install server 2008 admin tools

Enable a safer Internet

Activation of the Safer Internet: the positive approach

Web Security

Safer Internet: the positive approach web security

An infected web page is discovered every 4.5 seconds.

Web-based malware: the new weapon

With a new Web page infected every 4.5 seconds, 1 the web is today the first attack vector for cybercriminals. Taking advantage of vulnerabilities in Web infrastructure, including increased

user the possibility to send content, hackers can inject malicious code into the secret

More and more legitimate sites. It is based on the web, then the software attacker can use social engineering

tactical or browser vulnerabilities to infect visitors for surreptitiously fly

confidential information directly, in addition to installing malicious code, or worse, quietly recruiting host

system into a botnet - a network of hijacked computers to distribute title = "Malware"> malware later

spyware or spam.

Thousands of infected systems in this way every day and is a particularly lucrative

to criminals - a single compromised computer can access thousands of confidential data

recordings. This security risk can be significant especially costly for companies, with some

estimates of data breach estimated in millions and even billions of dollars.

Moreover financialrisks important security, organizations are taking to address the legal implications security breaches. Organizations May be legally responsible if their equipment is used to view pornography or hate material or encourage Illegal Behavior. There are ramifications if users violate the licensing of third parties through illegal MP3 files, movies and software.

In the same time, web browsing uncontrolled can affect productivity surf unauthorized slowdown, which may cause network inefficiency and increased security personnel (and legal) if the business risk or sensitive personal data published on the Internet.

Make legitimate, trusted brands

Hackers tend not to discriminate between sites. Great, more established brands volumes Traffic levels are very attractive to cyber criminals, but smaller organizations are also likely to be victims. The only criterion is

that the site has vulnerabilities that hackers can exploit. Technology continue to evolve rapidly, and this paper looks at this now that hackers are up to today.

Allowing for safer navigation: the positive approach

Web Security

Activation of the Safer Internet: the positive approach web security

Infect trusted sites Injection Attacks SQL

One of the main threats come from SQL injection attacks. These attacks exploit security vulnerabilities

and insert malicious code (in this case the script tags) in the database running a website. When the user input,

eg through a web form is not correctly filtered or checked, peppers code database

malicious instructions.

The websites have been attacked in this way:

BusinessWeek Magazine - One of the most popular of 1000 - who tried to download malware from a server based in Russia.

An area of the Adobe website to provide support for video bloggers who have tried of

Download spyware.

The U.S. Sony PlayStation website, threatening to attack the visitors scareware.

The recovery of a SQL injection attack can be difficult and there are many examples of web page

owners clean up their core Data should be delayed for a few hours later.

New gateways to cybercrime

The new freedoms offered via Web, blurring the lines between work and social interaction and

providing easy ways to share information, have opened new loopholes for cyber criminals

explode.

Social Networking Sites

The preferred target hackers today are social networking sites. People who have learned to

Beware of e-mail links are generally less intelligent on the links on Facebook and

like. Hackers have found value in compromising Facebook accounts, steal usernames and

passwords, and using the profiles of the platform to launch the mass distribution of malicious software

attacks and spam.

In August 2008, acknowledged that until 1800 Facebook users have seen their profiles disfigured in an attack that secretly installed a Trojan while displaying an animated graphic of a sudden a Court Jester raspberry.7

A threat is particularly active Koobface, a family of worms and their evolution shows Quick

the wide range of social networks that are vulnerable. Aimed primarily on Facebook and MySpace, Koobface now tackles a wider variety of social networks like MySpace, Bebo, Hi5, GeoCities, Friendster and Tagged.

The malware works by the direction of your "friends" on your Network social networking site to click a link to another site

which would have provided a video clip. If you are misled into downloading a file executable to see the video in the third party website, a message appears: "Error installing Codec. Please contact". The malware is accessed Facebook / MySpace / etc to develop further more.

The websites to which victims are directed to use a script to check which of these social networks

sites have been sent there. The goal is to serve malware specifically adapted networks which you are known to be a member (even if in fact these links so far, all results in the same executable).

Blogs, micro blogs and hackers

Pirates are also targeting other social media like blogs. In much of the same way that pages are created fake malicious Web sites and use social engineering techniques to attract visitors to them using services free blog blogs infected. Unsuspecting victims then receive e-mails with links to blogs, that

malicious software is downloaded.

A Sophos white paper for a safer Internet: Web security a concentration positive

At the same time, vulnerabilities in the common expectations of the platforms of blogs - like any other platform - can be and are exploited by criminals.

Note the site of micro-blogging, Twitter, which began to be attacked. In January 2009, internal systems Twitter have been sabotaged and accounts of Britney Spears, Fox News and Barack Obama, among others, were broken into.11 Two months later, hundreds of users Twitter were affected when messages are sent to clerk

Accounts of trying to generate traffic to a pornographic site.

Propagation network "phishing"

Phishing attacks - where unsuspecting users are directed to a login page that false request

your username and password - are still a major threat.

A common misconception is that phishing is a problem bank. It is, of course, a banking system

problem, but is now also a problem for social networking sites like MySpace, Facebook, Bebo and a wide range of other networks and

companies.

A few examples of February and March 2009 only to demonstrate the magnitude of the problem.

Google extended a phishing campaign through Google Talk chat system.13

iStockphoto a phishing attack has been perpetrated through online forums and through the iStockphoto

Web mail system.14

Community Game Valve steam system has been subjected to a Phish offers add-ons for the

Zombie Shooter Left 4 Dead.15 new

Paypal an unusual type of phishing attack malware propagation in a RAR attachment.16

HMRC approval deadline for filing returns to HM Revenue & Customs in the United Kingdom has caused phish.17

The risks posed by Anonymous Proxies

Many organizations responded to the increasing threat of network using URL filtering to reduce

Navigation on the Internet. This has prompted many users to retaliate through anonymous proxies to hide the true nature of a website to fool the company web filter allowing access.

Proxies are anonymity of large enterprises in the informal economy, driven by advertising and subscription fees. Hundreds of new servers anonymous proxy every day are created and distributed via blogs, forums and dedicated

websites. There is also a growing number of private limited settings Proxy unknown and maintained by individuals or small groups for their own use. It is extremely easy for users to access any site that want through an anonymous proxy, but difficult, tedious and time consumingtask for administrators to monitor and block them.

Hold anonymous proxies significant risks to organizations:

Security: If users surf through anonymous proxy servers, and also bypass the URL filter, but could also be the turn of the content analysis on the perimeter, which greatly increases the probability of infection.

There are even anonymous proxies who have accidentally or deliberately,

infected with malware.

Bypass anonymous proxy URL filtering and create huge security holes.

Safer Internet approach Positive Web Security

Warning: unlimited access to inappropriate

Hardware or illegal discharges may have

serious legal consequences of an organization

as the exchange of confidential information

via the Internet.

Productivity: The ability for users to circumvent

Filter your web organization means that

I could spend all day, for example, social

Social networking sites instead of working, and

consume value of network bandwidth.

The three pillars of the modern web protection

Internet access creates a dilemma for network administrators - firstly, the risks posed by allowing free access to the web is enormous, but the Internet has truly become an tool for mission critical business. Social networking sites, blogs, forums and portals, media have become important tools for recruiting, marketing Viral public relations, customer interaction, and research - which can not be blocked without seriously affecting business productivity and efficiency.

A new approach to Web security and control required fully supports the needs of businesses,

equip users with the tools they need to be more effective in eliminating the risks associated with potential infection sites of legitimate expectations. In addition to good prevention practices, such as stamps and rigorously educate users about the risks of navigation is vital that organizations implement a site Complete web

Security solution, consisting of three pillars of protection:

• Reputation-based filtering

• Predictive real-time malware filtering

• Filtering content.

Reputation-based filtering

Reputation-based filters are the first essential component in the fight against Web threats.

Preventing access to a catalog of sites known for hosting malicious software or other

undesirable content through URL filtering based on their reputation as being "good" or "bad" and

a system in place and tested the instrument to effectively protect against the known and located

Web threats. In addition to this basic form of defensive protection, helping to optimize

network performance and staff productivity to block access to illegal, inappropriate or business --

Critical Web content.

Although the URL filter often related to large regularly updated database of known sites to host the content malware or suspicious, they have several important shortcomings. In particular, there is no protection against malware hosted on insurance legitimate before, sites that have been kidnapped. Similarly, protection against malicious software

in the newly created websites. Cybercriminals are well aware, and easy to operate, the fact that traffic from these sites is not blocked and malware, new or old will be allowed to enter an organization.

