User Documentation Web Traffic Security. University of Stavanger



Similar documents
WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Zscaler Cloud Web Gateway Test

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

Protecting the Infrastructure: Symantec Web Gateway

Intelligent, Scalable Web Security

Cascadia Labs URL Filtering and Web Security

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Threat Containment for Facebook

Quick Heal Exchange Protection 4.0

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

The Hillstone and Trend Micro Joint Solution

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

WildFire. Preparing for Modern Network Attacks

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Where every interaction matters.

Trend Micro Hosted Security Stop Spam. Save Time.


10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Analyzing HTTP/HTTPS Traffic Logs

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Remote Deposit Quick Start Guide

Netsweeper Whitepaper

Cloud App Security. Tiberio Molino Sales Engineer

The Benefits of SSL Content Inspection ABSTRACT

CHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals

Open an attachment and bring down your network?

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Zscaler Internet Security Frequently Asked Questions

Advanced Persistent Threats

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Fighting Advanced Threats

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Top tips for improved network security

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

ENABLING FAST RESPONSES THREAT MONITORING

10 Things Every Web Application Firewall Should Provide Share this ebook

Defending Against. Phishing Attacks

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Cascadia Labs URL Filtering and Web Security

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario


2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Common Cyber Threats. Common cyber threats include:

Protect Your Business and Customers from Online Fraud

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Introduction: 1. Daily 360 Website Scanning for Malware

NATIONAL CYBER SECURITY AWARENESS MONTH

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

HackAlert Malware Monitoring

Attacks from the Inside

Stop Spam. Save Time.

Managing Web Security in an Increasingly Challenging Threat Landscape

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Symantec Advanced Threat Protection: Network

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

WEB ATTACKS AND COUNTERMEASURES

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

Active Threat Control

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

THE OPEN UNIVERSITY OF TANZANIA

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

Online Cash Manager Security Guide

Deploying Layered Security. What is Layered Security?

Contents. McAfee Internet Security 3

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Evolutionism of Intrusion Detection

Advanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Best Practices for Deploying Behavior Monitoring and Device Control

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Transcription:

User Documentation Web Traffic Security University of Stavanger

Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background... 3 How does Web Traffic Security work?... 3 How does Trend IWSVA work?... 4 Protocols and traffic flow... 6 What type of malware that will be stopped?... 7 What messages may a user receive?... 8 Exampel : URL blocking based on- Web Reputation... 8 UiS Web Traffic Security page 2

UiS Web Traffic Security Background In accordance with the recommendations from the UiS Risk and Vulnerability Assessment (RVA), UiS has acquired a product for safe web browsing, Trend Micro InterScan Web Security Virutal Appliance (IWSVA) Trend Micro IWSVA will be used by UiS to prevent malware from the internet reaching UiS users workstations through web browsing of file transfers. Infection with malicious code through web browsing may occur if a user accesses a web site infected with spyware, hidden redirection to a second web site, hidden malicious Java or ActiveX code, cross-site scripting or other advanced malware. The majority of web sites that are infected with malware are legitimate web sites which have been compromised. Why is UiS introducing Web Traffic Security? Today s threat profile for hacker attack via the internet is characterized by organized crime, which have used the development of the internet to create a robust underground economy. Two main challenges characterize today s security solutions: A dramatic shift in the treat profile has produced much more complex threats. An explosion in the number of threats has meant that traditional protection against malware based on downloading of signature files, such as anti-virus software, often is too slow to detect and protect against new and sophisticated malware, and demands increasingly frequent downloads. A solution is therefore required which rapidly stops new malware, and which is capable of recognizing behavior which in isolation may appear harmless, but can be recognized as threats or attack by correlation with other information. How does Web Traffic Security work? Web Traffic Security works by intercepting user traffic to the internet and sending this to UiS Internet Gateway (Trend Micro IWSVA servers). The Trend IWSVA servers verify the URL against its Web Reputation Filter and stops traffic to a web site recognized as containing malicious code. Return traffic from a web site is also checked for malware, and any malware is removed or stopped before it reaches the users workstation. UiS Internet Gateway servers will be configured to stop malicious code only, and will not filter which web sites a user may access. What does the user need to do? Web traffic to the internet from UiS users will automatically be sent via UiS Internet Gateway and no action or configuration is required for the user to be able to use safer web browsing. UiS Web Traffic Security page 3

