My name is Naveed Babar, an Independent IT Expert and researcher. I received my Masters Degree an IT. I live in Peshawar, Khyber Pakhtunkhwa, Pakistan. Buzzwords in my world include: Info tech, Systems, Networks, public/private, identity, context, youth culture, social network sites, social media. I use this blog to express random thoughts about whatever I am thinking.

Friday, October 22, 2010

Danger of Web Attacks Safe Your Network



The problem of Web-borne threats is not theoretical: millions of users have been impacted and the threat is getting worse. Today, Web threats are more numerous and more virulent than those that are delivered in email, and it is easier to be infected by them. Further, blended threats in which links to malicious Web sites are delivered in email, instant messages or through social networking communications are becoming more popular, making the simple act of Web surfing a potentially devastating threat to corporate networks and security.

The problem is going to get worse for two reasons:

• Most Web pages and sites are not adequately protected from infection, such as SQL injection attacks or cross-site scripting, leaving them vulnerable to exploitation by malware authors.
• Defenses against Web-borne threats are not as extensive as those protecting organizations from threats delivered through email.
• When presented with a threat delivered through email or instant messaging, users generally have to do something, such as click on a link in a message – with Webbased threats, nothing more than visiting a Web page is required to become infected.

However, the Web is also fraught with risks, such as malware that can be downloaded to a network or an individual’s computer by doing nothing more than simply visiting a Web site. 
Further, even Web sites that are legitimate for use in a business context can serve as a source of these threats there are thousands of examples of otherwise valid Web pages and entire sites that have become a source of malware ranging from simple keystroke loggers to much more malicious content.

After email, the World Wide Web is among the most important tools available to people who use a computer as they perform their job. It offers a ready source of current information, an infrastructure for developing various types of content, and a platform for communications and collaboration.

WHAT SHOULD YOU DO?
Clearly, every organization must do something to protect itself against these threats. Among the many things that can be done is to implement any of the growing number of Web security capabilities that are available. While on-premise solutions are available that will provide robust protection against Web threats, hosted solutions offer some unique advantages, including lower costs, more proactive threat protection, lower impacts on bandwidth and storage, and the ability to free IT staff for activities that might provide more
value to an organization. 

THE WEB REPRESENTS A GROWING THREAT VECTOR
For the past several years, email has represented the most serious threat vector for organizations of all sizes – viruses, worms and other forms of malware have all been delivered via email for many years. However, Web-borne malware is now more common than malware that enters an organization through email as demonstrated by the following statistics from MessageLabs Intelligence Reports:
• Email-borne malware dropped from 0.85% of all email in 2007 to 0.70% in 2008.
• The number of Web sites that carry malware increased from 1,068 new sites discovered per day in January 2008 to 5,424 per day in October 2008, an increase of more than 400% in just nine months.
• In July 2008, 83.4% of all the Web-based malware intercepted was newly discovered as a result of an increased number of SQL injection attacks. 
One of the fundamental problems with Web-based attacks is that literally hundreds of thousands of Web sites can serve as infection points – even legitimate Web sites can infect a network. For example, the Web sites of Business Week1, the Miami Dolphins2, Audi Taiwan3 and the United Nations4 have all been infected during the past few years, infecting visitors who do nothing more than view the content on these sites.
Further, new Web sites are created every day and search engines can make virtually countless numbers of Web sites available in real time that will not be pre-screened by many conventional Web-filtering solutions. For example, during the 24 hour-period ended March 9, 2009, more than 125,000 new domains came online5, representing the potential for well over one million new Web pages, any of which can be harboring an infection that can impact corporate networks and individual computers.

THERE ARE A VARIETY OF NEGATIVE IMPACTS
What can happen as a result of an infection that originates from simply visiting an infected Web page? The quite serious consequences include:
• Malware can be downloaded automatically that can intercept keystrokes or other sensitive content. The result can be loss of login credential and consequent use by hackers, loss of financial information or trade secrets, and otherwise compromised network security.
• Bandwidth and network performance can become strained as malware, bots and other malicious content uses bandwidth in the corporate network. The result can be poor network performance, slow email delivery, and slow Web access.
• Storage costs increase because of spyware downloads and other malicious content occupying taking space on the corporate network. 
Further, mobile and remote users are making the problem worse because many of the endpoints, such as mobile devices or home computers that access corporate networks, are not adequately protected against Web-borne threats and so represent an ingress point for all sorts of malicious content.

What Can You Do About the Problem?

There are a variety of things that organizations can do to address the growing problem of 
Web-based threats, although some of the practices and procedures that organizations can 
implement will be more effective than others.



MAKE POLICIES FOR EMPLOYEE USE OF THE WEB

One of the first and most important things that organizations should do to address the Web 
threat problem is establish formal and detailed policies for their employee’s use of the 
Web. Many organizations do not have adequate Web-use policies, if they have them at 
all. Any employee-focused policy on use of the Web should address the types of Web sites 
that employees are allowed to visit and 
those that are not permissible. Obviously,or
anizations may also want to 
ban non-business sites, as well. Various 
s
tudies over the years have found.



ESTABLISH WEB ANTI-VIRUS AND ANTI-SPYWARE PROTECTION
However, policies for appropriate use of the Web – no matter how specific they are, how 
well they are followed or how well they are enforced – cannot prevent most malware from 
entering a corporate network. As noted earlier, even legitimate, business-oriented Web 
sites have been subject to SQL injection attacks and other forms of infection, and so antivirus 
and anti-spyware tools must be deployed throughout the network. Preferably, these 
capabilities will be deployed both at the server or gateway level and also at the end user 
level. Deploying these capabilities on individual desktop machines, laptops and mobile 
devices will provide the added benefit of protecting against threats that might enter via a 
USB storage device or from a CD-ROM that a user brings from home, for example.

BLOCK NON-BUSINESS-RELATED WEB SITES
Another option that should be considered is the deployment of URL filtering tools that will 
block access to non-approved Web sites. Many organizations have deployed these filters, 
albeit with varying levels of success. While URL filters can be useful, they can rarely keep 
up with the new threats that enter the Web on an hourly basis and for which no signature 
has been created in the tool. Further, URL filters can generate significant levels of false 
positives – blocking Web sites that appear to be suspicious but might have a legitimate 
business purpose.


FILTER CONTENT FOR UNWANTED FILE TYPES
Another capability that can be implemented in an effort to block Web-based threats is 
content filtering designed to block unwanted file types. Blocking file types based on their 
content can be useful in preventing some types of Web threats from entering a network, 
particularly files that are traditionally known to be associated with malware, such as .scr 
or .pif. These systems can also block file types that are generally not used in a legitimate 
business context, such as .mp3, .jpg or .mov files. In addition to preventing some Web 
threats from entering a network, content filtering tools provide the added benefit of storage 
and bandwidth savings by blocking audio, video and other files that can consume large 
quantities of both.

No comments:

Comments

Search This Blog

Followers