defense-in-depth against malicious software jeff alexander it pro evangelist microsoft australia
Post on 19-Dec-2015
217 views
TRANSCRIPT
![Page 1: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/1.jpg)
Defense-in-Depth Against Malicious Software
Jeff AlexanderIT Pro EvangelistMicrosoft Australiahttp://blogs.msdn.com/jeffa36
![Page 2: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/2.jpg)
Agenda
• Characteristics of Malicious Software• Malware Defence-in-Depth• Malware Defence for Client Computers• Malware Defence for Servers• Network-Based Malware Defence• What about Spyware?• Guidance Tools and Response
![Page 3: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/3.jpg)
Malicious Software: Identifying Challenges to an Organisation
• Malware: A Collection of software developed to intentionally perform malicious tasks on a computer system
• Feedback from IT and Security professionals include:– “Users executed the email attachment even though we’ve told them
again and again not to”
– “The antivirus software should have caught this, but the signature for this virus is not installed yet”
– “We didn’t know our servers needed to be updated”
– “This never should have made it through our firewall; we didn’t realize those ports could be attacked”
![Page 4: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/4.jpg)
Understanding Malware Attack Techniques• Common malware attack techniques include:
– Social engineering
– Backdoor creation
– E-mail Address theft
– Embedded e-mail engines
– Exploiting product vulnerabilities
– Exploiting new Internet technologies
![Page 5: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/5.jpg)
Understanding the Vulnerability Timeline
Product Product shippedshipped
VulnerabilityVulnerabilitydiscovereddiscovered
Update made Update made availableavailable
Update deployedUpdate deployedby customerby customer
VulnerabilityVulnerabilitydiscloseddisclosed
Most attacks occur Most attacks occur herehere
![Page 6: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/6.jpg)
Understanding the Exploit Timeline
![Page 7: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/7.jpg)
What Is Defence-in-Depth?Using a layered approach:• Increases an attacker’s risk of detection • Reduces an attacker’s chance of success
Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness
Guards, locks, tracking devicesPhysical securityPhysical security
Application hardeningApplication
OS hardening, authentication, update management, antivirus updates, auditing
Host
Network segments, IPSec, NIDSInternal network
Firewalls, boarder routers, VPNs with quarantine proceduresPerimeter
Strong passwords, ACLs, encryption, EFS, backup and restore strategy
Data
![Page 8: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/8.jpg)
Implementing Host ProtectionPolicies, Procedures, and Awareness
• Recommended policies and procedures include:– Host protection defence policies:
• Scanning policy• Signature update policy• Allowed application policy
– Security update policy• Assess environment to be updated• Identify new updates• Evaluate and plan update deployment• Deploy the updates
– Network defence policies• Change control• Network monitoring• Attack detection• Home Computer access• Visitor access• Wireless network policy
![Page 9: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/9.jpg)
Protecting Client Computers: What Are the Challenges?
• Challenges related to protecting client computers include:– Host challenges:
• Maintaining security updates
• Maintaining antivirus software
• Implementing a personal firewall
– Application challenges• Controlling application usage
• Secure application configuration settings
• Maintaining application security updates
– Data challenges• Implementing data storage policies
• Implementing data security
• Regulatory compliance
![Page 10: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/10.jpg)
Configuring client applications to defend against malware
![Page 11: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/11.jpg)
TodayTodayFuturFutureeWindows, SQL,Windows, SQL,
Exchange, Office…Exchange, Office…
Windows, SQL,Windows, SQL,Exchange, Office…Exchange, Office…
Office Update
Download Center
SUSSUS SMSSMS
““Microsoft Update”Microsoft Update”(Windows Update)(Windows Update)
VS Update
Windows Update
Windows onlyWindows only
Windows onlyWindows only
Update Management for Malware Defence
Windows, Windows, SQL,SQL,Exchange, Exchange, Office…Office…
AutoUpdateAutoUpdate
Windows Windows UpdateUpdateServicesServices
Due Q4FY05Due Q4FY05
![Page 12: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/12.jpg)
Configuring SUS to deploy security updates
![Page 13: Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d2b5503460f94a01261/html5/thumbnails/13.jpg)
Blocking Unauthorized Applications with Software Restriction Policies• Software restriction policies
– Can be used to:• Fight viruses• Control ActiveX downloads• Run only signed scripts• Ensure approved software is installed• Lock down a computer
– Can be applied to the following rules:• Hash• Certificate• Path• Zone
– Can be set to:• Unrestricted• Disallowed