This document discusses common web attacks that companies face and how to protect against them. It outlines how malware spreads through bad links, advertising, and cross-site scripting (XSS) attacks. XSS can be used to redirect users to malicious sites or install malware through iframes. Up to 60% of malicious web traffic involves "Gumblar" attacks, which install malware to steal user credentials and data. The document recommends controlling web access through policy, monitoring usage, and using malware protection and a hosted security service for the best protection. It highlights the services, infrastructure, service level agreements and shared intelligence of MessageLabs to protect against web threats.
Kelly: Welcome to today’s session Anatomy of a Web Attack. Today, we will review an increasingly sophisticated and hostile environment that exists in today's Internet. In the case of those looking to harm your business, you have several things to consider. Our speaker Lee Rothman will walk you through the various types of attacks, the reason we think malware exists through the Web and what you can do to protect your business. Lee Rothman joined Symantec Hosted Services in 2006 as the principal system engineer of North America. Lee joined the engineering team with 10 years of Internet and security experience, specializing in Internetworking. Prior to Symantec Hosted Services, Lee spent several years as a sales engineer for a large integrator and was product marketing manager for a large Fortune 500 company. Lee acts as a product expert in North America and aids the Sales, Product, and Marketing teams. Lee, can you please take us through today’s session?
Today’s agenda is pretty simple. We are going to first go through the business challenges that companies face when it comes to the Web. I’ll then cover some statistics around the Web and how employees are using the Web in your organization. Finally, I will walk through a few examples of how attacks happen through the Internet. Finally, I will give some basic suggestions on how you can solve this problem.
Let’s first explore the business challenge. Disclaimer, Acme is not a real company. In this example, the Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats. As a business, Acme is really looking to solve these four issues. Productivity Offensive Materials Abuse of resources MalwareMost companies now face this challenge and are trying to manage this very real issue. Most companies haven’t really put a security issue in place because the security of the Web has not been an issue (or so they think) in their business. However, if we look at the data we can see some really compelling reasons why security for web should be considered.
Now that we know why they do it, what are the ways in which they get introduced to a company? I’ve put these types of attacks into 5 categoriesBad LinksAdvertisingXSSGumblar Web ServicesLet’s explore these categories in-depth.
Second, IT Managers should consider putting policies in place.
Third, IT Managers should consider monitoring their environments.
Lastly, IT Managers should be sure they have a malware protection place that is effective.
It’s important that we give a special thanks to our malware team in particular Martin Lee from our research and response team. Without his help, this webcast would not be possible.