1 / 46

F5 Unified Security Solutions

F5 Unified Security Solutions. Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com. Real Security Challenges and Attacks Data Center Firewall DoS & DDoS DNS Security Web Security Access Management Fast Vulnerability Assessment & App. Security. Agenda .

bryony
Download Presentation

F5 Unified Security Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe r.sydekum@f5.com

  2. Real Security Challenges and Attacks Data Center Firewall DoS & DDoS DNS Security Web Security Access Management Fast Vulnerability Assessment & App. Security Agenda

  3. Application Delivery Network The Leader in Application Delivery Networking Users Data Center At Home In the Office On the Road SAP Microsoft Oracle Business Goal: Achieve These Objectives in the Most Operationally Efficient Manner

  4. Statement - SONY Online Entertainmenthttp://blog.eu.playstation.com/ • On April 16th and 17th, 2011….. Personal information from approximately 24.6 million SOE accounts may have been stolen…, • Name, e-mail, login, hashed password,… • As well as certain information from an outdated database from 2007 for 10.700 customer in EU • Name, bank account number, address,…

  5. Sony stock performance:  Nov 2010-Nov 2011

  6. What happened toWikiLeaks? • Several companies stopped the service for WikiLeaks although it is not proven that WikiLeaks violates the existing law • Amazon removed all WikiLeaks content from their servers • EveryDNS switched off the DNS resolution for wikileaks.org • Several financial institutes locked up donation accounts

  7. Finally… • Thousand of internet users unloaded their accumulated anger starting 7th Dec 2010 • Web servers of Swiss Postfinancebank were down for several hours • Credit card companies likeMastercardand VISA where notaccessible for several hours/dayover several days • Paypal’s transaction network wereslowbut not taken down completely

  8. WikiLeaks DDoS Attack Profile ICMP flood Slowloris TCP Flood • 3 Basic Classes of Attack • L7 (HTTP/Web): Slowloris • Creates massive concurrent sessions • Firewalls quickly overwhelmed • Server resources completely consumed • L4: TCP Flood/Syn Flood • Targets any TCP aware device • L3: ICMP Flood • ICMP protocol attack • Consumes router, Firewall and server resources • BIG-IP/ASM stopped attacks! • Combination of core TMOS functionality, iRules and ASM (Application Security Manager) Border Router (Internet Connection) Intrusion Prevention Device PCI Compliant Firewall F5 BIG-IP with ASM Module

  9. The Three Threat Vectors Application Attacks Network Attacks DDoS Attacks

  10. Security Challenges 30% Blended attacks… are overwhelming conventional security devices at the edge of the data center. of network traffic is encrypted bypassing security controls Security is still expendable… 9 out of 10 IT organizations admit to sacrificing security for performance. Security device sprawl is a challenging problem… IT biggest security challenge with device sprawl is operational complexity. Over 90% of IT administrator want… Security Context Traditional network devices are failing under load… 3 out of 6 major firewalls failed under stability testing, and 5 out of 6 were vulnerable to a common exploit.

  11. Context leverages information about the end user to improve the interaction • Who is the user? • What devices are requesting access? • When are they allowed to access? • Where are they coming from? • How did they navigate to the page/site?

  12. Context-aware technologies will affect $96 billion of annual consumer spending worldwide by 2015. By that time, more than 15 percent of all payment card transactions will be validated using context information. -Gartner

  13. Traditional Approach Unified Security Architecture DDoS PROTECTION FIREWALL WEB APP FIREWALL LOAD BALANCER ACCESS MANAGEMENT AND REMOTE ACCES DNS SECURITY

  14. DNS WEB ACCESS DNS WEB ACCESS MODULE SECURITY GTM ASM APM FAST FAST DYNAMIC THREAT DEFENSE DYNAMIC THREAT DEFENSE SECURE SECURE DDoS PROTECTION LTM DDoS PROTECTION SECURE SECURE PROTOCOL SECURITY AVAILABLE AVAILABLE PROTOCOL SECURITY SSL TERMINATION TMOS TMOS SSL TERMINATION NETWORK FIREWALL NETWORK FIREWALL TMOS TMOS iRULES TMOS iCONTROL iAPPS

