Steen Pedersen Ementor
download slides (PDF)
One of the major problems with the current network viruses and worms is that it can be very hard to prevent them infecting the corporate network with the classic protection (anti-virus and gateway firewall). One infected system can bring down the network infrastructure. Even a network with the best managed anti-virus can be affected by a network virus. The reason is that unknown, unprotected and infected systems can connect to the network.
There are several different technologies and solutions from vendors which can make the network more resilient. For example, Cisco, McAfee, Microsoft have technology which can identify/report and/or prevent/quarantine unknown, unpatched, not updated and unsecured systems on the network, and a lot of technology/solutions surrounding ‘self-defending’ networks will be released in the near future. The paper will explain the pros and cons with different solutions and explain how they work and integrate with host-based and network-based intrusion detection/prevention systems. Taking the step from reactive to proactive protection.
Even a known/secure system which is infected by an unknown virus can be quarantined or denied access to the network. This can make the network more resilient against virus and worms.
Demonstrating how self-defending network works with the current technology is a part of the presentation.