SANS Security East © 2010 SANS MS Endpoint Privacy and Security – What Works and What Does Not Stephen Northcutt SANS Technology Institute www.sans.edu.

Slides:



Advertisements
Similar presentations
CSWA Provider: Program and Tech Review
Advertisements

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Why should my organisation move to Internet Explorer 9? An upgrade guide for IT professionals.
Copyright © 2003 Pearson Education, Inc. Slide 9-1.
Viruses & Spyware A Module of the CYC Course – Computer Security
XP New Perspectives on Microsoft Office Word 2003 Tutorial 7 1 Microsoft Office Word 2003 Tutorial 7 – Collaborating With Others and Creating Web Pages.
Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
40 Tips Leveraging the New APICS.org to the Benefit of Your Organization, Members, and Customers! 1.
June 2008 Surf Safely with a Clean Computer Roger Thornburn.
Introduction Lesson 1 Microsoft Office 2010 and the Internet
Services Course Office Web Apps Participant Guide.
DCT Retail Mode for Live Demo
Configuration management
Troubleshooting Startup Problems
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
ETS4 - What's new? - How to start? - Any questions?
Campaign Overview Mailers Mailing Lists
© Paradigm Publishing, Inc Access 2010 Level 1 Unit 1Creating Tables and Queries Chapter 2Creating Relationships between Tables.
A Producer’s Guide to Chubb’s SMART Application Platform
AITS Client Services Support University of Illinois July 2010.
OFFICE OF SUPERINTENDENT OF PUBLIC INSTRUCTION Division of Assessment and Student Information Online MSP Testing Technology & Assessment Coordinator Training.
OFFICE OF SUPERINTENDENT OF PUBLIC INSTRUCTION Division of Assessment and Student Information Online MSP Testing In-Depth Technology Training January 13,
Microsoft Office Illustrated Fundamentals Unit C: Getting Started with Unit C: Getting Started with Microsoft Office 2010 Microsoft Office 2010.
Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:
Services Course Outlook Live Participant Guide.
© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.
Services Course Windows Live SkyDrive Participant Guide.
1 BRState Software Demonstration. 2 After you click on the LDEQ link to download the BRState Software you will get this message.
Grass Valley Learning Center Surf the Net Safely Roger Thornburn.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
® Microsoft Office 2010 Browser and Basics.
1 Wiki Tutorial. 2 Outline of Wiki Tutorial 1) Welcome and Introductions 2) What is a wiki, and why is it useful for our work in moving forward the program.
Services Course Windows Live SkyDrive Participant Guide.
What is Spyware? Where did it come from?.
Useful Tips  How to quickly verify if you are logged on or not  Get the full navigation menu window for e- application  What is a time-out and how to.
A lesson approach © 2011 The McGraw-Hill Companies, Inc. All rights reserved. a lesson approach Microsoft® PowerPoint 2010 © 2011 The McGraw-Hill Companies,
Installing Windows XP Professional Using Attended Installation Slide 1 of 30Session 8 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
RefWorks: The Basics October 12, What is RefWorks? A personal bibliographic software manager –Manages citations –Creates bibliogaphies Accessible.
Benchmark Series Microsoft Excel 2013 Level 2
Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.
Profile. 1.Open an Internet web browser and type into the web browser address bar. 2.You will see a web page similar to the one on.
04/24/2014April 2014 Chapter Meeting1 Forcing IE 10 & 11 to play nicely with Retail Link™ Dan Batson Sr. Analyst / Category Advisor Fujifilm North America.
Windfall Web Throughout this slide show there will be hyperlinks (highlighted in blue). Follow the hyperlinks to navigate to the specified Topic or Figure.
What’s new in WebSpace Changes and improvements with Xythos 7.2 Effective June 24,
By Hiranmayi Pai Neeraj Jain
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Data Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Understand Malware LESSON Security Fundamentals.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
For more information on Rouge, visit:
Windows Tutorial 5 Protecting Your Computer
Chapter 40 Internet Security.
BUILD SECURE PRODUCTS AND SERVICES
Application Communities
Ilija Jovičić Sophos Consultant.
TMG Client Protection 6NPS – Session 7.
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Windows Vista Inside Out
Presentation transcript:

SANS Security East © 2010 SANS MS Endpoint Privacy and Security – What Works and What Does Not Stephen Northcutt SANS Technology Institute You probably know much of this already, but it is amazing how we quit doing what we know we ought to do. So, we will go quickly and then you can follow up, all of this is pretty easy to do.

