The SMB Security Series

How to Protect Your
Business from Malware,

Phishing, and Cybercrime
The SMB Security Series
sponsored by
Dan Sullivan
SMBSecuritySeries:HowtoProtectYourBusinessfromMalware,Phishing,andCybercrime
DanSullivan
IntroductiontoRealtimePublishers
by Don Jones, Series Editor
Forseveralyearsnow,Realtimehasproduceddozensanddozensofhighqualitybooks
thatjusthappentobedeliveredinelectronicformatatnocosttoyou,thereader.Weve
madethisuniquepublishingmodelworkthroughthegeneroussupportandcooperationof
oursponsors,whoagreetobeareachbooksproductionexpensesforthebenefitofour
readers.
Althoughwevealwaysofferedourpublicationstoyouforfree,dontthinkforamoment
thatqualityisanythinglessthanourtoppriority.Myjobistomakesurethatourbooksare
asgoodasandinmostcasesbetterthananyprintedbookthatwouldcostyou$40or
more.Ourelectronicpublishingmodeloffersseveraladvantagesoverprintedbooks:You
receivechaptersliterallyasfastasourauthorsproducethem(hencetherealtimeaspect
ofourmodel),andwecanupdatechapterstoreflectthelatestchangesintechnology.
Iwanttopointoutthatourbooksarebynomeanspaidadvertisementsorwhitepapers.
Wereanindependentpublishingcompany,andanimportantaspectofmyjobistomake
surethatourauthorsarefreetovoicetheirexpertiseandopinionswithoutreservationor
restriction.Wemaintaincompleteeditorialcontrolofourpublications,andImproudthat
weveproducedsomanyqualitybooksoverthepastyears.
Iwanttoextendaninvitationtovisitusathttp://nexus.realtimepublishers.com,especially
ifyouvereceivedthispublicationfromafriendorcolleague.Wehaveawidevarietyof
additionalbooksonarangeoftopics,andyouresuretofindsomethingthatsofinterestto
youanditwontcostyouathing.WehopeyoullcontinuetocometoRealtimeforyour
educationalneedsfarintothefuture.
Untilthen,enjoy.
DonJones
DanSullivan
IntroductiontoRealtimePublishers.................................................................................................................i
Article1:Malware,Phishing,andCybercrimeDangerousThreatsFacingtheSMB...............1
TypesofThreatstoSmallandMidsizeBusinesses...............................................................................1
MalwareandDetectionMethods.............................................................................................................2
PhishingAttacks..............................................................................................................................................3
Cybercrime........................................................................................................................................................3
RespondingtoTodaysThreats.....................................................................................................................4
Summary.................................................................................................................................................................5
Article2:SecuringEndpointsWithoutaSecurityExpert.......................................................................6
ChangingLandscapeofEndpointDevices................................................................................................6
CoreRequirementsforEndpointSecurity...............................................................................................8
ManagementRequirements............................................................................................................................9
Summary..............................................................................................................................................................10
Article3:StreamliningWebandEmailSecurity......................................................................................11
MalwareAttacksEnteringYourEnvironment.....................................................................................11
ProtectingNetworkTraffic..........................................................................................................................12
ResourcesforAddressingSecurityRisks...............................................................................................13
ExecutiveChecklistforEvaluatingOptions..........................................................................................13
Summary..............................................................................................................................................................14
ii
DanSullivan
Copyright Statement
2011 Realtime Publishers. All rights reserved. This site contains materials that have
been created, developed, or commissioned by, and published with the permission of,
Realtime Publishers (the Materials) and this site and any such Materials are protected
by international copyright and trademark laws.
THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice
and do not represent a commitment on the part of Realtime Publishers its web site
sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for
technical or editorial errors or omissions contained in the Materials, including without
limitation, for any direct, indirect, incidental, special, exemplary or consequential
damages whatsoever resulting from the use of any information contained in the Materials.
The Materials (including but not limited to the text, images, audio, and/or video) may not
be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any
way, in whole or in part, except that one copy may be downloaded for your personal, noncommercial use on a single computer. In connection with such use, you may not modify
or obscure any copyright or other proprietary notice.
The Materials may contain trademarks, services marks and logos that are the property of
third parties. You are not permitted to use these trademarks, services marks or logos
without prior written consent of such third parties.
Realtime Publishers and the Realtime Publishers logo are registered in the US Patent &
Trademark Office. All other product or service names are the property of their respective
owners.
If you have any questions about these terms, or if you would like information about
licensing materials from Realtime Publishers, please contact us via e-mail at
info@realtimepublishers.com.
iii
DanSullivan
[EditorsNote:ThisbookwasdownloadedfromRealtimeNexusTheDigitalLibraryforITProfessionals.
AllleadingtechnologybooksfromRealtimePublisherscanbefoundathttp://nexus.realtimepublishers.com.]
Article1:Malware,Phishing,and
CybercrimeDangerousThreatsFacingthe
SMB
Malware,phishingandothercybercrimethreatshavebecomeapersistentproblemfor
businesses.Manyorganizationsdonothavetheluxuryofadedicatedsecurityteamthat
managesendpointsecurity,monitorsnetworksformalicioustraffic,orroutinelyscansfor
vulnerabilities.Manyrelyonahandfulofsystemsandapplicationadministratorswhoare
equallyadeptatmanagingemailanddatabaseserversastheyareatsolicitingbusiness
requirementsandtrainingendusers.Theyalsoknowsomethingaboutsecuritybut
unfortunatelytheydonothavethetimeortheresourcesofcybercriminals.Malware,spam,
phishingattacks,anddirectedhackingattacksarepartofeverydaylifeinIT.ThisEssentials
Seriesexplainsthestateofmalwareandcybercrimetodayandoutlinesmethodsfor
respondingtothesethreatswithoutdemandinginordinateamountsoftimeorexpertise.
Largeenterprisesareobvioustargetsofcybercriminals.Thewellknownsecuritycompany,
RSA,wasrecentlythetargetofanadvancedpersistentthreat(APT)tostealinformation
aboutthecompanyssecuritydevices.Oneofthekeystepsinthatattackwasaphishing
emailmessage.Whenanemployeeopenedaspreadsheetattachedtothemessage,
maliciouscodewasrunthatenabledtheattackertoinstallremotecontrolsoftware.From
there,theattackerwasabletomonitortheusersactivitiesandinfiltrateotherdeviceson
thenetwork.
Cybercriminalsdonotlimitthemselvestoattackinglargebusinesses.Smallandmidsize
organizationsmayhavevaluableinformation,suchasfinancialdata,aswellascomputing
andstorageresourcesattackerscanuseforotherexploits.
TypesofThreatstoSmallandMidsizeBusinesses
Thereisabroadarrayofsecuritythreatsconfrontingsmallandmidsizebusinesses;they
canberoughlygroupedintothreecategories:
Malware
Phishingattacks
Othercybercrimeactivities
Eachoftheseformsofattackpresentsadistinctsetofchallengesandrequiresparticular
techniquesformitigatingtherisks.
DanSullivan
MalwareandDetectionMethods
Malwareismalicioussoftware.Virusesareperhapsthebestknowntypeofmalicious
software.Theseareprogramsthatdependonotherprogramstospread.Trojanhorses,or
justTrojans,areprogramsthatappeartoperformalegitimatefunctioninordertocoax
theirvictimsintoinstallingthemalware.Inadditiontodifferentdeliverymechanisms,
malwarecanbecharacterizedbywhatitaccomplishes.Keyloggers,forexample,capture
keystrokes,whichcanbeloggedandsenttotheattacker.Theseareparticularlyusefulfor
capturingauthenticationinformationsuchasusernamesandpasswords.Remotecontrol
programsallowanattackertoperformoperationsonacompromisedcomputerandexploit
accesstoabusinessnetwork.
Asignificantchallengetocombatingmalwareisthefactthattherearesomanymalicious
programscirculatingacrosstheInternet.Antivirusvendorsmonitormalwareinfections
andrelatedactivityandfindtensofthousandsofnewmaliciousprogramseveryday.
Deployingnewformsofmalwareisonewayforattackerstotrytoavoiddetectionby
antivirussoftware.Evenwithantivirusvendorsconstantlyupdatingtheirdetection
signatures,thevolumeofmaliciousmalwaremakesitdifficulttokeepupwiththepaceof
newmalwaregeneration.
Volumeisnottheonlywayattackerstrytocounterantivirussoftware;theyalsouse
obfuscationtechniques.Thesearemethodsformaskingthemaliciouscodetoavoid
detection.
Forexample,malwarewritersmightencrypttheircodebeforedistributingitandonly
decryptitoncethesoftwareisreadytorun.Encryptedcodedoesnotlookanythinglikethe
original,sosignaturebaseddetectionmethodswillnothelphere.Antivirusvendorshave
beenabletodealwiththisproblembytargetingtheencryption/decryptioncodewithina
maliciousprogram.Thatcodecannotbeencrypted,soitissusceptibletosignaturebased
detection.
Anothertechniqueusedbymalwaredevelopersentailsinsertingextra,random
instructionsinthecodethatalterthepatternofthecodewithoutalteringitsfunction.For
example,eachtimeavirusreplicates,itmayaddinstructionstoadd0toavariableor
multiplysomeothervariableby1.Theseoperationsdonotalterthemeaningofthecodein
anywaybutchangethepatternofthebinarycodemakingitlesssusceptibletosignature
baseddetection.
Theemergenceofselfalteringmalware,knownaspolymorphicmalware,prompted
antivirusvendorstodeviseanewmethodofmalwaredetectionbasedonthebehaviorofa
programratherthanapatterninitscode.Behaviorbaseddetectionsimulatescode
executioninordertodetectsequencesofstepsindicativeofmalicioussoftware.The
executionisdoneinawaythatisolatesthecodefromthehostcomputersothatthe
malwaredoesnotactuallydamagethesystem.
DanSullivan
Malwaredevelopersareconstantlycomingupwithnewtechniquestoavoiddetectionand
improvetheeffectivenessoftheirattacks.Whennewtechniquesprovesuccessful,they
rapidlyproliferate.Forexample,onceapolymorphicenginewascreatedtomodifythe
patternofcodewithoutalteringitsfunction,thatcodewaswidelyadopted.Morerecently,
techniquesusedinthehighlysophisticatedStuxnetmalwarehavebeendetectedinother
malware.
Malwaredevelopmentanddetectionareconstantlychanginginresponsetoeachother.
Onewayattackerscanavoidtheneedforsophisticatedmethodstogettheirmalicious
payloadinstalledonavictimscomputeristolurethevictimintodoingthejobforthem,
andthisisoneoftheobjectivesofphishingattacks.
PhishingAttacks
Phishingattacksaredesignedtoluretheirvictimsintoperformingsomeactionthat
furtherstheobjectiveoftheattacker,suchasvisitingamaliciousWebsiteorinadvertently
installingmalicioussoftware.Generalphishingattackstargetalargenumberofvictims
withthesamephishinglureoremailmessage.Theseattacksareenabledbybotnets,large
groupsofcompromisedcomputersthataretosomedegreeunderthecontrolofthe
attacker.Botnetscangeneratelargevolumesofphishingemailmessagesandotherforms
ofspam.
Aspecializedformofphishing,knownasspearphishing,targetsparticularindividuals.The
attackonRSAmentionedearlier,wassuchatargetedattack.Sophisticatedspearphishing
attacksuseinformationcollectedfrompressreleases,socialnetworkingsites,andother
formsofpublicinformationtocraftpersonalizedmessages.Theassumptionbehindthe
addedresearcheffortisthatapersonalizedmessageismorelikelytobebelievedbythe
victim.
Phishingattacksarecommonelementsoflargerschemestocompromiseabusinessin
ordertostealintellectualproperty,confidentialinformation,orprivateinformationabout
customersoremployees.
Cybercrime
Malwareandphishingaretoolsofthecybercrimetrade,buttheyarebynomeansthefull
extentofthecybercrimephenomenon.Cybercrimeisbestunderstoodasanindustrywith
specializedmarketsforthesaleofgoodsandservicesaswellasadivisionoflaborgeared
towardthemaximizationofprofits.
Take,forexample,thecreditcardfraudareaofcybercrime.Oncetheyhavestolencredit
cardinformation,thievescansellthisinformationthroughonlinemarketswheretheprice
forthestoleninformationissetbasedontheamountofinformationprovided,thecredit
limitonthecard,andthetimesincethecardinformationwasstolen.Creditcard
informationthatincludesthesecuritycodeismorevaluablethanifonlythecreditcard
numberisprovided.
DanSullivan
Marketforcesalsoplayaroleinpricing.ShortlyaftertheSonynetworkwasbreachedand
millionsofcreditcardswerecompromised,therewasconcernintheundergroundmarket
abouttheimpactofsuchalargevolumeofcreditcardssuddenlycomingonthemarket.As
oneunnamedhackertoldtheNewYorkTimes,WerekeepingacloseeyeontheSonystory
asitwoulddrasticallyaffecttheresaleofothercards(Source:NewYorkTimes,May3,
2011).
Aswithmostindustries,thereisadivisionoflaborinthefieldofcybercrime.TheUS
FederalBureauofInvestigation(FBI)hasidentifiedseveralcategoriesofcybercriminals,
rangingfrommalwaredevelopersandprojectmanagerstomoneymulesandhosting
services.Thecombinationofspecializedlabor,establishedmarkets,andavailablecyber
infrastructurehasenabledthegrowthofasizablecybercrimeindustry.
