7 effective habits when using the internet philip o’kane
Post on 15-Jan-2016
31 Views
Preview:
DESCRIPTION
TRANSCRIPT
7 Effective Habits whenusing the Internet
Philip O’Kane
1
Introduction
Who are the players?
The Attackers
IT Support/Department
End-user
Attack Surface
What is an attack surface
How well are you protected?
Myths about Malware (Virus, Worm, Trojan, etc.)
Seven Effective Habits
2
The Players
IT Department Multifunction Resolve Issues Protect User, Assets and Networks
User Carry out Business function Protect Asset
Attacker(Malware)
Assets Personal Information Account Details IPR
Firewall
3
Attack Surface
4
Firefox
InternetExplorer
Chrome
Java AppsEmail
Web Browser
Flash Player
Vulnerability(Bug or Poor configuration)
Assets Personal Information Account Details IPR
Attacker(Malware)
Attacks
The End-user PC is inside the firewall
It inherits the trusted status of the PC and can access sensitive information
Use privileged protocols to access data
Spread to others using privileged protocols
Email everyone in your contacts with malware attachments
Backdoor access – can send data to the attackers
Used as part of a Botnet to attack others (DDOS)
5
Attacks on Corporates
Bank Dbase hacked $45 Million in ATM (Dec 2013)
RSA Security,40 million employee records
stolen (March 2011)
Sony's PlayStation Network (April 2011)
77 million accounts hacked
Sony site was down for a month
6
Attacks on the Individual
Mobile Ransomware (2014)
Spam Emails
PayPal (URLs).
Emails with attachments
Zip, SCR, EXEC
CryptoLockers/Ransomware
Backdoors
USB
Found or given a USB at a show
7
IT Departments/Defence Solutions
Firewall configuration
Internet protocols
Open ports
Patch Deployment
Centralised vulnerability remediation as exploitations are on the internet within 8 hours of patch deployment (Patch Tuesday)
Permitting open policies for privileged user authority
70% of stolen data via USBs
8
Myths
I will know when I’m infected
Malware is just for Windows
Email attachments from known persons are safe
Visiting only reputable sites is completely safe
Malware is not a problem, I have nothing important on my PC
9
I will know when I’m infected
Malware Detection Rate over 30 Days
10
0->25% 26->50% 51->75% 76->90% 91->100%Key
Day 1 8 15 22 30
McAfee 22% 53% 85% 86% 86%
Kaspersky 22% 87% 91% 92% 92%
AVG 13% 85% 92% 92% 93%
Virus Buster 10% 30% 46% 74% 74%
Symantec 21% 36% 43% 46% 47%
Trend Mirco 17% 29% 32% 32% 38%
Poor Good
"Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks", Aug, 2010, https://www.cyveillance.com/web/blog/press-release/cyveillance-testing-finds-av-vendors-detect-on-average-less-than-19-
of-malware-attacks.
Zero Day
Malware is just for Windows
Window is the biggest target
Windows 8 release - a firm announced a zero-day vulnerability that circumvents all new security enhancements in Windows 8 and Internet Explorer 10
Mobile phone
Study claims 614% increase last year.
Android accounts for 92% of total infections (June 2013)
Apple Mac
Small volume of malware to date
11
Email attachments from known persons are safe
Do not execute untrusted programs
Internet protocols
Open ports
Email attachments
Who can you trust?
Has your friend been hacked?
Embedded URLs
(Spear) Phishing Emails
PayPal scam etc.
12
Visiting only reputable sites is completely safe
Advice such as ‘Do not visit risky websites’
It is good advice
The converse is not necessary true
Reputable websites can be hacked
NBC Media website hacked, which installed fake antivirus software (Feb 2013).
msn.co.nz website hacked to re-directed to a site that hosts pictures of Bill Gates (MS) with pie on his face.
EA games web server hacked to host phishing website, users where asked to enter their Apple IDs and personal information.
13
Malware in not a problem, I have nothing..
Malware is not a problem, I have nothing important on my PC
Even if your computer has nothing important stored on it
Address books can be used to send out spam and malicious emails
Malware can record all of your keystrokes and steal your usernames and passwords. When the malware authors have that information, they can use it to cause severe damage ranging from financial loss to identity theft.
Bank account details Social media website to scam friends
14
Reduce your Attack Surface
Browser
Use the latest browser
Update your security regularly
Browser controls
Games and Apps
Do you need those apps?
Where to get apps?
15
Reduce your Attack Surface
Portable media
Two-thirds of lost USB drives carry malware – from a survey of USB drives in a lost and found department
Beware of USBs you find lying around
Malware infected USB drives handed out at a trade show
16
Seven Effective Habits
You can’t disengage your brain
Be safe both at work and home
Update your software to include latest patches
Use the latest software
Don’t install software you don’t use
Be careful about the apps you download - Games etc.
Run with minimum privileges
17
top related