PORTUS has been designed to provide Zero-Hour defenses against both application level and network level attacks. This paper is meant to specifically discuss the PORTUS SMTP defenses.

Introduction

For the last year nearly all viral attacks against networks have been transmitted via attachments to email. A day, often more, passes before updated signatures for antiviral software, scanners and removal programs are available. Firms providing antiviral software respond reactively to each new threat and their customers are the losers. Protection comes too late to protect critical networks. By the time the remedy becomes available the damage has been done and the next variant of the virus or worm is already being propagated. Some viral payloads have even been designed to prevent antiviral systems from unpacking and scanning them as they enter the network or infect the user's machine. Educating network end-users has not proven to be effective as the propagating email appears to come from their friends or co-workers, has subject lines text or familiar icons that seduce them into opening the attachments.

The problem of viral payloads is further compounded by the existing operating and application software monoculture which is susceptible to these and other forms of attack. This inherent vulnerability allows other forms of attack such as Denial of Service (DoS) attacks, mail server exploits which use executable commands in the mail headers, buffer overflow attacks to obtain root access, direct mailing to programs to execute arbitrary commands, and dozens more.

The PORTUS Application Protection System (APS) has built in Zero-Hour application level defenses. PORTUS delivers in-depth protection against known and unknown forms of attack. Protocol Anomaly Detection (PAD) detects and blocks previously unknown forms of attack without the need for signatures. Stateful Signature Analysis (SSA) of the payload data allows detection and blocking of known attacks. PORTUS is capable of stopping all forms of attacks in real-time and preventing them from reaching your protected systems.

The PORTUS Zero-Hour defenses successfully block viral attachments, worms and other undesirable email payloads the moment they are releases and begin to spread across the Internet. PORTUS defends against other types of attacks which exploit SMTP servers, operating systems or other application weaknesses. No administrative action is required to respond to the latest attacks, nor does PORTUS require constant downloads of signatures to detect new forms of attack.

PORTUS prevents the following SMTP exploits from damaging your network:

Executable Attachments containing malicious payloads

►            more than 190 executable file types
►            blocking conforms to your security policy

 

Standards Violations: only standard compliant email can enter network

►            defeats buffer overrun attacks
►            defeats attempts by Spammers to hide their trail
►            refuses mail with non-standard characters
►            refuses mail with excessive mail headers, number of recipients, TO: lines
►            refuses mail directed to programs to execute commands on the host
►            refuses mail attempting to crash anti-virus software systems

Attacks against Mail Servers

►            parameter passing
►            executable commands in header information
►            use of VRFY & EXPN to gather information to mount an attack
►            external mail relay where hackers use your system to attack another

PORTUS provides protection against all of the forms of attack listed above, as well as many more that are too numerous to enumerate here. PORTUS is the first and best Zero-Hour defender available for protecting your network and preventing a malicious attachment from entering your network.

The cost of viral attacks

Damages and security violations caused by viral and similar forms of attacks cause substantive damage to those who have been affected. In 2003 the FBI and several antiviral technology firms estimated that viral attacks in that year alone caused tens of billions of dollars worth of damages worldwide. Estimates on the exact figure differ, claiming anywhere between $20 billion and $55 billion dollars. The total cost of damage is measured not only in the damage dealt by the attack, but also in the cost of isolation, repair, recovery and any preventive measures put in place to prevent a repeat of the incident.

The only successful method of preventing a viral infestation is to have a zero-hour ready defense in place to identity, block and otherwise prevent the viral infection before it can even pass beyond the network gateway. PORTUS has been successfully protecting our customers for more than eleven years, and at some customer locations we prevent tens of thousands of viral payloads per day from entering the protected network.

Point-of-entry (POE) Defense

The point of entry to the network is where all traffic moves from the internal or protected networks and the Internet and any external networks. In order to mount any kind of serious defense against attack and intrusion, the chosen form of protection for a network and its applications must be located at the point of entry. A point of entry solution is necessary to adequately mount and deploy any kind of zero-hour defense. PORTUS is a gateway system that is situated at the nexus of interchange between networks, and thus is at the correct point to monitor and therefore safeguard network traffic and application access. Commercial anti-viral software is still an important part of network security for other forms of attack.

More than just Viruses

PORTUS is capable of protecting against more than just attacks which exploit email and SMTP vulnerabilities. Our technology has been proven to be Zero Hour Ready against many forms of network and application level attacks. Most versions of PORTUS have incorporated defenses that protect against various forms of potential attack years before they are first seen and deployed against susceptible targets. PORTUS has been zero-hour ready for more than 8 years, and with each new release of the product this level of protection has been enhanced.