Pub. 11 2016-2017 Issue 6

March/April 2017 19 Extraordinary Service for Extraordinary Members. Ty Purcell is a security and compliance consultant for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and tandem—a security and compliance software suite designed to help financial institutions create and maintain their Information Security Program. Visit CoNetrix at www. conetrix.com to learn how CoNetrix can improve your cybersecurity maturity. Providing Nebraska Businesses with Fiber Optic Speed • Dedicated Internet Access • Ethernet COMPETING AT THE HIGHEST LEVEL STARTS WITH NEBRASKALINK 888-893-2185 8-893-218 nebraskalink.com not match normal network behavior. Firewalls and UTM systems that provide stateful packet inspection and stateful protocol analysis only examine the header of the packet to make sure they meet vendor specified rules. An Example Junk mail is a common problem. The mail carrier brings a bunch of mail and puts it in your mailbox. Sometimes mail is delivered to the wrong person at the wrong address. There is also mail for the wrong person at your address, and then there is correctly addressed mail with your name and address on it. However, for correctly addressed mail, you may not know if it is junk until you open it. Suppose you hire a person to stand at the mailbox, take the mail from the carrier, and look at the recipient address. This person would give the mail carrier mail that is not for your address and throw away mail that is addressed to someone who does not live at your address. They also look at the mail to make sure it looks like legitimate mail. They are your “mail firewall” and can block quite a bit of junk mail. However, the junk mail that is addressed with your name and the correct address still gets through. A second person is hired. They take the mail from the mail firewall, open it, and read it. If it is junk mail, it is thrown away. This person is your “mail IDPS.” They open mail, examine it, and detect whether it is junk or not. How to Determine If a Device Is an IDS/IPS Firewalls and UTM devices are capable of providing true IDPS. So how can you tell the difference? First, if you decide to utilize a firewall or UTM to provide IDPS services, ask the vendor if the system actually examines the payload of each packet or if it only provides stateful packet inspec- tion and stateful protocol analysis. The vendor should be able to provide examples of alerts that are generated by the IDPS system and show you the rules it is using to examine the content of packet payloads. Second, ask the vendor if any additional software licenses or hardware modules are required to provide the IDPS services. Many firewalls and UTM systems do not include IDPS services in the base model. Once deployed, IDPS are an effective layer in your defense in-depth strategy. Expect to see frequent alerts from the IDPS or the vendor that is managing it. Attackers are constantly crawling the Internet looking for their next place to intrude. 