170 likes | 340 Views
SECURITY FOR SECURITIES AND INSURANCE INDUSTRY. Daniel Phuan Security Engineer Check Point Software, South Asia. Business Moves to the Web. 2000s. Web Servers Proliferate* 1993: 200 1998: 100 Million 2003: 500 Million. “Webification” of the Enterprise. Web Remote Access
E N D
SECURITY FOR SECURITIES AND INSURANCE INDUSTRY Daniel Phuan Security Engineer Check Point Software, South Asia
Business Moves to the Web 2000s • Web Servers Proliferate* • 1993: 200 • 1998: 100 Million • 2003: 500 Million “Webification” of the Enterprise • Web Remote • Access • Customer Portals • SSL VPN Mid 1990s • Enterprise Web • Applications • CRM • BPM • ERM • EAI Web Reliance • Intranet Web Portal • Dynamic • Plumtree • IBM • Microsoft • External Web Site • Dynamic Early 1990s • Legacy Apps w/ Web Interface • Outlook Web Access • SAP • Intranet Web Portal • Static, Manual • External Web Site • Static Sophistication of Web Environment • Delivering Access over the Web • Customer Portals • Partners Portals • SSL VPN • Applications Deliver Web Interface • MS Outlook • SAP • Oracle • Peoplesoft • Seibel *IDC
SSL VPN: Anywhere Access Add more remote users beyond current 20 percent • Less technical employees • Partners Reduce remote access support costs • Browser based; no client maintenance • Less end user complexity Additional access options • Access from home PC, corporate PC, Internet kiosk • Day Extenders • Email • Basic applications • Home computer • Teleworkers • Email • Applications • Company computer • Mobile workers • Email • Basic applications • Company computer or public computer • Intranet • Email • Applications • Files • Extranet • Portal • Applications • Files • Extranet access • Partner computers
SSL VPN: Everywhere Access • With IPSec you knew who was coming in • With SSL VPN you don’t (usually) Firewall, antivirus + Access Agreement Company- owned PC Partner PC Company- owned PC Employee home PC Partner PC Public Internet kiosk Completely unmanaged/unsecured
Web Threat Environment Most cyber attacks and Internet security violations are generated through Internet applications.
Integrating Web Security • Secure coding practices • Penetration testing & auditing • Web Application Firewalls • Endpoint Security Web-Related Trends • Intranet Portals • Web enable legacy applications • Extranet portals • SSL VPN Web-based access Web Enabling Business
SSL VPN Drivers Business Drivers • More access from more places • Broadband in the home, kiosks, business centers • The rise of the Day Extender • A few hours at home a week • Increasingly mobile workforce • Growth in business partnerships, Extranets • Security concerns of Web-based systems • Security concerns from non-managed PCs Solutions • SSL VPN • Creates an SSL Web-based interface for employees and partners • Deploy Web Security and Endpoint security controls with SSL VPN Fast Fact #1: 30% -SSL VPNs that are deployed for Extranet use Fast Fact #2: 26.5 -Typical # of Spyware programs running on endpoint PCs Source #1: Check Point user survey Source #2: Earthlink Spy Audit, 1/1/04 through 6/30/04
Web Application Firewall Drivers Business Drivers • 90’s- aggressively deployed web apps and portals • Explosion of Web-based threats • SQL Injection, Command Injection, Cross Site Scripting, Buffer overflow attacks, worms, etc. • Corporations held liable for ensuring customer privacy and data integrity • Most applications do not provide basic security checks • Input validation • Very Expensive to retrofit security in existing infrastructure Solution • Network-based Web security • Provide security checks at the perimeter • Easier & quicker than updating all servers Fast Fact: 20 Years -Years retailer Guess must under go annual security audit for exposing credit cards to hackers Source: http://www.securityfocus.com/news/5968
Endpoint Security Drivers Business Drivers • More access from more places • Broadband in the home, kiosks, business centers • Exponential growth in malicious attacks • Spyware, Malware, Trojan Horses • Businesses creating Web portals • Increased information sharing with partners • SSL VPN Web-based access from unmanaged endpoints Solutions • Desktop Security in the enterprise • Firewalls, AV, etc. • Browser-based security solutions • Push security controls through the browser • Malware Scan, host check, etc. Fast Fact: Every 30 Seconds -frequency of attacks on a computer on the Internet Fast Fact: One in Three -PCs with system level malware in Earthlink study Source #1: mi2G Intelligence Unit, London, UK, August 2004 Source #2: Earthlink Spy Audit, 1/1/04 through 6/30/04
Check Point Web Security Portfolio • SSL VPN for Web-based remote access • Connectra, The Web Security Gateway • Unified SSL VPN, Web security, and Endpoint security • SSL Network Extender • Network-level SSL VPN for Connectra & VPN-1 • Web Application Firewall • Web Intelligence • Web Security for Connectra & VPN-1 • Endpoint Security • Integrity Clientless Security • Integrated into Connectra, available for Web applications Bringing Business to the Web Securing the Web for Business
Introducing ConnectraWeb Connectivity with Unmatched Security Web Security Gateway Features • Secure Web-Based Connectivity • Integrated Server Security • Adaptive Endpoint Security • One-Click SSL Extranet • Seamless Network Deployment and Management SSL VPN Integrated Security Easy Deployment
Introducing SSL Network ExtenderSecure Network-Level Connectivity over the Web • Network-level connectivity over SSL VPN • Browser Plug-in • Supports all IP-based applications • TCP, UDP, ICMP, FTP, etc. • Integrated with Check Point Gateways • Connectra • Enables native applications support • VPN-1 • Combined IPSec and SSL SSL
Introducing Web IntelligenceProtection for the Entire Web Environment Web application firewall technology for Check Point products. • Advanced Product Features • Malicious Code Protector ™ Patent-pending technology that catches buffer overflow attacks and other malicious code. • Advanced Streaming Inspection Extends the inspection and reconstruction capabilities of the INSPECT architecture by adding active traffic control of live traffic streams. • Simple Deployment and Management Built to be quickly deployed to protect Web servers without complex tuning and configuration. • Seamless Integration with Check Point ProductsProvides protection for the entire Web environment. • Included in Connectra • Available as an add-on to VPN-1 gateways • Will be available on InterSpect Web Servers
Introducing Integrity Clientless Security Key Features • Spyware Detection & Remediation • Simple Deployment & Maintenance • Network Access Policy Enforcement • Integrates with Web Applications- Outlook Web Access, Extranet Portals • Integrated with Connectra Key Benefits • Stops ID and password theft, prevents data loss • Makes it easy to secure non-IT controlled PC’s that access the enterprise network • Prevents any non-compliant remote PC from compromising enterprise security
Check Point Securing the Web for Business • Intranet Portals • Web enable legacy applications • Extranet Portals • SSL VPN web-based access • Connectra • SSL Network Extender Web Enabling Business Integrating Web Security • Secure coding practice • Penetration testing & Auditing • Web Application Firewalls • Web Intelligence • Endpoint Security • Integrity Clientless Security
Check Point Web Security Thank You!