bluecoat roger gotthardsson

8/10/2019 BlueCoat Roger Gotthardsson

1/81

Blue Coat Systems

Roger GotthardssonSr. Systems [email protected]


2/81

Company

Corporate data

Solutions

Client Proxy Solution

Blue Coat Webfilter

SSL Proxy

Reverse Proxy

MACH5

Products

ProxySG, ProxyAV, Director, Reporter

K9, - Blue Coat Webfilter at home for free

Agenda


3/81

Company


4/81

About Blue Coat

Innovative leader in secure content & application delivery 500+ employees; $146M annual revenue run rate 25,000+ appliances shipped worldwide to more than 4,000 customers

#1 (37%) market leader in Secure Content & Application Delivery (IDC)

Founded in 1996 with a focus on Accelerat ion Accelerating Web applicationsmaking Internet applications faster

Innovative proxy caching appliance with object pipelining, adaptivecontent refresh

Expanded in 2002 to include Pol icy Contro l &Securi ty

Rich policy framework integrated with performance engine for visibility andcontrol of users, content and applications Visibility: Who, what, where, when, how

Control: accelerate, deny, limit, scan, strip, transform

Integrated Solution for Acceleration & Security


5/81

About Blue Coat

Strategic Investments March 1996 Scalable Software (HTTP and OS Kernel)

September 1999 Invertex (SSL Hardware Encryption)

June 2000 Springbank Networks (Hardware Design and RoutingProtocols)

December 2000 Entera (Streaming and Content Distribution) November 2003 Ositis (Virus scanning appliance)

2004Cerberian (Content filtering)

2006Permeo Technologies (SSL VPN & client security)

Integrated Solution for Acceleration & Security
http://www.cacheflow.com/


6/81

Client Proxy Solution


7/81

Caching

Client Proxy

AntivirusURL-Filtering

InternetClients

LoggingAuthentication

Protocoloptimization

BWmanagement

Compression

Policy

Protocoldetection

Byte Caching


8/81

Application proxy

AOL-IM

FTP

HTTP & HTTPS

MSN-IM

Streaming Yahoo-IM

?TCP-Tunnel SOCKS

Internet

CIFS

.mp3.xxx

P2PTelnet/Shell DNS

gral.se

MAPI


9/81

How We Secure the Web

AAA:User logs onto networkand is authenticated viaNTLM, AD (Single-Sign-on),LDAP, Radius, Forms, local

password.

PublicWeb

Server

IntranetWeb

Server

Public InternetInternalNetwork


10/81

List

On boxDatabase

Authentication

Directory

LDAP

X509/CA

ClientCertifficate

InternetClients

AD

NT, W2000 or

W2003 DC

Directory

RADIUS

Server

Directory

Netegrity

SiteMinder

Directory

Oblix

Directory

PolicySubstitution


11/81



password.Policy Processing Engine:

All user web applicationrequests are subjected togranular security policy

PublicWeb

Server

IntranetWeb

Server



12/81





Content Filtering:Requestsfor content are controlled

using content filtering basedon granular policy

PublicWeb

Server

IntranetWeb

Server



13/81

Content Filtering

Organizations need to control what users are doing when

accessing the internet to protect from legal liability and productivityrisks

Blue Coat and our partners enableenterprise-class content filtering

Powerful granular user control usingBlue Coats Policy Processing Engine

By user, group, destination IP and/or URL,time of day, site, category, lots more

Multiple logging and reporting options

Integrates with all authentication(LDAP, RADIUS, NTLM, AD, 2-factor, etc)

Coaching, warnings, etc. High performance with integrated caching

Drop-in appliance for easy to deploy and manage

De-facto industry content filtering platform


14/81

Content filtering databases

Websense

InternetClients

Smartfilter SurfControl

Your listsexceptions

BlueCoatwebfilter

WebWasher

Proventia

DigitalArts InterSafe Optenet

DRTR

IWF


15/81







Public

WebServer

Intranet

WebServer


Bandwidth management:Compression, Bandwidthmanagement and Streamingmedia Caching and Splitting.


