Web surfing exposes the unprotected Internet user to all manner of threats ranging from viruses, spam and botnet attacks. Once infected, a computer can become part of a hacker's zombie network spreading malicious traffic without its user even knowing about it - a typical headache for service providers that leads to bandwidth disruption, overloaded helpdesks and a loss of revenue. F-Secure has a cure, however, F-Secure Network Control.
In January 2003 the worm called Slammer was first detected in the Internet. On 25th of January 05:30 GMT it began to spread massively and for several hours the packet loss of a generic Internet service provider's backbone network was well over ten percent. Despite attempts to stop the worm, packet loss stayed at two percent for several days and made a large number of services totally unavailable for hours or even days.
In February 2004 a worm called Mydoom and several variants of the worm caused severe network issues: the SCO.COM website was taken down by a DDoS, Microsoft.com and RIAA.COM were attacked. Google was used to search email addresses and as a result, Google was overloaded and remained offline for hours. Interestingly, the greatest damage was witnessed not by the targets of the DDoS attacks but rather the intermediate links in the path; ISP networks.
Given these two worst-case scenarios from previous years, 2005 was not much of an improvement. In the absence of massive worm outbreaks, there was nevertheless evidence of the use of DDoS attacks from large botnets for blackmailing corporations. Equally, the virus count continued to rise with alarming force increasing from 110,000 to approximately 150, 000 by the end of the year and spam accounted for 85 percent of mail traffic globally.
Spam bots, zombies and other headaches
Such threats as spam bots, Denial of Service zombies and viruses spreading over the network not only put ISPs customers and their unprotected PCs under threat but also the infrastructure carrying the traffic. A large volume of rogue hosts in ISP networks typically cause bandwidth disruption, loss of revenue and over-burdened helpdesk staff and other threat management personnel. Equally, a massive DDOS can partially shut down a network with ease, or at least significantly affect its performance and cause service level faults.
With network abuse continuously on the rise from such sources as targeted malware assaults to the use of dubious peer-to-peer network software, the challenges to ISPs are clear. In the absence of automated control systems, ISPs are under pressure to maintain network integrity by manually monitoring computers that cause bandwidth disruption and closing these connections before starting a dialogue with the customer in question. This is both time-consuming and labour-intensive and fails to stem the influx of disruption-related calls to the helpdesk environment.
An ideal solution obviously would be to protect every single computer with client level security and prevent any unauthorized hosts from using the network in the first place. This is perhaps possible in an enterprise environment where administrators have total control over all PCs and can to a greater extent regulate Internet usage. Nevertheless, in the real world, a significant volume of Internet users, whether consumers or entrepreneurs, continuously fail to protect their computers with the latest anti virus software or to use firewalls with predictable results.
The only true solution to such a problem is a network-level solution that monitors traffic from end-users at the network edge automatically denying offending computers access to the network.
Introducing the cure
Recognizing this problem and its cure, F-Secure announced a new product at the beginning of December 2005, F-Secure Network Control. This enterprise-grade appliance is designed to detect threats at the network level based on advanced pattern recognition technology and industry-leading deep packet inspection. As such, it offers a highly effective tool against the unexpected threats that zero-day attacks pose.
Using F-Secure Network Control, users identified as being the source of disruption receive a web page message guiding them to clean up their computer using an on-line scanner and Windows update. At the same time they are offered subscription to a security service thus increasing potential revenue streams to the ISP. At the point when the selected computers are no longer a source of disruption to network traffic, Internet access is automatically restored with the additional benefit that another customer is both aware of security threats and protected against further assaults.
For more information about F-Secure Network Control and how it can help your network regain control over the threats outlined in this article, please go to the following link: http://www.f-secure.com/products/fsnc/readmore.shtml
Author: Mark Woods, Corporate Communicator
Begin | 
Back
