Notes from Secure Computing’s Web Gateway Security Workshop

http://feeds.feedburner.com/~r/islandinthenet/feed/~3/184185350/

Web Gateway Security

Grant Murphy - Director, Web Gateway Security

Negative security model ( known bad ).  Must know about all possible attack vectors.  Not possible.

Reference: Metasploit, HD Moore, VoMM.

Positive security model.  Intent and reputation model.  Something is good because of its known intent and reputation. Real world example.  Credit score.  If I have a reputation for defaults or late payments then I will get a lower credit score than someone who pays bill on time or…

Juvenile Diabetes Foundation Walk for the Cure

On October 28, I participated in the Juvenile Diabetes Research Foundations' Walk for the Cure. Over 2000 families took a 5-kilometre scenic walk around the Cook College campus of Rutgers University in New Brunswick, New Jersey. Together we raised almost $200,000 toward research to find a cure for Type 1 diabetes.

There were quite a few families who entered the event as teams complete with T-shirt and banner designs. A few of the corporate sponsors also had team walking in the event. Corporate sponsors provided food (QuikChek) and numerous product samples (Splenda) product. There were music and prizes and other entertainment for the kids.

Juvenile Diabetes Foundation Walk for the Cure | Sunday 28 October, 2007 | Sony DSC-W55
Juvenile Diabetes Foundation Walk for the Cure | Sunday 28 October, 2007 | Sony DSC-W55

Notes from Secure Computing's Web Gateway Security Workshop

Web Gateway Security

Grant Murphy - Director, Web Gateway Security

Negative security model ( known bad ). Must know about all possible attack vectors. Not possible.

Reference: Metasploit, HD Moore, VoMM.

Positive security model. Intent and reputation model. Something is good because of its known intent and reputation. Real world example. Credit score. If I have a reputation for defaults or late payments then I will get a lower credit score than someone who pays bill on time or in full.

TrustedSource. In Web 1.0 world trust is implied by user. User assumes that content on other end will not be malicious. In Web 2.0 trust can not be guaranteed. Many new vulnerabilities and attacks. Most new web traffic is Web 2.0. Lot of code is executed in the browser (endpoint).

Reputation enhanced URL filtering. What is the reputation of the site that I am on? What is the nature ( intent ) of the content that is returned by the site? Does this site download code ( JavaScript, ActiveX, Java etc. ) that is malicious?

Need engine on URL filter to trap malicious code and clean/drop before content is delivered to end point. Policy driven. Webwasher (proxy/web caching appliance) handles SSL traffic by decrypting/re-encrypting SSL traffic in memory on the fly and blocking invalid certificates or sites based on policy. Privacy issues. Suggested policy is that only reputation challenged sites usign SSL be scanned. Passes EU privacy laws.

Example: Storm Bot
Over 1 million machines infectedWeb based vectorPayload is P2P botnet.

Webwasher is CyberGauard Linux locked down to Common Criteria recommendations.

Q4/2007 - Support for Novell eDirectory.

Q1/2008 - Webwasher 6.7 - Desktop Agent, NTLM for transparent authentication.
Desktop Agent - Allows enforcement of filter policy for remote users. Q1/2008.
Q4/2008 - Web Reporter 7.0 - combined Smart Reporter and Content Reporter. SmartFilter delegated administration. Instant Messaging integration. Protocol based filtering!. Will have similar functionality to IMLogic.

Messaging Security

Brian Schwartzkopf, Systems Engineer Manager

  • Integrates with Active Directory
  • SPAM detection
  • Dynamic HOP count.
  • Pornographic image detection
  • Secure LDAP

2008 Roadmap

  • New Operating System Platform - Move away from Linux kernel to FreeBSD
  • TrustedSource integration
  • IPv6
  • Log standardization and real time reporting (Content Reporter)
  • New web based user interface
  • New end user quarantine - User can add/remove from white-list/blacklist
  • Sophos integration
  • Storage and archived search.
  • Gateway to user S/MIME support

Network Gateway Security (Sidewinder)

Jason Lamar, Director, Network Gateway Security

  • Most firewalls built to control packet routing to expedite throughput. No intelligence around whether inbound connection is wanted.
  • Sidewinder is reputation based firewall. Intelligent inspection of data traffic. Will inspect encrypted traffic ( e.g SSH ) on network and block/drop malicious traffic.
  • Inbound SSH proxy.

NOTE: Getting the idea that TrustedSource is a big deal for Secure Computing.