230 likes | 350 Views
55% of online users have been infected with spyware. http://www.aladdin.com/airc/security-statistics.aspx for 2005. 21,100,283 unique malware binaries collected in the last 12 months. http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware.
E N D
55% of online users have been infected with spyware http://www.aladdin.com/airc/security-statistics.aspx for 2005
21,100,283 unique malware binaries collected in the last 12 months http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware
Malware cost estimated at $169-204 billion for 2004 http://www.aladdin.com/airc/security-statistics.aspx
Only 7% of companies officially run Service Pack 2 http://www.aladdin.com/airc/security-statistics.aspx as of 2005
average of 75,158 active bot-infected computers per day in 2008 http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf
As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps
Digital Aegis Protecting You From The World
Agenda Opportunity Limitations What we did Problems External/Network Tests Physical Client Tests Looking Back Future Goals Questions Windows XP Windows 7 Gentoo Linux Windows 2008 R2 Pfsense Firewall Boxes
Opportunity • Small to medium sized companies • Can’t afford large security applications • Don’t need a lot of services • Target of script kitty/automated attacks • Often become part of bot-nets • Can leak personal or financial information • Result in serious legal or financial consequences
Limitations • Only focused on small to medium businesses • Only running a few basic services • Not protecting against Zero Day threats • Not providing physical building/box security • Focused on Script Kitty and automated attacks • Low rate of false alarms • Proprietary software
What We Did • Windows XP • Basic Settings • User Accounts/ auditing • Registry • Services • User rights/ File permissions • Internet Explorer • GPO
What We Did • Windows 7 • Basic Settings • Elevated Pre-installed Security • Permissions • UAC • Remote Desktop • AutoPlay • Microsoft Security Essentials • Managing Local Accounts • Applying GPO
What We Did • Gentoo Linux • Hardened Base Rolling Release • Custom Compiled Kernel • No loadable modules – All built in • PAX Buffer and heap overflow protection • Chroot Environment • Latest patched Apache - Statically compiled Binaries • Strict IPtables Firewall • Disabled Root Account – sudo • AIDE
What We Did • Pfsense Firewall Boxes • Nat Firewall • Block all Unused Ports • MAC Filtering • Snort IDS • Detect common scans, exploits and attacks • Automated Blocking those exceeding threshold • Snort LAN sniffing • Inappropriate activity • HTTP sniffing – porn, racist • Common malware communication • Squid/SquidGuard • Access Control Lists – Who allowed what and when • Blacklisting/White listing
What We Did • Windows 2008 R2 • Basic Settings • Windows 7 Settings • DNS • Active Directory • Exchange • Domain GPO
Problems • Exchange • Issues installing on a new install of Server 2008 R2 • Uninstall Issues • Format • Solution • Followed 3 separate guides • Manual install of packages • Prep commands
Problems • Windows XP • Local GPO application • Administrator lockout • CD/USB blocking • Solution • Workaround suggested by Windows • Snapshots • Online Administrative Template
Problems • Windows 7 • New Operating system • In-Depth Security analysis • Zero Day Threats • Solutions • Work with what you can get • Windows 2008 GPO • Default Settings
External/Network Tests • Nmap Scans from Outside Network • Gateway Results • Nmap Scans from Inside Client Network • Linux Machine Results • Windows 7 Results • Windows XP Results • Server Results • Back Track AutoPwn Scans • Zero successful exploits
Physical Client Tests • Boot from CD • Recovery Console • Safe Mode • User Permissions • Password Strength • Command line • CD/USB blocking • Internet explorer settings
Looking Back • Better Firewall Hardware • Waiting for Newest Pfsense Version • Possibly different OS for firewalls • Windows XP • Exchange • Linux Clients
Future Goals • Snort Rules • Full DNS black list • Network traffic finger printing • Implement in a small business setting • Look at distribution • Training