Marshal * attack prevention

marshal_logo.jpg

Enterprise Gateway Attack Prevention

One of the greatest risks to information systems is the threat of unauthorized access. In order to shield a system from attacks, you must know who is attacking and how, and most importantly, where the system is most vulnerable.

The Marshal Content Security solution provides enterprise gateway protection against attacks via either email or web-based entry, enabling you to potential attacks and prevent unauthorized access.

Minimizing the Risks with a Good Defense

The risks of unauthorized access are best managed with a clearly-defined defensive strategy that combines effective technology tools and user vigilance.

A company may purchase all the recommended tools for minimizing the risk of unauthorized access, but without a clear strategy defining the management of all available resources, including personnel, software, and technology, your efforts are futile.

The best way to establish a strategy is through risk analysis. A sound understanding of risk will give guidance on the wide range of solutions available to deal with unauthorized access.

Technology Tools

Security technologies and tools are used to prevent and manage access.
They include:

  • firewalls
  • intrusion Detection Systems (IDS)
  • content Security
  • vulnerability assessment
  • patches and hotfixes
  • hardening operating systems and applications

Firewalls

A firewall is a security mechanism that is designed to prevent unauthorized access to your network. Firewalls come in the form of a software package that is installed on a server/host system, an appliance, a network device, or a feature of some other network device such as a router. Firewalls ensure that network traffic of certain types (or from certain applications) is allowed to pass from one network to another according to a set security policy. It can prevent network-based attacks that are often targeted against systems by:

  • logging connection attempts and traffic
  • authenticating users trying to make network connections
  • inspecting network packets and tracking the state of connections to ensure they are behaving as expected
  • inspecting application traffic, for example, email viruses or web pages
  • protecting internal networks by performing Network Address Translation (NAT)

Although a firewall cannot prevent attacks from the Internet on defined protocols or block dial-up attacks to remote access servers and modems within your network, they prevent unwanted access to your network and reduce the risk of an information security breach.

Intrusion Detection Systems

Intrusion Detection Systems (IDS) act as burglar alarms for a network or system. They can identify someone casing' the environment, detect the 'rattling of doorknobs' to see if the house is unlocked, hear the shattering of glass as entry is gained, sound the alarm and call the police. They can also monitor and log forensic evidence to support any legal case.

There are two types of IDS systems:

  • host-based
  • network-based

A host-based IDS is installed on servers to identify activity and anomalies and report on server specific problems or activity. This system is akin to virus defense software, except the IDS is looking for behavior rather than patterns in files.

A network-based IDS monitors the network to watch traffic, stop intruders, and report on suspicious and unusual activity.

These systems can be deployed in a number of ways depending on the aim or purpose. It can protect key internal servers, identify Internet-based attacks and monitor network access points.

Consider installing an IDS if your organization:

  • suffered a security breach within the last twelve months
  • transacts business through the Website
  • wants internal partitioning of your network
  • has a high-profile organization liable to attract malicious attacks
  • has an unattended remote site with ISP links
  • outsources part or all of its IT operations
  • connects to clients or business partners
  • has no permanent, full-time security staffing capability

Content Security

Content Security solutions are filters that are designed to look at the content of email and Internet browsing. They look for content or activity that is either considered to be a security risk or is in breach of acceptable use policies. Content Security is often known as content scanning or content raditional firewalls control WHO has access to your network and what devices they can view. Content Security controls WHAT types of data are allowed to enter and leave your network. Content Security software is traditionally used to defend against a large number of common security threats including spam, viruses, phishing, spyware and malicious code.

A good way to look at the difference between tradition firewalls and content security is to think of an airport. Firewalls are like the Immigration department at an airport. They check who you are and if you are authorized to enter or leave. Content Security is like Customs; it looks at what you are carrying. Customs looks for things like drugs, explosives, weapons, bio-hazards and contraband. Content Security looks for things like spam, viruses, pornography, confidential information and excessive bandwidth use.

Marshal offers two content security solutions; one for the protection of email based threats (MailMarshal) and the other for the protection of Web based threats (WebMarshal).

Vulnerability Assessment

Vulnerability assessment uses scanning software that checks for known security flaws. The Common Vulnerabilities and Exploits (CVE) project assigns a unique code number to each known vulnerability, to aid in consistent classification. These are stored in a database, and your system is scanned to check if any exist. This means that the vulnerability scanner can only find the problems it already knows about. It can't find new ones.

To ensure that such scanners are kept up to date with the latest problems, users must download regular updates. Shareware Scanners are freely available on the Internet. Some specialists use these scanners as the sole basis for their vulnerability/penetration tests, with no supporting analysis.

As scanner reports may generate false positives and negatives, this is not an effective use of time and effort. They are most effective when used as the basis of a vulnerability assessment, not the totality of it.

Patches and Hotfixes

Most software vendors have Websites that provide patches and hotfixes and all systems should be patched to the level recommended by the vendor. Unpatched systems are like an open window into your business.

Many commercial operations and hacker sites provide online databases of known vulnerabilities and exploits.

Hardening Operating Systems and Applications

Hackers are always looking for weak spots. You can reduce these by building your systems using recognized configurations.

Operating systems contain a vast number of settings, features and options. If these are set incorrectly they can lead to easy attack and compromise.

Many default settings are open, insecure or switched off. Security standards must
be defined and implemented for all hosts. These will vary for different
operating systems.

Vigilance

There is no more effective security control than an informed, vigilant workforce. Computer systems are best at running repetitive tasks but people are much better at detecting the unusual. Training and educating staff is perhaps the most cost-effective way of managing your information risks and preventing threats.

Copyright (c) 2008 Secure Networks (UK) Ltd. - IT Security Specialists | Privacy Statement | Terms Of Use | Site by Site-Simple