Shut the Front Door (and the Back Door too)
Transcription
Shut the Front Door (and the Back Door too)
Shut the Front Door (and the Back Door too) Jim Nitterauer Senior Systems Administrator AppRiver at a Glance Company Customers Market • • • • • • • Established: 2002 North American HQ: Gulf Breeze, FL, USA European HQ: Lupfig, Switzerland Employees: ~ 200 Privately held and self-funded Focus on Email & Web Security with Phenomenal CareTM Cloud-based since inception • • • • Over 45,000 clients in more than 40 countries ~ 8,000,000 mailboxes managed/protected 93% client retention rate Adding more than 150 new clients/week • Focused on small, mid-sized companies • 98% of clients have <100 employees • Well adapted to serving widespread, affiliated offices 24/7 AppRiver at a Glance 24/7 Phenomenal Care 24/7 Spam & Virus Operations Malware Protection Operations • • • • • It’s about the customer experience AppU Training Center Certified engineers Delivering Phenomenal Care 24/7/365 Phone, live chat, email, web guides & tools • Worldwide threat detection system • Advanced proprietary software • Real-time threat prevention & instant system-wide updates • Continuous Threat Protection for SecureSurf clients • Threat data gleaned from/shared with S&V operations • More than 5 million malicious websites, and counting Office Locations Northeast Regional Office Northport, NY Eastern Regional Office Atlanta, GA EMEA Headquarters Lupfig, Switzerland Western Regional Office Austin, TX US Headquarters Gulf Breeze, FL EMEA Regional Office Barcelona, Spain Local Company. Global Presence. Data Center Locations Global Scalability AppRiver data centers provide global traffic scalability, increased speed and better resilience. • • • • • • • • Physical Security Precision Environment Conditioned Power Core Routing Equipment Certified Network Technicians ISO 27001/2 & ISAE 3402 100% Network Uptime Guarantee Globally Optimized Infrastructure Atlanta GA Dallas, TX Dallas, TX Herndon, VA Ashburn, VA Ashburn, VA San Jose, CA London Hong Kong Zurich Oslo (AT1) (DA2) (DFW) (IAD1) (DC3) (IAD2) (SV4) (LON3) (HKG1) (AG1) (NOR) AppRiver at a Glance 2013, 2010, 2009 Readers' Choice - Hosted Exchange 2013 Channel Chief 2012, 2010, 2009 5-Star Partner Program 2011 Top 20 Cloud Security Vendor 2010 Coolest Cloud Security Vendor 2009 International Service Excellence Award 2013, 2012, 2011, 2010, 2009, 2008, 2007 Inc. 5000 Fastest Growing Private Companies 2013 Top 100 Cloud Service Providers 2012 Top 100 Service Providers (16th) 2011, 2009, 2006 Fave Raves 2014 Silver Winner - Best Customer Service 2013 Finalist - Best Customer Service 2009 Technology Fast 500™ Winner Proven Track Record Serving the SMB Fortune 500 Worldwide 98.6% of Organizations are 100 PCs or Less Mid-size SMB Customer Acquisition Cost: High Per-Seat Margin: Minimal Customer Acquisition Cost: Varies Per-Seat Margin: Better Customer Acquisition Cost: Low Per-Seat Margin: Best AppRiver Customer Demographics • More than 45,000 Corporate Customers • 98% are Under 100 Users • Rapid Customer Acquisition • ~100 New Customers/week Phenomenal Care™ AppRiver’s Value-add: Phenomenal CareTM • On-Boarding Process • • • • • • Free 30-day Trial for All Services Personal On-boarding Experience Expert Migration Services Experienced Customer Care Specialists Certified Engineers No Hassle Setup • 24 x 7 x 365 US-Based Support • • Live Telephone & Chat Support Live Remote Assistance • Self-Help • • • • Ticketing Support Extensive Knowledgebase Step-by-step Technical Bulletins Interactive Tutorials AppRiver Application Mall SecureTideTM Spam & Virus Protection SecureSurf™ Web & Malware Protection CipherPost Pro™ Email Encryption Hosted Exchange 2010 Secure Hosted Exchange Office 365 Plus Microsoft Cloud-based Service Email Continuity Services Archiving & Compliance SecureTide™ Spam & Virus Protection • Technology protects 8 million mailboxes worldwide • No hardware or software required • Eliminates 99% of unwanted email before it reaches a user’s network • Daily Held Spam Reports • Inbound & outbound email protection • Updated 2,000-4,000 Times/Day • Works on all major platforms SecureSurf™ Web & Malware Protection • Shields networks from malware, adware and viruses • Protects employees; improves productivity • Helps avoid legal/compliance issues • Deploys quickly and customizes easily • Allows filtering at company or workgroup level • Enforces safe search on major search engines • Easy set up and deployment • Intuitive browser-based Web Portal Access for Administrators CipherPost Pro™ Email Control & Encryption • Email Encryption • Outlook Plugin and Webmail Interface • Native Mobile Support (IOS, Android, BlackBerry, Win7) • Desktop Agent - Windows, Mac • Secure Gateway Technology for Auto-Encryption • Certified Email Delivery • Patented Delivery Slip • Message Recall. Do Not Reply. Do Not Forward. For Your Eyes Only (FYEO) • Tracking. Audit Trails. Non-Repudiation • Large File Transfer • Secure Email and Attachment Tracking • Large File Attachments up to 5GB • Asynchronous File Transfer • Cloud-Based Attachment Encryption Storage Library Secure Hosted Exchange • 250,000+ Hosted Exchange Seats • Unlimited Storage • Hermetically Sealed with Our SecureTideTM Spam & Virus Protection • Globally Optimized Hosted Exchange • Faster Internet • Enhanced Mobility • High Availability • Intuitive Customer Portal • Archiving & Compliance Available 14 Office 365 Plus • Cloud productivity services hosted by Microsoft • Enterprise-quality tools at an affordable price • Always up-to-date • Office, email, document sharing, video conferencing • Simplified admin console • • • • 15 SecureTide™ Spam and Virus Protection Email Continuity Service (ECS) 24x7 Phenomenal CareTM Included at no additional cost Archiving & Compliance • Secure, centralized, off-site storage • Online access to current & historical messages • Rapid search & retrieval via full text indexing and search engine technology • Searches on messages, headers & attachments • Messages are serialized, time-date stamped Compatible with CipherPost Pro 16 The Best Defense is Blended Security Email Protection Web Protection • Blocks email-borne • Blocks Web-borne threats before reaching your network • • Updated in real time • Prevents system-wide • infections • Increases productivity • Delivers legitimate email without delay + • malware Protects your network from downtime and bandwidth loss Safeguards your client data and confidential files against data theft Protects employees from obscene or offensive Web content Peace of Mind Intent Analysis • Authenticode – Checks for Digital Signature on active code • Media Type Filter - = verification via “magic byte” analysis not MIME • Behavioral Malware detector - scans for malicious script intent and removes offending function calls • Behavioral exploit detector – inspects code for hostile behavior like buffer overflows, etc. 1 The Face of Cybercrime Today “The Web has become the new threat vector of choice by hackers and cyber criminals to distribute malware and perpetrate identity theft, financial fraud and corporate espionage.” -- IDC Cybercrime Trends - SPAM The chart above depicts traffic of [quarantined] emails containing virus attachments. Technology Trends – SPAM Cybercrime Trends - Viruses 2009 Threat landscape: Symantec/MessageLabs Cybercrime Trends - Malware Cybercrime Trends - Malware • BlackPOS malware used in Target breach – between Nov. 27 – Dec. 15 • Estimated 40 million credit/debit cards may have been stolen • Malware was being sold at the time for around $2000 USD • Russian 17 year old authored the malicious code Cybercrime Trends – DDoS Attacks • DNS Amplification – Multiple recursive DNS resolvers respond to spoofed IP with large amounts of data – Harms reflector and target Cybercrime Trends – DDoS Attacks • SYN Flood Cybercrime Trends – DDoS Attacks • NTP Amplification – Makes use of a default configuration weakness to attack remote networks – Most vicious attack in play Cybercrime Trends – BGP Hijacking • This occurs when an unauthorized AS announces IP Prefixes that they do NOT own via BGP – Sometimes happens accidentally – Often happens on purpose • Turkey hijacking all Twitter and Google Traffic • Indonesian ISP recently announced more than half of all Internet IP blocks – Forces localized traffic to the announcing router • Unless upstream has filters in place Cybercrime Trends – Heartbleed • Very serious vulnerability in OpenSSL – Allowed anyone to read server memory in 64K blocks – Read enough memory and one can access private keys, passwords and more – You should be concerned about this one and should have already taken steps to remediate. – Does NOT impact Windows Servers What is Your Personal Information Worth? Malware Threats are Growing… Malware Delivered by Websites is on the Rise • Cumulative Malware * – 2007: 5.8 million – 2011: 65 million (as of June) 1120% Increase • Malicious URLs* 7,300 new malicious URLs per day • Legitimate Websites being Compromised 80% of Websites with Malicious Code • DDoS Attacks 200% increase from 2011 to 2012 *Source: McAfee Labs Why Do Hackers Attack? To Steal Your Money, Resources & Reputation • Direct access to your financial info – Banking & other corporate accounting (Money) • Owning your network resources – Workstations, servers, etc. – Think botnet – resources sold as a commodity – Use your resources to attack others • Defile your