intrusion prevention web seminar n.
Skip this Video
Loading SlideShow in 5 Seconds..
Intrusion Prevention Web Seminar PowerPoint Presentation
Download Presentation
Intrusion Prevention Web Seminar

Loading in 2 Seconds...

play fullscreen
1 / 23

Intrusion Prevention Web Seminar - PowerPoint PPT Presentation

  • Uploaded on

Intrusion Prevention Web Seminar. Scott Lukes – VP of Marketing and Product Management Rob Peterson – Director of Product Management.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Intrusion Prevention Web Seminar

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
intrusion prevention web seminar

Intrusion Prevention Web Seminar

Scott Lukes – VP of Marketing and Product Management

Rob Peterson – Director of Product Management


“… the underground market for stolen information, a surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” – Wall Street Journal, July 2005


“Sven Jaschan, 19, was found guilty of computer sabotage and illegally altering data… he was given a suspended sentence of one year and nine months” – USA Today, July 2005


modern network security threats
Modern Network Security Threats

Being driven primarily by…..

  • Increasing complexity and distribution of networks
  • Increasing sophistication of applications
  • Financial incentives motivating criminal behavior
the result a new universe of dynamic threats


















Application-based threats

Most firewalls can not protect against these !

The Result: A New Universe of Dynamic Threats

DoS/DDoS Attacks

Level of Sophistication




Port Scans

Network-based threats






firewall basics stateful versus deep inspection

Deep Packet Inspection inspects ALL content

    • Equivalent to Post Office examining entire contents and making a forwarding decision based on what it finds
    • Required for Anti-virus, Intrusion Prevention, Spyware, Anti-Spam, Web and Email Content Filtering

Deep Packet Inspection

Stateful Packet Inspection

Firewall Basics: Stateful versus Deep Inspection
  • Stateful Packet Inspection looks only at headers
    • Equivalent to Post Office examining To/From, and the package type (envelope, tube, box…)
    • Good for preventing unauthorized users and service types

Header Layers

Application Layer

Email (SMTP, POP3, IMAP)

Web (HTTP/S)

File Xfer (FTP, Gopher)


Host Sessions

Directory Services…











why do you need ips
Why Do You Need IPS?
  • IPS uses Deep Packet Inspection to check Internet traffic for possible intrusions that would normally be seen as normal traffic to a traditional firewall.
  • It can also enforce company acceptable use policies for IM and P2P use.
ips attacks 5 10 years ago the smurf attack
IPS Attacks: 5-10 Years Ago The Smurf Attack


Attack Source





ICMP Packets Sent



Corporate Desktop Network

ips 5 10 years ago
IPS: 5-10 Years Ago
  • Many of us recall a series of DoS attacks that crippled huge sites in February of 2000, including Yahoo, Ebay, Amazon, CNN
  • At the time it was deemed one of the most difficult problems to solve, but now referred to as a simple type of attack


