Multi-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures

Transcription

1 Multi-Layer Security for Multi-Layer Attacks Preston Hogue Dir, Cloud and Security Marketing Architectures

2 High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual Edition Appliance Chassis Network [Physical Overlay SDN] F5 Agility

3 Data Plane Programmability Control Plane Management Plane Virtual Edition Appliance Chassis Virtual Edition Appliance Chassis Network [Physical Overlay SDN] F5 Agility

4 F5 Security Strategy

5 F5 Agility

6 F5 Agility

7 F5 Agility

8 F5 Agility

9 Evolving Security Threat Landscape cookie tampering Identity Extraction malware redirected traffic DNS Cache Poisoning SSL renegotiation CSRF Trojans parameter tampering SQL Injection smurf slowloris ICMP Flood spear attack CVE attack phishing UDP DNS malformed flood packet web scraping syn flood HTTP fragmentation brute force recursive GET social DNS Amplification ping of death Phishing XSS key loggers engineering URL tampering F5 Agility HashDos privilege escalations excessive GET/POST sockstress

10 What does F5 know about security?

11 Control through context Client Information + Traffic Content + Application Health F5 Agility

12 1. Client context in security OS Device Operating Browser Geolocation IP intelligence system F5 Agility

13 2. Traffic context in security XSS Unauthorized access SYN flood XSS SQL injection Fraud F5 Agility

14 3. Application context in security v3.1??? App health Server status Software type/version App vulnerability Resource capacity F5 Agility

15 You can t secure what you don t know.

16 F5 Agility

17 F5 Agility

18 Full-proxy architecture WAF WAF Slowloris attack XSS HTTP irule LB1 irule HTTP Data leakage SSL renegotiation SSL irule irule SSL SYN flood ICMP flood TCP irule irule TCP Network Firewall F5 Agility

19 Slide 18 LB1 Per Preston, make instances of irule smaller. Add "Security context" above irule. Lorraine Barnes;

20 F5 provides comprehensive application security Enterprise Mobility Management Inspecting SSL Web Fraud Protection IP Intelligence DDoS Protection Securing access to applications from anywhere Application Access Management Network Firewall Secure DNS High-Performance IPS Web Application Firewall Protecting your applications regardless of where they live F5 Agility

21 Built for intelligence, speed and scale Users Concurrent user sessions 200K Concurrent logins 3,000/sec. Resources Throughput 640 Gbps Concurrent connections 288 M DNS query response 12 M/sec SSL TPS (2K keys) 240K/sec Connections per second 12.2 M

22 Full proxy security BIG-IP APM F5 Agility

23 BIG-IP ASM Request Reply BIG-IP ASM HTTP Slowloris irule irule HTTP SlowPost SSL Renegotiation irule irule SSL Re-encryption TCP SynFlood irule irule TCP OneConnect BIG-IP AFM BIG-IP AFM F5 Agility

24 BIG-IP ASM Request Reply BIG-IP ASM HTTP Slowloris irule irule HTTP SlowPost SSL Renegotiation irule irule SSL Re-encryption TCP SynFlood irule irule TCP OneConnect F5 Agility

25 BIG-IP LTM F5 Agility

26 F5 Provides Complete Visibility and Control Across Applications and Users Securing access to applications from anywhere Virtual Edition Chassis Appliance Protecting your applications regardless of where they live F5 Agility

27 Identity and Access Management (IAM) Solution Securing access to applications from anywhere Authentication, Authorization, and SSO to All Apps Secure Web Gateway Internet Internet Apps Internet Apps Web Access Management Remote Access and Application Access Enterprise Apps Virtual Edition Appliance Chassis Mobile Apps Enterprise Mobility Management Federation Cloud, SaaS, and Partner Apps F5 Agility

28 Application Delivery Firewall (ADF) Solution Protecting your applications regardless of where they live Bringing deep application fluency and price performance to firewall security One Platform Network Firewall Traffic Management Application Security Access Control DDoS Protection SSL DNS Security Web Fraud Protection EAL2+ EAL4+ (in process) DC FW (in process) WAF (in process) DDoS (pending) F5 Agility

29 F5 provides comprehensive application security Mobile App Management Network DDoS Protection Web Application Firewall Network Access DNS DDoS Protection Application Access Network Firewall SSL DDoS Protection Application DDoS Protection Fraud Protection F5 Agility

30 F5 security reference architectures Mobile App Management Network DDoS Protection Web Application Firewall Secure Mobility Network Access Secure Exchange DDoS Protection DNS DDoS Protection Web App Firewall Secure Web Gateway Remote Access Network Firewall Secure DNS Secure VDI Application Access Network Firewall Web Access Management SSL DDoS Protection Inspecting SSL Application DDoS Protection Fraud Protection Versafe F5 Agility

31 Secure Mobility Secure Exchange DDoS Protection Web App Firewall Secure Web Gateway Remote Access Network Firewall Secure DNS Secure VDI Web Access Management Inspecting SSL Versafe F5 Agility

32 Reference Architectures

33 F5 Reference Architectures Real solutions for real problems Web Fraud Protection High Performance IPS S/Gi Network Simplification Security for Service Providers Application Services Migration to Cloud DevOps DDoS Protection LTE Roaming Intelligent DNS Scale Cloud Federation Cloud Bursting Secure Web Gateway Benefits Minimize deployment times Reduce security design costs Strengthen security posture F5 F5 Agility Networks, 2014 Inc. 32

34 DDoS Protection Reference Architecture Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E- Commerce Subscriber Threat Threat Feed Intelligence Feed Intelligence Scanner Anonymou s Proxies Anonymou s Requests Botnet Attacker s Strategic Point of Control F5 Agility

35 Identity Federation Architecture On-Premises Infrastructure Corporate Users Users SAML Identity management Multi-factor authentication Attackers SAML Real-time access control Access policy enforcement Access Managemen t Directory Services Corporate Applications Office 365 Google Apps Salesforc e SaaS Providers Identity federation Strategic Point of Control F5 Agility

36 Secure Web Gateway Reference Architecture F5 Agility

37 Microsoft Threat Management Gateway Deployment F5 Agility

38 F5 s Alternative to Microsoft Threat Management Gateway F5 Agility

39 Web Fraud Protection architecture diagram A Online Customers Man-in-the- Browser Attacks Copied Pages and Phishing B Online Customers Web Fraud Protection Network Firewall Application C Account Amount Transfer Funds Security Operations Center Automated Transactions Online Customers Customer Scenarios A Malware Detection and Protection B Anti-Phishing C Transaction Analysis Strategic Point of Control F5 Agility

40 High Performance IPS Reference Architecture F5 Agility

41 VMware Horizon View Architecture On-Premises Infrastructure HTTPS PCoIP Internal Users SSL Decryption Authentication High Availability PCoIP Proxy VDI Infrastructure HTTPS HTTP/S External Users PCoIP Access Managemen t PCoIP Authentication Strategic Point of Control F5 Agility

42