management, Penetration Tests, Vulnerabality Tests
WHAT ARE ADVANTAGES?
LOG MANAGEMENT SYSTEMS
Log Management System Advantages
Helpful for problem solving and troubleshooting
Align security and compliance requirements with IT operations
Accurate and punctual possibility on monitoring your network
Contribution on defining risk levels
Increasing staff productivity by eliminating security issues
Check system availability
Reduction operational costs, system response time improval
Incident Management over Log Management Systems
Management all system, network device logs on one GUI
Log Work Space
WebServer Activity Logs
Proxy Internet Access and Cache Logs
IDS/IPS/IDP Logs
Firewall Logs
Router/Switch Logs
MailServer Message Tracking Logs
VPN Logs
Windows/LDAP Domain Logs
Content Management System Logs
SMSC Gateway Logs
Wireless Access
Oracle Financial Logs
Framework Logs
DHCP Logs
SAN/NAS Object Audit Logs
VLAN Access Logs
Database Table Logs
Client/File Server Logs
Unix/Linux/Windows OS Logs
CryptTech
Log Management System
CryptoLOG
CryptoLOG – General Overview 1
Large Volumes of Generated Log Messages
Collection-Transportation, Aggregation, Analysis, Retention-Correlation, Reporting
Compliant with 5651 Regulation
Platform Independent, Runs On Numerous Operating Systems
Instant Hashing and TimeStamp
Advanced Plugin Structure
Supports Numerous Kind of Log Collection Methods
Failover (High Availability/Disaster), Distributed Structure
CryptoLOG – General Overview 2
More Than 400 Report Templates
Statistical Information Generated by Parsed Log Fields
Compliance with PCI, SOX, FISMA, GLBA, HIPAA
User Friendly Report Template, Schedule Definition
Enchanced Graphicals View and Dashboards
PDF, XLS, DOC, CSV Formats
CryptoLOG – General Overview 3
Role Based Authentication and Right Management
Forensic Analysis
Real Time Live Records
Approximately 1/20 Compress Ration
Archiving and Backup
Flexible Configuration
CryptoLOG - Benchmarks
1000
2500
12000
33000
1500
4250
16000
50000
2200
6000
28000
75000
0 20000 40000 60000 80000
1xAtomCPU2GB RAM
1XDual Core4GB RAM
1xQuad Core8GB RAM
2xQuad Core16GB RAM
15000RPM DISK
1000RPM DISK
7200RPM DISK
CryptoLOG Runs On...
Ubuntu
Debian6
OpenSuse
Windows
Centos
Solaris
RedHat
VMVare ESX
HyperV
General Architecture
General Architecture
MYSQL
• Statistics, Users On DB
• Logs, Signatures,
Configurations On
FileSystem
CryptoLOG Life Cycle
CryptoLOG - Milestone Steps
Proper Network Positioning and Configuration1
Transport Logs With Appropriate Method
Analysis, Parse and Process Log With Suitable Plugin
Data Verification and Internal Check
Reporting, Security Alarms, Search, Network Control
2
3
4
5
Classic Network Diagram
High Availability Model
Cluster Model for Disaster Situations
One Virtual IP and Two CryptoLog Servers
Failure Clustering, Always Running
Data Storage (SAN/NAS): MUST (logs keeped here)
Active – Active, Active – Passive Models
Load Sharing Oppurtinities
Cluster Diagram (Act - Act)
ACTIVE
Cluster IP
10.10.10.1
172.16.1.1 172.16.1.2
172.16.1.3
10.10.10.2
ACTIVE
Storage (SAN, NAS, NFS)
heartbeat
ajan, ssh, opsec, ..
syslog syslog
ajan, ssh, opsec, ..
Cluster Diagram (Act – Pas)
ACTIVE
10.10.10.1 10.10.10.2
PASSIVE
Storage (SAN, NAS, NFS)
heartbeat
Cluster IP
172.16.1.1 172.16.1.2
172.16.1.3
Syslog, ajan, ssh, opsec, ..Syslog,ajan, ssh, opsec, ..
