Best Practices for Deploying Intrusion Prevention Systems. A better approach to securing networks
|
|
- Phoebe Jones
- 8 years ago
- Views:
Transcription
1
2 Best Practices for Deploying Intrusion Prevention Systems A better approach to securing networks
3 A better approach to securing networks Contents Introduction 3 Understanding deployment needs 3 Selecting placement points 5 Choosing the right IPS to meet your needs 5 Tuning and configuring 6 Ready for prevention 8 Other useful tips and practices 8 External notification 8 IPS authorized privileges 9 Retention considerations 9 Summary 9
4 Best Practices for Deploying Intrusion Prevention Systems Introduction Interest in intrusion prevention has been gaining ground since late There are a number of reasons for this, not least of which is the thinking that a defensein-depth strategy is essential in any enterprise network environment. Regulatory compliance reports and other requirements are also leading many to consider implementing intrusion prevention systems (IPSs) as a next-generation security technology. Whatever the reason, it is important to not only select the right technology but to deploy this technology correctly. To enable the accomplishment of both objectives, this white paper will outline the criteria for a successful IPS deployment. First, it is important to remember that IPS can refer to network- and host-based IPS, firewalls, and modified networking equipment like routers and switches. Because of the limitations of certain network equipment and IPS solutions that are host-based, this white paper will only focus on the best practices related to deploying a dedicated network IPS. Understanding deployment needs Before deploying an IPS, there has to be an understanding of what is going to be protected. It would be easy to say everything. However, what does everything mean? It certainly refers to applications and servers. But it could also mean printers, desktops, routers, switches, or IP infrastructure like mail, DHCP and DNS servers, and other network-attached devices. The problem is that when everything is protected by IPS, it can set up unrealistic expectations. The key is to not plan aggressively when initially deploying IPS. Additional rules or control that is more granular can always be implemented as security management skill sets and understanding of network and application functionality rise. With IPS, it is best to concentrate at the perimeter and at externally facing services such as FTP, , and Web services. The protected services and resources should be the most business-critical processes, where relying on a single mode of protection is impractical or insufficient especially in consideration of regulatory compliance mandates like the Sarbanes-Oxley Act, the European Union Directive 95/46/EC and the Gramm-Leach-Bliley Act. Once you know what you want to protect, you can then think about the things you want to protect them from. As an example, you may already have two types of protection for protocol-based vulnerability exploits and Trojans in the form of a firewall and antivirus software. But you may not have the means to protect your critical processes from brute force or application-based attacks or insider attacks, which could represent a targeted internal threat. Successful IPS deployments include being able to define the threats you wish to protect the enterprise from. Don t discount this seemingly simple notion. Understanding the threats you want to protect your environment from has a tremendous impact on your deployment requirements. There are classifications for most exploits, spyware, and malware that could find their way into your environment. It is important to classify threats so that they can be dealt with effectively as a group, whenever possible. Managing threats individually can be daunting. However, at many levels there are often commonalities between threats in how they act, infect, and spread. Check Point Software Technologies, Ltd. 3
5 A better approach to securing networks A subset of the threat classification may include: Authentication and authoritative issues. This could include: Privileged access acquiring administrative credentials (such as root) without proper authorization User access acquiring the credentials of a user without proper authorization Malware. This could include: Worms matching known service exploits or perhaps acting similar to a known exploit Code execution the execution of arbitrary exploit code on a targeted system that may install unwanted components such as keyboard loggers Denial of Service (DoS) denies service to legitimate uses. This could include: Ping of death Syn flood Best practices violations not malicious activity but something that violates best security practices such as a username with no password or a banner that indicates a vulnerable software version. This could also include: Security policy violations this could be characterized by instant messaging, streaming video, or logging into a system or application from an unauthorized subnet. This could be expanded to seeing traffic that indicates a firewall or other security policy enforcement point has not been configured correctly or has been compromised Password lengths and the proper mix of letters and numbers Information gathering as a prelude to an attack Accessing data or attempting to move restricted files, directories, or data Application-based attacks attempts to exploit vulnerabilities in certain kinds of servers by means of buffer-overflow and injection-attack attempts including: Web-based injection attacks that try to gain access to information or privileges outside the domain of the application Buffer-overflow attacks aimed at general applications or services DNS usurping and spoofing A method classified above is often preceded by a discovery or recon effort by the threat. These efforts will determine for a potential attacker if some part of your infrastructure is vulnerable. It could also allow for the tailoring of exploits for your specific type of system. Many discovery efforts are so elaborate, that they can even determine if your vulnerable component is capable of spreading infection, influence, or control to other systems and components. You will need to invest time tuning your IPS to your specific environment. Of the aforementioned classifications; authentication, malware, and DoS are relatively easy to implement. Keep in mind that establishing best practices by changing user behavior will require some education and is best accomplished in modest segments. Best practices violations and application-level attacks are far more insidious and are very important to catch early. Remember, that every time you patch those applications or make a change to your policies, you may need to retune. 4 Check Point Software Technologies, Ltd.
