How to Respond to and Prevent an Attack

1

• How to Respond to (and Prevent) an Attack
• Presented by Neil A. Rosenberg
• President CEO
• Quality Technology Solutions, Inc.

2
Some Common Hacking Techniques

• IP spoofing
• Password cracking
• Session hijacking
• Server take-over using buffer overflows or
  protocol weaknesses
• Replay attacks
• Viruses and Trojan Horses
• Social engineering

3
Security Threats in the Internet

• Data snooping unauthorized read-only access to
  data
• Forgery unauthorized modification of data
• Impersonation and spoofing unauthorized access
  to data, obtain unauthorized service
• Denial of Service prevention of others from
  accessing data
• Take-over gaining illegal control of a
  resource in the Internet
• Vandalism and cyber-terrorism

4
Know your arsenal

• Firewalls (including VPN)
• Intrusion Detection
• Virus Detection
• Email Content filtering
• Web page content filtering

5
Secure Virtual Network Architecture
Meta IP IP Address Management
OPSEC Servers for Virus protection Web-site
content filtering
Partner Site
Corporate Network
FireWall-1
IPSec-compliant Gateway
VPN-1 SecuRemote
LDAP Directory
VPN-1/FireWall-1 Gateway with High Availability
Dial-up
FloodGate-1 Bandwidth Management
Remote Users
VPN-1 SecureClient
VPN-1/FireWall-1 SecureServer
RealSecure Intrusion Detection
VPN-1 Accelerator Card
Meta IP DNS
ConnectControl Server Load Balancing
Broadband
Extranet Application Server
Router
Remote Office

• Enterprise Management Console
• Policy-based Management
• Reporting
• Account Management
• Open Security Extension

Web Server Pool
VPN-1 Appliance
6
What is NIMDA

• Worm/Trojan designed to exploit a vulnerability
  in IIS, Outlook and Internet Explorer
• Builds upon Code Red vulnerability, but
  hybridizes with Outlook and IE attack paths
• Creates a Denial of Service by creating sustained
  worthless traffic thus starving off useful
  traffic

7
Best Practices

• Subscribe to security alert mailing list service
  from vendors
• Keep all servers up to date with patches,
  especially if reachable from the Internet
• Configure Firewalls to stop all traffic that is
  not necessary inbound and outbound

8
Best Practices

• Stop all traffic to the Firewall itself
• Use VPNs instead of dial-in modems
• Use secure passwords enforce regular changes,
  make them at least 7 characters, mixture of
  numerals and alpha
• Centralize security administration
• Consider hardware tokens or PKI instead of
  passwords

9
Prevention

• Change your written security policy to require
  stripping of executables from email
• Configure FW policy to enforce written security
  policy by either using the Check Point SMTP
  security server or an OPSEC product such as
  Aladdin E-safe

10
Responses

• Create a Business Continuity Plan
• You have tested backups, dont you?
• Depending on the problem, notify CERT and law
  enforcement (FBI, Local Police)

11
(No Transcript)
12
Summary

• Learn the capabilities of your security solution
• Apply security patches and updates regularly
• Check Point is the most flexible Security
  Architecture on the market.
• INVEST IN IT!!!

13
Questions AnswersNeil RosenbergQuality
Technology Solutions, Inc.76 South Orange
AvenueSouth Orange, NJ 07079(973)761-5400
x230Fax (973)761-1881nrosenberg_at_QTSnet.com www.Q
TSnet.com