Another major shortcoming of the traditional URL filtering is that they often lack resolve them effective

address the issue of anonymous proxies enormous. To prevent users from bypassing the filter

controls, both The following are fundamental in forming a defense against the use of anonymous proxy:

A reputation based on service actively seeking new anonymous proxies, which are

publish and update the database filtering in the frequency intervals

A real-time proxy detection engine that inspects traffic light system which is routed through a proxy, effectively closes the door to private power or proxies for unidentified through the reputation service.

A Sophos white paper for an Internet Safer positive approach web security

Predictive real-time malware filtering

Predictive real-time malware filtering goes a long way to fill the gap left by reputationbased filters. All Internet traffic passes through a scanner designed to identify both known and new zero-day malware. Malware

engine is optimized for low latency exploration and each time a user accesses a website, what

reputation or class, traffic is analyzed through a combination of signatures and behaviorbased

technologies.

It should be noted that this type of analysis in real time has a further advantage over traditional URL filtering, because filtering is almost by definition, bidirectional - both in user demand and feedback, are scanned into the web server. In addition to detecting known threats, as it moves through legitimate sites, such

Bi-directional filtering may also provide protection against new threats, wherever they are

hosted.

Using the threat in real time filter prediction is still limited in many filtering solutions Web reference in the security market today. Many security vendors currently relying on signatures only. Others are relatively recent entrants to the market demand for solutions but lack the evidence to prove that they are

delivery Proactive protection altogether.

Filtering content

Filter by content analyzing all web traffic in the network to determine Type the actual file content returned by a Web site, which can allow or deny traffic based on corporate policy.

The key questions to ask a potential supplier

Is the URL database used for reputation-based global on the filter were

coverage?

How often do you upgrade your product to meet new threats?

What new threat to many hosting sites are identified each day?

"We analyze all incoming traffic for malicious code in real time?

Do your own technology scanning for malware or depend on others?

Is your scan engine signature-based malware or uses behavioral analysis?

Is there an additional cost to the malware research time actual filter?

Is there a performance hit for malware filtering in real time?

How many proxies Daily Catalog of anonymity you?

His solution to identify the use of anonymous proxy in real time?

Did you analyze the content actual file, or based on the extension or MIME type?

Do you scan the encrypted HTTPS traffic?

Can you prove your experience actual survey of Web threats?

Do you have statistics of their assets detection rates separate web threats?

Can I see a demo of the management console to see how it is easy to use?

Is there a committee of observers to monitor software, hardware, health and traffic?

How problems are reported to the administrator? By e-mail? Call Via?

Does uptime real-time monitoring to ensure the system is available 24 / 7?

Conclusion

Every minute of every day, cyber criminals trying to exploit Internet traffic for commercial

gain, given that web browsing is an integral part of most days corporate activities to date, the Web gateway

must be equipped with a security solution that allows businesses and users to be productive while

security necessary to ensure a safe experience.

Organizations that seeking protection against the growing threat of Web-based malware a

solution, above all, demonstrate the safety and combines attributes of a site of great scope and content

controls with a low impact, an effective administration.

At the same time, expectations of end users and the need for speed, efficiency and free access to tools and sites must be met. Solutions that do to these requirements of security, control, performance and accessibility ultimately not the organization.

Content Filters Real scan the contents of a file instead of just looking at the file extension or

The MIME type of the web server, and can therefore identify and block files that are masquerading

so innocent / file types allowed, but actually an unauthorized content. A bank may, for example,

have the extension. txt, but actually be an executable file.

By allowing the execution of only the type of content business, this pillar of protection enables organizations to create policies on a wide variety of types of content that can be used for send malicious programs, thus reducing the risk of infection.

For example, Windows executables or screen savers could be rejected. Content-based filtering also improves

optimize bandwidth by blocking content or hungry significant resources, such as streaming video.

The education of the user as a tool to defend

Many companies have managed to educate users on how to detect threats e-mail, and any

the fight against Web threats is based more on advanced technology, users can and should participate in the fight.

Many companies already have procedures that define Internet sites deemed appropriate, but few have been updated to include guidance on how to avoid these infections while surfing on the net.

A good policy will determine the following:

Employees should not open spam messages

Employees should never click on links in emails sent by unknown senders

You must ensure that browsers website of the organization are patched at all times

Employees are required to minimize their non-work related reasons of navigational safety and productivity.

About the Author

This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.

Episode 56: Windows server 2008 - A first look