6 Best Practices for Deploying Intrusion Prevention Systems Selecting placement points Placement of sensors is vitally important for a successful IPS deployment. Where should you put IPS devices to maximize their effectiveness? Anywhere your infrastructure or applications are unjustifiably at risk these areas would be likely targets. Typically, IPS devices are deployed: 1. Behind firewalls and WAN routers 2. In front of server farms or similar collections of resources 3. At other network access points By concentrating on these critical points, you will reap greater rewards from your initial deployment. The reason for this is that most compliance requirements focus on the ingress and egress points to the network core. Also, deploying IPS at these choke points in the network provides maximum protection opportunities because they involve transporting and enabling the most network traffic. WAN router points are excellent candidates for IPS deployment as they are often the ingress points for exploits from remote sites where you have little direct control and perhaps no authoritative control. If a remote site or business partner site is compromised, you are often defenseless against an infection already running rampant at that location. If extranet or trading partner VPNs are a recurring source of vulnerability, you should review the advantages of a Firewall-integrated IPS function like VPN-1 with SmartDefense protections. In addition to server farms and other hardened access points, a connection from a wireless warehouse application is another type of access area. Blackberry servers or handheld wireless barcode readers are examples of this. These areas are especially vulnerable points within any infrastructure. They often mark boundaries within your network and may represent services and devices that cannot be protected by other methods. These boundaries also represent additional logical and physical responsibilities. These access points signify hard-to-secure applications or services. However, they must be protected. Choosing the right IPS to meet your needs Not all network IPS systems are created equal. With the myriad of vendor claims, confusion can arise from the process of selecting the right IPS for your needs. The following points are key criteria to consider when choosing an IPS: Detection accuracy when considering IPS, it s easy to overlook the fact that to do prevention right, you need accurate, granular detection. You need to pay attention to on-the-wire detection capabilities and detection-test-accuracy scores because unlike intrusion detection systems (IDS) where a false-positive is frustrating, an IPS false-positive can have a direct impact on business Bandwidth requirements instead of getting caught up in speeds and feeds; consider the bandwidth requirements of your network. If the link to your remote site is a T3 line, it does not make sense to place a Multi-gigabit-capable device at that point. However, regardless of advertised bandwidth, always be sure to validate that it meets your need in active inline mode rather than simply passive monitoring mode Check Point Software Technologies, Ltd. 5
7 A better approach to securing networks Management platform often when evaluating IPS, the focus is on appliances and sensors with no consideration of the overall management platform. The situational visibility necessary to effectively manage network-wide intrusion prevention, provide automated signature updates, deploy upgrades, and configure policies should all be accounted for as part of your evaluation Tuning flexibility it is important that you have power and flexibility when tuning IPS, particularly the ability to tune prevention/blocking to a qualitative or confidence score that will help mitigate concerns regarding false-positives. Review your architectural decision. Will your selected architecture be able to meet the detection and processing requirements of evolving threats? High availability in the IPS model, ensuring appliance high availability is a must. The appliance should have requisite zero-power fail-open options. However, in organizations where security is business critical, you should also give attention to need for high availability throughout your overall IPS architecture. For instance, the server components should offer failover capability Scalability you should weigh scalability based on the size of your environment, and plans for expansion. However, if you are running more than a nominal number of sensors or if you have plans to grow your deployment substantially, you should ensure the overall architecture scales to meet your needs Reporting in view of regulatory compliance requirements, the ability to report on the state of known attacks, protection coverage, remediation, and vulnerabilities has become a critical need If you consider these seven key criteria, you will be able to make the right selection for initial deployment. Tuning and configuring Once your system is installed, you may be tempted to turn on every available inspection method. However, this is not the ideal way to configure your system. Remember the business objectives and the earlier classifications. Enable just one group at a time, starting with the ones that you know are most likely to impact business operations. Then examine the sensor alerts, watching for just those classification exploits. You will likely gain insight to your network that you never had before, even if you regularly run vulnerability scans or penetration tests. Explore these alerts and verify if they are true (positive) or not true (false-positive). If they are not true, tune the entire system or just the specific systems involved with the false-positive. Typically, this can be done by using the IP address of the source and destination systems involved in the alert. You may choose to configure your IPS to ignore the traffic entirely (white-list) or record the event but not report it to the console. You can also directly modify the applications causing the event and thus eliminate the alerts at the source. Once you complete this for one alert classification, you should enable more groups and repeat the process. 6 Check Point Software Technologies, Ltd.
8 Best Practices for Deploying Intrusion Prevention Systems This process should also account for the confidence score that a particular detected event is actually malicious. Some products may have this capability built in and offer you a more granular level of tuning. This can be tremendously beneficial because it allows you the capability to configure the level of prevention based on the confidence score associated with a given security event. An attack with a known signature match should get a high confidence score while suspicious activity that may be ambiguous in nature will be given a lower confidence score. As the user, you could set the IPS to block attacks that score 90 percent or higher. This ensures that you can prevent serious attacks while not risking the possibility of inadvertently blocking legitimate traffic. Once you have done your initial tuning, and any necessary remediation, you may think you are ready for the next step. But many applications do not run all the time, where they would be seen early and often by an IPS. Many, like backups, run only at night or on odd days. Financial and payroll applications may only run weekly or monthly. Accounting packages may only run at month-, quarter-, or year-end. So, although the bulk of the tuning can be done at the beginning, you will most likely have to revisit this process over the course of the next few days, weeks, or months. A common approach is to tune initially, and then tune again one weekend and one month- or quarter-end later. An easy place to start is with inspection for known malware and/or malicious code execution. This will offer immediate benefits because the IPS immediately will begin mitigating worms and viruses at the point of deployment. It is also important to bear in mind that systems already infected with malware can be carried into your network from the outside. Some consideration should be made to identify internally infected resources. Once you have conducted your advanced tuning regarding external threats, you can then create rules and policies for your IPS to address internal compromised resources. Laptops are prime targets since they are often used outside the protective corporate environment for extended periods. The backdoor communications of these infected systems is what gives them away. Certain malware and spyware have a replication and reporting component where the infected system tries to communicate with a master system while it tries to spread its infection. For example, an exploit may launch its own server and then s out its infection to every person listed in your address book. This can be detected by looking for outgoing traffic coming from an server not identified as a corporate mail server. It may even be sending over a nonstandard mail IP port number. Check Point Software Technologies, Ltd. 7
9 A better approach to securing networks Ready for prevention Up to this point, you might think you are in good shape, having deployed an IPS system and tuned it to a high degree of confidence. You should be comfortable that the received alerts are real attacks. As such, you can now take action. It is time to determine how you want to eliminate the offending traffic. Examine and then make your choices for stopping attempts before configuring a preventive response. Your choices usually break down into three approaches: Drop the traffic in this case, the packet is dropped and there is no protocolbased handshake with the participating parties to notify them of the event. This can be good news since it makes it harder for an attacker to figure out what is