|
Compromised Web Sites
There have been a number of incidents where bona fide web
sites have been compromised and code has been uploaded to
divert the visitor to a malicious web server. The end result
is much the same as Phishing, namely the threat of identity
theft and uploading of malicious code. One such attack
compromised 6,000 Italian Web sites with three Trojans over
6 days, using a malware toolkit that can be purchased for
around £500. The cost in terms of identity theft fraud and
loss of reputation to the companies whose sites were
compromised however could have been millions of pounds.
New Threats Need New Solutions
In additional to traditional web filtering, two additional
layers of security are required to provide adequate
protection against web threats:
Scanning of Java and ActiveX Code
With over 450,000 new instances of malware being detected
each year, pattern based scanning of executable code cannot
be relied on to provide reliable web security in isolation.
By analysing the behaviour of Java and Active X code
downloaded from the Internet however, and blocking the
execution of code that is trying to perform potentially
malicious activity, it is possible to stop a malicious web
site from running its exploit against your workstation to
upload the spyware or Trojan horse code.
Secure
Computing (now owned by McAfee) and
Trend Micro have
implemented Java and Active X scanning as part of their
Secure Web and
Interscan Web Security Suite products, and
are therefore able to protect you against the threats posed
by web sites that host malicious code.
Reputation Filtering
Reputation filtering enables a web proxy to take a decision
on the trustworthiness or reputation of a website that a
user is trying to connect to based on intelligence collected
in an intelligence database run by the major security
vendors. This data is acquired from multiple sources
including honeypot email accounts, ISP’s, email content
analysis and feedback from units installed in the field and
services to identify the IP addresses of Phishing and
malicious URL links currently in circulation in spammed out
emails as well as those of web sites found to be the source
of malicious code. By checking the destination of a web
request against the supplier’s reputation database, it is
possible to block web visits to known malicious or
compromised web sites even though they may not fit into any
URL list category, and may even belong to reputable
organisations. Secure Computing Secure
Web uses Secure Computing's Trusted Source service to
provide reputation based filtering of web browsing,
whilst Trend Micro use their implementation of web
reputation filtering for Interscan Web Security Suite..
Real Time
Categorisation
Whilst most vendors have URL
databases of tens of millions of URL's, these represent only
a fraction of all URL's on the internet. Both
Blue Coat and
Secure Computing Secure Web have implemented an "in the cloud" service
to classify unknown URL's "on-the-fly" by examining content
in the web page. By assessing the content of new web
sites in this way, it is possible to minimise access to
those types of sites most often associated with malware
(gambling, pornography etc).
These new techniques provide
far better security for web connections than products that
were previously available. By combining a web security
system with robust email security to screen out spammed out
links in emails, organisations can minimise their exposure
to today's web threats. As IT Security specialists,
Clearview Systems will advise you on which products will
best meet your needs and arrange evaluation hardware or
software for you to test in house prior to making a
purchase. Please click here to
contact us. |
