Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Paula Kiernan Senior Consultant Ward Solutions
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
Chapter 7 HARDENING SERVERS.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Essentials of Security Steve Lamb Technical Security Advisor
Payment Card Industry (PCI) Data Security Standard
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Enterprise Network Security Accessing the WAN Lecture week 4.
Implementing Exchange Server Security Ward Solutions.
Windows Anti-virus and Security WNUG Meeting
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Defense-in-Depth Against Malicious Software Rick Claus / Bruce Cowper IT Pro Advisors Microsoft Canada.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation Implementing Security Update Management.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
A Holistic Approach to Malware Defense Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada.
Securing Windows Servers Using Group Policy Objects
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
CERN’s Computer Security Challenge
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Honeypot and Intrusion Detection System
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Module 11: Designing Security for Network Perimeters.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Security fundamentals Topic 10 Securing the network perimeter.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
Module 8 Implementing Security Using Group Policy.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Labs. Session 1 Lab: Installing and Configuring Windows 7 Exercise 1: Migrating Settings by Using Windows Easy Transfer Exercise 2: Configuring a Reference.
Implementing Client Security on Windows 2000 and Windows XP
Working at a Small-to-Medium Business or ISP – Chapter 8
Chapter 6 Application Hardening
Configuring Windows Firewall with Advanced Security
Secure Software Confidentiality Integrity Data Security Authentication
Information Security Session October 24, 2005
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Using Software Restriction Policies
Presentation transcript:

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Agenda Characteristics of Malicious Software Malware Defence-in-Depth Malware Defence for Client Computers Malware Defence for Servers Network-Based Malware Defence What about Spyware? Guidance Tools and Response

Malicious Software: Identifying Challenges to an Organisation Malware: A Collection of software developed to intentionally perform malicious tasks on a computer system Feedback from IT and Security professionals include: –“ Users executed the attachment even though we’ve told them again and again not to” –“The antivirus software should have caught this, but the signature for this virus is not installed yet” –“We didn’t know our servers needed to be updated” –“This never should have made it through our firewall; we didn’t realize those ports could be attacked”

Understanding Malware Attack Techniques Common malware attack techniques include: –Social engineering –Backdoor creation – Address theft –Embedded engines –Exploiting product vulnerabilities –Exploiting new Internet technologies

Understanding the Vulnerability Timeline Product shipped Vulnerabilitydiscovered Update made available Update deployed by customer Vulnerabilitydisclosed Most attacks occur here

Understanding the Exploit Timeline

Common Malware Defence Methods Malware AttackDefence Method Mydoom Block port 1034 Update antivirus signatures Implement application security Sasser Block ports 445, 5554, and 9996 Install the latest security update Blaster Install the latest security update Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for remote command shell. Update antivirus signatures SQL Slammer Install the latest security update Block UDP port 1434 Download.Ject Install the latest security update Increase security on the Local Machine zone in Internet Explorer Clean any infections related to IIS

What Is Defence-in-Depth? Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, update management, antivirus updates, auditing Host Network segments, IPSec, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Data

Implementing Host Protection Policies, Procedures, and Awareness Recommended policies and procedures include: –Host protection defence policies: Scanning policy Signature update policy Allowed application policy –Security update policy Assess environment to be updated Identify new updates Evaluate and plan update deployment Deploy the updates –Network defence policies Change control Network monitoring Attack detection Home Computer access Visitor access Wireless network policy

Protecting Client Computers: What Are the Challenges? Challenges related to protecting client computers include: –Host challenges: Maintaining security updates Maintaining antivirus software Implementing a personal firewall –Application challenges Controlling application usage Secure application configuration settings Maintaining application security updates –Data challenges Implementing data storage policies Implementing data security Regulatory compliance

Configuring client applications to defend against malware

Today Future Windows, SQL, Exchange, Office… Windows, SQL, Exchange, Office… Office Update Download Center SUS SMS “Microsoft Update” (Windows Update) VS Update Windows Update Windows only Update Management for Malware Defence Windows, SQL, Exchange, Office… AutoUpdate WindowsUpdateServices Due Q4FY05

Configuring SUS to deploy security updates

Blocking Unauthorized Applications with Software Restriction Policies Software restriction policies –Can be used to: Fight viruses Control ActiveX downloads Run only signed scripts Ensure approved software is installed Lock down a computer –Can be applied to the following rules: Hash Certificate Path Zone –Can be set to: Unrestricted Disallowed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.