Problem solve Get help with specific problems with your technologies, process and projects.

Beware of blended threats

What are "blended threats" and how can you protect your Exchange server from them? Read this tip for an explanation, advice and some third-party solutions.

The term "blended threat" may sound novel (and sinister), but as a security issue you've probably been dealing with it for years.

A blended threat is an attack on your security system that will use hacker techniques to get inside, and then some other kinds of methods to cause other trouble. The most common example is a blended threat that will use some kind of hacker technique to take advantage of unsecured ports on a machine on your network, and then use that vulnerability to spread a virus, for example, or to initiate a Denial of Service (DoS) attack with the machines in your company.

Such threats are out there, ready to attack you and your network infrastructure.

So while blended threats are really a phenomenon that have been around in one form or another for a while, people are now labeling them as a different entity so they can deal with them.

What can you do about a blended threat? Clearly it isn't enough just to have a virus defense in place. Suppose someone attacks you through the FTP port on a notebook computer that one of your employees put into a network in a hotel in Hong Kong. And, further suppose that the person who gains access to that FTP port passes a renamed (so as to get rid of the .zip suffix, say) encrypted zip file into that computer, and that the file can do something dire and dastardly as soon as it's in memory (like unzip itself, and set up housekeeping to transmit all the keystrokes on that computer out port 80).

Is this a virus? Will a virus checker catch it? Maybe, but wouldn't it be better if you could stop it at the FTP port before it ever gets to the computer itself?

That's the thinking of at least two companies that have security products aimed at taking out blended threats. You need to come up with more than one way to stop them. Instead, you have to use something that can be thought of as defense in depth. If you have such a scheme for these blended threats, then if you don't stop the threat at the first level of the defense in depth, you can catch it at the second, or the third or maybe never at all.

For example, WebWasher has a suite of products aimed at this kind of defense. The suite can check incoming information under a number of different protocols so that you're not just looking at the e-mail coming in to your Exchange server, or at attacks on the FTP port. If people in your organization are using instant messaging systems, then the suite can scrutinize files or other data coming over the ports that the IM system uses. So such a suite will provide multiple levels of protection to cover the different avenues of attack that a blended threat might take up.

Tom Bryant, system architect for North America for WebWasher, says that the whole idea comes from a vision of how to handle the blended threat. "It's an integrated solution," he explains, "that lets you address the threat through multiple protocols. For example, you can have an anti-virus engine that will also scan your Exchange e-mail, HTTP and HTTPS and FTP traffic."

You don't have to buy a full suite to get this multi-layer defense against a blended threat. You can roll your own solution in a variety of ways. For example, you may find that there's no need to allow FTP traffic into your enterprise, so you can just set your firewall so that no FTP traffic gets through. Then you know that avenue is blocked. Or you can ensure that no one is using instant messaging, thus removing that avenue of vulnerability. You can install an anti-virus engine to look at the traffic you are getting in through HTTP and SMTP traffic. If you go this route, then you'll have to make sure that your systems are all working together and that the overlap of one with another is at a minimum. Otherwise, you could expect to see a drop in network performance as different protection systems duplicate the efforts of each other.

There are other possible approaches. F-secure offers a solution that comprises a personal firewall with an anti-virus engine that the company says provides protection against a variety of blended threats. If you're looking for the same thing in more of a point solution, you could get an anti-virus product such as Norton Anti-Virus for your servers and then protect remote workstations with a firewall such as ZoneAlarm. But be aware that there can be problems with using software firewalls with a VPN, however, and sometimes with Outlook Web Access. So if you've hooked up remote workers with a VPN, be careful of the settings of the personal firewalls.

David Gabel has been testing and writing about computers for more than 25 years.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.