If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never?
In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies.
We will examine:
• Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks
• Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues
• Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely
• Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day
10. Now - Check the Firewalls!
Find access
paths
• Analyze firewall rule base
against policies/best
practices (NIST, PCI…)
• Identify risky rules
• Uniform policy for all
firewalls
11. Access Analyzer Finds all Paths
Find access
paths
• Complete End-to-
End path analysis
• Highlighting
ACL’s and routing
rules
• Supports NAT,
VPN, Dynamic
Routing and
Authenticated
rules
22. Remote Buffer Overflow Attack
Steps
1. Buffer overflow vulnerability
MS11-004 on FTP server in
DMZ
2. Exploit to gain root control
on the FTP server
3. FTP server trust relations with
DNS server in core network
4. DNS server running Free BSD
has BIND vulnerability -
enables control of DNS server
5. Finance server compromised.
Significant damage or data
loss
25. Preventing the Firewall Bypass Attack
• Skybox Firewall Assurance
automatically finds risky rules and
configs in firewalls
• Skybox Network Assurance creates
up-to-date network model and checks
rest of layer 3 devices - load
balancers, switches, routers
• Skybox checks policy rules such as:
“No access from Internet to Internal
except …”
• End-to-end access path analysis –
every possible path
• Skybox issues tickets to address
violations reported
26. Client-Side Attack Steps
User opens infected email
attachment or clicks link to a A vulnerability or misconfig
malicious or hacked website on desktops is exploited
and malware is installed
Malware enables attacker
to collect data from
machine, continue attack
within the network, and
send data back to attacker
Source: SANS Tutorial: HTTP Client-side Exploit
27. Preventing a Client-Side Attack
EMEA region at
highest risk
Retrieve exact list of
vulnerable hosts
Remediate in order
Adobe Reader 9.x and
of risk impact
8.x contribute the
majority of the risk (76%)