Cover Your Assets: How to Limit the
Risk of Attack on your Windows XP
Assets
Tom D’Aquino – Sr. Security Engineer
ABOUT ALIENVAULT
AlienVault has unified the security products, intelligence and
community essential for mid-sized business...
THE CHALLENGE
 Windows XP is end of support and subsequently creating risk for your organization:
 What does “end of sup...
END OF SUPPORT DATES
 As reported by Microsoft:
Available at http://windows.microsoft.com/en-us/windows/lifecycle
END OF SUPPORT CLARIFIED
 As reported by Microsoft:
Available at http://windows.microsoft.com/en-us/windows/lifecycle
ATTACK VECTORS TO CONSIDER
Network Exploits – this is our traditional network worm, which is
exploiting a service running ...
IMMEDIATE ACTIONS TO LIMIT YOUR RISK
Limit Inbound Network Access – place the XP machines on a dedicated network
segment a...
WARNING SIGNS TO WATCH OUT FOR
Command and control traffic
Internal probing
Increased network activity
Connections with kn...
powered by
AV Labs Threat
Intelligence
USM
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset In...
NOW FOR SOME Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Inte...
Upcoming SlideShare
Loading in …5
×

Cover your Assets: How to Limit the Risk of Attack on your XP Assets

756 views
599 views

Published on

As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
In this session we'll cover:
The primary attack vectors you need to consider
Immediate actions you can take to limit the exposure of your XP assets
Warning signs to watch out for that could signal an attack
How to closely monitor your vulnerable assets with AlienVault USM

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
756
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \
  • Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
  • Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
  • Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
  • Limit Inbound Network Access – place the XP machines on a dedicated network segment and limit access by other machines in your environment. Keeping these machines segmented will minimize the chances for these machines to be targeted and exploited. Limiting network access substantially reduces your chance of being targeted and compromised by network exploits. The assets you most need to be concerned about are running your business systems. The point of sale terminals at Target were running Windows XP embedded - cutting them off from the rest of the network would have done a lot! (This mitigates Network Exploits)Use a Non-Administrative Account – the majority of exploits targeting desktop software (web-browsers, java, adobe flash, adobe reader) are mitigated when the user account is a standard user. It is a disruptive task to try and migrate an existing user to a non-administrative account. Instead, try reducing the privileges of your existing user accounts. (This mitigates Browser-based attacks and malicious email attachments)Use a browser with a long-term support plan – if you can’t stop browsing the web from the Windows XP machine, at least use an up-to-date browser. Google Chrome is extending their support until April 2015. If you do choose to browse, please turn off your plugins This mitigates Browser-based attacksRead your email in your browser – using your up-to-date browser, (you are following recommendation 3 right?) leverage your email server’s web front-end and be particularly conservative about the attachments you download and open. (This mitigates Malicious email attachments)Monitor your systems – always check your work! The most important thing is catching an incident before it turns into a problem. Look out for command and control traffic, internal probing, increased network activity and other signs of an infection. Of course AlienVault USM is an excellent choice for this step! - See more at: https://www.alienvault.com/blogs/industry-insights/a-practical-approach-to-the-windows-xp-security-cliff#sthash.VZrW7Cna.dpuf
  • Cover your Assets: How to Limit the Risk of Attack on your XP Assets

    1. 1. Cover Your Assets: How to Limit the Risk of Attack on your Windows XP Assets Tom D’Aquino – Sr. Security Engineer
    2. 2. ABOUT ALIENVAULT AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against today’s modern threats
    3. 3. THE CHALLENGE  Windows XP is end of support and subsequently creating risk for your organization:  What does “end of support” mean?  How do you find out of date assets?  Are your out of date assets vulnerable?  Are your out of date assets being attacked?  What else can you do to manage the risk created by out of date assets?  Event correlation rules and reports
    4. 4. END OF SUPPORT DATES  As reported by Microsoft: Available at http://windows.microsoft.com/en-us/windows/lifecycle
    5. 5. END OF SUPPORT CLARIFIED  As reported by Microsoft: Available at http://windows.microsoft.com/en-us/windows/lifecycle
    6. 6. ATTACK VECTORS TO CONSIDER Network Exploits – this is our traditional network worm, which is exploiting a service running on our XP machine. A classic example of this is the conficker worm that targeted a vulnerability in the server service in Windows XP. Browser-based attacks – this is our most common attack, where a user is targeted as they are browsing the web (or are sent a malicious link in an email) and an exploit targeting the browser or an enabled browser plugin is used to compromise the machine. Malicious Email attachments – another favorite, a malicious attachment is sent with an email and an exploit targeting the program configured to read the attachment is used (our most common target here is the PDF viewer)
    7. 7. IMMEDIATE ACTIONS TO LIMIT YOUR RISK Limit Inbound Network Access – place the XP machines on a dedicated network segment and limit access by other machines in your environment. (This mitigates Network Exploits) Use a Non-Administrative Account – the majority of exploits targeting desktop software are mitigated when the user account is a standard user. (This mitigates Browser-based attacks and malicious email attachments) Use a browser with a long-term support plan - Google Chrome is extending their XP support until April 2015. If you do choose to browse, turn off your plugins (This mitigates Browser-based attacks) Read your email in your browser – leverage your email server’s web front-end and be particularly conservative about the attachments you download and open. (This mitigates Malicious email attachments) Monitor your systems - The most important thing is catching an incident before it turns into a problem.
    8. 8. WARNING SIGNS TO WATCH OUT FOR Command and control traffic Internal probing Increased network activity Connections with known malicious IPs
    9. 9. powered by AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring WHAT TO DO ABOUT OUT OF DATE ASSETS
    10. 10. NOW FOR SOME Q&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Questions? hello@alienvault.com

    ×