|
Compromised Web Sites
There have been a number of incidents where bona fide web sites have
been compromised and code has been uploaded to divert the visitor to
a malicious web server. The end result is much the same as Phishing,
namely the threat of identity theft and uploading of malicious code.
One such attack compromised 6,000 Italian Web sites with three
Trojans over 6 days, using a malware toolkit that can be purchased
for around £500. The cost in terms of identity theft fraud and loss
of reputation to the companies whose sites were compromised however
could have been millions of pounds.
New Threats Need New
Solutions
In additional to traditional web filtering, two additional layers of
security are required to provide adequate protection against web
threats:
Scanning of Java and
ActiveX Code
With over 450,000 new instances of malware being detected each year,
pattern based scanning of executable code cannot be relied on to
provide reliable web security in isolation. By analysing the
behaviour of Java and Active X code downloaded from the Internet
however, and blocking the execution of code that is trying to
perform potentially malicious activity, it is possible to stop a
malicious web site from running its exploit against your workstation
to upload the spyware or Trojan horse code.
McAfee and
Trend Micro have implemented Java and Active X scanning as part
of their
Web Gateway and
Interscan Web Security Suite products, and are therefore able to
protect you against the threats posed by web sites that host
malicious code.
Reputation Filtering
Reputation filtering enables a web proxy to take a decision on the
trustworthiness or reputation of a website that a user is trying to
connect to based on intelligence collected in an intelligence
database run by the major security vendors. This data is acquired
from multiple sources including honeypot email accounts, ISP’s,
email content analysis and feedback from units installed in the
field and services to identify the IP addresses of Phishing
and malicious URL links currently in circulation in spammed out
emails as well as those of web sites found to be the source of
malicious code. By checking the destination of a web request against
the supplier’s reputation database, it is possible to block web
visits to known malicious or compromised web sites even though they
may not fit into any URL list category, and may even belong to
reputable organisations.
McAfee Web Gateway uses
McAfee's Trusted Source service to provide
reputation based filtering of web browsing, whilst Trend Micro use
their implementation of web reputation filtering for Interscan Web
Security Suite..
Real Time
Categorisation
Whilst most vendors have URL databases of tens of millions of URL's,
these represent only a fraction of all URL's on the internet. Both
Blue
Coat and
McAfee Web Gateway have implemented an "in the cloud"
service to classify unknown URL's "on-the-fly" by examining content
in the web page. By assessing the content of new web sites in
this way, it is possible to minimise access to those types of sites
most often associated with malware (gambling, pornography etc).
These new techniques provide
far better security for web connections than products that were
previously available. By combining a web security system with robust
email
security to screen out spammed out links in emails,
organisations can minimise their exposure to today's web threats. As
IT Security specialists, Clearview Systems will advise you on which
products will best meet your needs and arrange evaluation hardware
or software for you to test in house prior to making a purchase.
Please click here
to contact us.
|