Securing Legacy Software SoBeNet User group meeting 25/06/2004

Securing Legacy Software

SoBeNet User group meeting25/06/2004

Objectives

• Existing applications are enabled to operate in a networked environment

• Adapter Suites

• Application Platform Suites (J2EE, .NET,…)• Application Servers• Enterprise Portals• Integration Suites

• Message-Oriented Middleware

• Object-Request Brokers

• Transaction Processing Monitors

Preserve Security Level Compliance with Security Standards and regulations Manageable

Ubizen – trusted partner in IT Security

• Ubizen has a vast experience in Application Security • Via a highly qualified consultancy team

• Risk Management, Security Policies, Procedures and Standards• Architecture Review and Infrastructure design• Penetration testing• Application Vulnerability Assessment• Implementation of best of breed security products

• Via product development• AAA products• Web Shielding (DMZ/ShieldTM)

• Proven Track record in IT Security• Top-3 Managed Security Service Provider World-wide

• Number 1 in Europe

• > 3200 devices under management

• Incident Response

• Forensics Investigation

Three research tracks for securing existing applications

• Protect all access paths to and from the application• Interception and validation of the communication between

components,modules and systems

• Shielding components, module and systems from malicious traffic

• Apply automatic protocol security• Moving to a more formal model for protocol description and

automatic application of protocol security at different layers of the stack.

• Monitoring and managing• Introduction of security infrastructure is only the first step…

Keeping it properly configured and monitored 24 by 7 by experienced security experts is the second.

MULTI LAYER approach to Application Security

• Deep Packet Inspection• Protection at the network layer

• Protection at the transport layer

• Protection at the application layer

• Defense in depth• Perimeter

• Demilitarized Zone Transactional Zone

• Multi-tier architecture• Coordination of Security Information between # tiers (e.g. SAML)

• Protection of end points• Not all layers on the #tiers are under control

(e.g. OS, Language execution environment, App Server) Introduction of HIDS, Policy Compliance Modules,…

Dee

p P

acke

t Ins

pect

ion

Security Context and CoordinationDefense In Depth

2 dimensional multi layer approach

1234567

GU

ID

eep

Pac

ket I

nspe

ctio

n

1234567

Pre

sen

tati

on L

ogic

Dee

p P

acke

t Ins

pect

ion

1234567

Bu

sin

ess

Log

ic

Dee

p P

acke

t Ins

pect

ion

1234567

Dat

a A

cces

s

Dee

p P

acke

t Ins

pect

ion

1234567

Dat

a L

ayer

In practice …D

eep

Pac

ket I

nspe

ctio

n


1234567

GU

I

Dee

p P

acke

t Ins

pect

ion

1234567

Pre

sen

tati

on L

ogic

Dee

p P

acke

t Ins

pect

ion

1234567

Bu

sin

ess

Log

ic

Dee

p P

acke

t Ins

pect

ion

1234567

Dat

a A

cces

s

Dee

p P

acke

t Ins

pect

ion

1234567

Dat

a L

ayer

Interception and Shielding in SoBeNet

Dee

p P

acke

t Ins

pect

ion


1234567

GU

I

Dee

p P

acke

t Ins

pect

ion

1234567

Pre

sen

tati

on L

ogic

Dee

p P

acke

t Ins

pect

ion

1234567

Bu

sin

ess

Log

ic

Dee

p P

acke

t Ins

pect

ion

1234567

Dat

a A

cces

s

Dee

p P

acke

t Ins

pect

ion

1234567

Dat

a L

ayer

Interception Techniques

• Centralized applications• Interception of method invocations/library calls/system calls

System based interception and shielding

• Distributed or multi-tier applications• Interception of traffic using standard internet protocols

• Interception of Remote Method Invocations

Network based interception and shielding

System based interception

• Interception at the Operating System Level• Plug-able services of the OS (e.g. network or file io)

• Host Intrusion Detection and Prevention Systems work at this level

• Library Level• Dynamical loaded libraries can be replaced with more secure

versions

• Language Runtime Support• E.g. Load time modification of binary code

• Validation of pre and post conditions

• Audit-ability and forensics

• Application Platform Suite• J2EE container services and components

• Microsoft .NET services and components

Network based interception

• Proxy Architectures…• Asymmetric Proxy (protocol encapsulates proxy support), no

modification of client software

• Reverse Proxy

• Symmetric Proxy (general applicable but has influence on client software)

• Transparency• Link, network, transport level

• Application Protocol level (e.g. HTTP,…)

• User Application level

Fall back on industry adapted standards

Scope definition for maximum valorization of the results?

• Target is “Protecting” Legacy Applications …

• … but these are built on evolving components

• Web Application HTTP Firewalls

• Service Oriented Architectures XML Firewalls

• Application Platform Suites J2EE, .NET

Internet Application Protocols …

• The most important internet protocols were never designed with security in mind

• RFC’s describing the protocols allow often ambiguous interpretation Vendors choose for interoperability instead of security

• Most applications use only a small part of the protocol definition … and vulnerabilities are often in the non-used protocol functionality

User Application Protocols …

• Communication protocols at application level are rarely specified, nor formalized

• User Application protocols get less attention because they are typically used once for a specific application

• User Application protocols are more complex because of their dependency of a (huge) internal state combinatorial explosion of cases

Automatic protocol security

Protocol=

set of rules between communicating parties

SequenceForm and content

Formalization(Strong Typing, XML Schema,…)

Formalization(State Charts, Sequence and Collaboration Diagrams, …)

SANITY Checking

Shields 4 of the Top 10 Vulnerabilities in application

Manageability and Monitoring

• Keeping the configuration up to date• Default Deny Policy

• Automatic Learning of normal behavior

• Configuration automation policy proposals

• Monitoring of all the alerts triggered by the devices• Correlation of events from security components

• Coordination and exchange of security state between devices reduces the false positives

• Anomaly detection

• Audit Trail• What information is required for Forensics

• Performance Management

www.ubizen.com

Securing Legacy Software SoBeNet User group meeting 25/06/2004

Documents

Transcript of Securing Legacy Software SoBeNet User group meeting 25/06/2004