cases for ibm xgs5000 (5.0) demo
TRANSCRIPT
© 2013 IBM Corporation
IBM Security Systems
IBM Next Generation IPS (XGS5000) demo
© 2013 IBM Corporation
IBM Security Systems
XGS5000 demo setup
Hacker
InternetInternet
Server UserDesktop
XGS5000
© 2013 IBM Corporation
IBM Security Systems
XGS5000 demo setup – firmware, xpu, url & web db
© 2013 IBM Corporation
IBM Security Systems
XGS5000 demo setup – inline blocking
© 2013 IBM Corporation
IBM Security Systems
XGS5000 demo setup – leverage on X-Force default signature & blocking
© 2013 IBM Corporation
IBM Security Systems
XGS5000 demo setup – fixpacks
© 2013 IBM Corporation
IBM Security Systems
Test cases
1. Blocking Web Application attacks2. Blocking malicious files3. Application control
• Blocking uploads4. URL control5. Enforcing user authentication6. Identifying applications and users
• Application that takes up the most bandwidth• Top users of a specific application• Breakdown of network and application traffic for a specific user• Breakdown of Web traffic category
© 2013 IBM Corporation
IBM Security Systems
IBM X-Force detailed information on web applications, URLs
© 2013 IBM Corporation
IBM Security Systems
Blocking Web Application attacks – vulnerable web server
© 2013 IBM Corporation
IBM Security Systems
Blocking Web Application attacks – attempting XSS injection attack
© 2013 IBM Corporation
IBM Security Systems
Blocking Web Application attacks – page cannot load
© 2013 IBM Corporation
IBM Security Systems
Blocking Web Application attacks – XGS blocks attack
© 2013 IBM Corporation
IBM Security Systems
Blocking Web Application attacks – XGS blocks attack
© 2013 IBM Corporation
IBM Security Systems
Blocking malicious files – attempt to download file from server
© 2013 IBM Corporation
IBM Security Systems
Blocking malicious files – download disrupted
© 2013 IBM Corporation
IBM Security Systems
Blocking malicious files – XGS blocks malicious file download
© 2013 IBM Corporation
IBM Security Systems
Blocking malicious files – XGS blocks malicious file download
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – create new rule
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – create web application object
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – control uploading of data
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – deploy changes
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – add web application object to the rule
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – policy deployed
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – user logs in to email
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – user compose email
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – user attempt to upload file as attachment in the email
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads - uploading
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – upload fail
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – XGS blocks upload via email
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – XGS blocks upload via email
© 2013 IBM Corporation
IBM Security Systems
Blocking uploads – XGS blocks upload via email
© 2013 IBM Corporation
IBM Security Systems
URL control – create a new rule
© 2013 IBM Corporation
IBM Security Systems
URL control – deploy changes
© 2013 IBM Corporation
IBM Security Systems
URL control – create new URL list
© 2013 IBM Corporation
IBM Security Systems
URL control – add URL to block in the list
© 2013 IBM Corporation
IBM Security Systems
URL control – deploy changes
© 2013 IBM Corporation
IBM Security Systems
URL control – URL list to rule
© 2013 IBM Corporation
IBM Security Systems
URL control – deploy changes
© 2013 IBM Corporation
IBM Security Systems
URL control – user attempt to access URL
© 2013 IBM Corporation
IBM Security Systems
URL control – user redirected to XGS
© 2013 IBM Corporation
IBM Security Systems
URL control – user redirected to XGS
© 2013 IBM Corporation
IBM Security Systems
URL control – XGS display warning message, URL has been blocked
© 2013 IBM Corporation
IBM Security Systems
URL control – XGS blocks URL
© 2013 IBM Corporation
IBM Security Systems
URL control – XGS blocks URL
© 2013 IBM Corporation
IBM Security Systems
URL control – XGS blocks URL
© 2013 IBM Corporation
IBM Security Systems
URL control – access to other URL in the same domain is allowed
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – create group and user objects
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – create group and user objects
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – create group
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – create group and user objects
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user object
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user object
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – specify group membership
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – specify group membership
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – specify group membership
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – object created
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – create rule, source = unauthenticated users
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – deploy changes
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – create web application object
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – specify granular control for YouTube
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – deploy changes
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – add object to rule
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – deploy changes
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – set action to Authenticate
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – deploy changes
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user attempt to access youtube
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user attempt to load a video on YouTube
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user redirected to authentication page
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user fills in credentials
© 2013 IBM Corporation
IBM Security Systems
Enforcing user authentication – user redirected to YouTube video
© 2013 IBM Corporation
IBM Security Systems
Application that takes up the most bandwidth
© 2013 IBM Corporation
IBM Security Systems
Application that takes up the most bandwidth
© 2013 IBM Corporation
IBM Security Systems
Application that takes up the most bandwidth
© 2013 IBM Corporation
IBM Security Systems
Top users of a specific application
© 2013 IBM Corporation
IBM Security Systems
Top users of a specific application
© 2013 IBM Corporation
IBM Security Systems
Top users of a specific application
© 2013 IBM Corporation
IBM Security Systems
Breakdown of network and application traffic for a specific user
© 2013 IBM Corporation
IBM Security Systems
Breakdown of network and application traffic for a specific user
© 2013 IBM Corporation
IBM Security Systems
Breakdown of network and application traffic for a specific user
© 2013 IBM Corporation
IBM Security Systems
Breakdown of Web traffic category
© 2013 IBM Corporation
IBM Security Systems
Breakdown of Web traffic category
© 2013 IBM Corporation
IBM Security Systems
Breakdown of Web traffic category
© 2013 IBM Corporation
IBM Security Systems
ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposesonly, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the useof, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating anywarranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreementgoverning the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available inall countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s solediscretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in anyway. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the UnitedStates, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and responseto improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriatedor can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secureand no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed tobe part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.