SlideShare a Scribd company logo

Solution Brief

W
webhostingguy

This document summarizes a web server protection solution called the IPS 5500 provided by Top Layer Networks. The IPS 5500 uses three-dimensional protection (3DP) through content inspection, stateful firewall filtering, and attack mitigation to address threats like exploits, unauthorized access, and denial of service attacks. It provides benefits like uptime, bandwidth availability, and performance. Customers report an immediate ROI from costs savings and increased revenues. Sample customers using it include top banks, retailers, and advertisers.

1 of 7
Download to read offline
Solution Brief Web Server Protection Solution
Web Server Protection Solutions Key Trends Organizations increasingly rely on the Internet to conduct business to drive their business strategies and increase operational effectiveness at a time when the global reach of transactions represents new opportunities for all organizations. E-Commerce web sites and partner collaboration portals enhance business opportunities and help organizations maintain real-time connectivity to their customers and partners. However, the ubiquitous nature of the Internet also creates new opportunities for cyber crime activities, which target the core infrastructure element for successful online business initiatives, the Web server. The growth of new web sites has continued at a near-record pace despite the steady drumbeat of security threats. As businesses rely more heavily on new website infrastructure, the financial losses associated with cyber crime has scaled just as rapidly, thus requiring more advanced technologies to provide the necessary protection. Business Challenges The moment you install a Web server, you've opened a window into your local network that the entire Internet can peer through. While most visitors are content to window shop, others prefer to vandalize or even force the window open and crawl inside. The results can range from the merely embarrassing, for instance the discovery one morning that your site's home page has been replaced by an obscene parody, to the damaging, for example the theft of your entire database of customer information. Another rapidly growing example of malicious behavior is blocking windows for fun or extortion purposes, each resulting in lost connectivity to customers. Any organization using a Web server understands the importance of providing a rapid response time to customers, downtime means that the potential for lost profits is huge as well as running the risk of lost customer goodwill and trust in maintaining confidentiality. Understanding the Problem – Remote Exploits Web servers provide a portal between your business and your customers and partners, so they require a more formidable and customized level of protection above and beyond what network firewalls or IDS' can provide. Firewalls are designed to allow traffic intended for the Web server to flow through to its destination with minimal scrutiny. Even next generation firewalls attempt to address the problem with poorly performing software patches and upgrades.
IDS solutions detect attacks based on known attack signatures, but are not architected for inline operation or proactive blocking of attacks. Even worse, an IDS that has been re-badged as an IPS can leave users helpless in the face of new web-specific attacks or attacks that attempt to slip through during peak usage. Code Red and Nimda are examples of worms that took advantage of Microsoft Web server vulnerabilities and inadequacies in firewalls and IDS solutions. There are security risks that affect Web servers, the networks that host Web sites, and even innocent users of Web browsers. To ensure the success of commerce or partner portals, most businesses focus on securing the integrity of the data and the integrity of the transaction. It is generally well known in system security and software development circles that large, complex programs contain bugs that cause security holes. Unfortunately, Web servers and web applications are large, complex programs that can (and in some cases have been proven to) contain security holes. Furthermore, the open architecture of Web servers allows arbitrary CGI scripts to be executed on the server's side of the connection in response to remote requests. Any CGI script installed at your site may contain bugs, and every such bug is a potential security hole. Many of these vulnerabilities can be remotely exploited, resulting in a compromised web site, lost business and potentially severe legal and financial ramifications due to lost or compromised data. Finally, all organizations worry about the confidentiality of the data transmitted across the Internet. The TCP/IP protocol was not designed with security in mind; hence it is vulnerable to network eavesdropping. When confidential documents are transmitted from the Web server to the browser, or when the end-user sends private information to the server, someone may be listening in and have access to your data. The critical areas of concern can be addressed by Intrusion Prevention System (IPS) technology. Left unprotected these Web site vulnerabilities allow unauthorized remote users to: o Steal confidential documents not intended for their eyes. o Execute commands on the server host machine, allowing them to modify the system. o Gain information about the Web server's host machine that will allow them to break into the system.
Understanding the Problem – Denial of Service Attacks Along with the vulnerabilities listed above, businesses are also concerned with securing the integrity of the transaction. Cyber attacks that impact the performance and availability of the site cannot be tolerated. Distributed Denial of Service (DDoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DDoS attacks will target the computer's network bandwidth or connectivity. A website DDoS attack is executed by flooding one or more of the site's web servers with so many requests that it becomes unavailable for normal use. If an innocent user makes normal page requests during a DDoS attack, the requests may fail completely, or the pages may download so slowly as to make the Website unusable. DDoS attacks typically take advantage of several computers which simultaneously launch hundreds of thousands of requests at the target Website. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed and the computer can no longer process legitimate user requests (e.g., excessive HTTP Gets). DDoS attacks are very hard to stop because of the large number of randomly distributed attacking sources, which renders conventional protection mechanisms useless. Connectivity attacks are equally devastating, as the web requests are legitimate in format, but overwhelming in volume. Protecting Web Servers with Three Dimensional Protection (3DP) The Industry experts classify network security risks into three major threat categories: Malicious content in network traffic, including exploits of Microsoft vulnerabilities, worms, Spyware and other malware; Undesired access to networks or systems, including unauthorized or illegal access; Rate-based attacks on the infrastructure, such as SYN Floods, and other Denial of Service attacks.
In order to address these three major threat categories, an effective solution needs to comprise three protection mechanisms. These include: Content-based IPS protection; Stateful firewall filtering; And rate-based attack mitigation. Figure 1: Top Layer Networks' 3DP Protection The Integrated Solution: Top Layer’s IPS 5500 In order to best combat the threats posed by undesired access, malicious content, and rate-based attacks (and complex hybrid attacks that use multiple elements of these to circumvent static, one-dimensional security tools), enterprises should select and deploy a network IPS solution that addresses all three in an integrated, mutually-reinforcing fashion – as Top Layer Networks does with its “Three Dimensional Protection” approach.
Figure 2: Top Layer Networks' 3DP Architecture Return on Investment Most of our customers who use the IPS 5500 to protect their web servers tell us that the payback from their IPS investment is immediate. The following are often cited by customers as reasons for a rapid ROI: Eliminating Web server down time and therefore maximizing revenue Avoid hurried patching of compromised Web servers that may cause follow-on problems because of a lack of time to properly test patches Blocking attacks allows for increased bandwidth availability Increase network performance by eliminating unwanted and malicious traffic Reduce operating expenses incurred by maintaining and running older, ineffective security solutions Allowing legitimate transactions to continue to flow even in the face of the most brut force DoS attacks Many customers tell us that even one of these reasons can result in a 100% payback in a very short time. When combined, the business case for deploying the IPS 5500 to protect mission critical web servers is compelling and no other IPS solution can claim this level of ROI.
Customer Success Story One customer was able to show his management the immediate benefits of deploying the IPS 5500 from both the perspective of cost and security. The IPS 5500 allowed him to significantly reduce the time and cost associated with managing and maintaining old security technologies while providing the organization with a much higher level of overall security. The net result, higher customer satisfaction from being able to conduct transactions at any time which led to higher overall revenues, at the same time reducing network operating expenditures. IPS 5500 customers depend upon Top Layer’s IPS 5500 for Protection and realize immediate benefits from the IPS 5500. Below is a sample list of customers and Web site applications. Sample Customers Application Top 3 US bank Payment system protection Leading computer reseller Customer ordering & support site protection Leading online advertiser Datacenter web server farm protection Next Steps To find out more about how Top Layer’s award-winning IPS 5500 can help protect your network, call Top Layer at 1-508-870-1300, email info@toplayer.com, or locate your local sales office at http://www.TopLayer.com/content/contact_us/offices/index.jsp The IPS 5500 has won the most awards: Top Layer Networks, 2400 Computer Drive, Westboro, MA 01581 Phone: 508-870-1300, Fax: 508-870-9797, http://www.TopLayer.com/