16/81

HTTP Compression

compressedCore ProxySG

uncompressed

ProxySG can support a mixed mode of HTTP compression operation

Original Content Server (OCS) or Core ProxySG can send either (de)compressed content toedge or core ProxySG using GZIPor Deflatealgorithms

compressed

uncompressed

Edge ProxySGcompressed

uncompressed

ProxySGcompressed

uncompressed

compressed

uncompressed

Remote OfficeHQ Office

EnterpriseInternet


17/81

Bandwidth Management (BWM)

OBJECTIVE

Classify, control and limit the amount of bandwidthused by a class of network traffic

BENEFITS

Protect performance of mission critical applications SAP, ERP apps

Prevent bandwidth greedy applications from impacting otherapplications

P2P

Provision bandwidth for applications that require a per-sessionamount of bandwidth

Streaming

Balance necessary and important, bandwidth intensive, applications HTTP, IM


18/81







Public

WebServer

Intranet

WebServer



Web Virus scanning:Potentially harmful contententering network via HTTP,HTTPSand FTPis stripped or scannedby ProxyAV.


19/81

Virus, Code & Script scanning

InternetClients

ProxyAV

Other ICAP servers

Sophos

Panda

McAfee

Kaspersky


20/81

ProxyAV

ProxySG& ProxyAV- Large Enterprise/Network Core- Scan once, serve many (cache benefit)

Internet

InternalNetwork

ProxyAVProxySG

Virus Scans HTTP, FTPwith caching benefit

ProxySG Load Balances

Purpose-built appliances forspeed

Scan once, serve many toincrease performance

High-availability & load-balancing

Purpose built operating

systems


21/81







Public

WebServer

Intranet

WebServer



Web Virus scanning:Potentially harmful contententering network from webis stripped or scannedby ProxyAV.

Spyware: Prevention is betterthan a cure.


22/81

BlueCoat Spyware Prevention Solution

Stopsspyware installations Detect drive-by installers

Blocksspyware websites

On-Proxy URL categorization

Scansfor spyware signatures

High-performance Web AV

Detectssuspect systems Forward to cleansing agent

Internet

InternalNetwork

ProxyAVProxySG
http://www.daj.co.jp/index.htmhttp://localhost/var/www/apps/conversion/tmp/scratch_5//piper/


23/81







Public

WebServer

Intranet

WebServer




Spyware: Prevention is betterthan a cure.

IM Traffic Control:IM trafficis subjected to policies andis logged


24/81

IM Control with Blue Coat ProxySG

Granular IM policy control By enterprise, group or user level

Control by IM feature (IM only, chat, attachments,video, etc.), internal or external IM, time of day, etc.

Control IM options include deny connection,strip attachment, log chat (including attachment)

Key word actions include send alert to IT ormanager, log, strip, send warning message to user

Drop-in appliance for easy to deploy

and manage IM control


25/81







Public

WebServer

Intranet

WebServer




Spyware: Prevention is better

than a cure.

IM Traffic Control:IM trafficis subjected to policies andis loggedCaching:Acceptable, clean

content is storedin cache and delivered torequestor.


26/81

Streaming Microsoft Streaming & Native RTSP

Live Stream split, VOD Stream cache

Rich Streaming features, Unicast-Multicast

Scheduling live streaming from VOD

Enhancements Store, Cache & distribute

Video On Demand

Schedule VOD content tobe played as Live Content

Convert between Multicast-Unicast

Authenticate Streaming usersTo NTLM, Ldap, RADIUS+Onbox

Streaming acceleration
http://www.microsoft.com/isapi/gomscom.asp?target=/http://www.real.com/R/HPnavR/www.real.com/index.html


27/81







Public

WebServer

Intranet

WebServer




Spyware: Prevention is better

than a cure.

IM Traffic Control:IM trafficis subjected to policies andis loggedCaching:Acceptable, clean

content is storedin cache and delivered torequestor.Reporting:All browser,streaming, IM & virus activity,can be reported usingBluecoat's highlyconfigurable reporter.


28/81

Reporter


29/81

Blue Coat Webfilter


30/81

The Internet

The internet today consists of 350 million webservers.

A large ammount of these conatain information youdont want in your organisation.

A cleaver solution would be to use Content Filtering.

BlueCoat now introduces Generation 3of contentfiltering, BlueCoat Webfilter.

350 Million


31/81

Generation 1

The first generation of content filters consisted ofstatic manually managed lists of popular pornographicand unproductive websites. Very often retreived fromaccess logs, popular bad sites where banned.

The intended purpose was to save bandwidthandwarn users that inapropriate behaviour was logged.

People got together and distributed their lists in freelists compatible with proxies such as Squid.

The distributed list where in the size of a million URL:s 349 Million

1 Million


32/81

Generation 2

335 Million

15 Million

Corporations relised they could make money of a listand started to collect lists and logs from the web, manuallyrating these in larger scale. More categories where addedto increase value. The systems started to collect URL:Sautmatically and download new lists periodicly. Some

of them even many times every day.

Special categories where added for static security threatsplaced on known webservers, spyware phishing etc. Otherthan bad sites where added such as Economy, business,news etc. to present statistics of Internet usage.
http://localhost/var/www/apps/conversion/tmp/scratch_5/Shttp://localhost/var/www/apps/conversion/tmp/scratch_5/S


33/81

Generation 2

335 Million

15 Million

Number of URL:swas in the numbers of 10-20 millions.Hitrates in logsystems presented was in the numbers of50-80%. Regular expression on URL:sand other trickssometimes gave a false picture of rating over 90%. But infact less than 5% of the Internet was covered.
http://localhost/var/www/apps/conversion/tmp/scratch_5/shttp://localhost/var/www/apps/conversion/tmp/scratch_5/shttp://www.daj.co.jp/index.htmhttp://localhost/var/www/apps/conversion/tmp/scratch_5//piper/http://localhost/var/www/apps/conversion/tmp/scratch_5/shttp://localhost/var/www/apps/conversion/tmp/scratch_5/s


34/81

Generation 3

335 Million

15 Million

The dynamics of internet and new security risksurged for a new way of categorizing the Internet,Dynamic rating of uncategorized websites can todayrate most websites, the ones thats impossible to ratecould be stripped down to present only html andimages to reduce risk.

The static URL database are constantly updated likeany Generation 2 filter. This database is cached insome systems (ProxySG) to increase performance.The rest (95%) of the Internet is categorised usingdynamic rating.


35/81

Dynamic Real Time Rating

Servers

Clients

G2

44s

RS

DXD

* The picture is simplified, all systems are redundant.

HRDBR

DRTR

language 1language 2

language 3

language 4

language 5

language nLanguage

detection

To

background

rating

Customer BlueCoat

Internet


36/81

SSL Proxy


37/81

SSL

Internet

Pol icy SSL

InternalNetwork

User

Apps

SSL Proxy: Policy Enforcement

Control web content, applications, and servicesregardless of encryption

Block, allow, throttle, scan, accelerate, insert, strip, redirect, transform

Apply the same policies to encrypted traffic as to normal traffic

Stops/controls rogue applications that take advantage of SSL

Protect the enterprise from SSL-borne threats

Stop spyware and secured phishing

SSL-secured webmail and extranetsvirus transmissions

SSL-borne malicious and inappropriate content

Accelerate critical applications

Enables a variety of acceleration techniques (e.g., caching)
http://espn.go.com/http://www.fidelityinfoservices.com/FNFIS/default.htmhttp://www.salesforce.com/


38/81

Verify certificateand extract servers

public key.

Blue Coat: Visibility and Context

Use this algorithm.

Servers digital

certificate.

CompleteAuthentication.

