WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS

Similar documents
Seqrite Endpoint Security

Quick Heal Total Security

Adon'tbe an Adobe victim

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Predictive malware response testing methodology. Contents. 1.0 Introduction. Methodology version 1.0; Created 17/01/2018

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Preferably any windows based operating system (Windows Vista Basic, Windows 7, Windows 8, Windows 8.1 and Windows 10)

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Recommended Browser Settings

Is Exploitation Over? Bypassing Memory Protections in Windows 7

Recommended Browser Settings

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

MRG Effitas Trapmine Exploit Test

SE Labs Test Plan for Q Endpoint Protection : Enterprise, Small Business, and Consumer

Pass Microsoft Exam

Big Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Adobe Flash Player Bit Windows 7 Google Chrome

Browser Configuration Reference

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

Manual Internet Explorer 9 Xp 32 Bit Windows Vista

Manual Internet Explorer 10 Windows 7 Full. Version >>>CLICK HERE<<<

Security Trend of New Computing Era

Configuring Microsoft Edge Browser By Tom Krauser

Clear Cache Internet Explorer 8 Win Xp 32 Bit

Clear Cache Internet Explorer 8 Window Xp 32 Bit

Jigsaw Troubleshooting Tips

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Manual Internet Explorer 8 For Windows 7 Full Version

Security Enhancements

Latest version of google chrome for windows

Table of Contents. Troubleshooting Guide for Home Users

SAM Assessment, Training and Projects for Microsoft Office

PLATO Learning Environment System and Configuration Requirements

We need a browser that just works with modern web sites and services. I m worried about Internet security threats and the risk to my business

PLATO Learning Environment (v2.0) System and Configuration Requirements

STEP 1 STEP 2 STEP 3 STEP 4 You may see the following. Then click OK. information on your screen: Click on the more apps to expand the list.

Manual Internet Explorer 8 For Windows 7 64 Bit Full

EDGE, MICROSOFT S BROWSER

Tips for Submitting a Kaltura Media Assignment

Monthly Security Bulletin Briefing

Education Software Installer 2012

Instructions for Configuring Your Browser Settings and Online Security FAQ s

Cloud Sandboxing Against Advanced Persistent Attacks

PrimePay System Requirements

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

How To Install Plugin Internet Explorer 11 On >>>CLICK HERE<<<

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Learning Center Computer and Security Settings

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

SiteAdvisor Enterprise

for businesses with more than 25 seats

TOP 10 Vulnerability Trends for By Nevis Labs

SECURING SOFTWARE AGAINST LIBRARY ATTACKS

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Manual Internet Explorer 9 Xp For Windows 7 64 Bit

Getting Started Guide

Browser Settings. Updated 4/30/ SSF

IPS Signature Database

for businesses with more than 25 seats

Frequently asked questions on how to join the webinar

Addressing Security Loopholes of Third Party Browser Plug ins UPDATED FEBRUARY 2017

QuestionPoint chat The Guide to IE browser setup Last updated: 2013 Nov 12

Monthly Security Bulletin Briefing

Quick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology.

QuestionPoint chat The Guide to IE browser setup Last updated: 2009 June 23

WorldNow Producer. Requirements Set-up

Online Geometry Computer Requirements (For students using computers other than the HCPS Dell issued laptops)

Chrome and IE comparisons

Getting Started with Internet Explorer 10

Seqrite Antivirus for Server

Manual Update Java 7 Version 11 Not Working In Chrome

SA28083 / CVE

PROTECTION SERVICE FOR BUSINESS. Datasheet

Web Browser Settings Guide

ecollege and VitalSource System and Hardware Specifications

CPD Online System Requirements and Browser Settings

Learning Center Computer and Security Settings

Overview... 2 Client Stations... 3 Network Bandwidth... 4 Firewall Settings... 5

Online (in)security: The current threat landscape Nikolaos Tsalis

How to Troubleshoot Panopto Viewing Issues

New Castle County Department of Land Use. System Use Requirements

UPK Professional Technical Specifications. Version

KNOXPLANS for New Users

PC SECURITY LABS COMPARATIVE TEST. Microsoft Office. Flash. August Remote code execution exploit. mitigations for popular applications

PRE-REQUISITES. The following software are the pre-requisites for functioning of SRM.

Customer A - Dropbox. Issued to: Report date:

SAP Education: Online Learning Technical Readiness Checklist

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

Manual Internet Explorer 8 For Windows Xp Sp2 32 Bit

Proposal for Virtual Web Browser by Using HTML5

I AM A RETAIL DEALER EMPLOYEE

How To Run Windows Update Manually Xp

Testing your TLS version

The Evolution of Chrome Security Architecture. Huan Ren Director, Qihoo 360 Technology Ltd

PROCON CONTRACTOR USERS BROWSER SETUP

8x8 Virtual Office Click2Pop for SugarCRM Setup Guide

Transcription:

WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS AVAR 2011 by Rajesh Nikam Security Simplified

CONTENTS Rise of Web Attacks Application Vulnerabilities Existing Protection Mechanisms Need for Effective Sandbox Sandboxing as Mitigation Challenges Conclusion

RISE OF WEB ATTACKS Rise of Web 2.0 has opened more opportunities for cybercriminals. Web Browser has become popular as an attack platform. Dozens of Browser Exploit Packs (BEP) are available in the underground community. - Eleonore, Phoenix, Zeus, SpyEye, IcePack, BlackHole, YES Exploit Pack, Crimepack, Neosploit Social Engineering techniques never die! APPLICATION VULNERABILITIES Vulnerability Description Affected versions CVE-2009-0658 CVE-2011-0609 CVE-2011-0611 CVE-2010-3971 CVE-2010-0806 CVE-2009-1671 CVE-2010-4452 Adobe JBIG2Decode Memory Corruption Exploit Adobe Flash Player AVM Bytecode Verification Vulnerability Adobe Flash Player SWF Memory Corruption Vulnerability IE CSS Recursive Import Use After Free IE DHTML Behaviors Use After Free Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll Java Applet2ClassLoader Remote Code Execution Exploit Adobe Reader 9.0 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.153.1 IE 6,7,8 IE 6, 7 JRE 6 Update 13 JRE 6 Update 23 PAGE 1 WEB BROWSER SANDBOXING

Application Vulnerabilities 250 200 150 100 50 0 Reported-2010 RCE-2010 Reported-2011 RCE-2011 Internet Explorer FireFox Chrome Adobe Reader & Flash Microsoft Office CVE - Common Vulnerabilities and Exposures, RCE - Remote Code Execution Source: http://cve.mitre.org EXISTING PROTECTION MECHANISMS Phishing Protection Parental Control Firewall & IPS Pop-up Blocker URL Classification - Google Safe Browsing - SmartScreen Filter with Internet Explorer InPrivate Browsing with Microsoft Internet Explorer Protected Mode is supported on IE7+ on Windows Vista and above Firefox supports Private Browsing mode Google Chrome promises better security with Sandboxing Microsoft Office 2010 supports Protected Mode Adobe Reader X supports SandboxiSandboxing PAGE 2 WEB BROWSER SANDBOXING

WEB BROWSER STATISTICS OPERATING SYSTEM DISTRIBUTION Windows XP SP2 Windows XP SP3 Windows 7 Windows 7 x64 Windows Vista SP1 Windows Vista Other Source: OS Distribution statistics based on Quick Heal Installations PAGE 3 WEB BROWSER SANDBOXING

NEED FOR EFFECTIVE SANDBOX Protected Mode for Internet Explorer - Only supported on Windows Vista and above Update, Update, Update! - 65% users are using unpatched OS and Web Browsers - 60% users are using vulnerable Adobe versions Allows read access to all user files - Gap in privacy as data can be sent over the network Web browsers do not sandbox all their plugins Protection feature as default options Java and other third-party plugins are not sandboxed Social engineering techniques succeed in breaking depth of Security Layers! Effective Sandbox needs to be designed, developed and tested by Security vendors! WHAT IS SANDBOXING? Provides a restricted environment - To run vulnerable and untrusted applications while making it difficult for malware to damage the host operating system Isolates untrusted code Reduces attack surface Acts as containment for attacks that exploit application vulnerabilities Programs WIth Sandbox Writes Reads Reads Transient Storage System PAGE 4 WEB BROWSER SANDBOXING

CHALLENGES Compatibility User Experience Security Privacy QUICK HEAL BROWSER SANDBOX Supported Web Browsers: - Internet Explorer, Firefox, Chrome Compatibility tests - Add-ons and toolbars - Email attachment download and upload - Social Networking Sites - Shopping Sites - Banking Sites Security Testing - Visiting Live Malicious URLs - Run Exploits using Metasploit PAGE 5 WEB BROWSER SANDBOXING

SANDBOX LIMITATIONS File system protection features requires NTFS i.e. FAT32 and USB volumes would remain unprotected Network access to Sandboxed applications is allowed Active exploits in a Sandboxed application will persist until the application is restarted PAGE 6 WEB BROWSER SANDBOXING

CONCLUSION Sandboxing is a positive step forward for better security Increases difficulty and possibility of exploitation Reduces the impact on an exploited system Effectively stops persistent threats Sandbox adds one extra layer of protection to Quick Heal Web Security! Copyright Quick Heal Technologies Pvt. Ltd., 2014 All Rights Reserved.This document is current as of the initial date of publication and may be changed by Quick Heal at any time. All Intellectual Property Right(s) including trademark(s), logo(s) and copyright(s) is property of their respective owners. PAGE 7 WEB BROWSER SANDBOXING

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback