Content Inspection Director



Similar documents
Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International.

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Application Delivery Controller (ADC) Implementation Load Balancing Microsoft SharePoint Servers Solution Guide

Stateful Inspection Technology

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements

Alteon Application Switch Microsoft SharePoint 2013 Integration Guide

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Radware s Multi-homing Solutions

Version Highlights. CertainT 100 SSL Accelerator. Version International. New hardware and software version. North America

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

LinkProof And VPN Load Balancing

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

SiteCelerate white paper

Radware s Attack Mitigation Solution On-line Business Protection

Virus protection for NAStorage 8200

Eiteasy s Enterprise Filter

CMPT 471 Networking II

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Proxies. Chapter 4. Network & Security Gildas Avoine

Firewall and UTM Solutions Guide

Cisco Application Networking for BEA WebLogic

Cisco Application Networking for IBM WebSphere

AppDirector Load balancing IBM Websphere and AppXcel

Proxy Server, Network Address Translator, Firewall. Proxy Server

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

INSTANT MESSAGING SECURITY

Radware s AppDirector and Microsoft Windows Terminal Services 2008 Integration Guide

Building a Systems Infrastructure to Support e- Business

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

REGULATORY OPTIONS TO FACILITATE THE ADOPTION OF INTERNET PARENTAL CONTROLS PUBLIC CONSULTATION RESPONSE FROM NETSWEEPER INC.

Data Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director

The Application Front End Understanding Next-Generation Load Balancing Appliances

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

XRoads Networks Inc. HealthCare Solutions. Version 2

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Assuring Your Business Continuity

Deployment Guide Microsoft IIS 7.0

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

HTTP Virus Protection in the Enterprise Environment

Key Components of WAN Optimization Controller Functionality

Firewall Firewall August, 2003

IVCi s IntelliNet SM Network

Smart Network. Smart Business. Application Delivery Solution Brochure

GFI Product Manual. Administration and Configuration Manual

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper

Frequently Asked Questions

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Zscaler Internet Security Frequently Asked Questions

Cisco Small Business ISA500 Series Integrated Security Appliances

Introduction to Computer Security Benoit Donnet Academic Year

74% 96 Action Items. Compliance

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

Alteon Global Server Load Balancing

4 Delivers over 20,000 SSL connections per second (cps), which

Intelligent, Scalable Web Security

Stopping secure Web traffic from bypassing your content filter. BLACK BOX

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Radware s Behavioral Server Cracking Protection

Highly Available Unified Communication Services with Microsoft Lync Server 2013 and Radware s Application Delivery Solution

The Benefits of SSL Content Inspection ABSTRACT

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers

Accelerating High-Speed Networking with Intel I/O Acceleration Technology

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Wedge Networks: Transparent Service Insertion in SDNs Using OpenFlow

Load Balancing McAfee Web Gateway. Deployment Guide

How to Gain Visibility and Control of Encrypted SSL Web Sessions >

Reverse Proxy Caching

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

How To Optimize Your Website With Radware Fastview

February Considerations When Choosing a Secure Web Gateway

Step-by-Step Configuration

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

How SafeVelocity Improves Network Transfer of Files

Implementing Reverse Proxy Using Squid. Prepared By Visolve Squid Team

Basics of Internet Security

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Cisco Application Networking for Citrix Presentation Server

DPtech ADX Application Delivery Platform Series

Content-ID. Content-ID URLS THREATS DATA

SonicWALL Security Appliance

Intro to Firewalls. Summary

Transcription:

Content Inspection Director High Speed Content Inspection North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware Ltd. 22 Raoul Wallenberg St. Tel Aviv 69710, Israel Tel 972 3 766 8666 www.radware.com

Page - 2 - Introduction - The need for content inspection The financial implication of a security breach on an organizations IT system are costly. Viruses not only represent a serious threat to ongoing operations and employee productivity, but they can shake investor confidence and undermine the corporation s ability to protect its key assets. The growing concern as to the financial implications of such viruses, coupled with the fact that virus activity is expected to increase by 22% in 2002 1, contributes to the growing need for content security products. While the concept of content security is being widely adopted, its mere installation does not guarantee immunity to viruses, as is demonstrated by a Computer Crime and Security survey. In the survey 90% of the organizations reported to have deployed anti-virus devices in their networks. However, 85% of these organizations were exposed to viruses. The reported financial loss due to these virus attacks, in 2002 was $49,979,000. Translating to an average loss of $283,000 per organization. This document outlines how organizations can manage the ever-increasing security risk while obtaining maximum protection of the organization s assets and preventing the losses associated with virus attacks. 1 2002 CSI/FBI Computer Crime and Security Survey Richard Power, Spring 2002

