55% of online users have been infected with spyware
description
Transcript of 55% of online users have been infected with spyware
![Page 1: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/1.jpg)
55% of online users have been infected with spyware
http://www.aladdin.com/airc/security-statistics.aspx for 2005
![Page 2: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/2.jpg)
21,100,283 unique malware binaries collected in the last 12 months
http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware
![Page 3: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/3.jpg)
Malware cost estimated at $169-204 billion for 2004
http://www.aladdin.com/airc/security-statistics.aspx
![Page 4: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/4.jpg)
Only 7% of companies officially run Service Pack 2
http://www.aladdin.com/airc/security-statistics.aspx as of 2005
![Page 5: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/5.jpg)
average of 75,158 active bot-infected computers per day in 2008
http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf
![Page 6: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/6.jpg)
As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps
![Page 7: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/7.jpg)
DIGITAL AEGISProtecting You From The World
![Page 8: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/8.jpg)
AgendaOpportunityLimitationsWhat we didProblemsExternal/Network TestsPhysical Client TestsLooking BackFuture GoalsQuestions
Windows XPWindows 7Gentoo LinuxWindows 2008 R2Pfsense Firewall
Boxes
![Page 9: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/9.jpg)
Opportunity Small to medium sized companies Can’t afford large security applications Don’t need a lot of services Target of script kitty/automated attacks Often become part of bot-nets Can leak personal or financial information Result in serious legal or financial
consequences
![Page 10: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/10.jpg)
Limitations Only focused on small to medium
businesses Only running a few basic services Not protecting against Zero Day threats Not providing physical building/box
security Focused on Script Kitty and automated
attacks Low rate of false alarms Proprietary software
![Page 11: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/11.jpg)
What We Did Windows XP
Basic Settings User Accounts/ auditing Registry Services User rights/ File permissions Internet Explorer GPO
![Page 12: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/12.jpg)
What We Did Windows 7
Basic Settings Elevated Pre-installed Security
Permissions UAC Remote Desktop AutoPlay
Microsoft Security Essentials Managing Local Accounts Applying GPO
![Page 13: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/13.jpg)
What We Did Gentoo Linux
Hardened Base Rolling Release Custom Compiled Kernel
No loadable modules – All built in PAX Buffer and heap overflow protection
Chroot Environment Latest patched Apache - Statically compiled
Binaries Strict IPtables Firewall Disabled Root Account – sudo AIDE
![Page 14: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/14.jpg)
What We Did Pfsense Firewall Boxes
Nat Firewall Block all Unused Ports MAC Filtering Snort IDS
Detect common scans, exploits and attacks Automated Blocking those exceeding threshold
Snort LAN sniffing Inappropriate activity
HTTP sniffing – porn, racist Common malware communication
Squid/SquidGuard Access Control Lists – Who allowed what and when Blacklisting/White listing
![Page 15: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/15.jpg)
What We Did Windows 2008 R2
Basic Settings Windows 7 Settings DNS Active Directory Exchange Domain GPO
![Page 16: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/16.jpg)
Problems Exchange
Issues installing on a new install of Server 2008 R2
Uninstall Issues Format
Solution Followed 3 separate guides Manual install of packages Prep commands
![Page 17: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/17.jpg)
Problems Windows XP
Local GPO application Administrator lockout CD/USB blocking
Solution Workaround suggested by Windows Snapshots Online Administrative Template
![Page 18: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/18.jpg)
Problems Windows 7
New Operating system In-Depth Security analysis Zero Day Threats
Solutions Work with what you can get Windows 2008 GPO Default Settings
![Page 19: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/19.jpg)
External/Network Tests Nmap Scans from Outside Network
Gateway Results Nmap Scans from Inside Client Network
Linux Machine Results Windows 7 Results Windows XP Results Server Results
Back Track AutoPwn Scans Zero successful exploits
![Page 20: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/20.jpg)
Physical Client Tests Boot from CD Recovery Console Safe Mode User Permissions Password Strength Command line CD/USB blocking Internet explorer settings
![Page 21: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/21.jpg)
Looking Back Better Firewall Hardware Waiting for Newest Pfsense Version Possibly different OS for firewalls Windows XP Exchange Linux Clients
![Page 22: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/22.jpg)
Future Goals Snort Rules Full DNS black list Network traffic finger printing Implement in a small business setting Look at distribution Training
![Page 23: 55% of online users have been infected with spyware](https://reader035.fdocuments.us/reader035/viewer/2022062811/56815ede550346895dcd8038/html5/thumbnails/23.jpg)
Questions ?