Client-Prox y Connection Server-Proxy Connection

Tunnel Establ ished Tunnel Establ ished

CompleteAuthentication. CompleteAuthentication. CompleteAuthentication.

Proxy ServerClient

Algorithms I support.

Connection Request.

Algorithms I support.

Connection Request.

Verify certificateand extract (proxys)

public key.

Lets usethis algorithm.

Emulated certificate.


39/81

Flexible Configurations

SSL

TCP

User

Internet

Apps

TCP

Trusted applications passed through

Sensitive, known, financial or health care

No cache, visibility

Awareness of network-levelinformation only

Control

Option 1
http://www.fidelityinfoservices.com/FNFIS/default.htmhttp://www.salesforce.com/


40/81

SSL

TCP

User

Internet

Apps

TCP


Initial checks performed Valid user, valid application

Valid server cert

User/application traffic passed throughafter initial checks

No cache Visibility and context of network-level info,

certificates, user, and applications

Can warn user, remind of AUP, andoffer opt-out Control

Option 2


41/81


SSL

Internet

AppsUser

TCP TCP

SSL

Initial checks performed Valid user, valid application

Valid server cert

User/application traffic proxied after initial checks

Full caching and logging options

Visibility and context of network-level info,certificates, user, applications, content, etc.

Full termination/proxy

Can warn user, remind of AUP, andoffer opt-out Control

Option 3


42/81

Reverse Proxy


43/81

Caching

Reverse Proxy

AV SSL/Certificate

InternetClients

Authentication

Logging Policy

Servers

URL-rewrite


44/81

ACCELERATES Web ContentIntelligent caching

Compression and bandwidth mgt.

TCP & SSL offload

PROTECTS Web ServersSecure, object-based OS

Controls access to web apps

Web AV scanning

SIMPLIFIES Operations

Scalable, optimized applianceEasy policy creation & management

Complete logging & reporting

WebServers

InternalNetwork

Users

FirewallUsersProxySG

PublicInternet

Secure & Accelerate Web Applications

Reverse Proxy


45/81

HTTPS Termination

HTTPS Termination (ClientProxySG) Off-load secure website or portal

HTTPS Origination (ProxySGServer) Secure channel to content server for clients

Man-in-the-Middle (Termination & Origination) Allows caching, policy and virus scanning

Secure credential acquisitions

SSL Hardware Acceleration Cards

800 RSA transactions per second per card

SSL v2.0, v3.0, and TLS v1 support

Off-load web application servers to improveperformance


46/81

Example Scenarios for Reverse Proxy

Secure and Accelerate Public Websites Improves content delivery with integrated caching Services legitimate users while resisting DoS attacks

High-performance SSL

Secure Corporate Webmail Securely isolates Web servers from direct Internet

access

Proxy authentication for additional layer of protection

Plug-n-play SSL

Scanning Uploaded Files for Viruses Simple integration with ProxyAV

Real-time scanning of uploaded content

Protects Web infrastructure from malware
http://www.msnbc.msn.com/


47/81

Accelerate Applications All Users All Locations

Recipe for Branch


48/81

Recipe for BranchPerformance Problems

Server Consol idat ion

Increased application traffic+

Narrow bandwidth links+

Highly distributed users+

Inefficient application protocols+

= Poor Application Performance


49/81

Pl tf f A li ti A l ti


50/81

Platform for Application Acceleration

Multiprotocol Accelerated Caching Hierarchy

BandwidthManagement

ProtocolOptimization

ObjectCaching

ByteCaching

Compression

File Services (CIFS), Web (HTTP), Exchange (MAPI),Video/Streaming (RTSP, MMS), Secure Web (SSL)

N R i t SSL A l ti


51/81

Source: Blue Coat Customer Surveys

New Requirement: SSL Acceleration

Nearly 50% of allcorporate Webapplication traffic is SSL

70% of all mobile and

teleworkers use SSL forsecure applicationdelivery

68% of Blue Coatcustomers depend onexternally hosted Webapplications

SSLTraf

fic

InternallyHosted Apps

ExternallyHosted Apps

More and More SSL

N R i t Vid A l ti


52/81

New Requirement: Video Acceleration

Enterprise usersbecoming more distributed Mobile, teleworker, and branch/

remote offices

Regulatory and cost drivers

Remote employee trainingbecoming a necessity Live (streaming) and on-demand video

