Malware, spyware, addware - detekce, optim - PowerPoint PPT Presentation

About This Presentation
Title:

Malware, spyware, addware - detekce, optim

Description:

Auto fix capability, spyware removal. Recovery ... Block and deny the execution of detected unwanted applications ... Never Auto-fix ... – PowerPoint PPT presentation

Number of Views:177
Avg rating:3.0/5.0
Slides: 23
Provided by: laurab97
Category:

less

Transcript and Presenter's Notes

Title: Malware, spyware, addware - detekce, optim


1
Malware, spyware, addware - detekce, optimální
nastavení systému
  • Jan PísaríkSenior system engineer
  • ComDay3
  • 27. ledna 2005, Jihlava

2
Agenda
  • Soucasný stav na poli bezpecnosti
  • Co je škodlivý software?
  • Jak se bránit?

3
Security Incidents rostou
  • Nové technologie (WiFi, Mobile)

Source Goldman Sachs 2/19/04
4
SecurityIT svet se mení
  • Vetší nároky na bezpecnost
  • Mnoho uživatelských kategorií zamestnanci,
    cestující uživatelé, konzultanti, zákazníci,
    dodavatelé
  • Distribuované systémy potrebují komplexní sítovou
    strukturu

Time to Remediate is Shrinking
Vulnerabilities are Rising
Source Gartner, 8/04
5
SpywareJe všude a je to velký problém
  • 9 z 10 PC pripojených k internetu je nakaženo
    spyware.
  • Audit - Earthlink a Webroot
  • 27.5 výskytu spyware na PC
  • Za ctvrt roku - 40 milionu spyware na 1.5 mil. PC

 National Cyber Security Alliance, June 2003
6
Spyware / Adware / Trackware
  • Malware - malicious software, software navržený k
    narušení nebo znicení systému
  • Spyware program, který se usadí na Vašem PC a
    dokonale špehuje a krade Vaše hesla, historii
    navštívených stránek, císla kreditních karet,
    mení Vaše úvodní stránky na internetu a pod. a
    poté vše zasílá urcitému uživateli
  • Adware obtežuje reklamou
  • Browser helper - DLL knihovna, která umožnuje
    programátorum zmenit a sledovat Internet Explorer
  • Hijacker mení home page
  • Dialer
  • Keystroke logger
  • Remote admin
  • Trackware

7
Proc?
  • Peníze
  • Pop up okna
  • Hackeri PIN,
  • Programátori P2P, XXX, dialery

8
Príznaky
  • Pomalý start PC
  • Vyskakující okna
  • Presmerovnání volání
  • Záhadné chování desktopu
  • Nežádoucí home page

9
Security Management
  • Bezpecnost perimetru není dostatecné rešení
  • 100 bezpecnost zarízení není možná, potrebujeme
    opakovane skenovat a monitorovat nové
    zranitelnosti a hrozby
  • Zranitelnosti zvyšuje se pocet, intenzita a
    frekvence útoku
  • Integrované bezpecnostní rešení
  • Patch Management
  • Anti-Spyware
  • Vulnerability Management

10
LANDesk Security Suite
  • Discovery
  • Baseline Configuration
  • Unauthorizedsoftware detection
  • Application Block
  • Threat Analyzer
  • User-Resources settings
  • Detection
  • Removal
  • Central Management
  • Connection Control Manager
  • Inclusive / Exclusive Restrict drive/port/
    wireless access
  • OS / Application / Custom
  • Vulnerability Assessment
  • Enterprise Remediation

11
LANDesk Security SuiteConnection Control Manager
  • Ability to control the networks that a client can
    access
  • Approved or disapproved list of authorized
    connections
  • Enable or disable the following based on network
    connection
  • USB Ports (allow mouse/keyboard)
  • Modems
  • Drives
  • Floppy
  • CD/DVD
  • Removable
  • Tape
  • Ports
  • Serial
  • Parallel
  • Infrared
  • Firewire
  • Wireless
  • 802.11
  • Bluetooth
  • Alerts are generated based on unauthorized access

