Security experts detail Web threat types and their defense methods

Author: Legend: BKJIA

Enterprises and their employees are increasingly dependent on the internet, whether at home, on the road, or in the office. This dependence, combined with a variety of the latest Web threats, will make enterprises more vulnerable and more vulnerable to attacks than ever before. Web attacks over the past six months have all had a distinctive feature. without user intervention, these threats can enter the network, seriously threatening the data security and work efficiency of enterprises, until the enterprise's final interests.

In addition, due to the diversity of Web content and forms, the threat patterns are constantly updated. For example, the SQL injection attacks that have affected many websites in the past have adopted different methods. Attacks exploiting the Flash player vulnerability a few days ago also reflect the variability and impermanence of such threat forms. In the face of new threats, strengthening defense is the only way to win.

Types of Web threats

Although the types mentioned here cannot represent all, they represent at least some of the most serious Web threats. Today's hackers are increasingly smart, and they realize that it is far more cost-effective to "get out of the Internet" than to show off their skills.

Some time ago, there were hackers' hands and feet in the "Photo exposure" Incident and the "relief video" during the earthquake relief period. They often used interesting things to attract victims, the so-called bait. I don't know, these superficial things often contain malware or even rootkit programs. According to Symantec's survey, the following are the most dangerous Web threats:

Vulnerabilities in trusted websites: we all think that large and well-known websites are relatively secure. Hackers also know this. They will try to modify the webpages of these websites and redirect users' browsers to their specially crafted malicious websites. This malicious site looks very credible. However, when users enter personal information, they "eat ". If you eat something, you still need to plant something (such as spyware) on your system, or destroy your email address book and spread spam freely.

Browser and browser plug-in vulnerabilities: a few days ago, we saw some security experts suggested not to use IE. In fact, other browsers are not impeccable, but there are not many vulnerabilities yet, or the degree to which attackers are concerned is not high enough. Regardless of the browser, attackers can exploit its vulnerabilities or plug-in vulnerabilities to download and install malware on users' computers, or direct users to a malicious site.

End users: Many attackers start from end users. Many enterprises face threats mainly due to their imperfect security policies for laptops, desktop systems, servers, and unprotected mobile devices. Such as empty passwords and firewall shutdown.

Removable storage devices: malicious software can be easily transmitted from external devices to the network system due to the rapid popularity and use of USB flash drives, mobile hard drives, MP3, MP4, and other devices. Plug-ins inserted into the iPod can also be an important medium for stealing system data.

Phishing: when talking about new Web threats, I mentioned that online scammers counterfeit fake websites like financial websites to spoof consumers. They can also trick consumers into entering their personal confidential information in e-mails in the disguise of financial companies.

BotNet: attackers use hidden programs to control a large number of computer systems and execute multiple tasks, such as sending spam and launching DoS attacks.

Key Record Program: a hacker installs a program on the user's system that records user's keys, and secretly sends the recorded results to the hacker's email address.

Multiple Attacks: hackers use a combination of multiple tactics to steal users' sensitive information.

In addition, attackers can use spyware to steal confidential personal information and spread viruses, spyware, and Trojans through spam.

These threats do not represent all of them. The current web threats are increasingly integrated and evolving in depth. In the past, attackers mainly used operating system vulnerabilities and are now more and more interested in application software vulnerabilities. Previous SQL attacks can be detected, but are becoming increasingly difficult. hackers used to control one or two computers, now, you can use a website to attack other websites, infect users, and build botnets to launch distributed denial of service (DDoS) attacks ). Therefore, any enterprise should pay attention to the diversity and diversity of preventive measures and do not rely on a pure technology. With UTM, everything is fine. Therefore, the author provides the following methods to defend against Web threats:

Block access to malicious servers

Enterprises should establish a list of malicious sites and immediately block such attempts when desktop users attempt to open webpages of known malicious servers using firewalls, UTM and other devices. This not only helps security, but also saves a lot of bandwidth and network resources.

Only allow access to the mobile code of a trusted site

Mobile Code is a computer program that can spread between computers or networks. Without authorization, it can modify computer systems. For example, ActiveX, Java Scripts, and Rootkit all belong to mobile code. Although Mobile Code makes the web more lively and dynamic, it also provides attackers with the convenience of entering the desktop computer,

Gateway Scan

Do not assume that the user must have the latest anti-virus definition, run firewall and other software, or think that the computer being accessed is well managed. Before a threat enters the network, enterprises can use the gateway to scan malicious code in a centralized manner to easily control all incoming Web communications.

Scan desktops and Web gateways by software and hardware of different vendors

Do not hold a tree to death. Because modern attacks were tested against some popular anti-virus mechanisms before they were released. Enterprises should use the diversity of malicious code scanning tools to enhance their threat detection and blocking capabilities.

Update desktop and server patches frequently

The reason for this is that there are often new vulnerabilities. Not to mention zero-day vulnerabilities, as long as we realize that most attacks are spread by using unpatched applications and systems, we will consciously patch the system.

Install anti-virus programs on the desktop and keep them up to date.

Enterprises should warn users not to think that installing anti-virus programs will affect performance and disable them. A computer that does not have anti-virus programs installed and can be upgraded should not be connected to the Internet or the enterprise intranet, nor should it access CDs and mobile storage devices.

Only allow access to HTTPS websites that are checked by all browsers

Most users do not understand the meaning of the three SSL browser checks, or why they cannot access websites that have not passed all three checks. SSL check refers to the expiration certificate, untrusted issuer, and host mismatch between the certificate and the requested URL.

Download executable programs from trusted websites only

Many users have this experience. When installing a download tool, it requires access to the network. However, this access is unnecessary for general users because we only need its current functions. Second, it is highly risky because ordinary users do not know the specific behavior of accessing network programs, in addition, it cannot guarantee the real security of the accessed network. Moreover, many malware are now released by combining themselves with a program that looks like "loyal. When such programs are executed, the malware will do whatever you want.

Do not access websites with IP addresses as servers

Recently, some attacks have used home computers with simple Web Servers installed and damaged. Most victims are directed to their home computers through IP addresses, rather than domain names. In fact, all websites that are truly valid use the host name in the URL.

Enter the website URL carefully to avoid incorrect input.

No normal user is willing to access a malicious site, but why are they still making repeated moves? Incorrect domain name input for some well-known websites will lead users to some websites that have long been lurking there waiting for users to hook up. In addition, if your browser has not been installed with the latest patch, it may also be vulnerable to drive-by download (drive-by download) Installation of malware.

Conclusion

The above defense means show that most of the measures require the cooperation of employees or users of the enterprise. Because they are the weakest link in the network chain. Therefore, we need to strengthen security education for employees, enhance user security awareness, and improve the prevention awareness of all staff so as to truly deal with ever-changing threats.