thwarting his/her efforts. At this point, it is harder for this person to decide how to proceed Blacklist the attacker this means that once an attacking source is identified, it is added to a list that is first examined when a packet shows up for inspection. If it matches a previous entry, no further inspection is required, and the packet can just be dropped. The benefit here is that it is less overhead for the IPS system. This capability is an important layer in your defense against a DoS attack Reset sends TCP resets to the attacker and the intended victim so they both know the connection has been closed. This is the gentlest method and is often used for policy violations. This allows both parties applications to recover gracefully Other useful tips and practices Here are some helpful tips and practices to keep in mind. External notification The first involves automatically externalizing notification. In many small- to medium-size companies, it is impractical to dedicate a single person to continuously watch the console. If a designated security person is available, duties are often widespread and the console may not be kept in constant view. Therefore, you can choose to have the critical notification externalized to a mobile device like a wireless PDA or cell phone. The choice of what should be externalized will be done based on the severity of the attack. To add to that line of thinking, you could also categorize each event into groups based on severity. Attacks of opportunity an attacker, usually an automated process, suspects one of your systems has a vulnerability. This is usually a random shotgun attempt to infect or exploit as many systems and networks as possible, like a worm or Trojan. These can also include the difficult-to-detect blended threats where more than one type of discovery, attack, or threat replication is combined with others Attacks of intent an attacker has focused on a target or enterprise and will keep up the assault until success or the arsenal is exhausted. If your signatures and policies are up-to-date, most attacks of opportunity should be handled automatically and do not require direct notification, unless it is targeting a specific system of high value to your business operations. Attacks of intent are something else. Someone making a deliberate attempt to breach corporate security or violate policies should warrant your immediate notification, especially if the attempted breach involves a business-critical server 8 Check Point Software Technologies, Ltd.
10 Best Practices for Deploying Intrusion Prevention Systems IPS authorized privileges Another item of importance is related to privileges. IPS is not just an appliance that stops bad traffic: it is a point of protection and policy enforcement. Like with all critical infrastructure components and systems, each administrator should use a separate set of credentials to gain access so that all activity and changes can be logged and traced back to that individual, if necessary. Many IPS systems support a hierarchical approach to managing administrative users that makes this easier. Retention considerations Although this is less of an issue in IPS, the last topic to consider is the retention of alert information. To answer the retention question, start with two pieces of information: Your company s policy on retaining information look at policies that relate to phone records or system log files as a guide The recommended practices or compliance requirements that govern your business Hopefully, a straight-forward comparison to prevailing retention policies and backup procedures will affirm that they align and agree. When considering how you will retain and store this alert information, remember to consider that some jurisdictions will not allow IPS/IDS records to be admitted into evidence at a legal proceeding if they have been altered in any way. If they were compressed, or truncated to save space, they may not be allowed from a forensic perspective. This may be a concern if your organization ever has a need to use this information to prosecute or defend an individual or organization. It is also a good idea to check with your IPS vendor on guidelines for disk space planning. Summary Leading a successful IPS deployment will require the following steps: Understanding your needs for real-time threat protection Selecting the right IPS product for your organization Determining the right placement points for your IPS deployment Taking the time to tune your system right Setting up your compliance-reporting parameters Configuring your IPS for data retention and backup Periodic but necessary evaluation of your overall system use Check Point Software Technologies, Ltd. 9
