web application protection against hackers and security vulnerabilities barracuda web application...
Post on 18-Dec-2015
233 views
TRANSCRIPT
Web Application Protection Against Hackers and Security Vulnerabilities
Barracuda Web Application Firewall
Introduction• Application-layer security for Web traffic
• Fully application aware
• Application Delivery and Acceleration
• Web User Access Control
• Full-featured, scalable WAF
• Familiar Barracuda Networks interface / ease of use
• Economical – no per user fees
74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them
by the end of 2008.
Data Center Assets Increasingly Vulnerable
Identity theftData theft
WormsDenial of Service
SQL InjectionParameter tampering
Business ImplicationsLost revenueBrand erosionRegulatory compliance:
SOX, GLBA, HIPAA
Source: IBM X-Force
Challenges with Legacy Security Solutions
None
None
None
None
None
None
None
None
None
Well known signatures only
Well known signatures only
Well known signatures only
IPS / Network Firewalls
Data Theft
Application DoS
Google Hacks
Forceful Browsing
Identity Theft
Buffer overflow
Parameter Tampering
Stealth Commanding
Injection Attacks
Cross Site scripting
Hidden field manipulation
Cookie poisoning
Application Firewall
Application Threat• Network Firewalls
– Blindly allow HTTP/S Web traffic
• IPS/IDS– Signature matching only, not
application aware– Cannot protect from zero-day
attacks– No protection for encrypted traffic– Non deterministic protection– Cannot “normalize” traffic to detect
obfuscated attacks
What is Missing?More insight and control into application structure:URLs, cookies, headers, FORMs, Session, SOAP actions, XML elements …
The solution: Layer 7 security
Web Applications
Port 80/443 traffic goes through
Firewall blocks only network attacks
Barracuda Web Application Firewall
The solution: Barracuda Web Application Firewall
Understands web traffic
Layer 4 and Layer 7 load balancing for Web servers
Accelerates application delivery
Protects against common web attacks
Mitigates broken access control
Comprehensive Application Layer Protection
Users Web Applications/Services
INSPECTS FOR:Malicious Commands
Illegal KeywordsHidden Field Tampering
Parameter TamperingAltered HTTP Methods
Max Length ExceptionsIllegitimate URLs
WSI Profile ValidationXML Schema ValidationVirus/Malware Injection
Distribute DoS
ENFORCES:Intended application logic
Web site cloakingLegitimate crawling
Valid parameter valuesNon-disclosure of sensitive data
Appropriate session stateSSL and Session security
Valid URLsRate Control
• Full inspection of application data input• Complete knowledge of expected values• Real-time policy creation and enforcement
Barracuda Web Application Firewall Benefits
SECUREWEB
APPLICATIONS
SCALE UPAND
SPEED UP
GAIN VISIBIILITYVIA LOGS
AND REPORTS
ACHIEVECOMPLIANCE
Barracuda Web Application Firewall Benefits
SECUREWEB
APPLICATIONS
SCALE UPAND
SPEED UP
GAIN VISIBIILITYVIA LOGS
AND REPORTS
ACHIEVECOMPLIANCE
SECURE WEB APPLICATIONS
• Cloak server information
• Protect against Layer 7 attacks
• Data theft protection
• Integrated XML protection
Barracuda Web Application Firewall Benefits
SECUREWEB
APPLICATIONS
SCALE UPAND
SPEED UP
GAIN VISIBIILITYVIA LOGS
AND REPORTS
ACHIEVECOMPLIANCE
SCALE AND SPEED UP APPLICATION DELIVERY
• Load balancing
• Caching
• Compression
• Integrated access control- LDAP / RADIUS- Client certificates
Barracuda Web Application Firewall Benefits
SECUREWEB
APPLICATIONS
SCALE UPAND
SPEED UP
GAIN VISIBIILITYVIA LOGS
AND REPORTS
ACHIEVECOMPLIANCE
GAIN VISIBILITY VIA LOGS AND REPORTS
• Web firewall logs
• Audit logs
• Access logs
• Traffic / attack reports
Barracuda Web Application Firewall Benefits
SECUREWEB
APPLICATIONS
SCALE UPAND
SPEED UP
GAIN VISIBIILITYVIA LOGS
AND REPORTS
ACHIEVECOMPLIANCE
ACHIEVE COMPLIANCE
• Role based access
• LDAP authentication
• PCI reports
• Audit reports
Typical DeploymentInline between the network firewall and the servers in Proxy or Bridge mode Both these deployments can be put in High Availability set up with two units in a pair
Out of line as a one armed proxy