Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Similar documents
Cisco s Appliance-based Content Security: IronPort and Web Security

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Free Download BitDefender Client Security 1 Year 50 PCs softwares download ]

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Security Assessment Checklist

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

RSA Web Threat Detection

SONICWALL SECURITY HEALTH CHECK SERVICE

Zimperium Global Threat Data

Future-ready security for small and mid-size enterprises

Business Strategy Theatre

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

SONICWALL SECURITY HEALTH CHECK PSO 2017

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Application Firewalls

Intelligent and Secure Network

SONICWALL SECURITY HEALTH CHECK SERVICE

Imperva Incapsula Website Security

Simple and Powerful Security for PCI DSS

Get BitDefender Client Security 2 Years 30 PCs software suite ]

Symantec Ransomware Protection

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Vulnerability Assessment with Application Security

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

McAfee Network Security Platform Administration Course

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

The Top 6 WAF Essentials to Achieve Application Security Efficacy

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

ForeScout Extended Module for Carbon Black

ANTIVIRUS SITE PROTECTION (by SiteGuarding.com)

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security

Annexure E Technical Bid Format

SONICWALL SECURITY HEALTH CHECK SERVICE

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

The DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls

MODERN DESKTOP SECURITY

Cisco Self Defending Network

AT&T Endpoint Security

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

McAfee Network Security Platform 9.2

All-in one security for large and medium-sized businesses.

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cracked BitDefender Client Security 2 Years 20 PCs lowest price software ]

McAfee Network Security Platform 9.2

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Web Application Firewall Subscription on Cyberoam UTM appliances

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Symantec Endpoint Protection 14

Endpoint Protection : Last line of defense?

Training UNIFIED SECURITY. Signature based packet analysis

Seqrite Endpoint Security

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Palo Alto Networks PAN-OS

haltdos - Web Application Firewall

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Coordinated Threat Control

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

IBM Security Network Protection Solutions

Comprehensive datacenter protection

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

The SonicWALL SSL-VPN Series

Maximum Security with Minimum Impact : Going Beyond Next Gen

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Seamless Security in the Age of Cloud Services: Securing SaaS Applications & Cloud Workloads

NetDefend Firewall UTM Services

Symantec Endpoint Protection

Synchronized Security

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

UTM 5000 WannaCry Technote

About DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

McAfee Network Security Platform 8.3

CIH

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Ethical Hacking and Prevention

A Comprehensive CyberSecurity Policy

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

CTS2134 Introduction to Networking. Module 08: Network Security

Copyright

Venusense UTM Introduction

CIS Controls Measures and Metrics for Version 7

Security+ SY0-501 Study Guide Table of Contents

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Hacking Intranet Websites from the Outside

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

Cisco Systems Korea

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Changing face of endpoint security

Most Common Security Threats (cont.)

CIS Controls Measures and Metrics for Version 7

Dynamic Datacenter Security Solidex, November 2009

Transcription:

Web 2.0 Security Recommendations Ken Kaminski Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems 1

Agenda Reputation Services Web application security Secure Coding and Web Application Firewalls Perimeter Web Gateway End-user security (social engineering) Client Security Monitoring and Botnet Detection 2

Solutions 3

Fighting the Last War 4

But I ve Got Firewalls, IPS, Anti-Virus and URL Filtering?! Firewalls don t stop port 25 or user requests for protocol- compliant HTTP(S) IPS does not stop social engineering New vulnerabilities continually Anti-virus is shockingly ineffective due to mutating viruses 390 LdPinch security signatures since original in 2003 More than 30,000000 Bagel variants URL filtering can t categorize an infinite number of sources URL filtering can t protect from legitimate sites being hacked End-users roam End-users choose to install, override security Once infected, malware hides 5

Malware Defeats Anti-Virus Signatures Criminals have developed tools to mutate malware to defect signature-based detection At DefCon teams of researchers proved their success yet again Seven viruses and two exploits, all well-known, were mutated to defeat anti-virus engines Winning time: 2 hours, 25 minutes 6

Virus Sophistication Beats AV 182 virus tools at VX Heavens website vx.netlux.org Example: NGVCK (Next Generation Virus Creation Kit) Poly/Metamorphic tools create random variants Viruses download fresh copy every 24 hours Viruses use buddy program to reinstall virus if disinfected 7

Has anyone seen my silver bullet? 8 8

Reputation Services 9

1. What is Reputation? or Is all reputation the same? Email Security IPS Web Security Firewall Reputation is the history of both actions and qualities of a specific IP address or network. This is calculated using some of the hundreds of different types of data found in the Sensor Database. For different types of devices, different parameters can mean more or less for the reputation of a device. Ex:The fact of sending SPAM is highly relevant to an email reputation device and less so to an IPS sensor. 10

1. Web Reputation Filters Predictive, Real-Time Threat Prevention Parameters The More the Better URL Blacklists URL Whitelists Security Intelligence Operations Dynamic IP Addresses Bot Networks URL Behavior Global Volume Data Domain Registrar Information Compromised Host List Sensors Network Security Modeling Output as a score Real-Time Cloud Analysis Network Owners Known Threat URLs 11

Protection For a Dynamic Web 2.0 World Visibility Beyond the Initial Threat Web Reputation Filters Scan each object, not just the initial request Client PC Trusted Web Site Web servers not affiliated with the trusted web site (e.g. ad servers) Web pages are made up of objects coming from different sources Objects can be images, executables, JavaScript Compromised websites often grab malicious objects from external sources Security means looking at each object individually, not just the initial request 12

Web Application Firewalls - Secure Coding - Web Application Firewalls 13

Focus of Today s Attacks 2/3 rd of Attacks Focused Here Custom Web Applications Customized Packaged Apps Internal and 3rd Party Code Business Logic & Code Network Firewall IDS IPS Web Servers Operating Systems Application Servers Operating Systems Network Database Servers Operating Systems No magic signatures or patches for your custom PHP script 14

2. Web Application Security Inventory pages, servers, development environments, groups Secure Web Development Methodology Web applications treat all input as malicious and validate accordingly Target OWASP top ten (owasp.org) org) and SANS top 20 (sans.org) Applications should always consider user input malicious and filter out what it doesn't need Applications should use session ID generation libraries that rely on wellknown hash or randomization functions Application should not print out verbose error messages to regular users Coders must pay attention to "developers-only" comments in page source Consider Web Application Firewall 15

You Said OWASP? OWASP = Open Web App Security Project http://www.owasp.org Source: WhiteHat Security, 2007 16

Web Application Firewall (WAF) The WAF is a drop-in solution that protects web-enabled applications from attacks PCI Compliance, Virtual App Patching, Data Loss Prevention Secure Deep packet protection of the most common vulnerabilities Drop-in - Does not require recoding applications, deployable in under an hour PCI 6.5/6.6 6 compliance is just a few clicks away 17

WAF Network Deployment External Web Browsers Internet DMZ Load Balancer Data Center HTML HTML/XML tom ns aged or Cust b Application Packa Web Web Application Firewall WAF Gateways Manager Typically y deployed in the DMZ or WWW Server Farm access Cluster of 2 appliances behind Load Balancer for Failover Distributed solution: Manager = GUI Gateways = Policy Enforcement Points 18

Perimeter Web Gateway 19

3. Perimeter Web Gateway Application-Specific Security Gateway BLOCK Incoming Threats: Viruses, Trojans, Worms Spyware, Adware, Phishing Unauthorized Access Internet Reputation Services (The Common Security Database) APPLICATION-SPECIFIC SECURITY GATEWAY WEB Security Gateway MANAGEMENT Controller CENTRALIZE Admin: Per-user policy Per-user reporting Quarantine Archiving LAN/WAN ENFORCE Policy: Acceptable Use Regulatory Compliance Intellectual Property Encryption URL Filtering 20

Multi-Layered Malware Defense Protection Against Today s Threats L4 Traffic Monitor Web Reputation Services Anti-Virus/Anti- Malware Engines Blocks much of unknown/ known malware traffic at connection time Blocks malware based on deep content analysis 21

HTTPS Use Cases SSL Trojans and Malware Secure Anonymizing Proxies Secure Webmail Attachments 22

HTTPs Decryption Solution: The Active Man-in-the-Middle Middle An appliance acting as an SSL proxy (an active MitM) negotiates two HTTPs conversations. Corporate network Web server 1. Negotiate algorithms. 1. Negotiate algorithms. 4. Authenticate server certificate. 2. Authenticate server certificate. 3. Generate proxied server certificate. 5. Generate encryption keys. 5. Generate encryption keys. 6. Encrypted data channel established. 6. Encrypted data channel established. 23

End User Security 24

4. End User Security Train users with real-world examples Streamline security policies to include essentials Train users to understand web works and parse URLs Firefox 3 and IE 7 have improved UI 25

Browser Security Browsers have built-in phishing/malware updates Internet Explorer 8 (currently in beta 2 status) adds XSS filters blocks ><script> types of attacks on both GET and POST can be controlled by server-set HTTP header Firefox add-on called NoScript detects more vectors/encodings than IE8.0 but probably less user friendly (more geek-oriented) 26

Google Browser Security Google anti-malware search results effective Interstitial page warning of infection pops up 27

Client Security 28

5. Client Security Vulnerability scanning and patching (including web browser ecosystem) Assess anti-virus and consider behavior-based system Host Intrusion Prevention System (HIPS) 29

Behavior-Based Rules 30

HIPS Agent Consolidates Multiple Endpoint Products Only one agent to purchase, deploy and manage Desktop and Server Protection: Distributed Firewall Port Blocking & Packet Inspection Host-based Intrusion Prevention Day Zero Virus/Worm Protection File Integrity Checking Application Blacklist/Whitelist Policy Enforcement Spyware/Adware Operating System Hardening Web Server Protection Data Leakage Protection Wireless Interface Controls Complementary with Anti-Virus 31

HIPS Pro s and Cons Pro: Con: The best HIPS products, using only the default policies, have never been compromised by anything that appeared in the wild CSO Surveys - #1 Security Technology with the Most ROI Proven ROI savings in system admin time Large project up front time and effort across multiple groups Tuning required to reduce amount of Information and tune policies 32

Monitoring 33

6. Monitoring Assume your security will fail and look for symptoms IPS, Botnet Traffic Filters, Netflow will show infections and security weaknesses SRI bothunter is free tool Netflow can require significant work IPS systems indicate attack profile as well as internal hosts attacking other hosts 34

Q and A 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback