Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Slides:

Advertisements

Similar presentations

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Advertisements

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

The Most Analytical and Comprehensive Defense Network in a Box.

® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Middleware Fatemeh Hendijanifard 1 آزمايشگاه سيستم هاي هوشمند (

02/12/00 E-Business Architecture

eGovernance Under guidance of Dr. P.V. Kamesam IBM Research Lab New Delhi Ashish Gupta 3 rd Year B.Tech, Computer Science and Engg. IIT Delhi.

The Architecture of Transaction Processing Systems

Stephen S. Yau CSE , Fall Security Strategies.

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

Securing Internet Applications SoBeNet User group meeting 08/10/2004.

Web Services Architecture1 - Deepti Agarwal. Web Services Architecture2 The Definition.. A Web service is a software system identified by a URI, whose.

Web Application Firewall (WAF) RSA ® Conference 2013.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

SCALABLE EVOLUTION OF HIGHLY AVAILABLE SYSTEMS BY ABHISHEK ASOKAN 8/6/2004.

Client Call Back Client Call Back is useful for multiple clients to keep up to date about changes on the server Example: One auction server and several.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

Module 7: Advanced Application and Web Filtering.

 Common Object Request Broker Architecture  An industry standard developed by OMG to help in distributed programming.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Security fundamentals Topic 10 Securing the network perimeter.

AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

IS3220 Information Technology Infrastructure Security

E-commerce Architecture Ayşe Başar Bener. Client Server Architecture E-commerce is based on client/ server architecture –Client processes requesting service.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Some Great Open Source Intrusion Detection Systems (IDSs)

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Security fundamentals

The Holmes Platform and Applications

Chapter 13 Web Application Infrastructure

CompTIA Security+ Study Guide (SY0-401)

CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr

Critical Security Controls

100% Exam Passing Guarantee & Money Back Assurance

High Performance Computing Lab.

Securing the Network Perimeter with ISA 2004

Principles of Network Applications

#01 Client/Server Computing

CompTIA Security+ Study Guide (SY0-401)

Inventory of Distributed Computing Concepts and Web services

Ebusiness Infrastructure Platform

IS4680 Security Auditing for Compliance

Inventory of Distributed Computing Concepts

Web Application Server 2001/3/27 Kang, Seungwoo. Web Application Server A class of middleware Speeding application development Strategic platform for.

Intrusion Detection system

#01 Client/Server Computing

Presentation transcript:

Securing Legacy Software SoBeNet User group meeting 25/06/2004

Objectives Existing applications are enabled to operate in a networked environment Adapter Suites Application Platform Suites (J2EE,.NET,…) Application Servers Enterprise Portals Integration Suites Message-Oriented Middleware Object-Request Brokers Transaction Processing Monitors  Preserve Security Level  Compliance with Security Standards and regulations  Manageable

Ubizen – trusted partner in IT Security Ubizen has a vast experience in Application Security Via a highly qualified consultancy team Risk Management, Security Policies, Procedures and Standards Architecture Review and Infrastructure design Penetration testing Application Vulnerability Assessment Implementation of best of breed security products Via product development AAA products Web Shielding (DMZ/Shield TM ) Proven Track record in IT Security Top-3 Managed Security Service Provider World-wide Number 1 in Europe > 3200 devices under management Incident Response Forensics Investigation

Three research tracks for securing existing applications Protect all access paths to and from the application Interception and validation of the communication between components,modules and systems Shielding components, module and systems from malicious traffic Apply automatic protocol security Moving to a more formal model for protocol description and automatic application of protocol security at different layers of the stack. Monitoring and managing Introduction of security infrastructure is only the first step… Keeping it properly configured and monitored 24 by 7 by experienced security experts is the second.

MULTI LAYER approach to Application Security Deep Packet Inspection Protection at the network layer Protection at the transport layer Protection at the application layer Defense in depth Perimeter Demilitarized Zone  Transactional Zone Multi-tier architecture Coordination of Security Information between # tiers (e.g. SAML) Protection of end points Not all layers on the #tiers are under control (e.g. OS, Language execution environment, App Server)  Introduction of HIDS, Policy Compliance Modules,…

Deep Packet Inspection Security Context and Coordination Defense In Depth 2 dimensional multi layer approach GUI Deep Packet Inspection Presentation Logic Deep Packet Inspection Business Logic Deep Packet Inspection Data Access Deep Packet Inspection Data Layer

In practice … Deep Packet Inspection Security Context and Coordination Defense In Depth GUI Deep Packet Inspection Presentation Logic Deep Packet Inspection Business Logic Deep Packet Inspection Data Access Deep Packet Inspection Data Layer

Interception and Shielding in SoBeNet Deep Packet Inspection Security Context and Coordination Defense In Depth GUI Deep Packet Inspection Presentation Logic Deep Packet Inspection Business Logic Deep Packet Inspection Data Access Deep Packet Inspection Data Layer

Interception Techniques Centralized applications Interception of method invocations/library calls/system calls  System based interception and shielding Distributed or multi-tier applications Interception of traffic using standard internet protocols Interception of Remote Method Invocations  Network based interception and shielding

System based interception Interception at the Operating System Level Plug-able services of the OS (e.g. network or file io) Host Intrusion Detection and Prevention Systems work at this level Library Level Dynamical loaded libraries can be replaced with more secure versions Language Runtime Support E.g. Load time modification of binary code Validation of pre and post conditions Audit-ability and forensics Application Platform Suite J2EE container services and components Microsoft.NET services and components

Network based interception Proxy Architectures… Asymmetric Proxy (protocol encapsulates proxy support), no modification of client software Reverse Proxy Symmetric Proxy (general applicable but has influence on client software) Transparency Link, network, transport level Application Protocol level (e.g. HTTP,…) User Application level

Fall back on industry adapted standards Scope definition for maximum valorization of the results? Target is “Protecting” Legacy Applications … … but these are built on evolving components Web Application  HTTP Firewalls Service Oriented Architectures  XML Firewalls Application Platform Suites  J2EE,.NET

Internet Application Protocols … The most important internet protocols were never designed with security in mind RFC’s describing the protocols allow often ambiguous interpretation  Vendors choose for interoperability instead of security Most applications use only a small part of the protocol definition … and vulnerabilities are often in the non- used protocol functionality

User Application Protocols … Communication protocols at application level are rarely specified, nor formalized User Application protocols get less attention because they are typically used once for a specific application User Application protocols are more complex because of their dependency of a (huge) internal state  combinatorial explosion of cases

Automatic protocol security Protocol = set of rules between communicating parties SequenceForm and content Formalization (Strong Typing, XML Schema,…) Formalization (State Charts, Sequence and Collaboration Diagrams, …) SANITY Checking Shields 4 of the Top 10 Vulnerabilities in application

Manageability and Monitoring Keeping the configuration up to date Default Deny Policy Automatic Learning of normal behavior Configuration automation  policy proposals Monitoring of all the alerts triggered by the devices Correlation of events from security components Coordination and exchange of security state between devices reduces the false positives Anomaly detection Audit Trail What information is required for Forensics Performance Management