Gateway Security at Stateful Inspection/Application Proxy
|
|
- Moses McGee
- 8 years ago
- Views:
Transcription
1 Gateway Security at Stateful Inspection/Application Proxy Michael Lai Sales Engineer - Secure Computing Corporation MBA, MSc, BEng(Hons), CISSP, CISA, BS7799 Lead Auditor (BSI)
2 Agenda Who is Secure Computing Corporation Stateful Inspection vs Application Proxy IPS on Application Proxy Firewall Web Page Displacement P2P/IM Control Cross Site Script Q&A
3 Who is Secure Computing Corporation
4 Secure Computing Highlights Who We Are Public company (NASDAQ: SCUR); HQ is San Jose (USA), Worldwide presence; 900+ employees Largest independent enterprise gateway security company Annual billings run rate ~$300M, profitable, strong cash generation Singular focus on enterprise gateway to enable safe, secure and productive use of open networks, including the Internet What We Do Technology Perimeter protection most secure firewalls, Identity & Access Comprehensive messaging & web gateway security Inbound & Outbound protection: Block the bad and guard the good 145 Patents pending/granted Unmatched protection with TrustedSource using global intelligence Purpose-built gateway security appliances Recognized leadership positions by Gartner and IDC Customers 20,000+ Blue-chip customers in 106 countries. 60% of Fortune 500; 56% of DJ Global 50; 8 out of 10 top world banks
5 Enterprise Gateway Security Integrated, Best-of-Breed Appliances Secure your Network Edge Firewall Sidewinder AV IPS Connex Control Secure your Messaging Anti- Communication Virus Anti- IronMail Compliance Spam Intrusions Encryption Data & Users Internet Ensure proper Identity & Access SafeWord Authentication Connex Control Authorization Secure your Web Encryption Communication Anti- Webwasher Compliance Virus Anti- Malware URL Filtering Network Gateway Application Gateway
6 Stateful Inspection vs App Proxy
7 Two Kinds of Firewall - Network layer and packet filters (L4) : - Control based on IP and port - Stateful and stateless - Application-layer (L7): - Intercept all packets traveling to/from an application - Inspecting all packets for improper content
8 Proxy Technology Vs. Packet Filtering Only Trusted Proxies Talk to Your Servers! PROXIES > External clients NEVER DIRECTLY CONNECT with the internal application servers TWO SEPARATE CONNECTIONS are maintained per client-server session ONLY TRUSTED PROXY is allowed to talk directly to the internal application servers Securely processing packets Versus. Just passing packets Stateful Inspection Compromises Security STATEFUL INSPECTION > Stateful Inspection (SI) allows external clients a DIRECT PACKET FLOW WITH SERVERS SI is more like a router than a true firewall COMPROMISING SECURITY to gain performance Helping unknown sources get direct connections with internal servers is a POOR SECURITY DESIGN
9 Application Proxy Technology Client ONLY Sidewinder s trusted proxy is allowed to talk directly to internal application servers Two separate connections are maintained per client-server session Proxy securely processes client requests to the server Proxy automatically strips out attacks trying to introduce malicious commands that violate RFCs Proxy may be further configured to tightly enforce a limited-use policy for the application Client-server communications are configured to only allow needed operations and denies all else! Untrusted TCP/IP Stack HTTP Proxy Layer 7 defenses Full packet assembly RFC compliance Configured to allowed use All else denied Scanning Engines Trusted TCP/IP Stack Server Web Server App Server Oracle SQL Citrix VoIP Etc.
10 Proxy-Based Application Defenses The power of the Positive Model of security POSITIVE MODEL OF SECURITY Deny all methods of communicating with the application unless the methods are explicitly allowed. Proxy configuration selections define the only allowed communications with the protected applications! RFC compliance is automatically enforced. Not just simple signature-based checks that is the negative model of security (allow all traffic while looking for the bad known in the traffic) Positive Model proxies have deep understanding of the applications they protect Proxy GUI treatment allows very granular control over how clients communicate with protected applications Protecting applications this way stops zero-hour unknown attacks
11 Attack Containment & Control Analogy Type Enforcement Master Control SecureOS FTP NTP Sendmail Web SQL Open SSL SNMP Telnet DNS Server VPN Master Control (Type Enforcement in the OS kernel) Nothing happens on any file, directory or executable without real-time permission being granted (Non by-passable) Compartmentalization of functions Software applications running in secure compartments Eliminates attack creep from one application to another Containment of attacks If one software piece fails or is attacked, others keep running unaffected Authorization to board No foreign software can launch on the system because it would lack Type Enforcement (trojans, viruses, attack scripts, etc.)
