Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Similar presentations


Presentation on theme: "Securing Legacy Software SoBeNet User group meeting 25/06/2004."— Presentation transcript:

1 Securing Legacy Software SoBeNet User group meeting 25/06/2004

2 Objectives Existing applications are enabled to operate in a networked environment Adapter Suites Application Platform Suites (J2EE,.NET,…) Application Servers Enterprise Portals Integration Suites Message-Oriented Middleware Object-Request Brokers Transaction Processing Monitors  Preserve Security Level  Compliance with Security Standards and regulations  Manageable

3 Ubizen – trusted partner in IT Security Ubizen has a vast experience in Application Security Via a highly qualified consultancy team Risk Management, Security Policies, Procedures and Standards Architecture Review and Infrastructure design Penetration testing Application Vulnerability Assessment Implementation of best of breed security products Via product development AAA products Web Shielding (DMZ/Shield TM ) Proven Track record in IT Security Top-3 Managed Security Service Provider World-wide Number 1 in Europe > 3200 devices under management Incident Response Forensics Investigation

4 Three research tracks for securing existing applications Protect all access paths to and from the application Interception and validation of the communication between components,modules and systems Shielding components, module and systems from malicious traffic Apply automatic protocol security Moving to a more formal model for protocol description and automatic application of protocol security at different layers of the stack. Monitoring and managing Introduction of security infrastructure is only the first step… Keeping it properly configured and monitored 24 by 7 by experienced security experts is the second.

5 MULTI LAYER approach to Application Security Deep Packet Inspection Protection at the network layer Protection at the transport layer Protection at the application layer Defense in depth Perimeter Demilitarized Zone  Transactional Zone Multi-tier architecture Coordination of Security Information between # tiers (e.g. SAML) Protection of end points Not all layers on the #tiers are under control (e.g. OS, Language execution environment, App Server)  Introduction of HIDS, Policy Compliance Modules,…

6 Deep Packet Inspection Security Context and Coordination Defense In Depth 2 dimensional multi layer approach 1 2 3 4 5 6 7 GUI Deep Packet Inspection 1 2 3 4 5 6 7 Presentation Logic Deep Packet Inspection 1 2 3 4 5 6 7 Business Logic Deep Packet Inspection 1 2 3 4 5 6 7 Data Access Deep Packet Inspection 1 2 3 4 5 6 7 Data Layer

7 In practice … Deep Packet Inspection Security Context and Coordination Defense In Depth 1 2 3 4 5 6 7 GUI Deep Packet Inspection 1 2 3 4 5 6 7 Presentation Logic Deep Packet Inspection 1 2 3 4 5 6 7 Business Logic Deep Packet Inspection 1 2 3 4 5 6 7 Data Access Deep Packet Inspection 1 2 3 4 5 6 7 Data Layer

8 Interception and Shielding in SoBeNet Deep Packet Inspection Security Context and Coordination Defense In Depth 1 2 3 4 5 6 7 GUI Deep Packet Inspection 1 2 3 4 5 6 7 Presentation Logic Deep Packet Inspection 1 2 3 4 5 6 7 Business Logic Deep Packet Inspection 1 2 3 4 5 6 7 Data Access Deep Packet Inspection 1 2 3 4 5 6 7 Data Layer

9 Interception Techniques Centralized applications Interception of method invocations/library calls/system calls  System based interception and shielding Distributed or multi-tier applications Interception of traffic using standard internet protocols Interception of Remote Method Invocations  Network based interception and shielding

10 System based interception Interception at the Operating System Level Plug-able services of the OS (e.g. network or file io) Host Intrusion Detection and Prevention Systems work at this level Library Level Dynamical loaded libraries can be replaced with more secure versions Language Runtime Support E.g. Load time modification of binary code Validation of pre and post conditions Audit-ability and forensics Application Platform Suite J2EE container services and components Microsoft.NET services and components

11 Network based interception Proxy Architectures… Asymmetric Proxy (protocol encapsulates proxy support), no modification of client software Reverse Proxy Symmetric Proxy (general applicable but has influence on client software) Transparency Link, network, transport level Application Protocol level (e.g. HTTP,…) User Application level

12 Fall back on industry adapted standards Scope definition for maximum valorization of the results? Target is “Protecting” Legacy Applications … … but these are built on evolving components Web Application  HTTP Firewalls Service Oriented Architectures  XML Firewalls Application Platform Suites  J2EE,.NET

13 Internet Application Protocols … The most important internet protocols were never designed with security in mind RFC’s describing the protocols allow often ambiguous interpretation  Vendors choose for interoperability instead of security Most applications use only a small part of the protocol definition … and vulnerabilities are often in the non- used protocol functionality

14 User Application Protocols … Communication protocols at application level are rarely specified, nor formalized User Application protocols get less attention because they are typically used once for a specific application User Application protocols are more complex because of their dependency of a (huge) internal state  combinatorial explosion of cases

15 Automatic protocol security Protocol = set of rules between communicating parties SequenceForm and content Formalization (Strong Typing, XML Schema,…) Formalization (State Charts, Sequence and Collaboration Diagrams, …) SANITY Checking Shields 4 of the Top 10 Vulnerabilities in application

16 Manageability and Monitoring Keeping the configuration up to date Default Deny Policy Automatic Learning of normal behavior Configuration automation  policy proposals Monitoring of all the alerts triggered by the devices Correlation of events from security components Coordination and exchange of security state between devices reduces the false positives Anomaly detection Audit Trail What information is required for Forensics Performance Management

17 www.ubizen.com


Download ppt "Securing Legacy Software SoBeNet User group meeting 25/06/2004."

Similar presentations


Ads by Google