dss itsec conference 2012 - radware waf tech
DESCRIPTION
Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.TRANSCRIPT
![Page 1: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/1.jpg)
Mitigating Attacks on your Applications & Data
With
AppWall
Igor Kontsevoy
November, 2012
![Page 2: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/2.jpg)
Agenda
• The Solution: AppWall Web Application Firewall
– Product overview
– Security
– Auto Policy Generation
– Security & Compliance Reporting
– Role Based Policy
• Summary
Slide 2
![Page 3: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/3.jpg)
The Solution:
AppWall
![Page 4: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/4.jpg)
Introducing AppWall
• AppWallTM is a WAF that secures Web applications
and enables PCI compliance by:
– Blocking attacks on Web application
– Preventing data theft and manipulation of sensitive data
• Available either as Physical or Virtual Appliance.
Slide 4
![Page 5: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/5.jpg)
Introducing AppWall
• AppWallTM is a WAF that secures Web applications
and enables PCI compliance by:
– Blocking attacks on Web application
– Preventing data theft and manipulation of sensitive data
• Available either as Physical or Virtual Appliance.
Slide 5
![Page 6: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/6.jpg)
APSolute Vision SIEM
AppWall
Complete Web App Protection • Full coverage of OWASP Top-10
• Negative & positive security models
Risk Management • Unified and
Correlated reporting
across the network
• Security reporting
Fast Implementation • Simple initial deployment
• Best in class Auto-Policy Generation
Scalability • Cluster deployment
• Centralized policy management
• Scalable by Device
Out-of-the-Box PCI Compliance • WAF + IPS (PCI 6.6 & 11.4)
• PCI Compliance Reporting
AppWall Overview
![Page 7: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/7.jpg)
• Cross site scripting (XSS)
• SQL injection, LDAP injection, OS commanding
Signature & Rule
Protection
• Evasions
• HTTP response splitting (HRS)
Terminate TCP,
Normalize, HTTP RFC
• Credit card number (CCN) / Social Security (SSN)
• Regular Expression
Data Leak Prevention
Complete Web Application Protection
![Page 8: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/8.jpg)
• Buffer overflow (BO)
• Zero-day attacks
Parameters Inspection
• Cross site request forgery
• Cookie poisoning, session hijacking
User Behavior
• Folder / file level access control
• White listing or black listing Layer 7 ACL
• XML Validity and schema enforcement
XML & Web Services
• Authentication
• User Tracking
Role Based Policy
Complete Web Application Protection
![Page 9: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/9.jpg)
Flexible Deployment Strategies
• Transparent bridge mode – No network topology changes required
– Transparent to non-HTTP traffic
– Fail-open interfaces
• Transparent Reverse proxy – HTTP Proxy for maximum security
– Preserves Original Client IP address
• Reverse proxy – HTTP Proxy for maximum security
• Cluster deployment – ADC farm deployment
– Auto policy synchronization within the farm
Internet
Access
Router
Web
Servers
Firewall
AppWall Array
Public IP Public IP Virtual IP
AppWall
ADC
AppWall IP
Slide 9
![Page 10: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/10.jpg)
Multi-Tenancy
• AppWall defines web application by any
combination of:
– Secured Web Server IP/Port
– Secured Host name
– Secured Application Tree (Folder)
• AppWall enables complete multi-tenancy with:
– Policy separation per Web Application
– RBAC per Web Application
– Reporting per Web Application
Slide 10
![Page 11: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/11.jpg)
Patent Protected “App Path” Technology
Lightweight Policy,
Negative security
Policy only.
Negative + Positive
Intensive security
Inspection
Fully restricted
access for others
than the App Admin.
