fortiweb may 2013

8/11/2019 FortiWeb May 2013

1/35


2/35

2 Fortinet Confidential

Web Application Security

Deployment and Management

Vulnerability Assessment

Protection and Monitoring

Compliance

12

4

56

Application Delivery3

Agenda


3/35


Hackers use attack automation to DDoS organizations Utilize mass hoards of bots Off the shelf attack tool kits make it easy for Hacktivists

to join DDoS attacks

Rise of layer 7 DDoS Malware infected Sources SQL Injection/XSS dominate

Latest Trends.

Web ApplicationServers


4/35


5/35


Introducing - FortiWeb Web Application Firewall

Web Application Firewall - WAF Secures web applications to help customers meet compliance requirements

Secures WebApplications

Scans and DetectsWeb Vulnerabilities

Optimizes ApplicationDelivery

Web Vulnerability Scanner Scans, analyzes and detects web application vulnerabilities

Application Delivery Assures availability and accelerates performance of critical web applications

WAF


6/35


7/35






Compliance

12

4

56


Agenda


8/35


Layer II - Transparent Inspection and TrueTransparent Proxy Easy deployment - No need to re-architect network,

full transparency Fail Open Interface

Reverse Proxy Supports content modification for both requestsand replies from the server Advanced URL rewriting capabilities HTTPS offloading Enhanced load balancing schemes

Non Inline Deployment SPAN port

Zero network latency Blocking capabilities using TCP resets Ideal for initial product evaluations, non-intrusive

network deployment

Deployment Options

Web ApplicationServers

FortiWeb

FortiWeb

System Administration


9/35


FortiWeb Product Family

Large Enterprise Deployments ASIC based Acceleration - FortiModule-CP7 500 Mbps HTTP throughput 27,000 transactions per second

Large Enterprise/ Service Provider Deployments ASIC based Acceleration - FortiModule-CP7 1 Gbps HTTP throughput 40,000 transactions per second Hot-swap redundant AC-Power, 2*1 TB storage 6 x 10/100/1000 copper (+ 2x Gbps SFP for 3000CFsx)

Mid-Enterprise Deployments

100 Mbps HTTP throughput 10,000 transactions per secondFortiWeb-400C

FortiWeb-1000C

FortiWeb-3000C/3000CFsx

FortiWeb-4000C

Large Enterprise/ Service Provider Deployments ASIC based Acceleration - FortiModule-CP7 Hardware based DLP acceleration 2 Gbps HTTP throughput 70,000 transactions per second Hot-swap redundant AC-Power, 2*1 TB storage 6 x 10/100/1000 copper, 2x Gbps SFP interfaces


10/35


FortiWeb-VM

Desktops /Private

Servers / DMZ FortiWebVirtual

Appliance

Virtualized DataCenter

Public ZoneDMZ

Requirement Min needed for FortiWeb-VM

Licenses 2-vCPU, 4-vCPU, 8-vCPU

Hypervisor VMware ESXi/ESX 3.5/4.0/4.1/5.0/5.1

Memory Min. 1024

CPU Min. 2 virtual CPUs

10/100/1000 Interfaces Min. 2 Max. 4virtual NICs

Storage Capacity Min. 40G

Deploy FortiWeb in a virtualizedenvironment Mitigate blind spots Protects web applications regardless of connection origin Provides visibility to internal connections as well Same functionality as appliance

Virtual Systems


11/35


Overview

SignaturesSecurity Service Application layer

signatures Malicious bots Suspicious URL

pattern Web vulnerability

scanner updates

IP Reputation Protection for

automated attacksand malicioussources

DDoS, Phishing,

Botnet, Spam, Anonymous proxiesand infectedsources

Antivirus Scan file uploads Regular and

extended AVdatabases

FortiGuard Services

FortiGuard Security Subscription Services deliver dynamic, automatedupdates for Fortinet products. The Fortinet Global Security Research Team createsthese updates to ensure up-to-date protection against sophisticated threats


12/35


Data Analytics/Geo IP

Provides a graphical interface thathelps organizations understandapplication trends both from auser and server perspective

Log & Report

Analyses web app usage based ongeographic location and serveraccess Dissect traffic based on number of hits,

data used and attack type Map or list view

Geo IP security Easily block access from a country

using right click


13/35






Compliance

12

4

56


Agenda


14/35


Overview SSL Offloading & Acceleration

SSL Offloading Integrated ASIC based hardware Hardware-based key exchange and bulk

encryption Purpose built SSL processing

CA Management Full certificate management Advanced certification verification and

revocation capabilities

TCP Connection Multiplexing

Offload CPU intensive SSL computing from server to FortiWeb

FortiASIC CP8 SSLAcceleration Chip


15/35


Data Compression

FortiWeb

Data Compression

Compression Compress files using gzip compression

Compression rate depends on datatype and character redundency

Support for multiple content types

Easily exclude specific URLsUncompressing Inspect data compressed by server

Compress poorly optimised content to minimise impact on networkresources and reduce application delivery latency

Allows efficient bandwidth utilization and response time to users bycompressing data retrieved from servers


16/35


Load Balancing Methods: Weighted Round Robin, Round-

Robin, Least Connection, HTTP sessionround robin

Connection persistence with timeout value

Probes & Health Checks: TCP,HTTP/HTTPS, PING.Content based health checks

Overview

Intelligent, application awareload balancing

Server Load Balancing


17/35


Overview URL Rewriting

Advanced Rewriting capabilities Route traffic based on: IP, Host, URL Rewriting and Redirection: Host, URL,

Referrers

Rewrite Reply Content Rewrite absolute links Any required content Multiple content types supported


18/35






Compliance

12

4

56


Agenda


19/35


Overview Vulnerability Assessment

Easily Scan your web

applications Common vulnerabilities SQL Injection Cross Site Scripting Source code disclosure OS Commanding

Enhanced/Basic Mode Crawling information URLs accepting input External Links

Authentication Options

Granular Crawling Capabilities

Scheduled and on DemandScanning

FortiWeb


20/35


Overview Vulnerability Assessment

Vulnerability Reports Scan summary Vulnerability by severity Vulnerability by categories Application Vulnerabilities Common Vulnerabilities

Server Information Crawling information URLs accepting input External Links

Provides Recommendations and

Graphs

Updates via FortiGuard

Complements WAF for PCI DSS


21/35






Compliance

12

4

56


Agenda


22/35


23/35


FortiWeb Auto Learn Application Profiling

Understand Application Structure Models elements from actual traffic Builds baseline based on URLs,

parameters, HTTP methods

Automatically Understands RealBehavior Can form fields/parameters be modified

by users? What are the length and type of each

form field? What characters are acceptable (min,

max, average)? Is a form field required or optional?

Provides Recommendations andGraphs


24/35


Web Based Attacks Denial of Service

Zombie BotnetMany become one

Application based DDoS is on the increaseaccounting for a quarter of all DDoS attacks

Under the radars bandwidth threshold

Targeting specific web app/protocol flawsrather than bandwidth consumption

CPU intensive SQL queries to backend DB Writing to hard disks

Server specific

Slow based and legitimate request attacks Slowloris - Sends legitimate, but partial, never ending

requests

Using tools that can be easily downloaded from theinternet such as HOIC and LOIC

Using botnets and automatic tools to reach mass

Sometimes camouflaging real data breach attempts SQL Injection primarily


25/35


Protection Policies Denial of Service

Application Layer HTTP request limit per source TCP connections using the same cookie HTTP requests using the same cookie Challenge Response validate whether

the user is real or automated

Network Layer TCP connections limit per source SYN Cookie SYN flood protection

Analyze requests originating from different users based ondifferent characteristics such as IP and cookie

Sophisticated mechanism identifies real users from automatedattacks (LOIC, HOIC, etc)


26/35


Overview FortiGuard IP Reputation

Threats DDoS Phishing Botnets

IP Reputation Service

Daily feed updates Automated downloads Immediate protection Visibility and reporting

FortiGuard Techniques

FortiGuard historical analysis Honeypots Botnet analysis

FortiGuard IP Reputation Intelligence Service :Protect against automated attacks and malicious source

Anonymous Proxy access Infected source SPAM hosts

Anonymous proxies Third party sources


27/35


FortiWeb provides protection at all layers

IP Reputation Automated attacks and compromised host protection Protection against access from Anonymous proxies, malicious hosts and sources identified in DDoS/Phishing

attacks

Antivirus file upload scanning andData Leak Prevention Scans uploaded files for viruses and malware (FortiGuard updates) Detects Information Disclosure, credit card and PII leakage

Auto Learn and Validation Rules Deviations from normal user behavior, automated and customer rules

Application Attack Signatures Detects known application attacks FortiGuard updates

Protocol Validation Validates HTT P RFC compliance

Application and Network Denial of Service Protection (DoS/DDos protection) Detects and aggregates DoS attacks from multiple vectors


28/35






Compliance

12

4

56


Agenda


29/35


FortiWeb addresses PCI 6.6 Web Application Firewall - OWASP Top Protection Web Application Scanner

FortiDB addresses PCI requirements with Data Activity Monitoringand Vulnerability Assessment for Databases

Requirement 2 : No vendor supplied defaults for system passwords Requirement 3 : Stored cardholder data must be protected Requirement 6 : Develop and maintain secure systems Requirement 7 : Access to data restricted on a need-to-know basis

Requirement 10 : Track and monitor access to cardholder data Requirement 11 : Regular systems testing Requirement 12 : Maintaining an information security policy

Fortinet Addresses PCI DSS


30/35


FortiWeb Value Add

FortiClient Desktop

Application Security

Application Delivery


Authentication SSL Offloading an d Acceleration

HTTP Compliance Application Signatures Application Profiling Data Leak Prevention

Compression

DDoS Protection AntivirusIP Reputation

Load Balancing

Dramatically reduce the risk of corporate data

loss. Accurate protection with multiple layers of defense Integrated Web Vulnerability Scanner Protects against the OWASP Top 10

Positive and negative security policies Automated management using Auto Learn

Baselining Sophisticated DoS/DDoS protection

Layer 7 focus Botnet and malicious sources protection Easily deploys in any environment

Multiple deployment options Data Analytics Geo IP data analysis and

security over the world map Accelerates applications Application aware Load Balancing Compression ASIC based SSL Acceleration

Helps achieve PCI compliance


31/35


Q&A


32/35


T H I S I S F O R T I W E B

FortiWeb :Additional Features


33/35


Overview AntiVirus

FortiWeb Antivirus Scan file uploads usingFortinets antivirus

engine Restrict file type uploads

Virus Databases Regular and extended virus databases

Updates Updates via FortiGuard antivirus service

AV Configuration


34/35


Overview DLP

DLP Identification Credit card theft/misuse Information Disclosure Server information

Policy Actions Rewrite sensitive data with xxxx Alert, Block

Sensitive info in Logs Automatically mark with xxxx any

sensitive data in FortiWeb logs

FortiWeb monitors all outgoingweb traffic to identify and erasesensitive customer data


35/35

fortiweb may 2013

Documents