As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
In this session we'll cover:
The primary attack vectors you need to consider
Immediate actions you can take to limit the exposure of your XP assets
Warning signs to watch out for that could signal an attack
How to closely monitor your vulnerable assets with AlienVault USM
Cover your Assets: How to Limit the Risk of Attack on your XP Assets
1. Cover Your Assets: How to Limit the
Risk of Attack on your Windows XP
Assets
Tom D’Aquino – Sr. Security Engineer
2. ABOUT ALIENVAULT
AlienVault has unified the security products, intelligence and
community essential for mid-sized businesses to defend against
today’s modern threats
3. THE CHALLENGE
Windows XP is end of support and subsequently creating risk for your organization:
What does “end of support” mean?
How do you find out of date assets?
Are your out of date assets vulnerable?
Are your out of date assets being attacked?
What else can you do to manage the risk created by out of date assets?
Event correlation rules and reports
4. END OF SUPPORT DATES
As reported by Microsoft:
Available at http://windows.microsoft.com/en-us/windows/lifecycle
5. END OF SUPPORT CLARIFIED
As reported by Microsoft:
Available at http://windows.microsoft.com/en-us/windows/lifecycle
6. ATTACK VECTORS TO CONSIDER
Network Exploits – this is our traditional network worm, which is
exploiting a service running on our XP machine. A classic example of this
is the conficker worm that targeted a vulnerability in the server service in
Windows XP.
Browser-based attacks – this is our most common attack, where a user
is targeted as they are browsing the web (or are sent a malicious link in
an email) and an exploit targeting the browser or an enabled browser
plugin is used to compromise the machine.
Malicious Email attachments – another favorite, a malicious attachment
is sent with an email and an exploit targeting the program configured to
read the attachment is used (our most common target here is the PDF
viewer)
7. IMMEDIATE ACTIONS TO LIMIT YOUR RISK
Limit Inbound Network Access – place the XP machines on a dedicated network
segment and limit access by other machines in your environment. (This mitigates
Network Exploits)
Use a Non-Administrative Account – the majority of exploits targeting desktop
software are mitigated when the user account is a standard user. (This mitigates
Browser-based attacks and malicious email attachments)
Use a browser with a long-term support plan - Google Chrome is extending their
XP support until April 2015. If you do choose to browse, turn off your plugins (This
mitigates Browser-based attacks)
Read your email in your browser – leverage your email server’s web front-end and
be particularly conservative about the attachments you download and open. (This
mitigates Malicious email attachments)
Monitor your systems - The most important thing is catching an incident before it
turns into a problem.
8. WARNING SIGNS TO WATCH OUT FOR
Command and control traffic
Internal probing
Increased network activity
Connections with known malicious IPs
9. powered by
AV Labs Threat
Intelligence
USM
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software
Inventory
VULNERABILITY ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SECURITY INTELLIGENCE
• SIEM Event Correlation
• Incident Response
THREAT DETECTION
• Network IDS
• Host IDS
• Wireless IDS
• File Integrity Monitoring
WHAT TO DO ABOUT OUT OF DATE ASSETS
10. NOW FOR SOME Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Questions? hello@alienvault.com
Notas del editor
\
Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
Delivers 8 coordinated rulesets, fueled by the collective power of the Open Threat Exchange, to drive the USM security capabilities and identify the latest threats, resulting in the broadest view of attacker techniques and effective defenses.
Limit Inbound Network Access – place the XP machines on a dedicated network segment and limit access by other machines in your environment. Keeping these machines segmented will minimize the chances for these machines to be targeted and exploited. Limiting network access substantially reduces your chance of being targeted and compromised by network exploits. The assets you most need to be concerned about are running your business systems. The point of sale terminals at Target were running Windows XP embedded - cutting them off from the rest of the network would have done a lot! (This mitigates Network Exploits)Use a Non-Administrative Account – the majority of exploits targeting desktop software (web-browsers, java, adobe flash, adobe reader) are mitigated when the user account is a standard user. It is a disruptive task to try and migrate an existing user to a non-administrative account. Instead, try reducing the privileges of your existing user accounts. (This mitigates Browser-based attacks and malicious email attachments)Use a browser with a long-term support plan – if you can’t stop browsing the web from the Windows XP machine, at least use an up-to-date browser. Google Chrome is extending their support until April 2015. If you do choose to browse, please turn off your plugins This mitigates Browser-based attacksRead your email in your browser – using your up-to-date browser, (you are following recommendation 3 right?) leverage your email server’s web front-end and be particularly conservative about the attachments you download and open. (This mitigates Malicious email attachments)Monitor your systems – always check your work! The most important thing is catching an incident before it turns into a problem. Look out for command and control traffic, internal probing, increased network activity and other signs of an infection. Of course AlienVault USM is an excellent choice for this step! - See more at: https://www.alienvault.com/blogs/industry-insights/a-practical-approach-to-the-windows-xp-security-cliff#sthash.VZrW7Cna.dpuf