Shut the Front Door (and the Back Door too)


Shut the Front Door (and the Back Door too)
Shut the Front Door
(and the Back Door too)
Jim Nitterauer
Senior Systems Administrator
AppRiver at a Glance
Established: 2002
North American HQ: Gulf Breeze, FL, USA
European HQ: Lupfig, Switzerland
Employees: ~ 200
Privately held and self-funded
Focus on Email & Web Security with Phenomenal CareTM
Cloud-based since inception
Over 45,000 clients in more than 40 countries
~ 8,000,000 mailboxes managed/protected
93% client retention rate
Adding more than 150 new clients/week
• Focused on small, mid-sized companies
• 98% of clients have <100 employees
• Well adapted to serving widespread, affiliated offices
AppRiver at a Glance
Spam & Virus
It’s about the customer experience
AppU Training Center
Certified engineers
Delivering Phenomenal Care 24/7/365
Phone, live chat, email, web guides & tools
• Worldwide threat detection system
• Advanced proprietary software
• Real-time threat prevention & instant system-wide updates
• Continuous Threat Protection for SecureSurf clients
• Threat data gleaned from/shared with S&V operations
• More than 5 million malicious websites, and counting
Office Locations
Northeast Regional Office
Northport, NY
Eastern Regional Office
Atlanta, GA
EMEA Headquarters
Lupfig, Switzerland
Western Regional Office
Austin, TX
US Headquarters
Gulf Breeze, FL
EMEA Regional Office
Barcelona, Spain
Local Company. Global Presence.
Data Center Locations
Global Scalability
AppRiver data centers provide
global traffic scalability, increased
speed and better resilience.
Physical Security
Precision Environment
Conditioned Power
Core Routing Equipment
Certified Network Technicians
ISO 27001/2 & ISAE 3402
100% Network Uptime Guarantee
Globally Optimized Infrastructure
Atlanta GA
Dallas, TX
Dallas, TX
Herndon, VA
Ashburn, VA
Ashburn, VA
San Jose, CA
Hong Kong
AppRiver at a Glance
2013, 2010, 2009 Readers'
Choice - Hosted Exchange
2013 Channel Chief
2012, 2010, 2009 5-Star Partner Program
2011 Top 20 Cloud Security Vendor
2010 Coolest Cloud Security Vendor
2009 International Service
Excellence Award
2013, 2012, 2011, 2010, 2009,
2008, 2007 Inc. 5000 Fastest
Growing Private Companies
2013 Top 100 Cloud Service Providers
2012 Top 100 Service Providers (16th)
2011, 2009, 2006 Fave Raves
2014 Silver Winner - Best Customer Service
2013 Finalist - Best Customer Service
2009 Technology
Fast 500™ Winner
Proven Track Record
Serving the SMB
Fortune 500
of Organizations are
100 PCs or Less
Customer Acquisition Cost: High
Per-Seat Margin: Minimal
Customer Acquisition Cost: Varies
Per-Seat Margin: Better
Customer Acquisition Cost: Low
Per-Seat Margin: Best
AppRiver Customer
• More than 45,000 Corporate
• 98% are Under 100 Users
• Rapid Customer Acquisition
• ~100 New Customers/week
Phenomenal Care™
AppRiver’s Value-add: Phenomenal CareTM
• On-Boarding Process
Free 30-day Trial for All Services
Personal On-boarding Experience
Expert Migration Services
Experienced Customer Care Specialists
Certified Engineers
No Hassle Setup
• 24 x 7 x 365 US-Based Support
Live Telephone & Chat Support
Live Remote Assistance
• Self-Help
Ticketing Support
Extensive Knowledgebase
Step-by-step Technical Bulletins
Interactive Tutorials
AppRiver Application Mall
Spam & Virus Protection
Web & Malware Protection
CipherPost Pro™
Email Encryption
Hosted Exchange 2010
Secure Hosted Exchange
Office 365 Plus
Microsoft Cloud-based Service
Email Continuity Services
Archiving & Compliance
SecureTide™ Spam & Virus Protection
• Technology protects 8 million mailboxes
• No hardware or software required
• Eliminates 99% of unwanted email before
it reaches a user’s network
• Daily Held Spam Reports
• Inbound & outbound email protection
• Updated 2,000-4,000 Times/Day
• Works on all major platforms
SecureSurf™ Web & Malware Protection
• Shields networks from malware, adware
and viruses
• Protects employees; improves productivity
• Helps avoid legal/compliance issues
• Deploys quickly and customizes easily
• Allows filtering at company or workgroup
• Enforces safe search on major search
• Easy set up and deployment
• Intuitive browser-based Web Portal Access
for Administrators
CipherPost Pro™ Email Control & Encryption
• Email Encryption
• Outlook Plugin and Webmail Interface
• Native Mobile Support (IOS, Android, BlackBerry, Win7)
