{"id":33669,"date":"2024-05-03T13:46:37","date_gmt":"2024-05-03T11:46:37","guid":{"rendered":"https:\/\/relnet.hu\/?p=33669"},"modified":"2024-05-03T13:46:37","modified_gmt":"2024-05-03T11:46:37","slug":"997-os-a-juniper-networks-vsrx-tuzfal-biztonsagi-hatekonysaga","status":"publish","type":"post","link":"https:\/\/relnet.hu\/en\/997-os-a-juniper-networks-vsrx-tuzfal-biztonsagi-hatekonysaga\/","title":{"rendered":"99,7%-os a Juniper Networks vSRX t\u0171zfal biztons\u00e1gi hat\u00e9konys\u00e1ga"},"content":{"rendered":"

A CyberRatings a 2.1-es verzi\u00f3j\u00fa Cloud Firewall Test m\u00f3dszertan alapj\u00e1n, az Amazon Web Services c5n.2xlarge er\u0151forr\u00e1s\u00e1t (instance) haszn\u00e1lta a tesztel\u00e9shez. Az alapos vizsg\u00e1lat c\u00e9lja annak meg\u00e1llap\u00edt\u00e1sa volt, hogy a term\u00e9k hogyan kezeli a TLS\/SSL 1.2 \u00e9s 1.3 titkos\u00edt\u00e1si k\u00e9szleteket, valamint mennyire eredm\u00e9nyesen v\u00e9dekezik az exploitok \u00e9s a megker\u00fcl\u0151 man\u0151verek (evasion) ellen. A teszt azt is vizsg\u00e1lta, hogy az eszk\u00f6z stabil marad-e kedvez\u0151tlen k\u00f6r\u00fclm\u00e9nyek k\u00f6z\u00f6tt. A modern h\u00e1l\u00f3zati forgalmon alapul\u00f3 re\u00e1lis \u00e9rt\u00e9kel\u00e9s \u00e9rdek\u00e9ben a m\u00e9r\u00e9sek kiterjedtek mind a titkos\u00edtatlan, mind a titkos\u00edtott forgalomra. V\u00e9geredm\u00e9nyk\u00e9nt a Cyberratings a \u201eRECOMMENDED\u201d azaz a javasolt oszt\u00e1lyzatot adta a vSRX felh\u0151 alap\u00fa t\u0171zfalnak:
justify
no-repeat;left top;;
auto<\/p>\n

\"vsrx_sec_effectiveness-min\"
center<\/p>\n

A fenti k\u00e9p megmutatja, hogy a Juniper Networks t\u00f6k\u00e9letes eredm\u00e9nyt \u00e9rt el a routing \u00e9s hozz\u00e1f\u00e9r\u00e9svez\u00e9rl\u00e9sben, a TLS\/SSL funkcionalit\u00e1sban \u00e9s a megb\u00edzhat\u00f3s\u00e1gban is. A fenyeget\u00e9smegel\u0151z\u00e9sben kimutatott 99,7 sz\u00e1zal\u00e9kos eredm\u00e9nyess\u00e9g \u00fagy alakult ki, hogy az eszk\u00f6zre r\u00e1eresztett 984 exploit k\u00f6z\u00fcl 981-et siker\u00fclt elh\u00e1r\u00edtania.<\/p>\n

Routing \u00e9s szab\u00e1ly\u00e9rv\u00e9nyes\u00edt\u00e9s<\/h5>\n

A szab\u00e1lykezel\u00e9si tesztel\u00e9s azt ellen\u0151rizte, hogy a t\u0171zfal k\u00e9pes-e \u00e9rv\u00e9nyes\u00edteni a biztons\u00e1gi szab\u00e1lyokat, a korl\u00e1toz\u00e1smentest\u0151l kezdve eg\u00e9szen az \u00f6sszetett, t\u00f6bbz\u00f3n\u00e1s \u00e9s tartalomellen\u0151rz\u0151 szab\u00e1lykonfigur\u00e1ci\u00f3kig. A Juniper Networks vizsg\u00e1lt t\u0171zfaleszk\u00f6ze minden tesztel\u00e9si kateg\u00f3ri\u00e1n \u00e1tment, azaz:<\/p>\n

Korl\u00e1toz\u00e1smentes forgalom
\n
Szegment\u00e1lt forgalom
\n
Egyszer\u0171 szab\u00e1lyok
\n
Komplex, \u201emulti-zone\u201d szab\u00e1lyok<\/p>\n

TLS\/SSL funkcionalit\u00e1s<\/h5>\n

A vSRX eszk\u00f6z k\u00e9pess\u00e9geit a tekintetben is tesztelte a CyberRatings, hogy hogyan kezeli a leggyakoribb webes protokollokat \u00e9s alkalmaz\u00e1sokat haszn\u00e1l\u00f3 c\u00e9lzott t\u00e1mad\u00e1sokat. A term\u00e9knek l\u00e1that\u00f3v\u00e1 kellett tennie a TLS\/SSL payloadokat, \u00e9s felismernie a titkos\u00edt\u00e1ssal elrejtett t\u00e1mad\u00e1sokat, valamint a maguk ellen a titkos\u00edt\u00e1si protokollok ellen ir\u00e1nyul\u00f3 t\u00e1mad\u00e1sokat is. Az eredm\u00e9ny 100 sz\u00e1zal\u00e9kos lett:
justify
no-repeat;left top;;
auto<\/p>\n

\"vsrx_tls_functionality-min\"
center<\/p>\n

Fenyeget\u00e9smegel\u0151z\u00e9s<\/h5>\n

A CyberRatings exploitk\u00e9szlete CVSS pontsz\u00e1mok alapj\u00e1n \u00e1llt \u00f6ssze, azaz v\u00e1ltozatos protokollokkal \u00e9s alkalmaz\u00e1sokkal tesztelte az eszk\u00f6z\u00f6k ellen\u00e1ll\u00f3k\u00e9pess\u00e9g\u00e9t. A Juniper vSRX t\u0171zfal 100 sz\u00e1zal\u00e9kos eredm\u00e9nyt \u00e9rt el a megker\u00fcl\u0151 man\u0151verek elleni v\u00e9dekez\u00e9sben \u00e9s 99,7 sz\u00e1zal\u00e9kos eredm\u00e9nyt az exploitok elh\u00e1r\u00edt\u00e1s\u00e1ban:
justify
no-repeat;left top;;
auto<\/p>\n

\"vsrx_tls_exploits-min\"
center<\/p>\n

Teljes\u00edtm\u00e9ny<\/h5>\n

A CyberRatings a felh\u0151s t\u0171zfal teljes\u00edtm\u00e9ny\u00e9t k\u00fcl\u00f6nb\u00f6z\u0151 forgalmi felt\u00e9telek mellett tesztelte, amely felt\u00e9telek m\u00e9r\u0151sz\u00e1mokat biztos\u00edtanak a val\u00f3s teljes\u00edtm\u00e9ny meg\u00e1llap\u00edt\u00e1s\u00e1hoz. Az \u00e1tviteli teljes\u00edtm\u00e9ny (throughput) a titkos\u00edtatlan \u00e9s a titkos\u00edtott HTTP forgalom vonatkoz\u00e1s\u00e1ban a k\u00f6vetkez\u0151k\u00e9ppen alakult:
justify
no-repeat;left top;;
auto<\/p>\n

\"vsrx_tls_throughput-min\"
center<\/p>\n

A kapcsolat\/m\u00e1sodperc \u00e1tviteli eredm\u00e9nyek (baloldali tengely) \u00e9s a Mpbs \u00e1tviteli eredm\u00e9nyek (jobboldali tengely) az egyes payloadokra vet\u00edtve a HTTP \u00e9s HTTPS forgalomban:
center
no-repeat;left top;;
auto<\/p>\n

\"vsrx_tls_payload-min\"
center<\/p>\n

J\u00f3l l\u00e1that\u00f3 a teljes\u00edtm\u00e9nybeli k\u00fcl\u00f6nbs\u00e9g a tikos\u00edtott \u00e9s a titkos\u00edtatlan adatok feldolgoz\u00e1si sebess\u00e9g\u00e9ben.<\/p>\n

