blue coat proxy - ssl - interception proxy

54
Blue Coat Confidential

Upload: php-faqeu

Post on 06-Apr-2016

330 views

Category:

Documents


10 download

TRANSCRIPT

Page 1: Blue Coat Proxy - SSL - Interception Proxy

Blue Coat Confidential

Page 2: Blue Coat Proxy - SSL - Interception Proxy

2© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 3: Blue Coat Proxy - SSL - Interception Proxy

3© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

1.) Main Purpose

Page 4: Blue Coat Proxy - SSL - Interception Proxy

4© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Proxy Services

Proxy Support • HTTP, HTTPS, FTP, P2P, Telnet, SOCKS, DNS, TCP-Tunnel, IM

(AIM, MSN, Yahoo!), MMS, RTSP, QuickTime• Method-level control options

Content Filtering, Content Security, Spyware Prevention IM Control, P2P Blocking, Phishing & Pop-up Blocking Web Virus Scanning with ProxyAV Streaming Control Compression (HTTP & TCP/SOCKS) Bandwidth Management SSL Termination & Acceleration

Page 5: Blue Coat Proxy - SSL - Interception Proxy

5© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Firewalls Keep the Bad Guys Out

PublicWeb

Servers

IntranetWeb

Servers

Public Internet

Firewalls block at the perimeter . . .

Firewall

But they are not designed to control at user level

UsersHackers

Internal Network

Page 6: Blue Coat Proxy - SSL - Interception Proxy

6© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Restrict or control access to unproductive

web sites

Stop viruses from webmail (Yahoo,

Hotmail, etc) and IM

Keep intellectual property from getting

out over IM

“Splash page” for acceptable Internet

use policyStop web content such as .vbs, .exeStop viruses from webmail (Yahoo,

Hotmail, etc) and IM

Keep intellectual property from getting

out over IM

Log and archive IM traffic by individual

text messages

Prevent downloadingof copyrighted

MP3 filesControl pop-ups, ads,

and spyware

PublicWeb

Servers

IntranetWeb

Servers

Internal Network

Proxy Keep the Good Guys Good

Users

Firewall

Users

Proxy

Public Internet

Restrict or control access to unproductive

web sites

“Splash page” for acceptable Internet

use policy

Stop web content such as .vbs, .exe

Log and archive IM traffic by individual

text messages

Prevent downloading of copyrighted

MP3 files

Control pop-ups, ads, and spyware

Total Visibility and Control of All Web Communications

Page 7: Blue Coat Proxy - SSL - Interception Proxy

7© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Reporter

Enterprise Policy Management

DistributePolicy

Monitor& Report

Set &EnforcePolicy

Visual Policy Manager

Director

CorporateWeb

Policy

Page 8: Blue Coat Proxy - SSL - Interception Proxy

8© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Energy, Oil & Gas

Health & Pharmaceuticals

Government

World’s Major Institutions Trust Blue Coat

Financial

Mfg/Industrial Consumer & Retail

                                                                                                                   

Page 9: Blue Coat Proxy - SSL - Interception Proxy

9© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Read Only PolicyRead Only PolicyNo comments, posting, upload/download, No comments, posting, upload/download, games, email, chat, etcgames, email, chat, etc

Global PolicyGlobal Policy

Group PolicyGroup Policy Limited Use PolicyLimited Use PolicyCan comment, post, upload, email and Can comment, post, upload, email and chat, no games, downloads, etcchat, no games, downloads, etc

Group PolicyGroup Policy Expanded Use PolicyExpanded Use PolicyCan comment, post, upload, download, Can comment, post, upload, download, email, chat, but no games, etc.email, chat, but no games, etc.

Full Use PolicyFull Use PolicyNo RestrictionsNo Restrictions

Individual PolicyIndividual Policy

Web Application Control Example

EveryoneEveryone

MarketingMarketing

HR/HR/RecruitingRecruiting

CEO, CIOCEO, CIO

Different Policies for Facebook throughout an Organization

Page 10: Blue Coat Proxy - SSL - Interception Proxy

10© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Web Application Policy Engine

