Intelligent Web Application Firewall WEB INSIGHT SG Product Introduction June – 2008 MONITORAPP...
-
Upload
paulina-beasley -
Category
Documents
-
view
222 -
download
4
Transcript of Intelligent Web Application Firewall WEB INSIGHT SG Product Introduction June – 2008 MONITORAPP...
Intelligent Web Application FirewallWEB INSIGHT SG
Product Introduction
June – 2008MONITORAPP Co.,Ltd.
Contents
about MONITORAPP
Web Security Overview
Product Introduction
WEB INSIGHT SG Characteristics
WEB INSIGHT SG Features
about MONITORAPP
Company name : MONITORAPP Co.,Ltd.
Established Date : 2005-2-22
CEO : Young KwangHoo Lee
Business RegionsApplication Delivery Technology Research & DevelopmentWeb Application Security product supplyWeb Application Acceleration product supplyDatabase Security product supplyWeb Application Security Service supply
Address306, Ace Techno Tower 1, 197-17, Guro 3-Dong, Guro-Gu, Seoul, KoreaTel.)+82-2-749-0799 / Fax.)+82-2-749-0798
Vision
Mission
• We leverage E-business by securing the entire web environment.
• Be a leading application delivery
Solution provider in the world.
Strategy Business Model
Secure & FastApplication Delivery
Solution Provider
Increase of web hacking Leakage of personal information
Secure Web Application
Fast Web Application
IT Compliance Increase of Database security
Secure Database
Web Vulnerability Analysis Web service quality Analysis
Reliable Web Application
Web response latency Web server load
Products & Technologies
ProductsFor Web Application
WEB INSIGHT SG – Web Application FirewallWEB INSIGHT AG – Web Application Accelerator
For Database ApplicationDB INSIGHT SG – Database Security & Audit
Service BusinessKT Bizmeka ServiceCollaboration with MSSP
TechnologiesAPPLICATION INSIGHT™ TechnologyAdaptive Profiling™ TechnologyInnovative Web Acceleration Technology
Web Security Overview
Change of the hacking trend
Hacker’s attack techniques
Attack Sophistication
1980 1985 1990 1995 2000
HIGH
LOW
Hacker’s technique
Intruder Knowledge
Tools
Attackers
Password speculation
Sniffing
Session Hijacking
Password cracking
Web hacking
Service denial
Scann
* reference : John Pescatore, Security Analyst, Gartner Group
System hacking
Network hacking
Web hacking
WAF
IPS
Server SecurityFirewall
Web Security Overview
Critical dangers against web service are increasing.
80 port should be opened for web service, so that has been threatened by hackers.
Important information like DB can be drained due to web application hacking.
By the limitation of the existing security product like IDS and IPS, Web attacking danger are increasing.
The existing web vulnerabilities opened to the public can always be the attacking targets.
“70~80% of hacking is targeting web!”
Web Security Overview
The limitation of the traditional security productFirewall
can not control web protocls(80,443 Port).The main target is to protect the whole network infra structure.
IDS(Intrusion Detection System)False Positive exists, it can not defend roundabout attack and protect SSL packet.
IPS(Intrusion Prevention System)Protected area is the whole network, so can only perform packet filtering for web security, so not focusing on for professional web security.Signature based, so regular update is needed.
L7 switchThe main function is load balancing and network bandwidth management.can block harmful traffic on the network level, so professional HTTP and HTTPS security is not guaranteed.
Product Introduction
WEB INSIGHT SGIntelligent Web Application Firewall
WEB INSIGHT SG enables more easier and cost effective web communication to user.
Positive Security Model + Negative Security ModelProfile based positive security policyUser defined positive security policyNegative security policy against OWASP Top 10 attack
High Performance Network applianceSupport Gigabit Performance
Physical Independent ImpactSimple DeploymentFail open (LAN Bypass)Fail over (Active – Standby High Availability)
Product Introduction
WEB INSIGHT SG ArchitectureNetwork Firewall and Session QoSBi-directional web application inspection
Protocol
Validation
Positive
Security
Negative
Security
Web
Server
Cloaking
Adaptive
Profiling
Engine
Content
Filtering
HTTP Request Inspection
HTTP Response Inspection
Network
Firewall
Web
Client
Web
Server
Product Introduction
Key FunctionsPolicy Functions Details
Positive
Request Limit
Restrict all components of HTTP request Automatic policy by learning the HTTP requests Manual policy by user-defied rules.
