RE: Network Segregation to prevent spread of malware

["Mcmillan, Arlan" <Arlan.Mcmillan () cityofchicago org>]

I look at IPS / IDP as bread and butter - something that nearly every security group needs to deploy as part of their 
defense in depth strategy.  Where, not if to deploy is the question however.  When deploying, below is the order of 
"zones" that I deploy to first.  It’s just a cost-benefit thing.  Given the cost of deploying IDPs, it doesn't make 
sense to deploy them everywhere.

DMZ
Internet / VPN
GAN
Extranet / B2B
Internal critical network segments



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Steve Figures
Sent: Wednesday, January 23, 2013 9:42 AM
To: synja () synfulvisions com
Cc: Jerry Bell; listbounce () securityfocus com; tomright006 () gmail com; security-basics () securityfocus com
Subject: Re: Network Segregation to prevent spread of malware

You can reduce the risk of malware spreading between network segments by placing IPS interfaces between the segments.

The IPS will need to be configured, tuned to suit your legitimate traffic & have an appropriate blocking policy, then 
monitored for alerts to be fully effective.

It is a lot of work but we have successfully contained worms in this way. It does help your security posture too, so 
the investment in equipment & resource is worthwhile. It can protect you from more than just worms, it can mitigate 
against user gullibility for phishing & other vulnerabilities too. You have to assess whether your business case will 
support that investment, as it is not something that you can buy, install & ignore.


Steve Figures

On 23 Jan 2013, at 13:07, "Rob" <synja () synfulvisions com> wrote:

> Additionally, the services commonly used for worm propagation (RDP/TS, RPC, etc) are also used heavily for domain 
> operations anyway.
>
> For many environments this would be one step forward, two steps back in terms of security.
>
> Rob
> Sent on the Sprint® Now Network from my BlackBerry®
>
> -----Original Message-----
> From: Jerry Bell <jerry () riskologist com>
> Sender: listbounce () securityfocus com
> Date: Wed, 23 Jan 2013 07:07:25
> To: tomright006 () gmail com<tomright006 () gmail com>
> Cc: 
> security-basics () securityfocus com<security-basics () securityfocus com>
> Subject: Re: Network Segregation to prevent spread of malware
>
> Hi Tom,
>
> The answer is 'it depends', but probably no. If you are talking about a classic company network and dividing 
> workstations into separate networks to prevent cross contamination, you have to consider the pivot points for most 
> malware - email, file shares, etc, which can still allow malware to propagate between networks even if no traffic is 
> allowed directly between them. Some kinds of malware, notably worms who propagate directly from one system to another 
> via some kind of remotely exploitable vulnerability, would be contained by network segmentation, however those sorts 
> of events are becoming increasingly rare (however when they do happen, they tend to be big events). 
>
> Jerry
>
> Sent from my iPhone
>
> On Jan 22, 2013, at 5:33 PM, tomright006 () gmail com wrote:
>
> > Hello All,
> >
> > I need few tips on Network Segregation to prevent spread of Malware. Can I avoid Malware spreading from one network 
> > segment to another just by segregating network with access list or firewalls?
> >
> >
> > Thanks,
> >
> > Tom
> >
> > ---------------------------------------------------------------------
> > --- Securing Apache Web Server with thawte Digital Certificate In 
> > this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> > it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
> > 442f727d1
> > ---------------------------------------------------------------------
> > ---
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this 
> guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it 
> benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


This e-mail, and any attachments thereto, is intended only for use
by the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended
recipient of this e-mail (or the person responsible for delivering
this document to the intended recipient), you are hereby notified
that any dissemination, distribution, printing or copying of this
e-mail, and any attachment thereto, is strictly prohibited. If you
have received this e-mail in error, please respond to the
individual sending the message, and permanently delete the original
and any copy of any e-mail and printout thereof.