11 About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. ( is a leader in securing the Internet. The company is a market leader in the worldwide enterprise firewall, personal firewall, data security and VPN markets. Check Point s PURE focus is on IT security with its extensive portfolio of network security, data security and security management solutions. Through its NGX platform, Check Point delivers a unified security architecture for a broad range of security solutions to protect business communications and resources for corporate networks and applications, remote employees, branch offices and partner extranets. The company also offers market leading data security solutions through the Pointsec product line, protecting and encrypting sensitive corporate information stored on PCs and other mobile computing devices. Check Point's award-winning ZoneAlarm Internet Security Suite and additional consumer security solutions protect millions of consumer PCs from hackers, spyware and data theft. Extending the power of the Check Point solution is its Open Platform for Security (OPSEC), the industry's framework and alliance for integration and interoperability with "best-of-breed" solutions from hundreds of leading companies. Check Point solutions are sold, integrated and serviced by a network of Check Point partners around the world and its customers include 100 percent of Fortune 100 companies and tens of thousands of businesses and organizations of all sizes. CHECK POINT OFFICES Worldwide Headquarters 5 Ha Solelim Street Tel Aviv 67897, Israel Tel: Fax: info@checkpoint.com U.S. Headquarters 800 Bridge Parkway Redwood City, CA Tel: ; Fax: URL: Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Endpoint Security On Demand, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications. May 30, 2008 P/N
The Evolution of IPS. Intrusion Prevention (Protection) Systems aren't what they used to be
The Evolution of IPS Intrusion Prevention (Protection) Systems aren't what they used to be The Evolution of IPS Contents Background 3 Past Case for Standalone IPS 3 Organizational Control 3 Best-of-Breed
More informationCHECK POINT. Software Blade Architecture. Secure. Flexible. Simple.
CHECK POINT Software Blade Architecture Secure. Flexible. Simple. softwareblades from Check Point Today s Security Challenge Protecting networks against today s constantly evolving threat environment has
More informationEndpoint Security Considerations for Achieving PCI Compliance
Endpoint Security Considerations for Achieving PCI Compliance Contents PCI Requirements and Endpoint Security 3 Overview of the PCI Data Security Standard 3 Developing a PCI Compliance Plan 4 Endpoint
More informationSecure Remote Access for the Distributed Business. Challenges, trends, and considerations
Secure Remote Access for the Distributed Business Challenges, trends, and considerations Secure Remote Access for the Distributed Business Contents Overview 3 Remote access trends 3 Increasing security
More informationGuide to the TCO of Encryption. Deployment of Check Point data security can reduce the total cost of ownership by half
Guide to the TCO of Encryption Deployment of Check Point data security can reduce the total cost of ownership by half Deployment of Check Point data security can reduce the total cost of ownership by half
More informationLeverage IPS to Make Patch Tuesday Just Another Day
Leverage IPS to Make Patch Tuesday Just Another Day Contents Introduction 3 Evolution of a Practice 3 Weaknesses of the Model 4 Lack of timeliness 4 Inherent predictability 4 Painful disruptions 5 A Better
More informationCHECK POINT. Software Blade Architecture
CHECK POINT Software Blade Architecture 2 softwareblades from Check Point Today s Security Challenge Protecting enterprises against today s constantly evolving threat environment has never been more challenging.
More informationNeutralizing Spyware in the Enterprise Environment
White Paper Neutralizing Spyware in the Enterprise Environment Check Point protects every part of your network perimeter, internal, Web to keep your information resources safe, accessible, and easy to
More informationCheck Point Whitepaper. Check Point Abra: A Virtual Secure Workspace Technical Whitepaper
Check Point Whitepaper Check Point Abra: A Virtual Secure Workspace Technical Whitepaper Contents An Increasingly Mobile World 3 Threats and Dangers of a Mobile Workforce 3 Abra Provides the Solution 4
More informationCheck Point Software Blade Architecture. Achieving the right balance between security protection and investment
Check Point Software Blade Architecture Achieving the right balance between security protection and investment Check Point Software Blade Architecture Contents Introduction 3 Check Point Software Blade
More informationHow to Get NAC Up-and-Running in One Hour. For Check Point Firewall or Endpoint Security Administrators
How to Get NAC Up-and-Running in One Hour For Check Point Firewall or Endpoint Security Administrators Contents Introduction 3 Defining an Organization s Requirements for NAC 3 Two Paths to NAC Port vs.
More informationThe Power-1 Performance Architecture: Delivering Application-layer Security at Data Center Performance Levels
The Power-1 Performance Architecture: Delivering Application-layer Security at Data Center Performance Levels The Power-1 Performance Architecture Contents Introduction 3 A delicate balance: Performance
More informationUNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 6-K Report of Foreign Private Issuer
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 6-K Report of Foreign Private Issuer Pursuant to Rule 13a-16 or 15d-16 of the Securities Exchange Act of 1934 For the month
More informationHow to Implement an Integrated GRC Architecture
How to Implement an Integrated GRC Architecture Companies that select individual solutions for each regulatory challenge they face will spend 10 times more on IT portion of compliance projects than companies
More informationSolving the Performance Hurdle for Integrated IPS
Solving the Performance Hurdle for Integrated IPS New Check Point Technologies Enable a Full-Function, Integrated Intrusion Prevention System without Compromise to Performance or Security Solving the Performance
More informationFORM 6-K SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549. Report of Foreign Private Issuer
For the month of July, 2006 Commission File Number 0-28584 FORM 6-K SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 Report of Foreign Private Issuer Pursuant to Rule 13a-16 or 15d-16 of the Securities
More informationCheck Point Software Blade Architecture. Achieving the right balance between security protection and investment
Check Point Software Blade Architecture Achieving the right balance between security protection and investment Contents Introduction 3 Check Point Software Blade architecture overview 3 What is a Software
More informationCHECK POINT TOTAL SECURITY APPLIANCES. Flexible Deployment. Centralized Management.
CHECK POINT TOTAL SECURITY APPLIANCES Flexible Deployment. Centralized Management. Check Point appliances deliver a powerful turnkey solution for deploying Check Point awardwinning software solutions to
More informationCheck Point Endpoint Security. Single agent for endpoint security delivering total protection and simplified management
Single agent for endpoint security delivering total protection and simplified management Contents Executive summary 3 Meeting the challenge of securing endpoints 4 A new strategy: Unifying endpoint security
More informationThe New Face of Intrusion Prevention. Check Point IPS Software Blade gives breakthrough performance and protection at a breakthrough price
Check Point IPS Software Blade gives breakthrough performance and protection at a breakthrough price Contents Better than the Best of Both Worlds 3 Best Protection 3 Best Total Threat Control 3 Reduced
More informationUSB Drives: Friend or Foe? New User Trends and Exploits in USB Requires Security Controls to Protect Endpoints and the Networked Enterprise
New User Trends and Exploits in USB Requires Security Controls to Protect Endpoints and the Networked Enterprise Contents Executive Summary 3 Exploiting Risks of USB Drives and Portable Applications 3
More informationPortal On-Demand Cost-effective and hosted managed security
Security Management Check Point security management solutions provide unified policy management, monitoring, and analysis Security Management Portal On-Demand Cost-effective and hosted managed security
More informationCheck Point Whitepaper. Securing Web 2.0. More Security, Lower TCO
Check Point Whitepaper Securing Web 2.0 More Security, Lower TCO The Problem The rules of the game have changed. Internet applications were once considered to be a pass time activity; a means to see pictures
More informationCheck Point GO: A Virtual Secure Workspace Technical Whitepaper
Check Point Whitepaper Check Point GO: A Virtual Secure Workspace Technical Whitepaper Check Point GO Put your office in your pocket Contents An Increasingly Mobile World 3 Threats and Dangers of a Mobile
More informationAchieving a Clean Bill of Health in HIPAA Compliance with Check Point Solutions
Achieving a Clean Bill of Health in HIPAA Compliance with Check Point Solutions Contents Executive summary 3 Overview of HIPAA and the healthcare environment 4 The HIPAA security challenge 7 A healthy
More informationStateful Inspection Technology
White Paper Stateful Inspection Technology The industry standard for enterprise-class network security solutions Check Point protects every part of your network perimeter, internal, Web to keep your information
