TrustPort Net GatewayWeb traffic protection

WWW.TRUSTPORT.COM

Keep It Secure

Contents

• Latest security threatsspam and malware

• Advantages of entry point protectionsafety and efficiency

• Web security gateway in action

WWW.TRUSTPORT.COM

Keep It Secure

State of current threats

• Spam– Percentage of spam increased to 87,7 % from 81,2 % year over year– Contribution of botnets to spam decreased to 83,4 % from 90 %– Sleeping botnets backing up active botnets– Spam including masked links– Non-English spam increased to 5 % of all spam

• Malware– Percentage of emails with malware attached decreased to 0,35 % from 0,70 % – Increase in targeted attacks aimed at government, banks, media– Taking advantage of social networks vulnerabilities– Increase in fake security software– Shift from manual to automatic installation of web malware– Using a changeable sequence of redirects

Statistics: MessageLabs Intelligence, December 2009

WWW.TRUSTPORT.COM

Keep It Secure

Typical web attack

Legitimate website

Fraudulent website

Hacker

User

Malicious code

Web request

Redirect

Malicious code

Malware installation

Botnet

WWW.TRUSTPORT.COM

Keep It Secure

Possible defensive methods against web attacks

Legitimate website

Fraudulent website

Hacker

User

WWW.TRUSTPORT.COM

Keep It Secure

Entry point web protection

User User User User UserWeb

application

Infected website

Fraudulent website

Remote user

Hacker

Security gateway

WWW.TRUSTPORT.COM

Keep It Secure

• Clear separation of internet and intranet• Checks all data only once• Does not allow malware and spam to endpoints

• Enables unified security management• Provides data for traffic analysis• Enables remote administration of the solution

Advantages of security gateway

WWW.TRUSTPORT.COM

Keep It Secure

Integration of the gateway into the network

TrustPort Net Gateway

WWW.TRUSTPORT.COM

Keep It Secure

Principal functions of web security gateway

Antiviruscontrol

Access management

Web filtering

Traffic analysis

WWW.TRUSTPORT.COM

Keep It Secure

Processing a web query

• User privileges verification– Comparison with the local list of authorized users– Authentication using AD, LDAP

• Verification of server and domain– Trusted servers – content may be downloaded without prior control

– Allowed servers – only these servers can be accessed

– Trusted sites – domains are neither controled nor blocked

– Blocked sites – domains cannot be accessed

• Antiphishing – comparing with a database of phishing sites

• Web filtering – comparing with a database of categorized servers

WWW.TRUSTPORT.COM

Keep It Secure

Checking the downloaded content

• Establishing file format – three modes

– Based on extension – Based on declared content type– By analysis of data sample

• List of banned formats – file download will be blocked

• List of trusted formáts – downloaded file will not be scanned

• Web filtering – Heuristic analysis of the downloaded page– Classification of page into relevant categories

• Antivirus scanning – several scanning engines

WWW.TRUSTPORT.COM

Keep It Secure

• Which engines to use – balancing server load and network security

• How many threads to use – according to the capacity of server

• Heuristic analysis activation available

• Archive scanning activation available

Antiviruscontrol

Setting up scanning engines

WWW.TRUSTPORT.COM

Keep It Secure

The condition for successful scanning is downloading the whole file. Gateway will download the file, scan it and send it to client. Gateway uses two methods to maintain an open connection to the client:

• Data trickling– Gateway sends periodically bits of the

downloaded and scanned file to the client

• Indication page– Gateway displays periodically updated status

page– This page will offer saving file or announce

infection

Antiviruscontrol

Methods of downloading

WWW.TRUSTPORT.COM

Keep It Secure

Web filtering Categorization of websites

Web filtering is based on regularly updated database of web addresses, classified into defined categories. It is also possible to analyze and categorize unknown websites while downloading.

Category examples

• Chat• Dating• Porn• Gambling• Violence• Ilegal software

WWW.TRUSTPORT.COM

Keep It Secure

Web filtering Meaning of web filtering

In the interest of the employer:

• Efficiency of work• Optimum connectivity usage• Protecting company reputation• Security of company network

Observed in business practice:

• Private web browsing• Private downloading • Illegal software downloading• Dangerous web browsing

TrustPort Net Gateway

TrustPort WebFilter

WWW.TRUSTPORT.COM

Keep It Secure

Web filtering Setting up web filtering

• Choosing monitored categories– According to company needs

• Web filtering mode– Allowing all websites– Monitoring selected categories– Blocking selected categories– Blocking all websites

(with explicitly defined exceptions)

• Using heuristic analysis– With no websites – With unknown websites– With all websites

WWW.TRUSTPORT.COM

Keep It Secure

Traffic analysis

Generování statistik

Administrátor vyplní dotaz:

• Jaké období chce analyzovat• Které kategorie chce analyzovat• Jakou formu výstupu požaduje

– Textový výpis odpovídajících záznamů– Graf provozu podle zadaných kritérií

Thank you for your attention!