1 / 24

Intelligent Web Application Firewall WEB INSIGHT SG Product Introduction

Intelligent Web Application Firewall WEB INSIGHT SG Product Introduction. June – 2008 MONITORAPP Co.,Ltd. Contents. about MONITORAPP Web Security Overview Product Introduction WEB INSIGHT SG Characteristics WEB INSIGHT SG Features. Vision. Mission. about MONITORAPP.

talmai
Télécharger la présentation

Intelligent Web Application Firewall WEB INSIGHT SG Product Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intelligent Web Application FirewallWEB INSIGHT SGProduct Introduction June – 2008 MONITORAPP Co.,Ltd.

  2. Contents • about MONITORAPP • Web Security Overview • Product Introduction • WEB INSIGHT SG Characteristics • WEB INSIGHT SG Features

  3. Vision Mission about MONITORAPP • Company name : MONITORAPP Co.,Ltd. • Established Date : 2005-2-22 • CEO : Young KwangHoo Lee • Business Regions • Application Delivery Technology Research & Development • Web Application Security product supply • Web Application Acceleration product supply • Database Security product supply • Web Application Security Service supply • Address • 306, Ace Techno Tower 1, 197-17, Guro 3-Dong, Guro-Gu, Seoul, Korea • Tel.)+82-2-749-0799 / Fax.)+82-2-749-0798 • Be a leading application delivery Solution provider in the world. • We leverage E-business by securing the entire web environment.

  4. Strategy Business Model Reliable Web Application • Web Vulnerability Analysis • Web service quality Analysis Secure & Fast Application Delivery Solution Provider Fast Web Application • Web response latency • Web server load Secure Database • IT Compliance • Increase of Database security Secure Web Application • Increase of web hacking • Leakage of personal information

  5. Products & Technologies • Products • For Web Application • WEB INSIGHT SG – Web Application Firewall • WEB INSIGHT AG – Web Application Accelerator • For Database Application • DB INSIGHT SG – Database Security & Audit • Service Business • KT Bizmeka Service • Collaboration with MSSP • Technologies • APPLICATION INSIGHT™Technology • Adaptive Profiling™ Technology • Innovative Web Acceleration Technology

  6. Hacker’s technique Hacker’s attack techniques Server SecurityFirewall WAF IPS Web Security Overview • Change of the hacking trend Attack Sophistication Web hacking HIGH Intruder Knowledge Network hacking Web hacking Service denial Tools Scann Sniffing System hacking Session Hijacking Attackers Password cracking Password speculation LOW 19801985 1990 1995 2000 * reference : John Pescatore, Security Analyst, Gartner Group

  7. Web Security Overview • Critical dangers against web service are increasing. • 80 port should be opened for web service, so that has been threatened by hackers. • Important information like DB can be drained due to web application hacking. • By the limitation of the existing security product like IDS and IPS, Web attacking danger are increasing. • The existing web vulnerabilities opened to the public can always be the attacking targets. “70~80% of hacking is targeting web!”

  8. Web Security Overview • The limitation of the traditional security product • Firewall • can not control web protocls(80,443 Port). • The main target is to protect the whole network infra structure. • IDS(Intrusion Detection System) • False Positive exists, it can not defend roundabout attack and protect SSL packet. • IPS(Intrusion Prevention System) • Protected area is the whole network, so can only perform packet filtering for web security, so not focusing on for professional web security. • Signature based, so regular update is needed. • L7 switch • The main function is load balancing and network bandwidth management. • can block harmful traffic on the network level, so professional HTTP and HTTPS security is not guaranteed.

