In Partnership with

1

• In Partnership with
• InterSpace Computers
• X4TRESS
• April 24, 2002

2
(No Transcript)
3
Johnnys View Of Your Network

• If your business is connected, chances are its
  not protected.
• Hacker Tools are easy to get and easy to use
• He can find out much more than you think
• You may be his next targetBut there are steps
  you can take.

4
Broadband Explosion
Half of all broadband connections are
unprotected. Cahners In-Stat, 2001
Cahners In-Stat, 2001
5
Why Johnny Loves Broadband

• Connections are Always On
• Theyre Fast
• And Plentiful

6
Be AfraidBe Very Afraid
Systems are subjected to NetBIOS scans an
average of 17 times a day. Honeynet Project
70-80 of ALL broadband users have been
probed. Yankee Group, 2001
There are 2,000 3,000 scanners on the net at
any one time looking for open connections.
Alan Paller, Head of Research, SANS Institute
New broadband customers experience 3 attacks in
the first 40 hours. Crossport Systems
7
Common Hacker Tools
8
Common Hacker Tools
9
This is real data!
10
Common Hacker Tools
IP was not designed as a secure protocol
11
Whats a firewall
12
Whats a firewall
Your Competitors
Your Headquarters
FIREWALL
Your Neighbors
Your Office
Johnnys Computer
Your Computer
13
How Firewalls Work
IP Header
Source IP Address
Destination IP Address
Transport Layer Protocol
TCP Header
Source Port
Destination Port
PACKET
Additional TransportInformation
A firewall is only as good as the data it
examines and quality of the rules it applies
Application LayerProtocol
Data
14
Firewalls Dont Protect Against

• Social Engineering
• Internal Attacks Most Damaging
• Viruses, Trojan Horses, Worms, etc.
• Poor Network Administration
• Insufficient Low Cost Solutions

What does Johnny think
15
Video Chapter 2Johnny Introduces Stateful
16
Johnnys View Of Your Network

• Some firewalls are not secure enough to stop
  him
• Three types mentioned
• NAT Boxes
• Packet Filtering
• Stateful Packet Inspection

17
Whats NAT?
Your ISP
Public IP 23.1.8.3 Static or Dynamic
NAT
NAT is simply a convenient way of sharing a
single IP address Not a security protocol
Private IPs 192.168.0.1 192.168.0.255Static
or Dynamic
Your Computer 192.168.0.56
18
Virtually No Protection
Your ISP Johnnys
Public IP 23.1.8.3 Static or Dynamic
Public IP 23.1.8.162 Static or Dynamic
SameDomain
Private IPs 192.168.0.1 192.168.0.255Static
or Dynamic
Private IPs 192.168.0.1 192.168.0.255Static
or Dynamic
Johnnys Computer 192.168.0.56
Your Computer 192.168.0.56
19
Whats Packet Filtering?
Packet Filtering blocks or allows packets based
on their destination port or other rules
Packet Filter Firewall
Incoming Packets
but does nothing to determine whether the
packets were requested in the first place.
Your Computer
20
Whats Packet Filtering?
Johnnys packets can be formed to look like
legitimate traffic
Packet Filter Firewall
Incoming Packets
Your Computer
21
Stateful Packet Inspection
Stateful packet Inspection remembers enough
packets to establish the state of the session.
Stateful Firewall
Your Computer
Session State
22
Stateful Packet Inspection
Stateful Firewall
Your Computer
Session State
Incoming packets that correspond to recent
outgoing requests are passed through.
23
Stateful Packet Inspection
Stateful Firewall
Your Computer
Session State
Unsolicited packets are blocked by the firewall,
regardless of how well they are formed.
24
ICSA Certification

• International Computer Security Association
• Extensive Testing
• Industry-accepted criteria
• Interoperability with other products

25
SonicWALL Firewalls

• Stateful Packet Inspection
• ICSA Certified
• Easy to use
• Scalable
• Affordable

What will Johnny do next?
26
(No Transcript)
27
Johnnys View Of Your Network

• Just because you have a firewall, that doesnt
  stop viruses
• The time between the appearance of a virus and
  the release of the anti-virus software is
  critical
• A well-disguised email could be devastating

28
Viruses, Worms, and Trojans

• Viruses
• A malicious program designed to destroy data or
  commandeer a system
• Worms
• Designed for self-replication, worms may or may
  not be harmful, but they use your system to
  spread
• Trojan (Horses)
• Masquerades as a benign or useful program and
  carries a harmful payload like a virus or a worm

29
Spread the Love

• The Love Bug released May 5, 2000 incorporated
  all three strains to inflict over 8.75B in
  damages.
• Virus
• Once executed, Love Bug infected files on
  computer systems, turning them into new Trojans.
• Worm
• Self propagated by sending itself out to everyone
  listed in email address books or IRC clients.
• Trojan
• Came disguised as a 'Love Letter' when really it
  was carrying a harmful program.