Page - 3 - The challenge High quality content inspection for high throughput networks Content security devices are process heavy devices and therefore are limited in their capacity (less than 5 Mbps throughput). When content security products are used in busy networks with highspeed Internet connections, bottlenecks occur because inspection for malicious or inappropriate content slows down traffic. The requirement is to provide an organization s network with full content inspection while sustaining high throughput. There are three different aspects to this challenge: 1. Performance - Accelerating content inspection without compromising security 2. Scalability & high availability - Scaling up to accommodate high throughput environments while ensuring high availability 3. Optimization Providing multi-vendor anti-virus gateways that can be used to provide best of breed content inspection for each traffic type. The nature of Internet traffic The three main types of Internet traffic include: HTTP SMTP FTP Web Surfing While most Internet traffic today consists of three aforementioned protocols HTTP is the most time sensitive. Web surfing is practically a real time activity, and users expect their web pages to load as fast as possible. At the same time, web pages have become increasingly more complex and can contain a variety of active content. When content security products are used in busy networks with high-speed Internet connections, HTTP traffic bottlenecks occur because inspection for malicious or inappropriate content adds latency to traffic. FTP and SMTP Traffic In addition to heavy HTML pages, FTP and SMTP traffic can also be strenuous on high capacity Internet connections. Vast amounts of large archive files (such as ZIP) and many large email messages with multiple attachments can add to the already high stress of HTTP packet inspection. Most email messages today are HTML based and are being scanned along with the attached files. Keyword scanning adds even more overhead.

Page - 4 - The Solution - Content Inspection Director Meeting the performance challenge Maximum security requires that the available capacity of content inspection devices will match the traffic volumes on the organization s network. Limited or inadequate capacity, as was demonstrated in the survey of Computer Crime and Security may have severe financial implications. Content Inspection Director address the performance challenge from two different perspectives: Increasing the content inspection capacity Accelerating the operation of content inspection & anti-virus devices Increasing content inspection capacity Aggregating several content inspection devices into a farm and load balancing between them provides the ability to manage greater capacity than can be dealt by a single device. For example, deployment of 10 anti-virus gateways will increase the content inspection capacity by factor of 10. Accelerating content inspection speed Deployment of CID with its pre-screening algorithm enhances content inspection speed by 500%. The pre-screening algorithm allows for differentiating between trusted and not trusted content. While non-trusted content is forwarded for inspection by content inspection devices such as antivirus gateways, trusted content bypasses the inspection devices. Since 80% of the Internet content is trusted content, offloading trusted content from anti-virus devices accelerate inspection speed by factor of five. Internet content security products inspect files arriving by HTTP traffic, most of which are regarded as absolutely safe (Trusted Content) and incapable of containing any malicious content. Most of the HTTP elements are files identifiable by their respective MIME types. Trusted content, such as images (GIF, JPG) and video/audio (MP3, MPEG, AVI), can thus easily be recognized. The figure below shows the flow of trusted and non-trusted HTTP traffic. Anti-virus HTTP FTP Mail Non-Trusted Content Content Inspection Director Trusted Content Figure 1:Flow of trusted and non-trusted HTTP content

