Presentation is loading. Please wait.

Presentation is loading. Please wait.

June – 2008 MONITORAPP Co.,Ltd.

Published byPaulina Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "June – 2008 MONITORAPP Co.,Ltd."— Presentation transcript:

1 June – 2008 MONITORAPP Co.,Ltd.
Intelligent Web Application Firewall WEB INSIGHT SG Product Introduction June – 2008 MONITORAPP Co.,Ltd.

2 Contents about MONITORAPP Web Security Overview Product Introduction
WEB INSIGHT SG Characteristics WEB INSIGHT SG Features

3 about MONITORAPP Company name : MONITORAPP Co.,Ltd.
Vision Mission Company name : MONITORAPP Co.,Ltd. Established Date : CEO : Young KwangHoo Lee Business Regions Application Delivery Technology Research & Development Web Application Security product supply Web Application Acceleration product supply Database Security product supply Web Application Security Service supply Address 306, Ace Techno Tower 1, , Guro 3-Dong, Guro-Gu, Seoul, Korea Tel.) / Fax.) • Be a leading application delivery Solution provider in the world. • We leverage E-business by securing the entire web environment.

4 Strategy Business Model
Reliable Web Application Web Vulnerability Analysis Web service quality Analysis Secure & Fast Application Delivery Solution Provider Fast Web Application Web response latency Web server load Secure Database IT Compliance Increase of Database security Secure Web Application Increase of web hacking Leakage of personal information

5 Products & Technologies
For Web Application WEB INSIGHT SG – Web Application Firewall WEB INSIGHT AG – Web Application Accelerator For Database Application DB INSIGHT SG – Database Security & Audit Service Business KT Bizmeka Service Collaboration with MSSP Technologies APPLICATION INSIGHT™ Technology Adaptive Profiling™ Technology Innovative Web Acceleration Technology

6 Server Security Firewall
Web Security Overview Change of the hacking trend Hacker’s attack techniques Attack Sophistication Hacker’s technique IPS Web hacking HIGH Intruder Knowledge WAF Network hacking Web hacking Server Security Firewall Service denial Tools Scann Sniffing System hacking Session Hijacking Attackers Password cracking Password speculation LOW * reference : John Pescatore, Security Analyst, Gartner Group

7 Web Security Overview Critical dangers against web service are increasing. 80 port should be opened for web service, so that has been threatened by hackers. Important information like DB can be drained due to web application hacking. By the limitation of the existing security product like IDS and IPS, Web attacking danger are increasing. The existing web vulnerabilities opened to the public can always be the attacking targets. “70~80% of hacking is targeting web!”

8 Web Security Overview The limitation of the traditional security product Firewall can not control web protocls(80,443 Port). The main target is to protect the whole network infra structure. IDS(Intrusion Detection System) False Positive exists, it can not defend roundabout attack and protect SSL packet. IPS(Intrusion Prevention System) Protected area is the whole network, so can only perform packet filtering for web security, so not focusing on for professional web security. Signature based, so regular update is needed. L7 switch The main function is load balancing and network bandwidth management. can block harmful traffic on the network level, so professional HTTP and HTTPS security is not guaranteed.

9 Product Introduction WEB INSIGHT SG
Intelligent Web Application Firewall WEB INSIGHT SG enables more easier and cost effective web communication to user. Positive Security Model + Negative Security Model Profile based positive security policy User defined positive security policy Negative security policy against OWASP Top 10 attack High Performance Network appliance Support Gigabit Performance Physical Independent Impact Simple Deployment Fail open (LAN Bypass) Fail over (Active – Standby High Availability)

10 HTTP Request Inspection HTTP Response Inspection
Product Introduction WEB INSIGHT SG Architecture Network Firewall and Session QoS Bi-directional web application inspection Protocol Validation Positive Security Negative Web Server Cloaking Adaptive Profiling Engine Content Filtering HTTP Request Inspection HTTP Response Inspection Network Firewall Client

11 Product Introduction Key Functions
Policy Functions Details Positive Request Limit Restrict all components of HTTP request Automatic policy by learning the HTTP requests Manual policy by user-defied rules. URL Profile Allow the request to only pre-learned URLs, web pages Form Profile Automatic security policy by self learning engine based on Profile HTTP Response based Profile Negative WEB INSIGHT Rule Pre-defined Signature based Rules User Defined Rule User-defined Signature based Rules about all HTTP components Cloaking Error page cloaking Alter the web server error page to block attack. Header cloaking Remove the server information included to response header Cookie Encryption & Signature Block cookie injection & poisoning by cookie encryption or cookie signature Data Theft Personal Information & Credit card number Block or mask the important personal information (Personal Social number, Credit card number. Can block text in Office document, PDF and zipped file. Management Central management for a several Analyzing the database traffic & network traffic Monitoring system usage

