Security4all Desktop Security

1,591 views

Published on

Published in: Economy & Finance, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,591
On SlideShare
0
From Embeds
0
Number of Embeds
84
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security4all Desktop Security

  1. 1. Desktop Security How to protect our desktop computers Security4all Information Security Consultant
  2. 2. The unsinkable ship
  3. 3. Today’s Agenda • The risk landscape • The effectiveness of our technology • Possible countermeasures
  4. 4. Know your Risks
  5. 5. Motivations evolved from play to business • Revenge • Extortion • Competetive Sabotage • Industrial espionage • Political Activism 2001 2003 2005 2007 Political/Main Experimental Extortion For Hire stream 2002 2004 2006
  6. 6. “heike” 黑客
  7. 7. N.C.P.H. “For-profit” Hacker group 玫瑰 Wicked Rose Source: www.mghacker.com
  8. 8. $242 (1,967 RMB)
  9. 9. $625 (5,000 RMB) +150%
  10. 10. Table: Breakdown of goods available for sale on underground economy servers Source: Symantec Corporation Rank Item Percentage Range of Prices 1 Credit cards 22% 0.50$ - 5$ 2 Bank accounts 21% 30$ - 400$ 3 Email passwords 8% 1$ - 350$ 4 Mailers 8% 8$ - 10$ 5 Email addresses 6% 2$/MB – 4$/MB 6 Proxies 6% 0.50$ - 3$ 7 Full identity 6% 10$ - 150$ 8 Scams 6% 10$/week 9 Social security 3% 5$ - 7$ numbers 10 Compromised 2% 2$ - 10$ unix shells
  11. 11. Russian Business Network • Mpack • Storm Worm • Phishing • Banking Trojans www.bizeul.org/files/RBN_study.pdf
  12. 12. Titan Rain
  13. 13. November 2007 concentrated campaign of cyber espionage against UK businesses
  14. 14. November 2007 160GB
  15. 15. March 2008
  16. 16. The technology
  17. 17. Virus scanners
  18. 18. 11 October MS07-60
  19. 19. File .doc received on 23.10.2007 Result: 10/32 (31.25%)
  20. 20. File .doc received on 10.02.2008 Result: 11/32 (34.38%)
  21. 21. Report: All Your iFrame Are Point to Us (11 February 2008)
  22. 22. Firewalls
  23. 23. Firewalls are not security devices, they are more for network hygiene
  24. 24. DNS tunneling
  25. 25. Patching
  26. 26. 55 Days 16 January 11 March
  27. 27. Don’t forget to patch these ! • Macromedia Flash • Acrobat Reader (PDF) • Sun Java • RealPlayer • Apple Quicktime
  28. 28. Encryption
  29. 29. Countermeasures
  30. 30. quot;A false sense of security, is worse than insecurityquot; - Steve Gibson

×