As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

With so many organizations feeling secure about having a firewall and possibly an Intrusion Detection System (IDS) in place, is this really enough protection?  As you might have suspected, simply stated “No”, it’s definitely not enough and we’ll give you some insight as to why.

If you monitor the activity on hacking-related sites, blogs, and newsgroups, you’ll find that a fairly common theme these days is not how to circumvent the firewall and/or the IDS/IPS system, as was common in the past.  Today the more serious hackers are looking to install data capture software inside your network (i.e., spyware, malware, bots & alike), social engineer your employees and their doing it with tools we use for legitimate communications and you allow through our firewalls every day.

For those that relying on the firewall and IDS/IPS systems to protect their environment from these threats, it’s not going to help and here are five common reasons why…

Malicious software is circumventing the firewall and IPS systems, because it’s being communicated over standard ports and communications that are allowed past the firewall, such as common web browsing, email communications, embedded in shareware downloads, website redirection links, social engineering and data leakage from internal staff (voluntary or otherwise). 

The following represents some basic ways to prevent these types of threats using current technology:

1)  Web Browsing:  malicious websites that take advantage of weaknesses in an end-users’s web browser is nothing new.  However, the method for attracting users to the malicious sites has increased dramatically (i.e., malicious email links in SPAM, phishing, etc.).  In order to combat rouge browsing habits of end-users, as well as, malicious redirects is to start controlling where end-users are allowed to browse to begin with.  Many organizations pass on web filtering, because of the stigma of acting as if big-brother is watching when it comes to end-user browsing.  The fact of the matter is that these controls are not only good for limiting non-business related browsing, but are also very effective at keeping end-users from stumbling onto malicious sites or being redirect to know hack sites.

2)  Email Communications:  SPAM and especially targeted (malicious) email is a very powerful way of luring users to download malicious code and to unknowingly give up sensitive information.  In audit after audit BAI Security has proven with social engineering that a very larger percentage of users can easily be lured into accessing malicious externals websites and even divulging the most sensitive information.  A viable current technology to help with these issues is a combination of intelligent SPAM protection and email filtering.   

3)  End-user Downloads:  If you organization has not already began blocking end-user downloads of EXE, ZIP, and other common file formats, it should be immediately.  A simple file stripping or email filtering product goes a long way in stopping users from unknowingly installing malicious software embedded in the latest screen saver or desktop background downloads. 

4)  Website Redirects:  Website redirect are links that redirect a user from a source (i.e., possible legitimate website or email) and either places them onto a malicious site or simply pull content from the malicious site without the user knowing it.  Strong security policies within the browser can significantly reduce this threat along with proper web filtering, as noted in item #1 above and social engineering education of the end-users.

5)  Data-leakage:  This is an area that many organizations simply do not protect themselves from and suffer the consequences either knowingly and in most cases unknowingly.  In most environments Internet traffic into the organization is limited by firewalls and other filtering devices.  However, in many environments communication originating from within the organization to the Internet is completely unrestricted and not monitored.  In other words, end-users are free to upload content off-site from their company to external sources (i.e., external storage sites, external and/or private email systems, file transfer sites (FTP), peer-to-peer network sites, etc.).  This happens far more than most organization realize.  Proper use of web monitoring, web filtering, specific port monitoring, and data access auditing alerting can significantly reduce or even eliminate serious infractions of this type.

Ideally, a comprehensive security program starts at the perimeter with not only a firewall and Intrusion Prevention System, but also an antivirus protection on all common services (i.e., http, smtp, ftp, nttp, im, p2p, pop3, imap, etc.), granular web filtering, intelligent SPAM protection, email filtering, and data leakage protection.  Combined these technologies are far more effective at protecting the environment from security threats than a firewall and IPS solution alone.  With that said, it is important to note that simply installing such technologies without the expertise to properly design, install, and most importantly “monitor” them does not guarantee a successful implementation.

If you have any questions regarding specific products, design, setup, administration, or monitoring of these technologies, please do not hesitate to contact us today.  As a industry-leading Managed Security Service Provider (MSSP), BAI Security has the expertise to advise and/or assist you from start to finish.