1. APSolute Application Delivery and Security Ein HowTo fr
NonStop Webservices Michael Geigenscheder
2. CEO Challenge: Smart Productivity Competitive Business
Requirements Time Product Info Transactions Web Enablement
Intelligence CRM & prioritization
3. Centralization & Web based Application Web Enablement
& Data Center Consolidation Higher Productivity Lower OPEX
& CAPEX No Servers on Branches Anyone, Anywhere Anytime Access
No Dedicated Client Side SW Based on Standards
9. A P S olute Front End Solutions Antivirus Anti Spam URL
filter HEADQUARTERS REGIONAL OFFICE BRANCH OFFICE Firewalls Web,
Email, CRM, ERP Application Front End: Optimize data center
resources to ensure fast, reliable, secure application delivery
Availability, Guaranteed Performance, Accelerated Security, Assured
AppDirector + AppXcel Complete business continuity, transparent
disaster recovery and application optimization
10. Front End Open Service Architecture
Web & Image Compression
Reverse Caching
SSL Offloading
TCP Multiplexing and Splitting
TCP Optimization
AppDirector AppXcel
Server L3-L7 loadbalancing
Integrated Global Load Balancing
Health Monitoring
QoS Bandwidth Management
Web servers
11. Integrated Security AppDirector AppXcel Router Client Web
Front end Servers Hacker SSL Termination Web and XML Application
Firewall Access Control IPS for smart patch management Behavioral
DoS Shield
12. Network Intrusion Prevention Methods
Content-based IPS
Signature-based
Protocol anomaly rules
Single bullet, application layer attacks
Rate-based IPS
Time based traffic thresholds
Manual configurations
High level of expertise
Attack mitigation (rate limit)
Adaptive Behavioral IPS
Behavior analysis (zero-day)
Self-learning
Self-adjusting
Hands-off
Radwares Hybrid Approach Complementary Solutions ! Types of
Solutions Available PACKET
15. Effective Traffic Shaping Prioritized Traffic 1 2 Queuing 3
4 Network Resources Guarantee Using BWM Rules Support for over 100
applications with CBQ, WFQ and wRED queuing algorithms,
hierarchical bandwidth management and more P2P VoIP Web Mail
Bandwidth Management Rules Clean Environment VoIP Web P2P Egress
Traffic
Initial filter is generated: Packet ID Degree of Attack = Low
(Positive Feedback) Filter Optimization: Packet ID AND Source IP
Filter Optimization: Packet ID AND Source IP AND Packet size Degree
of Attack = High (Negative Feedback) Filter Optimization: Packet ID
AND Source IP AND Packet size AND TTL Degree of Attack = High
Degree of Attack = Low
Narrowest filters
Packet ID
Source IP Address
Packet size
TTL (Time To Live)
1 2 3 4 5 Attacks footprints detection - 10 seconds PPS, Bandwidth,
protocol types distribution[%], TCP flags
(syn,fin,rst,..)distribution[%]; inbound-outbound traffic [ratio],
LAN 10 0 Closed feedback Time [sec] Mitigation optimization process
Behavioral DoS System Modules Inbound Traffic Outbound Traffic 18
Final Filter Start mitigation Initial Filter
17. Decision Making Scenario 1 Rate-invariant anomaly axis
Attack area Suspicious area Normal adapted area Attack Degree = 5
(Normal- Suspect) Legitimate mass-crowd enter news site Rate-based
anomaly axis Y-axis X-axis Z-axis Attack Degree axis Abnormal rate
of Syn packets Normal TCP flags distribution
18. Decision Making Scenario 2 Attack Degree = 10 (Attack) DNS
Flood Rate-invariant anomaly axis Rate-based anomaly axis Y-axis
X-axis Z-axis Attack Degree axis Attack area Suspicious area Normal
adapted area Abnormal rate of DNS packets, Abnormal protocol
distribution [%]
19. Multi-Layer Intrusion Prevention
Client side vulnerabilities
SIP
IRC bots
Spyware
Protocol Anomalies
IP & TCP evasions
IPv6 traffic Scanning
SSL based attacks (*)
Server based intrusions
Web Vulnerabilities
Mail server intrusions
FTP server intrusions
SQL server intrusions
DNS server intrusions
Worms & Viruses
Trojans & Backdoors
Horizontal & Vertical Scanning
* Requires AppXcel
Network behavioral based zero-day DoS protections
User/Hosts behavioral based zero day worm and bots
protection
20. Integrated Security AppDirector AppXcel Router Client Web
Front end Servers Hacker SSL Termination Web and XML Application
Firewall Access Control IPS for smart patch management Behavioral
DoS Shield
21. Securing Web Application The Need
Protect browser-based applications from unknown exploits
Ensure users perform only legal actions
Ensure that new code is secured
Application developers are not security experts
Application support team likely not original developers
Require a tool for identifying & protecting security
vulnerabilities
Process large volumes of traffic without compromising
performance or security
Protect and inspect encrypted (SSL) traffic
22. A P S olute Solution Integrated WAF
Automated Web Application Firewall protection without manual
intervention
Unknown application level exploits protection
Zero-day web-worm attacks protection
23. The Need to Protect Web Applications
The wide range of attack kinds indicates the severity of the
problem.
24. Business Values of Integrated WAF
Non - stop business operation
Automatic adaptation to content changes
Smooth failover and automatic bypass of faulty WAF
Streamlining business operation
Cost effective scalability
Acceleration of Web and SSL traffic
Lowering deployment & operational cost
Lowering cost of vulnerability fixes
Less rack space
Single-vendor relationship
Common management interface
25. Centralized Security Reporting Monitor all malicious
activity, across the network, in real-time Customize reports , for
executive to bit-level analysis & forensics Executive Report,
to provide network security summary
26. A P S olute Access Solutions Anti Spam REGIONAL OFFICE
BRANCH OFFICE Firewalls Access Solution: Optimize WAN link
resources to ensure fast, reliable, secure application delivery
Availability, Guaranteed Performance, Accelerated Security, Assured
Antivirus URL filter HEADQUARTERS Linkproof Complete business
continuity, transparent disaster recovery and quality of service
Web, Email, CRM, ERP
27. Multi WAN Solution Routers LinkProof Headquarter Local
Network Corporate users ERP, CRM, email, Web servers Private Public