Successfully reported this slideshow.
APPLICATION CENTRIC
SECURITY
Tzoori Tamam
tzoori@f5.com
Why do HaCkErz Attack?
• Politics
• Money
• Fame
• Boredom
• Plain Evil
• Training
What Do HaCkErZ Attack?
• THEY GO FOR YOUR APPLICATIONS!
• Availability
• Responsiveness
• Reputation
How Do HaCkErz Attack?
Enters F5 Networks…
Full Proxy Security
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy...
Network
Session
Application
Web application
Physical
Client / Server
L4 Firewall: Full stateful policy enforcement and TCP...
CONSOLIDATE NETWORK AND SECURITY FUNCTIONS
Use case
• Consolidation of
firewall, app security,
traffic management
• Protec...
CONSOLIDATE NETWORK AND SECURITY FUNCTIONS
Use case
• Consolidation of
firewall, app
security, traffic
• Protection for da...
Introducing F5’s Application Delivery Firewall
Aligning applications with firewall security
One platform
SSL
inspection
Tr...
• Provides comprehensive protection for all web
application vulnerabilities
• Delivers out of the box security
• Enables L...
Advanced Firewall Manager - AFM
Firewall policies and reports oriented around the application
DDoS MITIGATION
Application attacksNetwork attacks Session attacks
Slowloris, Slow Post,
HashDos, GET Floods
SYN Flood, Co...
DNS Security
• DNS Flooding
• UDP Flooding
• DNS Cache Poisoning
• DNS Spoofing
• DNS Tunneling
• Reflective DNS Attack
• Consolidated firewall
and DNS Service
• High
performance, scalable
DNS
• Secure DNS queries
DNS Security
Use case
with f...
• Consolidated firewall
and DNS Service
• High
performance, scalable
DNS
• Secure DNS queries
DNS Security
Use case
with f...
IP INTELLIGENCE
IP intelligence
service
IP address feed
updates every 5 min
Custom
application
Financial
application
Inter...
Protect Against Newly Published
Vulnerabilities That Do Not Have a Patch
Purpose Built and Carrier Grade Reliability
ScaleN Enabled BIG-IP Appliances Lineup
BIG-IP 4000s
425K L7 RPS
150K L4 CPS
1...
How Does F5 Protect Your Apps?
Layer3 – Layer7 Application Centric Security Solution
What’s Next?
F5 GOV Round Table - Application Centeric Security
Upcoming SlideShare
Loading in …5
×

F5 GOV Round Table - Application Centeric Security

883 views

Published on

Published in: Technology
  • email me ur ppt kazihusain@hotmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

