Cover Your Assets: How to Limit the Risk of Attack on your Windows XP Assets

Tom D’Aquino – Sr. Security Engineer

ABOUT ALIENVAULT

AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against

today’s modern threats

THE CHALLENGE Windows XP is end of support and subsequently creating risk for your organization:

What does “end of support” mean? How do you find out of date assets? Are your out of date assets vulnerable? Are your out of date assets being attacked? What else can you do to manage the risk created by out of date assets?

Event correlation rules and reports

END OF SUPPORT DATES As reported by Microsoft:

Available at http://windows.microsoft.com/en-us/windows/lifecycle

END OF SUPPORT CLARIFIED As reported by Microsoft:

Available at http://windows.microsoft.com/en-us/windows/lifecycle

ATTACK VECTORS TO CONSIDERNetwork Exploits – this is our traditional network worm, which is exploiting a service running on our XP machine. A classic example of this is the conficker worm that targeted a vulnerability in the server service in Windows XP.Browser-based attacks – this is our most common attack, where a user is targeted as they are browsing the web (or are sent a malicious link in an email) and an exploit targeting the browser or an enabled browser plugin is used to compromise the machine.Malicious Email attachments – another favorite, a malicious attachment is sent with an email and an exploit targeting the program configured to read the attachment is used (our most common target here is the PDF viewer)

IMMEDIATE ACTIONS TO LIMIT YOUR RISKLimit Inbound Network Access – place the XP machines on a dedicated network segment and limit access by other machines in your environment. (This mitigates Network Exploits) Use a Non-Administrative Account – the majority of exploits targeting desktop software are mitigated when the user account is a standard user. (This mitigates Browser-based attacks and malicious email attachments) Use a browser with a long-term support plan - Google Chrome is extending their XP support until April 2015. If you do choose to browse, turn off your plugins (This mitigates Browser-based attacks)Read your email in your browser – leverage your email server’s web front-end and be particularly conservative about the attachments you download and open. (This mitigates Malicious email attachments) Monitor your systems - The most important thing is catching an incident before it turns into a problem.

WARNING SIGNS TO WATCH OUT FOR

Command and control trafficInternal probingIncreased network activityConnections with known malicious IPs

powered by AV Labs Threat

Intelligence

USMASSET DISCOVERY• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software

Inventory

VULNERABILITY ASSESSMENT• Continuous

Vulnerability Monitoring• Authenticated /

Unauthenticated Active Scanning

BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability Monitoring

SECURITY INTELLIGENCE• SIEM Event Correlation• Incident Response

THREAT DETECTION• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring

WHAT TO DO ABOUT OUT OF DATE ASSETS

NOW FOR SOME Q&A…

Test Drive AlienVault USMDownload a Free 30-Day Trial

http://www.alienvault.com/free-trial

Try our Interactive Demo Site

http

://www.alienvault.com/live-demo-site

Questions? hello@alienvault.com