May Cover 


Cabling

Communications Supply Corp.

HellermannTyton

Hyperline Systems

Panduit

OFS

Power Management

ADC

Eaton/Powerware

Leviton

Switches/Ethernet

TC Communications

Testing/Monitoring

Fiber Instrument Sales

GL Communications

Network Management

Juniper Networks

Environment Monitoring

Network Technologies

Features

May 2008

Threat Stoppers

Back to basics to fight botnets

Employee education might be the best tool for fighting invasion of computer networks.

by Ken Pappas

While malware has dominated the security conversation in the past year, the growing strength of botnets - systems of thousands or even millions of personal computers networked together and controlled for cybercrime - has even the most experienced in the Internet security industry concerned. An estimated 70 percent to 90 percent of the world's spam is now due to botnets, and an estimated 11 percent of computers connected to the Internet contain botnet programs.

More abundant than ever, botnets are becoming sophisticated at quickly scanning a computer for important financial and corporate data. They often fly under the radar, because they rarely affect the performance of the computers they infect, and since they create a large network of computers, they can segregate roles - with some computers acting as "communicators" and others as "doers."

For a defense-in-depth strategy, protecting computers from compromise requires both computer-based and network-based measures.

While a botnet is usually complex, the best solution may be to educate users on best practices, combined with a defense-in-depth strategy. The battle against botnets may come down to ensuring that Bob in marketing knows not to click on an enticing e-mail link, while making sure that well-established security solutions such as intrusion-prevention solutions and firewalls are used correctly.

Employees need to be made fully aware of the possible consequences of clicking on a link regardless of how legitimate it appears. Hackers have the means of finding and using personal and localized information to convince the recipient that an e-mail was addressed to him.

Malware can even spread unintentionally through e-mails coming from friends and colleagues. Therefore, users should not only know whether to trust the person sending the e-mail, they should also have certain knowledge that the person had a clear intent to include an attachment or link. The same rules apply for the use of links and video on instant messaging, short message service and social networking sites.

Beyond tricking someone to click on a link, botnets take advantage of users' actions that go against long-established security best practices, such as turning off network-security software to increase performance. Users often will cut corners for performance gains, regardless of the vulnerability they bring to the enterprise.

For a defense-in-depth strategy, protecting computers from compromise requires both computer-based and network-based measures. By installing and keeping antivirus software up to date, blocking harmful e-mail attachments, and keeping systems patched against vulnerabilities, the network can be protected against the majority of known threats. Firewalls, intrusion-detection systems and intrusion-prevention systems can play a key role in securing the infrastructure.

Should a botnet attack the organization rather than "recruit" computers, it can employ the brute force of its tens of thousands of computers in the form of denial-of-service or distributed denial-of-service (DDoS) attacks. These attacks can reach gigabit level in force and can flood an organization's network.

While firewalls are a necessary perimeter defense solution, they often become the first point of failure during an attack, rendering the organization "offline" until both the attack ceases and the firewall settings are reset. Some firewalls can become overwhelmed and let more sophisticated attacks through. Ken PappasThe addition of a best-of-breed intrusion-prevention solution can block DDoS and Storm botnet attacks, while allowing valid transactions to continue to flow by detecting this abnormal increase in traffic and analyzing behavior and usage.

Ken Pappas oversees marketing at Top Layer Networks, Westboro, Mass. Prior to joining Top Layer, he owned his own consulting firm specializing in network security, held the security strategist title at 3Com Corp./Tipping Point and was the general manager of the security business division at Enterasys Networks.

 For more information (click here)