1 / 23

Intrusion Prevention Web Seminar

Intrusion Prevention Web Seminar. Scott Lukes – VP of Marketing and Product Management Rob Peterson – Director of Product Management.

liam
Télécharger la présentation

Intrusion Prevention Web Seminar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Prevention Web Seminar Scott Lukes – VP of Marketing and Product Management Rob Peterson – Director of Product Management

  2. “… the underground market for stolen information, a surging white-collar crime… affects as many as 10 million Americans at a price tag of $55B” – Wall Street Journal, July 2005 . “Sven Jaschan, 19, was found guilty of computer sabotage and illegally altering data… he was given a suspended sentence of one year and nine months” – USA Today, July 2005 .

  3. Modern Network Security Threats Being driven primarily by….. • Increasing complexity and distribution of networks • Increasing sophistication of applications • Financial incentives motivating criminal behavior

  4. ??? Phishing, Pharming… IM, P2P Attacks Spam Polymorphic Worms Worms/ Trojans Blended Threats VoIP DoS Attacks Spyware Mail Viruses Application-based threats Most firewalls can not protect against these ! The Result: A New Universe of Dynamic Threats DoS/DDoS Attacks Level of Sophistication Zombies Session Hijacking Port Scans Network-based threats Hacking 2005 2010 1995 2000

  5. Deep Packet Inspection inspects ALL content • Equivalent to Post Office examining entire contents and making a forwarding decision based on what it finds • Required for Anti-virus, Intrusion Prevention, Spyware, Anti-Spam, Web and Email Content Filtering Deep Packet Inspection Stateful Packet Inspection Firewall Basics: Stateful versus Deep Inspection • Stateful Packet Inspection looks only at headers • Equivalent to Post Office examining To/From, and the package type (envelope, tube, box…) • Good for preventing unauthorized users and service types Header Layers Application Layer Email (SMTP, POP3, IMAP) Web (HTTP/S) File Xfer (FTP, Gopher) Newsgroups Host Sessions Directory Services… Ethernet Frame Transmission Control Protocol (TCP) Internet Protocol (IP) Ethernet

  6. Why Do You Need IPS? • IPS uses Deep Packet Inspection to check Internet traffic for possible intrusions that would normally be seen as normal traffic to a traditional firewall. • It can also enforce company acceptable use policies for IM and P2P use.

  7. IPS Attacks: 5-10 Years Ago The Smurf Attack Router Attack Source OFFLINE! OFFLINE! Internet Target ICMP Packets Sent Servers Router Corporate Desktop Network

  8. IPS: 5-10 Years Ago • Many of us recall a series of DoS attacks that crippled huge sites in February of 2000, including Yahoo, Ebay, Amazon, CNN • At the time it was deemed one of the most difficult problems to solve, but now referred to as a simple type of attack MOST BUSINESS-CLASS FIREWALLS PROTECT AGAINST DoS ATTACKS BY DEFAULT

  9. Modern-day IPS Attacks: The Sasser Worm Target Network Attack Source A new PC is found and infected CMD.ftp downloads AVserve2.exe on 9996 Portscan on 445 for LSASS Newly infected PC performs random portscans on 5554 for LSASS Buffer overflow attack on LSASS.exe Router Corporate Desktop Network

  10. IPS Attacks: Today • Effects of Sasser? • 75,000 clients infected in < 30 minutes. Total $18B in damage • Other examples: • SQL Slammer, Outlook Overflow, Zotob • Into the future… • Continued exploit of application-layer vulnerabilities • Microsoft OS Updates • Microsoft IE updates (and yes… even Mozilla Firefox) • Outlook/Exchange servers • SQL, mySQL, postgres and other databases • Increased polymorphism and ‘speed-to-infection’

  11. Why is Intrusion Prevention Mandatory? • The Internet is used every day for business transactions, communication and research • Attackers are turning to vulnerabilities in Internet enabled applications to gain unauthorized access • These applications must be enabled to use the Internet but absolutely need protected. • Web browsers and web servers • Email servers and clients • VPN and remote access tools • Other Internet enabled apps • A traditional firewall does not protect your network because it is designed to either block or allow access to applications altogether

  12. Securing Valid Connections to the Internet • Go to the Action Profiles menu. Select the Mail Server Attacks Action Profile • Your mail server obviously needs to be connected to the Internet in order to send and receive email. These attacks are designed to attack or compromise a mail server so that the hacker can crash or even take control of the server.

