Use Deep Content Inspection To Secure HTML5 - Ethernet ...
Use Deep Content Inspection To Secure HTML5 - Ethernet ...
Use Deep Content Inspection To Secure HTML5 - Ethernet ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Securing <strong>HTML5</strong> At The Network<br />
Wedge Networks Inc.<br />
San Jose, CA USA<br />
February 2012 1
The Evolution of Threats<br />
<strong>HTML5</strong><br />
Most threats come through CONTENT
Clean <strong>Content</strong> From The Network<br />
In the Middle Ages, we had to boil water for cleanliness and safety…<br />
<strong>To</strong>day, we expect clean and safe water coming out from our taps…<br />
Internet traffic should not be any different!
<strong>HTML5</strong> Is A Good Thing<br />
• Improving Security<br />
• The <strong>HTML5</strong> standard is transparent.<br />
• <strong>HTML5</strong> applications have restricted access to<br />
system resources.<br />
• <strong>HTML5</strong> updates are fully contained in the<br />
browser’s update.<br />
• Strong Adoption<br />
• Popular browser vendor’s are participating.<br />
• Many influential internet sites have climbed<br />
on board.<br />
• Browser based, so o/s neutral.<br />
Confidential
Yin And Yang Of <strong>HTML5</strong>/WebSocket<br />
• <strong>HTML5</strong> introduces the WebSocket protocol for<br />
more responsive communication than HTTP:<br />
• Asynchronous, Full duplex == Responsive<br />
• Efficient (2 byte header!) == Performance<br />
• Supported in Firefox 7+, Chrome 14+, IE 6 thru 9<br />
(with Chrome Frame).<br />
• Unique Security concerns:<br />
• Hijacks HTTP port (legacy firewalls miss)<br />
• No standard application information (Next<br />
Gen Firewalls can’t differentiate).<br />
• No request URLs (reputation based defenses<br />
fail).<br />
• Stream is masked without HTTP headers<br />
(<strong>Secure</strong> Web Gateways get confused).<br />
--WebSocket.org<br />
Ref. “<strong>HTML5</strong> Web Socket in Essence” Wayne Ye<br />
Confidential
<strong>Deep</strong> <strong>Content</strong> <strong>Inspection</strong> (DCI)<br />
Visibility of content, not just packets or application types<br />
<strong>Deep</strong><br />
Packet<br />
<strong>Inspection</strong><br />
<strong>Deep</strong><br />
<strong>Content</strong><br />
<strong>Inspection</strong><br />
Anti-Malware<br />
Anti-Spam<br />
<strong>Content</strong><br />
Matching<br />
Open Service Bus<br />
Incoming Traffic<br />
Web Filter<br />
SubSonic Engine<br />
Outgoing Traffic<br />
WTC<br />
Confidential
<strong>HTML5</strong>/WebSocket <strong>Secure</strong>d<br />
Confidential