Attack Prevention

The risks of unauthorized access are best managed with a clearly defined defensive strategy that combines effective technology tools and user vigilance. Without a clear strategy defining the management of all available resources—including personnel, software and technology - no IT tools will be effective. The best way to establish a strategy is through risk analysis. A sound understanding of risk will help you to choose the right technology tools to prevent unauthorized access.

Technology Tools

A number of technologies and tools are used to prevent and manage access. These include:

• Firewalls
• Intrusion Detection Systems (IDS)
• Content security
• Vulnerability assessment
• Software updates (patches and hotfixes)
• Hardened operating systems and applications

Firewalls

A firewall prevents unauthorized access to your network and reduces the risk of an information security breach.

A firewall can detect or prevent many typical network-based attacks by:

• Logging connection attempts and traffic
• Authenticating users trying to make network connections
• Inspecting network packets and tracking the state of connections to ensure they are behaving as expected
• Inspecting application traffic (e.g. email viruses or Web pages)
• Protecting internal networks by performing Network Address Translation (NAT)

Firewalls ensure that network traffic of certain types (or from certain applications) is allowed to pass from one network to another according to a set security policy.

Firewalls are available in several forms.

• Software installed on a server/host system
• Appliance (a network device) or
• Feature of other network device (e.g. a router)

Firewall logs produce a large amount of data and turning this data into useful information can be a complex task.

Intrusion Detection Systems

Intrusion Detection Systems (IDS) act as burglar alarms for a network or system. They can identify hacker tools 'casing' the environment, detect the 'rattling of doorknobs' to see if the house is unlocked, hear the 'shattering of glass' as entry is gained, sound the alarm and call the 'police' (or the network administrator). They can also monitor and log forensic evidence to support any legal case.

There are two types of IDS systems.

Host-based

• Installed on servers to identify activity and anomalies and report on server specific problems or activity
• Similar to virus defense software, except the IDS is looking for behavior, rather than patterns, in files

Network-based

• Monitors the network to watch traffic, stop intruders and report on suspicious and unusual activity

An IDS should be considered if an organization:

• Suffered a security breach within the last twelve months
• Transacts business through the website
• Wants internal partitioning of your network
• Has a high-profile organization liable to attract malicious attacks
• Has an unattended remote site with ISP links
• Outsources part or all of its IT operations
• Connects to clients or business partners
• Has no permanent, full-time security staffing capability

Content Security

Firewalls are like the Immigration department at an airport. They check who you are and verify that you are authorized to enter or leave. Content security is like Customs: it looks at what you are carrying. Content security looks for items like spam, viruses, pornography, confidential information and excessive bandwidth use.

Content security solutions review the content of email and Internet browsing in real-time. They check for content or activity that is considered to be a security risk or is in breach of acceptable use policies. Content security is sometimes known as content scanning or a content firewall.

Traditional firewalls control who has access to your network and what devices they can view. Content security controls what type of data is allowed to enter and leave your network.

Content security software is traditionally used to defend against a variety of common security threats including spam, viruses, phishing, spyware and malicious code.

Patches and Hotfixes

Most software vendors have websites that provide patches and hotfixes. All systems should be patched to the level recommended by the vendor. Unpatched systems are like an open window into your business.

Many commercial operations and hacker sites provide online databases of known vulnerabilities and exploits.

Hardened Operating Systems and Applications

Hackers are always looking for weak spots. You can reduce these by building your systems using recognized configurations.

Operating systems contain a vast number of settings, features and options. If these are set incorrectly they can lead to easy attack and compromise.

Many default settings are open, insecure or switched off. Security standards must be defined and implemented for all hosts. These will vary for different operating systems.

Vigilance

There is no more effective security control than an informed, vigilant workforce.

Computer systems are best at running repetitive tasks but people are much better at detecting the unusual. Training and educating staff is perhaps the most cost-effective way of managing your information risks and blocking threats.

M86 Security Attack Prevention

M86 Security offers solutions for Web and email gateway content security, protection from viruses and other email content threats, as well as features to limit the effects of protocol attacks such as Denial of Service (DoS) and Directory Harvesting Attack (DHA). Additionally, M86 Security's products can deliver easy-to-use reports that highlight the important information from one or more firewalls.

M86 Security's content security is designed to be robust and resistant to attack. We also provide technical advice about additional measures that can be taken to harden our solutions and the host systems.