SANS Security East © 2010 SANS When we browse, we don’t really know what we are getting: CNN

SANS Security East © 2010 SANS 3 The Beginning of the Rest of the Story

SANS Security East © 2010 SANS Managing the Browser Never do online banking with multiple tabs open. Best to close and reopen browser. Use two browsers AT MOST; if you use two, do all your downloads with one of them and keep the other as vanilla as possible. With that strategy u se one browser ONLY for electronic banking. Don’t click on a link in a pop up window, they are often opened by malicious or spyware oriented sites Don’t click on a link in a mail message, copy paste the link in your browser 4

SANS Security East © 2010 SANS Are Cookies a problem? Cookies personalize your web experience and are more beneficial than not. However... Tracking cookies record your browsing experience. 3 rd party cookies are cookies that happen from mash ups like the CNN example. A marketing firm might serve many web sites. The Google cookie puts a unique ID on what you do, they also own Doubleclick and... 5

SANS Security East © 2010 SANS Google knows a lot about you 6

SANS Security East © 2010 SANS Spybot Immunize and Browsers 7 If you haven’t visited their web page in a while you should, they are still working.

SANS Security East © 2010 SANS Immunize is not perfect 8

SANS Security East © 2010 SANS Tracking Cookies Firefox 9

SANS Security East © 2010 SANS Tracking Cookies IE 9 10

SANS Security East © 2010 SANS Now we trade off knowledge for time and effort 11

SANS Security East © 2010 SANS Private Browsing Mode Both Firefox 3.6 and Internet Explorer 9 support Private or InPrivate Browsing mode. When does it make sense to use it? –Anytime you are going anywhere your mother might not approve of AND –Anytime you are doing any kind of ecommerce, online banking or similar, what is done at Amazon needs to stay at Amazon –Anytime you are accessing your work portal 12

SANS Security East © 2010 SANS 13 Browser Vulnerability An alternative to bcheck,

SANS Security East © 2010 SANS Host Table # This hosts file is brought to you by Dan Pollock # # Please forward any additions, corrections or comments by # # The sites ads234.com and ads345.com #hijack internet explorer, redirect requests through their servers ads234.com ads345.com

SANS Security East © 2010 SANS 15 Internet Explorer 9 Manage Add-Ons

SANS Security East © 2010 SANS Firefox Specific Tips Minimize the use of plug-ins, even security plug-ins can be exploited NoScript if you are serious about safe surfing Finjan Foxfire plug-in, warns about bad sites, however it slows the system down Stay up to date! 16

SANS Security East © 2010 SANS White and Black Listing Warning: The White List technology we are going to discuss does work, but trying to uninstall it can be a real bear.

SANS Security East © 2010 SANS Anti-Virus Has Reached a Limit Scanning, scheduled, manual, as a new file is accessed, attachments Scanning compressed files, at least.zip Autoclean files, quarantine ones that cannot be cleaned, tools to empty the quarantine periodically Web-based malicious code is a hard problem because you are pulling the info from the web server which can make it appear any way Google research show 3 AV vendors, one detected 90%, one 60%, one 35% web-based attacks, so use a second product from time to time. 18

SANS Security East © 2010 SANS 19 Microsoft is Working on a Next Generation of Regclean I still run TeaTimer on my XP system. I have not succeeded with System 7 version. Error code 0x0C600C03

SANS Security East © 2010 SANS Windows SteadyState 20 SteadyState is primarily for shared users, but I use it on my personal non-shared laptop and simply turn almost everything off and rely primarily on the command to only allow programs in the program files to execute. WARNING make a full backup of your system before installing SteadyState, there are many tales of woe.