modern day ips attacks the sasser worm
Modern-day IPS Attacks: The Sasser Worm

Target Network

Attack Source

A new PC is found and infected

CMD.ftp downloads AVserve2.exe on 9996

Portscan on 445 for LSASS

Newly infected PC performs random portscans on 5554 for LSASS

Buffer overflow attack on LSASS.exe


Corporate Desktop Network

ips attacks today
IPS Attacks: Today
  • Effects of Sasser?
    • 75,000 clients infected in < 30 minutes. Total $18B in damage
  • Other examples:
    • SQL Slammer, Outlook Overflow, Zotob
  • Into the future…
    • Continued exploit of application-layer vulnerabilities
      • Microsoft OS Updates
      • Microsoft IE updates (and yes… even Mozilla Firefox)
      • Outlook/Exchange servers
      • SQL, mySQL, postgres and other databases
    • Increased polymorphism and ‘speed-to-infection’
why is intrusion prevention mandatory
Why is Intrusion Prevention Mandatory?
  • The Internet is used every day for business transactions, communication and research
  • Attackers are turning to vulnerabilities in Internet enabled applications to gain unauthorized access
  • These applications must be enabled to use the Internet but absolutely need protected.
    • Web browsers and web servers
    • Email servers and clients
    • VPN and remote access tools
    • Other Internet enabled apps
  • A traditional firewall does not protect your network because it is designed to either block or allow access to applications altogether
securing valid connections to the internet
Securing Valid Connections to the Internet
  • Go to the Action Profiles menu. Select the Mail Server Attacks Action Profile
  • Your mail server obviously needs to be connected to the Internet in order to send and receive email. These attacks are designed to attack or compromise a mail server so that the hacker can crash or even take control of the server.
enforce acceptable use policies
Enforce Acceptable Use Policies
  • Are you okay with users downloading and sharing music and other files with Peer to Peer (P2P) programs like KaZaa and Limewire?
  • How about Instant Messenger (IM) traffic like AIM, MSN Messenger and ICQ?
  • These types of programs are designed to evade traditional firewalls, often by disguising the traffic as normal, acceptable Internet traffic such as web browsing. IPS protection is mandatory to detect and stop P2P and IM traffic.
how do you know it is working
How do you know it is working?
  • ThreatMonitor
  • Alert Viewer
  • Email Alerts
simple ips demo
Simple IPS Demo
  • Go to Intrusion Prevention -> Action Profiles to turn on an email alert option. Select High Priority Alerts and enter an email address. This can even be an email address of a cell phone for a text message alert.
  • Now go to the eSoft Test Alert URL

  • Receive an alert within a few minutes
  • For more documentation on this demo, visit, and visit the IPS SoftPak Page!
  • IPS IS today’s firewall.
  • Modern day attacks are not randomly looking for open networks.
  • Today’s hackers attack applications that are open to the Internet such as email and web servers or by infecting clients that they can lure to infected web pages and downloads.
core security technology for modern threats
Core Security Technology for Modern Threats

Intrusion Prevention (IPS)Includes technologies to protect the network and users from network and application-layer threats. This is MANDATORY technology.IPS is a core technology that is mandatory to provide protection for network, email, and web based security threats.

esoft intrusion prevention softpak
eSoft Intrusion Prevention SoftPak
  • Recently earned top ranking from SC Magazine in May, 2006 shootout!
    • Beating Nortel, SourceFire and Fortinet
intrusion prevention features
Intrusion Prevention Features
  • Quick tuning from a single configuration page for fast setup
  • Block worms, Trojans, buffer overflows, backdoor exploits, and code injections
  • Policy controls to block IM and P2P applications
  • Broad Operating System and Application support
  • Training features to eliminate false positives
  • Action profiles that automatically classify new rules
  • Graphical statistics and reports
intrusion prevention features continued
Intrusion Prevention Features (continued)
  • Inbound/outbound scanning
  • Dynamic blocking of application-based attacks
  • Automatically updated signature database
  • Zero day updates
  • Granular control of signatures and actions
  • Preview changes to an Action Profile
  • Detailed threat analysis information
  • Real-time logging and reporting
  • Email alerts
intrusion prevention amazon promotion
Intrusion Prevention Amazon Promotion

Special Gift!

  • As a part of IPS Awareness Month, eSoft is offering a free gift card (up to $350) for IPS SoftPaks purchased before June 30, 2006!

For more details, visit:

try intrusion prevention risk free
Try Intrusion Prevention Risk-Free
  • eSoft invites you to download a full copy of our popular IPS SoftPak for a FREE 30-day period on either the ThreatWall or InstaGate platform. Installing IPS on an eSoft appliance is a simple process.
  • To install the IPS SoftPak:
  • 1 – Go to the SoftPak Catalog page on your device GUI
  • 2 – Select the IPS SoftPak drop-down box, and enter the code IPSAWARE
  • 3 – Once IPS is installed, activate by navigating to the IPS sub-page
  • For more details on the IPS SoftPak, visit
congratulations you ve earned your shirt
Congratulations… you’ve earned your shirt!
  • Please visit the link below, fill out the survey, and we will send your clothing item that will most certainly stir up the fashion circles in your local area ;)