• Desktop Agent - Windows, Mac
• Secure Gateway Technology for Auto-Encryption
• Certified Email Delivery
• Patented Delivery Slip
• Message Recall. Do Not Reply. Do Not Forward. For Your
Eyes Only (FYEO)
• Tracking. Audit Trails. Non-Repudiation
• Large File Transfer
• Secure Email and Attachment Tracking
• Large File Attachments up to 5GB
• Asynchronous File Transfer
• Cloud-Based Attachment Encryption Storage Library
Secure Hosted Exchange
• 250,000+ Hosted Exchange Seats
• Unlimited Storage
• Hermetically Sealed with Our SecureTideTM
Spam & Virus Protection
• Globally Optimized Hosted Exchange
• Faster Internet
• Enhanced Mobility
• High Availability
• Intuitive Customer Portal
• Archiving & Compliance Available
Office 365 Plus
• Cloud productivity services hosted by Microsoft
• Enterprise-quality tools at an affordable price
• Always up-to-date
• Office, email, document sharing, video
• Simplified admin console
SecureTide™ Spam and Virus Protection
Email Continuity Service (ECS)
24x7 Phenomenal CareTM
Included at no additional cost
Archiving & Compliance
• Secure, centralized, off-site storage
• Online access to current & historical messages
• Rapid search & retrieval via full text indexing and
search engine technology
• Searches on messages,
headers & attachments
• Messages are serialized,
time-date stamped
Compatible with CipherPost Pro
The Best Defense is Blended Security
Email Protection
Web Protection
• Blocks email-borne
• Blocks Web-borne
threats before
reaching your network
• Updated in real time
• Prevents system-wide
• Increases productivity
• Delivers legitimate
email without delay
Protects your network
from downtime and
bandwidth loss
Safeguards your client
data and confidential
files against data theft
Protects employees
from obscene or
offensive Web content
of Mind
Intent Analysis
• Authenticode –
Checks for Digital
Signature on active
• Media Type Filter -
verification via “magic
byte” analysis not MIME
• Behavioral Malware
detector - scans for
malicious script intent
and removes offending
function calls
• Behavioral exploit
detector – inspects
code for hostile
behavior like buffer
overflows, etc.
The Face of Cybercrime Today
“The Web has become the new threat vector of choice by hackers and cyber criminals
to distribute malware and perpetrate identity theft, financial fraud and corporate
espionage.” -- IDC
Cybercrime Trends - SPAM
The chart above depicts traffic of [quarantined] emails containing virus attachments.
Technology Trends – SPAM
Cybercrime Trends - Viruses
2009 Threat landscape: Symantec/MessageLabs
Cybercrime Trends - Malware
Cybercrime Trends - Malware
• BlackPOS malware used in Target
breach – between Nov. 27 – Dec. 15
• Estimated 40 million credit/debit
cards may have been stolen
• Malware was being sold at the time
for around $2000 USD
• Russian 17 year old authored the
malicious code
Cybercrime Trends – DDoS Attacks
• DNS Amplification
– Multiple recursive DNS resolvers respond to spoofed IP with
large amounts of data
– Harms reflector and target
Cybercrime Trends – DDoS Attacks
• SYN Flood
Cybercrime Trends – DDoS Attacks
• NTP Amplification
– Makes use of a default configuration weakness to attack remote
– Most vicious attack in play
Cybercrime Trends – BGP Hijacking
• This occurs when an unauthorized AS
announces IP Prefixes that they do NOT own via
– Sometimes happens accidentally
– Often happens on purpose
• Turkey hijacking all Twitter and Google Traffic
• Indonesian ISP recently announced more than half of all
Internet IP blocks
– Forces localized traffic to the announcing router
• Unless upstream has filters in place
Cybercrime Trends – Heartbleed
• Very serious vulnerability in OpenSSL
– Allowed anyone to read server memory in 64K blocks
– Read enough memory and one can access private keys,
passwords and more
– You should be concerned about this one and should have
already taken steps to remediate.
– Does NOT impact Windows Servers
What is Your Personal Information Worth?
Malware Threats are Growing…
Malware Delivered by Websites is on the Rise
Cumulative Malware *
– 2007: 5.8 million
– 2011: 65 million (as of June)
1120% Increase
Malicious URLs*
7,300 new malicious URLs per day
Legitimate Websites being Compromised
80% of Websites with Malicious Code
DDoS Attacks
200% increase from 2011 to 2012
*Source: McAfee Labs
Why Do Hackers Attack?
