“New security software vendors are coming into the marketplace offering solutions that provide support to the development environment. Example vendors.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Facts about Welcome to this video from Ozeki. In this video I will present what makes Ozeki Phone System XE the Worlds best on-site software PBX for Windows.
Chapter 17: WEB COMPONENTS
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Lesson 4: Web Browsing.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
ITM352 Javascript and Dynamic Web Pages: Client Side Processing.
It’s World Wide! I NTRODUCTION TO T HE WEB 1 Photo courtesy:
WEB DESIGN SOME FOUNDATIONS. SO WHAT IS THIS INTERNET.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability Scanner V9.
Internet Business Foundations © 2004 ProsoftTraining All rights reserved.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Mobile App Support Jacob Poirier Geri Hengesbach Andrea Menke Erin Rossell.
Access Gateway Operation
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Web Design (1) Terminology. Coding ‘languages’ (1) HTML - Hypertext Markup Language - describes the content of a web page CSS - Cascading Style Sheets.
Integrating and Troubleshooting Citrix Access Gateway.
Module 7: Advanced Application and Web Filtering.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
JavaScript and Ajax (Internet Background) Week 1 Web site:
Information Systems Design and Development Security Precautions Computing Science.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Cloud Computing in Systems Programming Curriculum Gustavo Rodriguez-Rivera, Purdue University Enrique Kortright, IBM.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Security fundamentals
Computer and Network Security
MaaS360 MDM for iOS, Android & Windows Phone 7
BUILD SECURE PRODUCTS AND SERVICES
Web Programming Language
Chapter 5 Electronic Commerce | Security Threats - Solution
Javascript and Dynamic Web Pages: Client Side Processing
Web Concepts Lesson 2 ITBS2203 E-Commerce for IT.
Netscape Application Server
CONNECTING TO THE INTERNET
JavaScript and Ajax (Internet Background)
Ad-blocker circumvention System
Lesson 4: Web Browsing.
CNIT 131 Internet Basics & Beginning HTML
Chapter 5 Electronic Commerce | Security Threats - Solution
FTP - File Transfer Protocol
BINF 711 Amr El Mougy Sherif Ismail
Using SSL – Secure Socket Layer
RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
Sukumara T, Janne S, Kishan SG, Harish G, Eashwar / Presented to CIGRE Colloquium, Mysore, Cyber Security - Secure communication design for.
Cryptography and Network Security
Lecture 2: Overview of TCP/IP protocol
Lecture 3: Secure Network Architecture
Lesson 4: Web Browsing.
Maintaining State in a Stateless System
Transport Layer Security (TLS)
Introduction to Network Security
BOF #1 – Fundamentals of the Web
Hosted Security.
INTERNET SECURITY.
MicroToken Exchange Data Security Solutions
Presentation transcript:

“New security software vendors are coming into the marketplace offering solutions that provide support to the development environment. Example vendors include CodeSealer,,,, “ Gartner Group

Architecture Attack Examples Protection Operating System Browser Client - HTML - JavaScript - DOM - Plugins SSL Termination Network SSL Encrypted DMZ / Firewall HTTPS Gateway WSF Server Application Servers SSL Encryption WSF Protection Attack Examples - Virus - Trojan - Phishing - Root/Boot kit - Man-in-the-Browser - Injects - Phishing - Overlay - Form - Man-in-the-Middle after decryption - Manipulation of data - Session hijacking - Session injects DoS/DDoS DoS/DDoS DoS/DDoS DoS/DDoS Protection - Antivirus identifying and cleaning for known viruses - Firewall - Firewall - WSF monitoring & Integrity check identifying for any kind of manipulation - WAF protecting against known attacks - SSL Encryption - WAF protecting against known attacks and virus - WSF Client / Server Integrity check - Antivirus identifying and cleaning for known viruses WSF Bootloader - Dynamic obfuscation, additional encryption and session keys Hidden application code and URL’s WSF Client – WSF Server Integrity Check

Technical Specification – WSF 4 Server An advanced, secure HTTP Proxy Built In Bootloader Secure JavaScript payload delivery system, hiding and protecting the application Dynamic obfuscation, with scripts replaced with new, uniquely obfuscated variants every 5 minutes Dynamic Keys Proprietary encryption protocols Diffie-Hellman key negotiation 128-bit key strength Rabbit as stream cipher, Badger as message authentication code No useful attacks known Decrypted in JavaScript, one step further than SSL/TLS (HTTPS) Bootloader Establishment of a Secure Session WSF Client WSF Server Front Page Request WSF Front Page referring to Boot Script Boot Script Request Dynamic Obfuscated Bootloader, incl. Unique Key Generator Key Exchange Request WSF Kernel Code Request Negotiate Encryption & Authentication Keys Encrypt and Authenticate WSF Kernel Code Verify, Decrypt and Execute WSF Kernel Code

