Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Next Generation with Application Intelligence Protection Against Network.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Next Generation with Application Intelligence Protection Against Network."— Presentation transcript:

1 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Next Generation with Application Intelligence Protection Against Network and Application Attacks

2 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 2  Today’s threat environment  Exposed Applications  What is Application Intelligence?  Application Intelligence R55W  Check Point Next Generation with Application Intelligence Highlights Agenda

3 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 3 Application Vulnerabilities Today’s Threat Environment  Most organizations have perimeter security Network-level firewalls enforcing access control Default protection against network-level attacks  Result  Attacks are becoming more sophisticated: Hackers are targeting applications Closer to business/user data (the ultimate goal) Multiple applications create multiple attack vectors Many known vulnerabilities in common applications According to the FBI and SANS, more than half of the Top 20 Most Critical Internet Vulnerabilities breach networks via applications like Web and email

4 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 4 Significant Application Exposure Web Server Mail Server FTP Server VoIP Gateway DNS Peer-to-Peer Hacker Deny service to legitimate users (DoS attacks) Gain administrator access to servers or clients Gain access to back-end databases Install Trojan horse software to bypass security Install “sniffer” software on servers to capture UIDs/PWs Hacker Objectives Internet Security policy often “permits” these communications Microsoft Networking

5 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 5 Application Intelligence  Set of technologies that detect and prevent application-level attacks  Deeper understanding of application behavior integrated with network security defenses  The core functions of Application Intelligence are: –Validating compliance to standards –Validating expected usage of protocols –Blocking malicious data –Controlling hazardous application operations

6 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 6 Check Point Active Defense Building Blocks  Patented technology (Stateful Inspection)  Check Point FireWall-1 NG with Application Intelligence ™  Multi Layer Stateful Inspection - from the network layer (IP/TCP) to the application layers (HTTP/XML/SOAP etc)  Validates protocol correctness at all layers –IP de-fragmentation –TCP Stream reconstruction –Protocol parsing (HTTP, VoIP, RPC etc) –Content parsing (XML/SOAP, ASN.1 etc)  Restrict protocols to protect application servers from unused options  Open and flexible architecture allows customers to immediately respond to new versions/applications to ensure tight security control

7 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 7 Check Point Next Generation with Application Intelligence Validate Compliance to Standards Validate Expected Usage of Protocols Block Malicious Data Control Hazardous Application Operations Do communications adhere to relevant standards? Ex: No binary data in HTTP headers Is protocol being used in an expected or “typical” manner? Ex: Excessive HTTP header length or Directory Traversal Is application introducing hazardous data or commands? Ex: Cross Site Scripting or Attack signature detection Is application performing unauthorized operations? Ex: FTP commands Defense Strategies

8 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 8 Application Intelligence Defenses Applications Web Peer-to-peer Instant Messaging DNS VoIP FTP Email Microsoft Networking Applications Selected Attacks Defeated Code Red Nimda Directory Traversal Malicious URLs HTTP Encoding Attacks WebDAV Attacks FTP Bounce Attack Bugbear Worm SQL Slammer Worm

9 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 9 A Comparison with Legacy Firewalls Network-level Application-level Network-level Application-level Access Control Attack Protection NG with Application Intelligence -- -- some some* Application Layer Gateways Network Firewalls * no dedicated means to configure attack protection

10 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 10 Application Intelligence - SmartDefense Centralized Control for attack protection Real Time Attack Information Response, alerting and configuration tracking Detailed forensics information

11 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 11 Peer-to-Peer Application Control Blocked Applications Tracking

12 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 12 Cross-site Scripting Protection Granular protection per server

13 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Application Intelligence in R55W

14 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 14 Architectural Improvements  Product enhancements from architectural changes: –Active Streaming –Web Intelligence –Usability Enhancements –Dynamic updates –Add-On installation –Debugging and Monitoring tools

15 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 15 Enhanced Streaming Inspection  Active Streaming –Kernel-based TCP stack –Manipulation of data stream –Advanced security controls –Compliments Passive Streaming  Combined Streaming approach –Passive and Active –Fastest application security processing architecture in the market

16 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 16 Passive vs. Active Streaming Methods  Passive Streaming –Analyze request –Reject on detection –Advanced inspection with little overhead  Active Streaming –Analyze request and response header before sending to server –Manipulate stream –Send error page –Advanced inspection with greater control but more overhead

17 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 17 Streaming Uses in R55W  Passive Streaming –Default method  Active Streaming –HTTP header spoofing –Sending error pages  Granular Use –Streaming Decision per connection per web server –Highest performance through selective streaming

18 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 18 Web Intelligence vs. Application Intelligence  Web Intelligence –SQL Injection –Command Injection –Directory Traversal Attacks –Granular HTTP Format Sizes –Granular Allowed HTTP Methods –HTTP Header Spoofing –Malicious Code Protector

19 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 19 Updated Application Intelligence Support  SNMP –Allow only SNMPv3 –Block default community strings for version SNMPv1/2

20 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 20 Updated Application Intelligence Support  POP3 / IMAP –Block identical username and password –Username/password length restrictions –NOOP command restrictions

21 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 21 Updated Application Intelligence Support  Peer to Peer –Detection on all ports  New Port scan logic –Host scan –Sweep scan

22 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 22 Updated Application Intelligence Support  DShield Storm Center Integration –Report activity –Receive automatic block list updates

23 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 23 Updated Application Intelligence Support  MSN Messenger over SIP –Block specific operations over SIP –Verify RFC compliance

24 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 24 Updated Application Intelligence Support  New VoIP Support –MGCP –Skinny (SCCP) Support includes : –Dynamic management of RTP sessions –Analysis and enforcement of message states –Verification of call parameters –Keep call state for each call –Enforcement of hand-over domains –Logs call information –Report security vulnerabilities

25 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 25 Updated Application Intelligence Support  MS-SQL

26 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 26 Updated Application Intelligence Support  DNS Verification and Enforcement –UDP and new TCP enforcement –ID scrambling –Domain “black list” –Prevention of “Birthday attacks” –Prevention of excessive reply flooding Prevents major issue with DNS – Cache Poisoning

27 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 27 Check Point Next Generation with Application Intelligence Highlights  VoIP Support  Worm pattern matching for CIFS  High-performance peer-to-peer support  HTTP encoding attack prevention  Network Quota (DoS protection)  Fingerprint Scrambling  VPN Denial of Service Protection

28 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 28 Malicious Code Protector™  Malicious Code Protector –Patent-pending technology –Catches buffer overflow attacks and other malicious code against web servers –50% of all major security bugs are buffer overflows (CERT)  Blocks code-based attacks by disassembling and analyzing executable code embedded in network traffic  Attack identified based on its simulated behavior, not signatures –Catches known attacks –Catches unknown attacks  HTTP only  Windows and Linux based code disassembly Executable Code? Malicious Code? Virtual Simulator pass Block/Log no User Input yes no

29 ©2004 Check Point Software Technologies Ltd. Proprietary & Confidential 29  With Application Intelligence, Check Point delivers the most comprehensive and integrated protection against application and network attacks  Application Intelligence is integrated into Check Point FireWall-1, VPN-1, Express, and InterSpect  Application-level attacks and vulnerabilities pose significant risks to today’s networks, and Application Intelligence provides the security to defend against these threats Summary

Download ppt "©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Next Generation with Application Intelligence Protection Against Network."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google