SECURITY FOR SECURITIES AND INSURANCE INDUSTRY

abdomendebonairΑσφάλεια

2 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

103 εμφανίσεις

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

SECURITY FOR SECURITIES AND
INSURANCE INDUSTRY

Daniel Phuan

Security Engineer

Check Point Software, South Asia

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

2

Business Moves to the Web

Web Reliance

Sophistication of Web Environment

External Web Site


Static

External Web Site


Dynamic

Intranet Web Portal


Static, Manual

Intranet Web Portal


Dynamic


Plumtree


IBM


Microsoft

Legacy Apps w/ Web Interface


Outlook Web Access


SAP

Enterprise Web

Applications


CRM


BPM


ERM


EAI

Web Remote

Access



Customer
Portals



SSL VPN


Web Servers
Proliferate*


1993: 200


1998: 100
Million


2003: 500
Million


Applications Deliver
Web Interface


MS Outlook


SAP


Oracle


Peoplesoft


Seibel

“Webification” of

the Enterprise

*IDC


Delivering Access
over the Web


Customer Portals


Partners Portals


SSL VPN

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

3

Add more remote users

beyond current 20 percent



Less technical employees



Partners

Reduce remote access

support costs



Browser based; no client
maintenance



Less end user complexity

Additional access options



Access from home PC, corporate
PC, Internet kiosk

SSL VPN: Anywhere Access

Intranet



Email



Applications



Files

Extranet



Portal



Applications



Files

Extranet access


Partner computers

Day Extenders



Email



Basic applications



Home computer

Teleworkers



Email



Applications



Company


computer

Mobile workers



Email



Basic applications



Company computer


or public computer

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

4

SSL VPN: Everywhere Access


With IPSec you knew who was coming in






With SSL VPN you don’t (usually)

Company
-

owned PC

Access

Agreement

Partner

PC

+

Company
-

owned PC

Employee

home PC

Partner

PC

Public

Internet kiosk

Completely

unmanaged/unsecured

Firewall,

antivirus

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

5

Web Threat Environment

Most cyber attacks and Internet security violations are
generated through Internet applications.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

6


Intranet Portals


Web enable legacy
applications


Extranet portals


SSL VPN Web
-
based access

Web
-
Related Trends

Integrating Web Security


Secure coding
practices


Penetration testing
& auditing


Web Application
Firewalls


Endpoint Security

Web Enabling Business

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

7

SSL VPN Drivers

Business Drivers


More access from more places


Broadband in the home, kiosks, business
centers


The rise of the Day Extender


A few hours at home a week


Increasingly mobile workforce


Growth in business partnerships, Extranets


Security concerns of Web
-
based systems


Security concerns from non
-
managed PCs

Solutions


SSL VPN


Creates an SSL Web
-
based interface for
employees and partners


Deploy Web Security and Endpoint security
controls with SSL VPN

Fast Fact #1:

30%

-
SSL VPNs that
are deployed for
Extranet use


Fast Fact #2:

26.5

-
Typical # of
Spyware programs
running on
endpoint PCs


Source #1: Check Point user survey Source #2: Earthlink Spy Audit, 1/1/04 through 6/30/04

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

8

Web Application Firewall
Drivers

Business Drivers


90’s
-

aggressively deployed web apps and
portals


Explosion of Web
-
based threats


SQL Injection, Command Injection, Cross Site
Scripting, Buffer overflow attacks, worms, etc.


Corporations held liable for ensuring
customer privacy and data integrity


Most applications do not provide basic
security checks


Input validation


Very Expensive to retrofit security in existing
infrastructure

Solution


Network
-
based Web security


Provide security checks at the perimeter


Easier & quicker than updating all servers

Fast Fact:

20 Years

-
Years retailer
Guess must under
go annual
security audit
for exposing
credit cards to
hackers

Source: http://www.securityfocus.com/news/5968

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

9

Endpoint Security Drivers

Business Drivers


More access from more places


Broadband in the home, kiosks, business
centers


Exponential growth in malicious attacks


Spyware, Malware, Trojan Horses


Businesses creating Web portals


Increased information sharing with partners


SSL VPN Web
-
based access from
unmanaged endpoints

Solutions


Desktop Security in the enterprise


Firewalls, AV, etc.


Browser
-
based security solutions


Push security controls through the browser


Malware Scan, host check, etc.

Fast Fact:

Every 30 Seconds

-
frequency of
attacks on a
computer on the
Internet


Fast Fact:

One in Three

-
PCs with system
level malware in
Earthlink study


Source #1: mi2G Intelligence Unit, London, UK, August 2004 Source #2: Earthlink Spy Audit, 1/1/04 through 6/30/04

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

10

Check Point Web Security
Portfolio


SSL VPN for Web
-
based remote access


Connectra
, The Web Security Gateway


Unified SSL VPN, Web security, and
Endpoint security


SSL Network Extender


Network
-
level SSL VPN for Connectra &
VPN
-
1



Web Application Firewall


Web Intelligence


Web Security for Connectra & VPN
-
1


Endpoint Security


Integrity Clientless Security


Integrated into Connectra, available for
Web applications


Securing
the Web
for
Business

Bringing
Business
to the Web

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

11

Web Security Solution

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

12







Introducing Connectra

Web Connectivity with Unmatched Security

Web Security Gateway Features


Secure Web
-
Based Connectivity


Integrated Server Security


Adaptive Endpoint Security


One
-
Click SSL Extranet


Seamless Network Deployment


and Management

SSL VPN

Integrated

Security

Easy

Deployment


©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

13

Introducing SSL Network Extender

Secure Network
-
Level Connectivity over the Web

SSL


Network
-
level connectivity over SSL
VPN


Browser Plug
-
in


Supports all IP
-
based applications


TCP, UDP, ICMP, FTP, etc.


Integrated with Check Point Gateways


Connectra


Enables native applications support


VPN
-
1


Combined IPSec and SSL


©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

14

Introducing Web Intelligence

Protection for the Entire Web Environment

Web application firewall technology for Check Point products.


Advanced Product Features


Malicious Code Protector



Patent
-
pending technology that catches buffer
overflow attacks and other malicious code.


Advanced Streaming Inspection


Extends the inspection and reconstruction
capabilities of the INSPECT architecture by
adding active traffic control of live traffic streams.


Simple Deployment and Management


Built to be quickly deployed to protect Web
servers without complex tuning and configuration.


Seamless Integration with Check
Point Products

Provides protection for the entire Web
environment.


Included in Connectra


Available as an add
-
on to VPN
-
1 gateways


Will be available on InterSpect

Web

Servers

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

15

Introducing Integrity Clientless
Security

Key Benefits


Stops ID and password theft, prevents
data loss


Makes it easy to secure non
-
IT
controlled PC’s that access the
enterprise network


Prevents any non
-
compliant remote PC
from compromising enterprise security

Key Features


Spyware Detection & Remediation


Simple Deployment & Maintenance


Network Access Policy Enforcement


Integrates with Web Applications
-

Outlook Web Access, Extranet Portals


Integrated with Connectra

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

16

Check Point Securing the Web for
Business

Integrating Web Security

Web Enabling Business


Intranet Portals


Web enable legacy
applications


Extranet Portals


SSL VPN web
-
based
access


Connectra


SSL Network
Extender


Secure coding practice


Penetration testing &
Auditing


Web Application
Firewalls


Web Intelligence


Endpoint Security


Integrity Clientless
Security

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential

17

Check Point Web Security



Thank You!