Althoughitisdifficulttoestimatethesizeofthecybercrimeindustry,thedirectcostof
globalcybercrimehasbeenestimatedtobe$114billionindirectcosts,suchasstolen
moneyandintellectualproperty.Whenindirectcosts,suchasstafftime,aretakeninto
account,thefigurecouldbeashighas$388billion(Source:NetSecurity.orgat
http://www.netsecurity.org/secworld.php?id=11579).
Smallandmidsizebusinessesarenotimmunetothethreatsofmalware,phishing,and
otherformsofcybercrime.Tomitigatetheriskfromthesethreats,businessesofallsizes
andtypesshouldbeinapositiontorespond.
RespondingtoTodaysThreats
Cybercrimeandinformationsecurityarehighlytechnicalareasthatdemandspecialized
knowledgeinmultiplearenas,suchasmalware,softwarevulnerabilities,andsystems
monitoring.Antivirusvendors,forexample,musthaveindepthknowledgeabouthow
malwareiswrittenanddistributedaswellasaboutglobaltrendsrelatedtothespreadof
infections.ITprofessionalsingeneralmustbeawareofthethreatofmalwareandmethods
forreducingtheriskfrommalicioussoftware.
ITprofessionalsresponsiblefordealingwithsecurityissuesmustalsobeknowledgeable
aboutsoftwarevulnerabilitiesandtechniquesformanagingthem.Malwareoftentakes
advantageofvulnerabilitiesinlegitimatesoftware.Forexample,avulnerabilityinAdobe
FlashwasusedintheRSAattackmentionedearlier.Byexploitingthatvulnerability,the
attackerwasabletoinstallaremotecontrolprogram.(Thevulnerabilitywasnotpublically
knownatthetimeoftheattackbuthassincebeencorrected.)
Systemsmonitoringwithregardstoendpointsecurityfocusesondetectingandblocking
malicioussoftware.Inadditiontohavingadequateantivirussoftwareinstalledonall
systems,ITprofessionalsmustunderstandhowtomaintaintheseantivirussystemsto
keepthemuptodate,ensuretheyareproperlyinstalledandconfigured.
DanSullivan
Theneedforspecializedknowledgeisacommonissueforinformationtechnology
professionalsandcreatessubstantialdemandsonITstaff.Thisdemandforspecialized
knowledgecanoftengounmetforseveralreasons:
Limitedtimetoacquirespecializedskills
Competingdemandsforinfrastructureandapplicationsupport
Virtuallyallapplications,fromdesktopsoftwaretoenterprisedatabase
managementsystems,arepotentialtargets
ThissituationleavesfewoptionsforITprofessionals.Wecandeployinhousesecurity
suitesthatprovideacombinationofendpoint,email,andWebsecuritytools.Thishassome
advantages,suchasfullcontroloverthedeploymentofthesoftware,butitintroduces
additionalcomplexsoftwarethatmustbeconfiguredandmaintained.Anemergingoption
ofsecurityasasoftwareserviceoffersanalternativemodelforimplementingsecurity
controls.
Securityasaserviceenablesbusinessesofallsizestotakeadvantageofspecialized
expertiseofsecurityvendorswhocaninvestmoretime,staff,andresourcestomonitor
malwareactivityandrefinebusinesspracticestomitigatetheriskfromsecuritythreats.It
alsoallowsITprofessionalsinsmallandmidsizebusinessestofocusonotherbusiness
needsbyreducingthesecurityburdenplacedonthem.
Summary
Malware,phishing,andothercybercrimeactivitiescostbusinessesbillionsofdollars.
Securityresearchersandpractitionershavecreatedtoolsandtechniquesforaddressing
thesethreats,butitissometimesdifficultforsmallandmidsizebusinessestodedicate
sufficientstaffresourcestothesethreatswithoutadverselyimpactingotherIToperations.
Securityasaserviceisanemergingalternativemodelforimplementingsecuritycontrols
withoutinordinatedemandsoninhouseITprofessionals.
DanSullivan
Article2:SecuringEndpointsWithouta
SecurityExpert
Businesseshavetoprotecttheirendpointdevicesfromawiderangeofsecuritythreats.
Fortunately,wedonothavetobespecializedsecurityexpertstogetthejobdoneifwe
understandsomeofthefundamentalissuesofsecuringourbusinesssystems.Inthis,the
secondarticleintheSMBSecuritySeries:HowtoProtectYourBusinessfromMalware,
Phishing,andCybercrime,weexaminehowtoimplementandmaintainendpointsecurity
withparticularemphasison:
Thechanginglandscapeofendpointdevices
Corerequirementsforendpointsecurity
Managementrequirementsformaintainingendpointsecurity
Byconsideringboththetechnicalandmanagementissuesrelatedtoendpointsecurity,we
canbetterunderstandhowtomitigatetheinformationsecurityrisksfacingmost
businesses.
