TippingPoint X505 Training

Key Features, Concepts and Functional Areas

Key Features and Concepts Objectives

> Upon completion of this module, you should be familiar with the following:
Key Features of the X505 Device Appearance Key Concepts and Functional Areas of the X505
> Security Zones and Interfaces > Firewall > Content Filtering > VPN > IPS > System Administration

Deployment Modes/Scenario

X505 Key Features

> Stateful Packet Inspection Firewall > Industry Standards Compliant VPN > Fully Featured IPS > Flexible security zone deployment > User Authorization > Zone Based Rate Limiting > Content Filtering > Manual URL Filtering > Application specific rate limiting > Multicast Routing > RIP

Device Appearance

> No LCD Panel > 2 inches high, slightly taller than 1U (1U=1.75) > DB9 Console Port (115200BPS-8-None-1) > (4) 10/100 Ethernet Ports (NO Auto-MDI) > (1) 10/100 Management Port
Unused in most installations Will go away as of X5/X506 (Management will be in-line) Exists due to sharing of platform (200E)
4

Security Zones

> What is a Security Zone

A security zone is a network segment or VLAN where access can be policed as traffic passes in and out of a security zone NOTE: Policed means Firewall, IPS and Content Filtering A user can define multiple security zones, based on their network security needs Common security zones are LAN, WAN, DMZ and VPN Think of Zones as a Layer 2 construct
> A network with 5 Security Zones > Traffic (shown in red) passes from one zone to another only if policy permits > No policy enforcement within a zone! Only between zones

WAN

LAN

x505

DMZ

LAN2

VPN
5

Network Interfaces

> Network Interfaces define how the X505 integrates with the layer 3 network > A Network Interface can represent multiple security zones.
Example: Internal Network Interface could represent LAN1, LAN2, and VPN

> There is one external Network Interface (i.e. WAN Zone assigned by default)
Static DHCP x-Series acts as DHCP Client on by default PPPoE PPTP L2TP

> There can be many internal Network Interfaces

Each with Static IP Addressing for the interface Clients can be static or DHCP You must enable NAT for internal clients to get NATed to public IP addresses.
6

X505 Deployment Modes

> Full transparent deployment

External Interface

LAN

DMZ

WAN

> Transparent DMZ > NAT / Routed LAN

Internal I/F

External Interface

LAN

DMZ

WAN

> Full routed / NAT deployment

Internal I/F

Internal I/F

External I/F

LAN

DMZ

WAN
7

Firewall

> Firewall Rules enforce policy between zones (i.e. From the WAN zone to LAN zone) > Rules are evaluated from the top down with an implicit deny at the end > Network and Service Objects define who can access what > Options:
Rate Limiting Schedules Group Authorization Content Filtering

Content Filtering

> Subscription Service (requires DV Gold Package) > Block access to Gambling, Porn, Hate Speech, etc. > Manual URL Filtering > Custom response page

Virtual Private Networks

> Hardware Accelerated

DES, 3DES, AES-256

> Keying Modes

Manual, IKE + Preshared Key, IKE + X.509 Cert

> Site to Site VPNs

IPSec/L2TP/PPTP DHCP Relay over VPN Tunnel on Demand or Static Tunnel

> Client to Site VPNs

IPSec/L2TP/PPTP RADIUS or Local Authentication

> Termination to VPN Security Zone

10

Intrusion Prevention System

> The X505 have Virtual IPS Segments as opposed to physical ports as seen on the TippingPoint IPS series > Virtual IPS Segments must be created before IPS policing takes effect > IPS policy is implemented between zones, not within zones > By default, IPS rules apply to all configured virtual IPS segments > Order of Packet Inspection
Firewall IPS

11

System Administration

> Administration
Local Security Manager (LSM) Web GUI CLI SSH over the network CLI Direct Terminal Configuration

> Updates
TippingPoint OS (TOS) Upgrades Manual and Automatic Digital Vaccine (DV) Updates

> System Snapshots > System Health/Status > User Administration

Define users for local administration Define users for VPN access

> Privilege Groups

Assign users to privilege groups for authorization

> Logs/Events
System/Audit Logs Traffic Event Logs IPS Logs
12

X505 Deployment Scenario

13