How does Trend IWSVA work? Trend Micro InterScan Web Security Virtual Appliance (IWSVA) uses both local and distributed (in-the-cloud) security components. The distributed security components are located in Trend Micro Smart Protection Network. A. Distributed Security Components- Trend Micro Smart Protection Network Trend Micro Smart Protection Network consists of the following main components: 1. Web Reputation Service 2. Email Reputation 3. File Reputation 4. Correlation with Behaviour Analysis 5. Smart Feedback 6. Threat Intelligence 1. Web Reputation Service (WRS) WRS is a cloud based service which uses domain reputation databases to score the security risk for a given web domain (for example uis.no), web pages and objects on a web page based on age, how often a domain is moved between Internet Service Providers (ISPs), and indications of suspicious activity trough typical malware behavioral pattern. The Web Reputation service is continuously updated, and contents from web pages that have a bad score are stopped before it reaches the users network or workstation. The reply from a web server is further scanned according to HTTP and FTP scan rules configured on the local Trend IWSVA server before it is sent to the user. Local IWSVA scanning and filter services include URL Filtering, Antivirus and Spyware, The Trend IWSVA server uses a Web Reputation Cache in order to reduce the need to query the cloud based service, this minimizes delay and reduces the time it takes to make a HTTP lookup. If no score exists for a requested content, and the Trend IWSVA server receives a score of unknown, the following two processes are activated: Trend Micro s cloud based Web Reputation service starts an automatic process that crawls through the requested web page and analyses the content. The Trend Web Reputation Database is updated with the results and the next request for the same web content is serviced by the Web Reputation service. The Trend IWSVA server scans the unknown web content with its local scan service. The scan results are sent back to the cloud based Web Reputation service through the Page Analysis and Feedback loop. 2. File Reputation Cyber criminals often move indvidual files with malicious code from one web page to another to avoid discovery. This makes checking the file s reputation an important security component. File Reputation technology verifies the file reputation against the UiS Web Traffic Security page 4

Trend File Reputation cloud based service prior to allowing a user to download the file. File Reputation verification also applies to files sent as attachment in emails. 3. Correlation and Behavior Analysis Correlation and Behavior analysis is a Trend Micro background service which correlates activities from different Smart Protection Network components to see if a pattern indicating malicious intent can be found. 4. Smart Feedback Trend Micro products installed at customer sites send information about newly identified threats back to the Trend Smart Protection Network. B. Local Security Components: The following local security components are used by the Trend IWSVA Scan Engine. 1. URL Filtrering URL Filtrering is based on classification of URLs. Trend IWSVAs URL Filtering service correlates its Security Categories with Trend s Web Reputation Service database. This means that the classification of URLs is continuously updated with new information. 2. AntiVirus 3. Spyware 4. Heuristics 5. True File Type 6. Applet & ActiveX 7. Others UiS Web Traffic Security page 5

Protocols and traffic flow UiS Web Traffic Security using Trend WSVA will protect the following internet traffic: HTTP Tabell 1 Protocols and traffic flow Web Description access methode http Unencrypted connection to a web page, data is sent in the clear between the user and the web page. It is the web page (URL) which defines the access method used, either unencrypted using http or encrypted using https. What does Trend IWSVA do? 1) http requests are checked either against local cache or against Trend Smart Protection Network. 2) Depending on the result, the request is sent to the internet web server. 3) Return traffic from the web server is scanned by the Trend IWSVA server before it is sent to the user. UiS Web Traffic Security page 6

What type of malware that will be stopped? Some types of malware are listed below: Phishing If Trend IWSVA recognizes a web page as a Phishing URL, the user s traffic is stopped before it reaches the web page. Phishing definition: A fraudulent collection of confidential information. This can be done by offering an email message or Web site that poses as a communication from a legitimate business, which requests information for the purpose of identity theft. Spyware If Trend IWSVA recognizes that a web page contains a program that secretly collects confidential information about the user, the users traffic to this program is stopped. Spyware definition: A hidden but legal program that secretly collects confidential information. Spyware monitors a user s computing habits and personal information, and then sends this information to third parties without the user s approval. Virus accomplice If Trend IWSVA recognizes malicious behaviour in a users s outgoing HTTP request, then this is a sign that the user s workstation is infected with spyware or trojans, and the traffic is stopped. Virus accomplice definition: An outbound HTTP request due to known behavior of malicious code the malicious code could either send the information out or download further components from a certain URL. These are the symptoms of a spyware or Trojan infection. Disease Vector If Trend IWSVA recognizes that a web page is set up with the sole purpose of spreading malware, then traffic to this web page is stopped. Disease vector definition: A Web site that exists only for a malicious purpose UiS Web Traffic Security page 7

What messages may a user receive? The user will be notified in his/her web browser if Trend IWSVA discovers malicious code in a web page. The notification that is given will vary depending on the type of malicious code that is detected. Exampel : URL blocking based on- Web Reputation If a user attempts to go to a web page which contains malicious code, then a message similar to the one shown in the figure below will be sent to the user. UiS Web Traffic Security page 8

Are there other changes? File Download When a user downloads a file from the internet, the Trend IWSVA servers will scan the file for virus or other malware. This means that the user sometimes may see a short pause in the download while the scanning takes place, the file is subsequently downloaded as normal. UiS Web Traffic Security page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information