Layer 7 & Beyond
Challenges security technologies must face.
David Maman
CTO
Layer 7 & Beyond - Challenges security technologies must dmaman@moksai.com
face

Outline
- Presence
• The virtual identity saga
- Web X.0 / HTT-What? / SAAS
• Web experience is changing
- Internal Security
• Internal security – the “Secured” surroundings
- Day usage
• a simple example of unsecured activities
- Mobile
• Mobile devices and networking security
Layer 7 & Beyond - Challenges security technologies must face 2

Presence
Layer 7 & Beyond - Challenges security technologies must face 3

Cross platform/media users identity
• Users identity is roaming across multiple access layers
Access where ever(net access, VOIP presents, free mind)
Web based access (ssl-vpn, etc.) advanced functionalities
• Always available
IM and other applications over multiple access layers
Mail access in multiple variations of delivery/retrieval
• The OS’s
Multiple operating systems are part of this experience
In The Claude/Network solution is not adequate
• The solutions transparency for the user experience is
part of this evolutions
Layer 7 & Beyond - Challenges security technologies must face 4

Web X.0 / HTT-What? / SAAS
Layer 7 & Beyond - Challenges security technologies must face 5

Web x.0 / HTT? / SAAS challenges
• Identity, privacy, reputation and anonymity is changing
• Everyone is a content/service provider
• Any user is part of the system/experience
• Is there End-to-end security architecture?
• The content is delivered and shared everywhere
• Cross site scripting is required
• It’s part of the advantages
• HTTP/S as a transport layer (oovoo, rpc, etc)
• For years it’s among the only un inspected tunnel’s
we’ve allowed, and now it’s almost impossible to
validate and control the application level.
Layer 7 & Beyond - Challenges security technologies must face 6

Web x.0 / HTT? / SAAS challenges
• Changing the way Dynamic content is delivered
• Asynchronous JavaScript (AJAX) and XML will
provide a whole new frontier regarding inspection
for incoming and out going traffic.
• Dynamic analysis approach for security
• Web x.0 public key infrastructure?
• Security services over Web x.0
• We all like cookies (Transport layer)
• Lately several Trojan horses been using cookies
negotiation as a transport layer for data and
commands, can we block/inspect this layer?
Layer 7 & Beyond - Challenges security technologies must face 7

Internal Security
Layer 7 & Beyond - Challenges security technologies must face 8

Is our network really secured ?
Layer 7 & Beyond - Challenges security technologies must face 9

Internal traffic understanding
• Where is the perimeter?
• A network? a segment? a server? a client?
• Can we really understand what is passing?
• Endless number of stacks and applications
• Encrypting what we don’t understand is wrong
• Securely tunneling un analyzed/authorized traffic.
• Number of applications is exponentially increasing
• Any organization in any sector must evolve
• Virtualization solutions are already common
• Resources are being shared with which security?
Layer 7 & Beyond - Challenges security technologies must face 10

Internal security enforcement
• Security approach Internally is the complete
opposed from perimeter security.
• What we block instead of what we allow.
• Viruses are starting to take advantage of the
network “Open Space”
• Worms are distributing Viruses/Trojan horses
that starts the infection by network mapping,
Antivirus and advanced IPS’s are a necessity
• Can we process and analyze all this traffic?
(Network Accelerated processing and Content
Accelerated processing is a must for handling this)
Layer 7 & Beyond - Challenges security technologies must face 11

Day by day usage
Layer 7 & Beyond - Challenges security technologies must face 12

Day by day
• There are many daily activates during which we
don’t think of security consequences..
• The most basic example, Credit Cards:
• Which credit card activity is more secured?
• Online over the internet purchases?
or
• In the neighborhood ?
• Did you ever think about that ?
Let me help you with this one..
Layer 7 & Beyond - Challenges security technologies must face

Basic online ordering architecture
Investments in the
information security has
grown, the needs are
known and there are
many regulations that
oversee the solutions..
DMZ
Layer 7 & Beyond - Challenges security technologies must face

What do you know about these devices?
• Which security solutions been implemented in
these devices that we all trust with our everyday
payment?
• Most of the new devices work over mobile
access (3G/GPRS) with very basic infrastructure
security sometimes running over the same
access regular users use.
• The operating system has almost none security
features or hardening capabilities. (besides plain
txt with md5 keys)
• There is no alerting system for any penetration
tries over the basic operating system over the
management/access interfaces.
• Which do you think is more secured?
Layer 7 & Beyond - Challenges security technologies must face

Mobile
Layer 7 & Beyond - Challenges security technologies must face 16

Explosion of high-value 3G / 3.5G
services
• Endless new services..
Music Video Mail Mail / IM
Gaming Mobile TV VoIP
Presence/Push Collaboration Instant Office
…that requires a network/security solutions
Layer 7 & Beyond - Challenges security technologies must face 17

Where are the threats coming from?
Backbone Security
- Inspecting and managing the BB Internet Access
- Web browsing and downloads
- VOIP solutions
- Dynamic Content updates
- Gambling/gaming/etc. services.
, IM
“Smart” Devices
- with alternate network access methods
Messaging
- Multiple OS’s with various security requirements
Email, Instant Messaging,
-3G Access provides Internet/Network backup
Multimedia Messaging Services
access for business
- Stores use credit cards clearing house over Inter Carrier Connectivity
GPRS/3G. for roaming access
- Privet networks For collaborated Data
Layer 7 & Beyond - Challenges security technologies must face 18

Thank You
David Maman
dmaman@moksai.com
Layer 7 & Beyond - Challenges security technologies must face