Layer 7 & Beyond - Challenges security technologies must face Layer 7 & Beyond Challenges security technologies must face. David Maman CTO [email protected]
Nov 18, 2014
Layer 7 & Beyond - Challenges security technologies must face
Layer 7 & Beyond Challenges security technologies must face.
David MamanCTO
Layer 7 & Beyond - Challenges security technologies must face 2
Outline
- Presence• The virtual identity saga
- Web X.0 / HTT-What? / SAAS• Web experience is changing
- Internal Security• Internal security – the “Secured” surroundings
- Day usage• a simple example of unsecured activities
- Mobile• Mobile devices and networking security
Layer 7 & Beyond - Challenges security technologies must face 3
Presence
Layer 7 & Beyond - Challenges security technologies must face 4
Cross platform/media users identity • Users identity is roaming across multiple access layers
Access where ever(net access, VOIP presents, free mind)Web based access (ssl-vpn, etc.) advanced functionalities
• Always availableIM and other applications over multiple access layersMail access in multiple variations of delivery/retrieval
• The OS’sMultiple operating systems are part of this experienceIn The Claude/Network solution is not adequate
• The solutions transparency for the user experience is part of this evolutions
Layer 7 & Beyond - Challenges security technologies must face 5
Web X.0 / HTT-What? / SAAS
Layer 7 & Beyond - Challenges security technologies must face 6
Web x.0 / HTT? / SAAS challenges • Identity, privacy, reputation and anonymity is changing• Everyone is a content/service provider
• Any user is part of the system/experience• Is there End-to-end security architecture?
• The content is delivered and shared everywhere• Cross site scripting is required
• It’s part of the advantages• HTTP/S as a transport layer (oovoo, rpc, etc)
• For years it’s among the only un inspected tunnel’s we’ve allowed, and now it’s almost impossible to validate and control the application level.
Layer 7 & Beyond - Challenges security technologies must face 7
• Changing the way Dynamic content is delivered• Asynchronous JavaScript (AJAX) and XML will
provide a whole new frontier regarding inspection for incoming and out going traffic.
• Dynamic analysis approach for security• Web x.0 public key infrastructure?• Security services over Web x.0• We all like cookies (Transport layer)
• Lately several Trojan horses been using cookies negotiation as a transport layer for data and commands, can we block/inspect this layer?
Web x.0 / HTT? / SAAS challenges
Layer 7 & Beyond - Challenges security technologies must face 8
Internal Security
Layer 7 & Beyond - Challenges security technologies must face 9
Is our network really secured ?
Layer 7 & Beyond - Challenges security technologies must face 10
Internal traffic understanding• Where is the perimeter?
• A network? a segment? a server? a client?• Can we really understand what is passing?
• Endless number of stacks and applications• Encrypting what we don’t understand is wrong
• Securely tunneling un analyzed/authorized traffic.• Number of applications is exponentially increasing
• Any organization in any sector must evolve• Virtualization solutions are already common
• Resources are being shared with which security?
Layer 7 & Beyond - Challenges security technologies must face 11
• Security approach Internally is the complete opposed from perimeter security.
• What we block instead of what we allow. • Viruses are starting to take advantage of the
network “Open Space”• Worms are distributing Viruses/Trojan horses
that starts the infection by network mapping, Antivirus and advanced IPS’s are a necessity
• Can we process and analyze all this traffic? (Network Accelerated processing and Content Accelerated processing is a must for handling this)
Internal security enforcement
Layer 7 & Beyond - Challenges security technologies must face 12
Day by day usage
Layer 7 & Beyond - Challenges security technologies must face
Day by day• There are many daily activates during which we
don’t think of security consequences..• The most basic example, Credit Cards:• Which credit card activity is more secured?
• Online over the internet purchases?or• In the neighborhood ?
• Did you ever think about that ?Let me help you with this one..
Layer 7 & Beyond - Challenges security technologies must face
Basic online ordering architecture
Investments in the information security has grown, the needs are known and there are many regulations that oversee the solutions..
DMZ
Layer 7 & Beyond - Challenges security technologies must face
• Which security solutions been implemented in these devices that we all trust with our everyday payment?
• Most of the new devices work over mobile access (3G/GPRS) with very basic infrastructure security sometimes running over the same access regular users use.
• The operating system has almost none security features or hardening capabilities. (besides plain txt with md5 keys)
• There is no alerting system for any penetration tries over the basic operating system over the management/access interfaces.
• Which do you think is more secured?
What do you know about these devices?
Layer 7 & Beyond - Challenges security technologies must face 16
Mobile
Layer 7 & Beyond - Challenges security technologies must face 17
Explosion of high-value 3G / 3.5G services
• Endless new services..
…that requires a network/security solutions
Gaming
Mail / IM
Mobile TV
Collaboration
VoIP
Video MailMusic
Instant OfficePresence/Push
Layer 7 & Beyond - Challenges security technologies must face 18
Where are the threats coming from?
“Smart” Devices - with alternate network access methods- Multiple OS’s with various security requirements-3G Access provides Internet/Network backup access for business- Stores use credit cards clearing house over GPRS/3G.- Privet networks
Inter Carrier Connectivityfor roaming accessFor collaborated Data
Internet Access- Web browsing and downloads- VOIP solutions- Dynamic Content updates- Gambling/gaming/etc. services.
Backbone Security- Inspecting and managing the BB
, IM
MessagingEmail, Instant Messaging, Multimedia Messaging Services