protecting windows networks from malware
TRANSCRIPT
![Page 1: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/1.jpg)
Protecting Windows networks from Malware
Madhur VermaMCSA, MCSE, MCTS, CIW Security Analyst,
CEH, MVP (Consumer Security)
![Page 2: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/2.jpg)
Agenda
• Introduction and Background• Current Trends• Case Studies• Defense Arsenal• Best Practices
![Page 3: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/3.jpg)
Immutable Laws of Security
Law#1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
![Page 4: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/4.jpg)
Malware
"Malware" is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al.
![Page 5: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/5.jpg)
Implications
• Theft of usernames & passwords• Theft of corporate secrets• Lost network bandwidth• Help desk overhead• Lost worker productivity• Legal Liabilities
![Page 6: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/6.jpg)
Rationales
• Not using security devices • Mis-configuration of servers and network
devices• Installation of unwanted applications and
services• Poor coding practices• Using outdated Antivirus definitions
![Page 7: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/7.jpg)
Malicious Software Landscape
Viruses, worms, Trojans, rootkits, bots
Adware, spyware, monitoring software, remote control software
Harmless
Potentially Unwanted
Malicious
![Page 8: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/8.jpg)
Distribution Methods• Propagation through E-mail attachments, Pirated
software and free shareware programs• Mechanism: web pages can use to install
software is ActiveX• Mechanism of “Drive By download”• Deceptive technique of “Pop under exploit”
– choice of clicking Yes/Ok or No/cancel• Faux Security Alert
![Page 9: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/9.jpg)
Changing Era• Increased propagation vectors• Complexity of malicious code, payload and
obfuscation• Motivation changed from fun, curiosity or fame to
money• Destruction malware decreasing and information
stealing malware increasing• Rise in targeted attacks through social engineering• Rise in Malware Toolkits• Rise in exploitation of Web 2.0
![Page 10: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/10.jpg)
Current Trends
• Compromising trusted and popular websites and embedding malicious code or links to malicious sites
• Publishing malicious links in search engines, discussion forums etc
• Development of web-attack toolkits• Exploiting client side vulnerabilities
![Page 11: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/11.jpg)
Case Study I - Facebook
![Page 12: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/12.jpg)
Facebook Widget Installing Spyware
![Page 13: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/13.jpg)
![Page 14: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/14.jpg)
![Page 15: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/15.jpg)
Case Study II - Google
![Page 16: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/16.jpg)
Google Sponsored Links Spreading Rogue Anti-Virus Software
![Page 17: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/17.jpg)
![Page 18: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/18.jpg)
![Page 19: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/19.jpg)
![Page 20: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/20.jpg)
Case Study III - Toolkits
![Page 21: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/21.jpg)
Attack Toolkit
iFrame Snippet
Intrude & adds IFRAME Snippet
Malicious Code injected into users’ PC
![Page 22: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/22.jpg)
Threat Ecosystem
![Page 23: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/23.jpg)
Facts
Source: Microsoft Intelligence Report
![Page 24: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/24.jpg)
Facts
• Rise in web application vulnerabilities• Rise in exploitation of client-side vulnerabilities• Rise in browser based and browser plug-in based vulnerabilities
Source: Symantec
![Page 25: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/25.jpg)
Defensive Arsenal
![Page 26: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/26.jpg)
Policies, Procedures, and Awareness
• Using a layered approach– Increases attacker’s risk of detection – Reduces attacker’s chance of success
OS hardening, authentication, patch management, HIPS
Firewalls, VPN quarantine
Guards, locks, tracking devices
Network segments, IPSec, NIPS
Application hardening, antivirus, antispywareACL, encryption
Security Policy, User education
Physical Security
Perimeter
Internal Network
Host
Application
Data
Defense-in-Depth
![Page 27: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/27.jpg)
Implementing Application Layer Filtering
• Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data
• Deep content analyses, including the ability to detect, inspect and validate traffic using any port and protocol
![Page 28: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/28.jpg)
Protecting the Network: Best Practices
• Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites
• Have an incident response plan• Implement automated monitoring and report
policies• Implement intrusion- detection or intrusion-
prevention capabilities
![Page 29: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/29.jpg)
Protecting Servers: Best Practices
• Consider each server role implemented in your organization to implement specific host protection solutions
• Stage all updates through a test environment before releasing into production
• Deploy regular security and antivirus updates as required
• Implement a self-managed host protection solution to decrease management costs
![Page 30: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/30.jpg)
Protecting Client Computers: Best Practices
• Identify threats within the host, application, and data layers of the defense-in-depth strategy
• Implement an effective security update management policy
• Implement an effective antivirus management policy
• Use Active Directory Group Policy to manage application security requirements
• Implement software restriction policies to control applications
![Page 31: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/31.jpg)
Guidance
Developer Tools
SystemsManagementActive Directory
Federation Services (ADFS)
Identity
Management
Content
Services
Client and Server OS
Server Applicatio
ns
Edge
Network Access Protection (NAP)
A Comprehensive Security Solution
![Page 32: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/32.jpg)
Best Practices
• Always run up-to-date software
• Uninstall unnecessary services and applications
• Use antivirus and antispyware that offers real-time protection and continually updated definition files to detect and block exploits
• Enable Data Execution Prevention (DEP) in compatible versions of Windows, which can help prevent a common class of exploits called buffer overflows
![Page 33: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/33.jpg)
Best Practices
• Enable Structured Exception Handling Overwrite Protection (SEHOP) in Windows Vista SP1 and Windows Server 2008, which is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique
• Set Internet and local intranet security zone settings in Internet Explorer to High, which will cause Internet Explorer to prompt the user before running scripts and ActiveX controls in these zones
![Page 34: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/34.jpg)
Best Practices
• Avoid browsing to sites you do not trust
• Follow principle of least privilege
• Read e-mail messages in plain text format to help protect you from the HTML e-mail attack vector
• Do not click on the links provided in the e-mail from the sources you do not trust
![Page 35: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/35.jpg)
Immutable Laws of Security
• If you don't keep up with security fixes, your network won't be yours for long
• It doesn't do much good to install security fixes on a computer that was never secured to begin with
• Security only works if the secure way also happens to be the easy way
• Eternal vigilance is the price of security
![Page 36: Protecting Windows Networks From Malware](https://reader038.vdocuments.site/reader038/viewer/2022110118/55526756b4c905d41d8b5072/html5/thumbnails/36.jpg)
Questions?