- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
Internet Security Tools for Defense In-Depth
- WhatWorks Home
- WhatWorks Poster - COSEC: Compliance through Security
- WALL 1: Proactive Software Assurance
- WALL 2: Blocking Attacks: Network Based
- WALL 3: Blocking Attacks: Host Based
- WALL 4: Eliminating Security Vulnerabilities
- WALL 5: Safely Supporting Authorized Users
- WALL 6: Tools to Manage Security and Maximize Effectiveness
It offers a strategic & practical approach to auditing which is not only informative, but inspiring... truly enabling.
-Steve Yuhas, TESSCO Technologies
Check Them Out!
This track and the Hacker Refresher course by Skoudis really opened my eyes to the amount of vulnerabilities that we face today.
-Stephen De Jong, Equity Office Properties
Defensive Wall 2: Summary
Although many of the most damaging attacks will come from insiders, malicious traffic from the outside makes up the vast majority of all recorded attacks. Effective cyber defense starts with technology that makes it very hard for those external attacks to get in.
Defensive Wall 2: Blocking Attacks: Network Based
2.1 Intrusion Prevention (IPS) & Detection (IDS)
IPS and IDS work together - you have to detect something before you can block it. The key is to always use this technology in-line so you can easily move from detection to blocking. IDS monitors network traffic looking for the characteristics of known attacks. IPS strength over typical stateful firewalls is that IPS can recognize the "content" of network traffic at a high enough rate to block malicious connections and allow legitimate traffic to get through.
Compliance Mandates: PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 10.10.4, 15.1.5
Tools:
Sourcefire 3D - Click here or here to listen to an archived webcast presentation regarding this vendor/product
Juniper IDP
IBM Proventia - Click here to listen to an archived webcast presentation regarding this vendor/product
TippingPoint IPS
CISCO IPS
Fortinet Fortigate
McAfee Network Security Platform
SNORT (free)
2.2 Wireless Intrusion Prevention (WIPS)
These tools monitor traffic to and from wireless networks, detect misconfigured or unauthorized access points and provide reporting and analysis for compliance.
Compliance Mandates: PCI DSS 11.1, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3). HIPAA 164.308(a)(1), 164.308(a)(6), FISMA AC-18, ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 10.10.4, 15.1.5
Tools:
Motorola AirDefense
AirMagnet Enterprise
AirTight Networks SpectraGuard
Aruba RFprotect
Kismet (Free)
2.3 Network Behavior Analysis and DDoS Monitoring
These tools look for patterns that are abnormal and suspicious, with automated alerting of patterns that might indicate denial of service attacks. Security analysts can use NBA tools in a more manual mode to help tune IPS and investigate incidents.
Compliance Mandates: PCI DSS 11.4, SOX A13.2, DS5.5, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.308(a)(1), 164.308(a)(6)42, FISMA IR-4, SI-4, ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 10.10.4, 15.1.5
Tools:
Lancope StealthWatch - Click here to listen to an archived webcast presentation regarding this vendor/product
Arbor Networks Peakflow
Mazu Networks Mazu Profiler
Q1 Labs QRadar
Sourcefire RNA - Click here to listen to an archived webcast presentation regarding this vendor/product
2.4 Firewalls, Enterprise Antivirus and Unified Threat Management
Traditional firewalls do not look inside the packets but rely on information in the packet headers: ports, source and destination addresses, and protocol state. Next generation firewalls incorporate traditional firewall functionality with IPS and Web security gateways (anti-malware such as viruses, worms, spyware, etc.) They also support techniques for applying security policy regardless of which port or protocol is used.
Compliance Mandates: PCI DSS Requirements 1 and 5, SOX A13.2, DS5.9, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.308(a)(1), 164.308(a)(6)42 164.308(a)(5), FISMA AC-4, SC-7, SI-3, SI-8, ISO27001/27002 10.4, 10.6.2, 10.10.1, 10.10.2, 10.10.4, 11.4.5, 11.6, 11.7.1, 12.5.5, 12.6.1, 15.1.5
Tools:
Palo Alto Networks - Click here to listen to an archived webcast presentation regarding this vendor/product
Altor Networks
Click here to listen to an archived webcast presentation regarding this vendor/product
CISCO ASA
CheckPoint VPN-1
Juniper SSG, ISG & NetScreen
Fortinet Fortigate
McAfee VirusScan Enterprise
Symantec Endpoint Protection
Kaspersky Open Space Security
2.5 Secure Web Gateways
Enterprise applications and collaboration systems increasingly use HTTP as the underlying protocol. Secure Web Gateways provide inbound filtering of malware and spyware, as well as outbound URL blocking and other forms of policy enforcement.
Compliance Mandates: PCI DSS Requirement 5, SOX A13.2, DS5.9, DS5.10, GLBA 16CFR Part 314.4 (b) and (3), HIPAA 164.308(a)(1), 164.308(a)(6), FISMA AC-4, SC-7, SI-3, ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 15.1.5
Tools:
BlueCoat ProxySG
Secure Computing Webwasher
Websense Web Security Gateway
Cisco IronPort
2.6 Secure Messaging Gateways and Anti-Spam Tools
Spam continues to waste productive time for millions of increasingly angry Internet users. Secure email gateways block inbound spam as well as viruses, worms and other malicious executables and can enforce outbound policy control as well for email and instant messages.
Compliance Mandates: PCI DSS 4.2, Requirement 5, SOX A13.2, DS5.9, DS5.10, DS5.11, GLBA 16CFR Part 314.4, (b) and (3), HIPAA 164.308(a)(1), 164.308(a)(6), FISMA AC-4, SC-7, SI-3, SI-8, ISO 27001/27002 10.6.2, 10.8.4, 10.10.1, 10.10.2, 11.4.6, 15.1.5
Tools:
Websense Email Security
Secure Computing SecureMail
Cisco IronPort
Symantec BrightMail
Barracuda Spam Firewall
MailWasher (free)
2.7 Web Application Firewalls
These appliances and software packages should be used in addition to strong application development security processes, particularly Web application pen testing and intense training of Web app developers. WAFs can be standalone appliances or can be incorporated into other network elements such as Application Delivery Controllers.
Compliance Mandates: PCI DSS 6.6, SOX A13.2 DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.308(a)(1), 164.308(a)(6), FISMA AC-4, SC-7, ISO 27001/27002 10.6.2, 10.10.1, 10.10.2
Tools:
Imperva SecureSphere
Breach WebDefend & ModSecurity Pro
Citrix Application Firewall
F5: Big-IP Application Security Manager
ModSecurity (free)
2.8 Managed Security Services
MSS ensure that trained eyes are watching the firewalls, IPS and IDS systems, Web security gateways and even the logs from inside systems. They provide rapid analysis and quick notification. More advanced services provide automated vulnerability scanning services, give early warning, and help determine when and where to act to protect against new vulnerabilities and exploits.
Compliance Mandates: SOX A13.2, DS1.3, DS5, GLBA 16 CFR Part 314.4(d), (1) and (2), HIPAA 164.306(a)(2), 164.308(a)(1),(2) and (6) and (b)(1), 164.312(a)(1), ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 10.10.4, 15.1.5
Tools:
BT Counterpane MSS
Verisign MSS
SecureWorks MSS
Symantec MSS
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy