Ze-ro day prevention

Ze-ro day is the hackers take advantage of security holes (BM) not yet overcome in the system to attack causing terrible consequences for computers (MT) and network systems. Ze-ro day is also a constant attack to prevent victims from having time to defend.

Ze-ro day is the hackers take advantage of security holes (BM) not yet overcome in the system to attack causing terrible consequences for computers (MT) and network systems. Ze-ro day is also a constant attack to prevent victims from having time to defend.

Ze-ro day attack prevention is the prevention of intrusion before a vulnerability is identified and overcome. For IT systems in the financial and banking sectors, there is a need to ensure continuous operation and Ze-ro prevention. Watchguard has recently introduced in Vietnam market that the BM device operates according to the principle of Intelligent Layered Security (ILS) system capable of preventing Ze-ro attacks.

In essence, ILS is a system of multiple layers of protection, each with a different task. When a flow of information (traffic) enters the network, the task of the first layer is to check whether the packet is bad or not, if the packet is bad, the device will immediately drop the packet. out. If the previous class cannot be resolved, the next class will check. When the next class detects that it is a bad packet, it will drop the packet immediately, and send the signature updates to the previous class so that the same packets will be dropped at the first class. First, it will greatly improve the bandwidth and processing speed of the system.

Statistics show that Ze-ro day prevention solutions actually help many networks and MTs avoid many hacker attacks.Specifically, from 2003-2005, 31/34 extremely dangerous viruses and worms are warned on LiveSecurity has been prevented by the Ze-ro day attack prevention solutions.October 8, the most widely attacked spy in 2005 was prevented by Ze-ro day prevention solutions.

WatchGuard's ILS-operated BM device is called Firebox X. This is a UTM device (Unified Threat Management) with 6 layers of protection. The outer layer also provides external BM services, capable of analyzing behavior and evaluating traffic flows, protocols to the system, and bringing to the corresponding classes for processing. Layer 2 checks IP and packets. When detecting abnormal packets, the device immediately interrupts these packets to avoid identified attacks such as DoS and DDoS. Layer 3 controls traffic on VPN connections through IPSEC and PPTP protocols. Class 4 is like a complete firewall. Class 5 controls applications, detects unusual protocols while preventing web servers from attacking. Internal layer of content BM (web filtering, and spam).

In addition, Firebox X also integrates a number of features such as "Multi WAN Load Balancing & Failover" to allow load balancing (Load Balancing) on ​​many lines or automatically switch the line when having problems. The device can load balance to 4 Internet / WAN lines. Typically, few firewall devices support this feature, if any, only up to 2 lines and load balancing according to the Round-robin mechanism. Meanwhile, Firebox can balance load according to Round-robin, Routing table (select route on routing table) or Interface Bandwidth Threshold (set bandwidth threshold on each Internet / WAN interface). In addition, Firebox supports VLAN (IEEE 802.1q), Policy-based routing (policies for applications), VPN Failover (backup VPN connection), Traffic Management (traffic flow monitoring), and QoS ( setting a priority and a service execution time) and logging features (recording all system activity), detailed monitoring of users and systems, outbound or inbound access real time monitoring, centralize management (Centralize management) and user-friendly graphical interface .

Firebox X has 3 product lines, meeting different business needs: Firebox X Peak is for high-end network environments with over 500 users; Firebox X Core is for corporations and branch offices of 30 - 500 people; Firebox X Edge (integrated Wireless) for small businesses, remote offices and mobile users (under 30 people, reference price 1000 USD).

WatchGuard offers a number of optional services
LiveSecurity helps to understand the warning of threats and dangers on applications, thereby helping network administrators to prevent, replace hardware, regularly update operating software (PM) for Firebox, as well as technical support. SpamBlocker protects the Mail Server system, reduces spam and increases productivity.
WebBlocker blocks 40 website content groups, helping to avoid viruses, spyware, adware .
Gateway Antivirus / IPS: The Firebox X series of devices will prevent suspicious attachments by using effective "proxy rules" without deep access to resources like traditional antivirus solutions; scan and infiltrate networks on Proxy (SMTP, HTTP, FTP, DNS, and TCP).

Quoc Huy