blue coat proxy - ssl - interception proxy
TRANSCRIPT
Blue Coat Confidential
2© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
3© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
1.) Main Purpose
4© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Proxy Services
Proxy Support • HTTP, HTTPS, FTP, P2P, Telnet, SOCKS, DNS, TCP-Tunnel, IM
(AIM, MSN, Yahoo!), MMS, RTSP, QuickTime• Method-level control options
Content Filtering, Content Security, Spyware Prevention IM Control, P2P Blocking, Phishing & Pop-up Blocking Web Virus Scanning with ProxyAV Streaming Control Compression (HTTP & TCP/SOCKS) Bandwidth Management SSL Termination & Acceleration
5© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Firewalls Keep the Bad Guys Out
PublicWeb
Servers
IntranetWeb
Servers
Public Internet
Firewalls block at the perimeter . . .
Firewall
But they are not designed to control at user level
UsersHackers
Internal Network
6© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Restrict or control access to unproductive
web sites
Stop viruses from webmail (Yahoo,
Hotmail, etc) and IM
Keep intellectual property from getting
out over IM
“Splash page” for acceptable Internet
use policyStop web content such as .vbs, .exeStop viruses from webmail (Yahoo,
Hotmail, etc) and IM
Keep intellectual property from getting
out over IM
Log and archive IM traffic by individual
text messages
Prevent downloadingof copyrighted
MP3 filesControl pop-ups, ads,
and spyware
PublicWeb
Servers
IntranetWeb
Servers
Internal Network
Proxy Keep the Good Guys Good
Users
Firewall
Users
Proxy
Public Internet
Restrict or control access to unproductive
web sites
“Splash page” for acceptable Internet
use policy
Stop web content such as .vbs, .exe
Log and archive IM traffic by individual
text messages
Prevent downloading of copyrighted
MP3 files
Control pop-ups, ads, and spyware
Total Visibility and Control of All Web Communications
7© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Reporter
Enterprise Policy Management
DistributePolicy
Monitor& Report
Set &EnforcePolicy
Visual Policy Manager
Director
CorporateWeb
Policy
8© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Energy, Oil & Gas
Health & Pharmaceuticals
Government
World’s Major Institutions Trust Blue Coat
Financial
Mfg/Industrial Consumer & Retail
9© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Read Only PolicyRead Only PolicyNo comments, posting, upload/download, No comments, posting, upload/download, games, email, chat, etcgames, email, chat, etc
Global PolicyGlobal Policy
Group PolicyGroup Policy Limited Use PolicyLimited Use PolicyCan comment, post, upload, email and Can comment, post, upload, email and chat, no games, downloads, etcchat, no games, downloads, etc
Group PolicyGroup Policy Expanded Use PolicyExpanded Use PolicyCan comment, post, upload, download, Can comment, post, upload, download, email, chat, but no games, etc.email, chat, but no games, etc.
Full Use PolicyFull Use PolicyNo RestrictionsNo Restrictions
Individual PolicyIndividual Policy
Web Application Control Example
EveryoneEveryone
MarketingMarketing
HR/HR/RecruitingRecruiting
CEO, CIOCEO, CIO
Different Policies for Facebook throughout an Organization
10© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Web Application Policy Engine
11© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
2.) Main Function
12© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Caching
Client Proxy
Antivirus URL-Filtering
InternetClients
LoggingAuthentication
Protocol optimization
BW management
Compression
Policy
Protocol detection
Byte Caching
13© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Application proxy
AOL-IM
FTPHTTP & HTTPS
MSN-IM
Streaming Yahoo-IM
?TCP-Tunnel SOCKS
Internet
CIFS.mp3.xxx
P2PTelnet/Shell DNS
gral.se
MAPI
14© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
List
On boxDatabase
Authentication DACHSER LDAP
Directory
LDAP
X509/CA
Client Certifficate
InternetClients
AD
NT, W2000 or W2003 DC
Directory
RADIUSServer
Directory
NetegritySiteMinder
Directory
Oblix
Directory
PolicySubstitution
15© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
PublicWebServer
IntranetWebServer
Public InternetInternal Network
16© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
17© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
18© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Content Filtering Organizations need to control what users are doing when
accessing the internet to protect from legal liability and productivity risks
Blue Coat and our partners enable enterprise-class content filtering• Powerful granular user control using
Blue Coat’s Policy Processing Engine By user, group, destination IP and/or URL,
time of day, site, category, lots more• Multiple logging and reporting options• Integrates with all authentication
(LDAP, RADIUS, NTLM, AD, 2-factor, etc)• Coaching, warnings, etc.• High performance with integrated caching • Drop-in appliance for easy to deploy and manage• De-facto industry content filtering platform
19© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Content filtering databases
Websense
InternetClients
Smartfilter SurfControl
Your listsexceptions
BlueCoatwebfilter
WebWasher
Proventia
Digital Arts
InterSafe Optenet
DRTR
IWF
20© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
21© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network via HTTP, HTTPS and FTP is stripped or scanned by ProxyAV.
22© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Virus, Code & Script scanning
InternetClients
ProxyAV
Other ICAP servers
Sophos
Panda
McAfee
Kaspersky
23© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
ProxyAV ProxySG & ProxyAV- Large Enterprise/Network Core- Scan once, serve many (cache benefit)
Internet
Internal Network
ProxyAVProxySG
• Virus Scans HTTP, FTP with caching benefit• ProxySG Load Balances
• Purpose-built appliances for speed
• “Scan once, serve many” to increase performance
• High-availability & load-balancing
• Purpose built operating systems
24© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
25© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
BlueCoat Spyware Prevention Solution
• Stops spyware installations– Detect drive-by installers
• Blocks spyware websites– On-Proxy URL categorization
• Scans for spyware signatures– High-performance Web AV
• Detects suspect systems– Forward to cleansing agent
Internet
Internal Network
ProxyAVProxySG
26© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is logged
27© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is loggedCaching: Acceptable, clean content is stored in cache and delivered to requestor.
28© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.Policy Processing Engine: All user web application requests are subjected to granular security policyContent Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWebServer
IntranetWebServer
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is loggedCaching: Acceptable, clean content is stored in cache and delivered to requestor. Reporting: All browser, streaming, IM & virus activity, can be reported using Bluecoat's highly configurable reporter.
29© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Reporter
30© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
3.) The Reporter
31© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
User Interface• HTTP (HTTPS), web GUI Interface• Telnet (Cisco CLI)• SSH & Serial console• Java Policy interface• CPL, Policy Language• SNMP MIBII + Traps• Monitor network status and statistics
Reporting tools• BlueCoat Reporter
Scalable management• Centralized configuration management in Director
Management
Blue Coat Confidential
Reporting (example)Reporting (example)
18.2 % Spyware (gator)16.5 % Aftonbladet9.5 % Ad’s (in top 40)6.8 % https (encrypted)
Blue Coat Confidential
Blue Coat Confidential
Blue Coat Confidential
36© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
System-wide Management and Control
Blue Coat Director• Centralized configuration of Blue Coat appliances
– set up, policy, etc• Centralized monitoring – appliance health,
application use, user experience
Blue Coat Reporter• Enterprise roll-up and analysis of application
delivery information: appliances, application use, user experience
Both Director and Reporter are proven, with Both Director and Reporter are proven, with thousands of nodes under management…thousands of nodes under management…
37© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
4.) The Director
38© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Director configuration Management
Director
(1) Configure and test “profile” system
(2) Snapshot profile and save on Director
(4) Push profiles and overlays to one or more systems
“Profile” system
Production systems
(3) Create and edit overlays using GUI or CLI.
Work-station
Remotely and securely manage via GUI or CLI. • Configuration Management
• Policy Management• Disaster protection centrally
Configuration Management• Monitor and control • Resource Management• Monitor network
status and statistics • Profile Management• Backup configuration• Create overlays using GUI
or CLI. Automate changes• License Management
39© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Director GUI
40© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
5.) SSL Interception
41© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Why SSL Intercept?
Increased granularity for content filtering• SSL Proxy vs. SSL Interception
SSL Proxy alone can do content filtering (without SSL Interception)
• Explicit vs. Transparent interception
Deep level protocol inspection (HTTP)• HTTPS is just encapsulated HTTP• HTTP Headers, etc. are readable after SSL Interception
ICAPS handoff • Antivirus (AV) inspection; RespMod• Data Leakage Protection (DLP) inspection; ReqMod
Logging and Reporting for SSL/HTTPS
42© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
43© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
44© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
45© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
46© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
SSL Interception Model
47© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Resources SSL Proxy Deployment Web Guide
• https://bto.bluecoat.com/sgos/ProxySG/63/SSL_Proxy_Deployment_WebGuide/SSL_Proxy_WebGuide.htm
Configuring SSL Interception on the ProxySG Appliance• https://bto.bluecoat.com/support/ssl-interception
Blue Coat Knowledge Base• https://kb.bluecoat.com
Blue Coat Technical Support Case• https://bto.bluecoat.com/support/sr/list
Configuring SSL Interception for Transparent Proxy• https://kb.bluecoat.com/index?page=content&id=KB3700
Writing SSL Interception/Access Policy• https://kb.bluecoat.com/index?page=content&id=KB3716
48© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
49© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
50© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
51© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
Questions
??
52© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
53© Blue Coat Systems, Inc. 2011. Blue Coat Confidential
54© Blue Coat Systems, Inc. 2011. Blue Coat Confidential