© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter.

Slides:



Advertisements
Similar presentations
Welcome to the Award Winning Easiest to Use & Most Advanced View, Manage, and Control Security, Access Control, Video, Energy & Lighting Systems, & Critical.
Advertisements

Stonesoft Roadmap WHAT FEATURES WILL COME IN
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential Rev 1.5– Jun 08 1 ACE Web Application Firewall Ong Poh Seng 31st Oct.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Barracuda Web Application Firewall
Unified Logs and Reporting for Hybrid Centralized Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
MIGRATION FROM SCREENOS TO JUNOS based firewall
Payment Card Industry (PCI) Data Security Standard
Department Of Computer Engineering
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Security Guidelines and Management
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Barracuda Networks Steve Scheidegger Commercial Account Manager
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Securing Information Systems
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
PCI requirements in business language What can happen with the cardholder data?
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
PCI: As complicated as it sounds? Gerry Lawrence CTO
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer.
BUSINESS B1 Information Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Dell Connected Security Solutions Simplify & unify.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Classification 10/3/2015 Worry-Free Business Security 5.0.
Web Application Firewall (WAF) RSA ® Conference 2013.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
© Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Centralized Security Management with Cyberoam Central.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Securing Information Systems
Web Application Protection Against Hackers and Vulnerabilities
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Real-time protection for web sites and web apps against ATTACKS
Securing the Network Perimeter with ISA 2004
Infrastructure, Data Center & Managed Services
Presentation transcript:

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Securing Web Applications: Cisco ACE Web Application Firewall Presenter

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Evolving Application Security Challenges 2007 Saw A Significant Increase in Web and Application-Based Attacks  Insider abuse of access to data  Viruses / worms / spyware  Unauthorized information access  Botnets inside organization  Theft of customer / employee data  Financial fraud (phishing sites)  Misuse of public web application  Theft of proprietary information Source: CSI Survey 2007 The 12th Annual Computer Crime and Security Survey 218,604,356 records reported breached in the US since 2005 Source: privacyrights.org as of February 16, 2008

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 PCI DSS: 6 sections and 12 requirements Build and Maintain a Secure Network 1.Install and maintain a firewall configuration to protect data 2.Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3.Protect stored cardholder data 4.Encrypt transmission of cardholder data and sensitive information across open public networks Maintain a Vulnerability Management Program 5.Use and regularly update anti-virus software 6.Develop and maintain secure systems and applications Section 6.5: develop secure web apps, cover prevention of OWASP vulnerabilities Section 6.6: Ensure all web-facing apps are protected against known attacks using either of the following methods secure coding practices installing a Web App FW* *This becomes a requirement by June 2008

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 Bullet-proof security for your custom applications  Extensive set of Cisco validated signatures for known malicious attack patterns  Understands web applications to allow only legitimate traffic  Human-assisted learning removes the guesswork from your security configuration Stop application hacking  Dramatically reduce exposure to costly web attacks  Deploy secure web projects in a fraction of the time and cost  Simplify ongoing web security management The Industry’s First Integrated Web and XML Application Firewall The Cisco ACE Web Application Firewall

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 Cisco ACE Web Application Firewall  Evolved from ACE XML Gateway (Reactivity acquisition)  Protects web servers from malicious content –Contrast IronPort which protects clients  1U, Rack-mount appliance form factor  Combines full-featured WAF and full-featured XML integration appliance in single device  Emphasis on: –ease of use –attack forensics –out-of-box protection

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6 Key Release 6.0 Features Threat Protection  Extensive Threat Signatures  HTTP Input Normalization  Application Cloaking  Encrypted & Tamperproof Cookies  SSL client and server decryption  Data overflow protection  Data Theft Prevention  Custom error remapping  Egress content rewrite Usability  Powerful yet simple GUI  Seamless Signature Upgrade  Human-assisted site learning  MIB & Statistics  Instant alerting and reporting  Change control and audit log  Extensive Security Logging Addresses All Key PCI Requirements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Human Assisted Learning  Cisco’s Human Assisted Learning lets you place a site in monitor mode  When in monitor mode, security alerts are reported but traffic isn’t blocked  You can click on each security incident and instruct the WAF to block traffic matching the pattern that caused the alert, or ignore it (false positive). The exception can be configured either at the profile level, or on a per web form parameter basis!  HaL integrates the benefit of dynamic learning but removes the guesswork from the equation: you ultimately control what is acceptable or not for your applications.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 Reporting and alerting Easy-to use reports and alerts provide detailed forensic information

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 Options Human Assisted Learning Provides

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 Rule and signature language  Extensive rule and signature language allows for customization –Message location + normalization + operation  Includes connection properties like HTTP, SSL versions, IP addresses  Fully documented for customer and partner use  Optimized implementation – additional signatures increase memory usage, not CPU REQUEST_POSTPARAM[‘query’].normalize(url) sigSQLInjection.OracleDefaultTableNames

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11 SDN Solutions for Business Security Cisco Self-Defending Network: Best of Breed Security in a Systems Approach  Enforce business policies and protect critical assets  Decrease IT administrative burden and reduce TCO  Reduce security and compliance IT risk  Enforce business policies and protect critical assets  Decrease IT administrative burden and reduce TCO  Reduce security and compliance IT risk System Management Policy—Reputation—Identity

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 Advanced Visibility and Control Application Security Enhancements Cisco Self-Defending Network: Best of Breed Security in a Systems Approach System Management Policy—Reputation—Identity Web Application Firewall

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 Cisco Solution for Web Application Security Features Web Application Security ●● Privacy ●● Encryption & Signature Support ●● Hardware SSL Acceleration (optional FIPS) ●● Centralized Management, Monitoring, Logging, and Audit ●● Policy-based provisioning and versioning ●● Protocol, Data and Security Mediation ● XML Acceleration & Offload ● Extensibility SDK ● Content Based Routing ● ACE Web Application Firewall ACE Web Application Firewall w/AXG

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 Cisco Portfolio for a Secure Data Center ASA w/IPS ACS MARS WAAS Web Servers ACE App Switch CSA Application Servers Database Servers AXG/WAF (Web Apps) CSA MDS w/SME Tier 1/2/3 Storage Tape/Off-site Backup ACE XML Gateway (Access) CSM CSA-MC CW-LMN Data Center Edge Firewall & IPS DoS Protection App Protocol Inspection Web Services Security VPN termination Filtering Access Control Traffic Management Cat6K FWSM Web Access Web Security Application Security Application Isolation Content Inspection SSL Encryption/Offload Server Hardening Apps and Database XML, SOAP, AJAX Security DoS Prevention App to App Security Server Hardening Storage Data Encryption In Motion At Rest Stored Data Access Control Segmentation Mgmt Tiered Access Monitoring & Analysis Role-Based Access AAA Services IronPort Security AXG/WAF (HTML/XML) IronPort Web Security

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 ACE Web Application Firewall Summary  Future proof application security – Full featured Web Application firewall with integrated XML Firewall Extend protection for traditional HTML-based web applications to modern XML-enabled Web services applications.  Positive and Negative security enforcement Best of both worlds by keeping bad traffic patterns out and allowing only good traffic through  Human assisted learning Deploy policies and profiles in monitoring mode to prevent application downtime due to false positives typical in an automated learning environment.  Policy-based provisioning Increases developer productivity and ease of deployment with sophisticated GUI, rollback and versioning capabilities. Defense-in-Depth should include a web application firewall that can quickly, effectively and cost-effectively block attacks at layers 5-7

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.