David Maman Layer7 And Beyond

970 views

Published on

Presentation from a lecture that i gave several times in Israel, South Africa, across Europe and other places about: Layer 7 & Beyond, Challenges security technologies must face. talking about the "Virtual presence", Web 2.0/SAAS, Internal network security, example of daily unsecured activities and some mobile security.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
970
On SlideShare
0
From Embeds
0
Number of Embeds
49
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

David Maman Layer7 And Beyond

  1. 1. Layer 7 & Beyond Challenges security technologies must face. David Maman CTO Layer 7 & Beyond - Challenges security technologies must dmaman@moksai.com face
  2. 2. Outline - Presence • The virtual identity saga - Web X.0 / HTT-What? / SAAS • Web experience is changing - Internal Security • Internal security – the “Secured” surroundings - Day usage • a simple example of unsecured activities - Mobile • Mobile devices and networking security Layer 7 & Beyond - Challenges security technologies must face 2
  3. 3. Presence Layer 7 & Beyond - Challenges security technologies must face 3
  4. 4. Cross platform/media users identity • Users identity is roaming across multiple access layers Access where ever(net access, VOIP presents, free mind) Web based access (ssl-vpn, etc.) advanced functionalities • Always available IM and other applications over multiple access layers Mail access in multiple variations of delivery/retrieval • The OS’s Multiple operating systems are part of this experience In The Claude/Network solution is not adequate • The solutions transparency for the user experience is part of this evolutions Layer 7 & Beyond - Challenges security technologies must face 4
  5. 5. Web X.0 / HTT-What? / SAAS Layer 7 & Beyond - Challenges security technologies must face 5
  6. 6. Web x.0 / HTT? / SAAS challenges • Identity, privacy, reputation and anonymity is changing • Everyone is a content/service provider • Any user is part of the system/experience • Is there End-to-end security architecture? • The content is delivered and shared everywhere • Cross site scripting is required • It’s part of the advantages • HTTP/S as a transport layer (oovoo, rpc, etc) • For years it’s among the only un inspected tunnel’s we’ve allowed, and now it’s almost impossible to validate and control the application level. Layer 7 & Beyond - Challenges security technologies must face 6
  7. 7. Web x.0 / HTT? / SAAS challenges • Changing the way Dynamic content is delivered • Asynchronous JavaScript (AJAX) and XML will provide a whole new frontier regarding inspection for incoming and out going traffic. • Dynamic analysis approach for security • Web x.0 public key infrastructure? • Security services over Web x.0 • We all like cookies (Transport layer) • Lately several Trojan horses been using cookies negotiation as a transport layer for data and commands, can we block/inspect this layer? Layer 7 & Beyond - Challenges security technologies must face 7
  8. 8. Internal Security Layer 7 & Beyond - Challenges security technologies must face 8
  9. 9. Is our network really secured ? Layer 7 & Beyond - Challenges security technologies must face 9
  10. 10. Internal traffic understanding • Where is the perimeter? • A network? a segment? a server? a client? • Can we really understand what is passing? • Endless number of stacks and applications • Encrypting what we don’t understand is wrong • Securely tunneling un analyzed/authorized traffic. • Number of applications is exponentially increasing • Any organization in any sector must evolve • Virtualization solutions are already common • Resources are being shared with which security? Layer 7 & Beyond - Challenges security technologies must face 10
  11. 11. Internal security enforcement • Security approach Internally is the complete opposed from perimeter security. • What we block instead of what we allow. • Viruses are starting to take advantage of the network “Open Space” • Worms are distributing Viruses/Trojan horses that starts the infection by network mapping, Antivirus and advanced IPS’s are a necessity • Can we process and analyze all this traffic? (Network Accelerated processing and Content Accelerated processing is a must for handling this) Layer 7 & Beyond - Challenges security technologies must face 11
  12. 12. Day by day usage Layer 7 & Beyond - Challenges security technologies must face 12
  13. 13. Day by day • There are many daily activates during which we don’t think of security consequences.. • The most basic example, Credit Cards: • Which credit card activity is more secured? • Online over the internet purchases? or • In the neighborhood ? • Did you ever think about that ? Let me help you with this one.. Layer 7 & Beyond - Challenges security technologies must face
  14. 14. Basic online ordering architecture Investments in the information security has grown, the needs are known and there are many regulations that oversee the solutions.. DMZ Layer 7 & Beyond - Challenges security technologies must face
  15. 15. What do you know about these devices? • Which security solutions been implemented in these devices that we all trust with our everyday payment? • Most of the new devices work over mobile access (3G/GPRS) with very basic infrastructure security sometimes running over the same access regular users use. • The operating system has almost none security features or hardening capabilities. (besides plain txt with md5 keys) • There is no alerting system for any penetration tries over the basic operating system over the management/access interfaces. • Which do you think is more secured? Layer 7 & Beyond - Challenges security technologies must face
  16. 16. Mobile Layer 7 & Beyond - Challenges security technologies must face 16
  17. 17. Explosion of high-value 3G / 3.5G services • Endless new services.. Music Video Mail Mail / IM Gaming Mobile TV VoIP Presence/Push Collaboration Instant Office …that requires a network/security solutions Layer 7 & Beyond - Challenges security technologies must face 17
  18. 18. Where are the threats coming from? Backbone Security - Inspecting and managing the BB Internet Access - Web browsing and downloads - VOIP solutions - Dynamic Content updates - Gambling/gaming/etc. services. , IM “Smart” Devices - with alternate network access methods Messaging - Multiple OS’s with various security requirements Email, Instant Messaging, -3G Access provides Internet/Network backup Multimedia Messaging Services access for business - Stores use credit cards clearing house over Inter Carrier Connectivity GPRS/3G. for roaming access - Privet networks For collaborated Data Layer 7 & Beyond - Challenges security technologies must face 18
  19. 19. Thank You David Maman dmaman@moksai.com Layer 7 & Beyond - Challenges security technologies must face

×