Week 13 Reading Summary, Question, and recent Cyber Security News…

1. Summarize one key point from each assigned reading…

Regarding the following tested IPS HW security appliances (HP Tipping Point, Check Point Firewall, Palo Alto Networks Firewall, Cisco ASA, Fortinet FortiGate, and Snort open-source IPS), all products failed to protect against multiple TCP/IP network evasion techniques (overlapping fragments, wrapping sequence numbers, and packet insertions) using the “Conficter worm” on vulnerable Windows PCs. Best practices for protecting IPS devices are some of the following: modify default vendor IPS settings for one’s business enterprise network & systems (continue to update as threats evolve), block un-needed NULL sessions (unauthenticated connections) to any networked Windows PCs, always check IPS alerts too.

2. Question to classmates (facilitates discussion) from assigned reading…

Which IPS is most secure in an online business enterprise setup?

*Answer: All IPS appliance devices (Cisco, Check Point, PaloAlto Networks, etc) have similar & different vulnerabilities, but enterprise IT staff can minimize vulnerabilities with following best practices: put the IPS in the right place (performance & coverage), teach the IPS what you know (configure for your network & system), think about high availability (plan your disaster recovery), don’t block initially (initially test for false positives), get trained (train IT staff beyond IPS vendor’s info), and plan to tune (continue periodic adjustments for evolving attacks.)

3. Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…