SlideShare a Scribd company logo

Protecting Windows Networks From Malware

Download as PPTX, PDF
Rishu Mehra
Rishu Mehra

This document discusses protecting Windows networks from malware. It begins with two "immutable laws of security": if a bad actor can persuade you to run their program or alter the operating system, the computer is no longer yours. It then discusses current malware trends like compromising trusted websites and toolkits. Case studies show malware being spread through Facebook and Google. Best practices for defense include using defense-in-depth with policies, firewalls, host security, and continual patching and updates.

1 of 36
Protecting Windows networks from Malware MadhurVerma MCSA, MCSE, MCTS, CIW Security Analyst, CEH, MVP (Consumer Security)
Agenda Introduction and Background Current Trends Case Studies Defense Arsenal Best Practices
Immutable Laws of Security Law#1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Malware "Malware" is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al.
Implications Theft of usernames & passwords Theft of corporate secrets Lost network bandwidth Help desk overhead Lost worker productivity Legal Liabilities
Rationales Not using security devices Mis-configuration of servers and network devices Installation of unwanted applications and services Poor coding practices Using outdated Antivirus definitions
Malicious Software Landscape Harmless Potentially Unwanted Adware, spyware, monitoring software, remote control software Malicious Viruses, worms, Trojans, rootkits, bots
Distribution Methods Propagation through E-mail attachments, Pirated software and free shareware programs Mechanism: web pages can use to install software is ActiveX Mechanism of “Drive By download” Deceptive technique of “Pop under exploit” choice of clicking Yes/Ok or No/cancel Faux Security Alert
Changing Era Increased propagation vectors Complexity of malicious code, payload and obfuscation Motivation changed from fun, curiosity or fame to money Destruction malware decreasing and information stealing malware increasing Rise in targeted attacks through social engineering Rise in Malware Toolkits Rise in exploitation of Web 2.0
Current Trends Compromising trusted and popular websites and embedding malicious code or links to malicious sites Publishing malicious links in search engines, discussion forums etc Development of web-attack toolkits Exploiting client side vulnerabilities
Case Study I - Facebook
Facebook Widget Installing Spyware
Case Study II - Google
Google Sponsored Links Spreading Rogue Anti-Virus Software
Case Study III - Toolkits
Attack Toolkit Intrude & adds IFRAME Snippet iFrame Snippet Malicious Code injected into users’ PC
Threat Ecosystem
Facts Source: Microsoft Intelligence Report
Facts Source: Symantec ,[object Object]
Rise in exploitation of client-side vulnerabilities
Rise in browser based and browser plug-in based vulnerabilities,[object Object]
Defense-in-Depth ,[object Object]
Increases attacker’s risk of detection
Reduces attacker’s chance of successPolicies, Procedures, and Awareness Security Policy, User education Physical Security Guards, locks, tracking devices Firewalls, VPN quarantine Perimeter Internal Network Network segments, IPSec, NIPS OS hardening, authentication, patch management, HIPS Host Application Application hardening, antivirus, antispyware Data ACL, encryption
Implementing Application Layer Filtering Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data Deep content analyses, including the ability to detect, inspect and validate traffic using any port and protocol
Protecting the Network: Best Practices Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites Have an incident response plan Implement automated monitoring and report policies Implement intrusion- detection or intrusion-prevention capabilities
Protecting Servers: Best Practices Consider each server role implemented in your organization to implement specific host protection solutions Stage all updates through a test environment before releasing into production Deploy regular security and antivirus updates as required Implement a self-managed host protection solution to decrease management costs
Protecting Client Computers: Best Practices Identify threats within the host, application, and data layers of the defense-in-depth strategy Implement an effective security update management policy Implement an effective antivirus management policy Use Active Directory Group Policy to manage application security requirements Implement software restriction policies to control applications
A Comprehensive Security Solution Services Edge Server Applications Network Access Protection (NAP) Content Client and Server OS Identity Management SystemsManagement Active Directory Federation Services (ADFS) Guidance Developer Tools
Best Practices Always run up-to-date software Uninstall unnecessary services and applications Use antivirus and antispyware that offers real-time protection and continually updated definition files to detect and block exploits Enable Data Execution Prevention (DEP) in compatible versions of Windows, which can help prevent a common class of exploits called buffer overflows
Best Practices Enable Structured Exception Handling Overwrite Protection (SEHOP) in Windows Vista SP1 and Windows Server 2008, which is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique Set Internet and local intranet security zone settings in Internet Explorer to High, which will cause Internet Explorer to prompt the user before running scripts and ActiveX controls in these zones

Recommended

Security testing
Security testingSecurity testing
Security testing
baskar p
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
Ezhilan Elangovan (Eril)
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
Safeguarding Your Data
Safeguarding Your DataSafeguarding Your Data
Safeguarding Your Data
tgturner05
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
Education
 
Web application security measures
Web application security measuresWeb application security measures
Web application security measures
ICT Frame Magazine Pvt. Ltd.
 
Tripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire Adaptive Threat Protection
Tripwire Adaptive Threat Protection
Tripwire
 

Recommended

Security testing
Security testingSecurity testing
Security testing
baskar p
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
Ezhilan Elangovan (Eril)
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
Safeguarding Your Data
Safeguarding Your DataSafeguarding Your Data
Safeguarding Your Data
tgturner05
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
Education
 
Web application security measures
Web application security measuresWeb application security measures
Web application security measures
ICT Frame Magazine Pvt. Ltd.
 
Tripwire Adaptive Threat Protection
Tripwire Adaptive Threat ProtectionTripwire Adaptive Threat Protection
Tripwire Adaptive Threat Protection
Tripwire
 
Bcis Csm Chapter Three
Bcis Csm Chapter ThreeBcis Csm Chapter Three
Bcis Csm Chapter Three
backdoor
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
OPSWAT
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testing
shwetaupadhyay
 
User wareness
User warenessUser wareness
User wareness
Securelogy
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
EC-Council
 
Network Situational Awareness using Tripwire IP360
Network Situational Awareness using Tripwire IP360Network Situational Awareness using Tripwire IP360
Network Situational Awareness using Tripwire IP360
Tripwire
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
North Texas Chapter of the ISSA
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
OPSWAT
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
David Perkins
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud Cybersecurity
David Zaizar
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
primeteacher32
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
North Texas Chapter of the ISSA
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
Nagasahas DS
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
Alert Logic
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
Jim Kaplan CIA CFE
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurity
TestingXperts
 
Microsoft India Academic Initiatives
Microsoft India Academic InitiativesMicrosoft India Academic Initiatives
Microsoft India Academic Initiatives
Rishu Mehra
 
SQLServerGeek.com (Intro)
SQLServerGeek.com (Intro)SQLServerGeek.com (Intro)
SQLServerGeek.com (Intro)
Rishu Mehra
 

More Related Content

What's hot

Bcis Csm Chapter Three
Bcis Csm Chapter ThreeBcis Csm Chapter Three
Bcis Csm Chapter Three
backdoor
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
OPSWAT
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testing
shwetaupadhyay
 
User wareness
User warenessUser wareness
User wareness
Securelogy
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
EC-Council
 
Network Situational Awareness using Tripwire IP360
Network Situational Awareness using Tripwire IP360Network Situational Awareness using Tripwire IP360
Network Situational Awareness using Tripwire IP360
Tripwire
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
North Texas Chapter of the ISSA
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
OPSWAT
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
David Perkins
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud Cybersecurity
David Zaizar
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
primeteacher32
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
North Texas Chapter of the ISSA
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
Nagasahas DS
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
Alert Logic
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
Jim Kaplan CIA CFE
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurity
TestingXperts
 

What's hot (20)

Bcis Csm Chapter Three
Bcis Csm Chapter ThreeBcis Csm Chapter Three
Bcis Csm Chapter Three
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testing
 
User wareness
User warenessUser wareness
User wareness
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
Network Situational Awareness using Tripwire IP360
Network Situational Awareness using Tripwire IP360Network Situational Awareness using Tripwire IP360
Network Situational Awareness using Tripwire IP360
 
Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017Security Implications of the Cloud - CSS ATX 2017
Security Implications of the Cloud - CSS ATX 2017
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Website security
Website securityWebsite security
Website security
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud Cybersecurity
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
 
CSS Trivia
CSS TriviaCSS Trivia
CSS Trivia
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurity
 

Viewers also liked

Microsoft India Academic Initiatives
Microsoft India Academic InitiativesMicrosoft India Academic Initiatives
Microsoft India Academic Initiatives
Rishu Mehra
 
SQLServerGeek.com (Intro)
SQLServerGeek.com (Intro)SQLServerGeek.com (Intro)
SQLServerGeek.com (Intro)
Rishu Mehra
 
Windows 7 for IT Professionals
Windows 7 for IT ProfessionalsWindows 7 for IT Professionals
Windows 7 for IT Professionals
Rishu Mehra
 
Windows 7
Windows 7Windows 7
Windows 7
Rishu Mehra
 
Building Systems Using The Workflow Approach
Building Systems Using The Workflow ApproachBuilding Systems Using The Workflow Approach
Building Systems Using The Workflow Approach
Rishu Mehra
 
