Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Similar documents
Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

ANATOMY OF AN ATTACK!

CS 356 Operating System Security. Fall 2013

CIH

Security Enhancements

Chapter 9. Firewalls

Dynamic Datacenter Security Solidex, November 2009

Carbon Black PCI Compliance Mapping Checklist

Symantec Client Security. Integrated protection for network and remote clients.

Security+ SY0-501 Study Guide Table of Contents

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Software Updating: Hitting the Mark

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Addressing PCI DSS 3.2

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Seqrite Endpoint Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Changing face of endpoint security

COMPUTER NETWORK SECURITY

ClearPath OS 2200 System LAN Security Overview. White paper

IC32E - Pre-Instructional Survey

Angelo Gentili Head of Business Development, EMEA Region, PartnerNET

Cyber Security Audit & Roadmap Business Process and

: Administration of Symantec Endpoint Protection 14 Exam

McAfee Public Cloud Server Security Suite

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

HikCentral V.1.1.x for Windows Hardening Guide

Symantec Endpoint Protection Family Feature Comparison

CIS Controls Measures and Metrics for Version 7

Cisco Network Admission Control (NAC) Solution

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Introducing Next Generation Symantec AntiVirus: Symantec Endpoint Protection. Bernard Laroche Endpoint security Product marketing

CIS Controls Measures and Metrics for Version 7

the SWIFT Customer Security

Process System Security. Process System Security

University of Pittsburgh Security Assessment Questionnaire (v1.7)

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

NETWORK THREATS DEMAN

Total Security Management PCI DSS Compliance Guide

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Securing the Modern Data Center with Trend Micro Deep Security

Computer Network Vulnerabilities

Security

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Building Resilience in a Digital Enterprise

Cyber security tips and self-assessment for business

Windows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

NetDefend Firewall UTM Services

QuickBooks Online Security White Paper July 2017

CISNTWK-440. Chapter 5 Network Defenses

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

align security instill confidence

Locking down a Hitachi ID Suite server

locuz.com SOC Services

HikCentral V1.3 for Windows Hardening Guide

How Breaches Really Happen

7.16 INFORMATION TECHNOLOGY SECURITY

Automating the Top 20 CIS Critical Security Controls

Securing Your Microsoft Azure Virtual Networks

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Microsoft Security Management

CompTIA A+ Certification ( ) Study Guide Table of Contents

Securing Your Amazon Web Services Virtual Networks

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Symantec Network Access Control Starter Edition

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

The threat landscape is constantly

ICS Security Monitoring

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Future-ready security for small and mid-size enterprises

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

ForeScout ControlFabric TM Architecture

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Cracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ]

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Online Services Security v2.1

IBM Security Network Protection Solutions

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

NEN The Education Network

Protecting productivity with Industrial Security Services

Client Computing Security Standard (CCSS)

LOGmanager and PCI Data Security Standard v3.2 compliance

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Security Audit What Why

Transcription:

Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation

Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client Computers Malware Defense for Servers Network-Based Malware Defense Solutions to implement Malware Defense-in-Depth November 2006 2

Understanding Characteristics of malicious software November 2006 3

Malicious Software: Identifying Challenges to an Organization Malware: A collection of software developed to intentionally perform malicious tasks on a computer system Feedback from IT and security professionals includes: The users executed the attachment from their e-mail even though we ve told them again and again that they aren t supposed to. The antivirus software should have caught this, but the signature for this virus hadn t been installed yet. We didn t know our servers needed to be updated. This never should have made it through our firewall; we didn t even realize those ports could be attacked.

Understanding Malware Attack Techniques Common malware attack techniques include: Social engineering Backdoor creation E-mail address theft Embedded e-mail engines Exploiting product vulnerabilities Exploiting new Internet technologies

Understanding the Vulnerability Timeline Most attacks occur here Product shipped Vulnerability discovered Vulnerability disclosed Update made available Update deployed by customer

Understanding the Exploit Timeline Exploit Malware Attack Days between update and exploit Days between update Nimda 331 Product Vulnerability VulnerabilityUpdate made Update shipped SQL Slammer discovered180 and exploit have disclosed available decreased deployed Welchia/Nachi 151 by customer Blaster 25 Sasser 14

Identifying Common Malware Defense Methods Malware Attack Defense Method Mydoom Sasser Blaster SQL Slammer Download.Ject Block port 1034 Update antivirus signatures Implement application security Block ports 445, 5554, and 9996 Install the latest security update Install the latest security update Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for remote command shell. Update antivirus signatures Install the latest security update Block UDP port 1434 Install the latest security update Increase security on the Local Machine zone in Internet Explorer Clean any infections related to IIS

What Is Defense-in-Depth? Using a layered approach: Increases an attacker s risk of detection Reduces an attacker s chance of success Data Application Host Internal network Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Application hardening OS hardening, authentication, update management, antivirus updates, auditing Network segments, IPSec, NIDS Firewalls, boarder routers, VPNs with quarantine procedures Physical security Policies, procedures, and awareness Guards, locks, tracking devices Security policies, procedures, and education

Applying Defense-in-Depth to Malware Defense Client defenses Data Application Host Server defenses Data Application Host Network defenses Internal network Perimeter Physical security Policies, procedures, and awareness

Implementing Host Protection Policies, Procedures, and Awareness Recommended policies and procedures include: Host protection defense policies: Scanning policy Signature update policy Allowed application policy Security update policy: 1. Assess environment to be updated 2. Identify new updates 3. Evaluate and plan update deployment 4. Deploy the updates Network defense policies: Change control Network monitoring Attack detection Home computer access Visitor access Wireless network policy

Implementing Physical Security and Antivirus Defense Elements of an effective physical defense plan include: Premises security Personnel security Network access points Server computers Workstation computers Mobile computers and devices

Protecting Client Computers: What Are the Challenges? Challenges related to protecting client computers include: Host challenges Maintaining security updates Maintaining antivirus software Implementing a personal firewall Application challenges Controlling application usage Secure application configuration settings Maintaining application security updates Data challenges Implementing data storage policies Implementing data security Regulatory compliance

Implementing Client-Based Malware Defense Steps to implement a client-based defense include: 1 2 3 4 5 6 7 Reduce the attack surface Apply security updates Enable a host-based firewall Install antivirus software Test with configuration scanners Use least-privilege policies Restrict unauthorized applications

Configuring Applications to Protect Client Computers Applications that may be malware targets include: E-mail client applications Desktop applications Instant messaging applications Web browsers Peer-to-peer applications

Managing Internet Explorer Browser Security Security feature MIME security improvements Better security management Local Machine zone Feature Control Security Zone settings Group Policy settings Consistency checks Stricter rules Description Add-on control and management features Better prompts New script-initiated windows restrictions Ability to control security in the local machine zone MIME sniffing Security elevation Windows restriction Administrative control for feature control security zones

Protecting Client Computers: Best Practices Identify threats within the host, application, and data layers of the defense-in-depth strategy Implement an effective security update management policy Implement an effective antivirus management policy Use Active Directory Group Policy to manage application security requirements Implement software restriction policies to control applications

What Is Server-Based Malware Defense? Basic steps to defend servers against malware include: Reduce the attack surface Apply security updates Enable a host-based firewall Analyze using configuration scanners Analyze port information

Protecting Servers: Best Practices Consider each server role implemented in your organization to implement specific host protection solutions Stage all updates through a test environment before releasing into production Deploy regular security and antivirus updates as required Implement a self-managed host protection solution to decrease management costs

Protecting the Network: What Are the Challenges? Challenges related to protecting the network layer include: Balance between security and usability Lack of network-based detection or monitoring for attacks

Implementing Network-Based Intrusion-Detection Systems Network-based intrusion-detection system Provides rapid detection and reporting of external malware attacks Important points to note: Network-based intrusion-detection systems are only as good as the process that is followed once an intrusion is detected ISA Server 2006 provides network-based intrusion-detection abilities

Implementing Application Layer Filtering Application layer filtering includes the following: Web browsing and e-mail can be scanned to ensure that content specific to each does not contain illegitimate data Deep content analyses, including the ability to detect, inspect, and validate traffic using any port and protocol

Protecting the Network: Best Practices Have a proactive antivirus response team monitoring early warning sites such as antivirus vendor Web sites Have an incident response plan Implement automated monitoring and report policies Implement ISA Server 2006 to provide intrusion- detection capabilities

More advanced More frequent Profit motivated Application-oriented Too many point products Poor interoperability Lack of integration Multiple consoles Uncoordinated event reporting & analysis Cost and complexity November 2006 24

Protect Information and Control Access at Operating system Server applications Network edge Content Heterogeneity Third-party products Secure custom apps 24/7 security research and response Cross-product integration MSFT security products MSFT server applications Integration with Microsoft IT infrastructure Active Directory, SQL Server, Operations Manager, etc. Integration with ecosystem partners and custom apps Unified view and analytics Reduced number of management consoles Simplified deployment Appliances and appliance-like experience Technical and industry guidance Simplified licensing November 2006 25

Unified malware protection for business desktops, laptops and server operating systems that is easy to manage and control One solution for spyware and virus protection Built on protection technology used by millions worldwide Effective threat response One console for simplified security administration Define one policy to manage client protection agent settings Integrates with your existing infrastructure One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts

November 2006 27

Security Summary

Windows Vista Server and Domain Isolation (SD&I) Forefront Client Security Combined Solution User Account Control IE7 with Protected Mode Randomize Address Space Layout Advanced Desktop Firewall Kernel Patch Protection (64bit) Policy Based Network Segmentation Restrict-To-Trusted Net Communications Infrastructure Software Integration Unified Virus & Spyware Protection Central Management Reporting, Alerting and State Assessment

Services Edge Server Applications Client and Server OS Information Protection Identity Management Active Directory Federation Services (ADFS) Systems Management Guidance Developer Tools November 2006 30

2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback