New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Administration and Policy in Information Security

by: Emelia Homenick III

Administration and Policy in Information Security BCIS 4740

Marketplace > University of North Texas > Business Info Systems CIS > BCIS 4740 > Administration and Policy in Information Security
Emelia Homenick III
GPA 3.86


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in Business Info Systems CIS

This 19 page Class Notes was uploaded by Emelia Homenick III on Sunday October 25, 2015. The Class Notes belongs to BCIS 4740 at University of North Texas taught by Staff in Fall. Since its upload, it has received 16 views. For similar materials see /class/229189/bcis-4740-university-of-north-texas in Business Info Systems CIS at University of North Texas.

Popular in Business Info Systems CIS


Reviews for Administration and Policy in Information Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 10/25/15
Web Threats Challenges and Solutions WebSecurily e Web Threat Protectio n A Trend Micro White Paperl lvhrch 2008 WEB THREATS CHALLENGES AND SOLUTIONS I EXECUTIVE SUMMARY Motivated by the lure of pro ts from the sale of stolen con dential information cyber criminals today are shifting to the Web as their chosen attack vector which provides an ideal environment for cyber crime Many Web threats can be deployed unbeknownst to the user requiring no additional action than merely opening a Web page Large numbers of users an assortment oftechnologies and a complex network structure provide criminals with the targets 4 39 qui u no Ialge scale 39aud Web threats pose a broad range ofrisks including nancial damages identity theft loss of con dential business information thelt ofnetwork resources damaged brand or personal reputation and erosion of consumer con dence in ecommerce These high stakes the pervasive use ofthe Web and the complexity of protecting against Web threats combine to form perhaps the greatest challenge to protecting personal and business information in a decade Web threats employ blended techniques an explosion of variants and targeted regional attacks often based on social engineering to defraud users And these threats often use multiple protocols such as an email that delivers a link to a dangerous Web site using both the SMTP and HTTP protocols in the attack Conventional means do not provide adequate protection from these threats and no single method or technology will improve this situation Instead a multilayered comprehensive set oftechniques must be brought to bear This white paper describes Web threats how they function and their impacts it explains why conventional methods fail to protect against these threats and describes the characteristics ofa new approach required to ensure security regulatory compliance and business continuity INTRODUCTION AN UNWELCOME SCENARIO Robert a Human Resources Director at a large law rrn arrives at his of ce on Monday morning logs on to his computer and scans his new email He opens an email from a large employment site he uses 39equently clicks an embedded link then logs on to the site to view his postings and responses Robert s client status entitles him to access job seekers personal information which he uses to perform background investigations and credit checks Unbeknownst to Robert the email was actually 39audulent spoo ng the employment site When his email client rendered the images in his message malicious code contained in the jpg le secretly downloaded an executable le which ran automatically on his computer This malware logged keystrokes on Robert s computer capturing his login information when he accessed the job site and providing this information to the hacker In August 2007 a very similar scene played out as cyber criminals in ltrated the monstercom job site through Monster for Employersquot accounts compromising the personal information of 1 6 million users Many ofthese users then received of ciallooking emails claiming to be from monstercom and encouraging them to download a helper applicationquot that turned out to be yet more malware These 2 While Paper Web Threal ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS attacks were wellresearched using familiar language and branding and coded to transfer data slowly under the radar of IT administrators looking for suspicious network traf c1 39 quot quot 39 39 39 39 quot 39 uum an email attachment but accesses the Web to convey information to the hacker In 2007 fraudulent emails were sent purporting to be 39om the Federal 39r n u u led 4 r and contained an attachment lfthe recipient opened the attachment a keylogging Trojan was deployed that attempted to steal login information 39om the user s computer and send it back to the hacker 2 Phishing is a prevalent Web threat spoo ng legitimate companies to trick people into providing con dential information Consumer phishing is widespread sending emails that spoof organizations like banks and online retailers These phishing emails often use links to take recipients to Web sites where con dential information is gathered Employees can fall victim to these consumer threats but phishing can also affect corporations more directly In 2005 phishing emails targeted CEOs and other highlevel executives ofUS credit unions in an attempt to gain control ofmillions of personal nancial records The email messages contained a link to a Web site where a Trojan was downloaded