Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Similar presentations


Presentation on theme: "Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia"— Presentation transcript:

1 Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia http://blogs.msdn.com/jeffa36

2 Agenda Characteristics of Malicious Software Malware Defence-in-Depth Malware Defence for Client Computers Malware Defence for Servers Network-Based Malware Defence What about Spyware? Guidance Tools and Response

3 Malicious Software: Identifying Challenges to an Organisation Malware: A Collection of software developed to intentionally perform malicious tasks on a computer system Feedback from IT and Security professionals include: –“ Users executed the email attachment even though we’ve told them again and again not to” –“The antivirus software should have caught this, but the signature for this virus is not installed yet” –“We didn’t know our servers needed to be updated” –“This never should have made it through our firewall; we didn’t realize those ports could be attacked”

4 Understanding Malware Attack Techniques Common malware attack techniques include: –Social engineering –Backdoor creation –E-mail Address theft –Embedded e-mail engines –Exploiting product vulnerabilities –Exploiting new Internet technologies

5 Understanding the Vulnerability Timeline Product shipped Vulnerabilitydiscovered Update made available Update deployed by customer Vulnerabilitydisclosed Most attacks occur here

6 Understanding the Exploit Timeline

7 Common Malware Defence Methods Malware AttackDefence Method Mydoom Block port 1034 Update antivirus signatures Implement application security Sasser Block ports 445, 5554, and 9996 Install the latest security update Blaster Install the latest security update Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for remote command shell. Update antivirus signatures SQL Slammer Install the latest security update Block UDP port 1434 Download.Ject Install the latest security update Increase security on the Local Machine zone in Internet Explorer Clean any infections related to IIS

8 What Is Defence-in-Depth? Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, update management, antivirus updates, auditing Host Network segments, IPSec, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Data

9 Implementing Host Protection Policies, Procedures, and Awareness Recommended policies and procedures include: –Host protection defence policies: Scanning policy Signature update policy Allowed application policy –Security update policy Assess environment to be updated Identify new updates Evaluate and plan update deployment Deploy the updates –Network defence policies Change control Network monitoring Attack detection Home Computer access Visitor access Wireless network policy

10 Protecting Client Computers: What Are the Challenges? Challenges related to protecting client computers include: –Host challenges: Maintaining security updates Maintaining antivirus software Implementing a personal firewall –Application challenges Controlling application usage Secure application configuration settings Maintaining application security updates –Data challenges Implementing data storage policies Implementing data security Regulatory compliance

11 Configuring client applications to defend against malware

12 Today Future Windows, SQL, Exchange, Office… Windows, SQL, Exchange, Office… Office Update Download Center SUS SMS “Microsoft Update” (Windows Update) VS Update Windows Update Windows only Update Management for Malware Defence Windows, SQL, Exchange, Office… AutoUpdate WindowsUpdateServices Due Q4FY05

13 Configuring SUS to deploy security updates

14 Blocking Unauthorized Applications with Software Restriction Policies Software restriction policies –Can be used to: Fight viruses Control ActiveX downloads Run only signed scripts Ensure approved software is installed Lock down a computer –Can be applied to the following rules: Hash Certificate Path Zone –Can be set to: Unrestricted Disallowed


Download ppt "Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia"

Similar presentations


Ads by Google