  13. Enforce Acceptable Use Policies • Are you okay with users downloading and sharing music and other files with Peer to Peer (P2P) programs like KaZaa and Limewire? • How about Instant Messenger (IM) traffic like AIM, MSN Messenger and ICQ? • These types of programs are designed to evade traditional firewalls, often by disguising the traffic as normal, acceptable Internet traffic such as web browsing. IPS protection is mandatory to detect and stop P2P and IM traffic.

  14. How do you know it is working? • ThreatMonitor • Alert Viewer • Email Alerts

  15. Simple IPS Demo • Go to Intrusion Prevention -> Action Profiles to turn on an email alert option. Select High Priority Alerts and enter an email address. This can even be an email address of a cell phone for a text message alert. • Now go to the eSoft Test Alert URL http://scm.esoft.com/ips.html • Receive an alert within a few minutes • For more documentation on this demo, visit www.esoft.com, and visit the IPS SoftPak Page!

  16. Summary • IPS IS today’s firewall. • Modern day attacks are not randomly looking for open networks. • Today’s hackers attack applications that are open to the Internet such as email and web servers or by infecting clients that they can lure to infected web pages and downloads.

  17. Core Security Technology for Modern Threats Intrusion Prevention (IPS)Includes technologies to protect the network and users from network and application-layer threats. This is MANDATORY technology.IPS is a core technology that is mandatory to provide protection for network, email, and web based security threats.

  18. eSoft Intrusion Prevention SoftPak • Recently earned top ranking from SC Magazine in May, 2006 shootout! • Beating Nortel, SourceFire and Fortinet

  19. Intrusion Prevention Features • Quick tuning from a single configuration page for fast setup • Block worms, Trojans, buffer overflows, backdoor exploits, and code injections • Policy controls to block IM and P2P applications • Broad Operating System and Application support • Training features to eliminate false positives • Action profiles that automatically classify new rules • Graphical statistics and reports

  20. Intrusion Prevention Features (continued) • Inbound/outbound scanning • Dynamic blocking of application-based attacks • Automatically updated signature database • Zero day updates • Granular control of signatures and actions • Preview changes to an Action Profile • Detailed threat analysis information • Real-time logging and reporting • Email alerts

  21. Intrusion Prevention Amazon Promotion Special Gift! • As a part of IPS Awareness Month, eSoft is offering a free Amazon.com gift card (up to $350) for IPS SoftPaks purchased before June 30, 2006! For more details, visit: http://www.esoft.com/sales/programs_promotions.cfm

  22. Try Intrusion Prevention Risk-Free • eSoft invites you to download a full copy of our popular IPS SoftPak for a FREE 30-day period on either the ThreatWall or InstaGate platform. Installing IPS on an eSoft appliance is a simple process. • To install the IPS SoftPak: • 1 – Go to the SoftPak Catalog page on your device GUI • 2 – Select the IPS SoftPak drop-down box, and enter the code IPSAWARE • 3 – Once IPS is installed, activate by navigating to the IPS sub-page • For more details on the IPS SoftPak, visit http://www.esoft.com/products/softpak_ips.cfm

  23. Congratulations… you’ve earned your shirt! • Please visit the link below, fill out the survey, and we will send your clothing item that will most certainly stir up the fashion circles in your local area ;) http://www.esoft.com/ips

More Related