Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
55% of online users have been infected with spyware PowerPoint Presentation
Download Presentation
55% of online users have been infected with spyware

55% of online users have been infected with spyware

105 Views Download Presentation
Download Presentation

55% of online users have been infected with spyware

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. 55% of online users have been infected with spyware http://www.aladdin.com/airc/security-statistics.aspx for 2005

  2. 21,100,283 unique malware binaries collected in the last 12 months http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware

  3. Malware cost estimated at $169-204 billion for 2004 http://www.aladdin.com/airc/security-statistics.aspx

  4. Only 7% of companies officially run Service Pack 2 http://www.aladdin.com/airc/security-statistics.aspx as of 2005

  5. average of 75,158 active bot-infected computers per day in 2008 http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf

  6. As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps

  7. Digital Aegis Protecting You From The World

  8. Agenda Opportunity Limitations What we did Problems External/Network Tests Physical Client Tests Looking Back Future Goals Questions Windows XP Windows 7 Gentoo Linux Windows 2008 R2 Pfsense Firewall Boxes

  9. Opportunity • Small to medium sized companies • Can’t afford large security applications • Don’t need a lot of services • Target of script kitty/automated attacks • Often become part of bot-nets • Can leak personal or financial information • Result in serious legal or financial consequences

  10. Limitations • Only focused on small to medium businesses • Only running a few basic services • Not protecting against Zero Day threats • Not providing physical building/box security • Focused on Script Kitty and automated attacks • Low rate of false alarms • Proprietary software

  11. What We Did • Windows XP • Basic Settings • User Accounts/ auditing • Registry • Services • User rights/ File permissions • Internet Explorer • GPO

  12. What We Did • Windows 7 • Basic Settings • Elevated Pre-installed Security • Permissions • UAC • Remote Desktop • AutoPlay • Microsoft Security Essentials • Managing Local Accounts • Applying GPO

  13. What We Did • Gentoo Linux • Hardened Base Rolling Release • Custom Compiled Kernel • No loadable modules – All built in • PAX Buffer and heap overflow protection • Chroot Environment • Latest patched Apache - Statically compiled Binaries • Strict IPtables Firewall • Disabled Root Account – sudo • AIDE

  14. What We Did • Pfsense Firewall Boxes • Nat Firewall • Block all Unused Ports • MAC Filtering • Snort IDS • Detect common scans, exploits and attacks • Automated Blocking those exceeding threshold • Snort LAN sniffing • Inappropriate activity • HTTP sniffing – porn, racist • Common malware communication • Squid/SquidGuard • Access Control Lists – Who allowed what and when • Blacklisting/White listing

  15. What We Did • Windows 2008 R2 • Basic Settings • Windows 7 Settings • DNS • Active Directory • Exchange • Domain GPO

  16. Problems • Exchange • Issues installing on a new install of Server 2008 R2 • Uninstall Issues • Format • Solution • Followed 3 separate guides • Manual install of packages • Prep commands

  17. Problems • Windows XP • Local GPO application • Administrator lockout • CD/USB blocking • Solution • Workaround suggested by Windows • Snapshots • Online Administrative Template

  18. Problems • Windows 7 • New Operating system • In-Depth Security analysis • Zero Day Threats • Solutions • Work with what you can get • Windows 2008 GPO • Default Settings

  19. External/Network Tests • Nmap Scans from Outside Network • Gateway Results • Nmap Scans from Inside Client Network • Linux Machine Results • Windows 7 Results • Windows XP Results • Server Results • Back Track AutoPwn Scans • Zero successful exploits

  20. Physical Client Tests • Boot from CD • Recovery Console • Safe Mode • User Permissions • Password Strength • Command line • CD/USB blocking • Internet explorer settings

  21. Looking Back • Better Firewall Hardware • Waiting for Newest Pfsense Version • Possibly different OS for firewalls • Windows XP • Exchange • Linux Clients

  22. Future Goals • Snort Rules • Full DNS black list • Network traffic finger printing • Implement in a small business setting • Look at distribution • Training

  23. Questions ?