how not to lose your computer or your research - serc
TRANSCRIPT
How not to lose your computer How not to lose your computer or your researchor your research
M.R. MuralidharanM.R. MuralidharanSERCSERCIIScIISc
2
’’08 Threat Landscape Shift08 Threat Landscape Shift
Threats are indiscriminate, hit everyoneThreats are highly targeted,
regionalized
Threats are disruptive impact visibleThreats steal data & damage brands
impact unclear
Remediation action is technical (“remove”)Remediation more complex, may
need to investigate data leak
Going through perimeter and gateway Going after uneducated network clients and other endpoints
2008 LandscapeCrimeware
2004 LandscapeVirus
Threats are noisy & visible to everyoneThreats are silent & unnoticed
with variants
The Battle has changed
VirusVirus
Self replicatingSelf replicatingAttaches to another piece of softwareAttaches to another piece of softwareRuns when openedRuns when openedAffects the system in some wayAffects the system in some way–– Harmless pranksHarmless pranks–– Network slow downsNetwork slow downs–– System damage or data lossSystem damage or data loss–– Compromises system securityCompromises system security
Trojan HorseTrojan Horse
Camouflages a virusCamouflages a virusLooks like a legitimate programLooks like a legitimate programWill not automatically runWill not automatically runOnce openedOnce opened–– Spreads virusSpreads virus–– May create another Trojan horseMay create another Trojan horse
WormsWorms
SelfSelf--containedcontained–– Independent programsIndependent programs–– Do not attach to other filesDo not attach to other filesUsually spread over a networkUsually spread over a networkBehave like a virus, but are more likely to Behave like a virus, but are more likely to cause network slowdownscause network slowdowns
ExamplesExamples
VirusesViruses–– Melissa.AMelissa.A Level 4Level 4–– VBS.Loveletter.FW.AVBS.Loveletter.FW.A Level 4Level 4
TrojansTrojans–– PWSteal.LdpinchPWSteal.Ldpinch Level 1Level 1–– Backdoor.AcropolisBackdoor.Acropolis Level 2Level 2
•• WormsWorms–– W32.Blaster.Worm Level 3W32.Blaster.Worm Level 3–– W32.Mydoom.A@mm Level 3W32.Mydoom.A@mm Level 3
Program writers create them with malicious Program writers create them with malicious intent:intent:–– Aim to harm a company by causing loss of Aim to harm a company by causing loss of
information or moneyinformation or money–– Seek media attentionSeek media attention–– Seek access to private information to be used with Seek access to private information to be used with
criminal intentcriminal intent
Action from User and AdministratorAction from User and Administrator
Antivirus programAntivirus programspy ware removal programspy ware removal programPersonal hardware and/or software firewallPersonal hardware and/or software firewalli.e. Router firewall and Windows firewalli.e. Router firewall and Windows firewall–– Updated/Secure softwareUpdated/Secure software
Windows UpdatesWindows UpdatesMicrosoft Office UpdatesMicrosoft Office UpdatesSecure, updated internet browserSecure, updated internet browserUnderstand that Security is a moving target no Understand that Security is a moving target no way anyone can assure 100% securityway anyone can assure 100% security
ToolsToolsSymantec Endpoint ProtectionSymantec Endpoint ProtectionMicrosoft Baseline Security AnalyzerMicrosoft Baseline Security AnalyzerMicrosoft Security CentreMicrosoft Security CentreSystem RestoreSystem Restore
Symantec Endpoint Protection Symantec Endpoint Protection 11.0.401011.0.4010
IISc AV ManagementIISc AV Management
Managed Clients
Symantec EndpointServer at SERC
Internet
IISc NetworkIISc Network
Unmanaged Clients
Symantec Server
Symantec Server
Unmanaged Clients Server @ SERC
Managed client 1 Managed client 2 ... Managed client n
SEP 11.0.4010
Clients within IISc network
SEP 11.0.4010SEP 11.0.4010
Symantec Endpoint Protection 11.0.4010
Managed Version Unmanaged Version
32-bit 64-bit 32-bit 64-bit
System RequirementsSystem Requirements
256 MB256 MB RAM RAM 600 MB600 MB (32(32--bit), bit), 700700 MB (x64)MB (x64)Super VGA (1024x768) or higherSuper VGA (1024x768) or higher--resolution video adapter and monitorresolution video adapter and monitor
OPERATING SYSTEMS SUPPORTEDOPERATING SYSTEMS SUPPORTED
Windows 2000 Professional / Server / Advanced Server / Windows 2000 Professional / Server / Advanced Server / Datacenter Server / Small Business Server Datacenter Server / Small Business Server -- with SP3 or with SP3 or greatergreater
Windows XP Home / Tablet PC / Media Center 2002 / Windows XP Home / Tablet PC / Media Center 2002 / Professional / Professional x64 Professional / Professional x64 -- with SP1 or greaterwith SP1 or greater
Windows Vista Home Basic / Home Premium / Business / Windows Vista Home Basic / Home Premium / Business / Enterprise / Ultimate Enterprise / Ultimate -- 3232--bit or x64 editionbit or x64 edition
Windows Server 2003 Standard / Enterprise / Datacenter / Windows Server 2003 Standard / Enterprise / Datacenter / Storage / Web / Cluster / Small Business Server Storage / Web / Cluster / Small Business Server -- 3232--bit or bit or x64 edition x64 edition
Symantec Endpoint Protection Symantec Endpoint Protection MangerManger
Symantec Endpoint Protection Symantec Endpoint Protection MangerManger
18
Symantec Endpoint Protection Symantec Endpoint Protection -- SummarySummary
• The World’s leading anti-virus solution• More consecutive Virus Bulletin certifications (31) than
any vendor
• Best anti-spyware, leading the pack in rootkit detection and removal
• Includes VxMS scanning technology (Veritas)
• Industry’s best managed desktop firewall• Adaptive policies lead the pack for location awareness• Sygate and Symantec Client Security
• Behavior-based Intrusion prevention (Whole Security)• Network traffic inspection adds vulnerability-based
protection
• Device control to prevent data leakage at the endpoint (Sygate)
• Protection against mp3 players, USB sticks, etc
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Symantec Endpoint Client Symantec Endpoint Client
ScanScan
Change SettingsChange Settings
Microsoft Baseline Security Microsoft Baseline Security AnalyzerAnalyzer
MBSAMBSA
Result of MBSA analysisResult of MBSA analysis
System RestoreSystem Restore
Restore PointsRestore Points
Restore OperationRestore Operation
Initial system checkpointsInitial system checkpointsSystem checkpoints System checkpoints –– every 24 hours of calendar time orevery 24 hours of calendar time or–– every 24 hours your computer is turned on every 24 hours your computer is turned on
Program name installation restore points Program name installation restore points WindowsWindows XP Professional Auto Update restore points XP Professional Auto Update restore points Manually created restore pointsManually created restore pointsRestore operation restore pointRestore operation restore pointUnsigned device driver restore pointsUnsigned device driver restore pointsMicrosoft Backup utility recovery restore pointsMicrosoft Backup utility recovery restore pointsChange or remove a programChange or remove a program. .
In a nutshellIn a nutshell
DonDon’’t Run Unknown Programst Run Unknown ProgramsUPDATE OS, Applications RegularlyUPDATE OS, Applications RegularlySAFEGUARD Identity and PasswordSAFEGUARD Identity and PasswordASSURE Sufficient Resources for Proper System CareASSURE Sufficient Resources for Proper System CareThere is no 100 % security, hence ready to FACE There is no 100 % security, hence ready to FACE InsecurityInsecurityEVERYBODY Needs to Do Their PartEVERYBODY Needs to Do Their Part
TAKE BACKUP of YOUR DATA As TAKE BACKUP of YOUR DATA As Often As POSSIBLEOften As POSSIBLE
SummarySummary
Viruses, Viruses, trojanstrojans and worms can all cause and worms can all cause damage to your computer and datadamage to your computer and dataPrevent infections by keeping your Prevent infections by keeping your computer software and antivirus scanner computer software and antivirus scanner upup--toto--date.date.Practice safe computingPractice safe computingKnow your recovery options, and use the Know your recovery options, and use the tools available to you if you are infected.tools available to you if you are infected.QUESTIONS?QUESTIONS?
Thank YouThank You