1 / 23

55% of online users have been infected with spyware

55% of online users have been infected with spyware. http://www.aladdin.com/airc/security-statistics.aspx for 2005. 21,100,283 unique malware binaries collected in the last 12 months. http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware.

jody
Télécharger la présentation

55% of online users have been infected with spyware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 55% of online users have been infected with spyware http://www.aladdin.com/airc/security-statistics.aspx for 2005

  2. 21,100,283 unique malware binaries collected in the last 12 months http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware

  3. Malware cost estimated at $169-204 billion for 2004 http://www.aladdin.com/airc/security-statistics.aspx

  4. Only 7% of companies officially run Service Pack 2 http://www.aladdin.com/airc/security-statistics.aspx as of 2005

  5. average of 75,158 active bot-infected computers per day in 2008 http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf

  6. As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps

  7. Digital Aegis Protecting You From The World

  8. Agenda Opportunity Limitations What we did Problems External/Network Tests Physical Client Tests Looking Back Future Goals Questions Windows XP Windows 7 Gentoo Linux Windows 2008 R2 Pfsense Firewall Boxes

  9. Opportunity • Small to medium sized companies • Can’t afford large security applications • Don’t need a lot of services • Target of script kitty/automated attacks • Often become part of bot-nets • Can leak personal or financial information • Result in serious legal or financial consequences

  10. Limitations • Only focused on small to medium businesses • Only running a few basic services • Not protecting against Zero Day threats • Not providing physical building/box security • Focused on Script Kitty and automated attacks • Low rate of false alarms • Proprietary software

  11. What We Did • Windows XP • Basic Settings • User Accounts/ auditing • Registry • Services • User rights/ File permissions • Internet Explorer • GPO

  12. What We Did • Windows 7 • Basic Settings • Elevated Pre-installed Security • Permissions • UAC • Remote Desktop • AutoPlay • Microsoft Security Essentials • Managing Local Accounts • Applying GPO

  13. What We Did • Gentoo Linux • Hardened Base Rolling Release • Custom Compiled Kernel • No loadable modules – All built in • PAX Buffer and heap overflow protection • Chroot Environment • Latest patched Apache - Statically compiled Binaries • Strict IPtables Firewall • Disabled Root Account – sudo • AIDE

  14. What We Did • Pfsense Firewall Boxes • Nat Firewall • Block all Unused Ports • MAC Filtering • Snort IDS • Detect common scans, exploits and attacks • Automated Blocking those exceeding threshold • Snort LAN sniffing • Inappropriate activity • HTTP sniffing – porn, racist • Common malware communication • Squid/SquidGuard • Access Control Lists – Who allowed what and when • Blacklisting/White listing

  15. What We Did • Windows 2008 R2 • Basic Settings • Windows 7 Settings • DNS • Active Directory • Exchange • Domain GPO

  16. Problems • Exchange • Issues installing on a new install of Server 2008 R2 • Uninstall Issues • Format • Solution • Followed 3 separate guides • Manual install of packages • Prep commands

  17. Problems • Windows XP • Local GPO application • Administrator lockout • CD/USB blocking • Solution • Workaround suggested by Windows • Snapshots • Online Administrative Template

  18. Problems • Windows 7 • New Operating system • In-Depth Security analysis • Zero Day Threats • Solutions • Work with what you can get • Windows 2008 GPO • Default Settings

  19. External/Network Tests • Nmap Scans from Outside Network • Gateway Results • Nmap Scans from Inside Client Network • Linux Machine Results • Windows 7 Results • Windows XP Results • Server Results • Back Track AutoPwn Scans • Zero successful exploits

  20. Physical Client Tests • Boot from CD • Recovery Console • Safe Mode • User Permissions • Password Strength • Command line • CD/USB blocking • Internet explorer settings

  21. Looking Back • Better Firewall Hardware • Waiting for Newest Pfsense Version • Possibly different OS for firewalls • Windows XP • Exchange • Linux Clients

  22. Future Goals • Snort Rules • Full DNS black list • Network traffic finger printing • Implement in a small business setting • Look at distribution • Training

  23. Questions ?

More Related