Internet Security - What You Can Do To Protect Your Business

Symantec’s release of their Internet Security Threat Report reveals that in 2009, the greatest contributors for security threats were related to poor patches for existing security flaws.

Last year saw an increase in amount of malware created, as well as an ever-increasing level of sophistication and attack automation.

Surprisingly, the country with the greatest percentage of origins of attacks is the US.

Rank    Country            Percentage

1        United States    34%
2        China                 7%
3        Brazil                  4%
4        U Kingdom        4%
5        Russia               4%
6        Germany            4%
7        India                   3%
8        Italy                     2%
9        Netherlands      2%
10      France                2%

Top countries of origin for Web-based attacks  Source: Symantec

Web based attacks seem to be the flavor du jour for the criminal elements. But interestingly, PDF-based download exploits increased from 11% in 2008, to 49% in 2009. The old warhorse, Internet Explorer, is still taking a beating as the second most attacked application, weighing-in at 18% of web-based hostility in 2009. Some things never end.

However, it’s important to note that browser exploits are definitely a preference among hackers.

Mozilla Fire Fox saw the greatest increase in new vulnerabilities, in 2009, with 169. Safari had 94 new vulnerabilities in 2009; Internet Explorer had 45; Chrome with 41 and Opera had 25.

The United States likes being number one, and it occupies that spot in several categories, unfortunately, in this report.

In 2009, the US ranked number one for:

1. Overall malicious activity.
2. Sub-category: Malicious code
3. Phishing hosts.
4. Bots
5. Origin of attack

And the US led the way with 19% of all malicious activity. The number two country, China, came in at a distant 8%.

Here are several security best practices guidelines quoted from Symantec:

• Employ defense-in-depth strategies, which emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method.
This should include the deployment of regularly updated antivirus, firewalls, intrusion detection, and intrusion protection systems on client systems. Using a firewall can also prevent threats that send information back to the attacker from opening a communication channel.

• Administrators should update antivirus definitions regularly to protect against the high quantity of new malicious code threats and ensure that all desktop, laptop, and server computers are updated with all necessary security patches from their operating system vendor. IDS, IPS, and other behavior-blocking technologies should also be employed to prevent compromise by new threats.

• Always keep patch levels up to date, especially on computers that host public services and applications— such as HTTP , FTP, SMTP, and DNS servers—and that are accessible through a firewall or placed in a DMZ.

• Perform both ingress and egress filtering on all network traffic to ensure that malicious activity and unauthorized communications are not taking place.

• Consider using domain-level or email authentication in order to verify the actual origin of an email message to protect against phishers who are spoofing email domains.

• Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif, and .scr files.

Share/Save/Bookmark

Tags: , , , , , , , , , , ,

Like this post? Subscribe to my RSS feed and get loads more!