縱深防禦 劉乙 美商 Fortinet資深技術經理 We’re talking about network PROTECTION, which is broader than just SECURITY

AGENDA 資通安全解決方案 10 min Fortinet Solution & Reference 15 min 討論 15 min 附件 : IDC report / Fortinet 簡介 / 解決方案文件 / 力麗科技簡介 CONFIDENTIAL

目的與效益 目的： 為符合行政院資通安全會報的要求 並提供校園網路資訊安全防禦縱深， 依照各類資安系統等級應執行之工作事項， 提供完整且優惠的解決方案。 。   效益： 一次到位 節省開支 CONFIDENTIAL

各類資安系統等級應執行之工作事項: 防禦機制強度 防禦縱深 ISMS推動作業 稽核方式 資安教育訓練(主官、主管、技術、一般) 專業證照   防禦機制強度 防禦縱深 ISMS推動作業 稽核方式 資安教育訓練(主官、主管、技術、一般) 專業證照 A級 強度等級4 NSOC直接防護/自建SOC、IDS、防火牆、防毒 96年通過第三者認證 每年至少執行二次內稽 每年至少(4,6,18,4小時) 96年資安專業鑑定二張 B級 強度等級3 SOC (Optional)、IDS、防火牆、防毒 97年通過第三者認證 每年至少執行一次內稽 每年至少(4,6,16,4小時) 96年資安專業鑑定一張 C級 強度等級2 IDS、防火牆、防毒 各單位自行成立推動小組規劃作業 自我檢視 每年至少(2,6,12,4小時) 資安專業訓練 D級 強度等級1 防火牆、防毒 推動ISMS觀念宣導 每年至少(1,4,8,2小時)   CONFIDENTIAL

合作模式 配合 專業顧問公司作業 ISMS推動/稽核輔導/教育訓練/專業執照 並由Fortinet原廠提供 防禦縱深：FW/IDP/AV/資安報表 解決方案 1. 原廠專業服務團隊 2. 原廠專業訓練課程與技術轉移合作 CONFIDENTIAL

Why Fortinet? Proven Experience & Leading in the Security Gateway Market 100,000 units deployed 台中縣網167台FG400, 台北縣網FG3600X2, 中華電信IDC FG800X200台 清華大學FG3600X5,成功大學,陽明大學,靜宜大學, 等60餘所大專院校 景文技術學院FG5020X2,台中市網FG5050,基隆市網FG5050,淡江大學5050X4,高應大FG5050. Best Performance in IDP / Antivirus / Firewall Security Gateway - 3 x price performance in IDP / Antivirus / Firewall - Worldwide No.1 Performance Security Gateway by ASIC Certified : EAL4+,NSS, FISP certified - 5 x ICSA certified – Antivirus, NIDS, Firewall, IPSecVPN,SSLVPN 2005 IT WEEK Dec.年度調查 _ 防火牆 _Fortinet 大專院校市佔率 第 1 名 _ 30% 2005 NBL 交大網路測試中心 第 1 名 FG3600- 防毒網安設備 測試評比 2005年 資策會 資安總冠軍 UTM & IM/P2P 第 1 名 & VPN MIS Manager Best Choice 2004-2005 IDC 報告 _ 網安閘道器 _Fortinet 全球市佔率 第 1 名 _ 29.5%

Fortinet Company Overview Founded October, 2000 Founder, former Pres. & CEO of NetScreen (NASDAQ: NSCN) 550 employees; HQ in Sunnyvale, CA Offices throughout Americas, EMEA and Asia Belgium, France, Germany, Italy, Sweden, UK Tokyo, Seoul, Beijing, Shanghai, Hong Kong, Taipei, Singapore, KL, etc. Creators of world’s only ASIC-powered antivirus systems Addressing the need for real-time network protection More than 100,000 FortiGate units shipped to 2,000 customers Achieved >10x revenue growth in 2003 vs. 2002 Among the fastest growing network security companies in history Completed $50 million mezzanine financing Feb 2004 Total equity raised $93 million CONFIDENTIAL

FORTINET在台灣大專院校市場第一名 FORTINET取得30% 遙遙領先Cisco 15%, Netscreen 15% 根據 IT WEEK最新報導，2005年統計 FORTINET在台灣大專院校市場第一名 FORTINET取得30% 遙遙領先Cisco 15%, Netscreen 15%  2005.12.12 1

根據IDC最新報導，FORTINET在UTM 全球市場以 29.5% 取得No.1 第一名網安市場佔有率 第一名網安市場佔有率  1

Fortinet Technology Advantages

Fortinet Vision The Best UTM Security Gateway Speed / Feature set Next Generation ASIC-Accelerated Content security 3rd Generation ASIC-Acceleration 2nd Generation Hardware & Software 1st Generation Software

FORTINET 資訊網路安全解決方案 FortiProtect 提供7x24 即時安全防護與應變中心 FortiMail提供垃圾郵件管理 FortiGate ASIC Base全系列網安閘道器 FG50A/60/100A/200A/300A400A/500A/800F/1000AFA2 3600/5000 滿足顧客網安需求與高速效能 FortiAnalizer提供完整的 安全紀錄與詳盡的統計 分析報表 FortiClient提供desktop Person firewall & 防毒 防駭 與 VPN 服務 FortiManager提供 集中控管與設定服務

Fortinet Differentiators - Products, Technology, Service & Support Only ASIC accelerated Antivirus system in the world Most scalable family of UTM platforms All models include integrated security applications Services Infrastructure to ensure rapid threat response FortiGuard Subscription, FortiCare Support, FortiProtect Network Lowest TCO – priced per unit, not per user And Lowest Total Cost of Ownership

FortiGate Product Family SOHO Branch Office Medium Enterprise Large Enterprise Service Provider/Telco FortiGate-5000 Same Feature Set Throughout FortiGate-3600 FortiGate-3000 Redundant PS, VDom FortiGate-1000 Gigabit perf THROUGHPUT FortiGate 800 Gigabit Eth FortiGate 500A High port density FortiGate-400A FortiGate-300A FortiGate-200A Integrated Logging FortiGate-100A FortiGate-60 / FortiWifi High Availability, VLAN support FortiGate-50A

Not shown: shelf management module FortiGate-5050 chassis FortiGate-5001 Blade FortiGate-5001 Blade FortiGate-5001 Blade FortiBlade-5003 Blade FortiBlade-5003 Blade DC Power Only – External AC to DC power convert Unit required for AC applications Not shown: shelf management module

FortiGate 5050 Modules FortiGate-5001FA2 AntiVirus Firewall Blade Same as in FortiGate-5020 Full network security services Firewall, AV, VPN, IDP, etc… Provides Network Interfaces Up to 5 in a FG-5050 chassis Typical installs will have 3 modules FortiBlade-5003 Switch Blade Provides Intra-chassis communications Also used for Inter-chassis HA Interface Links connects multiple chassis together Either 1 or 2 Switch Blades per chassis With 2 Switch Blades the 5050 chassis has no single point of failure

FortiGate-5001FA2 Module for FG-5000 series Power Hard Disk Access Status 1 2 3 4 5 6 7 8 Module Lock Console Connection Mounting Knot USB Gigabit Fiber 10/100/1000 FortiGate Antivirus Firewall on a Blade Works in any FortiGate 5000 series chassis 8 GigE interfaces per blade 4 SFP removable (SX standard – LX option) 4 10/100/1000 TX Console access DB9 on current boards USB x 2 (future use) Locking handles and thumbscrews Hot swappable operation and standardized LED status indicators

FortiGate 5053 Power Converter AC to DC Power Converter for FG-5050 AC power applications require FG-5053 converter unit FG-5050 chassis accepts DC power only 1 RU shelf, mounts above or below FG-5050 chassis 3 hot swappable power supply modules Requires 2 out of 3 to operate chassis Two FG-5053 units can be used for redundant power feeds FG-5050 chassis can accept redundant DC power inputs

Competitive Comparison FortiGate 5050 Feature FortiGate 5050 Symantec 5460 Juniper NetScreen 5400 Cisco ASA FW/IDP/AV Yes/Yes/Yes No/Yes/Yes Yes/No/No AV/content scanning Included Per user charge No Threat Response Yes AV/IDS Only FW/VPN Performance 20G / 3G bps 200/90 Mbps 2000/800 Mbps x Giga Ports Max. 40 Giga port 4 24 2 Certification EAL4+, NSS ICSA X5 ICSA X 2 EAL4+, ICSAX2 ICSAX1 Symantec 5460 should be No/Yes/No for ASIC powered FW/VPN/AV as they have 2 Broadcom Enc Accel. on board

AGENDA CONFIDENTIAL

FortiGate 1000AFA2 Highlights Performance 2 Gbps Firewall Throughput 250 Mbps 3-DES VPN Throughput 200 Mbps AV Scanning Throughput 2 Rack Unit Height w/ Dual Power Supplies New Intel Xeon E7520 3.2 GHz CPU 1 GB RAM

FortiAccel FortiGate 1000AFA2 FortiAccel (FA2) option adds two additional SFP ports 10 port 10/100/1000Mbps TX, and 2 SFT. Choice of SX, LX, or TX (copper) SFP modules Provides wire-speed firewall performance at all packet sizes Not field upgradeable, requires different Front Panel assembly

Competitive Comparison FortiGate 1000FA2 Feature FortiGate 1000A-FA2 Symantec 5460 Juniper NetScreen 500/ISG1000 Cisco ASA5300s FW/IDP/AV Yes/Yes/Yes No/Yes/Yes Yes/Yes/No AV/content scanning Included Per user charge No Threat Response Yes AV/IDS Only FW/AV Performance 2G / 200M bps 200/90 Mbps 700M / No Mbps x Giga Ports Max. 12 Giga port 4 8 / 4 2 Certification EAL4+, NSS ICSA X5 ICSA X 2 EAL4+, ICSAX2 ICSAX1 Symantec 5460 should be No/Yes/No for ASIC powered FW/VPN/AV as they have 2 Broadcom Enc Accel. on board

The New Generation of Security Solutions

Campus Network Security Solution _ Fortinet 20051212 Intranet / Extranet Internet 2 FG5020, provides Antivirus, IDS/IDP and Firewall protection, and traffic shaping functionality for dorms Backbone 1 FG5050X2, HA adds Antivirus & IDS/IDP protection at Internet as transparent mode behind existing firewall 2 校務行政 Services DMZ 3 TS 1 Dorms 3 FG3600X2, HA adds Antivirus, IDS/IDP protection for application Labs 5 College building 5 Core Network Data Center 4 FG1000FA2add Antivirus, IDS/IDP as transparent mode behind existing Firewall 4 FG1000FA2X2, HA provides in-line firewall, Antivirus, IDS/IDP , Firewall functionality to data center 6 電腦教室 及各系所 FG100A/200A/300A 防毒. 防入侵攻擊

FortiGate Antivirus Firewalls: A New Generation of Security Platforms Hacker X Email Spam Viruses worms X FortiGate Internet X Intrusions X Banned content www.find_a_new_job.com www.free_music.com www.pornography.com Real-Time Content Security at the Network Edge

Instant Reporting 主要功能 可以針對跨廠牌、多個防火牆系統的events/logs做分析與報表管理 可分別針對In-bound/Out-bound流量、web使用量、 頻寬使用量與入侵攻擊行為等相關資訊做分析 完整的報表分析功能 超過200種預設報表 即時與歷史資料分析 可自訂報表格式與排程產生報表 Internet usage, web activities, virus activities and trend analysis 專案實績 : 台北市政府 IDC ( acer eDC )

Instant Reporting

FortiAnalyzer v3.0 – Report Example Now over 300 different report templates available

榮獲最多的國際安全認證 ICSA Labs Certified： Antivirus, Firewall, IPSec, SSL-TLS, IPS Common Criteria EAL-4+ Certification NSS Group Certification for IDP &UTM Virus Bulletin 100 Award

World Class Services and Support

What We Do Fortinets products span a broad range of applications, from the first multi-gigabit-speed security systems for Internet data centers and service providers all the way to solutions for single telecommuters. Management of Fortinet's security systems and appliances is handled through Forti manager, a scalable appliance platform that enables easy deployment, provisioning and network control. Fortinet, Inc. develops and sells the industry's highest performing security gateways offering integrated firewall, VPN, Antivirus, and Intrusion protection solutions.

Antivirus requirement 25%+ of virus infections delivered via Web traffic vs. email Software AV scanning is too slow for Web traffic Only Asic-based AV systems allow real-time network protection

Intrusion detection highlights Customizable attack list to enable and disable signatures Possibility to import SNORT signature Support for customer self-defined signatures

Integrated intrusion detection The IDS engine: Hooks into the routing and firewall modules and application layer Coordinates with the FortiASIC to quickly peek into traffic and check for traffic patterns that match specified IDS signatures

Protection profile – Intrusion control Detection methods: Signatures Anomalies Scanning attacks Flooding attacks

802.1Q VLAN support FortiGate 60 and above Multiple VLAN based sub-interfaces Definable on every physical port and VLAN trunking support Support for overlapped IP addresses with different VLAN tags Inter-(sub) interface security policies VLAN based AV VLAN based NIDS VLAN based content filtering VLAN based VPN construction VLAN based firewall policy and traffic shaping Virtual Domain Effectively provides partitioned and scalable security service from the same physical security device to serve multiple customers

VLAN in routed or transparent mode Routed mode Routing between VLAN interfaces 30 10 40 20 Trunk interface Trunk interface Transparent mode. FortiGate acts as a bridge. Packets are not routed from one VLAN to another 30 30 40 40 Trunk interface Trunk interface

High availability highlights Supported on FortiGate-60 and higher Supported in transparent mode or routed mode Supports both Active-Passive and Active-Active configurations Active-Passive mode provides automatic and transparent failover: Firewall and IPSec session synchronization Failover in less than 3s FortiGate units send an email and SNMP trap, and log the event Active-Active mode provides in addition: Firewall load-balancing between units Antivirus load-balancing between units Link status monitoring and failover

High availability highlights HA hearbeats Used to: Communicate cluster session information (firewall sessions and IPSec SAs) Synchronize the cluster configuration Report individual cluster member status Sent on a HA link Redundant HA links: Any interface can be chosen as a HA link An interface already configured to receive user traffic can be configured for HA heartbeat as well Any number of backup HA links can be configured

Other High-availability Enhancements HA Link Security Data encryption between members of a HA cluster Additional model support FortiGate-60/100/200 FortiWiFi-60 WLAN interface is not a supported HA interface. Active-Active mode Additional support for load balancing of non-AV traffic All TCP sessions will be load-balanced

Antispam protection highlights Uses a wide variety of local and network tests to identify spam signatures Source blocking IP address Static lists Dynamic database: RBL & ORDBL Email address FortiShield (IP Address and URI scanning) Content blocking MIME headers Banned word Once identified, the mail is: Tagged as spam for later filtering using the user's own mail user-agent application Enables easy sorting by any email client Or rejected (SMTP) S P A M

FortiShield AntiSpam Service Fortinet managed antispam service with “dual pass” scan technology For FortiGate and FortiMail Benefits Greatly reduces processing overhead on email servers and antispam gateways Reclaims bandwidth taken by spam email Supplements any other antispam solution Cost effective managed solution lowers maintenance overhead of managing static content filters

大型專案實績 Paul Huang Sales VP Taiwan (M):0955775318 We’re talking about network PROTECTION, which is broader than just SECURITY Paul Huang Sales VP Taiwan (M):0955775318

