Securing Your Small Business Network
-
Upload
anindita-ghatak -
Category
Business
-
view
443 -
download
0
description
Transcript of Securing Your Small Business Network
Securing Your Small Business Network
2 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Introduction
Types of Online Risks
Small Business Network Vulnerabilities
Calculating the Impact
Recommended Security Practices
Overview of Symantec Solutions
1
2
3
4
5
6
Agenda
3 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
The Internet Has Changed Business Forever
► Turn back the clock 10 years… Did you have an email address? Web access? A Web site?
► The Internet has redefined business dynamics 48% of small businesses in the U.S. have Web sites 163 million Americans have an email address 185 million Americans use the Internet
► The good news is that you can: Gather information more quickly Increase communications with your customers/vendors Transact business more efficiently
Sources: Pew Internet Survey 2004, Computer Industry Almanac, 2004Kelsey Group, 2004
4 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
The Bad News: Computer Security Risks
► Did you realize that you open your business to potential risk whenever you…
Download something from the Web? Open an email attachment? Leave your computers connected to a broadband connection? Insert removable media (CD-ROM, DVD-ROM, flash drive) into one of
your business’s computers? Access the Internet wirelessly? Let a guest user onto your business network?
The security of your business is up to YOU!
5 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
The Impact of Poor Security
► Over $11 billion in damages worldwide Between just a few months: Feb. 2004 and May 2004 From just MyDoom, Netsky, Bagel, and Sasser virus outbreaks
Source: Computer Economics, Inc. June 2004
6 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
The Impact of Poor Security
► U.S. CSI/FBI Survey (among 269 respondents) * Estimated total loss of $141 million due to virus outbreaks in 2003
• 19% in small businesses with <100 employees $524K average loss per respondent Attack types and percent experiencing them
• Virus outbreaks 78%
• Internal abuse of Web access 59%
• System penetration 39%
► An estimated 57MM Americans have received emails from “phishers” (Gartner, May 2004 survey)
Cost of phishing attacks to U.S. banks in 2003 $1.2b (Symantec)
* Source: CSI/FBI Computer Crime and Security Survey, 2004
7 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
What Are You Up Against?Types of Risks
► Malicious Code Worms, Viruses, Trojan Horses
► Hackers Information theft/Privacy Violations, Spyware, Phishing, Denial of
Service, Application Vulnerabilities
► Time Wasters Adware, Spam Email, Popup Ads, Data Loss
8 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
What Are You Up Against?Malicious Code
► Virus A malicious program that attacks PCs and Macs by infecting other
files on the computer
► Worm A malicious program designed to spread itself to as many other
computers as possible via the Internet, sometimes taking over the victim’s email address book
► Trojan Horse A malicious program that pretends to be a useful or friendly
program, such as a screen saver, game or other type of utility
Source: SecurityFocus
The “Blaster” worm alone inflicted $1.3 billion in damageto U.S. Businesses in 2003
9 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
What Are You Up Against? Hackers
► Privacy Violations Intrusions into your business’s computer systems for personal information
belonging to you, your company or your customers, often credit card numbers► Spyware
Small applications that monitor your Web usage and report it to a marketing service
Key stroke loggers that capture data and steal passwords
► Phishing Fraudulent schemes in which a hacker pretends to be a legitimate company or
authority to get you to reveal personal information willingly
► Denial of Service An attack that ties up a Web server so that your customers, vendors, and partners
can’t access your site
Source: CSI/FBI Computer Crime and Security Survey, 2004
70% of businesses reported at least one security breachfrom external sources this year
10 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
What Are You Up Against? Time Wasters
► Adware Software that displays banner ads even when the host computer is not
connected to the Internet
► Spam, Popup Ads Spam email: unsolicited email, often sent under false pretences Popup Ads: ads that open in a new browser window on top of the Web
page you were viewing
Source: Symantec/Brightmail, 2004
As much as 65% of all email traffic in 2004 is spam
11 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
months
days
hrs
mins
secs
ProgramViruses Macro
Viruses E-mailWorms Network
Worms
FlashWorms
Co
nta
gio
n P
eri
od
Evolution of Virus/Worm Threats
► We’ve reached an inflection point where the latest threats now spread orders of magnitude faster than our ability to respond with traditional technology
1990 Time 2005
Contagion Period
12 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Threat Sophistication
At its peak, 1 out of every 12 emails was infected with MyDoom!
Code Red doubled its infection rate every37 minutes. Slammer doubled every 8.5 seconds, and
infected 90% of unprotected servers in 10 minutes!
Blaster razed networks just 27 days after the vulnerability was publicly disclosed!
13 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Understanding Your VulnerabilitiesInternet Gateway
14 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Understanding Your VulnerabilitiesFile Server / Mail Server
15 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Understanding Your VulnerabilitiesDesktop
16 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Understanding Your VulnerabilitiesRemote Users
17 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Calculating the Impact on Your Business
► How to calculate the cost of a virus infecting your network and damaging your information
List the number employees in your business Calculate an average hourly compensation per employee Think about what files and work might need to be re-created after a
loss: customer database, client reports, project files, and schedules, contracts, etc.
Estimate the amount of time required to re-create lost databases, financial files, and other work per employee
Multiply the time required by the number of employees affected by the average hourly compensation
This is the cost of one virus damaging desktop files one time only – It doesn’t include the cost to have your software or hardware
professionally repaired or replaced.
18 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Calculating the Impact on Your Business
Number of Employees 12
Average Hourly Wage $25.00/hour
Spam: Minutes Each Day / Person: 5
Hours Each Year / Person: 5 x 4 = 20
20 hours
Viruses: Annual Downtime / Person 15 hours
Total Annual Hours / Person (20 + 15 = 35) 35 hours
Annual Cost to Business / Worker (35 hours x $25/hr = $875) $875
Annual Cost to Business ($875/person x 12 = $10,500) $10,500
19 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Recommended Security Practices
1. Prevent infection with antivirus software Install antivirus on all desktops, laptops, and servers Check for virus definitions daily or set for automatic updates
2. Stop intruders with a firewall Use a firewall on all desktops, laptops, and servers
3. Stay on top of security updates Deploy security patches and fixes as soon as they are available Use the latest operating system versions
4. Create strong passwords and change them frequently Don’t allow Web browsers to remember passwords/private data
5. Open email responsibly Scrutinize attachments before opening them; avoid ones with unusual
extensions Don’t open or reply to unsolicited mail
20 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Recommended Security Practices, cont.
6. Browse the Web with caution Don’t ever give personal information to a Web site unless you see a small
padlock or key icon in the browser’s toolbar Don’t type confidential information in Instant Messaging/Chat programs
7. Back up regularly Back up vital data daily and store critical backups offsite
8. Make remote connections secure Require remote users to use antivirus and firewall software Use a Virtual Private Network (VPN)
9. Lock down wireless networks Install a firewall at the wireless access point
10. Ensure the physical security of your equipment Never leave wireless devices unattended Use the screen locking feature when you leave your computer
21 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Symantec Small Business Product Line
Desktop and Server Protection
Desktop Protection
Point ProductsPoint Products Suites/IntegratedSuites/Integrated Additional TierAdditional Tier
22 – 2005 Symantec Corporation. All rights reserved.Securing Your Small Business Network
Who is Symantec?
Global leader in information security #1 global leader in antivirus and antispam software*
Offers a broad range of software, appliances, and services for: Home and home office Small and mid-sized businesses Large enterprises
Operating in over 35 countries worldwide Insight from monitoring a sensor network of more than 20,000
corporate customers, and millions of personal PCs
** Sources: IDC – Secure Content Management 2004-2008 Forecast Update and 2003 Vendor Shares; Aug 2004
Worldwide Antispam Solutions 2004-2008 Forecast and 2003 Vendor Shares December 2004
Thank You
Questions and Answers