190 likes | 368 Vues
jEnterprise Suite For Network Monitoring and Security. Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha. Agenda. Problem Statement. What is Worm Worms Damage Effects Cost of Worms Solution Technology. The Problem. Networks nowadays suffering from
E N D
jEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha
Agenda • Problem Statement. • What is Worm • Worms Damage Effects • Cost of Worms • Solution • Technology
The Problem • Networks nowadays suffering from • - Viruses, Worms. • - Trojans, Spy-wares • - Ad-wares, Hijackers, Pop generators • Spam, Intrusion and many more. • If you are connected to the internet (home, corporate) then, your machine is exposed to the Internet world. And hence you are vulnerable against Worms and Viruses. • Virus and Worm are the biggest contributors to today’s network problems. And thus, firewall and antivirus alone are not enough To protect your organization from the blended threats.
What is Worm? • Worms are programs that replicate themselves from system to system without the use of a host file. • Although worms generally exist inside of other files, often Word or Excel documents. • Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. W32.Mydoom.AX@mm is an example of a worm
Worms Damage Effects Once the host is infected , Worms can: • Steal YOUR private info and distribute it to all the users in your email database. • Send dummy traffic to paralyze your network. • Destroy key system files that would damage and crash your computer. • Destroy database system within your server. • Irrecoverably overwrites your personal files . • Slows down your PC.
Cost of Worms • Cost for cleanup of worms worldwide. • Sobig: USD 37.1 billion • MyDoom: USD 22.6 billion • Klez: USD 19.8 billion • Nachi: USD 13 billion • Mimail: USD 11.5 billion • Swen: USD 10.4 billion • Love Bug: USD 8.8 billion • Bugbear: USD 3.9 billion Source: www.wholesecurity.com
Cost of Worms… • Cost for cleanup of worms in Malaysia. • Code Red: RM 22 million • Nimda: RM 22 million • Blaster: RM 31 million • Nachi: RM 31 million • 90% of desktop computers in a Malaysian internet company experienced downtime caused by Blasted.D worm. (August 2003) Source: NISER study
What Do You Need? • A holistic approach on the security strategies you currently have in place MUST be adopted To protect your organization from the new generation of blended Threats. • A solution that covers loopholes left by other security products for an all round protection and able to detect internal worm attack as well as external. • An updated Software with worm signatures armed with a warning, alerting mechanism to aware security team to take the proper action. • Advising and Recommendation
What Do You Need?The Answer is m-Protect!! • Easy to install and use. • Low memory requirements. • Detects worm activity on the wire . • Live updates from m-Protect database server that consists of a comprehensive list of all known worms. • Works passively to scan network traffic for worms. • Alerts you of a potential worm attack via synthesized voice warning and visual messages as well as sms and emails. • Pinpoints the source of the computer that is broadcasting the worm packets. • Works hand in hand with 3rd party anti – virus tools. • Able to detect worms with multiple signatures. • Detect inside/outside worm attacks.
Why m-Protect? • m-Protect would alert everyone in the network regarding the worm attack • Locate source of the problem. • Provide possible solutions • Besides propagation via the internet connection, Worms can still reach the internal network by: • laptops. • external media (cd, thumbdrive). • wireless access points. • encrypted/ zipped emails. Border defenses is of no use if the worm is already inside the internal network.
m-Protect in action WARNING WARNING WARNING WARNING Infected PC inside your LAN Border firewall Not Protected PC, now will originate the attack again INFECTED ALERT ALERT ALERT
Infected Network m-Protect in action… • Computers without sufficient antivirus / patch will be infected. • Such computers will create unwanted traffic in its attempts to infect others. • All the network users will experience “network outage”
Thank You Q&A