12 IPS on Application Firewall
13 IPS at Stateful Inspection Firewall Usually, great performance drop if the IPS is turned on. For example, from 2Gbps to 300Mbps It is because the firewall cannot apply protocol enforcement The firewall has no ability to recognize the protocol or ability to scan traffic selectively Hence, all traffic will be scanned with the whole IPS database
14 Customized IPS for Different Attack Sidewinder allows customized signature for each connection Performance enhanced Different response can be set for different attack Default rule sets are built-in for popular protocol
15 Select how you want SIP.SOFTSTONE.REXPLOIT"; content: the firewall to respond " if the signature is hit Look for relevant signature groups for the service VoIP/SIP and add to the rule
16 Signature groups are provided so the firewall is at maximum efficiency in employing signatures only for services and connections you wish to inspect with signatures.
17 Web Page Displacement
18 Secure The Passing Traffic Web Sites Internet The firewall should have ability to handle the traffic passing through it - Mac address (L2) - IP address (L3) and Port (L4) - VPN (L2 L4) - IPS (L3 L7) - Anti-Virus and Anti-Spam (L7) - Protocol anomaly detection and content control (L7) - Proxy function
19 Attack Demo - Identify the Victim The demo will show a hacker change the price of a web site selling book and CD so that he can buy at a very low price
20 Attack Demo Launch an Attack The hacker runs a script to replace the file on the web site
21 Where can the Attacking Traffic be Stopped - By connection (L2 to L4) - Yes if you know where is source IP of the hacker - By connection behavior (L3 to L5) - No because it is not DOS or network probe and the connection is same as from a normal user - By IPS (L3 L7) - Yes provided that the IPS signature includes the particular code such as cgi-bin/foo.bat? dir+c:+>..\htdocs\dir.txt or cgibin/foo.bat? echo+hacked+owned+by+dr0zz+>>+..\htdocs\index2.html - By AV (L7) - No because the file passing through the firewall has text and image only. - By Protocol (L7) - Yes, because most web site attack violate the HTTP protocol RFC standard. See below demo.
22 A Common Solution in HK Secure your Network Edge 1st Tier FW IPS 2nd Tier FW Internet Data & Users 1st Tier FW IPS 2nd Tier FW Central Management - L3/L4 FW cannot scan content - IPS is the only chance to block the attack - Fail to have multiple layer protection
23 Solution From Secure Computing 1st Tier FW IPS 2nd Tier FW Internet Data & Users 1st Tier FW IPS 2nd Tier FW - TrustedSource stops connection from suspicious IP - Two different IPS (Snort + SCC) - Content filtering by protocol control
24 Blocked by Protocol Anomaly Detection This is a sample of injection attack. The injected command violate the HTTP Protocol and it can be stopped by application layer firewall
25 Sample HTTP Attack Stopped by Sidewinder
26 P2P/IM Control
27 Block by Protocol Enforcement - P2P/IM connection uses non-common port will be blocked by default - Only P2P/IM uses port 80/443 can make connection - In Application Awareness firewall, port 80 and 443 can be bound with HTTP and HTTPS respectively. No tunneling - Only P2P/IM uses port 80/443 with standard HTTP/HTTPS can pass through - E.g. Skype will be blocked because it uses non-standard SSL
28 Block by Content Control - Application firewall allows you to control the content within the protocol - Only P2P/IM cannot have identified type within the protocol can pass through. - E.g MSN can be blocked by denying x-msn-message MIME type.
29 Block by URL Filtering - As the P2P/IM uses standard HTTP/HTTPS, a valid URL should be found - All P2P/IM can be blocked provided that the URL control database includes the URL/IP - E.g. FOXY file sharing can be blocked
30 Cross Site Script
31 The Leader in Proactive Protection Largest Reputation Network Feeds from thousands of load balancers, FWs, Msg & Web gateways Highest quality data Over 100 Billion Messages/month Millions of URLs Most Reliable Reputation Score 25 research scientists Sophisticated behavior analysis 450,000+ zombies detected each day Best image spam detection Portland Atlanta Brazil -180 Data Store Bad London Hong Kong Reputation Query Internet Traffic Reputation Score Calculated Suspicious Internal Network +180 Good Be Proactive in Protecting From Next Generation Threats Work with the clear leader in this business!
