1 / 22

TrustPort Net Gateway Web traffic protection

TrustPort Net Gateway Web traffic protection. Contents. Latest security threats spam and malware Advantages of entry point protection safety and efficiency Web security gateway in action. State of current threats. Spam Percentage of spam increased to 87,7 % from 81,2 % year over year

gustav
Download Presentation

TrustPort Net Gateway Web traffic protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TrustPort Net GatewayWeb traffic protection

  2. Contents • Latest security threatsspam and malware • Advantages of entry point protectionsafety and efficiency • Web security gateway in action

  3. State of current threats • Spam • Percentage of spam increased to 87,7 % from81,2 % year over year • Contribution of botnets to spam decreased to 83,4 % from 90 % • Sleeping botnets backing up active botnets • Spam including masked links • Non-English spam increased to 5 % of all spam • Malware • Percentage of emails with malware attached decreased to 0,35 % from 0,70 % • Increase in targeted attacks aimed at government, banks, media • Taking advantage of social networks vulnerabilities • Increase in fake security software • Shift from manual to automatic installation of web malware • Using a changeable sequence of redirects Statistics: MessageLabs Intelligence, December 2009

  4. Typical web attack Hacker Legitimate website Fraudulent website Malicious code Redirect Web request Malicious code Botnet User Malware installation

  5. Possible defensive methods against web attacks Hacker Legitimate website Fraudulent website User

  6. Entry point web protection Infected website Fraudulent website Remote user Hacker Security gateway User User User User User Web application

  7. Advantages of security gateway • Clear separation of internet and intranet • Checks all data only once • Does not allow malware and spam to endpoints • Enables unified security management • Provides data for traffic analysis • Enables remote administration of the solution

  8. Integration of the gateway into the network TrustPort Net Gateway

  9. Principal functions of web security gateway Antivirus control Access management Web filtering Traffic analysis

  10. Processing a web query • User privileges verification • Comparison with the local list of authorized users • Authentication using AD, LDAP • Verification of server and domain • Trusted servers – content may be downloaded without prior control • Allowed servers – only these servers can be accessed • Trusted sites – domains are neither controled nor blocked • Blocked sites – domains cannot be accessed • Antiphishing – comparing with a database of phishing sites • Web filtering – comparing with a database of categorized servers

  11. Checking the downloaded content • Establishing file format – three modes • Based on extension • Based on declared content type • By analysis of data sample • List of banned formats – file download will be blocked • List of trusted formáts – downloaded file will not be scanned • Web filtering • Heuristic analysis of the downloaded page • Classification of page into relevant categories • Antivirus scanning – several scanning engines

  12. Setting up scanning engines Antivirus control • Which engines to use – balancing server load and network security • How many threads to use – according to the capacity of server • Heuristic analysis activation available • Archive scanning activation available

  13. Methods of downloading Antivirus control The condition for successful scanning is downloading the whole file. Gateway will download the file, scan it and send it to client. Gateway uses two methods to maintain an open connection to the client: • Data trickling • Gateway sends periodically bits of the downloaded and scanned file to the client • Indication page • Gateway displays periodically updated statuspage • This page will offer saving file or announce infection

  14. Categorization of websites Web filtering • Web filtering is based on regularly updated database of web addresses, classified into defined categories. It is also possible to analyze and categorize unknown websites while downloading. • Category examples • Chat • Dating • Porn • Gambling • Violence • Ilegal software

  15. Meaning of web filtering Web filtering • In the interest of the employer: • Efficiency of work • Optimum connectivity usage • Protecting company reputation • Security of company network • Observed in business practice: • Private web browsing • Private downloading • Illegal software downloading • Dangerous web browsing TrustPort Net Gateway TrustPort WebFilter

  16. Setting up web filtering Web filtering • Choosing monitored categories • According to company needs • Web filtering mode • Allowing all websites • Monitoring selected categories • Blocking selected categories • Blocking all websites(with explicitly defined exceptions) • Using heuristic analysis • With no websites • With unknown websites • With all websites

  17. Generování statistik Traffic analysis • Administrátor vyplní dotaz: • Jaké období chce analyzovat • Které kategorie chce analyzovat • Jakou formu výstupu požaduje • Textový výpis odpovídajících záznamů • Graf provozu podle zadaných kritérií

  18. Product certifications @HOME Virus Bulletin Reactive and proactive test, average values (April 2011)

  19. Product certifications @HOME Virus Bulletin (April 2011)

  20. Product certifications @HOME AV-Comparatives(April 2011) Average on-demanddetection of malware Missed samples (the lower the better)

  21. Product certifications @HOME AV-Comparatives

  22. Thank you for your attention!

More Related