大型專案實績 - FORTINET Taiwan 台中市教育網路中心 : FG5050骨幹防毒牆/NIPD/防火牆94.09 基隆市教育網路中心 : FG5050骨幹防毒牆/NIPD/防火牆94.11 淡江大學 : FG5050X4 校園骨幹防毒牆/NIPD/防火牆 94.11 景文技術學院: FG5020X2校園骨幹防毒牆/NIPD/防火牆94.06 朝陽科技大學 : FG5050校園骨幹防毒牆/NIPD/防火牆 94.12 高雄應用大學 : FG5050校園骨幹防毒牆/NIPD/防火牆 94.07 台中縣小學網安: FG400 X 167 台 93.11

大型專案實績 - FORTINET Taiwan 清華大學 : FG3600x2 郵件防毒牆 / NIPD / 防火牆 94.01 清華大學 : FG3600x2 主機防毒牆 / NIPD / 防火牆 94.09 清華大學 : FG3600 骨幹防毒牆 / NIPD / 防火牆 94.11 實踐大學 : FG3600x2 防毒牆 / NIPD / 防火牆 94.04 開南技術學院 : FG FG3600 防毒牆 / NIPD / 防火牆94.01 長庚技術學院 : FG3600 防毒牆 / NIPD / 防火牆 93.10 聖約翰大學 : FG3600x1 防毒牆 / NIPD / 防火牆 94.12

大型專案實績 - FORTINET Taiwan 中華大學：FG4000校園骨幹AntiVirus,Firewall/NIDP 93.5 淡江大學：FG3600校園骨幹AntiVirus,Firewall/NIDS 92.9 中央大學遙測中心 : FG3000防毒牆 / NIPD / 防火牆 93.3 台北醫學大學 : FG3000校園骨幹Firewall/不當網頁過濾92.9 輔仁大學：FG3600校園骨幹Firewall/NIDP,FG200AV 92.8 東吳大學：FG3000校園骨幹Firewall/NIDS,FG1000 92.8 （Internet Server Farm Anti-Virus） 真理大學：FG3600 x 2 校園骨幹Firewall/IDP 93.7

大型專案實績 - FORTINET Taiwan 國防大學 : FG3000x2 防毒牆 / NIPD / 防火牆 93.01 清雲大學 : FG3600x2 防毒牆 / NIPD / 防火牆 93.03 華梵大學 : FG3000 防毒牆 / NIPD / 防火牆 92.11 龍華科技大學：FG3000校園骨幹Firewall/NIDS 92.09 景文技術學院 : FG3000校園骨幹Firewall/NIDS 92.07 亞東技術學院 : FG3000校園骨幹Firewall/NIDS 94.11

大型專案實績 - FORTINET Taiwan 陽明大學 : FG1000 Firewall / VPN 92.10 陽明大學 : FG3000校園骨幹 IDP 93.10 陽明大學 : FG50A X 16台校園NAT 94.08 銘傳大學：FG3000資管學院Firewall/NIDS 93.09

大型專案實績 - FORTINET Taiwan 台北師範學院 : FG3600 防毒牆 / NIPD / 防火牆 92.11 FG1000 防毒牆 / NIPD / 防火牆 台北護理學院 : FG3000 防毒牆/NIPD/防火牆/頻寬管理93.03 台北護理學院 : FG1000 防毒牆/NIPD/防火牆/頻寬管理93.12 台北護理學院 : FG800 防毒牆/NIPD/防火牆/頻寬管理 94.04 靜宜大學：FG3600校園骨幹AntiVirus,Firewall/NIDS 93.1 靜宜大學：FG3600校園骨幹AntiVirus,Firewall/NIDS 93.5 靜宜大學：FG3600校園骨幹AntiVirus,Firewall/NIDS 94.3 東海大學：FG3000校園骨幹AntiVirus,Firewall/NIDS 93.6 東海大學：FG3000校園骨幹AntiVirus,Firewall/NIDS 94.3

大型專案實績 - FORTINET Taiwan 明新科技大學: FG3000校園骨幹AntiVirus,Firewall/NIDS93.12 弘光技術學院 : FG3000 防毒牆/NIPD/防火牆 93.3 勤益技術學院：FG3000 防毒牆/NIPD/防火牆/頻寬管理92.8 永達技術學院：FG3000校園骨幹Firewall/NIDS 92.7 台中技術學院：FG3000校園骨幹Firewall/NIDS 92.9 台中師範學院 : FG400 防毒牆 / NIPD / 防火牆 92.7 FG3600 防毒牆/NIPD/防火牆 93.12 FG50A x 6台 防毒牆 / NIPD / 防火牆 94.04

