220 likes | 355 Views
TrustPort Net Gateway Web traffic protection. Contents. Latest security threats spam and malware Advantages of entry point protection safety and efficiency Web security gateway in action. State of current threats. Spam Percentage of spam increased to 87,7 % from 81,2 % year over year
E N D
Contents • Latest security threatsspam and malware • Advantages of entry point protectionsafety and efficiency • Web security gateway in action
State of current threats • Spam • Percentage of spam increased to 87,7 % from81,2 % year over year • Contribution of botnets to spam decreased to 83,4 % from 90 % • Sleeping botnets backing up active botnets • Spam including masked links • Non-English spam increased to 5 % of all spam • Malware • Percentage of emails with malware attached decreased to 0,35 % from 0,70 % • Increase in targeted attacks aimed at government, banks, media • Taking advantage of social networks vulnerabilities • Increase in fake security software • Shift from manual to automatic installation of web malware • Using a changeable sequence of redirects Statistics: MessageLabs Intelligence, December 2009
Typical web attack Hacker Legitimate website Fraudulent website Malicious code Redirect Web request Malicious code Botnet User Malware installation
Possible defensive methods against web attacks Hacker Legitimate website Fraudulent website User
Entry point web protection Infected website Fraudulent website Remote user Hacker Security gateway User User User User User Web application
Advantages of security gateway • Clear separation of internet and intranet • Checks all data only once • Does not allow malware and spam to endpoints • Enables unified security management • Provides data for traffic analysis • Enables remote administration of the solution
Integration of the gateway into the network TrustPort Net Gateway
Principal functions of web security gateway Antivirus control Access management Web filtering Traffic analysis
Processing a web query • User privileges verification • Comparison with the local list of authorized users • Authentication using AD, LDAP • Verification of server and domain • Trusted servers – content may be downloaded without prior control • Allowed servers – only these servers can be accessed • Trusted sites – domains are neither controled nor blocked • Blocked sites – domains cannot be accessed • Antiphishing – comparing with a database of phishing sites • Web filtering – comparing with a database of categorized servers
Checking the downloaded content • Establishing file format – three modes • Based on extension • Based on declared content type • By analysis of data sample • List of banned formats – file download will be blocked • List of trusted formáts – downloaded file will not be scanned • Web filtering • Heuristic analysis of the downloaded page • Classification of page into relevant categories • Antivirus scanning – several scanning engines
Setting up scanning engines Antivirus control • Which engines to use – balancing server load and network security • How many threads to use – according to the capacity of server • Heuristic analysis activation available • Archive scanning activation available
Methods of downloading Antivirus control The condition for successful scanning is downloading the whole file. Gateway will download the file, scan it and send it to client. Gateway uses two methods to maintain an open connection to the client: • Data trickling • Gateway sends periodically bits of the downloaded and scanned file to the client • Indication page • Gateway displays periodically updated statuspage • This page will offer saving file or announce infection
Categorization of websites Web filtering • Web filtering is based on regularly updated database of web addresses, classified into defined categories. It is also possible to analyze and categorize unknown websites while downloading. • Category examples • Chat • Dating • Porn • Gambling • Violence • Ilegal software
Meaning of web filtering Web filtering • In the interest of the employer: • Efficiency of work • Optimum connectivity usage • Protecting company reputation • Security of company network • Observed in business practice: • Private web browsing • Private downloading • Illegal software downloading • Dangerous web browsing TrustPort Net Gateway TrustPort WebFilter
Setting up web filtering Web filtering • Choosing monitored categories • According to company needs • Web filtering mode • Allowing all websites • Monitoring selected categories • Blocking selected categories • Blocking all websites(with explicitly defined exceptions) • Using heuristic analysis • With no websites • With unknown websites • With all websites
Generování statistik Traffic analysis • Administrátor vyplní dotaz: • Jaké období chce analyzovat • Které kategorie chce analyzovat • Jakou formu výstupu požaduje • Textový výpis odpovídajících záznamů • Graf provozu podle zadaných kritérií
Product certifications @HOME Virus Bulletin Reactive and proactive test, average values (April 2011)
Product certifications @HOME Virus Bulletin (April 2011)
Product certifications @HOME AV-Comparatives(April 2011) Average on-demanddetection of malware Missed samples (the lower the better)
Product certifications @HOME AV-Comparatives