Technical Specification – WSF 4 Client JavaScript Secure and proprietary communication protocol Web page running protected in Sandbox Cookies protected in Sandbox DOM tree validation for detection of unauthorized page manipulation Checks 4 times per second Forensic Report generation Transmitted instantly or on next server communication event WSF Client HTML Request WSF Client WSF Server Setup of Sandbox Setup of DOM tree validation Encrypted Page Request Verify & Decrypt Page Request Obtain Page from Application Web Server Encrypted Page Response Verify & Decrypt Page Response Execute Page in Sandbox

Technical Specification – WSF 4 Supported Operating systems Linux, kernel version 2.6+ Solaris 10/11+ Windows Server 2008+ Hardware At least 8GB of unused RAM At least 4 cores Supported web standards HTML 5 CSS 3 ECMAScript 5 Performance Initial request: < 1 second Later requests: < 0.5 seconds Max load: > 5.000 Requests per second WSF Potential Attack Handling WSF Client WSF Server Detection of Illegal Action (DOM Manipulation) Create Forensic Report Encrypted Forensic Report Verify Defined Attack Action Disconnect Established Session Re-direct to a new Unsecured Session

Technical Specification – WSF 4 Devices Supported browsers* Desktop Google Chrome Mozilla Firefox Safari 5+ Internet Explorer 9+ Opera Mobile (iOS, Android, WP, Blackberry) Safari IE for Windows Phone 7+ Dolphin Any device with a supported browser, regardless of form factor, will work. * All other browsers can operate unsecured if configured by the customer

WSF 4 – Technical Setup WSF Server installed behind Firewall and Load Balancer, in front of Web Server Installation on same or separate hardware, based on customer infrastructure WSF encrypt data on internal and external network Recommended that SSL/HTTPS is installed on external network Sticky Sessions recommended

WSF 4 – Dashboard Server Monitoring & Heartbeat Forensic Reports Attack Types Dashboard

WSF 4 – Technical Pre-requisites Unsupported client-side VBScript or JScript Limited support for ActiveX Unsupported position-dependent document.write (such operations may be performed out of order) Unsupported array-style indexing of native object attributes (such as innerHTML or appendChild) on objects other than window or document Unsupported showModalDialog and showModelessDialog Limited support for custom document.domain values (some combinations of IE and custom document.domain might cause the browser to enter Quirks mode which is not a valid execution environment for the WSF 4.1 Client) Full support for direct eval calls (such as ‘eval(“2 + 2”)’) but limited support for indirect eval calls (such as ‘window.eval(“2+2”)’ or ‘eval.call(window, “2+2”)’)

WSF 4.1 Installed behind Firewall & Load Balancer (Standard Preferred Setup) HTTP(S) traffic to/from WSF 4.1 Server Load Balancer WSF 4.1* / Web Server SSL/HTTPS Encryption/Decryption WSF 3.0 Encryption/Decryption * It is recommended to have one WSF 4.1 Server per Web Server

WSF 4. 1 Installed behind Firewall & Load Balancer. WSF 4 WSF 4.1 Installed behind Firewall & Load Balancer. WSF 4.1 on dedicated HW Server, SSL Encrypted Monitoring / Analytics HW Server HW Server Load Balancer HW Server HW Server Web Server WSF 4.1* WAF WEB SERVER SSL/HTTPS Encryption/Decryption WSF 4.1 / SSL/HTTPS Encryption/Decryption * One or more WSF 4.1 Servers. 1:1 relation between WSF 4.1 and Web Server

WSF 4. 1 Installed behind Firewall & Load Balancer. WSF 4 WSF 4.1 Installed behind Firewall & Load Balancer. WSF 4.1 on shared HW Server, SSL Encrypted Monitoring / Analytics HW Server 1 SSL & WSF Encrypted WSF 1 WEB 1 SSL Encrypted Load Balancer & Network Switch WSF 2 WEB 2 WAF HW Server 2 WSF 3 WEB 3 Monitoring / Analytics WSF 4 WEB 4 Traffic from Network Switch to WSF 4.1 SSL/HTTPS & WSF Encryption WSF 1 connected to WEB 3 WSF 2 connected to WEB 4 WSF 3 connected to WEB 1 WSF 4 connected to WEB 2 Traffic sent from HW 1 to HW 2 vv., using IP and Network Switch Traffic between HW Servers protected by SSL/HTTPS WAF and Monitoring sniffing on SSL/HTTPS between HW Servers WSF 4.1 / SSL/HTTPS Encryption/Decryption * One or more WSF 4.1 Servers. 1:1 relation between WSF 4.1 and Web Server

Contacts: Tonny Rabjerg tr@codesealer.com +45 2099 9984

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.