Combatiendo Amenazas de Seguridad en la Nube - WatchGuard


Published on

Presentación de Juan Muñoz de WatchGuard en Technology Day 2010 el 16 de marzo de 2010. San José, Costa Rica.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • WatchGuard XCSAdministration Training Copyright © 2004-2005 watchguard Technologies Inc. All Rights Reserved
  • The other reasons cybercrooks are hard to stop are legal, political, and financial. I’m going to sum this point up by telling one story that stands in for many others like it. [first bullet] In 2003, a lawyer named Aaron Kornblum filed Microsoft’s first lawsuit against spammers. Kornblum was a former Air Force prosecutor, and the state of Washington had just passed the Commercial Electronic Mail Act. This gave him a legal basis to try to stop the millions of messages spammers were sending to people with Hotmail accounts. The federal CAN-SPAM act hadn’t been passed yet. Microsoft operates 130,000 email accounts outside of spam filters. They never send email from these accounts and the addresses are never posted – yet in 2003, they had received 18 million emails. They believed spammers were using “dictionary attacks” against all addresses ending in “” They also found a lot of emails from spammers that claimed they were FROM [second bullet] Nobody knows who spammers are! They can hide behind various IP addresses and aliases. So Kornblum had to go through a discovery phase, sending subpoenas to Internet Service Providers, forcing them to reveal who controlled the addresses that the spam was coming from. His team sent out more than 150 “John Doe” subpoenas. [third bullet] Armed with the info from the ISPs, Kornblum and his staff pored through five million addresses, finding which email accounts were owned or controlled by the same entity. This was how they determined who the worst offenders were. Among the small-time spammers were certain individual companies responsible for millions of spam emails. They became the main targets of Microsoft’s legal team. [fourth bullet] Microsoft then reaches out to other companies plagued by spam. Pfizer is especially eager to help. Why? Because they make Viagra! Ever seen any spam related to Viagra? Anyone? …Bueller? [fifth bullet] The coalition does a great job of their detective work, because various state Attorneys General – most notably, the New York Attorney General, Eliot Spitzer – advise them on how to gather evidence so it will hold up in court. Law enforcement helps, too. The evidence leads to this guy [hit space bar]. Robert Soloway, caught and convicted in December 2003. He is ordered to stop sending spam email and to pay $7 million dollars in damages. Happy ending, right? It took nine months, but they captured a spam king. But.. .there’s more to the story.
  • [first bullet] Soloway simply was not going to stop spamming. Endless fountain of excuses: “I didn’t send them, my company sent them.” “My company didn’t send them, our affiliates sent them, and I can’t control them.” [second bullet] Soloway owed seven million to Microsoft and ten million to a company in Oklahoma. He kept appealing until the appeals ran out. But he didn’t pay, and authorities could not find his bank accounts. [third bullet] With a permanent injunction forbidding him to send email in the United States, Soloway relocated his operation to a country where his activities are not illegal, and they won’t extradite him to the US. Back in business! [fourth bullet] Because he ignored the results of civil trials, he is arrested under criminal law. A federal jury indicted him on charges brought by the FBI, the IRS, the FTC, and the US Postal Service. More legal wrangling ensues. [fifth bullet] July 2008, after a plea deal, he agrees to serve nearly four years in prison. But think about it – his sentence is 47 months. It took 67 months to catch, convict, and stop him! [last sentence] Bottom line: It took five years in court, numerous major corporations, and several branches of Federal and State governments to stop this spammer. During most of that time, he kept operating. In one three-month period, he sent more than 90 million spam messages. This is just one spammer! So if you’re counting on the good guys to stop all the bad guys for you… you need a new plan. You’re gonna have to learn to defend yourself!
  • WatchGuard XCSAdministration Training Copyright © 2004-2005 watchguard Technologies Inc. All Rights Reserved
  • Combatiendo Amenazas de Seguridad en la Nube - WatchGuard

    1. 1. <ul><li>Combating email threats </li></ul><ul><li>in the cloud </li></ul><ul><li>Juan Munoz – Sales Director, Latin America </li></ul><ul><li>[email_address] </li></ul>
    2. 2. <ul><li>Combating Email threats in the Cloud </li></ul><ul><ul><li>Email importance </li></ul></ul><ul><ul><li>How does email work? </li></ul></ul><ul><ul><li>Most common Email threats </li></ul></ul><ul><ul><li>Current defense methodologies </li></ul></ul><ul><ul><li>Using the cloud to protect email </li></ul></ul>
    3. 3. <ul><li>Why is Email important? </li></ul>
    4. 4. <ul><li>How does Email work? </li></ul>
    5. 5. Anatomy of a Mail Transport System port 25 Forward port 25 traffic to internal mail server To: Lookup MX record for MX record =
    6. 6. <ul><li>Most common email threats </li></ul>
    7. 7. <ul><li>Most common email threats </li></ul><ul><li>Spam: more than 85% of all email is unsolicited </li></ul><ul><li>Viruses </li></ul><ul><li>Phishing </li></ul><ul><li>Code execution: HTML </li></ul><ul><li>Dangerous attachments </li></ul><ul><li>Also: </li></ul><ul><li>Data leakage </li></ul>
    8. 8. Why Doesn’t Someone Stop Them? Legal: convictions require time and money <ul><li>Example of the resources it takes to catch one spammer: </li></ul><ul><ul><li>2003, first Microsoft suit against spam email Five million accounts sent 18 million spam emails </li></ul></ul><ul><ul><li>Kornblum subpoenas “John Doe” times 150 </li></ul></ul><ul><ul><li>Custom “link analysis” tool shows where source addresses converge </li></ul></ul><ul><ul><li>MS forms a coalition: AOL, Yahoo, Earthlink, Amazon, Pfizer, various Attorneys General in US, Interpol </li></ul></ul><ul><ul><li>Leads to Robert Soloway, convicted December 2003 </li></ul></ul><ul><ul><li>Took nine months and all this effort to catch and convict one spammer. </li></ul></ul>
    9. 9. Why Doesn’t Someone Stop Them? Financial: convictions require MORE time and money <ul><li>Arrest and conviction did not stop Soloway: </li></ul><ul><ul><li>June 2004 – April 2005, Soloway’s company sends millions of emails Uses legal dodge to claim recipients had “opted in” </li></ul></ul><ul><ul><li>2005, appeals end and Soloway must pay Microsoft $7.8 million Never does: his bank accounts remain elusive </li></ul></ul><ul><ul><li>2006, Soloway moves his email server to China </li></ul></ul><ul><ul><li>May 2007, arrested, indicted on 35 charges Mail fraud, email fraud, identity theft, money laundering… </li></ul></ul><ul><ul><li>July 2008, sentenced to 47 months in federal prison </li></ul></ul><ul><ul><li>It took five years of legal process to stop this spammer. </li></ul></ul>
    10. 10. <ul><li>Current defense methodologies </li></ul>
    11. 11. <ul><li>Current defense methodologies </li></ul><ul><li>Anti-spam: </li></ul><ul><ul><li>Blacklists </li></ul></ul><ul><ul><li>Heuristics </li></ul></ul><ul><ul><li>IP Reputation </li></ul></ul><ul><li>Anti-virus: </li></ul><ul><ul><li>Signature-based </li></ul></ul><ul><ul><li>Some heuristics </li></ul></ul>
    12. 12. What happens if email is SPAM? Antispam solution
    13. 13. Let’s zoom in… WatchGuard Training Internet Internet link Firewall Anti-spam Quarantine Email Server
    14. 14. <ul><li>Using the cloud to protect email </li></ul>
    15. 15. How can we improve the current model? Using the cloud!!! WatchGuard Training Internet Internet link Firewall Anti-spam Quarantine Email Server
    16. 16. Some Statistics WatchGuard Training <ul><li>Only 6.6% of email and web traffic is legitimate </li></ul><ul><li>“ In-the-cloud” defenses can reject up to 98% of such traffic at the perimeter </li></ul>
    17. 17. Questions? [email_address] [email_address]
    18. 18. Visítenos en el stand de AEC Electrónica y regístrese para la rifa de un iPod Shuffle.