32 - In the future, all incoming connection will have the TrustedSource screened. - Only trusted IP can make connection to Sidewinder or Snapgear. - The risk of making connection from a hacker or a zombie will be reduced significantly. In the Future
33 A Sample Hacked Site Searched on 30 Apr 2008
34 The Sample Cross-Site Script
35 Client Protected by TrustedSource It may be the hacked site and the final script hosting site AV/IPS can stop the known attack Content control can deny script
36 Server Protected by Sidewinder Trusted Source protected the server from dangerous client such as zombie App proxy can apply URL control to stop injection attack and deny SOAP AV and IPS can kick out known attack
37 Q&A
Secure Computing s TrustedSource
The industry s most acclaimed reputation system Proactive security based on global intelligence. Secure Computing s TrustedSource One of the most important characteristics of enterprise security is proactive
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationImportance of Web Application Firewall Technology for Protecting Web-based Resources
Importance of Web Application Firewall Technology for Protecting Web-based Resources By Andrew J. Hacker, CISSP, ISSAP Senior Security Analyst, ICSA Labs January 10, 2008 ICSA Labs 1000 Bent Creek Blvd.,
More informationStateful Inspection Technology
Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationSymantec Enterprise Firewalls. From the Internet Thomas Jerry Scott
Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls
CSE 4482 Computer Security Management: Assessment and Forensics Protection Mechanisms: Firewalls Instructor: N. Vlajic, Fall 2013 Required reading: Management of Information Security (MIS), by Whitman
More informationNew possibilities in latest OfficeScan and OfficeScan plug-in architecture
New possibilities in latest OfficeScan and OfficeScan plug-in architecture Märt Erik AS Stallion Agenda New in OfficeScan 10.5 OfficeScan plug-ins» More Active Directory support» New automated client grouping
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationWho Moved My Firewall. Clinton Thomson Derivco (PTY) Ltd
Who Moved My Firewall Clinton Thomson Derivco (PTY) Ltd 1 Agenda Introduction to Derivco (Pty) Ltd Efficacy of Firewalls Firewall Roles Threat Landscape De-perimeterisation Q & A 2 Derivco as a company
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationApplication Security WHY NETWORK FIREWALLS AND INTRUSION PREVENTION SYSTEMS AREN T ENOUGH
W H I T E P A P E R Application Security WHY NETWORK FIREWALLS AND INTRUSION PREVENTION SYSTEMS AREN T ENOUGH Table of Contents 2 Network Firewalls: Notable Facts Why that s good Why that s not good enough
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationLesson 5: Network perimeter security
Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
More informationBoston Area Windows Server User Group April 2010
Boston Area Windows Server User Group April 2010 Hey Jack, don t you have a new job? Yes, unbelievably, my job is better than ever. After working in our outstanding Support Engineering team for the past
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationMcAfee Firewall Enterprise: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network
: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network Reputation filtering with TrustedSource and Geo-Location cost-effectively minimizes
More informationWeb Application Security
Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationCyberoam Next-Generation Security. 11 de Setembro de 2015
Cyberoam Next-Generation Security 11 de Setembro de 2015 Network Security Appliances UTM, NGFW (Hardware & Virtual) 2 Who is Cyberoam? Leading UTM company, headquartered in Ahmedabad, India founded in
More informationFortigate Features & Demo
& Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation (cont d) Traffic Shaping IPSEC VPN SSL
More informationAnti-SPAM Solutions as a Component of Digital Communications Management
Anti-SPAM Solutions as a Component of Digital Communications Management Ron Shuck CISSP, GCIA, CCSE Agenda What is Spam & what can you do? What is the cost of Spam E-mail E to organizations? How do we
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationNext Generation Firewall
Next Generation Firewall Product Overview SANGFOR Next-Generation Firewall is designed with Application Control, Intrusion Prevention and Web Security in mind, providing deep and fine-grained visibility
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationAstaro Gateway Software Applications
Astaro Overview Astaro Products - Astaro Security Gateway - Astaro Web Gateway - Astaro Mail Gateway - Astaro Command Center - Astaro Report Manager Astaro Gateway Software Applications - Network Security
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More informationStateful Inspection Technology
White Paper Stateful Inspection Technology The industry standard for enterprise-class network security solutions Check Point protects every part of your network perimeter, internal, Web to keep your information
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationNGFWs will be most effective when working in conjunction with other layers of security controls.