Even one successful infection could have caused millions of dollars of damage and caused irreparable harm to hundreds of thousands ofusers through identity and asset theft 3 But Web threats don tjust steal con dential information they can also steal network resources Variations of egreeting card spam were sent throughout 2007 These simple spam messages told recipients that a friend had sent them an egreeting card and to follow the link in the email to view the card If recipients followed the link it took them to a Web site that downloaded malicious code This code hijacked the computer turning it into a bot and allowing the hackers to use the machine for their own purposes sending spam hosting malicious Web sites and much more Consumer and corporate computers were infected by the millions Hackers network these infected computers to create botnets stealing resources and thher perpetuating their 39audulent activities Unfortunately around the world scenarios like these are unfolding at large enterprises and small businesses alike A large and growing number of socalled Web threatsquot like the ones described above but in an in nite number ofvarieties are 39 u many the affect Cyber criminals are stealing lists of social security numbers from health care organizations credit card numbers 39om nancial institutions proprietary information 39om technology companies and resources from all industries These compromised machines and identity thelts are eroding consumer con dence in the ability to maintain the privacy oftheir information undermining online banking transactions and ecommerce 3 While Paper Web Threal ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS WEB THREATS DEFINED Web threats are any threat that uses the Web to facilitate cyber crime They are sophisticated in their methods using multiple types ofmalware and 39aud all ofwhich utilize H39I39I39P or HTTPS protocols but can also employ other protocols as components ofthe attack such as links in email or IM or malware in attachments or on servers that access the Web The creators of such threats frequently update Web site content variants and malware types in order to evade detection and achieve greater success Web threats based on malware are hidden within Web pages and victims are infected when they visit the page Fraudulent sites mimic legitimate business Web sites and use social engineering to request visitors to disclose con dential information Individuals once characterized as hackers virus writers spammers and spyware makers are now simply known as cyber criminals with nancial pro t their primary aim Over the last 15 years information security threats have evolved through a series of incarnations In each case malware writers and 39audsters sought out the medium that was most used and least protected for example email Today a new wave ofthreats is emerging that uses the Web as a delivery vehicle These uauiun 39 me major commerce engine as well Ythei unprotected compared to messaging for example as a medium to deliver malware and conduct 39aud as social wv ming ui WIth quot 39 grow L According to IDC Up to 30 of companies with 500 or more staffhave been infected as a result of Internet sur ng while only 2025 of the same companies experienced vimses and wom1s from emailsquot 4 However email is often a component ofa Web threat attack using social engineering to get users to follow links to dangerous sites The growth of the Web creates a perfect stormquot for the advance ofWeb threats a relatively unprotected yet widely and consistently used medium that is cmcial to business productivity online banking and ecommerce as well as the everyday lives ofWebsavvy consumers Emerging Threats Web 20 Webzio L y t 1 rich nt 391 39 39 39 39 quot h 39 sites quot u w threat vectors to cyber criminals For example the popular networking site 39 39 platform that quotquot applications that can access user account details and execute within a browser window 34 r z quot 39 Users can add additional applications and grant access permissions with just a few clicks and when they do onsite messaging encourages the usefs friends to do the same This 39 39 quot rur n In Hu 4 V m spreading malWare The classic Web 20 exploit is the Samy Worm JSSPA CEHERO created by a teenager that infected over one million users in less than a day 4 While Paper Web Threal ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS IV WEB THREAT DELIVERY MECHANISMS Web threats can be divided into two primary categories based on delivery method push and pull Push based threats use spam phishing u uulel spoofed Web site which then collects information andor injects malware Push attacks use phishing DNS 39 a user to a quot 39 poisoning or pharming and other means to appear to originate from a trusted source Their creators have researched their target well enough to spoof corporate logos of cial Web site copy and other convincing evidence to increase the appearance of authenticity Preciselytargeted pushbased threats are often called spear phishingquot to re ect the focus oftheir data gathering phishing attack Spear phishing typically targets speci c individuals and groups fortinancial gain In November 2006 a medical center fell victim to a spear phishing attack Employees ofthe medical center received an email telling them they had been laid off The email also contained a linkthat claimed to take the recipient to a career counseling site Recipients that followed the link were infected by a keylogging Trojan 5 In other pushbased threats malware authors use social engineering such as enticing email subject lines that reference holidays popular personalities sports pornography world events and other popular topics to persuade recipients to open the email and follow links to malicious sites or open attachments with malware that accesses the Web Pullbased threats are often referred to as driveby threats since they can affect any visitor regardless ofprecautions Pull quot 39 men he which u wing visitors or alter search results to take users to malicious sites Upon loading the page the user s browser passively runs a malware downloader in a hidden HTML frame IFRAME without any user interaction Both push and pullbased Web threat variants target infection at a regional or local level for example via local language sites aimed at particular demographics rather than using the mass infection technique of many earlier malware approaches These threats typically take advantage of lntemet port 80 which is almost always open to permit access to the information communication and productivity that the Web affords to employees Case Study T he Italian Job On June 15 2007 a cyber criminal compromised nearly 6 000 Italian Web sites using three Trojans software applications that claim to do one thing but actually contain malicious code that identified stole and uploaded personal information to a criminal network The attack which became known as The Italian Job affected roughly 15000 users over six days While the damage caused by identity theft and fraud could easily reach millions of dollars the cyber criminal who created the initial downloa der used a maliivare kit MPack v86 that cost roughly 700 USD 5 White Paper Web ThreatS ChallengeS and Solutions V WEB THREATS CHALLENGES AND SOLUTIONS BENEFITS FOR CYBER CRIMINALS Ofthe 35 bIllIon requests Trend Micro s Web Reputationquot I service scans daily nine m n are malwareinfected Web pages Web threats help cyber criminals pursue one oftwo goals One goal is to steal information for subsequent sale The resulting impact is primarily con dential information leakage in the form of personally identi able information Pll data that can potentially be used to uniquely identify According to Trend Micro research while the number of conventional worms has grown only 22 percent since 2005 Web contact or locate a single person Personally identi able information is typically the precursor to identity theft and therefore carries enormous value on the black market Threats have increased by 1564 percent during the same period The other primary purpose ofWeb threats is the absorption of the infected PC into a criminal network for example a botnet hijacking a user s CPU power to use it as an instrument to conduct pro table activities such as sending spam or conducting extortion in the form of distributed denialof service attacks or payperclick activities Pro ts gained 39om a variety ofWeb threats are signi cant Jeanson James Ancheta for example earned 60000 USD by managing a 400000PC Botnet 6 Ivan Maksakov Alexander Petrov and Denis Stepanov extorted 4 million USD by unleashing a distributed denialof service attack on UK sports bookmakers 7 On the black market cyber criminals typically pay 1 0005000 USD for a Trojan horse for example that is able to steal online account information 8 Yet little is known about the scope ofthe pro ts in this sector due to the underground nature oftheir behavior WEB THREAT DAMAGES Some aggregate data has been gathered on the nancial impact of certain types ofWebbased threats For example customers ofvarious German banks remain victims of phishing despite using Transaction Authentication Numbers TANs in addition to user names and passwords The Munich Police Department estimates that 39om JanuaryJuly 2006 the damages due to online 39aud exceeded 1 million Euro in that city alone 9 The Gartner 39 39 39 32 billion in 2007 a cost of 886 per incident 10 The same report shows a rise in phishing effectiveness as well with the number oftargeted victims losing money rising 39om 23 percent to 33 percent 6 White Paper Web ThrealS ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS VII Trend Micro threat analytics shows that the growth in severe malware infections such as vianes Trojans PHP scripts VB Scripts batch les and rootkits grew 200 throughout 2007 infecting more than one in eight PCs scanned In addition to the potential data loss caused by these infections cleaning infected quot39 39 39 lT 39 39 productivity Ofthe 35 billion requests Trend Micro s Web ReputationTM scans daily over nine million are for malwareinfected Web pages Malwareinfected Web pages scanned daily Figure 1 Daily scans reveal a high number of manare infected Web pages CONVENTIONAL APPROACHES FAIL TO PROTECT AGAINST WEB THREATS 39 39 L L the traditional approach to vims scanning Conventional antivirus software installed on client machines for example while cmcial to the protection ofthese machines from a variety ofthreats does not adequately protect against the evolving set ofWeb threats One reason is that the conventional approach to virus protection involves collecting samples ofvimses developing patterns and quickly distributing these patterns to users Because many Web threats are targeted attacks and span many variants collecting samples is almost impossible The variants use quot3939 ui example spam instant messaging and Web sites rendering the conventional sample collection pattern creation and deployment process insuf cient Another reason that conventional vims detection processes fall short involves a fundamental difference between these vianes and evolving Web threats Conventional viruses were fundamentally designed to spread as quickly as possible and were therefore olten easy to spot With the advent ofWeb threats malware has evolved 39om this outbreak model to stealthy sleeper infections that are therefore dif cult to detect via conventional antivims techniques Recovering 39om infections also presents new challenges In some cases Web threats may result in a system infection that is so extensive for example via a rootkit in which the system le is replaced that conventional uninstall or system cleaning approaches become useless Infected systems olten require a complete system recovery in which the hard drive is wiped and the operating system applications and user data are reinstalled 7 While Paper Web ThreaIS ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS Cyber criminals also take advantage ofthe need to keep port 80 open for legitimate traf c which circumvents existing client and network rewalls And some professional cyber criminals create exploits for unknown vulnerabilities so that even ontime security patches are unable to prevent the impacts of these threats Pro tdriven cyber criminals target and compromise not only the V ndows Web server platform so it can spread a downloader source but also other platforms In fact Web threats are operating system independent targeting Web servers of all types This means that even Linuxbased Web servers once thought to be less vulnerable to security threats may nowbe compromised Malware programs in Web threats also violate host intmsion prevention system HIPS mles Once a malware program is installed it continues to i tiate other programs Excessive false alarms annoy users to the point that they disable protection or allow the program to execute In this way the malware evades conventional HIPS techniques In addition protecting against Web threats is more dif cult than protecting against emailbome threats because ofthe much larger bandwidth needed to scan or lter the Web s data stream Email contains less than one thousandth the amount of data Web threats frequently combine a number of seemingly innocent programs to create a malicious result Individual downloader programs commonly used as part ofWeb threats appear to be benign In combination they become malicious making lebased heuristic scanning prone to false positives or useless Web threats olten expand this technique to include multilayered multiprotocol coordinated attacks to avoid detection via conventional means For instance a cyber criminal embeds a URL in an email or instant message The user clicks on the link to a legitimate URL that was hijacked by the cyber criminal for a few days or hours Then an ActiveX control tests the vulnerability ofthe user s browser If it detects a vulnerability the malware attacks ifnot it downloads a le tests for another vulnerability downloads other les and so on Each session ofthe tra ic appears to be benign but the combined activities become a coordinated attack Web threats use a variety oftactics for example targeted local and regional attacks with customized spam language and Web sites One security solution does not t all threats a sample collected for one targeted local attack for instance does not address other local attacks The multiple delivery vehicles also renuer any ululiull only 39 This means for example that URL ltering or spam ltering alone are insuf cient As a result information security today is at a critical turning point a new approach is needed to address the newest class ofthreats 8 While Paper Web Threal ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS VII A NEW APPROACH IS NEEDED INTEGRATED MULTILAYERED PROTECTION Clearly users need a new approach to addressing Web threats that complements existing techniques The most effective approach will employ multiple layers of protection and incorporate a range of protective measures In addition the evolving nature ofthe threat necessitates some form of information feedback and integration in which information gathered in one portion ofthe protection network is used to update information in other layers Any quot L quot quot 39 4 quot because Web threats leverage multiple protocols in their attacks in particular email as the initial delivery mechanism and the Web as the threat host However other mechanisms can also help perpetrate attacks such as links in IM and infected les Coordinating measures requires ef cient centralized management of regionspeci c expertise to help address the regional and even localized nature ofmany ofthe threats The key to effectively addressing Web threats is a multilayered approach The network points are categorized in four different layers see Figure 2 1 inthecloudquot ie before the traf c reaches the 39 L 4 and at the endpoint for example the client In the below example the description uses the points in the network for high level organization and quot 39L L and wily be deployed at these points The subsections on protocol protection and security technologies describe email solutions rst which is often the rst step in a Web threat attack followed by Web solutions that directly protect Web usage Q AnirSpam 1r 3 0 Amwus mrv W Amsuywam Anti Plivahmu 9 inappropriate 5mm 53 Rspulaliun on mealk 9 While Paper Web Threal ChallengeS and Solutions WEB THREATS CHALLENGES AND SOLUTIONS INTHECLOUD Internetbased inthecloudquot services can provide Jll security solutions or deploy speci c technologies that supplement onsite products These inthecloud services reduce the load on the network and enable the rapid exchange ofinformation necessary to respond to threats as they appear INTHECLOUD PROTOCOL PROTECTION A comprehensive security solution can be provided in the cloud similar to an onsite solution but with the added bene t of keeping threats completely offthe network For example a hosted email security solution removes all email threats in the cloud and only delivers legitimate email to the organization s network providing the following bene ts less email traf c to the gateway no security hardware or software on site less administration more bandwidth less processing power required and less storage and archiving of emails necessary to comply with regulatory requirements These bene ts provide a more costeffective solution Web threats often use email as a medium to deliver an initial Web link Hence intercepting emails carrying Web threats inthecloud can prevent many Web threats 39om even entering the network INTHECLOUD SECURITY TECHNOLOGIES Even if security solutions are deployed on site many ofthe security technologies can be housed in the cloud enabling a smaller footprint on the network as well as realtime security updates based on global integrated information queried through the inthecloud service These services should include the following components see Figure 3 Web Reputation Roaming Protection Global Collaboration Proactive Protection Figure 3 Key factors required for proper protection 10 While Paper Web ThrealS ChallengeS and SolulionS WEB THREATS CHALLENGES AND SOLUTIONS Email Reputation Services Effective Email Reputation services can stop up to 80 percent of email based threats including emails with links to dangerous Web sites before these threats reach the network based on the reputation ofthe sender An extensive analysis of an IP addresses behavior scope of activity and prior history is required The service should reference email IP addresses against a database of known spam sources as well as provide a dynamic service that can assess email sender reputation in realtime blocking threats 39orn zombies and botnets when they rst emerge The reputation status must be continually updated ensuring that a good reputation is restored when infected zombies are cleaned and resume sending legitimate email Malware Knowledge Database When security companies store their applications malware databases locally at the client level those clients are only protected against malware identi ed in the latest patch or system update Conversely moving the malware knowledge database to the Internet maintains a centralized repository ofthe most uptodate threat information guaranteeing that customers are protected against newmalware as soon as it is discovered Web Reputation Services Web Reputation services help protect against Webbased threats before they even touch the network Web reputation assigns a relative reputation score to domains based on a number offactors including evaluation ofa site s age any historical location changes and other factors that might indicate suspicious behavior The service then builds on this assessment through malware behavior analysis monitoring network traf c to identify any malware activity originating 39orn a domain It should also perform Web site content crawling and scanning to complement this analysis with a block list of known bad or infected sites To reduce false positives and increase the accuracy of protection Web reputation should assign reputations to speci c pages or links rather than an entire site as sometimes only portions ofa legitimate site are hacked Global Research and Support A global network of research service and support centers that are committed to constant threat surveillance and attack prevention is another important component ofinthe cloud protection An extensive global customer base combined with direct threat research and threat detection technologies are necessary to stop new attacks as they surface REALTIME SERVICE FEEDBACK AND INTEGRATION Working together these inthecloud services can provide continuous threat intelligence and a comprehensive threat assessment in realtime with each service bolstering the others For example an email 39orn a seemingly good IP address might pass an Email Reputation check but Web Reputation might identify a download from a known badquot Web site when a user clicks a link When Web Reputation stops the malicious download before it hits the network Email Reputation adds the emails IP address to its list of known bad senders 11 White Paper Web ThrealS ChallengeS and SolutionS WEB THREATS CHALLENGES AND SOLUTIONS Web Threat Protection Backend Domain Reputation Database in URL Filtering Security Rating Email Reputation Databases if Q Figure 3 Working together Trend Micro39s inthecloud services provide a layer of comprehensive updated protection AT THE INTERNET GATEWAY Important functions are also needed at the second of the four levels the Internet gateway Gateway security solutions and technologies are critical to preventing threats from further permeating the network GATEWAY PROTOCOL PROTECTION As the initial network entry point the gateway is an ideal location to block Web threats Security solutions should be implemented to block emails with links and attachments that are components of Web threats as well as Web security that directly protects Web usage GATEWA Y SECURITY TECHNOL OGIES Just as sender or source based technologies are best placed inthecloud content scanning technologies are most appropriately conducted in onsite solutions The following technologies require content inspection They are applied to gateway protection to stop threats at the earliest entry point Embedded Link Reputation Web threats often use links embedded in emails to take users to malicious sites Reputations can be assigned to URLs in links and can be used to block emails with links to malicious Web sites This reputation information can also be integrated with the Email Reputation and Web Reputation information discussed above If a bad reputation is assigned at any single point email sender embedded URL or Web site the bad reputation can be extended to all elements of the Web threat attack File Checking Gateway capabilities should include le checking For emails any attached files should be scanned for malware including antivirus antispyware and other malware protection Malware in email 9 TBE39SB 12 White Paper Web Threats Challenges and Solutions WEB THREATS CHALLENGES AND SOLUTIONS attachments ifinstalled can access the Web as an implementation mechanism Files should also be checked on the Web itself The le checking function essentially checks the reputation of each le before permitting the userto download it To do this a data crawl of each le at the Web site and an assessment of each le s reputation are periodically performed to establish and maintain a database of le reputation This le checking is needed in addition to the Web reputation function inthecloud because cyber criminals can easily move individual les with malicious content 39om one Web site to another A reputation may not yet be assessed for a Web site that contains a malicious le Behavior Analysis The next form of protection 39om Web threats that is needed at the gateway is behavior analysis that can correlate combinations of activities to determine if they are malicious Often a single activity or component ofa Web threat may appear innocuous but when several activities are used in conjunction they create a malicious result A holistic view across the different components may be required to determine ifa Web threat is present This approach is similar to the behavior analysis performed by vims scanners to locate new undiscovered viruses Behavior analysis should correlate activities of a single session on the same protocol for example an SMTP attachment with a suspicious double 39 quot as 39 quot 39 quot3939 39 sessions on L 39 for example a downloader blended threat in which individual les that each appear to be innocent are downloaded but together they form a malicious program In addition activities of multiple sessions and different protocols for example SMTP and H39I39I39P should be correlated to identify suspicious combinations of activities for example an email with a URL linkto several recipients and an H39I39I39P executable le download 39om the linked Web page Across the Network Servers rul 39 39 security 39 39 quot quot 39 including on network servers NETWORK SERVER PROTOCOL PROTECTION The mail servers are another opportunity to block email and attachments that may be components ofa Web threat Security at the mail server is required to protect interof ce email mail 39om remote users logging back onto the network and the mail store The emails may have dangerous links and the attachments and mail store may be harboring malware that access the Web Other servers may be infected with Web threat malware and other protocol protection can be deployed on 39 quotquot quot quot 39 quot downloads network servers including wily ma 4 t lnstant quotquot and collaborative environments that might share infected les 13 While Paper Web ThrealS ChallengeS and SolulionS WEB THREATS CHALLENGES AND SOLUTIONS NETWORK SERVER SECURITY TECHNOLOGIES Some or are also network servers with the t m g 39 no me quot 39 point For example IM security should 39 39 quot quot 39 quot and all 39 mu39 39 quot 39 protection with le checking and behavior an alysis At the Endpoint In addition to the other protection points a fourth level of protection at the endpoint the client remains critical Approximatelytwothirds of recent US computer retail sales are notebook computers 11These machines require protection because they connect to multiple networks and visitors and contractors physically carry them L gm vvny corporate Web wily p i y mu u enforced whether the user is on or offthe network A client can play many roles in a Web threat The user can access their email or the Web through the client In addition ifa notebook computer has been compromised and is part ofa botnet the notebook could attempt to connect back to the bot herder the botnet originator Another example is phonehome spyware which periodically imunnatiuu captured on L 39 o the spyware owner In either malware case this activity can be detected and blocked and a cleanup operation can be directed ifneeded Therefore a solution is needed that provides clientlevel prevention eg access control and scanning and in case of infection cleaning and recovery ENDPOINT PROTOCOL PROTECTION A single endpoint solution can provide protection for multiple protocols securing the many uses ofthe client In particular endpoint security can provide safeguards during Web browsing applying Web security policies both while a user is on and offthe network and can help to identify and clean up malware infections ENDPOINT SEC URITY TECHNOL OGIES Endpoint protection utilizes several ofthe technologies mentioned above such as Web Reputation and malware scanning targeted for the client However additional technologies are required to meet the unique security needs of endpoint computers Virtual Environment Other prevention options should include establishing a virtual environmentquot for the user to surfthe Web In this arrangement Web threats reach only the virtual environment and do not penetrate the user s actual environment 14 While Paper Web Threal ChallengeS and Solution WEB THREAT CHALLENGES AND SOLUTIONS Clean Up and Recovery Clean up capabilities should assume two forms agentbased cleaning and nonagent based cleaning Using agentbased cleaning an agent that is centrally managed resides on the N L u r r in which an agent is not installed on the notebook computer ofa visitor or contractor in this case cleaning is accomplished ondemand with network access control to allow only limited access to the network to complete cleaning Complete system restorations are also needed in cases when cleanup is not feasible due to a rootkit infection for example IX INTEGRATING THE LAYERS FEEDTHROUGH AND LOOPBACK Figure 4 illustrates this multilayered approach and also shows an important and much needed aspect of its implementation Incorporating layers of protection inthecloud at the gateway across the network servers and at the endpoint is a feedthroughquot mechanism In addition feeding back information from one layer to another is a loopbackquot mechanism For example information learned in the behavior analysis function at the gateway can be looped back to provide Web Reputation with sitethreat correlation data and update Email Reputation s list of known bad lPs and domains Similarly information acquired at the endpoint can be looped back to the le scanning capability at the gateway network servers and the Web reputation capability inthecloud Both feedthrough and loopback techniques are needed to ensure real time Web threat protection across the entire network The greater the number of customer sensors providing threat content the stronger the protection becomes creating better togetherquot security through a strong neighborhood watch Glubally Accesslble P Web Reputation New HEUrlStlE capanlllrles Behaviora Threat Currelatldn Acruss Muluple nalysls Prrtuculs and SESSIDHS Off lletwurk Access Endpoint Cuntml Eehavlnral Analvsls Figure 4 Feedthrough L 394 feedback quotquotquot 39 muItiIayered approach that begins in the cloud and continues at the gateway in the network and at the endpoint 1855 15 White Paper Web ThreatS ChallengeS and SolutionS WEB THREATS CHALLENGES AND SOLUTIONS TREND MICRO WEB THREAT PROTECTION TREND MICRO PROTECTION NETWORK Trend Micro s Protection 39 39 39 protection 39 39 the cloud at the gateway within the network and on the client PC all working seamlessly together to proactively respond to internal and external threats see Figures 6 and 7 The realtime inthecloud nature of much ofthe Trend Micro Protection Network technologies reduces the reliance upon conventional pattern les and the protection delays conventionally associated with updates Builtin feedback loops and communication between Trend Micro products ensures rapid and optimal protection against the latest threats and provides better togetherquot security Not only does adding more Trend Micro products protect additional points in the network each additional product enhances the protection provided by all deployed Trend Micro solutions With accurate realtime data provided by components ofTrend Micro s Protection Network TrendLabs staff ofmore than 1000 security experts detects preempts and eliminates threats TrendLabs operates 247 with of ces in the Philippines United States Japan France Germany and China Trend Micro uses a combination oftechnologies and data collection methods including honey potsquot for email and network worms Web crawlers and its IP reputation services to proactively gain intelligence about the latest threats And its global multilingual staff can respond in realtime providing constant threat surveillance and attack prevention and minimizing the damages and costs of new Webbased threats Trend Micro supplements TrendLab s proactive identi cation of Web threats in the wild with feedback from its extensive global network ofusers providing a comprehensive uptodate threat index By allowing its users to opt into a global collaboration system Trend Micro can use realtime information 39om infected users to isolate threats as they appear and push updates to all levels of its protection tiers Trend Micro uses that information in the cloud in realtime in its industryleading Web Reputation which maintains risk pro les ofWeb pages This information is also used to support Email Reputation which applies over a decade of reputation information with ratings assigned to over 16 billion IP addresses The data 39om TrendLab s research and the user network also supports embedded URL reputation which is used to block dangerous links in