55% of online users have been infected with spyware

http://www.aladdin.com/airc/security-statistics.aspx for 2005

21,100,283 unique malware binaries collected in the last 12 months

http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware

Malware cost estimated at $169-204 billion for 2004

http://www.aladdin.com/airc/security-statistics.aspx

Only 7% of companies officially run Service Pack 2

http://www.aladdin.com/airc/security-statistics.aspx as of 2005

average of 75,158 active bot-infected computers per day in 2008

http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf

As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps

DIGITAL AEGISProtecting You From The World

AgendaOpportunityLimitationsWhat we didProblemsExternal/Network TestsPhysical Client TestsLooking BackFuture GoalsQuestions

Windows XPWindows 7Gentoo LinuxWindows 2008 R2Pfsense Firewall

Boxes

Opportunity Small to medium sized companies Can’t afford large security applications Don’t need a lot of services Target of script kitty/automated attacks Often become part of bot-nets Can leak personal or financial information Result in serious legal or financial

consequences

Limitations Only focused on small to medium

businesses Only running a few basic services Not protecting against Zero Day threats Not providing physical building/box

security Focused on Script Kitty and automated

attacks Low rate of false alarms Proprietary software

What We Did Windows XP

Basic Settings User Accounts/ auditing Registry Services User rights/ File permissions Internet Explorer GPO

What We Did Windows 7

Basic Settings Elevated Pre-installed Security

Permissions UAC Remote Desktop AutoPlay

Microsoft Security Essentials Managing Local Accounts Applying GPO

What We Did Gentoo Linux

Hardened Base Rolling Release Custom Compiled Kernel

No loadable modules – All built in PAX Buffer and heap overflow protection

Chroot Environment Latest patched Apache - Statically compiled

Binaries Strict IPtables Firewall Disabled Root Account – sudo AIDE

What We Did Pfsense Firewall Boxes

Nat Firewall Block all Unused Ports MAC Filtering Snort IDS

Detect common scans, exploits and attacks Automated Blocking those exceeding threshold

Snort LAN sniffing Inappropriate activity

HTTP sniffing – porn, racist Common malware communication

Squid/SquidGuard Access Control Lists – Who allowed what and when Blacklisting/White listing

What We Did Windows 2008 R2

Basic Settings Windows 7 Settings DNS Active Directory Exchange Domain GPO

Problems Exchange

Issues installing on a new install of Server 2008 R2

Uninstall Issues Format

Solution Followed 3 separate guides Manual install of packages Prep commands

Problems Windows XP

Local GPO application Administrator lockout CD/USB blocking

Solution Workaround suggested by Windows Snapshots Online Administrative Template

Problems Windows 7

New Operating system In-Depth Security analysis Zero Day Threats

Solutions Work with what you can get Windows 2008 GPO Default Settings

External/Network Tests Nmap Scans from Outside Network

Gateway Results Nmap Scans from Inside Client Network

Linux Machine Results Windows 7 Results Windows XP Results Server Results

Back Track AutoPwn Scans Zero successful exploits

Physical Client Tests Boot from CD Recovery Console Safe Mode User Permissions Password Strength Command line CD/USB blocking Internet explorer settings

Looking Back Better Firewall Hardware Waiting for Newest Pfsense Version Possibly different OS for firewalls Windows XP Exchange Linux Clients

Future Goals Snort Rules Full DNS black list Network traffic finger printing Implement in a small business setting Look at distribution Training

Questions ?