SANS Security East © 2010 SANS Blacklisting Is Still Useful! Network Behavior Analysis Detection (NBAD) is really just a buzzword for some classic fundamentals, here we see hits from the Russian Business Network on a Tenable Security Center console. This is much easier to implement for endpoints within a corporate environment. 21

SANS Security East © 2010 SANS Heuristics, Still Trying After 20 Years Looking for the characteristics of malware Not available in all anti-virus/anti-malware, hard to do well Like signatures, typically reacting to advances by the attackers Sophos’ heuristic detection is moving in the right direction. They have executable packer detection. The false positive rate is pretty low and authorizing a new program is quick and easy. The suspicious behavior detection is more prone to issues. With some testing you can find the right combo of different features to match your network. 22

SANS Security East © 2010 SANS Industry Tipping Point – White Listing Industry reversal from leading with black lists, signature, file names, known subject lines, file sizes, extensions Now, much of the focus is on white listing/whiteware Better interception rate with hybrid capacity to analyze malware out-of-band Whiteware technical approaches -Policy-Based: Management intensive and capable of false positives -Signature Databases: Large databases of application signatures. Can present a single point of failure/injection. -Decentralized Execution Control: Low overhead without the vendor reliance. Added bonus of end user error tolerance. 23

SANS Security East © 2010 SANS Bit9 Parity and The Global Software Registry Elimination of unauthorized software for security, compliance, and operational benefits via trust-based whitelisting Comprehensive approach: –Adaptive Application Whitelisting simplifies the creation and updating of the whitelisting of known trusted entities –Software identification for the approval or banning of unknown applications Only vendor with both approaches –Automation for trusting authorized update –Massive application catalog (GSR) for determining trust for new and unknown applications Testimonials of the company’s leadership from customers, eWeek product review, Gartner coverage 24

SANS Security East © 2010 SANS CoreTrace CoreTrace Bouncer does more than just whitelisting, it provides full platform coverage –Autogenerated File Policies mean rapid deployment and protection against all threats – including zero-day and targeted attacks –Network Policies protect against DDoS attacks or malformed packets –Buffer overflow protection prevents known-good content from being exploited Trusted Change allows for secure, automatic updates to the whitelist from Trusted Sources (Trusted Updaters, Applications, Network Shares), and via Trusted Users 25

SANS Security East © 2010 SANS Savant Protection Distributed, differential whitelisting engine Designed to provide several key security enhancements –Malware spread elimination –System lockdown regardless of mgmt state –Extremely lightweight runs on my Atom processor Use a whitelist derivation technique which creates unique keys for every object –Very hard for hackers to derive –Inherent tolerance for human error 26

SANS Security East © 2010 SANS 27

SANS Security East © 2010 SANS Sandboxie Sandboxie, puts a wrapper around Internet Explorer, Firefox, Outlook applications com/ at the time of this update Sandboxie does support 64 bit systems and Windows 7http:// com/ 28

SANS Security East © 2010 SANS Secunia PSI 29 Also consider F-Secure Health Check

SANS Security East © 2010 SANS F-Secure Health Check 30

SANS Security East © 2010 SANS Belarc Security Advisor 31

SANS Security East © 2010 SANS Microsoft Baseline Security Analyzer

SANS Security East © 2010 SANS Run Windows Update To See History 33

SANS Security East © 2010 SANS Conclusion Average user may not have a chance! No single vendor fully supports endpoint security to the extent I would like to see. As for me, I watch where I surf, open as few attachments as possible, stay updated, pray a lot and am starting to use Ubuntu Linux. Here is what I am currently using: –System 7, McAffe, Bit 9, Spybot, NoScript, Sandboxie, Secunia PSI –Vista Premium: MS Security Essentials, Bit 9, Spybot, NoScript, Sandboxie, Secunia PSI –XP: Microsoft Security Essentials, Spybot, TeaTimer, NoScript, Sandboxie, Savant Protection, Secunia PSI 34

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.