close

Вход

Забыли?

вход по аккаунту

?

7 Effective Habits when using the Internet

код для вставкиСкачать
7 Effective Habits when
using the Internet
Philip O’Kane
1
Introduction
пЃ¬
пЃ¬
Who are the players?
пЂ­
The Attackers
пЂ­
IT Support/Department
пЂ­
End-user
Attack Surface
пЂ­
What is an attack surface
пЂ­
How well are you protected?
пЃ¬
Myths about Malware (Virus, Worm, Trojan, etc.)
пЃ¬
Seven Effective Habits
2
The Players
IT Department
п‚· Multifunction
п‚·
Resolve Issues
п‚·
Protect User, Assets and Networks
Assets
Attacker
(Malware)
п‚· Personal Information
п‚· Account Details
п‚· IPR
Firewall
User
п‚· Carry out Business function
п‚· Protect Asset
3
Attack Surface
Attacker
(Malware)
Vulnerability
(Bug or Poor configuration)
Assets
Flash
Player
Java Apps
Email
п‚· Personal Information
п‚· Account Details
п‚· IPR
Chrome
Web
Browser
Firefox
Internet
Explorer
4
Attacks
пЃ¬
пЃ¬
The End-user PC is inside the firewall
пЂ­
It inherits the trusted status of the PC and can access
sensitive information
пЂ­
Use privileged protocols to access data
пЂ­
Spread to others using privileged protocols
пЂ­
Email everyone in your contacts with malware attachments
пЂ­
Backdoor access – can send data to the attackers
Used as part of a Botnet to attack others (DDOS)
5
Attacks on Corporates
пЃ¬
Bank Dbase hacked $45 Million in ATM (Dec 2013)
пЃ¬
RSA Security,40 million employee records
stolen (March 2011)
пЃ¬
Sony's PlayStation Network (April 2011)
пЂ­
77 million accounts hacked
пЂ­
Sony site was down for a month
6
Attacks on the Individual
пЃ¬
Mobile Ransomware (2014)
пЃ¬
Spam Emails
пЂ­
пЃ¬
пЃ¬
PayPal (URLs).
Emails with attachments
пЂ­
Zip, SCR, EXEC
пЂ­
CryptoLockers/Ransomware
пЂ­
Backdoors
USB
пЂ­
Found or given a USB at a show
7
IT Departments/Defence Solutions
пЃ¬
пЃ¬
Firewall configuration
пЂ­
Internet protocols
пЂ­
Open ports
Patch Deployment
пЂ­
Centralised vulnerability remediation as exploitations are on the
internet within 8 hours of patch deployment (Patch Tuesday)
пЃ¬
Permitting open policies for privileged user authority
пЃ¬
70% of stolen data via USBs
8
Myths
пЃ¬
I will know when I’m infected
пЃ¬
Malware is just for Windows
пЃ¬
Email attachments from known persons are safe
пЃ¬
Visiting only reputable sites is completely safe
пЃ¬
Malware is not a problem, I have nothing important on my PC
9
I will know when I’m infected
пЃ¬
Malware Detection Rate over 30 Days
Day
1
8
15
22
30
McAfee
22%
53%
85%
86%
86%
Kaspersky
22%
87%
91%
92%
92%
AVG
13%
85%
92%
92%
93%
Virus Buster
10%
30%
46%
74%
74%
Symantec
21%
36%
43%
46%
47%
Trend Mirco
17%
29%
32%
32%
38%
Key
Zero Day
0->25%
Poor
26->50%
51->75%
76->90%
91->100%
Good
"Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks", Aug, 2010,
10
https://www.cyveillance.com/web/blog/press-release/cyveillance-testing-finds-av-vendors-detect-on-average-less-than-19of-malware-attacks.
Malware is just for Windows
пЃ¬
Window is the biggest target
пЂ­
пЃ¬
пЃ¬
Windows 8 release - a firm announced a zero-day vulnerability
that circumvents all new security enhancements in Windows 8
and Internet Explorer 10
Mobile phone
пЂ­
Study claims 614% increase last year.
пЂ­
Android accounts for 92% of total infections (June 2013)
Apple Mac
пЂ­
Small volume of malware to date
11
Email attachments from known persons are safe
пЃ¬
пЃ¬
пЃ¬
Do not execute untrusted programs
пЂ­
Internet protocols
пЂ­
Open ports
Email attachments
пЂ­
Who can you trust?
пЂ­
Has your friend been hacked?
Embedded URLs
пЂ­
(Spear) Phishing Emails
пЂ­
PayPal scam etc.
12
Visiting only reputable sites is completely safe
пЃ¬
Advice such as �Do not visit risky websites’
пЂ­
пЃ¬
It is good advice
The converse is not necessary true
пЂ­
Reputable websites can be hacked
пЂ­
NBC Media website hacked, which installed fake antivirus
software (Feb 2013).
пЂ­
msn.co.nz website hacked to re-directed to a site that hosts
pictures of Bill Gates (MS) with pie on his face.
пЂ­
EA games web server hacked to host phishing website, users
where asked to enter their Apple IDs and personal information.
13
Malware in not a problem, I have nothing..
пЃ¬
Malware is not a problem, I have nothing important on my PC
пЃ¬
Even if your computer has nothing important stored on it
пЂ­
Address books can be used to send out spam and malicious
emails
пЂ­
Malware can record all of your keystrokes and steal your
usernames and passwords. When the malware authors have that
information, they can use it to cause severe damage ranging
from financial loss to identity theft.
пЃ¬
пЃ¬
Bank account details
Social media website to scam friends
14
Reduce your Attack Surface
пЃ¬
пЃ¬
Browser
пЂ­
Use the latest browser
пЂ­
Update your security regularly
пЂ­
Browser controls
Games and Apps
пЂ­
Do you need those apps?
пЂ­
Where to get apps?
15
Reduce your Attack Surface
пЃ¬
Portable media
пЂ­
Two-thirds of lost USB drives carry malware – from a survey of
USB drives in a lost and found department
пЂ­
Beware of USBs you find lying around
пЂ­
Malware infected USB drives handed out at a trade show
16
Seven Effective Habits
пЃ¬
You can’t disengage your brain
пЃ¬
Be safe both at work and home
пЃ¬
Update your software to include latest patches
пЃ¬
Use the latest software
пЃ¬
Don’t install software you don’t use
пЃ¬
Be careful about the apps you download - Games etc.
пЃ¬
Run with minimum privileges
17
Документ
Категория
Презентации
Просмотров
3
Размер файла
2 375 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа