Enabling a safer Internet
Enabling Safer Internet: the positive approach
Web security
a Safer Internet: the positive approach web security
A page has just infected discover every 4.5 seconds.
Web-based malware: the new weapon
With a new infected web page every 4.5 seconds 1 the web is now the number one attack vector for cybercriminals. Taking advantage of the vulnerabilities of web infrastructure, including increasing
capacity the user submits the content, hackers can inject malicious code disguised as
more and more legitimate sites. This web-based malware is then able to exploit social engineering
tactics or browser vulnerabilities to infect visitors, the intention being to steal surreptitiously
confidential information directly, install more malicious code, or worse, quietly recruiting hosts
system into a botnet – a network of computers abducted to distribute more malware ,
spyware or spam.
Thousands of systems are infected in this way every day and is particularly lucrative activity
for criminals – a single committed team can provide access to thousands of confidentiality
records. This security risk can be extremely costly for companies, with some
estimates for a violation data estimated in the millions, and even billions of dollars.
In addition to the significant safety and financialrisks, the organizations are having to face the legal consequences of security breaches. Organizations may be legally responsible if their equipment is used to view pornography or hate material or to encourage illegal behavior. There are ramifications if users violate the licensing of third parties through illegal MP3s, movies and software downloads.
At the same time, uncontrolled web browsing may have implications productivity surfing unauthorized slowdown could cause networks, inefficiency and increased security staff (and legal) risk, if a company sensitive or personal data published on the Internet.
Exploitation legitimate, trusted brands
Hackers tend not to discriminate between sites. Big brands, more established with high traffic volumes are attractive to cybercriminals, but smaller organizations are equally likely to be victims. The only criterion is
the site site has vulnerabilities that the hacker can exploit. The techniques used are still evolving rapidly and this paper now looks at what hackers are until today.
Enabling safer surfing: the positive approach
Web security
Enabling of the Safer Internet: the positive approach web security
Infecting trusted sites with SQL injection attacks
One of the main threats come from SQL injection attacks. These attacks exploit security vulnerabilities
and insert malicious code (in this case the script tag) in the database running a site. When the user input
for example through a web form is not correctly filtered or checked, peppers code database
malicious instructions.
Websites that have been attacked in this way include:
BusinessWeek Magazine – One of the busiest websites 1000 – has attempted to download malware from a server based in Russia.
An area of the Adobe Web site designed for provide support for video bloggers, who tried
spyware downloads.
Sony PlayStation in the U.S. website visitors risking an attack scareware.
The recovery of a SQL injection attack can be difficult, and there are numerous instances of web page
owners clean up their base data only to be beaten again an hour later.
New gateway for cybercrime
The new freedoms offered by web blurring the lines between work and social interaction and
which offers easy ways to share information, have opened new loopholes for cyber criminals
explode.
Social networking sites
A favorite target of hackers of today are the social networking Web sites. People they have learned
wary of email links are generally less experienced on the links posted on Facebook and
like. The Hackers have found value in committing Facebook accounts, steal usernames and
passwords, and then using the profiles as launching pad to distribute massive malware
attacks and spam.
In August 2008, admitted that up to 1,800 Facebook users have had their profiles disfigured by an attack that secretly installed a Trojan while displaying an animated graphic of a court jester who blows raspberry.7
A threat is particularly active Koobface, a family worms, and their rapid evolution demonstrates
the wide range of social networks that are vulnerable. Initially targeting Facebook and MySpace, now Koobface addresses a more diverse set of social networks like MySpace, Bebo, hi5, GeoCities, Friendster and Tagged.
The malware works by the direction of your "friends" in their social network site to click a link to another site
which allegedly included a video clip. If they are tricked into downloading an executable to watch the video the third party website, a message is displayed: "Error installing Codec. Please contact." The malware is accessed Facebook / MySpace / etc themselves it further spread.
Web sites to which victims are directed to use a script to check which of these social networks
sites were sent there. The aim is to serve malware designed specifically for networks of which you are known for being a member (though in fact these links to date as a result more in the same executable).
Blogs, micro-blogs and hackers
Hackers are also directed to other media social media like blogs. In the same way that pages are created fake malicious Web sites and then use social engineering techniques to attract visitors to them, who are using free blog services to infected blogs. unsuspecting victims then receive e-mails with links to the blog, which
malicious software downloads.