More informationCheck Point Whitepaper. Enterprise IPv6 Transition Technical Whitepaper
Check Point Whitepaper Enterprise IPv6 Transition Technical Whitepaper Contents Introduction 3 Transition Mechanisms 3 Dual Stack 4 Tunneling 4 Translation 7 Recommendations 8 Transition Security Considerations
More informationA Getting Started Guide: What Every Small Business Needs To Know About Internet Security
A Getting Started Guide: What Every Small Business Needs To Know About Internet Security In This Document 1 Overview: Internet Security In Small Businesses 2 Internet Access New Business Opportunities
More informationSoftware Blade Architecture
Software Blade Architecture Today s Security Challenge Protecting enterprises against today s constantly evolving threat environment has never been more challenging. Infrastructure, connectivity and performance
More informationCheck Point. Software Blade Architecture
Check Point Software Blade Architecture TODAY S SECURITY CHALLENGE Protecting enterprises against today s constantly evolving threat environment has never been more challenging. Infrastructure, connectivity
More informationDefending Small and Medium Sized Businesses with Cloud-Managed Security
Defending Small and Medium Sized Businesses with Cloud-Managed Security Contents Introduction 3 Social Networking Could Mean Compromised Networks 4 Blended Threats More Blended than Ever 5 The Cloud Revolution
More informationUnified Threat Management from Check Point. The security you need. The simplicity you want
Unified Threat Management from Check Point The security you need. The simplicity you want Unified Threat Management from Check Point Contents Introduction 3 Complexity of the security problem 3 Comprehensive
More informationCheck Point Corporate Logo Usage Guidelines
Check Point Corporate Logo Usage Guidelines 1. The Check Point Logo The Check Point logo is the most visible and recognizable symbol of our brand. It should appear on every piece of communication from
More informationUser Guide for ZoneAlarm security software
User Guide for ZoneAlarm security software version 7.1 Smarter Security TM 2003-2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check
More informationA Practical Guide to Web Application Security
Mitigating the OWASP Ten Most Critical Web Application Security Problems with s In This Document Introduction 2 The Top 10 Web Application Vulnerabilities and Their Remedies 1: Unvalidated Input 3 2: Broken
More informationPreventing Data Leaks on USB Ports. Check Point Endpoint Security Media Encryption simply regulates access and data for any plug-and-play peripherals
Preventing Data Leaks on USB Ports Check Point Endpoint Security Media Encryption simply regulates access and data for any plug-and-play peripherals Preventing Data Leaks on USB Ports Contents Executive
More informationSOFTWARE BLADE ARCHITECTURE
SOFTWARE BLADE ARCHITECTURE 2015 CHECK POINT APPLIANCES 03 TODAY S SECURITY CHALLENGE Protecting enterprises against today s constantly evolving threat environment has never been more challenging. Infrastructure,
More informationVirtualized Network Security with. A VPN-1 better approach Power to securing VSX networks
Virtualized Network Security with A VPN-1 better approach Power to securing VSX networks Contents Executive summary 3 Introduction to virtualization 4 Check Point VPN-1 Power VSX 4 Components virtualized
More informationSOFTWARE BLADE ARCHITECTURE
SOFTWARE BLADE ARCHITECTURE 2015 CHECK POINT APPLIANCES 03 TODAY S SECURITY CHALLENGE Protecting enterprises against today s constantly evolving threat environment has never been more challenging. Infrastructure,
More informationCheck Point Endpoint Security Full Disk Encryption. Detailed product overview for Windows and Linux
Check Point Endpoint Security Full Disk Encryption Detailed product overview for Windows and Linux Check Point Endpoint Security Full Disk Encryption Contents How secure is my data? 3 How effective is
More informationMalicious Code Protector
Malicious Code Protector A New Approach for Detecting and Blocking Buffer Overflow Attacks In This Document Introduction 2 Buffer Overflow Attacks 3 Current Defenses Against Buffer Overflow Attacks 3 A
More informationFirewall and SmartDefense. Administration Guide Version NGX R65
Firewall and SmartDefense Administration Guide Version NGX R65 701682 April 27, 2008 2003-2007 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected
