Upload
gustav
View
35
Download
0
Embed Size (px)
DESCRIPTION
TrustPort Net Gateway Web traffic protection. Contents. Latest security threats spam and malware Advantages of entry point protection safety and efficiency Web security gateway in action. State of current threats. Spam Percentage of spam increased to 87,7 % from 81,2 % year over year - PowerPoint PPT Presentation
Citation preview
TrustPort Net GatewayWeb traffic protection
WWW.TRUSTPORT.COM
Keep It Secure
Contents
• Latest security threatsspam and malware
• Advantages of entry point protectionsafety and efficiency
• Web security gateway in action
WWW.TRUSTPORT.COM
Keep It Secure
State of current threats
• Spam– Percentage of spam increased to 87,7 % from 81,2 % year over year– Contribution of botnets to spam decreased to 83,4 % from 90 %– Sleeping botnets backing up active botnets– Spam including masked links– Non-English spam increased to 5 % of all spam
• Malware– Percentage of emails with malware attached decreased to 0,35 % from 0,70 % – Increase in targeted attacks aimed at government, banks, media– Taking advantage of social networks vulnerabilities– Increase in fake security software– Shift from manual to automatic installation of web malware– Using a changeable sequence of redirects
Statistics: MessageLabs Intelligence, December 2009
WWW.TRUSTPORT.COM
Keep It Secure
Typical web attack
Legitimate website
Fraudulent website
Hacker
User
Malicious code
Web request
Redirect
Malicious code
Malware installation
Botnet
WWW.TRUSTPORT.COM
Keep It Secure
Possible defensive methods against web attacks
Legitimate website
Fraudulent website
Hacker
User
WWW.TRUSTPORT.COM
Keep It Secure
Entry point web protection
User User User User UserWeb
application
Infected website
Fraudulent website
Remote user
Hacker
Security gateway
WWW.TRUSTPORT.COM
Keep It Secure
• Clear separation of internet and intranet• Checks all data only once• Does not allow malware and spam to endpoints
• Enables unified security management• Provides data for traffic analysis• Enables remote administration of the solution
Advantages of security gateway
WWW.TRUSTPORT.COM
Keep It Secure
Integration of the gateway into the network
TrustPort Net Gateway
WWW.TRUSTPORT.COM
Keep It Secure
Principal functions of web security gateway
Antiviruscontrol
Access management
Web filtering
Traffic analysis
WWW.TRUSTPORT.COM
Keep It Secure
Processing a web query
• User privileges verification– Comparison with the local list of authorized users– Authentication using AD, LDAP
• Verification of server and domain– Trusted servers – content may be downloaded without prior control
– Allowed servers – only these servers can be accessed
– Trusted sites – domains are neither controled nor blocked
– Blocked sites – domains cannot be accessed
• Antiphishing – comparing with a database of phishing sites
• Web filtering – comparing with a database of categorized servers
WWW.TRUSTPORT.COM
Keep It Secure
Checking the downloaded content
• Establishing file format – three modes
– Based on extension – Based on declared content type– By analysis of data sample
• List of banned formats – file download will be blocked
• List of trusted formáts – downloaded file will not be scanned
• Web filtering – Heuristic analysis of the downloaded page– Classification of page into relevant categories
• Antivirus scanning – several scanning engines
WWW.TRUSTPORT.COM
Keep It Secure
• Which engines to use – balancing server load and network security
• How many threads to use – according to the capacity of server
• Heuristic analysis activation available
• Archive scanning activation available
Antiviruscontrol
Setting up scanning engines
WWW.TRUSTPORT.COM
Keep It Secure
The condition for successful scanning is downloading the whole file. Gateway will download the file, scan it and send it to client. Gateway uses two methods to maintain an open connection to the client:
• Data trickling– Gateway sends periodically bits of the
downloaded and scanned file to the client
• Indication page– Gateway displays periodically updated status
page– This page will offer saving file or announce
infection
Antiviruscontrol
Methods of downloading
WWW.TRUSTPORT.COM
Keep It Secure
Web filtering Categorization of websites
Web filtering is based on regularly updated database of web addresses, classified into defined categories. It is also possible to analyze and categorize unknown websites while downloading.
Category examples
• Chat• Dating• Porn• Gambling• Violence• Ilegal software
WWW.TRUSTPORT.COM
Keep It Secure
Web filtering Meaning of web filtering
In the interest of the employer:
• Efficiency of work• Optimum connectivity usage• Protecting company reputation• Security of company network
Observed in business practice:
• Private web browsing• Private downloading • Illegal software downloading• Dangerous web browsing
TrustPort Net Gateway
TrustPort WebFilter
WWW.TRUSTPORT.COM
Keep It Secure
Web filtering Setting up web filtering
• Choosing monitored categories– According to company needs
• Web filtering mode– Allowing all websites– Monitoring selected categories– Blocking selected categories– Blocking all websites
(with explicitly defined exceptions)
• Using heuristic analysis– With no websites – With unknown websites– With all websites
WWW.TRUSTPORT.COM
Keep It Secure
Traffic analysis
Generování statistik
Administrátor vyplní dotaz:
• Jaké období chce analyzovat• Které kategorie chce analyzovat• Jakou formu výstupu požaduje
– Textový výpis odpovídajících záznamů– Graf provozu podle zadaných kritérií
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications
Virus BulletinReactive and
proactive test, average values
(April 2011)
@HOME
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications @HOME
Virus Bulletin (April 2011)
TrustPort Antivirus
Avast Free Antivirus
AVG Internet Security
Eset NOD32 Antivirus
Kaspersky Anti-Virus
McAfee VirusScan
Microsoft Forefront Endpoint Protection
RAP test, overall detection 98.02% 95.27% 92.55% 93.33% 93.30% 84.71% 91.94%
RAP test, reactive detection 99.63% 97.02% 95.27% 94.49% 94.63% 85.05% 93.52%
RAP test, proactive detection 93.18% 90.02% 84.38% 89.86% 89.32% 83.69% 87.18%
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications
Average on-demanddetection of malware
Missed samples (the lower the better)
@HOME
AV-Comparatives (April 2011)
WWW.TRUSTPORT.COM
Keep It Secure
Product certifications @HOME
AV-Comparatives
TrustPort Antivirus
Avast Free Antivirus
AVG Anti-Virus
Eset NOD32 Antivirus
Kaspersky Anti-Virus
McAfee Antivirus Plus
Microsoft Security Essentials
Norton AntiVirus
Overall on-demand detection(April 2011)
99.2% 98.4% 91.4% 97.5% 97.0% 96.8% 95.8% 95.5%
Detection of potentially unwanted apps(December 2010)
99.5% 96.9% - 97.7% 97.6% 98.7% 92.7% 99.6%
Thank you for your attention!