1 Unified Threat Management + Anti-DDoS WAF + Triple ISO Triple Tolly IPv6 ISO 9001:2008 ISO/IEC 20000:2011 ISO/IEC 27001: % Extended WildList Malware detection over HTTP, POP3 and SMTP protocols IPv6 Ready Core Phase-2 certified Firewall, Intrusion Detection and Prevention (IDP), Virtual Private Networking (VPN), Anti-Malware, Anti-Spam, Anti-Spyware, Web Proxy, Content Filtering, Data Loss Prevention (DLP), Company Policy Enforcement / Compliance, Real-Time updates with PUSH Technology, Secure 24 x 7 x 365 Monitoring, ISO 9001 / / Certified Management, IPv6 Ready Core Phase-2 Certified, In-the-Cloud Protection, Comprehensive Adobe PDF Format Reporting, Apple iphone / ipad HD Management Platform, Anti-Distributed Denial of Service, Web Application Firewall, IPv4-IPv6 / IPv6-IPv4 Bridging, Multiple Internet Connections, High Availability / Load Balancing, Internet Acceleration, Secure VoIP (Voice over Internet Protocol) Gatekeeper, Secure Video Conferencing Gatekeeper, Quality of Service Control, Traffic Policing, Denial of Service Protection, Threshold Limiting, Hardware Fault Tolerance, clustering possible, Live Watch Real-Time Monitoring, Adobe PDF Report Generation, SSL (Secure Socket Layer) Virtual Private Networking, Anti-SPAM Pre-Scanning, bandwidth protection, Enhanced Image SPAM protection, including Optical Character Recognition technology, Mail Portal System, End User management including SPAM release and white / black listing, Enhanced GUI (Graphical User Interface), Secure Socket Layer (SSL) Proxy, Application Identification, Entity Management, HTML-5 Dashboard
2 Next Generation Managed Security BACKGROUND Network Box 5 is Next Generation Managed Security. It takes our core foundational UTM+ (Unified Threat Management) appliance and services, along with ten years of Intellectual Property and experience, into a new enhanced platform, which expands beyond traditional UTM+ capabilities. In addition to Firewall, IDP (Intrusion Detection and Prevention), VPN (Virtual Private Networking), AntiMalware, Anti-SPAM, Data Leakage Prevention, and Content Filtering, we have added Entity Management, SSL (Secure Socket Layer) Proxy, Application Identification, Anti-DDoS (Anti-Distributed Denial of Service), WAF+ (Web Application Firewall), and IPv4-IPv6 Bridging technologies. The Network Box 5 code base, from the underlying platform, to the individual modules and security engines, support multi-core technology throughout. The new software platform is dual 32bit and 64bit, supporting both architectures for backwards compatibility, but all Network Box 5 hardware is 64bit. SYSTEM OVERVIEW Every aspect of the new system s design; security, speed, granularity, transparency, functionality, scalability, monitoring, control, customization, and reporting, have all been enormously improved in almost every way possible. HIGHLIGHTS The state-of-the-art Network Box 5 software platform, consists of more than one-point-one million lines of code; representing more than one hundred and thirty eight thousand hours of highly dedicated research and development. A truly enormous amount of hard work has gone into optimizing this code, the algorithms, and technologies used. All this dedication and effort, has resulted in the new Network Box 5 software platform, being up to 8 times faster, than the previous Network Box 3 software platform. Mark Webb-Johnson CTO, Network Box Corporation Ltd. The trademarks, including but not limited to Network Box and the curly N device, are either trademarks or registered trademarks of Network Box Corporation Limited. Other trademarks and product names used in this publication are for identification purposes only, and may be the trademarks of their respective companies. and specifications are subject to change without notice. Benchmarking is performed with representative data, on a function by function basis. Weights and measurements are approximate only. Actual models may vary in appearance to the illustration and photographs provided. Copyright Network Box Corporation Limited 2013.
