My 6hrs presentation slide in Internet Thailand customer summit in year 2005.

1. Symantec Enterprise Security : Securing your business along network intrusions Somyos Udomnilobon Sales Engineer - Thailand

4. Symantec Enterprise Security Solution Vulnerability Management Firewall/VPN Intrusion Detection Virus Protection Client Security Managed Security Services Education Services Response and Support Gateway Security Security Infrastructure Management

6. Why security is concern?

10. Why the Security Problem is hard to fix Where’s the sweet spot?

11. The Lifecycle Security Model Key To Success Identify systems and assets on the network and identify critical vulnerability points Define and document an organizational security policy Identify changes to network infrastructure and compliance with policies

12. Strategic Business Risks Regulatory Action Corporate Liability Indirect Costs Loss of Customer Confidence

14. Security Critical to e-Business Success Importance of Security in eBusiness Solution Decision Criteria Source: IDC

15. Source: survey of 538 computer security professionals conducted by the Computer Security Institute (CSI) and the US Federal Bureau of Investigation (FBI) . Soaring Costs and Security Breaches

16. Evolving Security Threats Will Your Perimeter Security Stop Them?

17. Threat Evolution Polymorphic Viruses (Tequila) Blended Threats (Code Red, Nimda) Denial-of-Service (Yahoo!, eBay) Mass Mailer Viruses (Love Letter/Melissa) Zombies Source: Symantec Viruses Network Intrusions 70,000 60,000 50,000 40,000 30,000 20,000 10,000 Number of Known Threats

18. Source: CERT, Carnegie Mellon University http://www.cert.org/stats/ > 99%

19. Average Reported Losses Unauthorized Insider Access Theft of Proprietary Information Outside System Penetration Financial Fraud Sabotage and Denial of Services 2000 CSI/FBI Computer Crime and Security Survey $1.1 M + $1.0 M + $617,000 $536,000 $172,000

34. Denial of Service Example: LAND Attack Spoofed IP Packet Packet is sent back to itself Again, again, .. Land Unix-Server CRASH

38. The New “Integrated Threats” Internet Nimda Worm Example Workstation A security threat or attack that uses multiple methods to propagate Nimda $500M + Code Red $2.5B Workstation Via Email File Server Workstation Mail Server Firewall Web Server Via Web Page Web Server Mail Gateway

39. Rapid, Multiple Ways to Spread Internet Nimda Worm Example 1. Worm arrives by email – uses Mime exploit to execute by just reading or previewing file. Infected systems use worm’s own SMTP server to send emails to others. 2. Users visiting compromised Web servers prompted to download infected file containing worm as attachment. Workstation Via Email File Server Workstation Mail Server Firewall Web Server Via Web Page Workstation Web Server Mail Gateway

40. Just “Any” Firewall Won’t Be Effective Internet Nimda Worm Example Workstation 3. Infected systems scan for unpatched IIS servers, then use Unicode Web Traversal exploit to gain control of the target server. Commands/messages embedded creating non-RFC compliant HTTP protocol packets. Create DOS with outbound traffic. 4. Nimda scans for and attacks hard disks with file sharing enabled, creates an open network share and guest account with admin privileges. File Server Mail Server Firewall Web Server Mail Gateway Workstation Via Email Web Server Via Web Page Workstation

46. Example Blended Threat Incident Blended Threats use worms, email and application vulnerabilities, and network shares to gain control of systems BT BT BT BT BT BT BT BT BT BT BT

53.  *

54. Web Site Defacements Source: attrition.org

55. Security requires defense in depth Groupware Servers Database Servers File Servers Telecommuters Modems Hacker Customers Partners Branch Office Wireless Device Web Server Firewall

56. Let’s take a break

57. Securing your business… How to prevent your network against intrusion?

58. Vulnerability Management - Scan Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems Firewall Probe for Vulnerabilities Probe for Vulnerabilities

59. Vulnerability Management If you know where you are vulnerable and the risk these vulnerabilities pose to your organization, efficient steps can be taken to pro-actively close the vulnerabilities and mitigate the risk to an acceptable level.

60. Vulnerability Management How secure are we?

62. ESM - Inside In NetRecon – Outside In ESM

63. ESM assess and comply Actual Environment ESM COMPLIANCE Policy Standards Procedures, Guidelines & Practices

64. Firewall - Multi-tier approach Firewall Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems

75. Number of vulnerabilities Level of security

77. Deployment Example Desktops Public Web Servers Telecommuters Customers & Partners Servers VelociRaptor Router Corporate Network Partner Web Servers Branch Office Central Administrator Internet

78. VPN - Office-to-office and Client Firewall Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems

83. VPN Deployment Scenarios Public Servers Symantec Enterprise Firewall Router Symantec Enterprise VPN Public Servers Symantec Enterprise Firewall With VPN Router Internal Network Public Servers Symantec Enterprise Firewall Router Internal Network Symantec Enterprise VPN Internal Network Internet Internet Internet

84. Personal Firewall with Client VPN Web FTP Telnet SQLNet Other Attacker Internal network VPN User without firewall Internet Personal Firewall Web FTP Telnet SQLNet Other VPN User with firewall

85. Anti-virus - Multi-tier Approach Firewall Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems AV AV AV AV AV AV AV AV AV AV AV

