20070605 radware
DESCRIPTION
TRANSCRIPT
- 1. APSolute Application Delivery and Security Ein HowTo fr NonStop Webservices Michael Geigenscheder
- 2. CEO Challenge: Smart Productivity Competitive Business Requirements Time Product Info Transactions Web Enablement Intelligence CRM & prioritization
- 3. Centralization & Web based Application Web Enablement & Data Center Consolidation Higher Productivity Lower OPEX & CAPEX No Servers on Branches Anyone, Anywhere Anytime Access No Dedicated Client Side SW Based on Standards
- 4. Application Delivery Challenges Costly Downtimes Increasing volumes of online businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
- 5. Application Delivery Challenges Poor Performance Growing distance to end users Protocol chattiness Richer content Varying access speeds Encrypted traffic (SSL) Costly Downtimes Increasing volumes of online businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
- 6. Application Delivery Challenges Poor Performance Growing distance to end users Protocol chattiness Richer content Varying access speeds Encrypted traffic (SSL) Increased Security Threat Vulnerable Web based applications Growing sophistication of applications attacks & network attacks (DoS) Zero day attacks Internal attacks Costly Downtimes Increasing volumes of online businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
- 7. The Professional Solution
- 8. APSolute Application Delivery REGIONAL OFFICE BRANCH OFFICE FW-VPN Antivirus Gateway Web, Email, CRM, ERP HEADQUARTERS Routers
- 9. A P S olute Front End Solutions Antivirus Anti Spam URL filter HEADQUARTERS REGIONAL OFFICE BRANCH OFFICE Firewalls Web, Email, CRM, ERP Application Front End: Optimize data center resources to ensure fast, reliable, secure application delivery Availability, Guaranteed Performance, Accelerated Security, Assured AppDirector + AppXcel Complete business continuity, transparent disaster recovery and application optimization
- 10. Front End Open Service Architecture
-
-
- Web & Image Compression
-
-
-
- Reverse Caching
-
-
-
- SSL Offloading
-
-
-
- TCP Multiplexing and Splitting
-
-
-
- TCP Optimization
-
-
-
- Server L3-L7 loadbalancing
-
-
-
- Integrated Global Load Balancing
-
-
-
- Health Monitoring
-
-
-
- QoS Bandwidth Management
-
-
- 11. Integrated Security AppDirector AppXcel Router Client Web Front end Servers Hacker SSL Termination Web and XML Application Firewall Access Control IPS for smart patch management Behavioral DoS Shield
- 12. Network Intrusion Prevention Methods
- Content-based IPS
-
- Signature-based
-
- Protocol anomaly rules
-
- Single bullet, application layer attacks
- Rate-based IPS
-
- Time based traffic thresholds
-
- Manual configurations
-
- High level of expertise
-
- Attack mitigation (rate limit)
- Adaptive Behavioral IPS
-
- Behavior analysis (zero-day)
-
- Self-learning
-
- Self-adjusting
-
- Hands-off
- 13. Multi Layer Smart Adaptive Filters Zero-Day Worms Propagation Network DoS/DDoS Flood attacks Clean Environment Intrusion Activities DefensePro Pro-Active Security Architecture Proactive Network-Based Behavioral Analysis Proactive User-Based Behavioral Analysis Stateful Content Based Protections
- 14. Multi Layer Smart Adaptive Filters Worms Propagation Network DoS/DDoS Flood attacks Intrusion Activities Network-based behavioral analysis User-based behavioral analysis Stateful Content based protections Clean Environment
- 15. Effective Traffic Shaping Prioritized Traffic 1 2 Queuing 3 4 Network Resources Guarantee Using BWM Rules Support for over 100 applications with CBQ, WFQ and wRED queuing algorithms, hierarchical bandwidth management and more P2P VoIP Web Mail Bandwidth Management Rules Clean Environment VoIP Web P2P Egress Traffic
- 16. Public Network Blocking Rules RT statistics Fuzzy Logic
Engine Learning Footprint Lookup
- Attack Characteristics
- Source/Destination IP
- Source/Destination Port
- Packet size
- Type of Service
- TTL (Time To Live)