3 Intelligence Gathering Network Box 5 makes use of Network Box's global security collection network, that gathers the latest information on vulnerabilities and threats from over 70 sources; such as international URL Blacklists and business partnerships including Microsoft Active Protections Program (MAPP) and Kaspersky Labs. Data is also collected from over 250,000 in-the-cloud virtual sensors, which are exposed to real and current cyber threats. In addition, information is also sourced from existing Network Box customers devices. Lists of source addresses of all types of malicious activity are processed in real-time at Network Box headquarters and updated lists are actively sent to customers using patented PUSH technology. Network Box 5 I Intelligence Gathering 70+ Global security sources including Microsoft Active Protections Program (MAPP) Attack statistics from all customers processed at Headquarters in Real-Time Information gathered from over 250,000 virtual honey pots
4 Entity Management Network Box 5 offers a revolutionary Entity Management system, which completely redefines how users and machines are monitored and protected. Entities are Users and Devices that are parts of your network. Network Box 5 tracks these entities, their attributes (such as MAC addresses, IP addresses, addresses, etc.), and the network resources which they utilize. Rather than presenting a set of disparate screens, showing firewall blocks by IP address, URL access by authenticated user, and by address, the Network Box 5 platform presents a single holistic view of the activity, of each of the entities in your network. For example; calling up user "Joe," will show all his firewall blocks, web accesses, network usage, , etc.; across his desktop, laptop, phone, tablet, and remote VPN. Network Box 5 I Entity Management All the users devices can be grouped into individual entities Presents a single holistic view of the activity, of each of the entities in the network Allows IT Managers to monitor, manage, and protect, their users and networks The entity model itself is built and maintained by automated systems, and is an extremely efficient, and effective, technology, for helping IT Managers to monitor, manage, and protect, their users and networks.
5 Secure Socket Layer (SSL) Proxy SSL is the technology used to provide security to web browser and web application communications. However, as with any modern technology, SSL can suffer from security issues of its own, because of problems with its design, or flaws in its implementation. Regardless, the very fact that SSL data steams are encrypted, means that without SSL-Proxy technology, it is all but impossible to scan such data streams for viruses, worms, spyware, and other undesirable content. Provides security to web browser and web application communications Allows certificate validation policy to be performed and enforced at the gateway SSL traffic is identified, decrypted and then subjected to security functions The SSL-Proxy has therefore been developed with two goals in mind: To enhance security, by allowing connections to secure servers on the Internet to be made with the highest common denominator security, rather than the lowest. For example, even if the certificate installed on an internal computer is known to be compromised, when a connection is made from that computer out to the Internet, a secure certificate is used in its place for the external connection. To allow the scanning of encrypted protocols, so that anti-malware protection, content filtering, and organizational policy enforcement, can take place, despite the data stream being encrypted. Network Box 5 I SSL Proxy
6 Application Identification (i) While traditional firewalls block protocols, and ports, Application Identification looks at the traffic up to and including layer 7 to identify the application responsible for that traffic. Once identified, policy control can be applied to that traffic. The traffic can also be 'promote' - for example HTTP traffic detected on ports other than tcp/80 can be promoted to be handled by the web client scanning modules for anti-malware and policy control. Integrated to the SSL proxy, even traffic inside encrypted SSL sessions can be identified and controlled. The Network Box 5 application identification engine, comes in both Lite and Full versions. The Lite version is included as standard with every UTM+ system; while the optional Full version is available as an upgrade. The new Application Identification system allows connections to be appropriately labelled for reporting and policy control. Encrypted SSL sessions can be identified and controlled Layer 7 traffic analysis Policy control can be applied to traffic In this way, one can detect traffic such as Skype, QQ, FTP, HTTP, Facebook, and more than 1,200 other recognised applications; all based on the traffic itself and not just the network port / address it is on. For enhanced control, the new system also allows data streams to be analyzed both in terms of productivity and potential risk. Network Box 5 I Application Identification
7 Application Identification (ii) The productivity index ranks application usage from 1 (Recreation) to 5 (Business). 1. Primary use is recreation. 2. Main use is recreation. 3. Equally used for business and recreation. 4. Main use is business. 5. Primarily used for business. The risk index ranks application usage from 1 (No Risk) to 5 (Very High Risk). 1. No risk. 2. Minimal risk. 3. Some risk. Possible misuse. 4. High Risk. Possible Data Leaks / Malware. 5. Very High Risk. Evades Detection / Bypasses Firewalls The system supports over 1,200 applications such as Skype, Anon.me, BitTorrent, Gnutella, Facebook, Lotus Notes, Limewire, ICQ Messenger, etc; split over 15 categories and 20 tags. 15 Categories Collaboration Database File Transfer Games Mail Messaging Network Monitoring Networking Proxy Remote Access Social Networking Streaming Media Unknown VPN and Tunneling Web Services 20 Tags Advertisements Encryption Facebook App Instant Messaging Internet Search Logs Communication Media Share Mobile Peer 2 Peer Phones Home Proxy Remote Control Screen Sharing Uses Stealth Video Conferencing Voice Conferencing Excessive Bandwidth Potential Data Leak Prone To Misuse Used By Malware Network Box 5 I Application Identification
8 IPv4 to IPv6 Bridging Network Box 5 supports bi-directional translation between IPv4 and IPv6; allowing IPv4 clients to connect to IPv6 servers, and vice-versa. Certified to globally recognized IPv6 Ready Core Phase-2 Protocol standard Automatic dual-stack interception mechanism combined with outgoing protocol translation IPv6 Border Gateway Protocol offered as a service for customers The system is fully dual-stack, with all middleware services developed from the ground up to be IPv6 capable. Network Box also offers an IPv6 Border Gateway Protocol solution that can be installed along-side the IPv4 to IPv6 bridging service for customers. The Network Box device recognizes both IPv4 and IPv6 protocols. It acts as a Bridge between the two IP clouds so that computers on IPv4 can access computers on IPv6 and vice versa. IPv6 Servers communicate with each other via the IPv6 cloud. Network Box system (installed in front of the servers) IPv4 Servers communicate with each other via the IPv4 cloud. Network Box 5 I IPv4/IPv6 Bridging
9 HTML-5 Dashboard Networks can be monitored using almost any mobile device. This gives vital real-time information to IT Managers, allowing them to constantly monitor their network s status, even when they are away from their workstations. Real-Time Attack Monitoring Supports almost any Mobile Device Customizable Dashboards The most impressive, clearest, and highly customizable Graphical User Interface on the market today Network Box 5 I HTML-5 Dashboard
10 Anti-DDoS WAF+ One of the key design goals of the Network Box Anti-DDoS WAF+ system has been to allow companies and organizations to implement effective Anti-DDoS technology, on an affordable basis. Layer 3 (network) protocol enforcement, including connection rate, data transfer volume and connection slowness can be handled; and a wide range of Layer 7 (application) properties, including URL pattern, user agent and request header contents are taken into account. SYSTEM DESIGN Network Box utilizes the OWASP top ten as a minimum set of guidelines which need to be adhered to. Popular web server and application software packages such as Apache, IIS, Joomla, Drupal, Mediawiki and Wordpress are supported as standard. False positives are kept as low as possible, with the goal of never disallowing any authorized requests. This highly flexible system, allows for load balanced, high availability and clustered configurations, to maximize both performance and business continuity. The defensive strength of the default settings are maximized, and augmented by the power and accuracy of a state-of-the art real-time automated threat fingerprinting engine. This ensures as many incoming threats can be blocked as possible, using the minimum of effort; brute force protection is built-in as standard. IPv6 / IPv4 compatibility has been a fundamental design consideration from the beginning. The system has the ability to recognize IPv6 addresses and all network configuration scenarios and is able to transparently bridge traffic between networks of the two Internet standards. FEATURES Unlike many dedicated Web Application Firewall systems on the market, the Anti-DDoS WAF+ system includes a wide range of capabilities to allow for the mitigation of Distributed Denial of Service attacks. Administrators have a wide range of options for blocking and logging traffic as it passes through the WAF rules system. The rules system offers the possibility to define both positive and negative security models. Cyber attacks can be monitored in real-time, using an easy to understand, highly customizable HTML-5 GUI. In addition, Adobe PDF format reports can be generated to meet organizational reporting requirements. In the event of a newly discovered web application vulnerability being revealed, or an actual attack taking place, the Network Box Anti-DDoS WAF+ system allows for the real-time installation of emergency virtual patches at the gateway, in the form of specific WAF rules, to immediately detect and prevent any specific security issues.
