Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia"— Presentation transcript:

1 Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia http://blogs.msdn.com/jeffa36

2 Agenda Characteristics of Malicious Software Malware Defence-in-Depth Malware Defence for Client Computers Malware Defence for Servers Network-Based Malware Defence What about Spyware? Guidance Tools and Response

3 Malicious Software: Identifying Challenges to an Organisation Malware: A Collection of software developed to intentionally perform malicious tasks on a computer system Feedback from IT and Security professionals include: –“ Users executed the email attachment even though we’ve told them again and again not to” –“The antivirus software should have caught this, but the signature for this virus is not installed yet” –“We didn’t know our servers needed to be updated” –“This never should have made it through our firewall; we didn’t realize those ports could be attacked”

4 Understanding Malware Attack Techniques Common malware attack techniques include: –Social engineering –Backdoor creation –E-mail Address theft –Embedded e-mail engines –Exploiting product vulnerabilities –Exploiting new Internet technologies

5 Understanding the Vulnerability Timeline Product shipped Vulnerabilitydiscovered Update made available Update deployed by customer Vulnerabilitydisclosed Most attacks occur here

6 Understanding the Exploit Timeline

7 Common Malware Defence Methods Malware AttackDefence Method Mydoom Block port 1034 Update antivirus signatures Implement application security Sasser Block ports 445, 5554, and 9996 Install the latest security update Blaster Install the latest security update Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for remote command shell. Update antivirus signatures SQL Slammer Install the latest security update Block UDP port 1434 Download.Ject Install the latest security update Increase security on the Local Machine zone in Internet Explorer Clean any infections related to IIS

8 What Is Defence-in-Depth? Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, update management, antivirus updates, auditing Host Network segments, IPSec, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Data

9 Implementing Host Protection Policies, Procedures, and Awareness Recommended policies and procedures include: –Host protection defence policies: Scanning policy Signature update policy Allowed application policy –Security update policy Assess environment to be updated Identify new updates Evaluate and plan update deployment Deploy the updates –Network defence policies Change control Network monitoring Attack detection Home Computer access Visitor access Wireless network policy

10 Protecting Client Computers: What Are the Challenges? Challenges related to protecting client computers include: –Host challenges: Maintaining security updates Maintaining antivirus software Implementing a personal firewall –Application challenges Controlling application usage Secure application configuration settings Maintaining application security updates –Data challenges Implementing data storage policies Implementing data security Regulatory compliance

11 Configuring client applications to defend against malware

12 Today Future Windows, SQL, Exchange, Office… Windows, SQL, Exchange, Office… Office Update Download Center SUS SMS “Microsoft Update” (Windows Update) VS Update Windows Update Windows only Update Management for Malware Defence Windows, SQL, Exchange, Office… AutoUpdate WindowsUpdateServices Due Q4FY05

13 Configuring SUS to deploy security updates

14 Blocking Unauthorized Applications with Software Restriction Policies Software restriction policies –Can be used to: Fight viruses Control ActiveX downloads Run only signed scripts Ensure approved software is installed Lock down a computer –Can be applied to the following rules: Hash Certificate Path Zone –Can be set to: Unrestricted Disallowed

Download ppt "Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.

Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Essentials of Security Steve Lamb Technical Security Advisor

Essentials of Security Steve Lamb Technical Security Advisor
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.
Windows Anti-virus and Security WNUG Meeting 2-7-2002.

Windows Anti-virus and Security WNUG Meeting
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Defense-in-Depth Against Malicious Software Rick Claus / Bruce Cowper IT Pro Advisors Microsoft Canada.

Defense-in-Depth Against Malicious Software Rick Claus / Bruce Cowper IT Pro Advisors Microsoft Canada.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation Implementing Security Update Management.

Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation Implementing Security Update Management.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google