Your SlideShare is downloading. ×
0
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Protecting Windows Networks From Malware 31 Jan09

292

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
292
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Protecting Windows networks from Malware <br />MadhurVerma<br />MCSA, MCSE, MCTS, CIW Security Analyst, CEH, MVP (Consumer Security)<br />
  • 2. Agenda<br />Introduction and Background<br />Current Trends<br />Case Studies<br />Defense Arsenal<br />Best Practices<br />
  • 3. Immutable Laws of Security<br />Law#1: If a bad guy can persuade you to run his program on your computer, it&apos;s not your computer anymore<br />Law #2: If a bad guy can alter the operating system on your computer, it&apos;s not your computer anymore<br />
  • 4. Malware<br />&quot;Malware&quot; is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it&apos;s a virus, spyware, et al.<br />
  • 5. Implications<br />Theft of usernames & passwords<br />Theft of corporate secrets<br />Lost network bandwidth<br />Help desk overhead<br />Lost worker productivity<br />Legal Liabilities<br />
  • 6. Rationales<br />Not using security devices <br />Mis-configuration of servers and network devices<br />Installation of unwanted applications and services<br />Poor coding practices<br />Using outdated Antivirus definitions<br />
  • 7. Malicious Software Landscape<br />Harmless<br />Potentially Unwanted<br />Adware, spyware, monitoring software, remote control software<br />Malicious<br />Viruses, worms, Trojans, rootkits, bots<br />
  • 8. Distribution Methods<br />Propagation through E-mail attachments, Pirated software and free shareware programs<br />Mechanism: web pages can use to install software is ActiveX<br />Mechanism of “Drive By download”<br />Deceptive technique of “Pop under exploit”<br />choice of clicking Yes/Ok or No/cancel<br />Faux Security Alert<br />
  • 9. Changing Era<br />Increased propagation vectors<br />Complexity of malicious code, payload and obfuscation<br />Motivation changed from fun, curiosity or fame to money<br />Destruction malware decreasing and information stealing malware increasing<br />Rise in targeted attacks through social engineering<br />Rise in Malware Toolkits<br />Rise in exploitation of Web 2.0<br />
  • 10. Current Trends<br />Compromising trusted and popular websites and embedding malicious code or links to malicious sites<br />Publishing malicious links in search engines, discussion forums etc<br />Development of web-attack toolkits<br />Exploiting client side vulnerabilities<br />
  • 11. Case Study I - Facebook <br />
  • 12. Facebook Widget Installing Spyware<br />
  • 13.
  • 14.
  • 15. Case Study II - Google<br />
  • 16. Google Sponsored Links Spreading Rogue Anti-Virus Software<br />
  • 17.
  • 18.
  • 19.
  • 20. Case Study III - Toolkits<br />
  • 21. Attack Toolkit<br />Intrude & adds IFRAME Snippet<br />iFrame Snippet<br />Malicious Code injected into users’ PC<br />
  • 22. Threat Ecosystem<br />
  • 23. Facts<br />Source: Microsoft Intelligence Report<br />
  • 24. Facts<br />Source: Symantec<br /><ul><li>Rise in web application vulnerabilities
  • 25. Rise in exploitation of client-side vulnerabilities
  • 26. Rise in browser based and browser plug-in based vulnerabilities</li></li></ul><li>Defensive Arsenal<br />
  • 27. Defense-in-Depth<br /><ul><li>Using a layered approach
  • 28. Increases attacker’s risk of detection
  • 29. Reduces attacker’s chance of success</li></ul>Policies, Procedures, and Awareness<br />Security Policy, User education<br />Physical Security<br />Guards, locks, tracking devices<br />Firewalls, VPN quarantine<br />Perimeter<br />Internal Network<br />Network segments, IPSec, NIPS<br />OS hardening, authentication, patch management, HIPS<br />Host<br />Application<br />Application hardening, antivirus, antispyware<br />Data<br />ACL, encryption<br />
  • 30. Implementing Application Layer Filtering<br />Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data<br />Deep content analyses, including the ability to detect, inspect and validate traffic using any port and protocol<br />
  • 31. Protecting the Network: Best Practices<br />Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites<br />Have an incident response plan<br />Implement automated monitoring and report policies<br />Implement intrusion- detection or intrusion-prevention capabilities<br />
  • 32. Protecting Servers: Best Practices<br />Consider each server role implemented in your organization to implement specific host protection solutions<br />Stage all updates through a test environment before releasing into production<br />Deploy regular security and antivirus updates as required<br />Implement a self-managed host protection solution to decrease management costs<br />
  • 33. Protecting Client Computers: Best Practices<br />Identify threats within the host, application, and data layers of the defense-in-depth strategy<br />Implement an effective security update management policy<br />Implement an effective antivirus management policy<br />Use Active Directory Group Policy to manage application security requirements<br />Implement software restriction policies to control applications<br />
  • 34. A Comprehensive Security Solution<br />Services<br />Edge<br />Server Applications<br />Network Access Protection (NAP)<br />Content<br />Client and Server OS<br />Identity Management<br />SystemsManagement<br />Active Directory Federation Services (ADFS)<br />Guidance<br />Developer Tools<br />
  • 35. Best Practices<br />Always run up-to-date software<br />Uninstall unnecessary services and applications<br />Use antivirus and antispyware that offers real-time protection and continually updated definition files to detect and block exploits<br />Enable Data Execution Prevention (DEP) in compatible versions of Windows, which can help prevent a common class of exploits called buffer overflows<br />
  • 36. Best Practices<br />Enable Structured Exception Handling Overwrite Protection (SEHOP) in Windows Vista SP1 and Windows Server 2008, which is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique<br />Set Internet and local intranet security zone settings in Internet Explorer to High, which will cause Internet Explorer to prompt the user before running scripts and ActiveX controls in these zones<br />
  • 37. Best Practices<br />Avoid browsing to sites you do not trust<br />Follow principle of least privilege<br />Read e-mail messages in plain text format to help protect you from the HTML e-mail attack vector<br />Do not click on the links provided in the e-mail from the sources you do not trust<br />
  • 38. Immutable Laws of Security<br />If you don&apos;t keep up with security fixes, your network won&apos;t be yours for long<br />It doesn&apos;t do much good to install security fixes on a computer that was never secured to begin with<br />Security only works if the secure way also happens to be the easy way<br />Eternal vigilance is the price of security<br />
  • 39. Questions?<br />

×