11 Security Models The Anti-DDoS WAF+ supports five security models. Individual servers, web sites within those servers, URL paths and applications can be protected with a combination of any of these security models: Vulnerability Protection The Anti-DDoS WAF+ uses a powerful rules language to protect against the latest known vulnerabilities and exploit techniques. This is kept up-to-date, from a network of over 70 security partners including Microsoft s MAPP program. Protected systems can be virtually patched at the gateway without having to install the patches on the affected systems themselves; keeping protected systems secure. DDoS/DoS Model The DDoS/DoS model works in co-operation with the Proxy Base DDoS and Network DDoS models to track usage patterns and identify attack sources for suppression/mitigation and blacklisting. Examples of techniques used include: - connection rate limiting - request rate limiting - negative response rate limiting - repeat request limiting - request duration limiting Outbound Protection The Anti-DDoS WAF+ can enforce policy on outbound traffic. This is commonly used for: - data leakage prevention (DLP) - detection of defacement - other such capabilities When combined with other modules (such as Web Server Anti-Virus and Network Infected LAN), an effective outbound defence can be defined. Negative Security Model Scans inbound requests and applies protection criteria (signatures, rules and heuristics) to detect: - protocol anomalies - unusual behavior - exploits and other common attacks Sources of attacks can be integrated with other security modules to react to such malicious traffic, or the traffic itself can simply be logged, dropped or sanitized. Positive Security Model The Positive Security Model requires the definition of a set of rules to define: - what applications will be permitted - what traffic will be permitted All other non-conforming traffic is rejected.
12 Request and Response Analysis The Anti-DDoS WAF+ conducts extensive decoding and analysis of the web server traffic. This analysis is conducted early on, and in six stages: Body Body Inbound Connection Request Headers Request Outbound Connection Response Headers Response 4 Outbound Connection The system can be configured to immediately connect upon receipt of inbound connections By judicious use of protection rules at each of these stages, both the client and web server can be protected from each other. The rule database currently contains approximately 6,300 rules combined with a signature database to identify several million threat sources. All signatures and rules are updated in real-time by the Network Box PUSH update system. 1. Inbound Connection The inbound connection details are known at this stage (such as source and target IP addresses). This can be correlated with the statistical history of that source and a decision is made whether to permit the source to send a request or to reject the connection. 2. Request Headers The request from the source is received and decoded/analyzed. The contents of these headers can be analyzed and subjected to protection rules and a decision is made whether or not to permit the source to send the request body (if required). 3. Request Body (applicable to some requests only) At this stage, the entire request has been received and decoded/analyzed. The contents of the request body can be analyzed and subjected to protection rules and a decision is made whether or not to permit the source to continue with connection to the server. 4. Outbound Connection The Anti-DDoS WAF+ can be configured to make outgoing connections immediately after the inbound connection is made (stage 4 occurs immediately after stage 1 and before stage 2), in cases where performance and response time is critical; or to delay outbound connection until after reception of request headers and body. Giving administrators a greater amount of flexibility for traffic redirection and rule enforcement. 5. Response Headers The protected web server will respond to the request headers and body with response headers. These headers are decoded/analyzed, and protection rules are applied so that a decision can be made whether or not to permit the server to transmit these headers on to the client. 6. Response Body The protected web server will follow up the response headers with a response body. This body can be decoded/analyzed, and protection rules are applied so that a decision can be made whether or not to permit the server to transmit this body on to the client.
