Secure Web 2.0 Anti-Threat Initiative

Secure Computing Corporation has started their so-called SWAT Initiative for protecting organisations from Web 2.0-related threats carried in Web and messaging protocols.

The Secure Web 2.0 Anti-Threat initiative is an intensive effort to provide corporations with informative research, tools, solutions and best practices vital for companies evaluating - or re-evaluating - their approach to Web and messaging security. At its core, the initiative is aimed at identifying and highlighting the essential components required to provide the best possible protection for businesses operating in a Web 2.0 environment and beyond.

The S.W.A.T. Initiative
Based on in-depth analysis of typical network policies and security architectures, a commissioned study from Forrester Consulting focused on determining how companies are responding to employee Web and messaging use, and global threat data from trustedsource.org, Secure Computing has identified the core security components and architecture necessary to effectively combat Web 2.0 threats. The companys objective is to help businesses implement a security architecture that can protect their environments as existing Web and messaging threats increase and new threats arise.

Todays Web environment provides a vastly improved user experience and access to information due to the rapid adoption of Web 2.0 technologies like AJAX, XML and RDF, said Atri Chatterjee, senior vice president at Secure Computing. However, as in other technological innovations before it, Web 2.0 technologies have also led to new vulnerabilities and new techniques for compromising corporate networks and data. Unfortunately, our research bears out that companys simply arent doing enough today. Most organisations are not adequately protected their users are insufficiently trained on using these technologies and they are spending large sums of money recovering from attacks. Our initiative aims to provide information and resources that help organisations understand the evolving threat environment and take steps to proactively protect themselves.

Security Requirements for a Web 2.0 World
The following capabilities are essential for protecting against threats when conducting business in the evolving Web environment:

1. Proactive real-time reputation-based Web and messaging filtering for all domains - even those not yet categorised
   
2. Anti-malware protection utilising real-time, local intent-based analysis of code to protect against unknown threats, as well as signature-based, anti-malware protection for known threats
   
3. Bi-directional filtering and application control at the gateway for all Web traffic including Web protocols from HTTP, to IM, including encrypted traffic
   
4. Data leakage protection on all key Web and messaging protocols
   
5. Security aware proxies and caches
   
6. Design for layering of defences with minimal number of proven and secured devices
   
7. Robust management and audit reporting tools for all Web and messaging protocols, services and solutions including filtering, malware, caching, etc.

Security Solutions for Web 2.0
The SWAT initiative is driving Secure Computings next-generation Web and messaging gateway appliance development. The recently announced Webwasher Web gateway security solution includes the following key features:

• intent-based anti-malware protection
  
• reputation-based filtering
  
• SSL scanning of all Web traffic to ensure that neither malicious content enters the corporate network nor sensitive data leaves the corporate network by being encrypted
  
• secure caching that ensures that the appliance provides consistently high throughput of Web traffic without compromising its ability to stop zero-day malware threats

[A major issue with the Web 2.0 idea is that it allows malware to sneak onto hitherto trusted sites through back doors opened by the dynamic content generation based on diverse sources. Hence, it is no longer sufficient to follow the old advice of staying away from 'bad' web sites like gambling and porn sites. Sites trusted by this criteria can now very well be found to contain malware and other risks.

So, assume no implicit or explicit extension of trust from a 'good' site to other sources of content, e.g. providers of advertising!

We will add the following advice to that given by Secure Computing above:

• consequently filter out all advertising on web sites - advertising is almost never provided by the site owner and should as a default not be trusted
  
• disallow unquestioned redirection - always catch redirection attempts take a closer look before allowing them
  
• only allow web 2 contents after examining the source - filter out anything not originating on the web site you are currently visiting
  
• disallow all mobile code as a default, and only allow it on a per web site basis
  
• this also goes for web bugs and private headers
  
• disallow third-party cookies.

Related links: (Open in a new window.)
www.securecomputing.com/swat
www.securecomputing.com
www.trustedsource.org/

Taken from Information Security Bulletin.