Page 11: Blue Coat Proxy - SSL - Interception Proxy

11© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

2.) Main Function

Page 12: Blue Coat Proxy - SSL - Interception Proxy

12© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Caching

Client Proxy

Antivirus URL-Filtering

InternetClients

LoggingAuthentication

Protocol optimization

BW management

Compression

Policy

Protocol detection

Byte Caching

Page 13: Blue Coat Proxy - SSL - Interception Proxy

13© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Application proxy

AOL-IM

FTPHTTP & HTTPS

MSN-IM

Streaming Yahoo-IM

?TCP-Tunnel SOCKS

Internet

CIFS.mp3.xxx

P2PTelnet/Shell DNS

gral.se

MAPI

Page 14: Blue Coat Proxy - SSL - Interception Proxy

14© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

List

On boxDatabase

Authentication DACHSER LDAP

Directory

LDAP

X509/CA

Client Certifficate

InternetClients

AD

NT, W2000 or W2003 DC

Directory

RADIUSServer

Directory

NetegritySiteMinder

Directory

Oblix

Directory

PolicySubstitution

Page 15: Blue Coat Proxy - SSL - Interception Proxy

15© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Page 16: Blue Coat Proxy - SSL - Interception Proxy

16© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Page 17: Blue Coat Proxy - SSL - Interception Proxy

17© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Page 18: Blue Coat Proxy - SSL - Interception Proxy

18© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Content Filtering Organizations need to control what users are doing when

accessing the internet to protect from legal liability and productivity risks

Blue Coat and our partners enable enterprise-class content filtering• Powerful granular user control using

Blue Coat’s Policy Processing Engine By user, group, destination IP and/or URL,

time of day, site, category, lots more• Multiple logging and reporting options• Integrates with all authentication

(LDAP, RADIUS, NTLM, AD, 2-factor, etc)• Coaching, warnings, etc.• High performance with integrated caching • Drop-in appliance for easy to deploy and manage• De-facto industry content filtering platform

Page 19: Blue Coat Proxy - SSL - Interception Proxy

19© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Content filtering databases

Websense

InternetClients

Smartfilter SurfControl

Your listsexceptions

BlueCoatwebfilter

WebWasher

Proventia

Digital Arts

InterSafe Optenet

DRTR

IWF

Page 20: Blue Coat Proxy - SSL - Interception Proxy

20© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Page 21: Blue Coat Proxy - SSL - Interception Proxy

21© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network via HTTP, HTTPS and FTP is stripped or scanned by ProxyAV.

Page 22: Blue Coat Proxy - SSL - Interception Proxy

22© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Virus, Code & Script scanning

InternetClients

ProxyAV

Other ICAP servers

Sophos

Panda

McAfee

Kaspersky

Page 23: Blue Coat Proxy - SSL - Interception Proxy

23© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

ProxyAV ProxySG & ProxyAV- Large Enterprise/Network Core- Scan once, serve many (cache benefit)

Internet

Internal Network

ProxyAVProxySG

• Virus Scans HTTP, FTP with caching benefit• ProxySG Load Balances

• Purpose-built appliances for speed

• “Scan once, serve many” to increase performance

• High-availability & load-balancing

• Purpose built operating systems

Page 24: Blue Coat Proxy - SSL - Interception Proxy

24© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

Page 25: Blue Coat Proxy - SSL - Interception Proxy

25© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

BlueCoat Spyware Prevention Solution

• Stops spyware installations– Detect drive-by installers

• Blocks spyware websites– On-Proxy URL categorization

• Scans for spyware signatures– High-performance Web AV

• Detects suspect systems– Forward to cleansing agent

Internet

Internal Network

ProxyAVProxySG

Page 26: Blue Coat Proxy - SSL - Interception Proxy

26© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

IM Traffic Control: IM traffic is subjected to policies and is logged

Page 27: Blue Coat Proxy - SSL - Interception Proxy

27© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

IM Traffic Control: IM traffic is subjected to policies and is loggedCaching: Acceptable, clean content is stored in cache and delivered to requestor.

Page 28: Blue Coat Proxy - SSL - Interception Proxy

28© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

How We Secure the Web

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy

PublicWebServer

IntranetWebServer

Public InternetInternal Network

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

IM Traffic Control: IM traffic is subjected to policies and is loggedCaching: Acceptable, clean content is stored in cache and delivered to requestor. Reporting: All browser, streaming, IM & virus activity, can be reported using Bluecoat's highly configurable reporter.