大型專案實績 - FORTINET Taiwan 大葉大學：FG3000校園骨幹AntiVirus,Firewall/NIDS 93.12 嘉南藥理：FG3600校園骨幹AntiVirus,Firewall/NIDS 93.6 宜蘭大學：FG800校園骨幹AntiVirus,Firewall/NIDS 93.6 暨南大學 : FG3600校園骨幹AntiVirus,Firewall/NIDS 94.4 南華大學 : FG3600校園骨幹AntiVirus,Firewall/NIDS 94.3 雲林科技大學：FG1000x2 校園骨幹Firewall/NIDS 92.9 台南護專 : FG3000校園骨幹Firewall/NIDS 92.12

大型專案實績 - FORTINET Taiwan 台灣體育學院 : FG400 防毒牆 / NIPD / 防火牆 93.04 陸軍化校 : FG400 防毒牆 / NIPD / 防火牆 93.04 高雄應用大學 : FG400 防毒牆 / NIPD / 防火牆 93.06 高雄海洋科大 : FG800 防毒牆 / NIPD / 防火牆 93.06 佛光大學 : FG800 防毒牆 / NIPD / 防火牆 93.07 崑山科技大學 : FG800 防毒牆 / NIPD / 防火牆 94.02 空軍官校 : FG1000 防毒牆 / NIPD / 防火牆 93.03

大型專案實績 - FORTINET Taiwan- 中山醫學大學 : FG-3000 x 1 94.2 達德商工 : FG-1000 x 1 94.3 高苑技術學院: FG-3600 x 1 94.5 南亞技術學院 : FG-3000 x 1 94.6 國立高雄大學 : FG-3600 x 1 94.8 國立聯合大學 FG : FG-3000 x 1 94.8

Case Study 淡江大學

TKU Security Network Arch. 化館 商館 台北 工館 Internet 蘭陽校區 FB1000F FB1000F FB1000F FB1000F 行政 FG3600 FB1000F FG5050+4*FG5001-FA2 FB1000F ADSL FB1000F Vlan Trunk 圖書館 FB1000F FG60WiFi FG800 外語 FB1000F 校外宿舍 Cable 宿舍 ADSL 淡江學園 IBM Application Server farm

FortiGate _TKU FortiClient for PC/Notebook Antivirus/Personal Firewall/ Spam FG5050 with 4 x 5001FA2 _ for Campus backbone/idc FG3600 _ for I-land campus FG800 _ for IBM campus application servers Fortibridge1000F X 9 _ for Bypass FG200 _ for Le-sui campus building FG60wifi _ for MIS mobile security FortiAnalizer_for Log & Reporter

Successful Story 景文技術學院 FG5020

Successful Story 景文技術學院 FG5020 結論 「校園內部網路威脅的防範，困難度遠遠大於防範來自外部的網路威脅。 FortiGate-5020為我們做到了最即時的保護，不僅提供學生一個穩定的網路環境， 也保障了景文電算中心教學資料的安全。」   「只針對病毒、入侵或垃圾郵件等傳統單一的防護方式，已不足以應付現今各式 各樣的網路威脅，特別是校園網路相當普及的點對點應用，對網路安全來說更 是一大威脅。 Fortinet的整合式網路威脅管理系統FortiGate-5020，效益遠遠超 乎我們的預期，不僅兼俱效能與成本優勢，電信等級的防護能力與擴充性，更 讓景文技術學院能隨時掌控校園網路的危安狀況。­」 －－景文技術學院電算中心主任羅光志博士

Key Success Factors       Significant Market Opportunity Differentiated Technology  Superior Customer Value Proposition  Solid Execution  Scalable Business Model  Visionary and Experienced Leadership Team

Thank you！ Q&A