12 Product Introduction WEB INSIGHT SG Looks ’08 New WISG-100 WISG-500
View Spec. 1U Rack mountable Intel C2.0 GHz 1GB Memory 10/100 x 4 Intel P4 2.8GHz 10/100/1000M x 4 10/100M x 4 2U Rack mountable Xeon 3.2GHz x 2 2GB Memory 10/100/1000 x 4 Fiber 1G x 4 Redundant Power Supply ’08 New WISG-530 WISG-1030 WISG-2030 WISG-4060 View Spec. 1U Rack mountable Core 2 Duo CPU 2GB Memory 1GB CFM Single Power Supply 10/100/1000M x 8 (3pairs GBE Bypass) 2U Rack mountable Xeon 3.6GHz * 2 10/100/1000M x 4 (2Pairs GBE Bypass) Fiber 1G x 4 (1Pair Fiber Bypass) 10/100M * 1 Redundant Power Supply Dual Core CPU x 2 10/100/1000 x 6 Fiber 1G x 2 Quad Core CPU x 2 4GB Memory 10/100/1000 x 10 (4Pairs GBE Bypass) (2 Pairs Fiber Bypass)

13 WEB INSIGHT SG Characteristics
Adaptive Profiling Technology By self learning engine, profileDB based on the valid response from web server is constructed. After matching the client request with profile DB, abnormal request is totally blocked. Extra update is not needed and the ultimate defensible model against unknown attacks.

14 WEB INSIGHT SG Characteristics
Adaptive Profiling Technology Request : GET / HTTP/1.1 Response <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> …… <body MS_POSITIONING="FlowLayout" bottomMargin="0" leftMargin="0" topMargin="0" rightMargin="0"> <form name="Form1" method="post" action="login.aspx" id="Form1"> <TD><input name="TextBoxLogin" type="text" maxlength="32" id="TextBoxLogin" tabindex="1" style="width:256px;" /></TD> <TD><input name="TextBoxPasswd" type="password" maxlength="32" id="TextBoxPasswd" tabindex="2" style="width:256px;" /></TD> <TD><input type="submit" name="ButtonOk" value=“login" id="ButtonOk" /></TD> </font> Learning Response data Create profile DB by learning data login.aspx Method : POST Parameter : TextBoxLogin, TextBoxPasswd

15 WEB INSIGHT SG Characteristics
Adaptive Profiling Technology Block Pass Normal Request POST HTTP/1.1 TextBoxLogin=wiadmin&TextBoxPasswd=1234qwer Abnormal Request POST HTTP/1.1 TextBoxLogin=wiadmin&TextBoxPasswd=1234qwer &auth=admin Diff request and Profile EB Diff request and Profile DB login.aspx Method : POST Parameter1 : TextBoxLogin Parameter2 : TextBoxPasswd login.aspx Method : POST Parameter1 : TextBoxLogin Parameter2 : TextBoxPasswd

16 WEB INSIGHT SG Characteristics
Simple Deployment Proxy Gateway Network Deployment Proxy Gateway In-line or One armed mode No changes to existing infrastructure Full functions support Sniffing Gateway Mirror based In-line or One-armed mode Block by session reset. Limited functions (not support cloaking, data theft) Cannot support HTTP response data control Difference Proxy Mode Sniffing Mode Strong security Low performance than sniffing mode Limited security High performance than Proxy mode about 3 times In the physical configuration, WEB INSIGHT SG is deployment-easy WAF appliance without FOD (Fail open device). <In-line mode> <One armed mode> Bridge L4 redirect

17 WEB INSIGHT SG Characteristics
Various Deployment Bridge Mode A-S HA Mode` One_Armed Mode In-line on network No changes to existing infrastructure Support LAN bypass on failure Active – Standby HA Mode Health Check (Daemon, NIC, Link, System) Support Fail-over on failure By L4 switch supporting port redirection, one-armed mode configuration (Proxy & sniffing mode) can be used. L2 www L4 redirect www www

18 WEB INSIGHT SG Features
Positive Policy - Form Profile After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked do not need any extra update process. Ultimate security model against the unknown attacks. Learning Mode Passive Mode Active Mode

19 WEB INSIGHT SG Features
Positive Policy – Request Limit After learning mode, normal traffic (which does not contain any danger factor) is profiled and abnormal requests are regarded as the potential danger and blocked can configure manually. Ultimate security model against the unknown attacks. Learning Mode Passive Mode Active Mode

20 WEB INSIGHT SG Features
Negative Policy – WEB INSIGHT Rule & User Defined Rule Can block all web attacks defined by OWASP By the powerful inspection engine of the Web Insight, set the rule which can detect and block web attacks can add user defined rule besides the existing attacks

21 WEB INSIGHT SG Features
Additional Policy – Fraud Click & Page Forgery Fraud Click functions block connection during a time(Block time) when connect to over the count(Access count) during a time(Detection Time). Original page is register on policy by client’s first connection to Web server. This original page is created to prevent clients from path traversal or other types of unwanted entry to sensitive sections of the Web site.

22 WEB INSIGHT SG Features
Central Management Central Management manage multiple WEB INSIGHT SG Log & System monitoring - Detect log - Network / WEB traffic - System usage

23 WEB INSIGHT SG Features
Log view Search detect/block logs options for filtering - detail / simple view Chart Analysis - Top 5 or 10 view - Chart type : 11 categories

24 Thank You MONITORAPP Co.,Ltd.
306, Ace Techno Tower1, , Guro3-Dong, Guro-Gu, Seoul, Korea Tel : , Fax) Website :

Download ppt "June – 2008 MONITORAPP Co.,Ltd."

Similar presentations

Whats New in Fireware XTM v11.5.2. New Features in Fireware XTM v11.5.2 Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.

Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Department Of Computer Engineering

Department Of Computer Engineering
Firewall Slides by John Rouda

Firewall Slides by John Rouda

Similar presentations

Ads by Google