  15. Data Center Firewall

  16. Internet Data Center Perimeter Firewall • Perimeter Firewall with Load Balancer Today • Overview • Traditional firewall • Standalone load balancer • Limitations • DDoS protection • Connections • Scale • Device management • Defense methods • Load Balancer

  17. Internet Data Center Perimeter Firewall • Perimeter Firewall with Load Balancer WithBIG-IP • Overview • Consolidated Device • Firewall Service • Application Delivery • Web Application Firewall • Benefits • Application fluency • SSL visibility • DDoS protection 30 + types • Dynamic defense methods • Best price to performance class • OWASP top 10 protection • BIG-IP LTM with ASM

  18. Internet Datacenter Network Firewall SYN flood protection and many others User Geolocation Security External Users Internet Data Center • F5 helps you to mitigate DDoS and flood based attacks • Stateful, Default Deny Behavior • High Concurrent Connection and conn/sec capacity • User Geo-location awareness • SSL (HW accelerated encryption/decryption) • IPsec site to site • Packet Filtering • Flood protection mechanisms • Carrier Grade NAT (NAT, NAT64) F5.com owa.f5.com DevCentral.F5.com websupport.f5.com ihealth.f5.com High Concurrent Connection capacity downloads.F5.com Router Internet

  19. Throughput 42 Gbps 20 Gbps Competitor ABC + 4 Blades $124,000 F5 BIG-IP 11050 $129,995

  20. Connections per Second 1M 175K Competitor ABC + 4 Blades $124,000 F5 BIG-IP 11050 $129,995

  21. Maximum Concurrent Connections 24M 2.25M Competitor ABC + 4 Blades $124,000 F5 BIG-IP 11050 $129,995

  22. SSL Drives Platform Architecture Increasing CPU Processing Requirements Increasing CPU Processing Requirements 4100% 41xTougher 600% 100% 6xTougher 1024 bit Keys 2048 bit Keys 4096 bit Keys Industry increasingly using larger SSL Keys

  23. Denial of ServiceDistributed Denial of Service

  24. Summary • DoS = Denial of service • DDoS = Distributed denial of service • Layer 1 • Cut the cable  • Layer 4 - or Layer 7 DDoS • Thousands of attackers bring down one site • Layer 7 DoS • One attacker is able to bring down one site • e.g. Slowloris, Slow POST

  25. Mitigating DoS Attacks Protect Against: Protect With: Network Based Distributed Denial Of Service (DDOS) • BIG-IP LTM DoS Protections • Packet Filtering • Syn Cookies (L4 DoS) • Dynamic Reaping (L4 DoS) • TCP Full Proxy (L4 DoS) • Rate shaping (L4->L7 DoS) • iRules (e.g. SSL DoS protection) • Very High Performance • Very large connection tables VIPRION

  26. DNS Security Use Case

  27. DNS Attacks Are Common

  28. DNS is Vulnerable to Attacks Data Center DNS Servers www.company.com LDNS • Multiple DNS attacks: DDoS, Cache Poisoning, Man-in-the-middle • Application timeouts (401 errors) • Lost customers, lost productivity • Loss of Revenue and Brand Equity Clients

  29. Q • Q • A • X • i • X • A • i Complete DNS Protection BIG-IP Global Traffic Manager Data Center company.com LDNS • High Performance DNS – Multicore GTM • Scalable DNS - DNS Express • Malformed UDP packets are dropped • Spread the load across devices - IP Anycast • Secure DNS Queries - DNSSEC • Route based on nearest Datacenter - Geolocation • Complete DNS control with – DNS iRules DNS Firewall Services Clients

  30. The Value of Complete DNS / Web Solution Scalable 10x, 70% Denial of Service mitigation Support client requests and consolidates IT IPv6 to IPv4 Complete DNS control Access Denied: Route based on geolocation Secure DNS query responses http://f5.com

  31. Web Security Services

  32. ! ! ! Infrastructural Intelligence Non-compliant Information Forced Access to Information Forceful Browsing Cross-Site Scripting Cookie Poisoning SQL/OS Injection Hidden-Field Manipulation Parameter TamperingBuffer Overflow Brute force attacksLayer 7 DOS Webscraping CSRF Viruses Security Vulnerabilities in Web-Applications Attacks Now Look To Exploit Application Vulnerabilities Perimeter Security Is Strong PORT 80 PORT 443 But Is Open to Web Traffic High Information Density = High Value Attack

  33. Deploy ASM Policies without false positives • Predefined Policy Templates • Pre-configured security policies • Learning mode • Automatic or manual • Web Application Scanner integration • IBM Rational AppScan • QualysGuard Web App. Scanning • Cenzic Hailstorm • WhiteHat Sentinel • Gradual deployment • Transparent / semi-transparent / full blocking

  34. Mitigate Vulnerabilities Now Web Application Scanner Customer Website • Findsa vulnerability • Virtual-patching with one-click on BIG-IP ASM • Vulnerability checking, detection and remediation • Complete website protection BIG-IP Application Security Manager • Verify, assess, resolve and retest in one UI • Automatic or manual creation of policies • Discovery and remediation in minutes

  35. Free Cenzic Cloud Scans with ASM in v11.2 Find Vulnerabilities and Reduce Exposure 3 free application scans directly from ASM/VE UI No time limits once signed up Free scans are limited health check services F5 Free Cenzic Cloud scan tests for: • Cross-Site Scripting • Application Exception • SQL Injection • Open Redirect  • Password Auto-Complete • Credit Card Disclosure • Non-SSL Password • Check HTTP Methods • Basic Auth over HTTP • Directory Browsing

  36. IP IntelligenceIdentify and allow or block IP addresses with malicious activity Botnet IP Intelligence Service Financial Application CustomApplication IP address feedupdates every 5 min Attacker Anonymous Proxies Scanners Anonymous requests BIG-IP System ? Geolocation database Internally infected devices and servers • Use IP intelligence to defend attacks • Reduce operation and capital expenses

  37. IP IntelligenceHow it works Fast IP update of malicious activity Global sensors capture IP behaviors Threat correlation reviews/ blocks/ releases Dynamic Threat IPs every 5min. Internet IP Intelligence Service Threat Correlation SensorTechniques KeyThreats BIG-IP System Semi-open Proxy Farms Web Attacks Reputation Windows Exploits Botnets Scanners Network Attacks DNS Exploit Honeypots Naïve User Simulation IP Intelligence Web App Honeypots Third-party Sources

  38. Graphical ReportingDetailed chart path of threats in ASM

  39. Web Access Management

  40. Context = Access ControlBIG-IP Access Policy Manager Unify Access Control Authentication and Authorization Single Sign On Powerful Custom and Built-in Reporting Access and Application Analytics Manage Access Based on Identity

  41. Enable Simplified Application AccessWith BIG-IP Access Policy Manager (APM)

  42. Control Access of EndpointsEnsure strong endpoint security BIG-IP APM Allow, deny, or remediate users based on endpoint attributes such as: Invoke protected workspace for unmanaged devices: • Client or machine certificates • Antivirus software versionand updates • Software firewall status • Access to specific applications • Restrict USB access • Cache cleaner leaves no trace • Ensure no malware enters corporate network

  43. Dramatically reduce infrastructure costs; increase productivity Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager

  44. ! ! ! ! Non-compliant Information Illegal requests Infrastructural Intelligence Unauthorised Access App Security with BIG-IP ASM and APM ASM Stops bad requests / responses ASM allows legitimate requests APM offers authentication and authorization Browser Applications APM Stops unauthorized requests Reduces the attack vector because only authenticated, authorized and legal requests are permitted to the relevant application servers

  45. Summary – F5 Unified Security

More Related