- DNS Query
- DNS ID
- Packet ID
- TCP sequence number
- Fragment offset
- More (up to 17)
- Narrowest filters
- Packet ID
- Source IP Address
- Packet size
- TTL (Time To Live)
- 17. Decision Making Scenario 1 Rate-invariant anomaly axis Attack area Suspicious area Normal adapted area Attack Degree = 5 (Normal- Suspect) Legitimate mass-crowd enter news site Rate-based anomaly axis Y-axis X-axis Z-axis Attack Degree axis Abnormal rate of Syn packets Normal TCP flags distribution
- 18. Decision Making Scenario 2 Attack Degree = 10 (Attack) DNS Flood Rate-invariant anomaly axis Rate-based anomaly axis Y-axis X-axis Z-axis Attack Degree axis Attack area Suspicious area Normal adapted area Abnormal rate of DNS packets, Abnormal protocol distribution [%]
- 19. Multi-Layer Intrusion Prevention
- Client side vulnerabilities
- SIP
- IRC bots
- Spyware
- Protocol Anomalies
- IP & TCP evasions
- IPv6 traffic Scanning
- SSL based attacks (*)
- Server based intrusions
-
- Web Vulnerabilities
-
- Mail server intrusions
-
- FTP server intrusions
-
- SQL server intrusions
-
- DNS server intrusions
- Worms & Viruses
- Trojans & Backdoors
- Horizontal & Vertical Scanning
- Network behavioral based zero-day DoS protections
- User/Hosts behavioral based zero day worm and bots protection
- Bi-directional scanning, stateful content-based Intrusion Prevention
- 20. Integrated Security AppDirector AppXcel Router Client Web Front end Servers Hacker SSL Termination Web and XML Application Firewall Access Control IPS for smart patch management Behavioral DoS Shield
- 21. Securing Web Application The Need
- Protect browser-based applications from unknown exploits
-
- Ensure users perform only legal actions
- Ensure that new code is secured
-
- Application developers are not security experts
- Application support team likely not original developers
-
- Require a tool for identifying & protecting security vulnerabilities
- Process large volumes of traffic without compromising performance or security
- Protect and inspect encrypted (SSL) traffic
- 22. A P S olute Solution Integrated WAF
- Automated Web Application Firewall protection without manual intervention
-
- Unknown application level exploits protection
-
- Zero-day web-worm attacks protection
- 23. The Need to Protect Web Applications
- The wide range of attack kinds indicates the severity of the problem.
- 24. Business Values of Integrated WAF
- Non - stop business operation
-
- Automatic adaptation to content changes
-
- Smooth failover and automatic bypass of faulty WAF
- Streamlining business operation
-
- Cost effective scalability
-
- Acceleration of Web and SSL traffic
- Lowering deployment & operational cost
-
- Lowering cost of vulnerability fixes
-
- Less rack space
-
- Single-vendor relationship
-
- Common management interface
- 25. Centralized Security Reporting Monitor all malicious activity, across the network, in real-time Customize reports , for executive to bit-level analysis & forensics Executive Report, to provide network security summary
- 26. A P S olute Access Solutions Anti Spam REGIONAL OFFICE BRANCH OFFICE Firewalls Access Solution: Optimize WAN link resources to ensure fast, reliable, secure application delivery Availability, Guaranteed Performance, Accelerated Security, Assured Antivirus URL filter HEADQUARTERS Linkproof Complete business continuity, transparent disaster recovery and quality of service Web, Email, CRM, ERP
- 27. Multi WAN Solution Routers LinkProof Headquarter Local
Network Corporate users ERP, CRM, email, Web servers Private Public
-
-
- Smart WAN link optimization
-
-
-
- Link Health Monitoring
-
-
-
- QoS enforcement
-
-
-
- Application Smart Routing
-
-
-
- IPS & DoS protection
-
-
-
- Behavioral based Protection
-
-
- 28. APSolute Application Delivery REGIONAL OFFICE BRANCH OFFICE FW-VPN Antivirus Gateway Web, Email, CRM, ERP HEADQUARTERS Routers 100% Availability Maximum Performance Absolute Security
- 29.