URL Profile Allow the request to only pre-learned URLs, web pages
Form Profile
Automatic security policy by self learning engine based on Profile HTTP Response based Profile
Negative WEB INSIGHT Rule Pre-defined Signature based Rules User Defined Rule User-defined Signature based Rules about all HTTP components
CloakingError page cloaking Alter the web server error page to block attack.
Header cloaking Remove the server information included to response header
Cookie Encryption & Signature
Block cookie injection & poisoning by cookie encryption or cookie signature
DataTheft
Personal Information& Credit card number
Block or mask the important personal information (Personal Social number, Credit card number.Can block text in Office document, PDF and zipped file.
Management
Central management for a several Analyzing the database traffic & network traffic Monitoring system usage
Product Introduction
WEB INSIGHT SG Looks
WISG-530 WISG-1030 WISG-2030 WISG-4060
View
Spec.
1U Rack mountableCore 2 Duo CPU2GB Memory 1GB CFM Single Power Supply 10/100/1000M x 8 (3pairs GBE Bypass)
2U Rack mountableXeon 3.6GHz * 22GB Memory1GB CFM10/100/1000M x 4 (2Pairs GBE Bypass)Fiber 1G x 4 (1Pair Fiber Bypass)10/100M * 1Redundant Power Supply
2U Rack mountableDual Core CPU x 2 2GB Memory 1GB CFM 10/100/1000 x 6 (2Pairs GBE Bypass) Fiber 1G x 2 (1Pair Fiber Bypass)Redundant Power Supply
2U Rack mountableQuad Core CPU x 2 4GB Memory 1GB CFM 10/100/1000 x 10 (4Pairs GBE Bypass) Fiber 1G x 4 (2 Pairs Fiber Bypass)Redundant Power Supply
WISG-100 WISG-500 WISG-1000
View
Spec.
1U Rack mountableIntel C2.0 GHz1GB Memory 10/100 x 4
1U Rack mountableIntel P4 2.8GHz1GB Memory10/100/1000M x 4 10/100M x 4
2U Rack mountableXeon 3.2GHz x 2 2GB Memory 10/100/1000 x 4 Fiber 1G x 4 Redundant Power Supply
’08 New
WEB INSIGHT SG Characteristics
Adaptive Profiling Technology
•By self learning engine, profileDB based on the valid response from web server is constructed.
•After matching the client request with profile DB, abnormal request is totally blocked.
•Extra update is not needed and the ultimate defensible model against unknown attacks.
WEB INSIGHT SG Characteristics
Adaptive Profiling Technology
Request : GET / HTTP/1.1
Response<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" ><HTML>……<body MS_POSITIONING="FlowLayout" bottomMargin="0" leftMargin="0" topMargin="0" rightMargin="0"><form name="Form1" method="post" action="login.aspx" id="Form1"><TD><input name="TextBoxLogin" type="text" maxlength="32" id="TextBoxLogin" tabindex="1" style="width:256px;" /></TD><TD><input name="TextBoxPasswd" type="password" maxlength="32" id="TextBoxPasswd" tabindex="2" style="width:256px;" /></TD><TD><input type="submit" name="ButtonOk" value=“login" id="ButtonOk" /></TD></font>……
login.aspxMethod : POSTParameter : TextBoxLogin, TextBoxPasswd
Learning Response data Create profile
DB by learning data
WEB INSIGHT SG Characteristics
Adaptive Profiling Technology
Normal RequestPOST http://test.com/login.aspx? HTTP/1.1TextBoxLogin=wiadmin&TextBoxPasswd=1234qwer
login.aspxMethod : POSTParameter1 : TextBoxLoginParameter2 : TextBoxPasswd
Abnormal RequestPOST http://test.com/login.aspx? HTTP/1.1TextBoxLogin=wiadmin&TextBoxPasswd=1234qwer&auth=admin
Diff request andProfile EB
Pass
Diff request andProfile DB
login.aspxMethod : POSTParameter1 : TextBoxLoginParameter2 : TextBoxPasswd
Block
WEB INSIGHT SG Characteristics
Simple DeploymentProxy Gateway Network Deployment
Proxy Gateway In-line or One armed mode No changes to existing infrastructure Full functions support
Sniffing Gateway
Mirror based In-line or One-armed mode No changes to existing infrastructure Block by session reset. Limited functions (not support cloaking, data theft) Cannot support HTTP response data control
Difference
Proxy Mode Sniffing Mode
Strong security Low performance than sniffing
mode
Limited security High performance than Proxy mo
de about 3 times
In the physical configuration,WEB INSIGHT SG is deployment-easy WAF appliance without FOD (Fail open device).
<In-line mode> <One armed mode>
Bridge L4 redirect
WEB INSIGHT SG Characteristics
Various Deployment
Bridge Mode A-S HA Mode` One_Armed Mode
In-line on network No changes to existing
infrastructure Support LAN bypass on failure
Active – Standby HA Mode Health Check (Daemon, NIC, Link,
System) Support Fail-over on failure
By L4 switch supporting port redirection, one-armed mode configuration (Proxy & sniffing mode) can be used.
www
L2
www
www
L4 redirect
WEB INSIGHT SG Features
Positive Policy - Form Profile
After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked
do not need any extra update process.
Ultimate security model against the unknown attacks.
Learning Mode
Passive Mode
Active Mode
After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked
do not need any extra update process.
Ultimate security model against the unknown attacks.
Learning Mode
Passive Mode
Active Mode
WEB INSIGHT SG Features
Positive Policy – Request Limit
After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked
can configure manually.
Ultimate security model against the unknown attacks.
Learning Mode
Passive Mode
Active Mode
After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked
can configure manually.
Ultimate security model against the unknown attacks.
Learning Mode
Passive Mode
Active Mode
WEB INSIGHT SG Features
Negative Policy – WEB INSIGHT Rule & User Defined Rule
Can block all web attacks defined by OWASP
By the powerful inspection engine of the Web Insight, set the rule which can detect and block web attacks
can add user defined rule besides the existing attacks
Can block all web attacks defined by OWASP
By the powerful inspection engine of the Web Insight, set the rule which can detect and block web attacks
can add user defined rule besides the existing attacks
WEB INSIGHT SG Features
Additional Policy – Fraud Click & Page Forgery
Fraud Click functions block connection during a time(Block time) when connect to over the count(Access count) during a time(Detection Time).
Fraud Click functions block connection during a time(Block time) when connect to over the count(Access count) during a time(Detection Time).
Original page is register on policy by client’s first connection to Web server. This original page is created to prevent clients from path traversal or other types of unwanted entry to sensitive sections of the Web site.
Original page is register on policy by client’s first connection to Web server. This original page is created to prevent clients from path traversal or other types of unwanted entry to sensitive sections of the Web site.
WEB INSIGHT SG Features
Central Management
Central Management manage multiple WEB INSIGHT SG
Log & System monitoring - Detect log - Network / WEB traffic - System usage
Central Management manage multiple WEB INSIGHT SG
Log & System monitoring - Detect log - Network / WEB traffic - System usage
WEB INSIGHT SG Features
Log view
Search detect/block logs - 14 options for filtering - detail / simple view
Chart Analysis - Top 5 or 10 view - Chart type : 11 categories
Search detect/block logs - 14 options for filtering - detail / simple view
Chart Analysis - Top 5 or 10 view - Chart type : 11 categories
Thank You
MONITORAPP Co.,Ltd.
306, Ace Techno Tower1, 197-17, Guro3-Dong, Guro-Gu, Seoul, Korea
Tel : +82-2-749-0799, Fax) +82-2-749-0798
E-Mail : [email protected]
Website : www.monitorapp.com