Intrusion prevention web seminar
Download
1 / 23

Intrusion Prevention Web Seminar - PowerPoint PPT Presentation


  • 383 Views
  • Updated On :

Intrusion Prevention Web Seminar. Scott Lukes – VP of Marketing and Product Management Rob Peterson – Director of Product Management.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Intrusion Prevention Web Seminar' - liam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Intrusion prevention web seminar

Intrusion Prevention Web Seminar

Scott Lukes – VP of Marketing and Product Management

Rob Peterson – Director of Product Management


View ppt presentation

“… the underground market for stolen information, a surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” – Wall Street Journal, July 2005

.

“Sven Jaschan, 19, was found guilty of computer sabotage and illegally altering data… he was given a suspended sentence of one year and nine months” – USA Today, July 2005

.


Modern network security threats
Modern Network Security Threats surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

Being driven primarily by…..

  • Increasing complexity and distribution of networks

  • Increasing sophistication of applications

  • Financial incentives motivating criminal behavior


The result a new universe of dynamic threats

??? surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

Phishing,

Pharming…

IM, P2P

Attacks

Spam

Polymorphic

Worms

Worms/

Trojans

Blended

Threats

VoIP DoS

Attacks

Spyware

Mail

Viruses

Application-based threats

Most firewalls can not protect against these !

The Result: A New Universe of Dynamic Threats

DoS/DDoS Attacks

Level of Sophistication

Zombies

Session

Hijacking

Port Scans

Network-based threats

Hacking

2005

2010

1995

2000


Firewall basics stateful versus deep inspection

  • Deep Packet Inspection inspects surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” – ALL content

    • Equivalent to Post Office examining entire contents and making a forwarding decision based on what it finds

    • Required for Anti-virus, Intrusion Prevention, Spyware, Anti-Spam, Web and Email Content Filtering

Deep Packet Inspection

Stateful Packet Inspection

Firewall Basics: Stateful versus Deep Inspection

  • Stateful Packet Inspection looks only at headers

    • Equivalent to Post Office examining To/From, and the package type (envelope, tube, box…)

    • Good for preventing unauthorized users and service types

Header Layers

Application Layer

Email (SMTP, POP3, IMAP)

Web (HTTP/S)

File Xfer (FTP, Gopher)

Newsgroups

Host Sessions

Directory Services…

Ethernet

Frame

Transmission

Control

Protocol

(TCP)

Internet

Protocol

(IP)

Ethernet


Why do you need ips
Why Do You Need IPS? surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • IPS uses Deep Packet Inspection to check Internet traffic for possible intrusions that would normally be seen as normal traffic to a traditional firewall.

  • It can also enforce company acceptable use policies for IM and P2P use.


Ips attacks 5 10 years ago the smurf attack
IPS Attacks: 5-10 Years Ago The Smurf Attack surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

Router

Attack Source

OFFLINE!

OFFLINE!

Internet

Target

ICMP Packets Sent

Servers

Router

Corporate Desktop Network


Ips 5 10 years ago
IPS: 5-10 Years Ago surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Many of us recall a series of DoS attacks that crippled huge sites in February of 2000, including Yahoo, Ebay, Amazon, CNN

  • At the time it was deemed one of the most difficult problems to solve, but now referred to as a simple type of attack

    MOST BUSINESS-CLASS FIREWALLS PROTECT AGAINST DoS ATTACKS BY DEFAULT


Modern day ips attacks the sasser worm
Modern-day IPS Attacks: surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” – The Sasser Worm

Target Network

Attack Source

A new PC is found and infected

CMD.ftp downloads AVserve2.exe on 9996

Portscan on 445 for LSASS

Newly infected PC performs random portscans on 5554 for LSASS

Buffer overflow attack on LSASS.exe

Router

Corporate Desktop Network


Ips attacks today
IPS Attacks: Today surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Effects of Sasser?

    • 75,000 clients infected in < 30 minutes. Total $18B in damage

  • Other examples:

    • SQL Slammer, Outlook Overflow, Zotob

  • Into the future…

    • Continued exploit of application-layer vulnerabilities

      • Microsoft OS Updates

      • Microsoft IE updates (and yes… even Mozilla Firefox)

      • Outlook/Exchange servers

      • SQL, mySQL, postgres and other databases

    • Increased polymorphism and ‘speed-to-infection’


Why is intrusion prevention mandatory
Why is Intrusion Prevention Mandatory? surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • The Internet is used every day for business transactions, communication and research

  • Attackers are turning to vulnerabilities in Internet enabled applications to gain unauthorized access

  • These applications must be enabled to use the Internet but absolutely need protected.

