55% of online users have been infected with spyware
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

55% of online users have been infected with spyware PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

55% of online users have been infected with spyware. http://www.aladdin.com/airc/security-statistics.aspx for 2005. 21,100,283 unique malware binaries collected in the last 12 months. http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware.

Download Presentation

55% of online users have been infected with spyware

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


55 of online users have been infected with spyware

55% of online users have been infected with spyware

http://www.aladdin.com/airc/security-statistics.aspx for 2005


55 of online users have been infected with spyware

21,100,283 unique malware binaries collected in the last 12 months

http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware


55 of online users have been infected with spyware

Malware cost estimated at $169-204 billion for 2004

http://www.aladdin.com/airc/security-statistics.aspx


55 of online users have been infected with spyware

Only 7% of companies officially run Service Pack 2

http://www.aladdin.com/airc/security-statistics.aspx as of 2005


55 of online users have been infected with spyware

average of 75,158 active bot-infected computers per day in 2008

http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf


55 of online users have been infected with spyware

As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps


Digital aegis

Digital Aegis

Protecting You From The World


Agenda

Agenda

Opportunity

Limitations

What we did

Problems

External/Network Tests

Physical Client Tests

Looking Back

Future Goals

Questions

Windows XP

Windows 7

Gentoo Linux

Windows 2008 R2

Pfsense Firewall Boxes


Opportunity

Opportunity

  • Small to medium sized companies

  • Can’t afford large security applications

  • Don’t need a lot of services

  • Target of script kitty/automated attacks

  • Often become part of bot-nets

  • Can leak personal or financial information

  • Result in serious legal or financial consequences


Limitations

Limitations

  • Only focused on small to medium businesses

  • Only running a few basic services

  • Not protecting against Zero Day threats

  • Not providing physical building/box security

  • Focused on Script Kitty and automated attacks

  • Low rate of false alarms

  • Proprietary software


What we did

What We Did

  • Windows XP

    • Basic Settings

    • User Accounts/ auditing

    • Registry

    • Services

    • User rights/ File permissions

    • Internet Explorer

    • GPO


What we did1

What We Did

  • Windows 7

    • Basic Settings

    • Elevated Pre-installed Security

      • Permissions

      • UAC

      • Remote Desktop

      • AutoPlay

    • Microsoft Security Essentials

    • Managing Local Accounts

    • Applying GPO


What we did2

What We Did

  • Gentoo Linux

    • Hardened Base Rolling Release

    • Custom Compiled Kernel

      • No loadable modules – All built in

      • PAX Buffer and heap overflow protection

    • Chroot Environment

      • Latest patched Apache - Statically compiled Binaries

    • Strict IPtables Firewall

    • Disabled Root Account – sudo

    • AIDE


What we did3

What We Did

  • Pfsense Firewall Boxes

    • Nat Firewall

    • Block all Unused Ports

    • MAC Filtering

    • Snort IDS

      • Detect common scans, exploits and attacks

      • Automated Blocking those exceeding threshold

    • Snort LAN sniffing

      • Inappropriate activity

        • HTTP sniffing – porn, racist

        • Common malware communication

    • Squid/SquidGuard

      • Access Control Lists – Who allowed what and when

      • Blacklisting/White listing


What we did4

What We Did

  • Windows 2008 R2

    • Basic Settings

    • Windows 7 Settings

    • DNS

    • Active Directory

    • Exchange

    • Domain GPO


Problems

Problems

  • Exchange

    • Issues installing on a new install of Server 2008 R2

    • Uninstall Issues

    • Format

  • Solution

    • Followed 3 separate guides

    • Manual install of packages

    • Prep commands


Problems1

Problems

  • Windows XP

    • Local GPO application

    • Administrator lockout

    • CD/USB blocking

  • Solution

    • Workaround suggested by Windows

    • Snapshots

    • Online Administrative Template


Problems2

Problems

  • Windows 7

    • New Operating system

    • In-Depth Security analysis

    • Zero Day Threats

  • Solutions

    • Work with what you can get

    • Windows 2008 GPO

    • Default Settings


External network tests

External/Network Tests

  • Nmap Scans from Outside Network

    • Gateway Results

  • Nmap Scans from Inside Client Network

    • Linux Machine Results

    • Windows 7 Results

    • Windows XP Results

    • Server Results

  • Back Track AutoPwn Scans

    • Zero successful exploits


Physical client tests

Physical Client Tests

  • Boot from CD

  • Recovery Console

  • Safe Mode

  • User Permissions

  • Password Strength

  • Command line

  • CD/USB blocking

  • Internet explorer settings


Looking back

Looking Back

  • Better Firewall Hardware

  • Waiting for Newest Pfsense Version

  • Possibly different OS for firewalls

  • Windows XP

  • Exchange

  • Linux Clients


Future goals

Future Goals

  • Snort Rules

  • Full DNS black list

  • Network traffic finger printing

  • Implement in a small business setting

  • Look at distribution

  • Training


Questions

Questions ?


  • Login