Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Application Protection Against Hackers and Vulnerabilities

Similar presentations


Presentation on theme: "Web Application Protection Against Hackers and Vulnerabilities"— Presentation transcript:

1 Web Application Protection Against Hackers and Vulnerabilities
Barracuda Web Application Firewall Web Application Protection Against Hackers and Vulnerabilities Barracuda Networks Confidential Barracuda Networks Confidential 1 1

2 Introduction Application-layer Security for Web Traffic
Fully application aware Application Delivery and Acceleration Web User Access Control Full-featured, scalable WAF Familiar Barracuda Networks interface / ease of use Economical – no per user fees Barracuda Networks Confidential

3 Data Center Assets Increasingly Vulnerable
Identity theft Data theft Worms Denial of Service SQL Injection Parameter tampering Business Implications Lost revenue Brand erosion Regulatory compliance: SOX, GLBA, HIPAA 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008. Source: IBM X-Force Barracuda Networks Confidential

4 Challenges with Legacy Security Solutions
Network Firewalls Blindly allow HTTP/S Web traffic IPS/IDS Signature matching only, not application aware Cannot protect from zero-day attacks No protection for encrypted traffic Non deterministic protection Cannot “normalize” traffic to detect obfuscated attacks None Well known signatures only IPS / Network Firewalls Data Theft Application DoS Google Hacks Forceful Browsing Identity Theft Buffer overflow Parameter Tampering Stealth Commanding Injection Attacks Cross Site scripting Hidden field manipulation Cookie poisoning Application Firewall Application Threat THIS is the reason so many leading Fortune 500 companies and industry experts have concluded that application firewalls are now mandatory. When you step back and consider the facts, the conclusion is pretty straightforward. They know that (summarize points from this section): - Apps provide access to sensitive data… - Firewalls don’t protect… - IPS and patching… - Just fixing code is difficult, expensive and slow (leaves holes open for far too long while you’re figuring out what to do) CONCLUSION – Solution must be: “Firewall” – Needs to be something at the perimeter that blocks attacks BEFORE they get to the app – extension of defense-in-depth “Proactive” – Must block attacks before they are known, not reactively chase hackers by waiting for signatures, etc. “Signature-Based” products will never be able to solve this problem. What’s needed is a What is Missing? More insight and control into application structure: URLs, cookies, headers, FORMs, Session, SOAP actions, XML elements … Barracuda Networks Confidential

5 The solution: Layer 7 security
Firewall blocks only network attacks Web Applications Port 80/443 traffic goes through Barracuda Web Application Firewall The solution: Barracuda Web Application Firewall Understands web traffic Layer 4 and Layer 7 load balancing for Web servers Accelerates application delivery Protects against common web attacks Mitigates broken access control Barracuda Networks Confidential

6 Comprehensive Application Layer Protection
Full inspection of application data input Complete knowledge of expected values Real-time policy creation and enforcement INSPECTS FOR: Malicious Commands Illegal Keywords Hidden Field Tampering Parameter Tampering Altered HTTP Methods Max Length Exceptions Illegitimate URLs WSI Profile Validation XML Schema Validation Virus/Malware Injection Distribute DoS ENFORCES: Intended application logic Web site cloaking Legitimate crawling Valid parameter values Non-disclosure of sensitive data Appropriate session state SSL and Session security Valid URLs Rate Control Web Applications/Services Users Barracuda Networks Confidential

7 Barracuda Web Application Firewall Benefits
SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

8 Barracuda Web Application Firewall Benefits
SECURE WEB APPLICATIONS • Cloak server information • Protect against layer 7 attacks • Data theft protection • Integrated XML protection SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

9 Barracuda Web Application Firewall Benefits
SCALE AND SPEED UP APPLICATION DELIVERY • Load balancing • Caching • Compression • Integrated access control - LDAP / RADIUS - Client certificates SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

10 Barracuda Web Application Firewall Benefits
GAIN VISIBILITY VIA LOGS AND REPORTS • Web firewall logs • Audit logs • Access logs • Traffic / attack reports SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

11 Barracuda Web Application Firewall Benefits
ACHIEVE COMPLIANCE • Role based access • LDAP authentication • PCI reports • Audit reports SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

12 Out of line as a one armed proxy
Typical Deployment Inline between the network firewall and the servers in Proxy or Bridge mode Both these deployments can be put in High Availability set up with two units in a pair Out of line as a one armed proxy Barracuda Networks Confidential

13 Barracuda Networks http://www.barracuda.com/products
Summary Comprehensive Web application protection Application delivery and acceleration Authentication and Authorization Logging, monitoring and reporting Achieve compliance: PCI, HIPAA, GLBA Barracuda Networks Barracuda Networks Confidential 13 13


Download ppt "Web Application Protection Against Hackers and Vulnerabilities"

Similar presentations


Ads by Google