13 Protocol Validation and Policy Restriction The Anti-DDoS WAF+ has extensive support for protocol validation and policy restriction of the HTTP protocol requests and responses: The Network Box Access Control List (ACL) system is used so that restrictions can be placed at a very granular level (eg; user, protected server, URL, path, parameter, etc). The proxy can integrate to the Scan Anti-malware module for further in-depth request filtering. - Request Method Validation - Request Protocol Version - Request URL Encoding Validation - Request Unicode Encoding Validation - Request Directory Traversal Validation - Response Protocol Version - Request Protocol Policy - Request Element Content Policy - Request Element Length Policy - Request Element Byte Range Policy - Response Protocol Policy - Request Method Length Policy - Request Line Length Policy - Request URI Length Policy - Request Query String Length Policy - Request Protocol Length Policy - Request Number of Headers Policy - Request Header Name Length Policy - Request Header Value Length Policy - Request Body Length Policy - Request Number of Cookies Policy - Request Cookie Name Length Policy - Request Cookie Value Length Policy - Request Number of Parameters Policy - Request Parameter Name Length Policy - Request Parameter Value Length Policy - Request URI Protocol Part Length Policy - Request URI Host Part Length Policy - Request URI Path Part Length Policy - Request URI Parameter Part Length Policy - Request URI Bookmark Part Length Policy - Request POST/PUT Number of Files Policy - Request POST/PUT File Length Policy - Request POST/PUT Total File Lengths Policy
14 Response Filtering The system can be integrated with Scan DLP and Anti-Malware modules for further in-depth response filtering. Policy rules can be defined to filter the responses from the protected server: Response Header removal/change/addition Response Result Filter Response Body Filter The Anti-DDoS WAF+ will typically be installed inline between the attack source and the web servers to be protected. Web requests destined for the protected web servers are transparently intercepted and proxied by the Anti-DDoS WAF+, and subjected to protection rules before being passed on to the web servers. Replies from the protected web servers are similarly intercepted and subjected to protection rules before being returned to the sender.
15 DDoS Mitigation The Anti-DDoS WAF+ uses real-time automated fingerprinting to identify and blacklist attacks. The system takes milliseconds to respond to brute force attacks that typically come from thousands of sources. The Anti-DDoS WAF+ offers DoS/DDoS mitigation facilities. In particular: - Total connections limiting - Total connection rate limiting - Per-source connections limiting - Per-source connection rate limiting - Per-source-per-method rate limiting - SYN cookies for SYN flood protection - Outbound connection postponement Real-Time Automated fingerprinting Slows down attacks by a factor of up to 1,000 Millisecond response to brute force attacks The system keeps track of DDoS information on a per-source basis (which it periodically maintains and prunes), and imposes limits on reasonable behavior. Sources which exceed those limits are deemed to be DoS/DDoS attack sources and mitigated. BOTNET The BOTNET will attempt to attack and overwhelm the victim s web server Anti-DDoS WAF+ will DETECT, FINGERPRINT and MITIGATE the attack Web Server LEGITIMATE USERS Anti-DDoS WAF+ allows legitimate users to access the web server.
16 Transaction Analysis Comprehensive web protocol analysis, extracts hundreds of web transaction properties for use in the rules engine. High performance rules engine capable of millions of rule-checks per second Up to 15,000 fully analyzed transactions per second Support for major Content Management Systems including: Joomla, Drupal, and Wordpress Default rule sets contain protection for commonly used web application frameworks. New threats to the application frameworks can be quickly identified and mitigated by the Anti-DDoS WAF+ avoiding the need to perform a costly upgrade to the web application itself. ATTACKER Exploiting a new security vulnerability, the attacker sends malicious requests such as: The WAF detects that it is a malicious request and blocks the request. - SQL Injection - XSS Injection - Insufficient Input Validation WAF Web Server LEGITIMATE USERS The WAF detects that the data is a normal request and allows it to pass.
