Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter.

Published byMonica Lester Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter."— Presentation transcript:

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter

2 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Evolving Application Security Challenges 2007 Saw A Significant Increase in Web and Application-Based Attacks  Insider abuse of access to data  Viruses / worms / spyware  Unauthorized information access  Botnets inside organization  Theft of customer / employee data  Financial fraud (phishing sites)  Misuse of public web application  Theft of proprietary information Source: CSI Survey 2007 The 12th Annual Computer Crime and Security Survey 218,604,356 records reported breached in the US since 2005 Source: privacyrights.org as of February 16, 2008

3 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 PCI DSS: 6 sections and 12 requirements Build and Maintain a Secure Network 1.Install and maintain a firewall configuration to protect data 2.Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3.Protect stored cardholder data 4.Encrypt transmission of cardholder data and sensitive information across open public networks Maintain a Vulnerability Management Program 5.Use and regularly update anti-virus software 6.Develop and maintain secure systems and applications Section 6.5: develop secure web apps, cover prevention of OWASP vulnerabilities Section 6.6: Ensure all web-facing apps are protected against known attacks using either of the following methods secure coding practices installing a Web App FW* *This becomes a requirement by June 2008

4 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 Bullet-proof security for your custom applications  Extensive set of Cisco validated signatures for known malicious attack patterns  Understands web applications to allow only legitimate traffic  Human-assisted learning removes the guesswork from your security configuration Stop application hacking  Dramatically reduce exposure to costly web attacks  Deploy secure web projects in a fraction of the time and cost  Simplify ongoing web security management The Industry’s First Integrated Web and XML Application Firewall The Cisco ACE Web Application Firewall

5 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 Cisco ACE Web Application Firewall  Evolved from ACE XML Gateway (Reactivity acquisition)  Protects web servers from malicious content –Contrast IronPort which protects clients  1U, Rack-mount appliance form factor  Combines full-featured WAF and full-featured XML integration appliance in single device  Emphasis on: –ease of use –attack forensics –out-of-box protection

6 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6 Key Release 6.0 Features Threat Protection  Extensive Threat Signatures  HTTP Input Normalization  Application Cloaking  Encrypted & Tamperproof Cookies  SSL client and server decryption  Data overflow protection  Data Theft Prevention  Custom error remapping  Egress content rewrite Usability  Powerful yet simple GUI  Seamless Signature Upgrade  Human-assisted site learning  MIB & Statistics  Instant alerting and reporting  Change control and audit log  Extensive Security Logging Addresses All Key PCI Requirements

7 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Human Assisted Learning  Cisco’s Human Assisted Learning lets you place a site in monitor mode  When in monitor mode, security alerts are reported but traffic isn’t blocked  You can click on each security incident and instruct the WAF to block traffic matching the pattern that caused the alert, or ignore it (false positive). The exception can be configured either at the profile level, or on a per web form parameter basis!  HaL integrates the benefit of dynamic learning but removes the guesswork from the equation: you ultimately control what is acceptable or not for your applications.

8 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 Reporting and alerting Easy-to use reports and alerts provide detailed forensic information

9 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 Options Human Assisted Learning Provides

10 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 Rule and signature language  Extensive rule and signature language allows for customization –Message location + normalization + operation  Includes connection properties like HTTP, SSL versions, IP addresses  Fully documented for customer and partner use  Optimized implementation – additional signatures increase memory usage, not CPU REQUEST_POSTPARAM[‘query’].normalize(url) sigSQLInjection.OracleDefaultTableNames

11 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11 SDN Solutions for Business Security Cisco Self-Defending Network: Best of Breed Security in a Systems Approach  Enforce business policies and protect critical assets  Decrease IT administrative burden and reduce TCO  Reduce security and compliance IT risk  Enforce business policies and protect critical assets  Decrease IT administrative burden and reduce TCO  Reduce security and compliance IT risk System Management Policy—Reputation—Identity

12 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 Advanced Visibility and Control Application Security Enhancements Cisco Self-Defending Network: Best of Breed Security in a Systems Approach System Management Policy—Reputation—Identity Web Application Firewall

13 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 Cisco Solution for Web Application Security Features Web Application Security ●● Privacy ●● Encryption & Signature Support ●● Hardware SSL Acceleration (optional FIPS) ●● Centralized Management, Monitoring, Logging, and Audit ●● Policy-based provisioning and versioning ●● Protocol, Data and Security Mediation ● XML Acceleration & Offload ● Extensibility SDK ● Content Based Routing ● ACE Web Application Firewall ACE Web Application Firewall w/AXG

14 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 Cisco Portfolio for a Secure Data Center ASA w/IPS ACS MARS WAAS Web Servers ACE App Switch CSA Application Servers Database Servers AXG/WAF (Web Apps) CSA MDS w/SME Tier 1/2/3 Storage Tape/Off-site Backup ACE XML Gateway (Access) CSM CSA-MC CW-LMN Data Center Edge Firewall & IPS DoS Protection App Protocol Inspection Web Services Security VPN termination Email Filtering Access Control Traffic Management Cat6K FWSM Web Access Web Security Application Security Application Isolation Content Inspection SSL Encryption/Offload Server Hardening Apps and Database XML, SOAP, AJAX Security DoS Prevention App to App Security Server Hardening Storage Data Encryption In Motion At Rest Stored Data Access Control Segmentation Mgmt Tiered Access Monitoring & Analysis Role-Based Access AAA Services IronPort E-Mail Security AXG/WAF (HTML/XML) IronPort Web Security

15 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 ACE Web Application Firewall Summary  Future proof application security – Full featured Web Application firewall with integrated XML Firewall Extend protection for traditional HTML-based web applications to modern XML-enabled Web services applications.  Positive and Negative security enforcement Best of both worlds by keeping bad traffic patterns out and allowing only good traffic through  Human assisted learning Deploy policies and profiles in monitoring mode to prevent application downtime due to false positives typical in an automated learning environment.  Policy-based provisioning Increases developer productivity and ease of deployment with sophisticated GUI, rollback and versioning capabilities. Defense-in-Depth should include a web application firewall that can quickly, effectively and cost-effectively block attacks at layers 5-7

16 © 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16

Download ppt "© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter."

Similar presentations

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.

Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential Rev 1.5– Jun 08 1 ACE Web Application Firewall Ong Poh Seng 31st Oct.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential Rev 1.5– Jun 08 1 ACE Web Application Firewall Ong Poh Seng 31st Oct.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall

Similar presentations

Ads by Google