A Sophos white paper enabling a safer Internet: the positive approach web security
At the same time, common vulnerabilities in legitimate blogging platforms – like any other platform – can be and are exploited by criminals.
Noteworthy is the microblogging site, Twitter, which has begun to be attacked. In January 2009, Twitter's internal systems were hacked and the accounts of Britney Spears, Fox News and Barack Obama, among others, were broken into.11 Two months later, hundreds of Twitter users were affected when the messages were sent from compromised
Accounts of trying to drive traffic to a pornographic website.
The extension of the network of "phishing"
Attacks phishing – whereby unsuspecting users are directed to a fake login page which calls
your user name and password – remain a significant threat.
A common misconception is that phishing is just a banking problem. It is, of course, a banking system
problem but now is also a problem for social networking sites like MySpace, Facebook, Bebo and a wide range of other networks and
companies.
A handful of examples of February and March 2009 only demonstrate the magnitude of the problem.
Google A divergence phishing campaign through Google Talk chat system.13
iStockphoto a phishing attack was perpetrated through online forums and through iStockphoto
Site Mailing system.14
The community of games steam valve of the network was the target of a bid Add to Phish
Zombie Shooter new Left 4 Dead.15
Paypal An unusual type of phishing attack spam malware within a RAR attachment.16
HMRC The deadline for submitting tax returns to HM Revenue & Customs in the United Kingdom seeks phish.17
The risks posed by the anonymous proxies
Many organizations have responded to the growing threat network using URL filtering to reduce
navigation Internet. This has led many users to respond by using anonymous proxies to disguise the true nature of a website to fool filters of a network organization that allows access.
anonymizing proxies are big business in the black economy, driven by advertising and subscription revenues rates. Hundreds of new anonymous proxies are created daily and are distributed through blogs, forums, and dedicated
websites. There is also a growing number deprivations of anonymous proxies unknown installation and maintained by individuals or small groups for their own use. This makes it extremely easy for users to access anywhere you want through an anonymous proxy, but difficult and tedious, and time-consumingtask for administrators to track and block them.
anonymous proxies hold significant risks for organizations:
Security: If users are browsing through servers anonymous proxy then also passed through URL filtering but also could be circumnavigated the content analysis on the perimeter, so which dramatically increases the likelihood of infection.
There are even anonymous proxies that are themselves either accidentally or deliberately
infected with malware.
Bypass anonymous proxies and URL filtering create huge security vulnerabilities.
a safer Internet: the positive approach web security
Disclaimer: unrestricted access to inappropriate
material or illegal downloads could have
serious legal consequences for an organization
as well as the sharing of confidential information
across Internet.
Productivity: The ability of users to bypass
Filter your organization on the Web means that
I could spend all day, for example, social
networking sites instead of working, and
consume network bandwidth value.
The three pillars of modern web protection
Access the Internet creates a dilemma for network administrators – on the one hand, the risks presented, allowing unfettered access to the web is enormous, however, the Internet is undoubtedly become a mission-critical business tool. Social networking sites, blogs, forums and media sites have become important tools for recruitment, viral marketing, public relations, customer interaction, and research – that can not be blocked without seriously impacting business productivity and efficiency.
A new approach to Web security and control is required to fully support the needs of business,
equipping users with the tools they need to be more effective while eliminating the potential risks of infection from legitimate sites. In addition to good preventive practices, such as the rigorous application of patches and educate users about the risks of navigation, it is vital that organizations implement a comprehensive web
security solution that consists of three pillars of Protection:
Reputation-based filtering
Reputation-based filters are the first critical component in the fight against web-based threats.
Prevent access to a catalog of sites known to have hosted malware or other
unwanted, for URL filtering based on its reputation as "good" or "bad" and
an established and proven tool to effectively protect against the already known and located
web-based threats. In addition to providing this basic form of defensive protection, which helps optimize
network performance and staff productivity by blocking access to illegal, inappropriate or non-commercial
critical web content.
Although the filters URL often connect with vast, regularly updated database of sites known to host malware or suspicious files, which have several important shortcomings. In particular, not provide protection against malware hosted on legitimate, previously safe, sites have become hijacked. Also protects against malware
in web sites start-ups. Cybercriminals are very present and easy to use, the fact that traffic from these sites are not and blocks malicious programs, whether new or old, be allowed into an organization.