ChangingLandscapeofEndpointDevices
Whenbusinessinformationtechnologybegandecadesago,ITprofessionalsworkedwith
single,monolithicmainframecomputers,dedicatedterminalsforinteractingwiththe
computer,andcentralizedstoragesystemsdedicatedtotheneedsofonesystem.Todays
ITenvironmentisradicallydifferent.
AtypicalITdepartmentintodaysbusinessisresponsibleformanagingahighly
distributedsetofcomputers,networkdevices,andstoragearrays.Therearedifferenttypes
ofdevicesrangingfromsmallhandheldstolargeclustersofservers.Inspiteofthemany
differencesinthesedevices,thereisacommonneedforsecuritycontrolsonallofthem.
Aninventoryofthevarioustypesofdevicesfoundintodaysbusinessesincludes:
Desktopcomputers,whicharetypicallyusedbyasingleindividualanddirectly
connectedtoacompanysnetwork.
Laptopcomputers,whichagainaretypicallyusedbyasingleindividualbutare
sometimesdirectlyconnectedtothecompanynetworkandareothertimesused
remotely.
DanSullivan
Mobiledevices,suchassmartphonesandtabletdevices,whichprovideconstant
remoteaccesstobusinessservices,suchasemailandcalendarapplications.
Serversareoftenhousedinadatacenterandprovidesharedservicestothe
company,includingemail,Webhosting,filesharing,databases,andother
enterpriseapplications.
Newlyinstrumenteddevices,suchaspointofsaleterminals,specializedmedical
devices,automobiles,andotherdevicesthatcancollectdatafrommultiple
placesandsendittocentralizedserversforanalysisandstorage.
Despitethedifferencesinthesedevicetypes,theycanallfunctiontogetheronan
integratednetwork(seeFigure1).
Figure1:Endpointsvaryinfunctionandcharacteristics,buttheyallfunction
togetheronacompanysnetworkandrequiresimilartypesofendpointsecurity
controls.
Inadditiontothediversityindevicetypes,ITprofessionalsarefacedwiththeincreasing
useofpersonallyowneddevices.Itwasnotuncommonseveralyearsagoforemployeesto
workfromhomeusingahomecomputer,butthelevelofuseofpersonaldeviceshas
increasedsignificantlywiththeavailabilityoflowcostmobiledevicessuchassmart
phonesandtabletdevices.Theadditionofconsumerdevicesmakesmanagementmore
difficult.Itisimportanttohavepoliciesinplacethatdescribeacceptableuseofpersonal
devicesanddefinewhatsecuritymeasuresmustbetakenbeforeapersonaldeviceisused
toaccesscompanyresources.
DanSullivan
Thesepoliciesshoulddescribe:
Requiredantivirussoftware
Limitsonthekindsofoperationsthatcanbeperformedwhileconnectedtothe
corporatenetwork
Limitsonthetypesofinformationthatcanbepermanentlystoredorcachedona
personaldevice
Regardlessofwhetheradeviceisacompanyassetorapersonaldevice,allendpoints
shouldbeprotectedwithacoresetofsecuritycontrols.
CoreRequirementsforEndpointSecurity
Endpointsshouldbeprotectedbyseveraltypesofsecuritycontrols:
Antimalware
Antispam
Antiphishing
Firewall
Endpointencryption
Antimalwareprogramsshouldbeinstalledonendpointstodetect,contain,andremove
malicioussoftware.Thistypeofsoftwarehaslongbeencalledantivirusbutthatnamedoes
notreflectthefullrangeofmaliciouscodetheseprogramscandetect.Antimalwareshould
beconfiguredtoscanincomingcontent,suchasdownloadedattachments,aswellasdata
onstoragedevicesonaregularbasis.
Antispamsoftwareisessentialtokeepunwantedemailfromcloggingusersinboxes,
consumingstorage,andwastingnetworkbandwidth.Togetasenseofjusthowbadthe
problemis,considerthesestatistics(Source:EmailStatisticsReport2010.TheRadicati
Group,Inc.):
IntheUS,approximately73%ofallemailmessagesarespam
Amidsizecompanyof1000canspendapproximately$3millionperyeartodeal
withspam
1messageoutofevery169containssometypeofmaliciouscontent
1messageoutofevery242isaphishinglure
Antiphishingsoftwareissimilartoantispamandantimalwarescannersinthatit
examinesincomingtraffic.PhishingluressometimescontainlinkstomaliciousWebsites,
soscanningmessagesforpotentiallyharmfullinksisanimportantelementofantiphishing
controls.
DanSullivan
Firewallsaredesignedasgatekeeperstocontrolthetypeofnetworktrafficenteringand
leavingadevice.Clearly,weneedblocksonunwantedincomingtraffic.Firewallscanbe
configuredtoblockportsthatarenotneeded.Forexample,mostdevicesmayblocktraffic
onport21,whichisused,byconvention,forftpfiletransfers.Unlessthedevicewilluseftp,
itisbesttoblocktrafficonthatporttomitigatetheriskofanattackerexploitinga
weaknessinftp.
Outgoingtrafficshouldalsobecontrolledwithfirewalls.Inparticular,weshouldnot
assumethatanytrafficoriginatingfromoneofourdevicesistrustedtraffic.Ifanattacker
wereabletoinfectacomputerwithmalicioussoftware,thatsoftwaremayattempttosend
informationfromthecompromiseddevicetoanattackercontrolledserver.
Valuableintellectualpropertyorconfidentialinformationmayresideonanumberof
devicesinyourbusiness.Theseareallpotentialtargetsforadatabreach.Onewayto
mitigatetheriskofdatalossistouseendpointencryption.Withendpointencryption,as
longasanattackerdoesnothavethedecryptionkey,theinformationonthedeviceis
inaccessible.
Thecombinationofantimalware,antispam,antiphishing,firewalls,andendpoint
encryptioncreateamultilayeredsetofdefensesthatcomplementeachother.Ifan
attackerisabletocircumventantiphishingmeasuresandlureavictimintodownloading
maliciouscontent,theantimalwaresoftwarecandetectit.Ifsomeoneisabletoinstalla
remotecontrolprogram,thefirewallmayblockitscommunicationswithacommandand
controlserver.Ifathiefwereabletostealalaptop,theconfidentialinformationonthe
devicecouldbeprotectedbyencryption.Inadditiontothesetechnicalrequirements,there
aremanagementissuesoneshouldconsiderforcompletesecurity.
ManagementRequirements
Securitysoftwareshouldbedeployedonallendpointdevices,soeaseofinstallationand
maintenanceisakeyrequirement.Oncethesoftwareisinstalled,itshouldbeconfiguredto
automaticallyupdate.Asnotedinthefirstarticleinthisseries,antimalwarevendorsare
detectingtensofthousandsofnewformsofmalwareeveryday.Tryingtokeepallendpoint
devicesuptodatemanuallywouldbeapooruseofstafftimeandwouldlikelyleadto
mistakesthatleavedevicesmorevulnerablethantheyotherwisewouldbe.
Antimalwareandotherendpointsecuritycontrolsshouldbeconfiguredtogeneratealerts
forusersandsystemsadministratorswhenspecifictypesofeventsoccur,suchasmalicious
contentisfoundinanemailmessage.Theseapplicationsshouldalsokeepalogof
significantevents.Thiscanbevaluableinformationforanalyzingasecuritybreachaswell
asunderstandingoveralltrendsandpatternsaffectingendpointdevicesassumingproper
securitymanagementreportingisinplace.
Antimalwareprogramsshouldsupportondemandscanningandshouldworkwith
removableaswellasfixedstoragedevices.
DanSullivan
Acommonmanagementconsiderationiscost.Theremaybecostadvantagestoprocuring
suitesofsecuritysoftwarethatincludeantimalware,antispam,antiphishing,firewalls,
andendpointencryptioninasinglepackage.Thesecontrolsmayalsobeavailablethrough
securityasaservicefromvendors.Thisdeliverymechanismavoidstheneedtoinstalland
maintainsecuritysoftwareonsite.
Summary
Endpointsofalltypesmustbeprotectedagainstcommonmalware,phishing,anddataloss
threats.Whenevaluatingsolutions,besuretoconsideroptionswithacomprehensivesetof
securitycontrolsandconsidersecurityasaserviceoptionsaswell.Alsokeepinmindthe
managementrequirementsaswellastechnicalrequirementswhenassessingthebestway
toprotectyourbusinessfrommalware,spam,phishing,anddataloss.
10
DanSullivan
Article3:StreamliningWebandEmail
Security
TheWebandemailsystemsaredigitalgatewaysintoyourbusiness.Yourcustomersand
businesspartnerscanmakeuseofyourWebapplicationstoconductbusinesswithyouand
manydependonemailforcommunications.Thesearevaluableassetstoanybusiness,but
theyarealsothemeansbywhichattackerscangainaccesstoyoursystemsandyour
confidentialinformation.Intodaysbusinessenvironment,itisimperativethatyouprotect
yourWebbasedassetsandsecureyouremailsystemstomitigatetheriskfromwell
knownthreatssuchasmalware,spam,phishing,anddataloss.
ThisfinalarticleintheSMBSecuritySeries:HowtoProtectYourBusinessfromMalware,
Phishing,andCybercrimedescribesthreatstoyoursystemsandprovidesguidelinesfor
protectingthosesystems.Inparticular,wewillexamine:
Malwareandattacksenteringyoursystem
Protectingnetworktraffic
Resourcesforaddressingsecurityrisks
Anexecutivechecklistforevaluatingoptions
Thesetopicsreflectthemultipledimensionsofsecuritythreatsandthecombinationof
measuresthatmustbeinplacetomitigatetheriskposedbythesethreats.
MalwareAttacksEnteringYourEnvironment
Malwareandotherformsofattackscanbecategorizedbythetypeofapplicationexploited,
includingemailsystems,Webbrowsers,andotherapplications.Wehavediscussedemail
basedthreatsincludingmalwareandphishinglures.Malwarecomesinmanyformsand
attackershaveusedemailasameansoftransmittingtheircode.Asimprovementsin
malwaredetectionandadvancesinoperatingsystem(OS)securitymakeitmoredifficultto
deliverandactivatemaliciousprograms,attackersareturningtoluringvictimsinto
infectingtheirownmachines.
Phishingluresarecraftedtoappearlikelegitimatemessages,forexample,anemail
messagemaycontainanattachmentlabeledRecruitmentPlanQ3.xlsalongwithabrief
messageaskingforreviewcomments.Thespreadsheetmaycontainmaliciouscodethat
exploitsavulnerabilityinanotherapplicationandultimatelyresultsinadditionalmalicious
codebeinginstalledonthecompromisedmachine.
Inadditiontophishingluresthatcarrymaliciouscodedirectly,someluresdirecttheir
victimstomalicioussites.Onceonthosesites,attackerscanusecrosssitescriptingattacks
andexploitbrowservulnerabilitiestodownloadmaliciouscontent.
11
DanSullivan
Ourownenterpriseapplicationscanbeusedagainstusaswell.Poorinputvalidation,SQL
injectionattacks,andotherformsofinjectionattackscanbeusedtomakeapplications
performoperationstheywerenotintendedtoperform.Forexample,anattackermaytake
advantageofpoorinputvalidationtocraftamaliciousSQLqueryonadatabase.Poorly
writtenprogramsmaysimplyassumethatallinputfromauserisvalidandrunitwithout
basicchecks.Thistypeofvulnerabilityisthebasisforthesuccessofinjectionattacksin
whichmaliciouscodeisinjectedintoanapplication.
Antimalwarecanhelpprotectyourbusinessagainstmalicioussoftwaredeliveredusing
emailortheWeb.Injectionattacksandrelatedapplicationvulnerabilitiescanbedetected
usingcodereviewsandvulnerabilityscanners.Inaddition,networktrafficcanbeanalyzed
andfilteredtofurthermitigatetheriskofsuchattacks.
ProtectingNetworkTraffic
Amultitierapproachisneededtoprotectnetworktrafficandbeginswithdefiningsecurity
policies.PoliciesdefineexpectationsforITprofessionalsandenduserswithregardsto
protectinginformationassets.ForITprofessionals,policesdefinewhatkindsofsecurity
controlsshouldbeused,suchasantimalware,firewalls,accesscontrols,andsoon.Policies
alsodefinehowthesecontrolsshouldbedeployedandconfigured;forexample,all
endpointsshouldhaveantimalwareandfirewallsdeployed.Policiesshouldtakeinto
accountthevaryingrequirementsofdifferenttypesofendpoints.Forexample,all
endpointsmayhavethesameconfigurationforantimalwarebutserversshouldhave
firewallsconfiguredaccordingtotheapplicationsrunontheserverandservicesprovided.
Alltraffic,bothincomingandoutgoing,shouldbescannedformalware,spam,andphishing
lures.Scanningtrafficshouldnotadverselyaffectotherservices,suchastimelyemail
delivery,sobesuretosizeserversandotherdevicesrunningsecuritysoftwaretomaintain
adequatethroughput.
Cybercrimeisaglobalthreat,andcompaniesexisttodaythatoffermonitoringservicesand
collectintelligenceoncybercrimeactivities.Forexample,monitoringcompaniesmaybe
abletodetectcommandandcontrolnodesinspamgeneratingbotnets.Informationabout
theseserverscanbeusedtoshutthemdownorprotectyournetworkfromtraffic
originatingwiththeseservers.
Thecombinationofantimalware,antispam,antiphishing,andfirewallsalongwith
monitoringandintelligencegatheringservicescanreducethechancesthatmalicious
softwareorlureswillmakeittoanenduser.Thisisimportantbecausewehumanscanbe
theweakestlinkinasecuritysystem.Asvictimsofphishingscamscantellus,wellcrafted
emailsorWebsitescanlureustoclickalinkoropenafilewithoutmuchthought.
12
DanSullivan
ResourcesforAddressingSecurityRisks
YourITstaffisyourprimaryresourceforaddressingsecurityrisks.Smallandmidsize
businessesoftendonothavetheabilitytohavededicatedsecuritystaffspecializingin
differentthreats.Itwouldnotbeunusualforthepersonresponsibleformanaging
MicrosoftExchangeServerstobethekeypersoninchargeofsecuringemailagainst
malwareandspam.Similarly,thesystemsadministratorresponsibleforservershosting
companyWebsitesandWebapplicationsmayalsobethegotopersonforapplication
security.Insuchcases,itcanbeadvantageous,andcosteffective,tobringinoutside
contractorsorconsultantsforshortperiodsoftimetomakeassessments,recommend
securitycontroloptions,andhelpimplementthem.
WeshouldkeepinmindtheexistingdemandsonITstaff.Theremayberoomtoplace
additionalresponsibilitiesforsecurityonyourstaff,inwhichcaseyoumaywanttohavea
completelyinhousesecuritysolution.IfyourITstaffisalreadyatmaximumcapacity
workload,thensecurityasaservicemaybeamoreappropriateoption.
ExecutiveChecklistforEvaluatingOptions
Executiveswillhavetomakechoicesabouthowtodeployresourcesandallocatefundsfor
informationsecurityforWebandemailservices.Whendoingso,remembertokeepin
mindtherisksandthreatstoinformationsystemsbecauseeachoftheserisksshouldbe
addressed.Theserisksinclude:
Malicioussoftware
Spam
Phishingattacks
Dataloss
Lossofcontrolofcomputingdevices,forexampleduetoabotnetinfection
Theoptionsforrespondingtothesethreatsinclude:
Definingpoliciesandproceduresspecifyinghowthecompanywilladdress
specificthreats
Implementingsecuritycontrols,suchasantimalware,antispam,antiphishing,
firewalls,anddataencryption
Implementingmanagementpractices,suchasreviewinglogsandgenerating
alertstonotifysystemsadministratorswhenadverseeventsoccur
Subscribingtoglobalmonitoringservicesthatprovideadditionalprotectionsnot
availabletoinhousesolutions,suchasblacklistingknownmalicioussites
13
DanSullivan
Thekeydecisionmakingcriteriaassociatedwiththischecklistarecostandeffectiveness.
Wecannoteliminaterisksandwecanonlymitigateriskstothepointwherethebenefits
outweighthecosts.Togetthegreatestbenefitfromoursecurityresources,weshould
prioritizesecurityneeds.Someresourcesaremorelikelytargetsthanothers.Ifyouhavean
applicationthatstoresfinancialinformationaboutcustomers,itshouldreceivesubstantial
attentionwithregardstoformulatingappropriatesecuritymeasures.Employeeowned
devices,suchassmartphones,shouldalsobecontrolled.Thedevicesthemselvesmaybe
ownedbyanemployee,buttheymayaccesshighlyvaluedcorporateinformation.Access
fromremoteconsumerdevicesshouldalsobeconsideredahighpriorityarea.
Summary
Smallandmidsizebusinessesarenotimmunetoinformationsecurityrisks.Malware,
spam,andphishingscamscanleadtodatabreaches,financiallosses,andcompromised
computingandnetworkresources.Securitysoftwareandpracticeshaveadvancedtothe
pointwhereyoudonotneedtohaveagroupofinhousesecurityexpertstoprotectyour
systems.Withtherightsecuritysoftwareandproperpoliciesandprocedures,smalland
midsizebusinessescanrealizesubstantialsecuritybenefits.Improvementsindelivering
securityasaserviceisopeninganewoptionforcompanieslookingtoimprovetheir
informationsecuritywithoutbringadditionalsystemsinhouse.
DownloadAdditionalBooksfromRealtimeNexus!
RealtimeNexusTheDigitalLibraryprovidesworldclassexpertresourcesthatIT
professionalsdependontolearnaboutthenewesttechnologies.Ifyoufoundthisbookto
beinformative,weencourageyoutodownloadmoreofourindustryleadingtechnology
booksandvideoguidesatRealtimeNexus.Pleasevisit
http://nexus.realtimepublishers.com.
14

The SMB Security Series

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The SMB Security Series

Uploaded by

Copyright:

Available Formats

How to Protect Your

Business from Malware,

You might also like