Tippingpoint 10, Must have if you trade

Discussion in 'Backup and Security' started by KINGOFSHORTS, Apr 17, 2010.

  1. The Tippingpoint 10 is a hardware device that filters all the garbage out of the internet (viruses,exploits,fake AV attempts etc..) Stuff that can put your environment at risk.

    Anyhow sweet box. Just in a few minutes of using the internet it quietly dropped all this garbage trying to get in.

    When you click on the name you get details and even a packet trace to see the junk that tried to get in.

    Also I have noticed the internet does get faster when surfing. I suspect because it drops all the garbage coming into your network and your browser does not have to deal with it.
     
  2. here is a screenshot of log and list of admin stuff
     
  3. 1. Just hide behind a Router, nothing can get to you

    2. Those scans php exploit scans aren't going to effect you,
    I guess its a good piece of mind to have an actual hardware blocking.
    A router can do that for you though.
     
  4. There are no php exploits on that screen.

    What you see on that screen is stuff like Spyware trying to get into the computer etc..

    I am behind a cisco ASA firewall and this sits behind that. What you see on that list is stuff on websites trying to mess with the computer.

    Such as this
    "Filter Name 6794: HTTP: Google Analytics Information Disclosure
    Category Application Protection - Security Policy
    Severity Low
    Description This filter detects an attempt to publish information to Google Analytics.
    Google Analytics is a free service that allows web site owners to track statistics about the users of their site. It collects data such as whether the user is new or returning, timestamp of visit, referrer, and other sensitive data without the user's consent or knowledge.

    References:


    OR this

    Filter Name 9286: HTTP: Malicious FakeAlert Webpage Request
    Category Application Protection - Exploits
    Severity Critical
    Description This filter detects the download of a malicious FakeAlert web page.
    FakeAlert web pages, also known as scareware, are designed to entice users into downloading and installing malware onto their computer. The page is designed to display a false "My Computer" hard drive scan to the user and report that several infections have been detected. The page then instructs the user that installing a piece of software will rid their system of said infections.

    Reference:

    Scareware Wikipedia Article

    Filter Name 4430: HTTP: HSBC Login Phish Site
    Category Application Protection - Identify Theft
    Severity Minor
    Description This filter detects a connection to a spoofed phishing web site designed to trick a user into revealing sensitive financial account information, such as a username and password, over an insecure HTTP link.
    The firing of this filter indicates that the source IP address is the host of the malicious web site, and the user at the destination IP address has likely been tricked into clicking an e-mail link to the malicious web site.

    References:

    Filter Name 3142: HTTP: Phish Site with Forged Verisign Seal
    Category Application Protection - Identify Theft
    Severity Minor
    Description This filter detects a connection to a spoofed phishing web site designed to trick a user into revealing sensitive financial account information, such as a username and password, over an insecure HTTP link.
    The firing of this filter indicates that the source IP address is the host of the malicious web site, and the user at the destination IP address has likely been tricked into clicking an e-mail link to the malicious web site.

    References:
     
  5. siki13

    siki13

  6. GTS

    GTS

    You are wrong and quite ignorant to make such a statement. Router NAT is not good security.

    KingOfShorts, good call on the ASA/IPS (Tippingpoint) combo. I've deployed larger Tippingpoint devices in an enterprise environment in the past, they are solid however the article that siki13 cited makes me wonder if they have lost their edge.
     
  7. siki13

    siki13

    I`m not an expert but i am pretty sure Router NAT along the side of good antivirus is enough if you are using your trading machine only for trading and nothing else.
     
  8. jprad

    jprad

    If that router doesn't have a firewall you're probably already dead meat.

    Even if is does the bigger risk with consumer grade equipment is the router's vendor not keeping the firmware updated once your particular model has been discontinued for a year or more.

    It's much safer to use an actively maintained open source firewall that's completely locked down. If it's configured to deny all unsolicited inbound traffic and permit specific outgoing TCP/UDP from the trading machine to your broker's server(s) and your ISP's DNS then your overall security will be several orders of magnitude higher.

    With that setup, and assuming your trading platform is not web-based nor do you do any web surfing from your trading machine, then the anti-virus isn't necessary and that will reduce any latency introduced by it's packet inspection layer.

    Same goes for a software firewall on the trading machine, and that includes Microsoft's integrated firewall. It's no longer necessary and can be turned off to minimize latency even more.
     
  9. also, with something like SpywareBlaster...
     
  10. pspr

    pspr

    You should stop spending all day on those porn sites. It won't stop you from going blind!!

    :D

     
    #10     Apr 18, 2010