email as well as lM security And all ofthese types of reputation protection communicate with each other to provide a bad reputation across all elements ofa Web threat attack TREND MICRO PRODUCTS AND SERVICES Trend Micro provides solutions that when used together provide Web threat protection across the network Trend Micro behavior monitoring technology scans the entire network detecting threats across nearly 50 different protocols within a single session helping to trace the root cause ofthe original threat to identify potential security risks Patentpending technology correlates independent events to identify the sources of malicious threats such as tracing a malicious URL to its origin in an IM session 3855 16 While Paper Web Threal ChallengeS and Solution WEB THREATS CHALLENGES AND SOLUTIONS Comprehensive gateway Web threat protection is provided by combining lnterScan Messaging Security and lnterScan Web Security solutions Together these solutions stop Web threats at all points ofthe attack in email links attachments and the browser These solutions are offered as so ware or as an appliance The lnterScan Messaging Security solution is also available as an inthecloud hosted service keeping all email threats offthe network Several products are available to protect the various servers across the network ScanMail provides security for the mail server both for Microsolt Exchange and Lotus Domino environments lnstant g39 g 39 protects lM for Live and the quot quot 39 39 providing 39 for quot 39 39 a variety of server platforms At the endpoint Trend Micro offers its awardwinning Of ceScan integrated client and server security solution Of ceScan provides access control safe Web browsing with Web Reputation malware protection for vimses spyware and rootkits as well as security even for roaming users when they are both on and offthe network Trend Micro s WorryFree Security Solutions provide allinone integrated protection against Web and other emerging threats in solutions speci cally designed for businesses with limited IT resources Trend Micro also provides cleaning and recovery services feedthrough and loopback mechanisms between these capabilities and centralized management via Trend Micro Control Manager Trend Micro 39 quot39 39n lUllll 39 39 39 all sizes small and medium businesses enterprises and service providers Protection LEWS Web Antivuus AMirSpam Anwmsmng mamwave URucumm Repulaliun Fmevmg Elgum 5 7 JM L t Web threats in a multi Iayered deployment 17 White Paper Web ThreatS ChallengeS and SolutionS WEB THREATS CHALLENGES AND SOLUTIONS Messaging Secumy Web Secuiity Endpumt Security 5MB Security Figure 7 Trinaline m 39 39 m all u quot39 quotquot 39 against Web threats X CONCLUSION Web threats are prevalent today and are growing in numbers and impact Their complexity large number ofvariants and use of multiple vectors combined with their exploitation of the most commonly used medium today the Web make Web threats the most challenging threat that consumers businesses and services providers have faced in a long time Potential costs associated with these threats include con dential information leakage and theft ofnetwork resources with the adverse impact of erosion of customers trust and brand reputation regulatory and legal implications negative public relations and loss of competitive advantage Because conventional approaches fail to protect against Web threats the information security industry is at a crossroads Businesses of all sizes as well as service providers need to deploy solutions via an integrated quot39 lu quot 39 quot 39 protection against these threats 18 While Paper Web ThrealS ChallengeS and SolulionS WEB THREATS CHALLENGES AND SOLUTIONS XII REFERENCES 1 Gregg Keizer Computerworld August 19 2007 Identity attack spreads 16M records stolen from Monstercomquot 2 Dan Kaplan SC Magazine October 30 2007 FTC Spam Contains Keylogging Trojanquot 39 39 39 39 39 58273 3 Paul F Roberts eWeekcom December 16 2005 Spear Phishing Attack Targets Credit Unionsquot httglMMmeweekcomanicle2l0 1895 1902896 00asg 4 IDC press release July 18 2006 39 Threatens lT 3939 39 39 Says IDCquot httgllwmmidccomlgetdoc39sgcontainerldgr2006 07 14 125434 5 Cara Farrel nn lanuarv112006 39 39 39yquot 6 Gregg Keizer TechWeb Technology News January 24 2006 Botnet Creator Pleads Guilty Faces 25 Yearsquot httpmetec ebcomwirelsecurityl177103378 7 Marius Oiaga So pedia October 4 2006 Hacking Russian Trio Gets 24 Years in Prisonquot 39 39 T39 quot1 quot 149shtml 8 Byron Acohido and Jon SNartz USA TODAY oybercrime ourishes in online hackerforumsquot October 11 2006 39 Fl200610 1 I 39 quot quot quot39 xhtm 9 Police ofthe City of Munich Almu 19 7mg 10 Avivah Litan 39 39 llllnrnh 39 quot quotGarlner December 12 2007 11 Tom Krazit Cnet Two in three retail PCs are notebooksquot December 202006 39 39 4quot 36144921html TREND MICRO INCORPORATED TREND MICRO INc an oilrovillzsinrlivduals chug n05 sum 395 ztliawonlwir nnmse Hi swim n m wunmmmwmmmm mm nmmium U5 quot 590228553 irmorelhanZDiounHesVennMitrosulutmnsaiesulc39tmugr annual403 71500 TREND mm l TrendMlcmpromiiisan sirwmsy siluurwehmteal M I c R o wwwxren microsam


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

Janice Dongeun University of Washington

"I used the money I made selling my notes & study guides to pay for spring break in Olympia, Washington...which was Sweet!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.