Embed Size (px)
DESCRIPTION
SOFT-TRONIK, a.s. Defending Malware. Michal Červinka Pre-sales SE. Defending Malware. Blocking Access to Malware Sites Detecting Hidden File Types Removing Active Content from HTML Pages Blocking Mobile Malicious Code Implementing Anti-malware Protection …. - PowerPoint PPT Presentation
Citation preview
SOFT-TRONIK, a.s.Defending Malware
Michal ČervinkaPre-sales SE
Defending Malware
• Blocking Access to Malware Sites• Detecting Hidden File Types• Removing Active Content from HTML Pages• Blocking Mobile Malicious Code• Implementing Anti-malware Protection• …
Blocking Access to Malware Sites
• BCWF Categories– Spyware/Malware Sources – Spyware Effects/Privacy Concerns – Phishing
BCWF DRTR
Master D
BM
aster DB
HunterHunter
DRTRLanguage detection
Link check
XXX
etc
DRTRLanguage detection
Link check
XXX
etc
SAM
Anti-Malware
Thread detection engines
SAM
Anti-Malware
Thread detection engines
DBR
Deeplink inspection
Google API
And more
DBR
Deeplink inspection
Google API
And more
Human raters
Exe, cab,..Exe, cab,..
Detecting Hidden File Types
• ProxySG provides– file extensions– MIME data types– apparent data types (DOS/Win executables, MS CAB)As a destination in Web Access Layer
• ProxyAV delivers– file extensions– true file-type checking in any container (archive …)
• executables, images, documents, archives
Removing Active Content
• Strip– Java Applets– Plugins– ActiveX– JavaScript, VB ScriptAction at web access layer
Blocking Mobile Malicious Code
• script string rewriting (substitute keywords)• script injection (prevent execution)
CPL only
CPU intensive
Anti Malware Scanning
• Scan once, serve many times– ISTAG for cacheable objects– fingerprints for non cacheable
• Many ICAP Error Codes– file scanning timeout– maximum individual file size exceeded– maximum total uncompressed size exceeded– maximum total number of files in archive exceeded– maximum number of archive layers exceeded– decode/decompress error (unsupported compression method,
corrupted compression file)– password protected archive– out of temporary storage space– other errors
http Parsing
• ProxySG blocks malformed HTTP requests and returns a 400 Invalid Request error by default
SGOS#(config) http tolerant-request-parsing
Michal ČervinkaPre-sales [email protected]
SOFT-TRONIK, a.s. OstravaTvorkovských 5709 00 Ostrava - Mariánské Horytel.: +420 597 488 811 fax: +420 596 622 486
PrahaNagano Office and Technology Park,Nagano IIIU nákladového nádraží 10130 00 Praha 3tel: +420 266 109 211 fax: +420 283 840 236
www.soft-tronik.cz
