Presentation is loading. Please wait.

Presentation is loading. Please wait.

September 28, 2016 Taking Control of Network Security In a Web-Centric World ISSA Bryan Wood October 12 th 2011.

Published byHolly Parks Modified over 7 years ago

Similar presentations

Presentation on theme: "September 28, 2016 Taking Control of Network Security In a Web-Centric World ISSA Bryan Wood October 12 th 2011."— Presentation transcript:

1 September 28, 2016 Taking Control of Network Security In a Web-Centric World ISSA Bryan Wood October 12 th 2011

2 2 Application Security Evolution Traditional Approach: Primary line of defense at the perimeter »One-to-one assignment of port to application usage Web, SNMP, FTP, Telnet »To block the applications, simply close the port 2 Data Center

3 3 Application Security Evolution Today: Web-centric world Requires new approach for securing applications »How to allow trusted applications, deny untrusted? Threats are application agnostic »Any application can serve as a host to malicious activity 3

4 What is Application Control? Layer 7 analysis of traffic determines the application regardless of TCP port »Doesn’t just associate a port with an application »Can detect IM/P2P/etc running over port 80 Detects applications inside of applications »Tunneling P2P/IM/etc inside http

5 Business Drivers for Application Control New services and applications »Web 2.0 services over HTTP(S) »IM, P2P and gaming that port-hop Non-business applications can be problematic and expose liability »IM, P2P and anonymous proxy »Non-productive bandwidth usage »Evasion of security or corporate policy »Difficult to detect and stop TCP/UDP port filtering ineffective Next-generation firewall required

6 What are the Risks? Lack of visibility and control Many businesses are limited in their control of social networking. They use URL filters to either allow complete access or to restrict the entire application. Widening attack surface Malicious code “is not just coming from the dark corners of the web,” like pornography, gaming and pharmaceutical sites. It is estimated that 77 percent is coming from legitimate sites. Data loss potential Social networking sites are all about collaboration and sharing—potentially even of sensitive data. Today, there is little control over data loss in social media arenas because policies do not typically cover what users contribute.

7 Controlling Web Applications Allow Facebook, but block Facebook applications » Farmville » Facebook Chat » Facebook Video Allow YouTube, but block YouTube download Allow Google Maps, but block Google Web Talk

8 The Reach of Facebook Facebook alone touts over 500 million active users that spend in excess of 700 billion minutes per month on the site and share 30 billion pieces of content Facebook platform houses over 550,000 active applications and is integrated with more than one million websites Facebook’s total site visits in December 2010 eclipsed Google’s Over 20 million applications are installed per day and over 250 million people interact with Facebook from outside the official website on a monthly basis, across 2 million websites

9 9 Today’s Challenge: Enabling Securely

10 Threat Landscape Overview: Malicious Activity within Trusted Applications

11 11 Security Challenges Blended attacks Application-focused attacks “Oldies but Goodies” still exist −Nothing goes away. Ever. “Survival instinct” of applications much higher than before −Built-in evasion techniques Must assume malicious activity occurs within trusted applications Let’s take a closer look at some examples…

12 Threat Landscape-Blended Threat & Botnet Examples The Corporate Botnet - Phishing Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to compromise the integrity of the entire network.. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. ZEUS/ZBOT Email contains link to false domain Credentials entered in to fake site BOT infection sent to user as a “ Facebook Security Update” application User installs BOT and is now infected, all data is compromised Connection is then redirected to real Facebook site so user is not suspicious Prevalent today and sold as a crime kit. 12

13 Threat Landscape-Blended Threat & Botnet Examples The Corporate Botnet – Legitimate Site Compromised Employee accesses a legitimate site, but it or one of its content providers has been compromised and is now hosting malicious code.. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. FakeAV Botnet In 2009 the advertising network used by the New York Times was infected by a malicious flash advertisement Readers were accessing the NYT site but were provided with the infected advertisement This directed users to a site hosting the exploit code to install fake antivirus software.. 13

14 Threat Landscape-Blended Threat & Botnet Examples Ransomware Once installed is very difficult to reverse, files are encrypted, this isn’t just based on the fear that something might happen, once you are reading the ransom note your data has already been encrypted. CIO Fears and Concerns The Corporate Botnet Employee has clicked a link in a spam email and accessed a phishing site. The subsequent infection links their laptop to a Botnet, opening the door to the integrity of the entire network being compromised.. gpCode Ransomware Once installed searches hard drive for document and media files Files are encrypted with a 1024bit key and only the attacker has the decryption key Ransom note is displayed to user, system continues to operate but data is inaccessible Will encrypt xls, doc, pdf, txt, rar, zip, avi, jpg, mov, etc… 14

15 Addressing the Threat Landscape Complete Content Protection Requires − Identification ▪ Thousands of applications ▪ Multiple Technologies: DLP, AV/AS, SSL Inspection, Endpoint protection − Monitoring ▪ See what’s in your network − Control ▪ Granular control of behavior » Apps & features within apps » Users » Traffic 15

16 Fortinet Confidential Real Threat Protection in Action “Innocent” Video Link: Redirects to malicious Website Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm Solution: Error message: “ Drops” copy of itself on system and attempts to propagate “Out of date” Flash player error: “Download” malware file Problem:

17 17 The Zeus Attack vs. Complete Content Protection Email Sent – Contains link to compromised site. Mail message detected as spam (phishing) Phishing site sends BOT infection to user disguised as ‘Security Update’ application Content scanning prevents malicious content from being downloaded End user executes BOT application, is infected and now all their data is compromised Botnet command channel is blocked, no compromised data can be sent. Security administrator is alerted to existence of an infected system. End user accesses phishing site, enters credentials, and criminals now have their details.. Access to phishing website is blocked ANTISPAM WEB FILTER ANTIVIRUS INTRUSION DETECTION

18 Unified Threat Management  IDC definition: UTM security appliance products which provide multiple security features integrated into one device  By 2011 UTM will be the largest single market, with a CAGR of 26.2%  UTM has already surpassed firewall market $3.5B $2.0B $1.3B $1.2B $1.5B Unified Threat Management UTM Intrusion Detection & Prevention Firewall & VPN Antispam Antivirus Antispyware Web Filtering IDS IPS Firewall VPN IDS IPS Firewall VPN CAGR 2007-2012 50% 25% 0% -25% In 2008, UTM surpassed Firewall market Source: IDC

19 Demo

Download ppt "September 28, 2016 Taking Control of Network Security In a Web-Centric World ISSA Bryan Wood October 12 th 2011."

Similar presentations

Intrusion Prevention anno 2012: Widening the IPS concept.

Intrusion Prevention anno 2012: Widening the IPS concept.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
Next Generation Firewalls:

Next Generation Firewalls:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Threats To A Computer Network

Threats To A Computer Network
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Similar presentations

Ads by Google