12
LANDesk Security SuiteThreat Analyzer
  • Eliminate potential security
  • threats by verifying
  • Administrator Group Membership
  • Available Shares
  • Check for Unnecessary Services
  • Domain Controller
  • File System Type
  • Guest Account Status
  • Internet Connection Firewall Status
  • Local Account Passwords
  • Operating System Version
  • Password Expiration
  • Restrict Anonymous Users
  • SQL Guest and Service Account Status
  • Internet Explorer Security Settings
  • And more

13
LANDesk Security SuiteSpyware Detection and
Removal
  • Scan
  • Trojans, Malware, Trackers, Key-loggers,
    Hijackers, Dialers, Cookies
  • Detection
  • Inclusion and exclusion of definitions from
    search
  • Removal
  • Auto fix capability, spyware removal
  • Recovery
  • Ability to restore files and registry settings
    removed during a removal process
  • Reporting
  • To verify and see trends and repair rates

14
LANDesk Security SuiteApplication Blocker
  • Detection
  • Predefined list of suggested applications to
    block
  • Content provided by LANDesk
  • Configurable list that can be supplemented with
    custom applications
  • Denial
  • Block and deny the execution of detected unwanted
    applications
  • Block applications that dont comply with
    corporate standards
  • Increases security and productivity

15
LANDesk Security SuitePatch Manager
  • Patch Install History
  • Display of patches installed on node
  • Patch uninstall capability
  • Detect patches installed by LANDesk or other
    means
  • Right click option to remove installed patch
  • Heterogeneous platform support
  • Linux Vulnerability Assessment
  • Red Hat (WS, AS, ES)
  • Suse v9.1
  • Macintosh Remediation

16
Product OverviewPatch Manager (cont)
  • Enhanced Client Configuration
  • Run settings for Security and Patch Scanner
  • At login (Run key)
  • Local Scheduler
  • Never Reboot
  • Never Auto-fix
  • Select end user setting for client when the
    scan is run at login or by local scheduler.

17
Product OverviewPatch Manager (cont)
  • Create/Edit End User Settings
  • General
  • Show Scan Progress
  • Allow user to cancel scan
  • Repair
  • Custom prompt before repair
  • Bandwidth Control percentage
  • Reboot
  • Custom prompt before reboot
  • Snooze or delay of reboot
  • Allow User to cancel reboot
  • Behavior when there is not interaction at client
    within specified time
  • MSI
  • Package location and authentication

18
Product OverviewPatch Manager (cont)
  • Reports
  • Added 30 Security and Patch Manager reports to
    the WinConsole
  • Added Vulnerability Reports to WebConsole

19
Product OverviewPatch Manager (cont)
  • Pre-stage Patches
  • Select to have the patch deployed to the clients
    but not initiate an install or repair.
  • This all occurs while decisions are being made
    whether to install or not
  • Once the GO is decided, follow with a second
    job that only installs the patch that is in the
    cache.

20
LANDesk Security Suite LANDesk Updates
  • Update definitions and patches will be hosted on
    content site to provide updates for LANDesk
    Management Suite
  • LANDesk update will support updating the Core,
    Console, WebConsole, Client
  • Update of LANDesk components
  • Download up-to-date definitions from LANDesk
  • Select which updates to scan for
  • Create policies to update LANDesk software.

21
LANDesk Security Suite
  • New Security Suite SKU
  • Stand-alone offering
  • Add-on to LANDesk Management Suite
  • Security Suite components
  • Patch Management
  • Anti-Spyware
  • Security Threat Analyzer
  • Application Blocker
  • User-defined Vulnerabilities
  • Connection Control Manager
  • LANDesk Updates

Stop Counting Attacks Start Closing Gaps
22
Dekuji za pozornost
Write a Comment
User Comments (0)
About PowerShow.com