17 SSL Offload and Upgrade The Anti-DDoS WAF+ can be configured as a terminator for SSL traffic, offloading cryptographic computation workload onto the Anti-DDoS WAF+ system therefore relieving web content servers of significant CPU stress. In addition to the standard SSL Offload feature, Network Box middleware software uses an up-to-date and actively maintained SSL software infrastructure, effectively upgrading a customer s secure website to the latest, most secure SSL protocols. Reduces CPU workload Up-to-date and actively maintained SSL protocols Administrative control over SSL connection properties
18 Anti-DDoS WAF+ (i) Comments General Concurrent Connections Traffic Throughput Transaction/sec Granular Role-Based Administration Integration with approved enterprise SEIM. Supports 60,000+ concurrent connections. Throughput up to 800 Mbps for basic WAF rule sets. 15,000 fully analyzed transactions per second. Policy rules may be applied to clients identified by a number of connection and transaction properties. Network Box proprietary logging system can output system and event messages in a number of formats. Deployment Inline - Transparent Edge Inline - Reverse Proxy High Availability Supports in-line transparent data interception. Original client addresses are preserved. Supports in-line connection termination as a reverse proxy. Original client address forwarded to target site in http headers. Using dynamic inter-device status notifications (VRRP) or with a load balancing/forwarding device installed in front. Protection Protected Protocols Supported Application HTTP, HTTPS (SSL), XML, Web services, SOAP and AJAX supported using baseline protection rule sets. Special protection rule sets available for known web application frameworks such as Drupal, Joomla, many more. For SSL support, it is recommended that the device perform SSL termination using the optional SSL Protocol Upgrade module. Anti-DDoS WAF+ is deployed as a standalone inline solution, so is agnostic to the web server backend. Some custom protection rule sets are available that provide protection not only for web application frameworks, but also for web server vulnerabilities, for example: Apache Range header vulnerability: CVE , Internet Information Server.
19 Anti-DDoS WAF+ (ii) Comments OWASP Top 10 Protection PCI DSS Compliance Rule Writing, and Administrative Flexibility Brute Force Login Attack, Buffer Overflow, Command Injection, Cookie Poisoning, Cross-site Request Forgery (CSRF), Cross-site Scripting, Denial Of Service, Directory Traversal, Parameter Manipulation, Phishing, Remote File Inclusion Attacks, Session Hijacking and SQL Injection protection is provided as part of the standard baseline protection rule set. Flexible rule language in the Network Box ACL system can block access based on many properties of both client and target, from the network layer up to protocol layer, as well as external properties such as time of day. Multiple Rule Actions Secure Management Change Management / Auditing White Listed & Black Listed source addresses allow/alert/debug/permit/deny/alertonly/log/nolog options available. Management performed by Network Box Security Operations Centre engineers. Full history of configuration options saved internally on device, and optionally mirrored back to Security Operations Centre, for purposes of audit. Anti-DDoS WAF+ maintains a system wide black list of addresses and blocks all traffic from these sources. It performs blocking at the network layer, causing very little stress on the device. In addition, built-in DDoS technology can automatically detect sources of denial of service and update system blacklists. Correlation and Application Support Bi-directional Web Traffic Analysis Application Performance Metrics Application Source Code Leak Detection Outgoing responses can have their own set of WAF rules applied to them. HTML-5 web based graphical user interface to query real time and historical event log data and create reports. Available through optional protection rule sets.
