one word that will define network security
TRANSCRIPT
![Page 1: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/1.jpg)
ONE WORD THAT WILL DEFINE NETWORK SECURITY
STARTING SOON
![Page 2: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/2.jpg)
ONE WORD THAT WILL DEFINE NETWORK SECURITY
FRANCESCO TRAMA
![Page 3: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/3.jpg)
1. The Problem
2. How did we get here?
3. Getting a different perspective
4. Introducing Advanced IP Filtering Solution
AGENDA
![Page 4: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/4.jpg)
VOLUMEThe volume of traffic which is entering the security environment is unprecedented. We have and are accepting this volume as a part of doing business.
TRAFFIC
![Page 5: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/5.jpg)
Limits Visibility, Accuracy, Dependability
Increases Latency
Increases Logging, Alerting, False Positives
Increase costs
Adds Complexity, Management time
VOLUMETRAFFIC
ITS EFFECT TO NETWORK SECURITY
![Page 6: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/6.jpg)
TODAY’S VOLUMEFTP
WWW
VPN
SSH
TELN
IMAP
FTP
WWW
VPN
SSH
TELN
IMAP
FIREWALL
![Page 7: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/7.jpg)
FTP
WWW
VPN
SSH
TELN
IMAP
FTP
WWW
VPN
SSH
TELN
IMAP
FIREWALLJan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
LOG
LOGGING THE VOLUME
10/23/2008 17:57:12 name/radius/1 Error Server 0 Remote server dave-ultra (171.69.237.99:1645) is DOWN!
10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote server dave-ultra (209.165.200.224:1645) is being reactivated for later use.
10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote Server dave-ultra (171.69.237.99:1645) is UP!
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100- >/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system' Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
![Page 8: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/8.jpg)
FTP
WWW
VPN
SSH
TELN
IMAP
FTP
WWW
VPN
SSH
TELN
IMAP
FIREWALLJan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
LOG
LOG OBSCURITY
10/23/2008 17:57:12 name/radius/1 Error Server 0 Remote server dave-ultra (171.69.237.99:1645) is DOWN!
10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote server dave-ultra (209.165.200.224:1645) is being reactivated for later use.
10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote Server dave-ultra (171.69.237.99:1645) is UP!
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100- >/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system' Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
IDENTIFY, ANALYZE, REMEDIATE THREATS
![Page 9: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/9.jpg)
Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0 <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
THREAT VISIBILITY
10/23/2008 17:57:12 name/radius/1 Error Server 0 Remote server dave-ultra (171.69.237.99:1645) is DOWN!
10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote server dave-ultra (209.165.200.224:1645) is being reactivated for later use.10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote Server dave-ultra (171.69.237.99:1645) is UP!
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 010/23/2008 17:57:12 name/radius/1 Error Server 0 Remote server dave-ultra (171.69.237.99:1645) is DOWN!
10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote server dave-ultra (209.165.200.224:1645) is being reactivated for later use.10/23/2008 17:56:32 name/radius/1 Error Server 0 Remote Server dave-ultra (171.69.237.99:1645) is UP!
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0 <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
<34>Jan 12 06:30:00 1.2.3.4 apache_server: 1.2.3.4 - - [12/Jan/2011:06:29:59 +0100] "GET /foo/bar.html HTTP/1.1" 301 96 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)" PID 18904 Time Taken 0
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
** Alert 1339699918.65814: mail - syslog,adduser 2012 Jun 14 18:51:58 (CentOSHost) 192.168.100.100->/var/log/secure Rule: 5902 (level 8) -> 'New user added to the system'Src IP: (none) User: (none) Jun 14 18:41:23 localhost useradd[19265]: new user: name=ftpuser, UID=510, GID=501, home=/var/ftp, shell=/bin/bash
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
![Page 10: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/10.jpg)
EVENT MANAGEMENT
![Page 11: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/11.jpg)
VOLUME
PROBLEM NOT ADDRESSED
![Page 12: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/12.jpg)
‣ Forced to open ports for sensitive portals
‣ Increasing restrictions becomes an administrative challenge or could introduces latency
‣ Difficult to understand who or what is using port or if the port is needed.
‣ We accept the Logging, Alerting, Reporting as the solution
‣ Difficult to determine“good” from “bad”
‣ We do not have a good understanding the global economy
WHY
![Page 13: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/13.jpg)
ATTACKER ACCESSIBILITY: Today there are large pools (millions and millions) of compromised hosts sitting in homes, schools, businesses, and governments around the world provide the ability for attackers to stay small, nimble, and are challenging to track.
GLOBAL ECONOMY: Today’s global economy makes it extremely challenging when placing geographical restriction. It forces security teams to permit most traffic to secure portals
PORTS: Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside.
CHALLENGES
![Page 14: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/14.jpg)
BOTNETS AND PROXY
![Page 15: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/15.jpg)
‣ Zombies, bots, and proxies are located everywhere around in the world.
‣ The power of the attacker is their ability to stay small through the security environment.
‣ Hackers are using this ability to distract and destruct in mass amounts by using a bot army.
BOTNETS AND PROXY
![Page 16: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/16.jpg)
RECENT NEWS
![Page 17: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/17.jpg)
HOW WE ADDRESS THE PROBLEM TODAY
FTP
WWW
VPN
SSH
TELN
IMAP
F W
I D S / I P S
S PA M /W E B F / W
S I E M
U T M
![Page 18: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/18.jpg)
NEXT GENERATION GEO-IP FILTER
![Page 19: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/19.jpg)
FRANCESCO TRAMA - CO-FOUNDER
PACKETVIPER - BASED IN PITTSBURGH PA
▸ Advanced IP-Filtering Solution
▸ Address traffic at the perimeter before it enters the security environment
▸ Inline device that replaces nothing, no latency
▸ 5 min install
▸ Patented granular Geo-IP filtering that addresses the country, company, and threats bi-directionally by network port
![Page 20: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/20.jpg)
WHAT IS PACKETVIPER?
Geo Location Data
Rules Management
Logging & Reporting Engine
![Page 21: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/21.jpg)
WHERE DOES IT FIT?
DMZ
PACKETVIPER
ANY FIREWALL
PROTECTED LAN
COUNTRY / COMPANY / NETWORK / IP / PORT
COUNTRY / COMPANY / NETWORK / IP / PORT
![Page 22: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/22.jpg)
HOW DOES IT WORK?
REDUCES LOADS THROUGH ENTIRE SECURITY PROCESS
FTP
WWW
VPN
SSH
TELN
IMAP
FIREWALL
FTP
WWW
VPN
SSH
TELN
IMAP
PACKETVIPER
![Page 23: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/23.jpg)
5min
10days
25% Load, volume & threats reduction
Installation
Free use and audit
Try our FREE 5*10*25 Program
http://go.packetviper.com/5-10-25
![Page 24: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/24.jpg)
www.packetviper.com
855-758-4737
![Page 25: One word that will define network security](https://reader031.vdocuments.us/reader031/viewer/2022022413/58edeeb01a28abf8358b45c1/html5/thumbnails/25.jpg)