AppWall Policy
Application
Scope
Policy
Other WAFs
Slide 11
![Page 12: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/12.jpg)
AppWall’s
Adaptive Auto Policy Generation and
Application Visibility
![Page 13: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/13.jpg)
Reservations.com
/config/
/hotels/
/register/
/info/
/reserve/
Adaptive Auto Policy Generation (1 of 4)
App
Mapping
/admin/
Slide 13
![Page 14: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/14.jpg)
Reservations.com
/config/
/hotels/
/register/
/info/
/reserve/
SQL Injection
CCN breach
Buffer Overflow
Directory Traversal
Adaptive Auto Policy Generation (2 of 4)
App
Mapping
Information leakage
Gain root access control
Unexpected application
behavior, system crash, full
system compromise
Threat
Analysis
Risk analysis per “ application-path”
/admin/
Spoof identity, steal user
information, data tampering
Slide 14
![Page 15: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/15.jpg)
Reservations.com
/config/
/hotels/
/admin/
/register/
/info/
/reserve/
SQL Injection
CCN breach
Buffer Overflow
Directory Traversal
***********9459
P
Adaptive Auto Policy Generation (3 of 4)
App
Mapping
Policy
Generation
Prevent access to
sensitive app sections
Mask CCN, SSN, etc. in
responses.
Parameters inspection
Threat
Analysis
Traffic normalization &
HTTP RFC validation
Slide 15
![Page 16: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/16.jpg)
Reservations.com
/config/
/hotels/
/admin/
/register/
/info/
/reserve/
SQL Injection
CCN breach
Buffer Overflow
Directory Traversal
Adaptive Auto Policy Generation (4 of 4)
Time to protect
App
Mapping
Policy
Activation
Add
tailored
application
rules
Optimize
rules for
best
accuracy
Policy
Generation Threat
Analysis
***********9459
Virtually zero false positive
Best Security coverage Slide 16
P
![Page 17: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/17.jpg)
Application Visibility – Application Tree View
Slide 17
![Page 18: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/18.jpg)
Query Parameter
Cookie
Path Parameter
Application Visibility – Parameters View
Slide 18
![Page 19: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/19.jpg)
Authentication
Single-Sing-On
Role Based Policy
Slide 19
![Page 20: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/20.jpg)
AppWall Role Based Policy
AppWall Role Based Policy
Enables defining different security policies for different users
To provide flexible access to web application
While properly securing the application.
Slide 20
![Page 21: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/21.jpg)
Role Based Policy Delivers:
Authentication and login detection
Authorization and access control
Accounting and Auditing
Web based Single Sign On
Separation of duties
Application Content Control
Slide 21
![Page 22: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/22.jpg)
Role Based Policy
• Defining web app role based security policy
• Retrieving the users’ group association from LDAP.
• Configure different policies for different roles:
– Admin
– Employee
– Partner
– Customer
– Public
Slide 22
![Page 23: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/23.jpg)
Radware.com - Employee
Slide 23
![Page 24: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/24.jpg)
Radware.com – admin user
Slide 24
![Page 25: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/25.jpg)
Slide 25
![Page 26: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/26.jpg)
Role Based Policy
Slide 26
![Page 27: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/27.jpg)
Sharing Policy Among Roles
Slide 27
Shared Policy Across Roles (new)
Different Policies (old):
• Customer – Access Prohibited
• Partner - Access allowed but CCN Masked
• Employee - Access allowed and see CNN
![Page 28: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/28.jpg)
Security & Compliance Reporting
![Page 29: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/29.jpg)
Best Security & Compliance Reports
• Network and application security correlation
reports
• Dozens of predefined security reports
• Learning reports detailing learned app resources
• Audit and access reports
• PCI Compliance reports
Slide 29
![Page 30: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/30.jpg)
AppWall & DefensePro Correlation
AppWall
Blocked
Attacks
DefensePro
Blocked
Attacks
Slide 30
![Page 31: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/31.jpg)
The Reporting Dashboard
Slide 31
![Page 32: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/32.jpg)
Top Attacks by Source
Slide 32
![Page 33: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/33.jpg)
PCI Compliance Summary Report
PCI
Requirement
Analysis Info
Action Plan
Slide 33
Compliance
Status
![Page 34: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/34.jpg)
Summary
![Page 35: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/35.jpg)
The Cost of Insecurity
035
![Page 36: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/36.jpg)
AppWall Distinctive Competence
• Cloud Ready Complete ADC solution
• Unique Network & Application Attack mitigation
• Adaptive Auto Policy Generation
• Best security & compliance reports
• Reduced Cost of Ownership
Slide 36
![Page 37: DSS ITSEC Conference 2012 - Radware WAF Tech](https://reader031.vdocuments.site/reader031/viewer/2022020207/54bcb2ce4a7959b2468b4571/html5/thumbnails/37.jpg)
The End