More informationCheck Point QoS. Administration Guide Version NGX R65
Check Point QoS Administration Guide Version NGX R65 700726 January 2007 2003-2007 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
More informationCheck Point UserAuthority Guide. Version NGX R61
Check Point UserAuthority Guide Version NGX R61 700358 January 2006 2003-2006 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationZone Labs Integrity Smarter Enterprise Security
Zone Labs Integrity Smarter Enterprise Security Every day: There are approximately 650 successful hacker attacks against enterprise and government locations. 1 Every year: Data security breaches at the
More informationPointsec PC. Quick Start Guide
Pointsec PC Quick Start Guide Version 6.3.1 HFA1, A April 2008 2003-2008 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and
More informationWhy Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs
Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationIntegrity Advanced Server Gateway Integration Guide
Integrity Advanced Server Gateway Integration Guide 1-0273-0650-2006-03-09 Editor's Notes: 2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationThe Seven Key Factors for Internet Security TCO
The Seven Key Factors for Internet Security TCO Executive Summary Total Cost of Ownership, or TCO, of any information technology deployment consists of more than simply the direct costs of acquisition
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationUser Guide for Zone Labs security software
User Guide for Zone Labs security software version 6.5 Smarter Security TM 2006 Zone Labs, LLC. All rights reserved. 2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application
More informationConfiguring Check Point Firewall-1 to support Avaya Contact Center Solutions - Issue 1.1
Avaya Solution & Interoperability Test Lab Configuring Check Point Firewall-1 to support Avaya Contact Center Solutions - Issue 1.1 Abstract These Application Notes explain how to configure Check Point
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationUser Guide for Zone Labs security software
User Guide for Zone Labs security software Version 6.0 Smarter Security TM 2005 Zone Labs, LLC. All rights reserved. 2005 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationLICENSE GUIDE. Software Blades products. Number of Strings. SKU Prefix Name Description Additive
LICENSE GUIDE Software Blades products SKU Prefix Name Description Additive CPAP-SG5075 CPAP-SG9075 CPAP-SG11065 CPAP-SG11075 CPAP-SG11085 CPAP-IP2455 CPAP-IP1285 CPAP-IP695 CPAP-IP565 CPAP-IP395 CPAP-IP295
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationUser Guide for Zone Labs Security Software
User Guide for Zone Labs Security Software Version 5.5 Smarter Security TM 2004 Zone Labs, Inc. All rights reserved. 2004 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationIDS or IPS? Pocket E-Guide
Pocket E-Guide IDS or IPS? Differences and benefits of intrusion detection and prevention systems Deciding between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is a particularly
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationUser Guide for ZoneAlarm security software
User Guide for ZoneAlarm security software version 7.0 Smarter Security TM 2007 Zone Labs, LLC. All rights reserved. 2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationThe Attacker s Target: The Small Business
Check Point Whitepaper The Attacker s Target: The Small Business Even Small Businesses Need Enterprise-class Security to protect their Network July 2013 Contents Introduction 3 Enterprise-grade Protection
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationBest Practices for Secure Remote Access. Aventail Technical White Paper
Aventail Technical White Paper Table of contents Overview 3 1. Strong, secure access policy for the corporate network 3 2. Personal firewall, anti-virus, and intrusion-prevention for all desktops 4 3.
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationWatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
SMALL BUSINESS NETWORK SECURITY GUIDE WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION AUGUST 2004 SMALL BUSINESS NETWORK SECURITY GUIDE: WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION
SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION Frequently Asked Questions WHAT IS SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION 1? Symantec Endpoint Protection Small Business Edition is built
More information