Web Developing Tools
Web Developing ToolsWeb Developing Tools
Web Developing Tools
Rishu Mehra
 
What is Microsoft Student Partner Program?
What is Microsoft Student Partner Program?What is Microsoft Student Partner Program?
What is Microsoft Student Partner Program?
Rishu Mehra
 

Viewers also liked (7)

Microsoft India Academic Initiatives
Microsoft India Academic InitiativesMicrosoft India Academic Initiatives
Microsoft India Academic Initiatives
 
SQLServerGeek.com (Intro)
SQLServerGeek.com (Intro)SQLServerGeek.com (Intro)
SQLServerGeek.com (Intro)
 
Windows 7 for IT Professionals
Windows 7 for IT ProfessionalsWindows 7 for IT Professionals
Windows 7 for IT Professionals
 
Windows 7
Windows 7Windows 7
Windows 7
 
Building Systems Using The Workflow Approach
Building Systems Using The Workflow ApproachBuilding Systems Using The Workflow Approach
Building Systems Using The Workflow Approach
 
Web Developing Tools
Web Developing ToolsWeb Developing Tools
Web Developing Tools
 
What is Microsoft Student Partner Program?
What is Microsoft Student Partner Program?What is Microsoft Student Partner Program?
What is Microsoft Student Partner Program?
 

Similar to Protecting Windows Networks From Malware

Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
Lumension
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
Acend Corporate Learning
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
IJNSA Journal
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
Lumension
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
AmeliaJonas2
 
Skillmine-InfoSecurity-VAPT-V.2.
Skillmine-InfoSecurity-VAPT-V.2.Skillmine-InfoSecurity-VAPT-V.2.
Skillmine-InfoSecurity-VAPT-V.2.
Skillmine Technology Consulting
 
185
185185
185
vivatechijri
 
NetWitness
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
xsy
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptx
VinayPratap58
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
anandanand521251
 

Similar to Protecting Windows Networks From Malware (20)

Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Skillmine-InfoSecurity-VAPT-V.2.
Skillmine-InfoSecurity-VAPT-V.2.Skillmine-InfoSecurity-VAPT-V.2.
Skillmine-InfoSecurity-VAPT-V.2.
 
185
185185
185
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Application security
Application securityApplication security
Application security
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptx
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 

More from Rishu Mehra

I Unlock Joy! - ITM Gurgaon
I Unlock Joy! - ITM GurgaonI Unlock Joy! - ITM Gurgaon
I Unlock Joy! - ITM Gurgaon
Rishu Mehra
 
all you need to know about windows phone
all you need to know about windows phoneall you need to know about windows phone
all you need to know about windows phone
Rishu Mehra
 
Blurring the difference of Web & Native Apps with HTML 5 & IE 9
Blurring the difference of Web & Native Apps with HTML 5 & IE 9Blurring the difference of Web & Native Apps with HTML 5 & IE 9
Blurring the difference of Web & Native Apps with HTML 5 & IE 9
Rishu Mehra
 
Lync Server
Lync ServerLync Server
Lync Server
Rishu Mehra
 
Office365
Office365Office365
Office365
Rishu Mehra
 
Windows Phone 7: Interfacing
Windows Phone 7: InterfacingWindows Phone 7: Interfacing
Windows Phone 7: Interfacing
Rishu Mehra
 
Hello, windows phone!
Hello, windows phone!Hello, windows phone!
Hello, windows phone!
Rishu Mehra
 
Windows Phone 7 Applications with Silverlight
Windows Phone 7 Applications with SilverlightWindows Phone 7 Applications with Silverlight
Windows Phone 7 Applications with Silverlight
Rishu Mehra
 
Windows Phone 7: Silverlight
Windows Phone 7: SilverlightWindows Phone 7: Silverlight
Windows Phone 7: Silverlight
Rishu Mehra
 
SharePoint 2010 for IT Pros
SharePoint 2010 for IT ProsSharePoint 2010 for IT Pros
SharePoint 2010 for IT Pros
Rishu Mehra
 
SharePoint 2010 for Devs
SharePoint 2010 for DevsSharePoint 2010 for Devs
SharePoint 2010 for Devs
Rishu Mehra
 
Ado.net entity framework_4.0
Ado.net entity framework_4.0Ado.net entity framework_4.0
Ado.net entity framework_4.0
Rishu Mehra
 
SQL Server 2008 R2 - Implementing High Availabilitty
SQL Server 2008 R2 - Implementing High AvailabilittySQL Server 2008 R2 - Implementing High Availabilitty
SQL Server 2008 R2 - Implementing High Availabilitty
Rishu Mehra
 
Microsoft Community Tools
Microsoft Community ToolsMicrosoft Community Tools
Microsoft Community Tools
Rishu Mehra
 
Visual studio 2010
Visual studio 2010Visual studio 2010
Visual studio 2010
Rishu Mehra
 
Mvc 4 0_jayant_jindal_28082010
Mvc 4 0_jayant_jindal_28082010Mvc 4 0_jayant_jindal_28082010
Mvc 4 0_jayant_jindal_28082010
Rishu Mehra
 
Microsoft CTD & User Groups
Microsoft CTD & User GroupsMicrosoft CTD & User Groups
Microsoft CTD & User Groups
Rishu Mehra
 
.Net Performance by Bijoy Singhal
.Net Performance by Bijoy Singhal.Net Performance by Bijoy Singhal
.Net Performance by Bijoy Singhal
Rishu Mehra
 
Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...
Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...
Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...
Rishu Mehra
 
SQL Server Profiler & Performance Monitor - SarabPreet Singh
SQL Server Profiler & Performance Monitor - SarabPreet SinghSQL Server Profiler & Performance Monitor - SarabPreet Singh
SQL Server Profiler & Performance Monitor - SarabPreet Singh
Rishu Mehra
 

More from Rishu Mehra (20)

I Unlock Joy! - ITM Gurgaon
I Unlock Joy! - ITM GurgaonI Unlock Joy! - ITM Gurgaon
I Unlock Joy! - ITM Gurgaon
 
all you need to know about windows phone
all you need to know about windows phoneall you need to know about windows phone
all you need to know about windows phone
 
Blurring the difference of Web & Native Apps with HTML 5 & IE 9
Blurring the difference of Web & Native Apps with HTML 5 & IE 9Blurring the difference of Web & Native Apps with HTML 5 & IE 9
Blurring the difference of Web & Native Apps with HTML 5 & IE 9
 
Lync Server
Lync ServerLync Server
Lync Server
 
Office365
Office365Office365
Office365
 
Windows Phone 7: Interfacing
Windows Phone 7: InterfacingWindows Phone 7: Interfacing
Windows Phone 7: Interfacing
 
Hello, windows phone!
Hello, windows phone!Hello, windows phone!
Hello, windows phone!
 
Windows Phone 7 Applications with Silverlight
Windows Phone 7 Applications with SilverlightWindows Phone 7 Applications with Silverlight
Windows Phone 7 Applications with Silverlight
 
Windows Phone 7: Silverlight
Windows Phone 7: SilverlightWindows Phone 7: Silverlight
Windows Phone 7: Silverlight
 
SharePoint 2010 for IT Pros
SharePoint 2010 for IT ProsSharePoint 2010 for IT Pros
SharePoint 2010 for IT Pros
 
SharePoint 2010 for Devs
SharePoint 2010 for DevsSharePoint 2010 for Devs
SharePoint 2010 for Devs
 
Ado.net entity framework_4.0
Ado.net entity framework_4.0Ado.net entity framework_4.0
Ado.net entity framework_4.0
 
SQL Server 2008 R2 - Implementing High Availabilitty
SQL Server 2008 R2 - Implementing High AvailabilittySQL Server 2008 R2 - Implementing High Availabilitty
SQL Server 2008 R2 - Implementing High Availabilitty
 
Microsoft Community Tools
Microsoft Community ToolsMicrosoft Community Tools
Microsoft Community Tools
 
Visual studio 2010
Visual studio 2010Visual studio 2010
Visual studio 2010
 
Mvc 4 0_jayant_jindal_28082010
Mvc 4 0_jayant_jindal_28082010Mvc 4 0_jayant_jindal_28082010
Mvc 4 0_jayant_jindal_28082010
 
Microsoft CTD & User Groups
Microsoft CTD & User GroupsMicrosoft CTD & User Groups
Microsoft CTD & User Groups
 
.Net Performance by Bijoy Singhal
.Net Performance by Bijoy Singhal.Net Performance by Bijoy Singhal
.Net Performance by Bijoy Singhal
 
Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...
Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...
Uploading Data From Microsoft Excel - Microsoft SLQ Server 2008 (by Rakesh Mi...
 
SQL Server Profiler & Performance Monitor - SarabPreet Singh
SQL Server Profiler & Performance Monitor - SarabPreet SinghSQL Server Profiler & Performance Monitor - SarabPreet Singh
SQL Server Profiler & Performance Monitor - SarabPreet Singh
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 

Protecting Windows Networks From Malware

  • 1. Protecting Windows networks from Malware MadhurVerma MCSA, MCSE, MCTS, CIW Security Analyst, CEH, MVP (Consumer Security)
  • 2. Agenda Introduction and Background Current Trends Case Studies Defense Arsenal Best Practices
  • 3. Immutable Laws of Security Law#1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
  • 4. Malware "Malware" is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al.
  • 5. Implications Theft of usernames & passwords Theft of corporate secrets Lost network bandwidth Help desk overhead Lost worker productivity Legal Liabilities
  • 6. Rationales Not using security devices Mis-configuration of servers and network devices Installation of unwanted applications and services Poor coding practices Using outdated Antivirus definitions
  • 7. Malicious Software Landscape Harmless Potentially Unwanted Adware, spyware, monitoring software, remote control software Malicious Viruses, worms, Trojans, rootkits, bots
  • 8. Distribution Methods Propagation through E-mail attachments, Pirated software and free shareware programs Mechanism: web pages can use to install software is ActiveX Mechanism of “Drive By download” Deceptive technique of “Pop under exploit” choice of clicking Yes/Ok or No/cancel Faux Security Alert
  • 9. Changing Era Increased propagation vectors Complexity of malicious code, payload and obfuscation Motivation changed from fun, curiosity or fame to money Destruction malware decreasing and information stealing malware increasing Rise in targeted attacks through social engineering Rise in Malware Toolkits Rise in exploitation of Web 2.0
  • 10. Current Trends Compromising trusted and popular websites and embedding malicious code or links to malicious sites Publishing malicious links in search engines, discussion forums etc Development of web-attack toolkits Exploiting client side vulnerabilities
  • 11. Case Study I - Facebook
  • 13.
  • 14.
  • 15. Case Study II - Google
  • 16. Google Sponsored Links Spreading Rogue Anti-Virus Software
  • 17.
  • 18.
  • 19.
  • 20. Case Study III - Toolkits
  • 21. Attack Toolkit Intrude & adds IFRAME Snippet iFrame Snippet Malicious Code injected into users’ PC
  • 23. Facts Source: Microsoft Intelligence Report
  • 24.
  • 25. Rise in exploitation of client-side vulnerabilities
  • 26.
  • 27.
  • 29. Reduces attacker’s chance of successPolicies, Procedures, and Awareness Security Policy, User education Physical Security Guards, locks, tracking devices Firewalls, VPN quarantine Perimeter Internal Network Network segments, IPSec, NIPS OS hardening, authentication, patch management, HIPS Host Application Application hardening, antivirus, antispyware Data ACL, encryption
  • 30. Implementing Application Layer Filtering Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data Deep content analyses, including the ability to detect, inspect and validate traffic using any port and protocol
  • 31. Protecting the Network: Best Practices Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites Have an incident response plan Implement automated monitoring and report policies Implement intrusion- detection or intrusion-prevention capabilities
  • 32. Protecting Servers: Best Practices Consider each server role implemented in your organization to implement specific host protection solutions Stage all updates through a test environment before releasing into production Deploy regular security and antivirus updates as required Implement a self-managed host protection solution to decrease management costs
  • 33. Protecting Client Computers: Best Practices Identify threats within the host, application, and data layers of the defense-in-depth strategy Implement an effective security update management policy Implement an effective antivirus management policy Use Active Directory Group Policy to manage application security requirements Implement software restriction policies to control applications
  • 34. A Comprehensive Security Solution Services Edge Server Applications Network Access Protection (NAP) Content Client and Server OS Identity Management SystemsManagement Active Directory Federation Services (ADFS) Guidance Developer Tools
  • 35. Best Practices Always run up-to-date software Uninstall unnecessary services and applications Use antivirus and antispyware that offers real-time protection and continually updated definition files to detect and block exploits Enable Data Execution Prevention (DEP) in compatible versions of Windows, which can help prevent a common class of exploits called buffer overflows
  • 36. Best Practices Enable Structured Exception Handling Overwrite Protection (SEHOP) in Windows Vista SP1 and Windows Server 2008, which is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique Set Internet and local intranet security zone settings in Internet Explorer to High, which will cause Internet Explorer to prompt the user before running scripts and ActiveX controls in these zones
  • 37. Best Practices Avoid browsing to sites you do not trust Follow principle of least privilege Read e-mail messages in plain text format to help protect you from the HTML e-mail attack vector Do not click on the links provided in the e-mail from the sources you do not trust
  • 38. Immutable Laws of Security If you don't keep up with security fixes, your network won't be yours for long It doesn't do much good to install security fixes on a computer that was never secured to begin with Security only works if the secure way also happens to be the easy way Eternal vigilance is the price of security