Another significant shortcoming of traditional filters URL is that they often lack an effective solution
to tackle the huge problem of anonymous proxies. To prevent users from bypassing the filtering
controls, the following two components are critical in the formation of a defense against the use of anonymous proxy server:
A reputation-based service actively seeking new anonymous proxies as they are
published and updated database filtering regular and frequent intervals
The representation real-time detection engine that automatically inspects traffic signals being sent through a proxy, effectively closing the door to private power or representatives of other non-identified through the reputation service.
Sophos White Paper on empowerment of the Safer Internet: the positive approach web security
Predictive real-time malware filtering
Malware real-time predictive filtering goes a long way to close the gap left by the filters reputationbased. All web traffic goes through a scanner designed to identify both known and Malware new zero-day appearance. Malware
engine is optimized for low latency of exploration and every time a user accesses a web site, regardless
the reputation category, traffic is scanned using a combination of signatures and behaviorbased
technologies.
Voucher is worth noting that this type of real-time analysis has an additional advantage over traditional URL filtering because filtering is, almost by definition, bidirectional – Both the user's request, and return of information, the web server are scanned. In addition to detecting known malware as it moves through legitimate sites this
bi-directional filtering can also provide protection against new threats no matter where they are
hosted.
Use of real-time predictive threat filtering is still uncommon among many of the leading web filtering security solutions on the market today. Many sellers security are now relying on signatures alone. Other operators who are fairly new on the market claim solutions, but lack evidence to show that are
fully delivering proactive protection.
Based content filtering
analysis based content filtering web all traffic on the network to determine the actual file type of content returned from a web site can allow or disallow this traffic based on corporate policy.
Key questions to ask a potential supplier
Does the URL database that is used for reputation-based filtering have global
coverage?
How often do you upgrade your product to meet new threats?
How many hosting sites identified new threat every day?
Do you scan all incoming traffic for malware in real time?
It uses its own technology scanning for malware or rely on third parties?
Is your firm malware scan engine or use based on analysis of behavior?
Is there an additional cost in real-time malware filtering?
Is there an impact on the performance of real-time filtering of malware?
How many anonymous proxy servers that you do daily catalog?
Does your solution use an anonymous proxy to identify in real time?
Do you analyze the true contents of files, or rely on the extension or MIME type?
Do you analyze HTTPS encrypted traffic?
Can you demonstrate your experience in actual research web threats?
Do you have independent statistical dynamics rates Web threat detection?
"I can see a demo of the management console to see how easy it is to use?
Are there monitors on board to keep track of software, hardware and traffic health?
How are problems reported to the administrator? Via email? Through phone call?
You provides real-time uptime monitoring to ensure the system is available 24 / 7?
Conclusion
Every minute of every day, cyber criminals are trying to exploit the Internet traffic for commercial purposes
profit, and since shipping web is an integral part of the activities of most companies' day to day, the web gateway
must be equipped with a security solution that allows companies and users to be productive, while
providing the security essential to ensure a risk free experience.
Organizations seeking to hedge against the growing threat of Web-based malware requires a
solution, above all, demonstrating safety and combines powerful attributes Site and content
controls with low impact, effective management.
At the same time, the end user expectations and requirements for speed, efficiency and free access to tools and sites that need to be fulfilled. Solutions that do not meet these safety requirements, control, performance and accessibility ultimately, will fail in the organization.
Real content filters scan the contents of a file, instead of just looking or file extension
MIME type reported by the web server, so you can identify and block files that is passed
so innocent / File types allowed, but actually contain unauthorized content. A file can be, for example,
have a. TXT, but in reality be a executable file.
By allowing the execution of content only type of business, this pillar of protection enables organizations to create policies around a variety of types of content that can be used to send malware, thus reducing the risk of infection.
For example, Windows Executable or protective screen could be rejected. Content-based filtering also improves
optimize bandwidth by blocking content or large hunger for resources such as video streaming.
User education as a tool for defense
Many companies have successfully educated users about how to detect email threats, and while
the fight against Web-based threats is based much more strongly on sophisticated technology, users can and should participate in the fight.
Many companies already have procedures in place that define the web sites that are considered interest, but few have updated these include guidance on how to avoid infection while surfing the Web.
A good policy advice that:
Employees should never open spam
Employees should never click on links in emails sent from senders unknown
It must ensure that the organization's web browsers are patched at all times
Employees should minimize navigation is not related to work safety and productivity reasons.
About the Author
This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
Access Hulu.com From Anywhere
