IDS and IPS play key role in defending against an attack of the killer bots

Product Test and Buyer's Guide This newsletter is sponsored by Akamai Technologies Perk up apps with Web acceleration Discover why one enterprise made the decision to go with a managed Web application service provider to improve application performance. This IT shop decided that a distributed datacenter was too costly and is now reaping the benefits of outsourcing. Its once sluggish application is now chugging along. Product Test and Buyer's Guide, 08/09/07 By Christine Burns In her recent feature on just how bad the botnet problem across the Internet is right now, Julie Bort likened these zombie computers to termites, saying they burrow in behind the walls of an IT security perimeter, lie dormant for a period of time, then attack on the orders of a criminal bot herder. How many bots are actually out there? Bort’s sidebar on the severity of the problem points to several best guesses that range anywhere from 3 million to 6 million – but those are only the active ones. No one can count those that lie in wait. That’s not to say that IT organizations should lie around waiting. In the third piece in this package, Bort outlines six ways to proactively defend against a botnet infestation. No. 4 on the list is fine tuning your Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) products to look for botlike activity. Network World VoIP and Convergence Buyers Guide Find the right products for your enterprise - fast. Our extensive database of detailed product information will quickly help you pinpoint the hardware or software you need to build out a converged voice and data network. With the side-by-side comparison tool you can evaluate product features and make the best decision for your enterprise. Click here to go to the Buyers Guide now. Evidence that a botnet is residing on your network include: * Any machine suddenly blasting away on Internet Relay Chat is certainly suspicious. * Any machine connecting to offshore IP addresses or illegitimate DNS addresses. * A sudden uptake in SSL traffic on a machine, particularly in unusual ports, which could indicate a botnet-control channel has been activated. * Machines routing e-mail to servers other than your own e-mail server. * Web crawlers that operate at high "fetch levels" that activate all links located on a Web page, which could indicate a machine is being sent to a malicious Web site. If you are in the market for either an IDS or an IPS to help you pinpoint botnet activity, you can tap into the Network World Buyer’s Guides for detailed product listings in both segments. Security: Intrusion Detection Systems and Security: Network Intrusion Prevention Systems.

TODAY'S MOST-READ STORIES: 1. Storm Worm's virulence may change tactics 2. U.C. researchers: Take antispam fight to Web 3. Kittens could solve spam 4. How far could cyber war go? 5. 802.11n WLAN tests show 'unbelievable' results 6. Cisco founder unveils the Next Big Thing? 7. iPhone lawsuit filed by doctor convicted of fraud 8. Cisco beats Q4 earnings expectations 9. Fujitsu links biometrics with Novell’s eDirectory 10. Do Not Call Registry gets wake-up call MOST-READ REVIEW: NAC alternatives hit the mark

Contact the author: Christine Burns is the Executive Editor of Testing. She can be reached at cburns@nww.com This newsletter is sponsored by Akamai Technologies Perk up apps with Web acceleration Discover why one enterprise made the decision to go with a managed Web application service provider to improve application performance. This IT shop decided that a distributed datacenter was too costly and is now reaping the benefits of outsourcing. Its once sluggish application is now chugging along. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007