To Steal Your Money, Resources & Reputation
• Direct access to your financial info
– Banking & other corporate accounting (Money)
• Owning your network resources
– Workstations, servers, etc.
– Think botnet – resources sold as a commodity
– Use your resources to attack others
• Defile your Reputation
– Spamhaus DDoS Attack (Reputation)
– Network Solutions DNS Attack (Reputation)
– Microsoft DNS Attack (Reputation)
Why Do Hackers Attack?
• To Distract From the Real Target
– DDoS attack or a Spam Flood used to divert attention from the real
– With rogue attack is underway, black hat hackers carry out a social
engineering attack
– Gain unnoticed access to Web site or network
– Plant malware or remote control software inside LAN
– Come back at their leisure and steal whatever they want
How Do Hackers Hack?
3 Main Means Hackers Use
• Physical Attacks
– DDoS, Packet Sniffing, DNS Poisoning, Web site compromise
• Social Engineering
– Examine publicly available data
– Trick users into clicking links or divulging protected info
– Dumpster diving
• Wireless
– MITM Attacks (Man in the Middle)
– Access Point Spoofing
– Brute Force Key Cracking
Simple Hack Demonstration - DDoS
• DDoS Attack to Bring Down Web Site
Using Kali Linux
Employing a simple attack called SlowLoris
Hitting against a demo Web site
Site is running on Centos behind a firewall
Site runs fine before attack
Inaccessible once attack is underway
./ –dns
Simple Hack Demonstration – WiFi MITM
• WiFi MITM (Man in the Middle) Attack
How many of you connected to UWFGuestAccess?
Did you notice it is not secured?
If you connected, you have been duped.
If I were a hacker with bad intentions, I would now
have a good deal of your personal info including:
– Kali Linux w/ Alfa WiFi USB Card and EasyCreds
How Do I Protect My Network & Data?
• Ignore your disaster recovery plan – Updating a disaster
recovery plan may seem like a waste of time – until you need it.
• Put off upgrades – If upgrading all systems in your
organization at one time is not feasible, do the upgrade in stages
and concentrate on the most exposed systems first.
• Allow employees full access to the company
network – Employees should only have access to information
required to perform their jobs. The authority to install software
should also be limited to approved programs.
• Allow guest computers or devices access to your
How Do I Protect My Network & Data?
• Limit threat exposure – It is perhaps online behavior that
bears the most scrutiny. Mitigating the risk through the use of a
reliable email and Web filtering solutions is essential.
• Control physical access to your network – Protect
yourself from unauthorized users on your internal network,
especially off-site where company laptops can become enticing
How Do I Protect My Network & Data?
• Limit threat exposure – It is perhaps online behavior that
bears the most scrutiny. Mitigating the risk through the use of a
reliable email and Web filtering solutions is essential.
• Control physical access to your network – Protect
yourself from unauthorized users on your internal network,
especially off-site where company laptops can become enticing
• Educate Employees – Know your employees and educate
them. So many employees are unaware of the threats that are out
there, take the time to educate.
How Do I Protect My Network & Data?
• Do Limit Threat Exposure . . .
• Physically
Reduce attack footprint
Secure & Segregate Wireless Networks
• Virtually
– Make use of cloud-based services (DNS, SPAM Filtering)
– Make use of Hosting Providers – don’t do it in-house!
» Web
» Email
How Do I Protect My Network & Data?
• Do Control Physical Access to Network
Policy-based Access
VLAN Segmentation
Network Access Control (NAC)
Enforce Device Standardization
• Must meet certain criteria BEFORE allowed to connect
• Strict rules regarding personal devices
– Tablets, phones, etc.
• VPN Connections for all remote users
What do you think the
biggest security threat is in
your organization?
• Your Own Employees!
They must be educated
They must comply with policies
They must work as a team
They must value security
Educate Employees
• Define and Teach Best Practices
– Password policies
– What if . . . I find a USB key on the parking lot?
• Prepare for Social Engineering Attempts
– Phone
– Email
– In Person
• Keep Informed Current Threats
– Via Internal Email
• Enforce an Acceptable Use Policy
Passwords – Size DOES Matter
52 Seconds
Passwords – Size DOES Matter
344,000 Years
Password Format
• Passphrase
• nem#XgTcxt%f2ab
• “My Son Jack Was Born on Jan. 1st at 4pm”
• M$j@ckWB0J1@4
• Test at
Do NOT use your real password in testing. Provides approximate data.
Thank You.
Jim Nitterauer
Senior Systems Administrator
[email protected]