Page 29: Blue Coat Proxy - SSL - Interception Proxy

29© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Reporter

Page 30: Blue Coat Proxy - SSL - Interception Proxy

30© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

3.) The Reporter

Page 31: Blue Coat Proxy - SSL - Interception Proxy

31© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

User Interface• HTTP (HTTPS), web GUI Interface• Telnet (Cisco CLI)• SSH & Serial console• Java Policy interface• CPL, Policy Language• SNMP MIBII + Traps• Monitor network status and statistics

Reporting tools• BlueCoat Reporter

Scalable management• Centralized configuration management in Director

Management

Page 32: Blue Coat Proxy - SSL - Interception Proxy

Blue Coat Confidential

Reporting (example)Reporting (example)

18.2 % Spyware (gator)16.5 % Aftonbladet9.5 % Ad’s (in top 40)6.8 % https (encrypted)

Page 33: Blue Coat Proxy - SSL - Interception Proxy

Blue Coat Confidential

Page 34: Blue Coat Proxy - SSL - Interception Proxy

Blue Coat Confidential

Page 35: Blue Coat Proxy - SSL - Interception Proxy

Blue Coat Confidential

Page 36: Blue Coat Proxy - SSL - Interception Proxy

36© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

System-wide Management and Control

Blue Coat Director• Centralized configuration of Blue Coat appliances

– set up, policy, etc• Centralized monitoring – appliance health,

application use, user experience

Blue Coat Reporter• Enterprise roll-up and analysis of application

delivery information: appliances, application use, user experience

Both Director and Reporter are proven, with Both Director and Reporter are proven, with thousands of nodes under management…thousands of nodes under management…

Page 37: Blue Coat Proxy - SSL - Interception Proxy

37© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

4.) The Director

Page 38: Blue Coat Proxy - SSL - Interception Proxy

38© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Director configuration Management

Director

(1) Configure and test “profile” system

(2) Snapshot profile and save on Director

(4) Push profiles and overlays to one or more systems

“Profile” system

Production systems

(3) Create and edit overlays using GUI or CLI.

Work-station

Remotely and securely manage via GUI or CLI. • Configuration Management

• Policy Management• Disaster protection centrally

Configuration Management• Monitor and control • Resource Management• Monitor network

status and statistics • Profile Management• Backup configuration• Create overlays using GUI

or CLI. Automate changes• License Management

Page 39: Blue Coat Proxy - SSL - Interception Proxy

39© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Director GUI

Page 40: Blue Coat Proxy - SSL - Interception Proxy

40© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

5.) SSL Interception

Page 41: Blue Coat Proxy - SSL - Interception Proxy

41© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Why SSL Intercept?

Increased granularity for content filtering• SSL Proxy vs. SSL Interception

SSL Proxy alone can do content filtering (without SSL Interception)

• Explicit vs. Transparent interception

Deep level protocol inspection (HTTP)• HTTPS is just encapsulated HTTP• HTTP Headers, etc. are readable after SSL Interception

ICAPS handoff • Antivirus (AV) inspection; RespMod• Data Leakage Protection (DLP) inspection; ReqMod

Logging and Reporting for SSL/HTTPS

Page 42: Blue Coat Proxy - SSL - Interception Proxy

42© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 43: Blue Coat Proxy - SSL - Interception Proxy

43© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 44: Blue Coat Proxy - SSL - Interception Proxy

44© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 45: Blue Coat Proxy - SSL - Interception Proxy

45© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 46: Blue Coat Proxy - SSL - Interception Proxy

46© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

SSL Interception Model

Page 47: Blue Coat Proxy - SSL - Interception Proxy

47© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Resources SSL Proxy Deployment Web Guide

• https://bto.bluecoat.com/sgos/ProxySG/63/SSL_Proxy_Deployment_WebGuide/SSL_Proxy_WebGuide.htm

Configuring SSL Interception on the ProxySG Appliance• https://bto.bluecoat.com/support/ssl-interception

Blue Coat Knowledge Base• https://kb.bluecoat.com

Blue Coat Technical Support Case• https://bto.bluecoat.com/support/sr/list

Configuring SSL Interception for Transparent Proxy• https://kb.bluecoat.com/index?page=content&id=KB3700

Writing SSL Interception/Access Policy• https://kb.bluecoat.com/index?page=content&id=KB3716

Page 48: Blue Coat Proxy - SSL - Interception Proxy

48© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 49: Blue Coat Proxy - SSL - Interception Proxy

49© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 50: Blue Coat Proxy - SSL - Interception Proxy

50© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 51: Blue Coat Proxy - SSL - Interception Proxy

51© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Questions

??

Page 52: Blue Coat Proxy - SSL - Interception Proxy

52© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 53: Blue Coat Proxy - SSL - Interception Proxy

53© Blue Coat Systems, Inc. 2011. Blue Coat Confidential

Page 54: Blue Coat Proxy - SSL - Interception Proxy

54© Blue Coat Systems, Inc. 2011. Blue Coat Confidential