    • Web browsers and web servers

    • Email servers and clients

    • VPN and remote access tools

    • Other Internet enabled apps

  • A traditional firewall does not protect your network because it is designed to either block or allow access to applications altogether


Securing valid connections to the internet
Securing Valid Connections to the Internet surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Go to the Action Profiles menu. Select the Mail Server Attacks Action Profile

  • Your mail server obviously needs to be connected to the Internet in order to send and receive email. These attacks are designed to attack or compromise a mail server so that the hacker can crash or even take control of the server.


Enforce acceptable use policies
Enforce Acceptable Use Policies surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Are you okay with users downloading and sharing music and other files with Peer to Peer (P2P) programs like KaZaa and Limewire?

  • How about Instant Messenger (IM) traffic like AIM, MSN Messenger and ICQ?

  • These types of programs are designed to evade traditional firewalls, often by disguising the traffic as normal, acceptable Internet traffic such as web browsing. IPS protection is mandatory to detect and stop P2P and IM traffic.


How do you know it is working
How do you know it is working? surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • ThreatMonitor

  • Alert Viewer

  • Email Alerts


Simple ips demo
Simple IPS Demo surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Go to Intrusion Prevention -> Action Profiles to turn on an email alert option. Select High Priority Alerts and enter an email address. This can even be an email address of a cell phone for a text message alert.

  • Now go to the eSoft Test Alert URL

    http://scm.esoft.com/ips.html

  • Receive an alert within a few minutes

  • For more documentation on this demo, visit www.esoft.com, and visit the IPS SoftPak Page!


Summary
Summary surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • IPS IS today’s firewall.

  • Modern day attacks are not randomly looking for open networks.

  • Today’s hackers attack applications that are open to the Internet such as email and web servers or by infecting clients that they can lure to infected web pages and downloads.


Core security technology for modern threats
Core Security Technology for Modern Threats surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

Intrusion Prevention (IPS)Includes technologies to protect the network and users from network and application-layer threats. This is MANDATORY technology.IPS is a core technology that is mandatory to provide protection for network, email, and web based security threats.


Esoft intrusion prevention softpak
eSoft Intrusion Prevention SoftPak surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Recently earned top ranking from SC Magazine in May, 2006 shootout!

    • Beating Nortel, SourceFire and Fortinet


Intrusion prevention features
Intrusion Prevention Features surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Quick tuning from a single configuration page for fast setup

  • Block worms, Trojans, buffer overflows, backdoor exploits, and code injections

  • Policy controls to block IM and P2P applications

  • Broad Operating System and Application support

  • Training features to eliminate false positives

  • Action profiles that automatically classify new rules

  • Graphical statistics and reports


Intrusion prevention features continued
Intrusion Prevention Features (continued) surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Inbound/outbound scanning

  • Dynamic blocking of application-based attacks

  • Automatically updated signature database

  • Zero day updates

  • Granular control of signatures and actions

  • Preview changes to an Action Profile

  • Detailed threat analysis information

  • Real-time logging and reporting

  • Email alerts


Intrusion prevention amazon promotion
Intrusion Prevention Amazon Promotion surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

Special Gift!

  • As a part of IPS Awareness Month, eSoft is offering a free Amazon.com gift card (up to $350) for IPS SoftPaks purchased before June 30, 2006!

    For more details, visit:

http://www.esoft.com/sales/programs_promotions.cfm


Try intrusion prevention risk free
Try Intrusion Prevention Risk-Free surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • eSoft invites you to download a full copy of our popular IPS SoftPak for a FREE 30-day period on either the ThreatWall or InstaGate platform. Installing IPS on an eSoft appliance is a simple process.

  • To install the IPS SoftPak:

  • 1 – Go to the SoftPak Catalog page on your device GUI

  • 2 – Select the IPS SoftPak drop-down box, and enter the code IPSAWARE

  • 3 – Once IPS is installed, activate by navigating to the IPS sub-page

  • For more details on the IPS SoftPak, visit http://www.esoft.com/products/softpak_ips.cfm


Congratulations you ve earned your shirt
Congratulations… you’ve earned your shirt! surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” –

  • Please visit the link below, fill out the survey, and we will send your clothing item that will most certainly stir up the fashion circles in your local area ;)

http://www.esoft.com/ips