Deeply convinced of the safety assessment Firewall and Dynamic Detection Technology

1. Risk analysis techniques

1.1 customer needs

As the company's network management staff, definitely you want to understand the current security status of the server, whether the server is the following issues:
(1) unnecessary ports open
(2) the server's own system vulnerabilities (for the server operating system)
(3) server software itself exist vulnerability
(4) website login weak passwords

1.2 Features

Risk analysis includes two functions

(1) the target IP port scan

IP port scan on the target, which allows server administrators to clear understanding of open ports and services, as well as which vulnerabilities may exist on the server, allowing administrators to shut down unnecessary ports, plugging loopholes and improve the security of servers

(2) the target site to scan for weak passwords

The target site to scan for weak passwords, weak passwords to access the database to solve the problem of insecurity. At the same time, risk analysis can be done intelligently generate the appropriate rules based on scan results, to provide security.

1.3 Configuration Roadmap

1.首先在【风险发现和防护】－【风险分析】中配置不可信来访区域、访问的目 标IP范围和端口。  
2.启用弱密码扫描、点击“开始扫描”即可。 
3.查看防护风险报告，并根据报告做相应整改。

2.WEB scanning technology

2.1 Features

Deeply convinced NGAF WEB scanner is deeply convinced of the research results over the years in the web application security, the development of a large number of experienced-based Information Security Incident Response of a security scanner, the scanner is designed to help the majority of web users the depth of the site server security scanning, fingerprint recognition, validation vulnerabilities, predict the overall security status of the web application system, and provide professional recommendations reinforce security.

(1) Scan website

SQL注入 
XSS跨站 
目录遍历 
CSRF跨站请求伪造 
Struct 2漏洞

Support for SQL injection, XSS cross-site scripting, directory traversal, CSRF CSRF, remote file inclusion, command a number of scanning plug injection leaks of sensitive information, Struct 2 vulnerabilities, covering all OWASP TOP10 high-risk vulnerabilities, to ensure a comprehensive in-depth WEB site scan results

(2) Fingerprint

智能识别网站（网站 系统类型，软件版本等） 指纹信息与CVE漏洞库精确匹配

Support for web server operating system type:. Apache, IIS, Tomcat, Nginx, Weblogic and other server / middleware type; php / jsp / asp / c # / net / python sites such as the type of language for automatic identification, and and CVE / CNNVD intelligent associated vulnerability database analysis.

(3) validation vulnerability

快速验证网站漏洞危害 并给出专家级漏洞 修复方案

To help the majority of web managers to easily understand and master the highly specialized content security report, the vulnerability scan report farewell obscure, deeply convinced WEB vulnerability scanner test report for a very detailed description and explanation hazards and vulnerabilities, and payload test packets sent during security checks were highlighted, web managers through information section highlighted, that can easily master the preliminary cause of vulnerability

2.2 Configuration Roadmap

 1.首先在【风险发现和防护】－【WEB扫描】中配置扫描的url地址和扫描模 板。 
 2.配置完成之后，点击“开始扫描”或“定时扫描”即可。 
 3.查看扫描结果。 

2.3 Reflection summary

WEB scanner Note:
1. If there is a corresponding target URL WAF policy and refused to open, can not be scanned, you need to disable or release WAF strategy.
2. The dual-web does not synchronize the scanner configuration.
3. The need to be logged in to scan the scene only supports username and password authentication, do not support verification codes contain scenes.
4. Export Report should be promptly after the scan is complete, the device will not save it, start a new scan report will be empty.
5. Scan the risk of damage to the site have the data can not be directly scanned the production network server, the client should provide a mirror to sweep vulnerabilities.
6. If you must direct the production network server scan, the scan data before the backup site and the source code to ensure that the problems can restitution.

3. Real-time vulnerability analysis

3.1 customer needs

Internal network server for its own security checks, but do not want to cause any impact on existing business.

3.2 Solution

SINFOR NGAF real vulnerability analysis system to detect in real time the bypass flow through the application equipment, the traffic analysis applying corresponding application data in real time to match the parsed recognition library vulnerability analysis, found loopholes server.

Advantages:
1. Real-time security flaws found in the customer's network environment, the network will not generate additional traffic.
2. report, the report contains security flaws and the corresponding rectification program, to show the user security protection capability.

3.3 Configuration Roadmap

1. Analysis of Strategies to configure real-time vulnerability.
In [Risk discovery and protection] - [real-time] vulnerability analysis configure newly added strategy, select the area where the server, select a server within the network object corresponding to the network server.

2. In the [real-time] vulnerability analysis page, click on the "re-discovery" will clear the current report, the policy will re-find bugs.

3. Click [Summary] all policy for all vulnerability reports generated summarize, and present in the form of a summary report to the customer, and do the appropriate corrective program according to vulnerability reports recommendations.

3.4 Reflection summary

Precautions:

1. Passive Vulnerability Scanner application-dependent recognition result, the need for this to work it is recommended to open the application recognition library serial number.

2. Real-time vulnerability analysis does not support the centralized management.

3. Real-time vulnerability analysis supports only tcp protocol, does not support udp protocol analysis, such as dns services.

4. FTP and HTTP support any port identification, other service supports only standard ports, such as mysql, ssh and other services.

5. Each independent analysis strategy, if the IP server group overlap, it is found that the vulnerability will duplicate.

4. early warning threat intelligence and disposal

4.1 Requirements

The current status of safety management

1. What recent security incidents basically do not know.
2. ODay can not handle the outbreak.
3. Is there a server if there are vulnerabilities patched package, I do not know do not understand the basic operations.
4. loopholes protected object and has not been effective protection administrator should be how protection, basically do not know.

Demand: the use of a safety feature to solve the problem

4.2 Features

(1) collect hot events

When 0Day vulnerabilities outbreak, early warning threat intelligence and disposal center will produce within 48 hours of the event for the hot events database, events library contains: event content, detailed description threat, vulnerability scanning tools, protective strategies.

(2) Information Push

After making a good hot events library will be instantly pushed to every Internet-connected NGAF, the device is automatically updated after hot events library, users can view on the device to the latest hot events, and you can click on the event link to threat intelligence early warning and disposal centers view the security event more detailed information.

(3) Vulnerability Scanning

After the hot events database update, the device automatically starts to scan the object of protection. User definable, arranged protected object, when the user is not configured protected object, SINFOR NGAF network server automatically as a protection object and scans. In addition to automatically scan the vulnerability, NGAF manual also provides vulnerability scanning capabilities, users can scan to confirm whether the vulnerability successfully repaired again after bug fixes or new constructed network security examination

(4) a protection key

After the vulnerability scan is finished, if the protected object flawed and has not been effective protection, NGAF provides risk was found for all key scanning of a protective function, users simply click once, the device will automatically update the corresponding rules feature to generate the corresponding protection strategy, the security risk scan found effective protection in the state.

4.3 Functional principle

4.4 Configuration Roadmap

1. [Risk discovery and protection] - [warning threat intelligence and disposal] - [Settings] and set the target server network protection options.

2. Protection [options] check [Auto Scan] after the outbreak of the new event can automatically scan the protection of IP group after the new event.

3. Click [] Get the latest information for connecting SANGFOR server, obtain the latest warning threat intelligence and disposal.

4.5 Reflection summary

Precautions:

1. Early warning threat intelligence and disposal of the push needed to ensure that equipment can access the Internet

2. Early warning threat intelligence and disposal scan AF and the need to ensure the network server are reachable

3. Early warning threat intelligence and disposal of protective action will generate reject security policy

5. Security Processing Center

5.1 Background demand

Visual realization of security and simple and efficient implementation of Security Operations

5.2 Overview of the security situation

5.3 Business Risk Visualization

5.4 attack path visualization

Controlled terminal

Controlled server

5.5 attacker Map

Global IP address database to provide Internet "positioning" service