Reputation – Spamhaus DDoS Attack (Reputation) – Network Solutions DNS Attack (Reputation) – Microsoft DNS Attack (Reputation) Why Do Hackers Attack? • To Distract From the Real Target – DDoS attack or a Spam Flood used to divert attention from the real target – With rogue attack is underway, black hat hackers carry out a social engineering attack – Gain unnoticed access to Web site or network – Plant malware or remote control software inside LAN – Come back at their leisure and steal whatever they want How Do Hackers Hack? 3 Main Means Hackers Use • Physical Attacks – DDoS, Packet Sniffing, DNS Poisoning, Web site compromise • Social Engineering – Examine publicly available data – Trick users into clicking links or divulging protected info – Dumpster diving • Wireless – MITM Attacks (Man in the Middle) – Access Point Spoofing – Brute Force Key Cracking Simple Hack Demonstration - DDoS • DDoS Attack to Bring Down Web Site – – – – – – – Using Kali Linux Employing a simple attack called SlowLoris Hitting against a demo Web site Site is running on Centos behind a firewall Site runs fine before attack Inaccessible once attack is underway ./slowloris.pl –dns www.site.com Simple Hack Demonstration – WiFi MITM • WiFi MITM (Man in the Middle) Attack – – – – How many of you connected to UWFGuestAccess? Did you notice it is not secured? If you connected, you have been duped. If I were a hacker with bad intentions, I would now have a good deal of your personal info including: • • • • Usernames Passwords Sites More – Kali Linux w/ Alfa WiFi USB Card and EasyCreds How Do I Protect My Network & Data? DON’T • Ignore your disaster recovery plan – Updating a disaster recovery plan may seem like a waste of time – until you need it. • Put off upgrades – If upgrading all systems in your organization at one time is not feasible, do the upgrade in stages and concentrate on the most exposed systems first. • Allow employees full access to the company network – Employees should only have access to information required to perform their jobs. The authority to install software should also be limited to approved programs. • Allow guest computers or devices access to your LAN How Do I Protect My Network & Data? DO’S • Limit threat exposure – It is perhaps online behavior that bears the most scrutiny. Mitigating the risk through the use of a reliable email and Web filtering solutions is essential. • Control physical access to your network – Protect yourself from unauthorized users on your internal network, especially off-site where company laptops can become enticing targets. How Do I Protect My Network & Data? DO’S • Limit threat exposure – It is perhaps online behavior that bears the most scrutiny. Mitigating the risk through the use of a reliable email and Web filtering solutions is essential. • Control physical access to your network – Protect yourself from unauthorized users on your internal network, especially off-site where company laptops can become enticing targets. • Educate Employees – Know your employees and educate them. So many employees are unaware of the threats that are out there, take the time to educate. How Do I Protect My Network & Data? • Do Limit Threat Exposure . . . • Physically – – – – Firewalls IPS Reduce attack footprint Secure & Segregate Wireless Networks • Virtually – Make use of cloud-based services (DNS, SPAM Filtering) – Make use of Hosting Providers – don’t do it in-house! » Web » Email » DNS How Do I Protect My Network & Data? • Do Control Physical Access to Network – – – – Policy-based Access VLAN Segmentation Network Access Control (NAC) Enforce Device Standardization • Must meet certain criteria BEFORE allowed to connect • Strict rules regarding personal devices – Tablets, phones, etc. • VPN Connections for all remote users Question? What do you think the biggest security threat is in your organization? Answer • Your Own Employees! – – – – They must be educated They must comply with policies They must work as a team They must value security Educate Employees • Define and Teach Best Practices – Password policies – What if . . . I find a USB key on the parking lot? • Prepare for Social Engineering Attempts – Phone – Email – In Person • Keep Informed Current Threats – Via Internal Email • Enforce an Acceptable Use Policy Passwords – Size DOES Matter 6cH@pW 52 Seconds Passwords – Size DOES Matter 8cH@RpW!_#38 344,000 Years Password Format • Passphrase • nem#XgTcxt%f2ab • “My Son Jack Was Born on Jan. 1st at 4pm” • M$j@ckWB0J1@4 • Test at https://howsecureismypassword.net/ Do NOT use your real password in testing. Provides approximate data. Questions? Thank You. Jim Nitterauer Senior Systems Administrator jnitterauer@appriver.com www.appriver.com