86. Virus Evolution Mass Mailer Viruses (LoveLetter/Melissa) Remote Control Trojan (NetBus) Polymorphic Viruses (Tequila) PDA Virus (Palm Liberty) Macro Viruses Source: Symantec Number of Known Viruses

88. Symantec Multi-tier Virus Protection Gateway/ Firewall Gateways: Solaris Win NT/2000 Firewalls: Solaris Win NT/2000 Server Win NT/2000 NetWare MS Exchange Lotus Notes AIX OS/390 OS/400 OS/2 Desktop Win9x/NT/2000/WinME DOS/Win16 OS/2 Macintosh

102. Content Filtering - Block unwanted content Firewall CF E-mail servers Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems

103. Detect Intruders Firewall Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems Hacker IDS

110. Layered Security - Reduces Network Risk

111. Login screen or Trojan Horse? G. Mark Hardy

112. Surprise! G. Mark Hardy

113. Intruder Alert - Warning!!! NT Logon Replaced

114. Host vs. Network IDS You Need Both!

119. Backplane options including 4 GigE or 10 10/100Mbps interfaces Behaviour based-IDS Deployment (Symantec ManHunt)

120. ManHunt Data Flow

121. Deception based-IDS Deployment (Symantec ManTrap)

122. Deep Deception Deployment

123. Web Access Management Firewall E-mail servers Groupware Servers Database Servers File Servers Customers Partners Branch Office Wireless Device Web Server Telecommuters Modems

124. Traditional Web Access Management Auth. DB DB Auth. DB DB Secure (Trusted) Network Service Network (DMZ) Web Users & Internet Firewall Web Servers & Content Application Servers Application Servers Hacker

125. Secure Web Access Management Proxy Server NT Auth Agent Authentication Mechanism(s) Secure (Trusted) Network Service Network (DMZ) Web Users & Internet Firewall LDAPAuth Agent Other Auth Agents Central Management Server Web Servers & Content PKI Auth Agent

130. Enterprise Security Management Anti-Virus Firewall Content Filtering Vulnerability Management Web Access Management Intrusion Detection Web Gateways Mail Gateways Mail Servers File Servers Remote Users Desktops Policy Management Security Management Console Incident Management Logging Reporting Alerting Updates

131. How to implement in our system?

132. Client Server Gateway Current State of the Security Market: Multi-Tier; Multi-Vendor

135. Step 1: Building a Security Policy Mandate to implement security Standard to measure security Basis for all security technology and procedures Policy Standards Procedures, Guidelines & Practices Corporate Security Policy

136. Build your own security policy ? FFIEC – 12 CFR 364 COPPA FDA C6 HIPAA GLBA EUDPD Government Regulations HIPAA Security & Privacy Rule OCC OTS FFIEC FDIC FRB NCUA SEC – 17 CFR 248 FTC – 16 CFR 313 HIPAA still in progress CC BITS TSSIT Policy Standards Procedures, Guidelines & Practices

138. Implementing Logical Security Corporate Security Policy Logical Security Guidelines/ Standards Compliance Checking Bring Systems into Compliance 1 2 3 4 5 6

139. Certification and/or Attestation BS7799 SAS70 Safe Harbor SysTrust WebTrust ISO17799 Compliance Checking Bring Systems into Compliance HIPAA Security

140. ESM assess and comply Actual Environment ESM COMPLIANCE Policy Standards Procedures, Guidelines & Practices

141. How to Stop an Integrated Threat Internet Nimda Worm Example Workstation Anti Virus Blocks known viruses & worms Scan and inspect all SMTP, HTTP and FTP Detects worm infection Repairs infected files Firewalls Full inspection FW to block all non-RFC compliant traffic Full inspection FW to block outbound server initiated traffic Full isnpection FW to block specific exploits & logs activity Intrusion Detection Detects directory traversal exploit traffic Detects probing , specific intrusions & DOS attacks Logs can identify systems compromised Take action – block traffic Vulnerability Management Server software to: Identify patches not installed Identify weak security settings Identify unneeded services running Workstation Via Email File Server Workstation Mail Server Web Server Via Web Page Web Server Mail Gateway

142. Multiple Defenses Work The Best Internet Nimda Worm Example Workstation Anti Virus Firewalls Intrusion Detection Vulnerability Management Workstation Via Email File Server Workstation Mail Server Web Server Via Web Page Web Server Mail Gateway

143. Typical Perimeter Threats Internet Probing Back-door attacks DOS attacks IP spoofing attacks Theft, Sabotage Web defacement Macro Virus (WM32) Mobile Code (Melissa) Block specific exploits Direct & inspect traffic AV on gw, servers, ws Block known exploits via SMTP protocol Detect & clean files Network IDS Detect attacks Alert / Log Workstation Via Email File Server Workstation Mail Server Firewall Hacker Cracker Web Server Mail Gateway

147. Customer case studies

149. Symantec is winning at the Gateway!

150. User SMTP server 1. User sends file to HTML-based e-mail system CarrierScan Servers 3. CSS scans file and finds and cleans virus. Successful Story: CarrierScan Server in Yahoo Environment 5. CGI forwards e-mail to SMTP server Web Server CGI script sends to CSS 2. Passed to CGI script 4. File returned to web server Note: 1M to 1.2M e-mail send/receive per day

151. Customer Success Stories

152. Wrap Up

153. Wrap-up

154. Thank you Somyos Udomnilobon [email_address] (662)627-9051