Stabilit\u00e1s \u00e9s megb\u00edzhat\u00f3s\u00e1g<\/h5>\n

A stabilit\u00e1si tesztek ellen\u0151rizt\u00e9k a t\u0171zfal k\u00e9pess\u00e9g\u00e9t a biztons\u00e1g fenntart\u00e1s\u00e1ra norm\u00e1l terhel\u00e9s \u00e9s rosszindulat\u00fa forgalom fogad\u00e1sa k\u00f6zben. A term\u00e9knek a tesztek sor\u00e1n v\u00e9gig stabilan m\u0171k\u00f6d\u0151k\u00e9pesnek kellett maradnia, \u00e9s a kor\u00e1bban blokkolt forgalom 100%-\u00e1t meg kellett \u00e1ll\u00edtania, minden egyes esetben riaszt\u00e1st adva. A vSRX eredm\u00e9nye itt is t\u00f6k\u00e9letes lett:
justify
no-repeat;left top;;
auto<\/p>\n

\"vsrx_tls_stability-min\"
center<\/p>\n

A vSRX tulajdonl\u00e1si k\u00f6lts\u00e9g<\/h5>\n

A teljes tulajdonl\u00e1si k\u00f6lts\u00e9g, azaz a \u201eTotal Cost of Ownership\u201d tekintet\u00e9ben a Juniper Networks felh\u0151 alap\u00fa t\u0171zfaleszk\u00f6z\u00e9nek az al\u00e1bbi k\u00f6lts\u00e9gvonzatait sorolja fel a CyberRatings riportja:<\/p>\n

Felh\u0151szolg\u00e1ltat\u00f3i k\u00f6lts\u00e9g \u00e9s a felh\u0151alap\u00fa t\u0171zfaler\u0151forr\u00e1s (instance) konkr\u00e9t \u00e1ra
\n
Az \u201einstance\u201d futtat\u00e1s\u00e1nak folyamatos (\u00f3r\u00e1nk\u00e9nti) k\u00f6lts\u00e9ge
\n
Licenck\u00f6lts\u00e9gek
\n
\u00dczemeltet\u00e9si k\u00f6lts\u00e9gek (OPEX)<\/p>\n

\u00d6sszevetve ezeket a k\u00f6lts\u00e9geket a tesztel\u00e9si eredm\u00e9nyekkel, a teljes tulajdonl\u00e1si k\u00f6lts\u00e9g (TOC) a v\u00e9dett \u00e1tviteli teljes\u00edtm\u00e9ny (Protected Mbps) f\u00fcggv\u00e9ny\u00e9ben a k\u00f6vetkez\u0151k\u00e9ppen alakult:
justify
no-repeat;left top;;
auto<\/p>\n

\"vsrx_tco-min\"
center<\/p>\n

T\u00f6ltse le a CyberRatings 25 oldalas tesztriportj\u00e1t (PDF)<\/a><\/p>\n

Kapcsol\u00f3d\u00f3 tartalom<\/h5>\n

Juniper Networks k\u00e9pz\u00e9sek a RelNet eLearning programban<\/a>
justify
no-repeat;left top;;
auto<\/p>\n","protected":false},"excerpt":{"rendered":"

A CyberRatings.org letesztelte a Juniper Networks vSRX \u00fajgener\u00e1ci\u00f3s virtu\u00e1lis t\u0171zfaleszk\u00f6z\u00e9t. A Junos 22.4R2.8 oper\u00e1ci\u00f3s rendszerrel felszerelt NGFW eszk\u00f6z majdnem t\u00f6k\u00e9letes, 99,7 sz\u00e1zal\u00e9kos biztons\u00e1gi hat\u00e9konys\u00e1got \u00e9rt el.<\/p>\n","protected":false},"author":1086,"featured_media":33670,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[164],"tags":[198,1463,2377,88,4734,4735,71,161,3040,4736,1617,1184,1483,1060,1610],"yst_prominent_words":[],"class_list":["post-33669","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-juniper-networks","tag-cloud","tag-cvss","tag-cyberratings","tag-firewall","tag-http","tag-https","tag-juniper-networks","tag-junos","tag-ngfw","tag-opex","tag-routing","tag-ssl","tag-tls","tag-tuzfal","tag-vsrx"],"_links":{"self":[{"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/posts\/33669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/users\/1086"}],"replies":[{"embeddable":true,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/comments?post=33669"}],"version-history":[{"count":3,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/posts\/33669\/revisions"}],"predecessor-version":[{"id":33690,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/posts\/33669\/revisions\/33690"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/media\/33670"}],"wp:attachment":[{"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/media?parent=33669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/categories?post=33669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/tags?post=33669"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/relnet.hu\/en\/wp-json\/wp\/v2\/yst_prominent_words?post=33669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}