F5 big v10_websecurity pressshort-phpapp01


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • http://www.wilmerhale.com/publications/whPubsDetail.aspx?publication=1948 you can find public information on American Airlines, eBay and others who were involved with legal procedures against scrapers.Ryanair – Stolen data, litigation costs, decreasing revenueWins injunction against VtoursGmBHForbids screen-scraping as commercial use*Ryanair sent cease and desist letters to 300 siteshttp://www.theregister.co.uk/2008/06/25/easyjet_warns_expedia/*http://www.theregister.co.uk/2008/07/11/ryanair_screen_scraping_victory/**http://www.theregister.co.uk/2008/06/27/easyjet_travel_sites_warned/http://news.idg.no/cw/art.cfm?id=08DFD829-1A64-67EA-E4996B477BBCB6D3What I discovered is that our Web sites are being "scraped" by other companies -- our competitors! Some of the information on our sites is valuable intellectual property. It is provided online, in a restricted manner (passwords and such), to our customers. Such restrictions aren't very difficult to overcome for the Web crawlers that our competitors are using, because webmasters usually don't know much about security. They make a token attempt to put passwords and restrictions on sensitive files, but they often don't do a very good job.
  • Online dictionary for help. Network guy challenged with application security and now has violation and attack type description. Attack expert system provides knowledge, testing and reporting of attacks and policies: Attack profiles - Every attack is now explained, every violation includes detailed description of the exact check that ASM performsStaging – policies are staged so tightening changes are made before enforcementSuperior reporting - detailed review of vulnerabilities allowing for fast mitigation and easy management
  • Competition has beaten us up in the past but we haveconsolidated with PCI reports. With new PCI reporting, BIG-IP ASM details security measures required by PCI DSS 1.2, if you are in compliance and if not, steps required to become compliant.
  • A typical DNS request goes through a recursive set of public DNS servers to resolve the domain name. In this case I’m looking to connect to www.example.com. But one of these DNS servers has been compromised through cache poisoning. Cache poisoning occurs when a resolver or recursive DNS server queries another server in an effort to answer a query, and an attacker spoofs the query response to the resolver or recursive server. This can occur when the attacker impersonates the queried server by using an appropriate DNS message. In the case of the recursive server receiving such an answer, it not only supplies the resolver with the falsified information, it caches the information such that future queries, at least during the valid time interval of the answer, are answered with the same falsified information.
  • F5 big v10_websecurity pressshort-phpapp01

    1. 1. BIG-IP V10.1Advanced Web Security<br />November 2009<br />
    2. 2. F5 Announcement Highlights<br /> New release of BIG-IP delivers advanced Web security solutions to help customers efficiently address threats to Web applications<br /><ul><li>Web scraping attack protection
    3. 3. Better protection against automated scanners and bots
    4. 4. Simplified PCI compliance
    5. 5. Reporting with human readable policies to validate compliance with PCI DSS 1.2
    6. 6. Secure and Dynamic DNS
    7. 7. Meets DNSSEC 2009 government compliance
    8. 8. IP Geo-Location database
    9. 9. Integrated into F5’s TMOS architecture
    10. 10. Announcement date: Nov. 16, 2009</li></li></ul><li>Airline Inventory Vulnerable to Web Scraping <br />Ryanair – Stolen data, litigation costs, decreasing revenue<br />Wins injunction against Vtours GmBH<br />Forbids screen-scraping as commercial use*<br />Ryanair sent cease and desist letters to 300 sites<br />easyJet warns Expedia: 'Hands off our flights‘<br />
    11. 11. Protection from Web Scraping <br />Remote users<br />Dublin Datacenter<br />Frankfurt Datacenter<br />Legitimate users see inventory while scrapers are remediated<br />IT Staff<br />IT Staff<br />Automated scraper<br />Comprehensive reporting on scraping attacks<br />Web<br />Domino<br />Network<br />Detect requests and determine web site is being scraped <br />Web<br />Domino<br />Network<br />BIG-IP 8900<br />BIG-IP 6900<br />LTM/ASM<br />LTM/ASM<br />Solution<br />Protects valuable intellectual property<br />Prices are controlled and users see airline approved inventory<br />Integrated scrape reporting for PCI compliance<br />Avoid litigation drastically reducing legal costs<br />
    12. 12. Attack Expert System<br />
    13. 13. Improved PCI Compliance Reporting<br />
    14. 14. DNS Infrastructure is VulnerableSpoofing and cache poisoning allow hijacking of domains<br />Example.com<br />www.example.com?<br />www.example.com?<br />GSLB<br /><br /><br />App Servers<br />LDNS<br />Cache poisoning<br />Problem<br />Need to secure DNS infrastructure<br /><ul><li>Cache poisoning and spoofing can hijack DNS records
    15. 15. Need a method for trusted responses
    16. 16. Need to meet US Government mandate for DNSSEC compliance</li></ul>Hacker<br />
    17. 17. Securing the DNS InfrastructureDynamic and secure DNS with Global Traffic Manager<br />Example.com<br />www.example.com?<br />www.example.com?<br />BIG-IP GTM<br /><br />+ public key<br /><br />+ public key<br />App Servers<br />LDNS<br />Client gets signed, trusted response<br />Solution<br />Secure and dynamic DNS<br /><ul><li>Ensure users get trusted DNS queries with signed responses
    18. 18. Reduce management costs – Simple to implement and maintain
    19. 19. Meet mandates with DNSSEC compliant solution</li></ul>Hacker<br />
    20. 20. F5 – A Better Solution For Web Security<br />BestWAF with protection from Web Scraping (ASM)<br />Best WAF to assist administrators in understanding security threats (ASM: Attack Expert) <br />Simplified PCI Reporting (ASM)<br />Only GSLB with DNSSEC (GTM)<br />