APT Info Sys

1
APT Information System, Experience Security
Measures by Mr. Ron BoxStandardization
OfficerAPT Secretariat
2

• APT on Internet
• Background
• APT started utilizing e-mail setup a website in
  1996 under the Thailand major ISP site
• Registered own domain aptsec.org in 1999
• APT has operated both E-mail Web services with
  own servers at APT Secretariat since 1999
• Upgraded Hardware Software in 2004
• Re-structured website in 2004
• Registered a new domain apt.int in 2005.

3
APT Information System (Main Hardware)

• 5 Servers for
• Gateway scanning
• DNS/ E-mail service
• Web service
• Active Files/ Documents
• Archive Files/ Documents.

23 Desktop Computers 10 Laptop Computers 3
Network Color Printers 19 Laser Printers 1
Color Scanner

• 1 Remote Access Server with
• 1 ISDN line for dial-in
• 6 PSTN line for dial-in
• 2 Wi-Fi Access Points (2.4 GHz, 54Mbps)
• 2 Network Switches (2 x 24 ports - 100Mbps)

4
APT Information System Network Configuration
Internet
ISP
512kbps Leased Line
Modem
Gateway Router
Firewall
128kbps ISDN Backup
Remote Access Server
PSTN/ ISDN
Core Network Switch
Ethernet 100Mbps
Wi-Fi AP54Mbps
Client Laptop with Wi-Fi
Gateway Server
Network Switch
Archive Server
DNS/E-Mail Server
Network Printer
Web Server
Document Server
Client PCs
5
Server Specifications
E-Mail Server Web Server IBM XSeries 235 CPU
Xeon - 3.06GHz RAM 1.5GB Network Ethernet
1Gbps HDD 72GB (36.4GB x 3 on RAID5) Backup DLT
80 Tape Drive
Gateway Server IBM XSeries 236 CPU Xeon -
3.06GHz RAM 2GB Network Ethernet 1Gbps HDD
36.4GB(x 2 on Mirror) Backup DDS-4 Tape Drive
Archive Server IBM Netfinity 5000 CPU Pentium
II - 550MHz RAM 1GB Network Ethernet
100Mbps HDD 40GB (x 2 on mirror) Backup DDS-4
Tape Drive
Document Server IBM XSeries 220 CPU Pentium III
1.4GHz RAM 1GB Network Ethernet 100Mbps HDD
50GB Backup DDS-4 Tape Drive
6
PC Specifications Software
Personal Computers (Clients) IBM NetVista CPU
Pentium IV - 1.4GHz RAM 512MB - 1GB Network
Ethernet 100Mbps HDD 40 100 GB
Software Server OS Windows Server 2003 Mail
Exchange Server 2003 Client OS Windows XP
Professional Application Microsoft Office XP
Other Software McAfee Anti Virus (Desktop
PC) Microsoft Anti Spyware (Desktop PC) Trend
Micro ServerProtect (All Servers) Trend Micro
InterScan Messaging Security Suite (Gateway
Server) Trend Micro Spam Prevention Solution
(Gateway Server) Trend Micro ScanMail for MS
Exchange (E-Mail Server)Trend Micro eManager for
MS Exchange (E-Mail Server)
7
System/ Network Security Protection (APT
Experience Practice)

• Network Gateway Protection
• Network Protection
• Server Protection
• Personal Computer Protection
• E-Mail System Protection
• Website Protection
• Other Security Issues

8
System/ Network Security Protection

• Network Gateway Network Protection
• Install Firewall (Juniper NetScreen) to
• scan and filter Internet packet
• scan, filter and block illegal inbound
  connection
• detect and block protocol anomaly
• prevent network attack such as Denial of Service
  (DoS) and Distributed DoS attack
• prevent malicious worms from entering into local
  area network
• prevent intrusion and unauthorized access into
  internal network.

9
System/ Network Security Protection

• Server Protection
• Regularly download and install service pack,
  security and critical update for Operating System
  (OS) and application software to
• eliminate OS and application software
  vulnerability
• prevent unauthorized access to servers (hacking)
• prevent unauthorized remote code/ script
  execution.
• Install anti-virus software (Trend Micro
  ServerProtect) and update hourly to
• protect server files from viruses and worms
  infection.
• Perform server system backup once a month

10
System/ Network Security Protection

• Personal Computer (PC) Protection
• Regularly download and install service pack,
  security and critical update for Operating System
  (OS) and application software to
• eliminate OS and application software
  vulnerability
• prevent unauthorized remote code/ script
  execution.
• Install anti-virus software (McAfee Virus Scan)
  and update virus pattern and database weekly to
• protect PC files from viruses and worms
  infection.

11
System/ Network Security Protection

• E-mail System Protection
• Install Trend Micro InterScan Messaging Security
  Suite with Spam Prevention Solution at Gateway
  Server to block
• E-mail Virus
• E-mail Worm
• Trojan
• Spam Mails
• Third Party Mail Relay (SMTP Relay).
• It is scheduled to check hourly for the updated
  e-mail scan engine, virus database and spam
  pattern at the software provider database site.
  An automatic update is carried out if updated
  data is available.

12
System/ Network Security Protection

• E-mail System Protection
• Microsoft Exchange Server is configured to block
• Third Party Mail Relay (SMTP relay)
• IP Address of unwanted e-mail source
• Domain Name of unwanted e-mail source
• Sender E-mail Address of unwanted source.
• Other measuresOn-line mailboxes defragment
  (daily)
• On-line mailboxes back-up (twice a week)
• Off-line mailboxes defragment (once a week during
  weekend)
• Off-line mailboxes back-up (once a week during
  weekend)

13
System/ Network Security Protection

• E-mail System Protection
• Install Trend Micro ScanMail with eManager at
  E-mail server. These applications are configured
  to perform
• detection and blocking of e-mail virus and worm
• detection blocking of e-mail spam
• e-mail message contents scanning
• e-mail subject line scanning blocking
• e-mail attachment file blocking on selected file
  types
• These tasks are carried out on both incoming and
  outgoing e-mails. It is scheduled to check hourly
  for the updated scan engine, virus database and
  spam pattern at the software provider database
  site. An automatic update is carried out if
  updated data is available.

14
E-mail and Web System Security Protection

• At present, the APT e-mail system has
• 23 Users account for Secretariat staff
• 92 E-mail Distribution Groups (Reflectors/
  Exploders) for Secretariat internal mail groups,
  APT work program teams, working groups, expert
  groups
• To prevent the group receiving unauthorized
  e-mails and spam mails, it is configured that
  only APT secretariat staff and/ or registered
  users can send e-mail to e-mail reflector groups.
  
• 945 Registered Users in e-mail reflectors

15
System/ Network Security Protection

• Website Protection (addition to server
  protection)
• Limit the users who can access to website
  folders
• Monitor and block undesired IP addresses and
  Internet domains from accessing website
• Disable remote log-in access to web server
• Disable directory listing access for website
  folders
• Disable anonymous access to web pages such as
  bulletin boards and e-mail archives site
• Disable anonymous access to some information on
  website such as e-mail reflector member list and
  management committee meeting documents
• Backup entire website contents twice a week.

16
System/ Network Security Protection

• Other Security Issues
• Spyware
• Install Microsoft AntiSpyware in PC to block
  spyware.
• Update AntiSpyware regularly and scan the PC from
  time to time and clean up any spyware.
• Spyware is software that collects personal
  information from you without your knowledge or
  permission. Spyware can transmit that information
  back to a third party without notifying you. The
  information spyware collects can range from all
  the web sites you visit to more sensitive
  information like user names and passwords. You
  might be the target of spyware if you download
  music from file-sharing programs, free games from
  sites you don't know whether you can trust, or
  other software programs from unknown sources.
  (source Microsoft)

17
System/ Network Security Protection

• Other Security Issues
• Adware
• Install Microsoft AntiSpyware in PC to block
  Adware.
• Update AntiSpyware regularly and scan the PC from
  time to time and clean up any Adware.
• Block pop-up windows in browser.
• Adware is generally software that displays
  advertisements. Some advertisers may covertly
  install Adware on your computer and generate a
  stream of unsolicited advertisements that can
  clutter your desktop and adversely affect your
  productivity and your computers performance. The
  advertisements may also contain pornographic or
  other material that you might find inappropriate.
  (source Microsoft)

18
System/ Network Security Protection
Other Security Issues Browser Plug-inA browser
plug-in is an application that can be installed
in your Web browser . Plug-ins can come in the
form of a toolbar, a search bar or navigation
feature, or extra task buttons on the browser.
Although most plug-ins are designed to perform
necessary functions, some plug-ins are harmful to
your computer because they have complete access
to your Web browser and can log, modify, and
redirect any task you perform. (source
Microsoft) Browser RedirectorBrowser
redirectors are programs that change your Web
browser settings, often altering designated
default start and search pages. In addition, a
browser redirector can modify almost every aspect
of a Web browser including adding bookmarks, and
redirects search traffic to alternative sites.
(source Microsoft)
19
APT Experience with incoming E-mail
Current Situation
Average daily incoming e-mails 2,200
Blocked
of incoming Spam
e-mails 1,300 59 Virus infected e-mails
250 11 3rd Party Relay e-mails 20
1 Others invalid e-mails 20
1 Passed
of incoming Spam
e-mails 60 3 Legitimate e-mails
540 24.5 Others 10 0.5(Error Message/
Notification/ Useless mails)
20
APT Experience with incoming E-mail
Current Situation
Mail Description Block Pass Legitimate
e-mails 0 100 Spam e-mails 95 5 Virus
infected e-mails 100 0 3rd Party Relay
e-mails 100 0 Others e-mails
95 5 Phishing Yes? Yes? Mail
spoofing Yes? Yes?
21
Existing problems and challenges Extra hardware
software costs for security protection.
Users still receive spam mails in average of 10
- 15. Outsiders complain of receiving spam mail
from APT staff and reflector address (actually
not originated from APT). Virus may reach network
before update pattern is available. Spoofed mails
problem exists and difficult to identify and
block actual sender IP or domain. Noted Phishing
in emails. Risk of network worm, network virus
attack and hacking. Possibility of legitimate
mails and attached file being blocked. Staff
require better knowledge in analyzing incoming
email and browsing website to avoid getting spam
and spyware.
22
Conclusion There is a huge risk and danger still
exists over the global network. Network attacks
are complicated and unpredictable. Impossible to
eliminate and prevent 100 from potential attack
in all kinds. E-mail spam still dominates global
e-mail system. How can APT help you? What can
you advise APT to improve our system? For
further inquiry, please write to
aptweb_at_aptsec.org Thank you.