F5 GOV Round Table - Application Centeric Security

  1. 1. APPLICATION CENTRIC SECURITY Tzoori Tamam tzoori@f5.com
  2. 2. Why do HaCkErz Attack? • Politics • Money • Fame • Boredom • Plain Evil • Training
  3. 3. What Do HaCkErZ Attack? • THEY GO FOR YOUR APPLICATIONS! • Availability • Responsiveness • Reputation
  4. 4. How Do HaCkErz Attack?
  5. 5. Enters F5 Networks…
  6. 6. Full Proxy Security Network Session Application Web application Physical Client / Server L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation SSL inspection and SSL DDoS mitigation HTTP proxy, HTTP DDoS and application security Application health monitoring and performance anomaly detection Network Session Application Web application Physical Client / Server
  7. 7. Network Session Application Web application Physical Client / Server L4 Firewall: Full stateful policy enforcement and TCP DDoS mitigation SSL inspection and SSL DDoS mitigation HTTP proxy, HTTP DDoS and application security Application health monitoring and performance anomaly detection Network Session Application Web application Physical Client / Server Full Proxy Security High-performance HW iRules iControl API F5’s Approach • TMOS traffic plug-ins • High-performance networking microkernel • Powerful application protocol support • iControl—External monitoring and control • iRules—Network programming language IPv4/IPv6 SSL TCP HTTP Optional modules plug in for all F5 products and solutions APM Firewall … Traffic management microkernel Proxy Client side Server side SSL TCP OneConnect HTTP
  8. 8. CONSOLIDATE NETWORK AND SECURITY FUNCTIONS Use case • Consolidation of firewall, app security, traffic management • Protection for data centers and application servers • High scale for the most common inbound protocols Before f5 with f5 Load Balancer DNS Security Network DDoS Web Application Firewall Web Access Management Load Balancer & SSL Application DDoS Firewall
  9. 9. CONSOLIDATE NETWORK AND SECURITY FUNCTIONS Use case • Consolidation of firewall, app security, traffic • Protection for data centers and application servers most common inbound protocols Before f5 with f5 Load Balancer DNS Security Network DDoS Web Application Firewall Web Access Management Load Balancer & SSL Application DDoS Firewall
  10. 10. Introducing F5’s Application Delivery Firewall Aligning applications with firewall security One platform SSL inspection Traffic management DNS security Access control Application security Network firewall EAL2+ EAL4+ (in process) DDoS mitigation
  11. 11. • Provides comprehensive protection for all web application vulnerabilities • Delivers out of the box security • Enables L2->L7 protection • Unifies security and application delivery • Logs and reports all application traffic and attacks • Educates admin. on attack type definitions and examples • Sees application level performance • XML FW, L7 DOS, BruteForce and Web Scraping • Application visibility and reporting • FREE Vulnerability Scanning from Cenzic/WhiteHat BIG-IP Application Security Manager Powerful Adaptable Solution
  12. 12. Advanced Firewall Manager - AFM Firewall policies and reports oriented around the application
  13. 13. DDoS MITIGATION Application attacksNetwork attacks Session attacks Slowloris, Slow Post, HashDos, GET Floods SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks BIG-IP ASM Positive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation BIG-IP LTM and GTM High-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation BIG-IP AFM SynCheck, default-deny posture, high-capacity connection table, full- proxy traffic visibility, rate-limiting, strict TCP forwarding. Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions. F5MitigationTechnologies Application (7)Presentation (6)Session (5)Transport (4)Network (3)Data Link (2)Physical (1) Increasing difficulty of attack detection • Protect against DDoS at all layers – 38 vectors covered • Withstand the largest attacks • Gain visibility and detection of SSL encrypted attacks F5mitigationtechnologies OSI stackOSI stack Use case
  14. 14. DNS Security • DNS Flooding • UDP Flooding • DNS Cache Poisoning • DNS Spoofing • DNS Tunneling • Reflective DNS Attack
  15. 15. • Consolidated firewall and DNS Service • High performance, scalable DNS • Secure DNS queries DNS Security Use case with f5 Before f5 65,000 concurrent queries ? http://www.f5.com http://www.f5.com • Cache poisoning • DNS spoofing • Man in the middle • DDoS
  16. 16. • Consolidated firewall and DNS Service • High performance, scalable DNS • Secure DNS queries DNS Security Use case with f5 Before f5 65,000 concurrent queries ? http://www.f5.com http://www.f5.com • Cache poisoning • DNS spoofing • Man in the middle • DDoS Secure and available DNS infrastructure: 8 million concurrent queries
  17. 17. IP INTELLIGENCE IP intelligence service IP address feed updates every 5 min Custom application Financial application Internally infected devices and servers Geolocation database Botnet Attacker Anonymous requests Anonymous proxies Scanner Restricted region or country
  18. 18. Protect Against Newly Published Vulnerabilities That Do Not Have a Patch
  19. 19. Purpose Built and Carrier Grade Reliability ScaleN Enabled BIG-IP Appliances Lineup BIG-IP 4000s 425K L7 RPS 150K L4 CPS 10G L7/L4 TPUT BIG-IP 4200v 850K L7 RPS 300K L4 RPS BIG-IP 5000s 750K L7 RPS 350K L4 RPS 15/30G L7/L4 TPUT BIG-IP 5200v 1.5M L7 RPS 700K L4 CPS BIG-IP 7200v 1.6M L7 RPS 775K L4 CPS BIG-IP 7000s 800K L7 RPS 390K L4 CPS 20/40G L7/L4 TPUT BIG-IP 1600 100k L7 RPS 60K L4 CPS 1G L7/L4 TPUT BIG-IP 3600 135k L7 RPS 115K L4 CPS 2G L7/L4 TPUT BIG-IP 3900 400k L7 RPS 175K L4 CPS 4G L7/L4 TPUT BIG-IP 6900 600k L7 RPS 220K L4 CPS 6G L7/L4 TPUT BIG-IP 8900/8950 1.9M L7 RPS 800K L4 CPS Up to 20G TPUT BIG-IP 11000/11050 2.5M L7 RPS 1M L4 CPS Up to 42G TPUT BIG-IP 2000s 212K L7 RPS 75K L4 CPS 5G L7/L4 TPUT BIG-IP 2200s 425K L7 RPS 150K L4 CPS On- Demand Scaling BIG-IP 10000s 1M L7 RPS 500K L4 CPS 40/80G L7/L4 TPUT BIG-IP 10200v 2M L7 RPS 1M L4 CPS 2 x 10G + 8 x 1G 2 x 10G + 8 x 1G 8 x 10G + 4 x 1G 8 x 10G + 4 x 1G 2x 40G + 8x 1G On- Demand Scaling On- Demand Scaling On- Demand Scaling On- Demand Scaling
  20. 20. How Does F5 Protect Your Apps? Layer3 – Layer7 Application Centric Security Solution
  21. 21. What’s Next?

×