  9. Product Introduction • WEB INSIGHT SG • Intelligent Web Application Firewall WEB INSIGHT SG enables more easier and cost effective web communication to user. • Positive Security Model + Negative Security Model • Profile based positive security policy • User defined positive security policy • Negative security policy against OWASP Top 10 attack • High Performance Network appliance • Support Gigabit Performance • Physical Independent Impact • Simple Deployment • Fail open (LAN Bypass) • Fail over (Active – Standby High Availability)

  10. HTTP Request Inspection Protocol Validation Positive Security Negative Security Web Server Cloaking Adaptive Profiling Engine Content Filtering Network Firewall Web Client Web Server HTTP Response Inspection Product Introduction • WEB INSIGHT SG Architecture • Network Firewall and Session QoS • Bi-directional web application inspection

  11. Product Introduction • Key Functions

  12. Product Introduction • WEB INSIGHT SG Looks ’08 New

  13. WEB INSIGHT SG Characteristics • Adaptive Profiling Technology • By self learning engine, profileDB based on the valid response from web server is constructed. • After matching the client request with profile DB, abnormal request is totally blocked. • Extra update is not needed and the ultimate defensible model against unknown attacks.

  14. Request : GET / HTTP/1.1 Learning Response data Create profile DB by learning data WEB INSIGHT SG Characteristics • Adaptive Profiling Technology Response <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> …… <body MS_POSITIONING="FlowLayout" bottomMargin="0" leftMargin="0" topMargin="0" rightMargin="0"> <form name="Form1" method="post" action="login.aspx" id="Form1"> <TD><input name="TextBoxLogin" type="text" maxlength="32" id="TextBoxLogin" tabindex="1" style="width:256px;" /></TD> <TD><input name="TextBoxPasswd" type="password" maxlength="32" id="TextBoxPasswd" tabindex="2" style="width:256px;" /></TD> <TD><input type="submit" name="ButtonOk" value=“login" id="ButtonOk" /></TD> </font> …… login.aspxMethod : POSTParameter : TextBoxLogin, TextBoxPasswd

  15. Diff request andProfile EB Diff request andProfile DB login.aspxMethod : POSTParameter1 : TextBoxLoginParameter2 : TextBoxPasswd login.aspxMethod : POSTParameter1 : TextBoxLoginParameter2 : TextBoxPasswd WEB INSIGHT SG Characteristics • Adaptive Profiling Technology Block Pass Normal Request POST http://test.com/login.aspx? HTTP/1.1 TextBoxLogin=wiadmin&TextBoxPasswd=1234qwer Abnormal Request POST http://test.com/login.aspx? HTTP/1.1 TextBoxLogin=wiadmin&TextBoxPasswd=1234qwer&auth=admin

  16. WEB INSIGHT SG Characteristics • Simple Deployment <In-line mode> <One armed mode> Bridge L4 redirect

  17. WEB INSIGHT SG Characteristics • Various Deployment L2 www L4 redirect www www

  18. WEB INSIGHT SG Features • Positive Policy - Form Profile • After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked • do not need any extra update process. • Ultimate security model against the unknown attacks. • Learning Mode • Passive Mode • Active Mode

  19. WEB INSIGHT SG Features • Positive Policy – Request Limit • After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked • can configure manually. • Ultimate security model against the unknown attacks. • Learning Mode • Passive Mode • Active Mode

  20. WEB INSIGHT SG Features • Negative Policy – WEB INSIGHT Rule & User Defined Rule • Can block all web attacks defined by OWASP • By the powerful inspection engine of the Web Insight, set the rule which can detect and block web attacks • can add user defined rule besides the existing attacks

  21. WEB INSIGHT SG Features • Additional Policy – Fraud Click & Page Forgery • Fraud Click functions block connection during a time(Block time) when connect to over the count(Access count) during a time(Detection Time). • Original page is register on policy by client’s first connection to Web server. This original page is created to prevent clients from path traversal or other types of unwanted entry to sensitive sections of the Web site.

  22. WEB INSIGHT SG Features • Central Management • Central Management manage multiple WEB INSIGHT SG • Log & System monitoring - Detect log - Network / WEB traffic - System usage

  23. WEB INSIGHT SG Features • Log view • Search detect/block logs - 14 options for filtering - detail / simple view • Chart Analysis - Top 5 or 10 view - Chart type : 11 categories

  24. Thank You MONITORAPP Co.,Ltd. 306, Ace Techno Tower1, 197-17, Guro3-Dong, Guro-Gu, Seoul, Korea Tel : +82-2-749-0799, Fax) +82-2-749-0798 E-Mail : sales@monitorapp.com Website : www.monitorapp.com

More Related