david maman layer7 and beyond

Layer 7 & Beyond - Challenges security technologies must face

Layer 7 & Beyond Challenges security technologies must face.

David MamanCTO

[email protected]

Layer 7 & Beyond - Challenges security technologies must face 2

Outline

- Presence• The virtual identity saga

- Web X.0 / HTT-What? / SAAS• Web experience is changing

- Internal Security• Internal security – the “Secured” surroundings

- Day usage• a simple example of unsecured activities

- Mobile• Mobile devices and networking security


Presence


Cross platform/media users identity • Users identity is roaming across multiple access layers

Access where ever(net access, VOIP presents, free mind)Web based access (ssl-vpn, etc.) advanced functionalities

• Always availableIM and other applications over multiple access layersMail access in multiple variations of delivery/retrieval

• The OS’sMultiple operating systems are part of this experienceIn The Claude/Network solution is not adequate

• The solutions transparency for the user experience is part of this evolutions


Web X.0 / HTT-What? / SAAS


Web x.0 / HTT? / SAAS challenges • Identity, privacy, reputation and anonymity is changing• Everyone is a content/service provider

• Any user is part of the system/experience• Is there End-to-end security architecture?

• The content is delivered and shared everywhere• Cross site scripting is required

• It’s part of the advantages• HTTP/S as a transport layer (oovoo, rpc, etc)

• For years it’s among the only un inspected tunnel’s we’ve allowed, and now it’s almost impossible to validate and control the application level.


• Changing the way Dynamic content is delivered• Asynchronous JavaScript (AJAX) and XML will

provide a whole new frontier regarding inspection for incoming and out going traffic.

• Dynamic analysis approach for security• Web x.0 public key infrastructure?• Security services over Web x.0• We all like cookies (Transport layer)

• Lately several Trojan horses been using cookies negotiation as a transport layer for data and commands, can we block/inspect this layer?

Web x.0 / HTT? / SAAS challenges


Internal Security


Is our network really secured ?


Internal traffic understanding• Where is the perimeter?

• A network? a segment? a server? a client?• Can we really understand what is passing?

• Endless number of stacks and applications• Encrypting what we don’t understand is wrong

• Securely tunneling un analyzed/authorized traffic.• Number of applications is exponentially increasing

• Any organization in any sector must evolve• Virtualization solutions are already common

• Resources are being shared with which security?


• Security approach Internally is the complete opposed from perimeter security.

• What we block instead of what we allow. • Viruses are starting to take advantage of the

network “Open Space”• Worms are distributing Viruses/Trojan horses

that starts the infection by network mapping, Antivirus and advanced IPS’s are a necessity

• Can we process and analyze all this traffic? (Network Accelerated processing and Content Accelerated processing is a must for handling this)

Internal security enforcement


Day by day usage


Day by day• There are many daily activates during which we

don’t think of security consequences..• The most basic example, Credit Cards:• Which credit card activity is more secured?

• Online over the internet purchases?or• In the neighborhood ?

• Did you ever think about that ?Let me help you with this one..


Basic online ordering architecture

Investments in the information security has grown, the needs are known and there are many regulations that oversee the solutions..

DMZ


• Which security solutions been implemented in these devices that we all trust with our everyday payment?

• Most of the new devices work over mobile access (3G/GPRS) with very basic infrastructure security sometimes running over the same access regular users use.

• The operating system has almost none security features or hardening capabilities. (besides plain txt with md5 keys)

• There is no alerting system for any penetration tries over the basic operating system over the management/access interfaces.

• Which do you think is more secured?

What do you know about these devices?


Mobile


Explosion of high-value 3G / 3.5G services

• Endless new services..

…that requires a network/security solutions

Gaming

Mail / IM

Mobile TV

Collaboration

VoIP

Video MailMusic

Instant OfficePresence/Push


Where are the threats coming from?

“Smart” Devices - with alternate network access methods- Multiple OS’s with various security requirements-3G Access provides Internet/Network backup access for business- Stores use credit cards clearing house over GPRS/3G.- Privet networks

Inter Carrier Connectivityfor roaming accessFor collaborated Data

Internet Access- Web browsing and downloads- VOIP solutions- Dynamic Content updates- Gambling/gaming/etc. services.

Backbone Security- Inspecting and managing the BB

, IM

MessagingEmail, Instant Messaging, Multimedia Messaging Services


Thank You

David [email protected]

david maman layer7 and beyond

Technology