Before: Servers Behind Firewalls
Today: Servers Migrate Out Business drivers: E-Business Supply chain management CRM
Servers Placed in DMZ
Holes Punched in Firewall…
Internet Facing Servers are at Risk
And Through Them - Entire Network
Why Are Web Servers Vulnerable? Complexity Mix of software from different vendors Web masters have administrative privileges
How Are Web Servers Attacked? Code injected through HTTP requests –Typically using a buffer-overflow vulnerability Attack used to: –Deface web site –Install Trojan horse –Plant backdoors –Attack deeper into the organization
Attack Scenario
Solution: WaveBreaker
File System NetworkRegistryProcesses OS Services IIS Applications WaveBreaker Architecture
WaveBreaker Interception Layer File System NetworkRegistryProcesses IIS Authorizer Admin console
WaveBreaker Architecture File System NetworkRegistryProcesses WaveBreaker Interception Layer IIS Authorizer Admin console
File System WaveBreaker Interception Layer WaveBreaker Architecture NetworkRegistryProcesses OK Authorizer IIS Admin console
WaveBreaker Architecture File System NetworkRegistryProcesses WaveBreaker Interception Layer IIS Authorizer OK Admin console
WaveBreaker Architecture File System NetworkRegistryProcesses WaveBreaker Interception Layer X X Authorizer IIS WaveBreaker’s performance overhead: Approximately 5% Admin console !
WaveBreaker: Product Highlights Intrusion-proof protection for Microsoft®-IIS based applications Prevents: –Opening backdoors –Planting Trojan horses – Web site defacement –Attacks deeper into the corporate network Attacks are blocked in real-time Out-of-the-box security schemes provide instant protection Easily configurable to support any web application Security logs alert security administrators of attack attempts
Simple Management
Full Event Monitoring
Conclusion Business drivers and competitive market no longer permit keeping mission critical servers behind firewalls. Internet-facing web applications are and will be vulnerable. WaveBreaker can provide the shielding needed to deploy internet-facing servers.
Thank you.