Presentation on theme: "InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)"— Presentation transcript:
InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
InterScan AppletTrap SurfinShield: Client solution. Replace Java library in browsers administration issue(deploy, upgrade) SurfinGate: Server Solution. Static parsing at server. Heavy load on server The competitors
InterScan AppletTrap Distribute work between client and server evenly Balance between runtime monitoring and static scanning Low administration cost Support resign for Jar file AppletTrap
InterScan AppletTrap How AppletTrap works?
InterScan AppletTrap AppletTrap Proxy AppletTrap stands as a HTTP proxy and not require any client-side modification Implemented Cache Support Http, Https and Ftp
InterScan AppletTrap Jar File Controls Check the block list firstly Check the certification Do instrument Repack the Jar file Resign with imported sign key
InterScan AppletTrap Class File Controls Check the block list firstly Do instrument
InterScan AppletTrap Instrument Alter java code sequence during downloading Server: static scan java code to find insecure function Server: insert monitoring instruction before and after insecure function Client: run original code and monitoring code Client: send report back if malicious code found
InterScan AppletTrap Certification checks Check the integrality of certification to prove that the certification not be modified Check whether the CP are trusted with our CP list Check the integrality of software with the public key of CP
InterScan AppletTrap Certification A certificate is a set of data that identifies an entity. The data in a certificate includes the public cryptographic key. A certification include CP and CA
InterScan AppletTrap CA & CP The trusted organization that issues the certificate is a Certification Authority (CA) and is known as the certificate's issuer. CP is some one who publish the software, as well as the certificate, and we can verify the authenticity of that CP by verifying the digital signature and the certificate
InterScan AppletTrap Re-Sign Break the integrity of digitally signed Applets Re-sign by specified signer Client: only accept specified signer
InterScan AppletTrap ActiveX Signature Scanning AppletTrap can check the certification and block unsafe PE (Portable Executable) formats (for example,.exe,.ocx etc.) and cabinet (.cab) files with hash list.
InterScan AppletTrap HTML Script Filtering AppletTrap just gets out all the script from the html file. AppletTrap only filter scripts from Hypertext Markup Language file and will not do script filter for a normal script file.
InterScan AppletTrap URL Blocking AppletTrap provides the ability to forbid all the clients access the given URLs Administrator can add a remote folder and set recursive to forbid access all the files and all subfolders in it.
InterScan AppletTrap TVCS compatible InterScan AppletTrap comes fully compatible with the Trend Virus Control System TVCS registration supports through a proxy and supports
InterScan AppletTrap Update Block Lists Upload all blocked java,URL and ActiveX to server and download trend identified block list
InterScan AppletTrap Configure Controls Support remote configure InterScan AppletTrap comes with a web-based administrator console for central management on the network.
InterScan AppletTrap Q & A
InterScan AppletTrap Known issues #1 UTF8 name file can't exact correctly and report error in server log
InterScan AppletTrap Known issues #2 If cached file quantity is large and shut down the PC abnormal, restart the applettrap service will take long time.
InterScan AppletTrap Known issues #3 Can t access some website chat room or forum with Applettrap. For example, chat rooms in
InterScan AppletTrap Known issues #4 We only support digital ID which is for Netscape Object signing purpose and can export to.p12 format by Netscape browser.Digital ID from Verisign is recommended.
InterScan AppletTrap Known issues #5 If the disk space is near to full, the all ActiveX can pass through, AppletTrap cant block it.
InterScan AppletTrap Known issues #6 If update licensed version 2.0 to Version 2.5, it is still trial run version, user must input the license key again