30
Incidents On the Rise
More incidents reported in 2000 than previous 5
years combined
80,000
70,000
60,000
50,000
40,000
30,000
20,000
10,000
CERTs Statistics 1995-2001 Number of Incidents
Reported
31
How Anti-Virus Tools Work
The Lineup
Anti-Virus programs work by searching files for
known patterns or signatures and comparing
against a database of existing viruses.
32
Time to Protection Gaps

• The Challenge
• Ensure your entire network is protected from new
  viruses
• Instantly distribute anti-virus updates

Average time to protection is 48 Hours!
Virus distributed and begins infecting systems
33
Three Types of Anti-Virus Protection

• Single User Anti-Virus Software
• Auto-Managed Anti-Virus Service
• Enforced Anti-Virus Service

34
Single-User Anti-Virus Protection
Installed and maintained on each individual
computer. Systems with current client software
and virus definitions are as safe as possible.
Systems with out-of-date virus definitions not
protected from emerging threats
Systems with disabled or uninstalled client
software have no protection
25 of all users neglect to install or update
their anti-virus software. --Central Commands
survey, June 2000
35
Managed Service Anti-Virus Protection
Installed and maintained on each individual
computer. Virus definitions supplied by
Anti-Virus Service Provider at a monthly cost
Users/administrators may still disable, remove,
or fail to update client software and eliminate
benefit of the service
36
Enforced Anti-Virus Protection
Firewall with enforced Anti-Virus
Client software automatically applied to all
systems accessing the Internet
Virus Definitions automatically deployed when
released
Malicious attachments can be blocked at the
firewall even before the definition is available,
closing the protection gap
37
The Hidden Dangers of Trojans
Stateful Firewall
Your Computer
Session State
Johnny can send a Trojan via e-mail into your
company.
38
The Hidden Dangers of Trojans
Since 1998, when Back Orifice was released,
over 100,000 copies have been downloaded.
Stateful Firewall
Your Computer
Session State
Once infected, that system Phones Home and
creates a valid session through your firewall
39
SonicWALLs Network Anti-Virus

• Automatically installs on all systems behind the
  firewall
• Automatically updates virus definitions when
  theyre released
• Blocks malicious programs at the firewall by name
  or extension
• Centrally manage anti-virus across the entire
  network

Will this keep Johnny out for good?
40
(No Transcript)
41
Johnnys View Of Your Network

• An unprotected VPN tunnel is an open door into
  the corporate network
• Many VPN solutions do not provide protection
• Access requirements must be balanced against
  security concerns.

42
Access for Mobile Remote Workers
In 2000 there were more than 30 million US
telecommuters. The study predicts more than 137
million workers will be involved in some sort of
remote work by 2003. Gartner
Group, 2001
Gartner Group, 2001

• Increasing numbers and types of connections
  demand scalable, comprehensive security solutions

43
Remote Access Via Leased Lines

• Leased Lines (Frame Relay) were almost the only
  choice for secure remote access
• Very Expensive
• Very difficult to deploy
• Very Fast
• Completely Secure
• Not practical for individual remote workers
• Not applicable to mobileworkers

Headquarters
Branch Office
44
Internet Remote Access

• Using the Internet makesconnections easy
• Virtually eliminatescosts
• Until Broadband, too slow foreveryday use
• Completely insecure

Headquarters
Branch Office
45
Virtual Private Network

• VPN creates a securetunnel of encryptedtraffic

Stateful Firewall
46
VPN has its downside
Internet access provides a back channel that
Johnny can utilize to gain access to corporate
resources
JohnnysSystem
Stateful Firewall
Even the firewall is unaware of unauthorized
traffic because its encrypted
47
VPN requires Firewalls
JohnnysSystem
Stateful Firewall
Stateful Firewall
Remote VPN users must have a firewall in order to
prevent hacking through to the corporate office
48
Anti-Virus is a Must
Remote Users must have up-to-date virus
protection to prevent transmission of malicious
files back up the VPN tunnel
Stateful Firewall
Stateful Firewall
49
What to look for in Remote Access

• Encryption
• DES (Data Encryption Standard) 56-Bit Key
• 3DES 168-Bit Key

Computer-based brute force methods would require
a maximum of 304,313,814,678,323 years to crack a
3DES key. Half that on average. NTA
Monitor, Security Specialists

• Integration
• Firewall, VPN, and Anti-Virus

50
SonicWALLs VPN Solutions

• Complete line of hardware appliances support VPN
• IPSec and 3DES

• Software VPN for mobile access
• IPSec and 3DES

51
Dont Forget Management

• SonicWALL Global Management System
• From 5 to 5,000 or more
• Do-it-yourself or Reseller-managed service

52
SonicWALL, Inc. Information

• The worlds leading supplier of firewall and VPN
  appliances. Infonetics, 2002
• 250,000 units sold
• 400 employees across 15 countries

53
Certified SonicWALL Partners

• SonicWALL sells products exclusively through
  authorized reseller partners
• Technical Training
• Sales Training
• A complete range of services
• Solutions rather than products

54
Parting Tips

• Be warybut dont worry, there is something you
  can do
• Any firewall is better than nothing, but stateful
  packet inspection provides the highest level of
  security
• Enforced anti-virus is a must for any network
  user
• If you use VPN for remote access, dont neglect
  firewall security and anti-virus protection at
  both ends

55
QA