Page - 5 - The optimization challenge Best of breed content inspection Creating farms of content inspection devices not only increase the content inspection capacity, but also allows for the redirection of traffic based on file type and/or application. In this manner, delaysensitive content, is redirected to a strong anti-virus device, while content of applications that are less delay-sensitive e.g. SMTP, is forwarded to a different device. This method utilizes content inspection resources more efficiently and provides end users faster response time. Another benefit of this method is that best of breed content inspection devices can be deployed to handle specific traffic types e.g. SMTP, HTTP, FTP, zip files, gif images, etc. It is important to note that Content Inspection Director is fully compatible with all types of content inspection and anti-virus devices. For example McAfee, Trend Micro, Aladdin etc.. Speeding up HTML inspection The HTML/XML page is the most important element of the HTTP traffic since all other elements on the page, such as images, are retrieved after the browser analyzes it. Fast inspection and delivery of the HTML pages ensures that the client browser will start downloading all other elements as fast as possible. Redirecting HTML/XML content to a dedicated content inspection machine or farm of machines, greatly improves overall performance. Speeding up archived files inspection Archived (usually compressed) files, which are typically large, can also be identified by their MIME type. Redirecting archived files to a dedicated content inspection machine can further reduce load. HTTP Anti-virus Mail FTP E-mail message Content Inspection Director Figure 2: Non-trusted SMTP traffic is sent to a dedicated SMTP anti-virus farm

Page - 6 - Scalability and high availability Anti-virus gateways are placed on the path to the network. Therefore failure in the anti-virus gateway will lead to loss of Internet connectivity, translating to expensive down time cost. The advanced health monitoring mechanism of Radware s Content Inspection Director guarantees that content is directed only to resources which are fully operational, thus ensuring high availability of all content inspection devices and preventing loss of Internet connectivity and expensive down time. Creating farms of content inspection devices allows users to easily add more content inspection devices if the need for greater capacity arises. Content inspection devices are added transparently without service interruption or down time.

Page - 7 - Other features Web filtering Internet access is necessary for many employees, however abuse of this access can waste network bandwidth, decrease productivity and expose an organization to legal liability. Web filtering tools can be used to prevent employees from visiting objectionable sites, or from downloading unauthorized or illegal software. Web filtering tools usually rely on an extensive database. These databases consist of millions of sites pre-screened by professionals to determine their content. Due to the nature of the Internet, updates to the database are done frequently. When working with Content Inspection Director a predefined list of authorized sites can be defined. When a request is made for a site that is not on the list, Content Inspection Director will forward this request to the Web filtering device to verify whether the request should be granted. All other requests will be directed either to the local cache servers, or to the Internet. Flow management Flow management allows for the sequential load balancing of several server farms, each providing a different service. Different flow management policies can be set based on source and destination address, traffic type and physical port. For example, consider the following diagram: Anti-virus Cache URL Filtering Students Content Inspection Director Professors Figure 2: University example of professors flow management policy In the above example there are three farm clusters and two groups of users: students and professors. For each of these groups a different flow policy has been defined. Figure 2 outlines flow of professors traffic. The HTTP requests generated by professors are first directed to the cache farm, for improved performances. If the content does not exist on the cache, then it is retrieved from the Internet. On the return path, Content Inspection Director examines the content of the returned file and based on the mime type, as explained earlier, decides whether this is a trusted content that can be sent directly to the users, or if it should be sent for inspection to the anti-virus gateway.

Page - 8 - Students requests on the other hand, as seen in figure 3, are first sent for inspection by the Web filtering tool. If the requested site is a legitimate site, the request will be forwarded to cache servers and then to the anti-virus gateway, in a similar manner to what has been described above. Anti-virus Cach URL Filtering Students Content Inspection Director Professors Figure 3: University example of students flow management policy Summary The Content Inspection Director is the first product that enables high-capacity Internet content security for enterprises as well as xsp. The following are the main benefits: 500% increase in content inspection speed. Aggregation of content inspection devices into farms allows to increase the capacity and volumes of inspected traffic. Secure web access with no latency while maintaining the best content security possible. Web page content is analyzed in real-time to prevent any malicious content or scripts from entering the network. Areas that were traditionally bottlenecks are eliminated. Distribution of content based on protocols e.g. HTTP, FTP and SMTP and file type, improves content inspection speed and ensures that no malicious traffic can slip into the network. Scalable architecture with Gigabit connectivity accommodates the needs of high capacity networks. As the need arises more inspection machines can be transparently added to the farm. Health monitoring and traffic redirection provide high availability. If one of the Content Inspector machines fails, the Content Inspection Director will make sure the traffic will be routed to another machine. Full compatibility with all types of content inspection devices and anti-virus gateways including McAfee, Trend Micro, Aladdin. Flow management permits sequential load balancing of several server farms, each providing a different service. Different content inspection policies can be assigned based on source, destination and traffic type.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information