Research Publication Date: 12 October 2009 ID Number: G00171540 Defining the Next-Generation Firewall John Pescatore, Greg Young Firewalls need to evolve to be more proactive in blocking new threats, such
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationHuawei Eudemon200E-N Next-Generation Firewall
Huawei 200E-N Next-Generation Firewall With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of works. This change in IT
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationNetDefend Firewall UTM Services
Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationChapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall
Figure 5-1: Border s Chapter 5 Revised March 2004 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Border 1. (Not Trusted) Attacker 1 1. Corporate Network (Trusted) 2 Figure
More informationSecuring Business-Critical Network and Application Infrastructure NET&COM Feb 2006 Gopala Tumuluri Foundry Networks www.foundrynet.
Securing BusinessCritical Network and Application Infrastructure NET&COM Feb 2006 Gopala Tumuluri Foundry Networks www.foundrynet.com Agenda Security Market and Solutions Overview New NetworkBased Security
More informationContent Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway
TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationEvolutionism of Intrusion Detection
Evolutionism of Intrusion Detection Jackie Lai The network technology changes with each passing day; and the attack technique of hacker also weeds through the old to bring forth the new. Worms such as
More informationIronPort X1000 Email Security System
I r o n P o r t A p p l i a n c e s T H E U LT I M AT E E M A I L S E C U R I T Y S Y S T E M F O R T H E W O R L D S M O S T D E M A N D I N G N E T W O R K S. IronPort X1000 Email Security System O v
More informationUsing Palo Alto Networks to Protect the Datacenter
Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular
More informationIT Sicherheit im Web 2.0 Zeitalter
IT Sicherheit im Web 2.0 Zeitalter Dirk Beste Consulting System Engineer 1 IT Sicherheit im Web 2.0 Zeitalter Cisco SIO und Global Threat Correlation Nach dem Webinar sollte der Zuhörer in der Lage sein:
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationWhat is Firewall? A system designed to prevent unauthorized access to or from a private network.
What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationISA Server Plugins Setup Guide
ISA Server Plugins Setup Guide Secure Web (Webwasher) Version 1.3 Copyright 2008 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed,
More informationBasic computer security
Mag. iur. Dr. techn. Michael Sonntag Basic computer security E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology
More informationInspection of Encrypted HTTPS Traffic
Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationHow To Build A Network Security Firewall
Ethical Hacking and Countermeasures Version 6 Module LX Firewall Technologies News Source: http://www.internetnews.com/ Module Objective This module will familiarize i you with: Firewalls Hardware Firewalls
More informationSecurity Administration R77
Security Administration R77 Validate your skills on the GAiA operating system Check Point Security Administration R77 provides an understanding of the basic concepts and skills necessary to configure Check
More informationSafeNet Content Security. esafe SmartSuite - Security that Thinks. Real-time, Smart and Simple Web and Mail Security Solutions.
SafeNet Content Security esafe SmartSuite - Security that Thinks Real-time, Smart and Simple Web and Mail Security Solutions Product Overview Malware CONTENT SECURITY Antivirus Malware A secure Web gateway
More informationNetwork protection and UTM Buyers Guide
Network protection and UTM Buyers Guide Using a UTM solution for your network protection used to be a compromise while you gained in resource savings and ease of use, there was a payoff in terms of protection
More informationIREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business
IREBOX X IREBOX X Firebox X Family of Security Products Comprehensive Unified Threat Management Solutions That Scale With Your Business Family of Security Products Comprehensive unified threat management
More informationCisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices
Data Sheet Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices Medium-sized enterprises face the same daunting challenges as the Fortune 500 and Global 2000 - higher mail volumes and
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationToday's security needs in networking
Today's security needs in networking Besoins actuels de la sécurité réseau European partner summit Thursday, October 13, 2005 Hervé Schauer Hervé Schauer Agenda Firewalls Liability
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationWebsense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security
Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content even
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationYour Security Partner of Choice
Your Security Partner of Choice 6/16/14 2 About WatchGuard 100% CHANNEL 5,000 partners in 120 countries Ø Firewall appliance pioneer Ø Nearing 1,000,000 appliances shipped to business customers worldwide
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationAutomate your IT Security Services
Automate your IT Security Services Presenter: Cyberoam Our Products Network Security Appliances - UTM, NGFW (Hardware & Virtual) Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Modem
More informationPART D NETWORK SERVICES
CONTENTS 1 ABOUT THIS PART... 2 2 PUBLIC NETWORK... 2 Internet... 2 3 PRIVATE NETWORK... 3 Global WAN services... 3 4 SECURITY SERVICES... 3 Firewall... 4 Intrusion Prevention (Network)... 5 SSL/IPSEC
More information