Distributed Model
For enterprise wide architecture scenarios...
Know your network! Determine methodology.
Component Histogram.
Sensors, Middle Central Servers, Main Server
Mission, Task Sharing: Collection, Parser, Reporting,
Search, Statistic Servers.
Sensor – Central Diagram
CryptoLog
CryptoLog
CryptoLog
CryptoLog
Location 1 - İzmir Location 3 - BursaLocation 2 - Ankara
•Mail Server
•Application Logs
•Wireless Access•Domain
•Firewall Logs
•Switch Access
•VLAN Access
•VPN logs
Cloud Service
www.5651logservisi.com
CryptoLOG, cloud log server
Service for Small size companies
Log transport from Firewall, Proxy, Web Access
Montly subscription
Daily report by mail
Log Collection Methods - 1
• Windows Service Developed by CryptTech
• Communicates Over Tcp/Udp Sockets
• SSL
• Unix/Linux Standard
• UDP 514
• Network Devices, Firewalls
• Fast, Insafe
• Windows Share
• Samba Share
• User Authenticated
• Read Permission
• SSH Mount
Log Collection Methods - 2
• Logs On Databases
• Audit Tables
• SqlServer, Oracle, Mysql
• Checkpoint Operation Security Protocol
• LEA Conf, SSL
• Simple Network Management Protocol
• Router, Switch, Modems
Log Collection Methods - 2
• Raw Flat Log Files to CryptoLog as a FTP Server
• Mirror Port Sniffing
• BroadCast Sniffer
• Traffic Flow
• Network Analysis
Cryptolog Agent
Runs on Windows OS (.NET 3.5)
Data over TCP (39876 Port)
No data lackage
Managable by CryptoLog
Configurable
Maximum %5 System Resource Consumption
SSL Encrypted Data Transport (Optional)
SQL Trace Processing
Windows Event Logs, Domain, Microsoft DHCP, Exchange, ISA, TMG, Radius Server, Application Servers
Syslog
UNIX / LINUX system log
UDP 514 Port, Without Handshaking, Data Integrity
Unreliable Protocol, However Fast
Most Network Devices and Firewalls Support
Rsyslog or Cryptolog Syslog Deamon
Cisco IDS, Cisco IPS, Switches, Routers, Juniper, Fortigate
Syslog Support Devices - 1
3Com.Switch.5500
3Com.Switch.SSII
APC.AOS
APC.AOS.CLI
ATI.Router.General
Accton.Switch
Addpac.APOS
Adtran.Netvanta.General
Alcatel.Switch.Omnistack
AlliedTelesis.AlliedWare.Plus
AlliedTelesis.Switch.8000
AlliedTelesis.Switch.8500
Aruba.ArubaOS.General
BelAir.SwitchRouter.Wireless
Bluecoat.Cacheflow
Brocade.Switch
Checkpoint.VPN
Cisco.ACE
Cisco.CallManager
Cisco.Firewall.ASA
Cisco.Firewall.IDS
Cisco.Firewall.PIX
Cisco.MDS.Fibre
Cisco.NXOS
Cisco.Older.VPN3002
Cisco.Other.ACNS
Cisco.Other.CSS
Cisco.Other.CUE
Cisco.Other.LocalDirector
Cisco.Other.VPN3000
Cisco.Router.General
Cisco.Router.noenable
Cisco.SCE
Cisco.Switch.1900
Cisco.Switch.CatOS
Cisco.Switch.IOS
Cisco.Terminal.Server
Syslog Support Devices - 2
Cisco.V4.1.VPN3000
Cisco.VPN
Cisco.WAE
Cisco.WLSE
Cisco.Wireless.Lan
Citrix.NetScaler.General
Crossbeam.COS
Crossbeam.UTM
Cygwin
DLink.Switch.General
DLink.Wireless
Dell.Switch.CLI
Enterasys.Matrix.Switch
Enterasys.MatrixN.Switch
Enterasys.Router.General
Enterasys.Router.XSR1800
Enterasys.Securestack
Enterasys.Wireless.Controller
Extreme.Switch.General
F5.BigIP
F5.BigIP.GTM
FiberLogic.General
Force10.General
Fortinet.FortiOS.General
Foundry.Switch.General
Foursticks.NP.Gateway
GarrettCom.Switch.General
Generic.Device
HP.Switch.2500
Huawei.General
IBM.AIX.General
IronPort.Security.General
Juniper.App.Accelerator-DX
Juniper.Application.Accelerator
Juniper.Netscreen.Firewall
Juniper.Router
Lancom.ISDN.Router
Syslog Support Devices - 3
Lantronix.EDS
Linux.RedHat.Bash
MRV.Switch.General
McData.Fibre
Meru.Controller.MC
Motorola.Router.CMTS
Motorola.Vanguard
MultiCom.Firewall.General
NEC.Univerge.IX
NEC.Univerge.Switch
NetApp.FAS.General
Netgear.Switch.General
Netopia.DSL
Nokia.ADSL.M1122
Nortel.ARN.General
Nortel.Application.Switch
Nortel.Router.VPN
Nortel.Secure.Router
Nortel.Switch.Ethernet
Nortel.Switch.NoCLI
Nortel.Switch.Passport
Nortel.Wireless.Switch
Occam.General
Packeteer.Packetshaper
Pannaway.BAR
Pannaway.BAS
Radware.AppDirector
Radware.WSD
Redback.Router.General
Riverbed.Steelhead
Riverstone.Router.General
Sidewinder.Firewall
Sun.SunOS.General
Symbol.WS2000
Thomson.Speedtouch
Trapeze.Wireless.Lan
Xirrus.Wireless
ZyXEL.Switch
Share / SSH
Windows (cifs), Linux(samba) Shares
Available clear text file in a folder
Netbios 445 port, SSH port 22
Domain/Ldap or Local Users Credentials
Only Read Permissions
No data loss, Server side log existence
Odbc/Jdbc
All records in tables of Oracle, Microsoft
SQL, MySQL, PostgreSQL, IDB2
DataBase Audit Logs are generally in Database. http://www.oracle-base.com/articles/10g/Auditing_10gR2.php
http://msdn.microsoft.com/en-us/library/dd392015(v=sql.100).aspx
Application logs may be keeped in Database
WebSense, Antivirus
CryptoLog needs Just User Credentials that have Read Permision for Log Tables.
Opsec - CheckPoint Platforms
LEA Client for CheckPoint Firewalls
Real Time Live Log Records
Authenticated and Encrypted Connection
Default 18184 (configurable) Lea Port
Ftp-Sniff-Flow
FTP
CryptoLOG as a FTP server/client
Log Transportation on defined times, not real time
Authenticated User or Anonymous
Sniff
Network sniffing over broadcast
Mirror Port/Bridge Mode
Flow
Cisco Switch, HP NetFlow
Traffic Throughput
Log Hashing and Stamping
•Certificate
•Tubitak Time Server
•Log Files and TimeStamp Retention
•MD5
•SHA1,SHA256
•SHA512
•Transport Logs to CryptoLOG
Instant Hashing and Digital Signature
(Configurable) Hash for every record
File/Folder Signatures
Supported Hash Algorithms: MD5, SHA1, SHA256, SHA384, SHA512
Supported Sign Algorithms: DSA, RSA
Cryptolog Certificate, 3rd party Qualified Certificates
Customizable Time Server
Tubitak-UEKAE Time Stamp Service http://www.kamusm.gov.tr/urunler/zaman_damgasi/
Data Verification - 1
Log1 Hash2 Sign3 TS4
Log + Hash Algorithm = Log Hash
Time +Log Hash + Sign Hash = Digital Signature
Digital Signature + Sign Algorithm = TimeStamp
Data Verification - 2
Stored Hash in Sign File
Compare Current Calculated Hash and Stored Hash
CryptoLOG - Components
Log Source: Systems, Log
Collection Methods,
Credentials
Plugin: Log Parsers,
Statisticers, Regular
Expressions, Delimeters,
Visual Basic/C# Codes
Search
Powerful search engine and infrastructure
High speed results over billion of records
Filter and conditions through every field
Search by Hash and Real Log Date Time
Advanced search options, Combination different Log Sources
Search output to PDF, XLS, DOC, CSV formats
Data Transfer and Verification over Search Results
Search - Forensic
Statistics
Top Blocked Web Sites
Top Used Protocol
Most Requested Dst_IP
Top 10 Mail Sender User