Performance qualitybecoming a requirement Network and application issues must

be addressed

Control and acceleration of videois needed

B d idth M t


53/81

Bandwidth Management

Divide user and application traffic into classes Guarantee min and/or max bandwidth for a class

Align traffic classes to business priorities

Sales Automation App

Priority 1Min 400Kb, Max 800Kb

File ServicesPriority 3

Min 400Kb, Max 800Kb

E-Mail

Priority 2Min 100Kb, Max 400Kb

General Web SurfingPriority 4Min 0Kb, Max 200Kb

P t l O ti i ti
http://www.fidelityinfoservices.com/FNFIS/default.htmhttp://www.salesforce.com/


54/81

Protocol Optimization

P t l O ti i ti


55/81

Protocol Optimization

10-100X FasterIncludes CIFS, MAPI, HTTP, HTTPS, TCP

Obj t C hi


56/81

Object Caching

Built on high-level applications and protocols HTTP/Web caching

Streaming caches

CIFS cache

Advantages Fastest response times

Offload work from servers (and networks)

Can be deployed asymmetrically

Limitations

Application-specific

All or nothing: No benefit if whole object not found orchanged

B t C hi


57/81

Byte Caching

..11011111001110011...111001111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011000101111100101010101110011010011101001111001000000000000111001011100101101101101001010110010110011110001111111111000000000

..11011111001110011...111001111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011000101111100101010101110011010011101001111001000000000000111001011100101101101101001010110010110011110001111111111000000000

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000

000000001110010111001011011011010010101100101100

[R1]0010010[R2]100101111100110100111011010011[R3]

11011111001110010010010111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011010010111110011010011101101001101001111001000000000000111001011100101101101

1010010101100101100

Local History Cache Remote History Cache

Sequences arefound in the local

history cache

They aretransmitted as

smallreferences over

the WAN

The originalstream is

reconstructedusing the

remote history

cache

Local LAN Remote LANWAN Link

Proxies keepa history of all

bytes sentand received

C i


58/81

Compression

1101111100111001001001011100110010101110110010000

10011001110010000011110001110011000110000010011

110111110011100100100

101110011001010111011

001000011010011001110

010000011110001110011

000110000010011110000

001101111010010000110

110100101111100110100

111011010011010011110

010000000000001110010

111001011011011010010

101100101100010100100

101010101010100010111

COMPRESSION

110111110011100100100

101110011001010111011

001000011010011001110

010000011110001110011

000110000010011110000

001101111010010000110

110100101111100110100

111011010011010011110

010000000000001110010

111001011011011010010

101100101100010100100

101010101010100010111

Industry-standard gzip algorithm compresses all traffic

Removes predictable white space from content andobjects being transmitted

MACH5 Techniq es Work Together


59/81

MACH5Techniques Work Together

Object Caching Caches repeated, static app-level data; reduces BW and latency

Byte Caching Caches any TCP application using

similar/changed data; reduces BWCompression

Reduces amount of data transmitted; saves BW

Bandwidth Management Prioritize, limit, allocate, assign DiffServby user

or application

Protocol Optimization Remove inefficiencies, reduce latency

Object Caching


60/81

Object Caching

Object caches are built on higher level applications andprotocols HTTP/Web caching

Streaming caches

CIFS cache

Object cache advantages Fastest response times

Offload work from servers

Can be deployed asymmetrically

Object cache disadvantages Works with limited set of applications

Works on limited range of data inside applications All or nothing: No benefit if whole object not found or changed

Object vs Byte Caching


61/81

Object vs. Byte Caching

Object Caching Byte Cache

Proxy?HTTP(S), FTP,

Streaming, CIFS Built on TCP

Protocol Optimization Integration X

Server Offload X

Network Offload X X

Incremental Updates X

No App Integration X

End User Performance Best Good

Scope Focused Broad


62/81

Products


63/81


64/81

400 E1


65/81

400-E1

One Model: 400-E1 RAM: 512 MB

CPU: 1.26GHz PIII

Disk drive 40 GB IDE

Network Interfaces (2 on board) 10/100 Base-T Ethernet

19" Rack-mountable

Software


66/81

Software

Reporter (SW) Advanced Java application to generate statistics from logs

Licenced products


67/81

Licenced products

Licensed products Streaming

Real Networks, Microsoft, Quicktime

Instant Messaging

MSN, Yahoo, AOL

Optional Security (HW+SW bundle)

SSL termination/proxy

Licenced products
http://www.microsoft.com/isapi/gomscom.asp?target=/http://www.real.com/R/HPnavR/www.real.com/index.html


68/81

Licenced products

Licensed products Content filtering

BlueCoat Webfilter

ICAP AV Scanner

ProxyAV (McAfee, Sophos, Panda, Kaspersky, Ahn Labs)

The Power of the Proxy


69/81

Full Protocol Termination = Total Visibility & Context(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)

Policy Control Fine-grained policy for applications,

protocols, content & users (allow,deny, transform, etc)

Granular, flexible logging

Authentication integration

The Power of the Proxy

+ +

Ultimate Control Point for Communications

Web Security Prevent spyware,

malware & viruses

Stop DoS attacks

IE vulnerabilities,IM threats

Accelerated Applications MultiprotocolAccelerated CachingHierarchy

BW mgmt, compression,protocol optimization

Byte & object caching


70/81

Management

Management


71/81

User Interface HTTP (HTTPS), web GUI Interface

Telnet (Cisco CLI)

SSH & Serial console

Java Policy interface

CPL, Policy Language SNMP MIBII + Traps

Monitor network status and statistics

Reporting tools

BlueCoat Reporter

Scalable management Centralized configuration management in Director

Management

Reporting (example)


72/81

Reporting (example)

18.2 % Spyware (gator)16.5 % Aftonbladet9.5 % Ads (in top 40)6.8 % https (encrypted)


73/81


74/81


75/81


76/81

System-wide Management and Control


77/81

System wide Management and Control

Blue Coat Director Centralized configuration of Blue Coat

appliancesset up, policy, etc

Centralized monitoringappliance health,

application use, user experience

Blue Coat Reporter

Enterprise roll-up and analysis of applicationdelivery information: appliances, applicationuse, user experience

Both Director and Reporter are proven, withthousands of nodes under management

Director configuration Management


78/81

Director configuration Management

Director

(1) Configure and test

profile system

(2) Snapshot profileand save on

Director

(4) Push profiles andoverlays to one

or more systems

Profile system

Production systems

(3) Create and editoverlays using GUIor CLI.

Work-

station

Remotely and

securely managevia GUI or CLI.

Configuration Management

Policy Management

Disaster protection centrallyConfiguration Management

Monitor and control

Resource Management

Monitor networkstatus and statistics

Profile Management

Backup configuration

Create overlays using GUIor CLI. Automate changes

License Management

Content Delivery Network


79/81

Content Delivery Network

WWW

Servers

1 Publishcontent

ContentOwners

Users

5 Deliver the

content.

4 Pull contentfrom origin

servers.

Director

2 Tell Directorabout new

content

Edge

Systems

3

Tell caches to

update content

Director GUI


80/81

Director GUI

K9 For free


81/81

K9 For free

If you want to protect your family with Content FilteringBlue Coat is now giving it away, read more at:

http://www.getk9.com/refer/Roger.Gotthardsson

Please send this link to anyone you want !!!!
http://www.getk9.com/refer/Roger.Gotthardssonhttp://www.getk9.com/refer/Roger.Gotthardsson

bluecoat roger gotthardsson

Documents