Recommended

Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
Prime Infoserv
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
North Texas Chapter of the ISSA
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
Armor
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?
Web Werks Data Centers
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
University of Essex
 

Recommended

Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
Prime Infoserv
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
North Texas Chapter of the ISSA
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
Armor
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?Is Cloud the new home for Cyber Criminals? How to be Safe?
Is Cloud the new home for Cyber Criminals? How to be Safe?
Web Werks Data Centers
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
University of Essex
 
7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015
IBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
IBM Security
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Services and Products
Services and ProductsServices and Products
Services and Products
Technecessities
 
Cloudflare Speed Week Recap
Cloudflare Speed Week RecapCloudflare Speed Week Recap
Cloudflare Speed Week Recap
Cloudflare
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
Alan Rudd
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Armor
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDots
GlobalDots
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
Caleb Jenkins
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
David J Rosenthal
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
Amazon Web Services
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
Tom daley- Case Study
Tom daley- Case StudyTom daley- Case Study
Tom daley- Case Study
a2cole13
 
Agcapita June 4 2012
Agcapita June 4 2012Agcapita June 4 2012
Agcapita June 4 2012
Veripath Partners
 

More Related Content

What's hot

7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015
IBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
IBM Security
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
Services and Products
Services and ProductsServices and Products
Services and Products
Technecessities
 
Cloudflare Speed Week Recap
Cloudflare Speed Week RecapCloudflare Speed Week Recap
Cloudflare Speed Week Recap
Cloudflare
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
Alan Rudd
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Armor
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDots
GlobalDots
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
Caleb Jenkins
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
David J Rosenthal
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
Amazon Web Services
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
kairostech
 

What's hot (20)

7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Information Security
Information SecurityInformation Security
Information Security
 
Services and Products
Services and ProductsServices and Products
Services and Products
 
Cloudflare Speed Week Recap
Cloudflare Speed Week RecapCloudflare Speed Week Recap
Cloudflare Speed Week Recap
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDots
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 

Viewers also liked

Tom daley- Case Study
Tom daley- Case StudyTom daley- Case Study
Tom daley- Case Study
a2cole13
 
Agcapita June 4 2012
Agcapita June 4 2012Agcapita June 4 2012
Agcapita June 4 2012
Veripath Partners
 
Adoption Velocity
Adoption VelocityAdoption Velocity
Adoption Velocity
Ariel Arrieta
 
Web Servers
Web ServersWeb Servers
Web Servers
webhostingguy
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
webhostingguy
 
January 2010 Spam Report
January 2010 Spam ReportJanuary 2010 Spam Report
January 2010 Spam Report
webhostingguy
 
Apache Web Server -- Ready for the Enterprise
Apache Web Server -- Ready for the EnterpriseApache Web Server -- Ready for the Enterprise
Apache Web Server -- Ready for the Enterprise
webhostingguy
 
Know Your Enemy: Behind the Scenes of Malicious Web Servers
Know Your Enemy: Behind the Scenes of Malicious Web ServersKnow Your Enemy: Behind the Scenes of Malicious Web Servers
Know Your Enemy: Behind the Scenes of Malicious Web Servers
webhostingguy
 
U.S. Government Protection Profile Web Server For Basic ...
U.S. Government Protection Profile Web Server For Basic ...U.S. Government Protection Profile Web Server For Basic ...
U.S. Government Protection Profile Web Server For Basic ...
webhostingguy
 
File Upload
File UploadFile Upload
File Upload
webhostingguy
 

Viewers also liked (10)

Tom daley- Case Study
Tom daley- Case StudyTom daley- Case Study
Tom daley- Case Study
 
Agcapita June 4 2012
Agcapita June 4 2012Agcapita June 4 2012
Agcapita June 4 2012
 
Adoption Velocity
Adoption VelocityAdoption Velocity
Adoption Velocity
 
Web Servers
Web ServersWeb Servers
Web Servers
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
January 2010 Spam Report
January 2010 Spam ReportJanuary 2010 Spam Report
January 2010 Spam Report
 
Apache Web Server -- Ready for the Enterprise
Apache Web Server -- Ready for the EnterpriseApache Web Server -- Ready for the Enterprise
Apache Web Server -- Ready for the Enterprise
 
Know Your Enemy: Behind the Scenes of Malicious Web Servers
Know Your Enemy: Behind the Scenes of Malicious Web ServersKnow Your Enemy: Behind the Scenes of Malicious Web Servers
Know Your Enemy: Behind the Scenes of Malicious Web Servers
 
U.S. Government Protection Profile Web Server For Basic ...
U.S. Government Protection Profile Web Server For Basic ...U.S. Government Protection Profile Web Server For Basic ...
U.S. Government Protection Profile Web Server For Basic ...
 
File Upload
File UploadFile Upload
File Upload
 

Similar to Solution Brief

A017130104
A017130104A017130104
A017130104
IOSR Journals
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
IOSR Journals
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud Journey
Cloudflare
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
Renny Shen
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdfCloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
Bhargav Modi
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expert
Chapter247 Infotech
 
The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration
Protected Harbor
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
Cloudflare
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web security
IAEME Publication
 
Case study
Case studyCase study
Case study
Shehrevar Davierwala
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
Cloudflare
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
Cloudflare
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
Kumayl Rajani
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
Techugo
 
How to Secure your ecommerce website-Threats and tips
How to Secure your ecommerce website-Threats and tipsHow to Secure your ecommerce website-Threats and tips
How to Secure your ecommerce website-Threats and tips
SilverClouding Consultancy Pvt Ltd
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
Groovy Web
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
mccormicknadine86
 

Similar to Solution Brief (20)

A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud Journey
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdfCloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
 
The ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expertThe ultimate guide to cloud computing security-Hire cloud expert
The ultimate guide to cloud computing security-Hire cloud expert
 
The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web security
 
Case study
Case studyCase study
Case study
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
How to Secure your ecommerce website-Threats and tips
How to Secure your ecommerce website-Threats and tipsHow to Secure your ecommerce website-Threats and tips
How to Secure your ecommerce website-Threats and tips
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
 

More from webhostingguy

Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Framework
webhostingguy
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guide
webhostingguy
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
webhostingguy
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web servers
webhostingguy
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidation
webhostingguy
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
webhostingguy
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
webhostingguy
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreementwebhostingguy
 
Notes8
Notes8Notes8
Notes8
webhostingguy
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...webhostingguy
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
webhostingguy
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructure
webhostingguy
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.ppt
webhostingguy
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy
webhostingguy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandisers
webhostingguy
 
OLUG_xen.ppt
OLUG_xen.pptOLUG_xen.ppt
OLUG_xen.ppt
webhostingguy
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Products
webhostingguy
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mb
webhostingguy
 
Reseller's Guide
Reseller's GuideReseller's Guide
Reseller's Guide
webhostingguy
 
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
webhostingguy
 

More from webhostingguy (20)

Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Framework
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guide
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web servers
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidation
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreement
 
Notes8
Notes8Notes8
Notes8
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructure
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.ppt
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandisers
 
OLUG_xen.ppt
OLUG_xen.pptOLUG_xen.ppt
OLUG_xen.ppt
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Products
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mb
 
Reseller's Guide
Reseller's GuideReseller's Guide
Reseller's Guide
 
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
Installation of MySQL 5.1 Cluster Software on the Solaris 10 ...
 

Solution Brief

  • 1. Solution Brief Web Server Protection Solution
  • 2. Web Server Protection Solutions Key Trends Organizations increasingly rely on the Internet to conduct business to drive their business strategies and increase operational effectiveness at a time when the global reach of transactions represents new opportunities for all organizations. E-Commerce web sites and partner collaboration portals enhance business opportunities and help organizations maintain real-time connectivity to their customers and partners. However, the ubiquitous nature of the Internet also creates new opportunities for cyber crime activities, which target the core infrastructure element for successful online business initiatives, the Web server. The growth of new web sites has continued at a near-record pace despite the steady drumbeat of security threats. As businesses rely more heavily on new website infrastructure, the financial losses associated with cyber crime has scaled just as rapidly, thus requiring more advanced technologies to provide the necessary protection. Business Challenges The moment you install a Web server, you've opened a window into your local network that the entire Internet can peer through. While most visitors are content to window shop, others prefer to vandalize or even force the window open and crawl inside. The results can range from the merely embarrassing, for instance the discovery one morning that your site's home page has been replaced by an obscene parody, to the damaging, for example the theft of your entire database of customer information. Another rapidly growing example of malicious behavior is blocking windows for fun or extortion purposes, each resulting in lost connectivity to customers. Any organization using a Web server understands the importance of providing a rapid response time to customers, downtime means that the potential for lost profits is huge as well as running the risk of lost customer goodwill and trust in maintaining confidentiality. Understanding the Problem – Remote Exploits Web servers provide a portal between your business and your customers and partners, so they require a more formidable and customized level of protection above and beyond what network firewalls or IDS' can provide. Firewalls are designed to allow traffic intended for the Web server to flow through to its destination with minimal scrutiny. Even next generation firewalls attempt to address the problem with poorly performing software patches and upgrades.
  • 3. IDS solutions detect attacks based on known attack signatures, but are not architected for inline operation or proactive blocking of attacks. Even worse, an IDS that has been re-badged as an IPS can leave users helpless in the face of new web-specific attacks or attacks that attempt to slip through during peak usage. Code Red and Nimda are examples of worms that took advantage of Microsoft Web server vulnerabilities and inadequacies in firewalls and IDS solutions. There are security risks that affect Web servers, the networks that host Web sites, and even innocent users of Web browsers. To ensure the success of commerce or partner portals, most businesses focus on securing the integrity of the data and the integrity of the transaction. It is generally well known in system security and software development circles that large, complex programs contain bugs that cause security holes. Unfortunately, Web servers and web applications are large, complex programs that can (and in some cases have been proven to) contain security holes. Furthermore, the open architecture of Web servers allows arbitrary CGI scripts to be executed on the server's side of the connection in response to remote requests. Any CGI script installed at your site may contain bugs, and every such bug is a potential security hole. Many of these vulnerabilities can be remotely exploited, resulting in a compromised web site, lost business and potentially severe legal and financial ramifications due to lost or compromised data. Finally, all organizations worry about the confidentiality of the data transmitted across the Internet. The TCP/IP protocol was not designed with security in mind; hence it is vulnerable to network eavesdropping. When confidential documents are transmitted from the Web server to the browser, or when the end-user sends private information to the server, someone may be listening in and have access to your data. The critical areas of concern can be addressed by Intrusion Prevention System (IPS) technology. Left unprotected these Web site vulnerabilities allow unauthorized remote users to: o Steal confidential documents not intended for their eyes. o Execute commands on the server host machine, allowing them to modify the system. o Gain information about the Web server's host machine that will allow them to break into the system.
  • 4. Understanding the Problem – Denial of Service Attacks Along with the vulnerabilities listed above, businesses are also concerned with securing the integrity of the transaction. Cyber attacks that impact the performance and availability of the site cannot be tolerated. Distributed Denial of Service (DDoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DDoS attacks will target the computer's network bandwidth or connectivity. A website DDoS attack is executed by flooding one or more of the site's web servers with so many requests that it becomes unavailable for normal use. If an innocent user makes normal page requests during a DDoS attack, the requests may fail completely, or the pages may download so slowly as to make the Website unusable. DDoS attacks typically take advantage of several computers which simultaneously launch hundreds of thousands of requests at the target Website. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed and the computer can no longer process legitimate user requests (e.g., excessive HTTP Gets). DDoS attacks are very hard to stop because of the large number of randomly distributed attacking sources, which renders conventional protection mechanisms useless. Connectivity attacks are equally devastating, as the web requests are legitimate in format, but overwhelming in volume. Protecting Web Servers with Three Dimensional Protection (3DP) The Industry experts classify network security risks into three major threat categories: Malicious content in network traffic, including exploits of Microsoft vulnerabilities, worms, Spyware and other malware; Undesired access to networks or systems, including unauthorized or illegal access; Rate-based attacks on the infrastructure, such as SYN Floods, and other Denial of Service attacks.
  • 5. In order to address these three major threat categories, an effective solution needs to comprise three protection mechanisms. These include: Content-based IPS protection; Stateful firewall filtering; And rate-based attack mitigation. Figure 1: Top Layer Networks' 3DP Protection The Integrated Solution: Top Layer’s IPS 5500 In order to best combat the threats posed by undesired access, malicious content, and rate-based attacks (and complex hybrid attacks that use multiple elements of these to circumvent static, one-dimensional security tools), enterprises should select and deploy a network IPS solution that addresses all three in an integrated, mutually-reinforcing fashion – as Top Layer Networks does with its “Three Dimensional Protection” approach.
  • 6. Figure 2: Top Layer Networks' 3DP Architecture Return on Investment Most of our customers who use the IPS 5500 to protect their web servers tell us that the payback from their IPS investment is immediate. The following are often cited by customers as reasons for a rapid ROI: Eliminating Web server down time and therefore maximizing revenue Avoid hurried patching of compromised Web servers that may cause follow-on problems because of a lack of time to properly test patches Blocking attacks allows for increased bandwidth availability Increase network performance by eliminating unwanted and malicious traffic Reduce operating expenses incurred by maintaining and running older, ineffective security solutions Allowing legitimate transactions to continue to flow even in the face of the most brut force DoS attacks Many customers tell us that even one of these reasons can result in a 100% payback in a very short time. When combined, the business case for deploying the IPS 5500 to protect mission critical web servers is compelling and no other IPS solution can claim this level of ROI.
  • 7. Customer Success Story One customer was able to show his management the immediate benefits of deploying the IPS 5500 from both the perspective of cost and security. The IPS 5500 allowed him to significantly reduce the time and cost associated with managing and maintaining old security technologies while providing the organization with a much higher level of overall security. The net result, higher customer satisfaction from being able to conduct transactions at any time which led to higher overall revenues, at the same time reducing network operating expenditures. IPS 5500 customers depend upon Top Layer’s IPS 5500 for Protection and realize immediate benefits from the IPS 5500. Below is a sample list of customers and Web site applications. Sample Customers Application Top 3 US bank Payment system protection Leading computer reseller Customer ordering & support site protection Leading online advertiser Datacenter web server farm protection Next Steps To find out more about how Top Layer’s award-winning IPS 5500 can help protect your network, call Top Layer at 1-508-870-1300, email info@toplayer.com, or locate your local sales office at http://www.TopLayer.com/content/contact_us/offices/index.jsp The IPS 5500 has won the most awards: Top Layer Networks, 2400 Computer Drive, Westboro, MA 01581 Phone: 508-870-1300, Fax: 508-870-9797, http://www.TopLayer.com/