20070605 Radware

743 views
655 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
743
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 20070605 Radware

    1. 1. APSolute™ Application Delivery and Security Ein HowTo für NonStop Webservices Michael Geigenscheder
    2. 2. CEO Challenge: Smart Productivity Competitive Business Requirements Time Product Info Transactions Web Enablement Intelligence – CRM & prioritization
    3. 3. Centralization & Web based Application Web Enablement & Data Center Consolidation Higher Productivity Lower OPEX & CAPEX No Servers on Branches Anyone, Anywhere Anytime Access No Dedicated Client Side SW Based on Standards
    4. 4. Application Delivery Challenges Costly Downtimes Increasing volumes of online businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
    5. 5. Application Delivery Challenges Poor Performance Growing distance to end users Protocol “chattiness” Richer content Varying access speeds Encrypted traffic (SSL) Costly Downtimes Increasing volumes of online businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
    6. 6. Application Delivery Challenges Poor Performance Growing distance to end users Protocol “chattiness” Richer content Varying access speeds Encrypted traffic (SSL) Increased Security Threat Vulnerable Web based applications Growing sophistication of applications attacks & network attacks (DoS) Zero day attacks Internal attacks Costly Downtimes Increasing volumes of online businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
    7. 7. The Professional Solution
    8. 8. APSolute™ Application Delivery REGIONAL OFFICE BRANCH OFFICE FW-VPN Antivirus Gateway Web, Email, CRM, ERP HEADQUARTERS Routers
    9. 9. A P S olute Front End Solutions Antivirus Anti Spam URL filter HEADQUARTERS REGIONAL OFFICE BRANCH OFFICE Firewalls Web, Email, CRM, ERP Application Front End: Optimize data center resources to ensure fast, reliable, secure application delivery Availability, Guaranteed Performance, Accelerated Security, Assured AppDirector + AppXcel Complete business continuity, transparent disaster recovery and application optimization
    10. 10. Front End Open Service Architecture <ul><ul><ul><li>Web & Image Compression </li></ul></ul></ul><ul><ul><ul><li>Reverse Caching </li></ul></ul></ul><ul><ul><ul><li>SSL Offloading </li></ul></ul></ul><ul><ul><ul><li>TCP Multiplexing and Splitting </li></ul></ul></ul><ul><ul><ul><li>TCP Optimization </li></ul></ul></ul>AppDirector AppXcel <ul><ul><ul><li>Server L3-L7 loadbalancing </li></ul></ul></ul><ul><ul><ul><li>Integrated Global Load Balancing </li></ul></ul></ul><ul><ul><ul><li>Health Monitoring </li></ul></ul></ul><ul><ul><ul><li>QoS Bandwidth Management </li></ul></ul></ul>Web servers
    11. 11. Integrated Security AppDirector AppXcel Router Client Web Front end Servers Hacker SSL Termination Web and XML Application Firewall Access Control IPS for smart patch management Behavioral DoS Shield
    12. 12. Network Intrusion Prevention Methods <ul><li>Content-based IPS </li></ul><ul><ul><li>Signature-based </li></ul></ul><ul><ul><li>Protocol anomaly rules </li></ul></ul><ul><ul><li>Single bullet, application layer attacks </li></ul></ul><ul><li>Rate-based IPS </li></ul><ul><ul><li>Time based traffic thresholds </li></ul></ul><ul><ul><li>Manual configurations </li></ul></ul><ul><ul><li>High level of expertise </li></ul></ul><ul><ul><li>Attack mitigation (rate limit) </li></ul></ul><ul><li>Adaptive Behavioral IPS </li></ul><ul><ul><li>Behavior analysis (zero-day) </li></ul></ul><ul><ul><li>Self-learning </li></ul></ul><ul><ul><li>Self-adjusting </li></ul></ul><ul><ul><li>“ Hands-off” </li></ul></ul>Radware’s Hybrid Approach Complementary Solutions ! Types of Solutions Available PACKET
