55% of online users have been infected with spyware
http://www.aladdin.com/airc/security-statistics.aspx for 2005
21,100,283 unique malware binaries collected in the last 12 months
http://www.shadowserver.org/wiki/pmwiki.php/Stats/Malware
Malware cost estimated at $169-204 billion for 2004
http://www.aladdin.com/airc/security-statistics.aspx
Only 7% of companies officially run Service Pack 2
http://www.aladdin.com/airc/security-statistics.aspx as of 2005
average of 75,158 active bot-infected computers per day in 2008
http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf
As of Tuesday, April 13, 2010 http://www.shadowserver.org/wiki/pmwiki.php/Stats/DroneMaps
DIGITAL AEGISProtecting You From The World
AgendaOpportunityLimitationsWhat we didProblemsExternal/Network TestsPhysical Client TestsLooking BackFuture GoalsQuestions
Windows XPWindows 7Gentoo LinuxWindows 2008 R2Pfsense Firewall
Boxes
Opportunity Small to medium sized companies Can’t afford large security applications Don’t need a lot of services Target of script kitty/automated attacks Often become part of bot-nets Can leak personal or financial information Result in serious legal or financial
consequences
Limitations Only focused on small to medium
businesses Only running a few basic services Not protecting against Zero Day threats Not providing physical building/box
security Focused on Script Kitty and automated
attacks Low rate of false alarms Proprietary software
What We Did Windows XP
Basic Settings User Accounts/ auditing Registry Services User rights/ File permissions Internet Explorer GPO
What We Did Windows 7
Basic Settings Elevated Pre-installed Security
Permissions UAC Remote Desktop AutoPlay
Microsoft Security Essentials Managing Local Accounts Applying GPO
What We Did Gentoo Linux
Hardened Base Rolling Release Custom Compiled Kernel
No loadable modules – All built in PAX Buffer and heap overflow protection
Chroot Environment Latest patched Apache - Statically compiled
Binaries Strict IPtables Firewall Disabled Root Account – sudo AIDE
What We Did Pfsense Firewall Boxes
Nat Firewall Block all Unused Ports MAC Filtering Snort IDS
Detect common scans, exploits and attacks Automated Blocking those exceeding threshold
Snort LAN sniffing Inappropriate activity
HTTP sniffing – porn, racist Common malware communication
Squid/SquidGuard Access Control Lists – Who allowed what and when Blacklisting/White listing
What We Did Windows 2008 R2
Basic Settings Windows 7 Settings DNS Active Directory Exchange Domain GPO
Problems Exchange
Issues installing on a new install of Server 2008 R2
Uninstall Issues Format
Solution Followed 3 separate guides Manual install of packages Prep commands
Problems Windows XP
Local GPO application Administrator lockout CD/USB blocking
Solution Workaround suggested by Windows Snapshots Online Administrative Template
Problems Windows 7
New Operating system In-Depth Security analysis Zero Day Threats
Solutions Work with what you can get Windows 2008 GPO Default Settings
External/Network Tests Nmap Scans from Outside Network
Gateway Results Nmap Scans from Inside Client Network
Linux Machine Results Windows 7 Results Windows XP Results Server Results
Back Track AutoPwn Scans Zero successful exploits
Physical Client Tests Boot from CD Recovery Console Safe Mode User Permissions Password Strength Command line CD/USB blocking Internet explorer settings
Looking Back Better Firewall Hardware Waiting for Newest Pfsense Version Possibly different OS for firewalls Windows XP Exchange Linux Clients
Future Goals Snort Rules Full DNS black list Network traffic finger printing Implement in a small business setting Look at distribution Training
Questions ?
Top Related