Ways to Save � Application Delivery by axUtrWCN

VIEWS: 3 PAGES: 19

									 Ways to Save – Application Delivery
   Barracuda Partner Special Topic Webinar for July 1, 2009
Scott Bostwick        Steve Pao               Anshuman Singh
Application Delivery – Inside and Out
                               Intranet Applications
                               - Portals
                               - Remote desktop
                               - File shares

    Employees




                               Internet Applications
                               - HTML
                               - XML
Customers, Vendors,
     Partners
Product Focus
• Barracuda SSL VPN – Remote Access to
  Intranet Applications



• Barracuda Web Application Firewall –
  Application Security for Internet Applications
Application Delivery Savings Strategy
• Intranet Applications – Remote Access
  – #1 – Reduce support costs of remote access
  – #2 – Use machines purchased and supported by someone else
  – #3 – Eliminate per user license fees for SSL VPN technology
• Internet Applications – Application Security
  –   #4 – Avoid dramatic consequences of security breaches
  –   #5 – Reduce frequency of security audits
  –   #6 – Reduce costs of maintaining legacy code
  –   #7 – Get more out of existing servers
Traditional Remote Access Challenges
• Market still dominated by “IP VPN”
  – PPTP built into Windows
  – IPSec offered with many firewalls
• IP VPN fraught with problems
  – IP address conflicts between networks
  – Double-NAT, GRE ports, and VPN Passthrough
  – Requirement for “fat client” software that is OS dependent and that
    can create compatibility issues with other software
• After getting an IP, the rest is left to the users
     Impact: IP VPN is one of biggest sources of IT help desk expenses
Savings Tip #1: Reduce Support Costs
•   Barracuda SSL VPN works with
    any Java-enabled Web browser
     – Layer 5-7 tunnel brokering does not
       require IP on remote network – no
       conflicts!
     – Does not require fat client
•   End user portal markets
    applications to users
     –   One-click access to intranet Web
         applications
     –   Access to files from Windows Explorer
     –   Automatic launching of common
         applications – e.g., Remote Desktop
•   Result: Reduces support costs
    associated with VPN rollout
Savings Tip #2: Other People’s Computers
• Freedom from “fat client” enables remote access from
  home PC’s, personal laptops and public Internet
  kiosks
• Barracuda SSL VPN features mitigate risks
   –   Virtual keyboard to prevent keystroke logging
   –   Multi-factor authentication (e.g., one-time password to cell phone)
   –   Integrated cache cleaning
   –   Client access controls (restrict access by OS and browser version)
   –   Integrated virus scanning of all file uploads
   –   Granular access controls – restricts access to only required apps
• Result: Does not require IT-supported laptops or client
  machines for deployment
Savings Tip #3: Skip Per User Fees

Barracuda SSL VPN is AFFORDABLE



                         • No per user fees

                         • Economical to rollout to
                           all users in case of
                           “disaster”
Application Security Challenges
• Traditional firewalls not designed for new
  application attacks
• Attacks can result in dramatic costs
• Security audits on source code can be costly
• Legacy code is costly to maintain
• Internet applications are costly to deploy
   WAFs Protect Against Application Attacks
                         Firewall blocks only
                         network attacks                               Barracuda Web Application
                                                                       Firewall




                                                                                                  Web
                                                Port 80/443
                                                                                               Applications
                                                traffic goes
                                                through


           IP Address     TCP port               HTTP header      Cookie     URL      Form data

Traditional Firewalls focus here                    Web Application Firewalls start here
 Denial of service            Ping of death          SQL injection         Web worms
  Distributed DoS    TCP session hijacking           Cross site            Cookie Poisoning
        SYN flood     Packet fragmentation           scripting             Forceful browsing
                                                     Buffer overflow
Savings Tip #4: Avoid Consequences
• Operational issues
   –   Downtime
   –   Defacement
                              Web Applications
   –   Link spam
   –   Information Leakage
• Customer issues
   –   Identity Theft
   –   Information Leakage
   –   Worms / Malware
   –   Phishing
• Business Reputation
   – Loss of sales
   – Monetary loss
   – Black mail
 Savings Tip #5 – Reduce Security Audit Fees
 PCI Section 6.6 – All Web-facing applications to be protected by either:
    Custom Code Reviews by Approved Scanning Vendor (ASV)
       Can be labor intensive and expensive
       Must be repeated as applications change
    Web Application Firewalls

 Barracuda Web Application Firewall satisfies major PCI DSS requirements
    Acts as a security layer for Web Applications
    Proxies Web traffic and insulates Web servers from direct attacks
    Provides SSL encryption
    Blocks top 10 OWASP application vulnerabilities
    Provides application access logging
    Quickly update definitions required for new vulnerabilities

Result: Can reduce frequency of security audits because the WAF protects
applications as they change
Savings Tip #6 – Avoid Source Code Maintenance
                         Every 1000 lines of code averages 15 critical security
                         defects
                         (US Dept of Defense)


                         The average security defect takes 75 minutes to
                         diagnose and 6 hours to fix.
                         (5-year Pentagon Study)


                         The average business application has 150,000-250,000
                         lines of code.
                         (Software Magazine)


                                                     Just To Fix Code:
                                            15*150k*1.25hrs/40 = 70 wks
                                                15*250k*6hrs/40 = 562 wks



   Solution: Implement security in the firewall rather than in the code
Savings Tip #7: Get More Out of Servers

WAF Improves Scale and Speed of Existing Apps

                      • Load balancing

                      • SSL Offload / Acceleration

                      • Caching

                      • Compression
The badstore application
                           • Badly written Web application
                           • Has vulnerabilities such as
                                • SQL injection
                                • Cross Site Scripting
                           • Can be deployed either as
                                • Bootable disk
                                • VMWare
                           • Comes with a guide detailing
                           where the vulnerabilities are.
Attacking the Badstore
Demonstrating the badstore




                                     Switch / Router   Badstore app




         Direct Access via Custom application          Secure access via the Barracuda WAF




Barracuda Web Application Firewall
Summary of Cost Savings
• Intranet Applications – Remote Access
  – #1 – Reduce support costs of remote access
  – #2 – Use machines purchased and supported by someone else
  – #3 – Eliminate per user license fees for SSL VPN technology
• Internet Applications – Application Security
  –   #4 – Avoid dramatic consequences of security breaches
  –   #5 – Reduce frequency of security audits
  –   #6 – Reduce costs of maintaining legacy code
  –   #7 – Get more out of existing servers

								
To top