    13. 13. Multi Layer “Smart” Adaptive Filters Zero-Day Worms Propagation Network DoS/DDoS Flood attacks Clean Environment Intrusion Activities DefensePro Pro-Active Security Architecture Proactive Network-Based Behavioral Analysis Proactive User-Based Behavioral Analysis Stateful Content Based Protections
    14. 14. Multi Layer “Smart” Adaptive Filters Worms Propagation Network DoS/DDoS Flood attacks Intrusion Activities Network-based behavioral analysis User-based behavioral analysis Stateful Content based protections Clean Environment
    15. 15. Effective Traffic Shaping Prioritized Traffic 1 2 Queuing 3 4 Network Resources Guarantee Using BWM Rules Support for over 100 applications with CBQ, WFQ and wRED queuing algorithms, hierarchical bandwidth management and more P2P VoIP Web Mail… Bandwidth Management Rules Clean Environment VoIP Web P2P Egress Traffic
    16. 16. Public Network Blocking Rules RT statistics Fuzzy Logic Engine Learning Footprint Lookup <ul><li>Attack Characteristics </li></ul><ul><li>Source/Destination IP </li></ul><ul><li>Source/Destination Port </li></ul><ul><li>Packet size </li></ul><ul><li>Type of Service </li></ul><ul><li>TTL (Time To Live) </li></ul><ul><li>DNS Query </li></ul><ul><li>DNS ID </li></ul><ul><li>Packet ID </li></ul><ul><li>TCP sequence number </li></ul><ul><li>Fragment offset </li></ul><ul><li>More … (up to 17) </li></ul>Initial filter is generated: Packet ID Degree of Attack = Low (Positive Feedback) Filter Optimization: Packet ID AND Source IP Filter Optimization: Packet ID AND Source IP AND Packet size Degree of Attack = High (Negative Feedback) Filter Optimization: Packet ID AND Source IP AND Packet size AND TTL Degree of Attack = High Degree of Attack = Low <ul><li>Narrowest filters </li></ul><ul><li>Packet ID </li></ul><ul><li>Source IP Address </li></ul><ul><li>Packet size </li></ul><ul><li>TTL (Time To Live) </li></ul>1 2 3 4 5 Attack’s footprints detection - 10 seconds PPS, Bandwidth, protocol types distribution[%], TCP flags (syn,fin,rst,..)distribution[%]; inbound-outbound traffic [ratio],… LAN 10 0 Closed feedback Time [sec] Mitigation optimization process Behavioral DoS System Modules Inbound Traffic Outbound Traffic 18 Final Filter Start mitigation Initial Filter
    17. 17. Decision Making – Scenario 1 Rate-invariant anomaly axis Attack area Suspicious area Normal adapted area Attack Degree = 5 (Normal- Suspect) Legitimate mass-crowd enter news site Rate-based anomaly axis Y-axis X-axis Z-axis Attack Degree axis Abnormal rate of Syn packets… Normal TCP flags distribution
    18. 18. Decision Making – Scenario 2 Attack Degree = 10 (Attack) DNS Flood Rate-invariant anomaly axis Rate-based anomaly axis Y-axis X-axis Z-axis Attack Degree axis Attack area Suspicious area Normal adapted area Abnormal rate of DNS packets,… Abnormal protocol distribution [%]
    19. 19. Multi-Layer Intrusion Prevention <ul><li>Client side vulnerabilities </li></ul><ul><li>SIP </li></ul><ul><li>IRC bots </li></ul><ul><li>Spyware </li></ul><ul><li>Protocol Anomalies </li></ul><ul><li>IP & TCP evasions </li></ul><ul><li>IPv6 traffic Scanning </li></ul><ul><li>SSL based attacks (*) </li></ul><ul><li>Server based intrusions </li></ul><ul><ul><li>Web Vulnerabilities </li></ul></ul><ul><ul><li>Mail server intrusions </li></ul></ul><ul><ul><li>FTP server intrusions </li></ul></ul><ul><ul><li>SQL server intrusions </li></ul></ul><ul><ul><li>DNS server intrusions </li></ul></ul><ul><li>Worms & Viruses </li></ul><ul><li>Trojans & Backdoors </li></ul><ul><li>Horizontal & Vertical Scanning </li></ul>* Requires AppXcel <ul><li>Network behavioral based zero-day DoS protections </li></ul><ul><li>User/Hosts behavioral based zero day worm and bots protection </li></ul><ul><li>Bi-directional scanning, stateful content-based Intrusion Prevention </li></ul>
    20. 20. Integrated Security AppDirector AppXcel Router Client Web Front end Servers Hacker SSL Termination Web and XML Application Firewall Access Control IPS for smart patch management Behavioral DoS Shield
    21. 21. Securing Web Application – The Need <ul><li>Protect browser-based applications from unknown exploits </li></ul><ul><ul><li>Ensure users perform only legal actions </li></ul></ul><ul><li>Ensure that new code is secured </li></ul><ul><ul><li>Application developers are not security experts </li></ul></ul><ul><li>Application support team likely not original developers </li></ul><ul><ul><li>Require a tool for identifying & protecting security vulnerabilities </li></ul></ul><ul><li>Process large volumes of traffic without compromising performance or security </li></ul><ul><li>Protect and inspect encrypted (SSL) traffic </li></ul>
    22. 22. A P S olute Solution – Integrated WAF <ul><li>Automated Web Application Firewall protection without manual intervention </li></ul><ul><ul><li>Unknown application level exploits protection </li></ul></ul><ul><ul><li>Zero-day web-worm attacks protection </li></ul></ul>
    23. 23. The Need to Protect Web Applications <ul><li>The wide range of attack kinds indicates the severity of the problem. </li></ul>
    24. 24. Business Values of Integrated WAF <ul><li>Non - stop business operation </li></ul><ul><ul><li>Automatic adaptation to content changes </li></ul></ul><ul><ul><li>Smooth failover and automatic bypass of faulty WAF </li></ul></ul><ul><li>Streamlining business operation </li></ul><ul><ul><li>Cost effective scalability </li></ul></ul><ul><ul><li>Acceleration of Web and SSL traffic </li></ul></ul><ul><li>Lowering deployment & operational cost </li></ul><ul><ul><li>Lowering cost of vulnerability fixes </li></ul></ul><ul><ul><li>Less rack space </li></ul></ul><ul><ul><li>Single-vendor relationship </li></ul></ul><ul><ul><li>Common management interface </li></ul></ul>
    25. 25. Centralized Security Reporting Monitor all malicious activity, across the network, in real-time Customize reports , for executive to bit-level analysis & forensics Executive Report, to provide network security summary
    26. 26. A P S olute Access Solutions Anti Spam REGIONAL OFFICE BRANCH OFFICE Firewalls Access Solution: Optimize WAN link resources to ensure fast, reliable, secure application delivery Availability, Guaranteed Performance, Accelerated Security, Assured Antivirus URL filter HEADQUARTERS Linkproof Complete business continuity, transparent disaster recovery and quality of service Web, Email, CRM, ERP
    27. 27. Multi WAN Solution Routers LinkProof Headquarter Local Network Corporate users ERP, CRM, email, Web servers Private Public <ul><ul><ul><li>Smart WAN link optimization </li></ul></ul></ul><ul><ul><ul><li>Link Health Monitoring </li></ul></ul></ul><ul><ul><ul><li>QoS enforcement </li></ul></ul></ul><ul><ul><ul><li>Application Smart Routing </li></ul></ul></ul><ul><ul><ul><li>IPS & DoS protection </li></ul></ul></ul><ul><ul><ul><li>Behavioral based Protection </li></ul></ul></ul>
    28. 28. APSolute™ Application Delivery REGIONAL OFFICE BRANCH OFFICE FW-VPN Antivirus Gateway Web, Email, CRM, ERP HEADQUARTERS Routers 100% Availability Maximum Performance Absolute Security

    ×