Top 10 User Download
Top 20 Error Pages
Reports Templates
Firewall Templates
• Top Dropped Source IPs
• Top Downloaded Src/Dst IPs
• Top Uploaded Src/Dst IPs
• Top Requested URL/Domain
• Top Used Ports
• Top Used Protocols
• Top Matched Rules
Mail Server Templates
• Top Mail Sender Addresses
• Top Mail Receiver Addresses
• Top (Traffic) Mail Senders
• Top (Traffic) Mail Receivers
• Top Subjects
• Top Used Source Ports
• Top Used Des. Ports
WebServer Templates
• Top Requester IP Addresses
• Top Requested URI
• Top Server Side Error Pages
• Top Client Side Error Pages
• Top Used Agents
• Top Slowest Pages
REPORT ENGINE - SCHEDULED
Compliance Reports
PCI, SOX, FISMA, GLBA, HIPAA
Access Logon, Login Failure, Object Access
Security Requirements
Role Based Right Management
User and Role Definition
User Access Rights on Categories
View and Modify Roles, Admin privilieges
Rights on Search, MultiSearch, Stats, Newstats,
Logstats, Plugin, Monitor, Correlation, Alerts, Store,
FileSize, Report Pages
Rights on Every Unique LogSource and Plugin
CryptTech
Security Information Management
CryptoSIM
CryptoSIM
CryptoLOG
Correlation
CryptoSIM
Correlation Engine
Correlation Types
Correlation Rules
Match events against a threshold within a defined time period and take actions
Correlation Engine
No Resource Limit
Correlation in Memory (Real Time Correlation)
Correlation on Disk (Historical Correlation)
Real time alert system
64 bit Architecture
Correlation Types
Basic Correlation: One Logsource log correlation. Ex: 5 login failures to one server.
Logical Correlation: Logical Condition Nodes (AND/OR) for multilogsources and various log fields. Mathcing node leads to check sub nodes.
Contextual Correlation: Asset value consideration. Attacks for Windows will not generate alarm for Linux.
Cross Correlation: Correlation of Vulnerability Scanner and IPS Logs
Historical Correlation: Not only realt time log correlation but also Correlation over archived log files
Hierarchical Correlation: Correlated Logs to Parent Node CryptoSIM.
CryptTech
Hotspot Management System
CryptoSPOT
CryptoSPOT
HotSpot Management Solution
WiFi Internet Access for Guest Users
Web Based User Interface
Configurable Network Structrue
User Side Bandwith(Download/Upload), Time Allocation
Prepaid / Postpaid Billing Management
SMS Authentication, entegration with web services
AD/LDAP User Entegration
Where?...
Restaurant / Cafe
Shopping Malls
Hotels
Airports / Train Stations
HouseHolds
Companies
How does CryptoSPOT work?
Advantages of CryptoSPOT
Broad appeal to operators because of ease of use.
Easy deployment and integration to network and billing systems.
One-time setup with virtually no administration.
Very secure solution.
Reliability and high-performance.
Configurable Portal and Self Care Module.
Wide Wireless Usage
Complete time-based accounting. User may LOG OUT when he/she wants.
Complete traffic accounting of each customer's usage, ensuring that hotspots are fully compensated for the traffic each user spends on the network.
Bandwidth management allowing to change/limit the bandwidth for users
More Than One SSID
References
References
References
References
References
References
References
Questions?
THANK YOU
Related Documents
