Title: Malware, spyware, addware - detekce, optim
1Malware, spyware, addware - detekce, optimální
nastavení systému
- Jan PísaríkSenior system engineer
- ComDay3
- 27. ledna 2005, Jihlava
2Agenda
- Soucasný stav na poli bezpecnosti
- Co je škodlivý software?
- Jak se bránit?
3Security Incidents rostou
- Nové technologie (WiFi, Mobile)
Source Goldman Sachs 2/19/04
4SecurityIT svet se mení
- Vetší nároky na bezpecnost
- Mnoho uživatelských kategorií zamestnanci,
cestující uživatelé, konzultanti, zákazníci,
dodavatelé - Distribuované systémy potrebují komplexní sítovou
strukturu
Time to Remediate is Shrinking
Vulnerabilities are Rising
Source Gartner, 8/04
5SpywareJe všude a je to velký problém
- 9 z 10 PC pripojených k internetu je nakaženo
spyware. - Audit - Earthlink a Webroot
- 27.5 výskytu spyware na PC
- Za ctvrt roku - 40 milionu spyware na 1.5 mil. PC
National Cyber Security Alliance, June 2003
6Spyware / Adware / Trackware
- Malware - malicious software, software navržený k
narušení nebo znicení systému - Spyware program, který se usadí na Vašem PC a
dokonale špehuje a krade Vaše hesla, historii
navštívených stránek, císla kreditních karet,
mení Vaše úvodní stránky na internetu a pod. a
poté vše zasílá urcitému uživateli - Adware obtežuje reklamou
- Browser helper - DLL knihovna, která umožnuje
programátorum zmenit a sledovat Internet Explorer - Hijacker mení home page
- Dialer
- Keystroke logger
- Remote admin
- Trackware
7Proc?
- Peníze
- Pop up okna
- Hackeri PIN,
- Programátori P2P, XXX, dialery
8Príznaky
- Pomalý start PC
- Vyskakující okna
- Presmerovnání volání
- Záhadné chování desktopu
- Nežádoucí home page
-
9Security Management
- Bezpecnost perimetru není dostatecné rešení
- 100 bezpecnost zarízení není možná, potrebujeme
opakovane skenovat a monitorovat nové
zranitelnosti a hrozby - Zranitelnosti zvyšuje se pocet, intenzita a
frekvence útoku - Integrované bezpecnostní rešení
- Patch Management
- Anti-Spyware
- Vulnerability Management
10LANDesk Security Suite
- Discovery
- Baseline Configuration
- Unauthorizedsoftware detection
- Application Block
- Threat Analyzer
- User-Resources settings
- Detection
- Removal
- Central Management
- Connection Control Manager
- Inclusive / Exclusive Restrict drive/port/
wireless access
- OS / Application / Custom
- Vulnerability Assessment
- Enterprise Remediation
11LANDesk Security SuiteConnection Control Manager
- Ability to control the networks that a client can
access - Approved or disapproved list of authorized
connections - Enable or disable the following based on network
connection - USB Ports (allow mouse/keyboard)
- Modems
- Drives
- Floppy
- CD/DVD
- Removable
- Tape
- Ports
- Serial
- Parallel
- Infrared
- Firewire
- Wireless
- 802.11
- Bluetooth
- Alerts are generated based on unauthorized access
12LANDesk Security SuiteThreat Analyzer
- Eliminate potential security
- threats by verifying
- Administrator Group Membership
- Available Shares
- Check for Unnecessary Services
- Domain Controller
- File System Type
- Guest Account Status
- Internet Connection Firewall Status
- Local Account Passwords
- Operating System Version
- Password Expiration
- Restrict Anonymous Users
- SQL Guest and Service Account Status
- Internet Explorer Security Settings
- And more
13LANDesk Security SuiteSpyware Detection and
Removal
- Scan
- Trojans, Malware, Trackers, Key-loggers,
Hijackers, Dialers, Cookies - Detection
- Inclusion and exclusion of definitions from
search - Removal
- Auto fix capability, spyware removal
- Recovery
- Ability to restore files and registry settings
removed during a removal process - Reporting
- To verify and see trends and repair rates
14LANDesk Security SuiteApplication Blocker
- Detection
- Predefined list of suggested applications to
block - Content provided by LANDesk
- Configurable list that can be supplemented with
custom applications - Denial
- Block and deny the execution of detected unwanted
applications - Block applications that dont comply with
corporate standards - Increases security and productivity
15LANDesk Security SuitePatch Manager
- Patch Install History
- Display of patches installed on node
- Patch uninstall capability
- Detect patches installed by LANDesk or other
means - Right click option to remove installed patch
- Heterogeneous platform support
- Linux Vulnerability Assessment
- Red Hat (WS, AS, ES)
- Suse v9.1
- Macintosh Remediation
16Product OverviewPatch Manager (cont)
- Enhanced Client Configuration
- Run settings for Security and Patch Scanner
- At login (Run key)
- Local Scheduler
- Never Reboot
- Never Auto-fix
- Select end user setting for client when the
scan is run at login or by local scheduler.
17Product OverviewPatch Manager (cont)
- Create/Edit End User Settings
- General
- Show Scan Progress
- Allow user to cancel scan
- Repair
- Custom prompt before repair
- Bandwidth Control percentage
- Reboot
- Custom prompt before reboot
- Snooze or delay of reboot
- Allow User to cancel reboot
- Behavior when there is not interaction at client
within specified time - MSI
- Package location and authentication
18Product OverviewPatch Manager (cont)
- Reports
- Added 30 Security and Patch Manager reports to
the WinConsole - Added Vulnerability Reports to WebConsole
19Product OverviewPatch Manager (cont)
- Pre-stage Patches
- Select to have the patch deployed to the clients
but not initiate an install or repair. - This all occurs while decisions are being made
whether to install or not - Once the GO is decided, follow with a second
job that only installs the patch that is in the
cache.
20LANDesk Security Suite LANDesk Updates
- Update definitions and patches will be hosted on
content site to provide updates for LANDesk
Management Suite - LANDesk update will support updating the Core,
Console, WebConsole, Client - Update of LANDesk components
- Download up-to-date definitions from LANDesk
- Select which updates to scan for
- Create policies to update LANDesk software.
21LANDesk Security Suite
- New Security Suite SKU
- Stand-alone offering
- Add-on to LANDesk Management Suite
- Security Suite components
- Patch Management
- Anti-Spyware
- Security Threat Analyzer
- Application Blocker
- User-defined Vulnerabilities
- Connection Control Manager
- LANDesk Updates
Stop Counting Attacks Start Closing Gaps
22Dekuji za pozornost