Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia .
-
date post
19-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia .
Defense-in-Depth Against Malicious Software
Jeff AlexanderIT Pro EvangelistMicrosoft Australiahttp://blogs.msdn.com/jeffa36
Agenda
• Characteristics of Malicious Software• Malware Defence-in-Depth• Malware Defence for Client Computers• Malware Defence for Servers• Network-Based Malware Defence• What about Spyware?• Guidance Tools and Response
Malicious Software: Identifying Challenges to an Organisation
• Malware: A Collection of software developed to intentionally perform malicious tasks on a computer system
• Feedback from IT and Security professionals include:– “Users executed the email attachment even though we’ve told them
again and again not to”
– “The antivirus software should have caught this, but the signature for this virus is not installed yet”
– “We didn’t know our servers needed to be updated”
– “This never should have made it through our firewall; we didn’t realize those ports could be attacked”
Understanding Malware Attack Techniques• Common malware attack techniques include:
– Social engineering
– Backdoor creation
– E-mail Address theft
– Embedded e-mail engines
– Exploiting product vulnerabilities
– Exploiting new Internet technologies
Understanding the Vulnerability Timeline
Product Product shippedshipped
VulnerabilityVulnerabilitydiscovereddiscovered
Update made Update made availableavailable
Update deployedUpdate deployedby customerby customer
VulnerabilityVulnerabilitydiscloseddisclosed
Most attacks occur Most attacks occur herehere
Understanding the Exploit Timeline
What Is Defence-in-Depth?Using a layered approach:• Increases an attacker’s risk of detection • Reduces an attacker’s chance of success
Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness
Guards, locks, tracking devicesPhysical securityPhysical security
Application hardeningApplication
OS hardening, authentication, update management, antivirus updates, auditing
Host
Network segments, IPSec, NIDSInternal network
Firewalls, boarder routers, VPNs with quarantine proceduresPerimeter
Strong passwords, ACLs, encryption, EFS, backup and restore strategy
Data
Implementing Host ProtectionPolicies, Procedures, and Awareness
• Recommended policies and procedures include:– Host protection defence policies:
• Scanning policy• Signature update policy• Allowed application policy
– Security update policy• Assess environment to be updated• Identify new updates• Evaluate and plan update deployment• Deploy the updates
– Network defence policies• Change control• Network monitoring• Attack detection• Home Computer access• Visitor access• Wireless network policy
Protecting Client Computers: What Are the Challenges?
• Challenges related to protecting client computers include:– Host challenges:
• Maintaining security updates
• Maintaining antivirus software
• Implementing a personal firewall
– Application challenges• Controlling application usage
• Secure application configuration settings
• Maintaining application security updates
– Data challenges• Implementing data storage policies
• Implementing data security
• Regulatory compliance
Configuring client applications to defend against malware
TodayTodayFuturFutureeWindows, SQL,Windows, SQL,
Exchange, Office…Exchange, Office…
Windows, SQL,Windows, SQL,Exchange, Office…Exchange, Office…
Office Update
Download Center
SUSSUS SMSSMS
““Microsoft Update”Microsoft Update”(Windows Update)(Windows Update)
VS Update
Windows Update
Windows onlyWindows only
Windows onlyWindows only
Update Management for Malware Defence
Windows, Windows, SQL,SQL,Exchange, Exchange, Office…Office…
AutoUpdateAutoUpdate
Windows Windows UpdateUpdateServicesServices
Due Q4FY05Due Q4FY05
Configuring SUS to deploy security updates
Blocking Unauthorized Applications with Software Restriction Policies• Software restriction policies
– Can be used to:• Fight viruses• Control ActiveX downloads• Run only signed scripts• Ensure approved software is installed• Lock down a computer
– Can be applied to the following rules:• Hash• Certificate• Path• Zone
– Can be set to:• Unrestricted• Disallowed