Transcript of 20070605 Radware
- 1. APSolute Application Delivery and Security Ein HowTo fr
NonStop Webservices Michael Geigenscheder
- 2. CEO Challenge: Smart Productivity Competitive Business
Requirements Time Product Info Transactions Web Enablement
Intelligence CRM & prioritization
- 3. Centralization & Web based Application Web Enablement
& Data Center Consolidation Higher Productivity Lower OPEX
& CAPEX No Servers on Branches Anyone, Anywhere Anytime Access
No Dedicated Client Side SW Based on Standards
- 4. Application Delivery Challenges Costly Downtimes Increasing
volumes of online businesses activities REGIONAL OFFICE BRANCH
OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway
Router
- 5. Application Delivery Challenges Poor Performance Growing
distance to end users Protocol chattiness Richer content Varying
access speeds Encrypted traffic (SSL) Costly Downtimes Increasing
volumes of online businesses activities REGIONAL OFFICE BRANCH
OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway
Router
- 6. Application Delivery Challenges Poor Performance Growing
distance to end users Protocol chattiness Richer content Varying
access speeds Encrypted traffic (SSL) Increased Security Threat
Vulnerable Web based applications Growing sophistication of
applications attacks & network attacks (DoS) Zero day attacks
Internal attacks Costly Downtimes Increasing volumes of online
businesses activities REGIONAL OFFICE BRANCH OFFICE Firewall Web,
Email, CRM ERP HEADQUARTERS Antivirus Gateway Router
- 7. The Professional Solution
- 8. APSolute Application Delivery REGIONAL OFFICE BRANCH OFFICE
FW-VPN Antivirus Gateway Web, Email, CRM, ERP HEADQUARTERS
Routers
- 9. A P S olute Front End Solutions Antivirus Anti Spam URL
filter HEADQUARTERS REGIONAL OFFICE BRANCH OFFICE Firewalls Web,
Email, CRM, ERP Application Front End: Optimize data center
resources to ensure fast, reliable, secure application delivery
Availability, Guaranteed Performance, Accelerated Security, Assured
AppDirector + AppXcel Complete business continuity, transparent
disaster recovery and application optimization
- 10. Front End Open Service Architecture
-
-
- TCP Multiplexing and Splitting
AppDirector AppXcel
-
-
- Server L3-L7 loadbalancing
-
-
- Integrated Global Load Balancing
Web servers
- 11. Integrated Security AppDirector AppXcel Router Client Web
Front end Servers Hacker SSL Termination Web and XML Application
Firewall Access Control IPS for smart patch management Behavioral
DoS Shield
- 12. Network Intrusion Prevention Methods
-
- Single bullet, application layer attacks
-
- Time based traffic thresholds
-
- Attack mitigation (rate limit)
-
- Behavior analysis (zero-day)
Radwares Hybrid Approach Complementary Solutions ! Types of
Solutions Available PACKET
- 13. Multi Layer Smart Adaptive Filters Zero-Day Worms
Propagation Network DoS/DDoS Flood attacks Clean Environment
Intrusion Activities DefensePro Pro-Active Security Architecture
Proactive Network-Based Behavioral Analysis Proactive User-Based
Behavioral Analysis Stateful Content Based Protections
- 14. Multi Layer Smart Adaptive Filters Worms Propagation
Network DoS/DDoS Flood attacks Intrusion Activities Network-based
behavioral analysis User-based behavioral analysis Stateful Content
based protections Clean Environment
- 15. Effective Traffic Shaping Prioritized Traffic 1 2 Queuing 3
4 Network Resources Guarantee Using BWM Rules Support for over 100
applications with CBQ, WFQ and wRED queuing algorithms,
hierarchical bandwidth management and more P2P VoIP Web Mail
Bandwidth Management Rules Clean Environment VoIP Web P2P Egress
Traffic
- 16. Public Network Blocking Rules RT statistics Fuzzy Logic
Engine Learning Footprint Lookup
Initial filter is generated: Packet ID Degree of Attack = Low
(Positive Feedback) Filter Optimization: Packet ID AND Source IP
Filter Optimization: Packet ID AND Source IP AND Packet size Degree
of Attack = High (Negative Feedback) Filter Optimization: Packet ID
AND Source IP AND Packet size AND TTL Degree of Attack = High
Degree of Attack = Low
1 2 3 4 5 Attacks footprints detection - 10 seconds PPS, Bandwidth,
protocol types distribution[%], TCP flags
(syn,fin,rst,..)distribution[%]; inbound-outbound traffic [ratio],
LAN 10 0 Closed feedback Time [sec] Mitigation optimization process
Behavioral DoS System Modules Inbound Traffic Outbound Traffic 18
Final Filter Start mitigation Initial Filter
- 17. Decision Making Scenario 1 Rate-invariant anomaly axis
Attack area Suspicious area Normal adapted area Attack Degree = 5
(Normal- Suspect) Legitimate mass-crowd enter news site Rate-based
anomaly axis Y-axis X-axis Z-axis Attack Degree axis Abnormal rate
of Syn packets Normal TCP flags distribution
- 18. Decision Making Scenario 2 Attack Degree = 10 (Attack) DNS
Flood Rate-invariant anomaly axis Rate-based anomaly axis Y-axis
X-axis Z-axis Attack Degree axis Attack area Suspicious area Normal
adapted area Abnormal rate of DNS packets, Abnormal protocol
distribution [%]
- 19. Multi-Layer Intrusion Prevention
- Client side vulnerabilities
- Horizontal & Vertical Scanning
* Requires AppXcel
- Network behavioral based zero-day DoS protections
- User/Hosts behavioral based zero day worm and bots
protection
- Bi-directional scanning, stateful content-based Intrusion
Prevention
- 20. Integrated Security AppDirector AppXcel Router Client Web
Front end Servers Hacker SSL Termination Web and XML Application
Firewall Access Control IPS for smart patch management Behavioral
DoS Shield
- 21. Securing Web Application The Need
- Protect browser-based applications from unknown exploits
-
- Ensure users perform only legal actions
- Ensure that new code is secured
-
- Application developers are not security experts
- Application support team likely not original developers
-
- Require a tool for identifying & protecting security
vulnerabilities
- Process large volumes of traffic without compromising
performance or security
- Protect and inspect encrypted (SSL) traffic
- 22. A P S olute Solution Integrated WAF
- Automated Web Application Firewall protection without manual
intervention
-
- Unknown application level exploits protection
-
- Zero-day web-worm attacks protection
- 23. The Need to Protect Web Applications
- The wide range of attack kinds indicates the severity of the
problem.
- 24. Business Values of Integrated WAF
- Non - stop business operation
-
- Automatic adaptation to content changes
-
- Smooth failover and automatic bypass of faulty WAF
- Streamlining business operation
-
- Cost effective scalability
-
- Acceleration of Web and SSL traffic
- Lowering deployment & operational cost
-
- Lowering cost of vulnerability fixes
-
- Single-vendor relationship
-
- Common management interface
- 25. Centralized Security Reporting Monitor all malicious
activity, across the network, in real-time Customize reports , for
executive to bit-level analysis & forensics Executive Report,
to provide network security summary
- 26. A P S olute Access Solutions Anti Spam REGIONAL OFFICE
BRANCH OFFICE Firewalls Access Solution: Optimize WAN link
resources to ensure fast, reliable, secure application delivery
Availability, Guaranteed Performance, Accelerated Security, Assured
Antivirus URL filter HEADQUARTERS Linkproof Complete business
continuity, transparent disaster recovery and quality of service
Web, Email, CRM, ERP
- 27. Multi WAN Solution Routers LinkProof Headquarter Local
Network Corporate users ERP, CRM, email, Web servers Private Public
-
-
- Smart WAN link optimization
-
-
- Application Smart Routing
-
-
- Behavioral based Protection
- 28. APSolute Application Delivery REGIONAL OFFICE BRANCH OFFICE
FW-VPN Antivirus Gateway Web, Email, CRM, ERP HEADQUARTERS Routers
100% Availability Maximum Performance Absolute Security
- 29.