waf(web application firewall) cloud computing service
DESCRIPTION
WAF(Web Application Firewall) Cloud Computing Service. Duk Soo Kim, [email protected] 2010.06.01. Cloud Computing. Definition - PowerPoint PPT PresentationTRANSCRIPT
WAF(Web Application Firewall) Cloud Computing Service
Duk Soo Kim, [email protected]
Cloud Computing
DefinitionCloud computing is a general term for anything that involves delivering hosted
services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).
Visual Model of NIST Working Definition
WAF Cloud Computing Service
Source:
Source: http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
Security as a Service (1/2)
Why turn to Security as a Service(or Security Saas)?
WAF Cloud Computing Service
Source: Enterprise Management Associates(EMA), “Security as a Service” survey, Q1 2010
Security as a Service (2/2)
Why turn to Security as a Service(or Security Saas)?
WAF Cloud Computing Service
Source: Enterprise Management Associates(EMA), “Security as a Service” survey, Q1 2010
Present Web Security SaaS (1/2)
There exists only end-user protection, but web application protection.
Websense and Webroot are providing web security services for enterprises. Their protection is focused on ‘end-user protection’
Outbound security : Enforcing web filtering policies Inbound security : Blocking viruses, spyware and other web-based threats
They adopted ‘Hybrid deployment model’. Platforms : Security-as-a-Service, Dedicated Appliance For a fast and easy deployment, Security SaaS is offered, and for a high performance,
appliance is offered with management service. Appliance offering can be considered as cloud computing service in a broad sense. However, it is almost close to ‘Managed Security Service’ that is monthly charged(‘pay-as-you-go’ model).
WAF Cloud Computing Service
Web server
UserInbound ProtectionOutbound Control
Security-as-a-Service If a user accesses provider’s service web site, a software is installed and shifts all of web
traffics from the customer’s location to available datacenters ‘in the cloud.’ Provider’s web site provides management process including policy settings.
Dedicated Appliance Dedicated appliance is installed in the customer’s network and provider offers ‘Managed
Security Service’ over Internet.
Present Web Security SaaS (2/2)
WAF Cloud Computing Service
Web server
User
Provider’s cloud
Security Solution
Web server
User
Provider’s cloud
Appliance
Managed remotelyCustomer Enterprise Network Management Solution
There exist only appliance-based WAF service. A few companies claimed that they provided WAF SaaS, but it was appliance-
based service. Savvis introduced WAF as a ‘IT infrastructure-as-a-service’. However, it was almost
close to ‘Managed Security Service’ that a little far from cloud computing characteristics.Ref.) http://www.imperva.com/docs/Savvis_WebApplicationFirewallService.pdf
Art of defence allegedly announced the industry's first cloud-based SaaS solution. However it was a WAF software image for GoGrid cloud. GoGrid users only can use it.Ref.) http://www.darkreading.com/securityservices/security/perimeter/showArticle.jhtml?articleID=223400027
WAF SaaS
WAF Cloud Computing Service
Web serverUser
Provider’s cloud
Management Solution
Appliance(WAF)
Customer Enterprise Network
Managed remotely
Our Approach (1/2)
Hybrid deployment model We adopt the hybrid depolyment model like web security SaaS companies such
as Websense, and Webroot. Security-as-a-Service
To shift web traffics to our cloud, we change URI-IP mapping entry registered in DNS. After changing DNS, all of traffics for target web server is forwarded to WAPPLES cloud.
Dedicated Appliance WAPPLES is offered to customer as a dedicated appliance and WAPPLES MS is
installed in cloud as a management solution.
WAF Cloud Computing Service
Web server
User
Provider’s cloud
WAF
Original pathbefore changing DNS
New pathafter changing DNS
Our Approach (2/2)
Challenges How do we control DNS changes?
How much time does it take for DNS changes to be reflected in end-user environment?
Usually within 1~24 hours, but 24~72 hours for global propagation
Can we provide automated DNS change?
How can we eliminate concerns about traffic latency and increase of bandwidth?
For very small web sites this is not an issue, however for medium and large sites this can be considered seriously. We need verification in(or nearly close to) real environment. Another option is to offer dedicated appliance service model.
To Do Building a web site for user interaction interface Implementing a provisioning tool for DNS control
WAF Cloud Computing Service
WAF Cloud Computing Service
韓国本社
韓国ソウル市永登浦区汝矣島 25-11 韓進海運ビル 20階
TEL: 82-2-780-7728 FAX: 82-2-786-5281
www.pentasecurity.com
ペンタセキュリティシステムズ ( 株 )
韓国本社
韓国ソウル市永登浦区汝矣島 25-11 韓進海運ビル 20階
TEL: 82-2-780-7728 FAX: 82-2-786-5281
www.pentasecurity.com
ペンタセキュリティシステムズ ( 株 )
日本本社
東京都千代田区霞ヶ関 3-3-2新霞ヶ関ビル18階 KOTRA東京
TEL: 81-3-5511-1093 FAX: 81-3-5511-1092
www.pentasecurity.co.jp
日本本社
東京都千代田区霞ヶ関 3-3-2新霞ヶ関ビル18階 KOTRA東京
TEL: 81-3-5511-1093 FAX: 81-3-5511-1092
www.pentasecurity.co.jp