1 / 10

WAF(Web Application Firewall) Cloud Computing Service

WAF(Web Application Firewall) Cloud Computing Service. Duk Soo Kim, dskim@pentasecurity.com 2010.06.01. Cloud Computing. Definition

abbot-casey
Download Presentation

WAF(Web Application Firewall) Cloud Computing Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WAF(Web Application Firewall) Cloud Computing Service Duk Soo Kim, dskim@pentasecurity.com 2010.06.01

  2. Cloud Computing • Definition Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). • Visual Model of NIST Working Definition Source: Source: http://csrc.nist.gov/groups/SNS/cloud-computing/index.html WAF Cloud Computing Service

  3. Security as a Service (1/2) • Why turn to Security as a Service(or Security Saas)? Source: Enterprise Management Associates(EMA), “Security as a Service” survey, Q1 2010 WAF Cloud Computing Service

  4. Security as a Service (2/2) • Why turn to Security as a Service(or Security Saas)? Source: Enterprise Management Associates(EMA), “Security as a Service” survey, Q1 2010 WAF Cloud Computing Service

  5. Present Web Security SaaS (1/2) • There exists only end-user protection, but web application protection. • Websense and Webroot are providing web security services for enterprises. • Their protection is focused on ‘end-user protection’ • Outbound security : Enforcing web filtering policies • Inbound security : Blocking viruses, spyware and other web-based threats • They adopted ‘Hybrid deployment model’. • Platforms : Security-as-a-Service, Dedicated Appliance • For a fast and easy deployment, Security SaaS is offered, and for a high performance, appliance is offered with management service. Appliance offering can be considered as cloud computing service in a broad sense. However, it is almost close to ‘Managed Security Service’ that is monthly charged(‘pay-as-you-go’ model). Web server Outbound Control User Inbound Protection WAF Cloud Computing Service

  6. Present Web Security SaaS (2/2) • Security-as-a-Service • If a user accesses provider’s service web site, a software is installed and shifts all of web traffics from the customer’s location to available datacenters ‘in the cloud.’ • Provider’s web site provides management process including policy settings. • Dedicated Appliance • Dedicated appliance is installed in the customer’s network and provider offers ‘Managed Security Service’ over Internet. Provider’s cloud Web server User User Security Solution Provider’s cloud Customer Enterprise Network Management Solution Managed remotely Web server Appliance WAF Cloud Computing Service

  7. WAF SaaS • There exist only appliance-based WAF service. • A few companies claimed that they provided WAF SaaS, but it was appliance-based service. • Savvis introduced WAF as a ‘IT infrastructure-as-a-service’. However, it was almost close to ‘Managed Security Service’ that a little far from cloud computing characteristics. Ref.) http://www.imperva.com/docs/Savvis_WebApplicationFirewallService.pdf • Art of defence allegedly announced the industry's first cloud-based SaaS solution. However it was a WAF software image for GoGrid cloud. GoGrid users only can use it. Ref.) http://www.darkreading.com/securityservices/security/perimeter/showArticle.jhtml?articleID=223400027 User Customer Enterprise Network Web server Appliance(WAF) Provider’s cloud Managed remotely Management Solution WAF Cloud Computing Service

  8. Our Approach (1/2) • Hybrid deployment model • We adopt the hybrid depolyment model like web security SaaS companies such as Websense, and Webroot. • Security-as-a-Service • To shift web traffics to our cloud, we change URI-IP mapping entry registered in DNS. • After changing DNS, all of traffics for target web server is forwarded to WAPPLES cloud. • Dedicated Appliance • WAPPLES is offered to customer as a dedicated appliance and WAPPLES MS is installed in cloud as a management solution. Web server User Original path before changing DNS Provider’s cloud New path after changing DNS WAF WAF Cloud Computing Service

  9. Our Approach (2/2) • Challenges • How do we control DNS changes? • How much time does it take for DNS changes to be reflected in end-user environment? • Usually within 1~24 hours, but 24~72 hours for global propagation • Can we provide automated DNS change? • How can we eliminate concerns about traffic latency and increase of bandwidth? • For very small web sites this is not an issue, however for medium and large sites this can be considered seriously. We need verification in(or nearly close to) real environment. Another option is to offer dedicated appliance service model. • To Do • Building a web site for user interaction interface • Implementing a provisioning tool for DNS control WAF Cloud Computing Service

  10. 韓国本社 韓国ソウル市永登浦区汝矣島25-11 韓進海運ビル20階 TEL: 82-2-780-7728 FAX: 82-2-786-5281 www.pentasecurity.com ペンタセキュリティシステムズ(株) 日本本社 東京都千代田区霞ヶ関3-3-2新霞ヶ関ビル18階 KOTRA東京 TEL: 81-3-5511-1093 FAX: 81-3-5511-1092 www.pentasecurity.co.jp WAF Cloud Computing Service

More Related