jEnterprise Suite For Network Monitoring and Security

Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha

Agenda

Problem Statement.

What is Worm

Worms Damage Effects

Cost of Worms

Solution

Technology

Networks nowadays suffering from • - Viruses, Worms.• - Trojans, Spy-wares• - Ad-wares, Hijackers, Pop generators- Spam, Intrusion and many more.

If you are connected to the internet (home, corporate) then, your machine is exposed to the Internet world. And hence you are vulnerable against Worms and Viruses.

Virus and Worm are the biggest contributors to today’s network problems. And thus, firewall and antivirus alone are not enough To protect your organization from the blended threats.

The Problem

What is Worm?

Worms are programs that replicate themselves from system to system without the use of a host file.

Although worms generally exist inside of other files, often Word or Excel documents.

Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm.

W32.Mydoom.AX@mm is an example of a worm

Worms Damage Effects

Once the host is infected , Worms can:

Steal YOUR private info and distribute it to all the users in your email database.

Send dummy traffic to paralyze your network. Destroy key system files that would damage and crash your

computer. Destroy database system within your server. Irrecoverably overwrites your personal files . Slows down your PC.

Cost of Worms

Cost for cleanup of worms worldwide. Sobig: USD 37.1 billion MyDoom: USD 22.6 billion Klez: USD 19.8 billion Nachi: USD 13 billion Mimail: USD 11.5 billion Swen: USD 10.4 billion Love Bug: USD 8.8 billion Bugbear: USD 3.9 billion

Source: www.wholesecurity.com

Cost for cleanup of worms in Malaysia. Code Red: RM 22 million Nimda: RM 22 million Blaster: RM 31 million Nachi: RM 31 million

90% of desktop computers in a Malaysian internet company experienced downtime caused by Blasted.D worm. (August 2003)

Source: NISER study

Cost of Worms…

What Do You Need?

A holistic approach on the security strategies you currently have in place MUST be adopted To protect your organization from the new generation of blended Threats.

A solution that covers loopholes left by other security products for an all round protection and able to detect internal worm attack as well as external.

An updated Software with worm signatures armed with a warning, alerting mechanism to aware security team to take the proper action.

Advising and Recommendation

What Do You Need?The Answer is

m-Protect!! Easy to install and use. Low memory requirements. Detects worm activity on the wire . Live updates from m-Protect database server that

consists of a comprehensive list of all known worms. Works passively to scan network traffic for worms. Alerts you of a potential worm attack via synthesized

voice warning and visual messages as well as sms and emails.

Pinpoints the source of the computer that is broadcasting the worm packets.

Works hand in hand with 3rd party anti – virus tools. Able to detect worms with multiple signatures. Detect inside/outside worm attacks.

Why m-Protect?

m-Protect would alert everyone in the network regarding the worm attack Locate source of the problem. Provide possible solutions

Besides propagation via the internet connection, Worms can still reach the internal network by: laptops. external media (cd, thumbdrive). wireless access points. encrypted/ zipped emails.

Border defenses is of no use if the worm is already inside the internal network.

m-Protect in actionWARNING WARNING WARNING WARNING

ALERT ALERT ALERT

INFECTED

Infected PC inside your LAN

Border firewall

Not Protected PC, now will originate the attack again

• Computers without sufficient antivirus / patch will be infected.• Such computers will create unwanted traffic in its attempts to infect others.• All the network users will experience “network outage”

m-Protect in action…

Infe

cted

Networ

k

Technology-Modules

1010101010101010100111110001111000011100000111110000011110000

Packet Provider

IP Packet ?Suspicious SRC & DST

port numbers?

Load Detection RuleApply Rule

Rule matched? Display worm info.

Trigger Alert

No

CapturingCapturing

YesYes

NoNo

YesYes

Get Next Rule

NoNo

Continue MonitoringContinue Monitoring

Technology-Framework

Technology- Enterprise

Technology- Enterprise…

Technology- Enterprise…

The Product…

Thank YouQ&A