20 Technical Specifications Key WEB APPLICATION SECURITY - OWASP Top-Ten Protection - Protection against common attacks - Form field meta data validation - Adaptive security - Response control + Block client + Reset connection + Redirect + Log as suspicious - Outbound data theft protection + Credit card numbers + Social Security numbers + Custom pattern matching (regular expression) - Granular policies for HTML/HTTP elements - Protocol limit checks - File upload control - Blocking based on Client IP Reputation DoS/DDoS MITIGATION - Total connection count limiting - Total connection rate limiting - Per-source connections limiting - Per-source connection rate limiting - Connection rate statistical anomalies - Data throughput/bandwidth consumption limiting - SYN cookies for SYN flood protection - Outbound connection postponement LOGGING - Remote log forwarding - System log (TCP/UDP) MONITORING AND REPORTING - HTML-5 GUI - Adobe PDF reporting - Secure remote administration XML FIREWALL - XML DoS protection - Schema / WSDL enforcement APPLICATION DELIVERY AND ACCELERATION - High availability - Load balancing - SSL offloading SUPPORTED WEB PROTOCOLS - HTTP/S 0.9/1.0/1.1 - XML - IPv6 Ready SUPPORTED WEB APPLICATIONS - Apache - IIS - Joomla - Drupal - Mediawiki - Wordpress Key Metrics M-385 E-1000x E-2000x E-4000x Malicious HTTP/HTTPS Traffic Blocks per second 54, , , ,000 HTTP Traffic Classifications per second 22,000 31,000 65,000 95,000 Accepted HTTP Transactions per second 2,100 2,100 4,000 7,000 Accepted HTTPS (SSL) Transactions per second 2,000 2,000 3,800 6,500 Malicious HTTP/HTTPS Traffic Blocks per second - how much bad traffic can be handled from previously identified sources HTTP Traffic Classifications per second - how much good traffic and bad traffic can be handled while attack sources are being identified Accepted HTTP Transactions per second - how much good traffic the appliance can handle Accepted HTTPS (SSL) Transactions per second - how much SSL good traffic the appliance can handle
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
Importance of Web Application Firewall Technology for Protecting Web-based Resources By Andrew J. Hacker, CISSP, ISSAP Senior Security Analyst, ICSA Labs January 10, 2008 ICSA Labs 1000 Bent Creek Blvd.,
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks email@example.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
Imperva Technical Brief Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6 The PCI Security Standards Council s (PCI SSC) recent issuance of an Information Supplement piece
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
How to Protect Your from Hackers Web attacks are the greatest threat facing organizations today. In the last year, Web attacks have brought down businesses of all sizes and resulted in massive-scale data
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
> White Paper ProxySG for Reverse Proxy Web-based solutions are being implemented for nearly every aspect of business operations, and increasingly for trusted environments with mission-critical business
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its
V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
Threat Containment for Facebook Based on statistics for more than 62M users in 2009, the Blue Coat WebPulse cloud service ranked social networking as the number one most requested web category, surpassing
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: firstname.lastname@example.org Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
Next Generation Firewall Product Overview SANGFOR Next-Generation Firewall is designed with Application Control, Intrusion Prevention and Web Security in mind, providing deep and fine-grained visibility
Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components
> White Paper ProxySG Web Application Firewall Web-based solutions are being implemented for nearly every aspect of business operations, and these are increasingly under attack within public web access
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
Protect your internal users on the Internet with Secure Web Gateway Richard Bible EMEA Security Solution Architect Identity and Access Management (IAM) Solution Authentication, Authorization, and SSO to
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
White Paper Secure Reverse Proxy Server and Web Application Firewall 2 Contents 3 3 4 4 8 Losing control Online accessibility means vulnerability Regain control with a central access point Strategic security
Management Portal & Dashboard Mailwall Remote Features Tour Datasheet Feature Benefit Learn More Screenshot Cloud based portal Securely manage your web filtering policy wherever you are without need for
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of
Application Firewall Overview Published: February 2007 For the latest information, please see http://www.microsoft.com/iag Contents IAG Application Firewall: An Overview... 1 Features and Benefits... 2
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
Web Application Firewall on SonicWALL SSL VPN Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SSL VPN 5.0. This document contains the following
Vulnerabilities will continue to persist Vulnerabilities in the software everyone uses everyday Private Cloud Security It s Human Nature Programmers make mistakes Malware exploits mistakes Joe Gast Recent
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review
Overview The term BFSI stands for Banking, Financial Services and Insurance (BFSI). This term is widely used to address those companies which provide an array of financial products or services. Financial
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
F5 ASM i DB Monitoring w ofercie NASK Impacting People s Daily Lives F5 is Everywhere 2 3 Agenda Security What are the challenges Operation Efficiency using a ADC Database and Application Monitoring Round
1. Built-In SPI Firewall to Protect Your Enterprise Network BroadScan UTM core design is based on its Stateful Packet Inspection ( SPI ) firewall, providing complete firewall protection. By default, the
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that