Document 7349182
Download
Report
Transcript Document 7349182
Malware, spyware, addware - detekce,
optimální nastavení systému
Jan Písařík
Senior system engineer
ComDay3
27. ledna 2005, Jihlava
Agenda
Současný stav na poli bezpečnosti
Co je škodlivý software?
Jak se bránit?
2
Security Incidents
… rostou
140,000
Incidents
120,000
100,000
80,000
60,000
40,000
20,000
0
1996 1997 1998 1999 2000 2001 2002 2003
Source: Goldman Sachs 2/19/04
3
Nové technologie (WiFi,
Mobile)
Security
IT svět se mění
Větší nároky na bezpečnost
Mnoho uživatelských kategorií: zaměstnanci, cestující uživatelé,
konzultanti, zákazníci, dodavatelé
Distribuované systémy potřebují komplexní síťovou strukturu
Vulnerabilities are Rising
Time to Remediate is Shrinking
Quantity
7000
300
6000
250
5000
200
4000
150
3000
2000
100
1000
50
0
'95 - '99
00' -01'
02'-03'
0
Nimda
SQL
Slammer
Welchia
Blaster
Source: Gartner, 8/04
4
Days
350
8000
Spyware
Je všude a je to velký problém
9 z 10 PC připojených k internetu
je nakaženo spyware.*
Audit - Earthlink a Webroot
27.5 výskytu spyware na PC
Za čtvrt roku - 40 milionů spyware
na 1.5 mil. PC
Spyware Rising
Number of Reports
Thousands
600
500
400
300
200
100
0
531,694
151,975
8,903
Mar Jun Sep Dec Mar Jun Sep Dec Mar
02 02 02 02 03 03 03 03 04
*National Cyber Security Alliance, June 2003
5
Spyware / Adware / Trackware
Malware - malicious software, software navržený k
narušení nebo zničení systému
Spyware – program, který se usadí na Vašem PC a
dokonale špehuje a krade Vaše hesla, historii navštívených
stránek, čísla kreditních karet, mění Vaše úvodní stránky na
internetu a pod. a poté vše zasílá určitému uživateli
- Adware – obtěžuje reklamou
- Browser helper - DLL knihovna, která umožňuje
programátorům změnit a sledovat Internet Explorer
- Hijacker – mění home page
- Dialer
- Keystroke logger
- Remote admin
- Trackware
6
Proč?
Peníze
Pop up okna
Hackeři – PIN, …
Programátoři – P2P, XXX, dialery
7
Příznaky
Pomalý start PC
Vyskakující okna
Přesměrovnání volání
Záhadné chování desktopu
Nežádoucí home page
…
8
Security Management
Bezpečnost perimetru není dostatečné řešení
100 % bezpečnost zařízení není možná, potřebujeme
opakovaně skenovat a monitorovat nové zranitelnosti a hrozby
Zranitelnosti – zvyšuje se počet, intenzita a frekvence útoků
Integrované bezpečnostní řešení:
Patch Management
Anti-Spyware
Vulnerability Management
9
LANDesk® Security Suite
Device Discovery
• Discovery
• Baseline Configuration
Monitor / Denial
Audit / Compliance
• Unauthorized
software detection
• Application Block
• Threat Analyzer
– User-Resources settings
Spyware
Network Access
• Detection
• Removal
• Central Management
• Connection Control Manager
–Inclusive / Exclusive
Restrict drive/port/
wireless access
Patch Management
10
• OS / Application / Custom
• Vulnerability Assessment
• Enterprise Remediation
LANDesk Security Suite
Connection Control Manager
Ability to control the networks
that a client can access
Approved or disapproved list of
authorized connections
Enable or disable the following
based on network connection
USB Ports
(allow mouse/keyboard)
Modems
Drives
- Floppy
- CD/DVD
- Removable
- Tape
Ports
- Serial
- Parallel
- Infrared
- Firewire
Wireless
- 802.11
- Bluetooth
Alerts are generated based on
unauthorized access
11
LANDesk Security Suite
Threat Analyzer
Eliminate potential security
threats by verifying:
12
Administrator Group Membership
Available Shares
Check for Unnecessary Services
Domain Controller
File System Type
Guest Account Status
Internet Connection Firewall Status
Local Account Passwords
Operating System Version
Password Expiration
Restrict Anonymous Users
SQL Guest and Service Account Status
Internet Explorer Security Settings
And more…
LANDesk Security Suite
Spyware Detection and Removal
Scan
Trojans, Malware, Trackers, Keyloggers, Hijackers, Dialers, Cookies
Detection
Inclusion and exclusion of definitions
from search
Removal
Auto fix capability, spyware removal
Recovery
Ability to restore files and registry
settings removed during a removal
process
Reporting
To verify and see trends and repair
rates
13
LANDesk Security Suite
Application Blocker
Detection
Predefined list of suggested
applications to block
Content provided by LANDesk
Configurable list that can be
supplemented with custom
applications
Denial
Block and deny the execution
of detected unwanted
applications
Block applications that don’t
comply with corporate
standards
Increases security and
productivity
14
LANDesk Security Suite
Patch Manager
Patch Install History
Display of patches installed
on node
Patch uninstall capability
Detect patches installed by
LANDesk or other means
Right click option to remove
installed patch
Heterogeneous platform support
Linux Vulnerability
Assessment
- Red Hat (WS, AS, ES)
- Suse v9.1
15
Macintosh Remediation
Product Overview
Patch Manager (cont)
Enhanced Client Configuration
Run settings for Security and
Patch Scanner
- At login (Run key)
- Local Scheduler
Never Reboot
Never Auto-fix
Select “end user setting” for
client when the scan is run at
login or by local scheduler.
16
Product Overview
Patch Manager (cont)
Create/Edit End User Settings
17
General
- Show Scan Progress
- Allow user to cancel scan
Repair
- Custom prompt before repair
- Bandwidth Control percentage
Reboot
- Custom prompt before reboot
- Snooze or delay of reboot
- Allow User to cancel reboot
- Behavior when there is not
interaction at client within specified
time
MSI
- Package location and authentication
Product Overview
Patch Manager (cont)
Reports
Added 30+ Security and Patch Manager reports to the WinConsole
Added Vulnerability Reports to WebConsole
18
Product Overview
Patch Manager (cont)
Pre-stage Patches
Select to have the patch
deployed to the clients but not
initiate an install or repair.
This all occurs while decisions
are being made whether to
install or not
Once the “GO” is decided,
follow with a second job that
only installs the patch that is in
the cache.
19
LANDesk Security Suite
LANDesk Updates
Update definitions and patches
will be hosted on content site to
provide updates for LANDesk
Management Suite
LANDesk update will support
updating the Core, Console,
WebConsole, & Client
Update of LANDesk components
Download up-to-date definitions
from LANDesk
Select which updates to scan for
Create policies to update
LANDesk software.
20
LANDesk Security Suite
New “Security Suite” SKU
Stand-alone offering
Add-on to LANDesk
Management Suite
Security Suite components
21
Patch Management
Anti-Spyware
Security Threat Analyzer
Application Blocker
User-defined Vulnerabilities
Connection Control Manager
LANDesk Updates
Stop Counting Attacks
Start Closing Gaps
Děkuji za pozornost
22