virtual techdays india │ 9-11 february 2011 safe browsing experience for your home & office...
Post on 21-Dec-2015
216 views
TRANSCRIPT
virtual techdaysINDIA │ 9-11 February 2011
Safe Browsing Experience for your Home & Office
M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation
2
Agenda• After attending this session you will be able to:
– Understand online threat landscape– Get some tips on family safety & secure browsing
at home– See some of the new security features of Internet
Explorer in action
3
Primary Online Risks & Threats
Your computer• Viruses• Worms• Trojans• Spyware
Your family• Cyberbullies• File sharing abuses• Invasion of Privacy• Disturbing Content• Predators
Yourself• Online fraud• Phishing• Hoaxes• Identity theft• Spam
4
What can you do?
Your computer1. Use an
Internet firewall.2. Keep your operating
system up-to-date.3. Install and maintain
antivirus software.4. Install and maintain
antispyware software.
Your family1. Talk with your kids &
set clear rules.2. Keep personal
information private.3. Use individual
accounts & passwords
4. Use family safety software & monitor usage.
Yourself1. Practice Internet
behavior that lowers your risk.
2. Manage your personal information carefully.
3. Use anti-phishing and anti-spam technology.
5
Family Safety with Windows 7, Windows LiveSet up individual accounts
Contact management
Limit access to PC, Web sites, games
View reports of kids’computer use
Limit access toPrograms
Enhancing Online Trust & Confidence
6
Freedom from intrusion
Choice and controlClear notice of information useProvide only what is needed
Control of information
Browser & Web Server ExploitsProtection from deceptive websites, malicious code, online fraud, identity theft
Protection from harm
Social Engineering & ExploitsReduce unwanted communications
Enhancing Online Trust & Confidence
7
Freedom from intrusion
Choice and controlClear notice of information useProvide only what is needed
Control of information
Browser & Web Server ExploitsProtection from deceptive websites, malicious code, online fraud, identity theft
Protection from harm
Social Engineering & ExploitsReduce unwanted communications
International Domain Name Anti-SpoofingPop-up Blocker in Increased usability
User-friendly, discoverable noticesP3P-enabled cookie controlsDelete Browsing HistoryInPrivate™ Browsing & Blocking
Secure Development LifecycleExtended Validation (EV) SSL certsSmartScreen® FilterDomain HighlightingXSS Filter, DEP/NXActiveX Controls Lockdown
8
Domain Highlighting• Helps you to more accurately ascertain the
domain of the site you are visiting. • The domain is black, other characters are gray.
9
SmartScreen® Filter
10
XSS Filter• XSS Attacks:
– Steal cookies & history– Log keystrokes– Deface sites– Steal credentials (of a sort)– Port-scan the Intranet– Abuse browser/AX vulnerabilities– Evade phishing filters– Circumvent HTTPS
11
Delete Browsing History• More Granular
Control & Utility• Can Preserve Favorite
Data while deleting all other data retained by the browser
12
InPrivate• InPrivate Browsing
– Enables “leave no tracks” locally (cookies, cache & history)– Value when using public PCs & shopping for gifts on a shared
PC. • InPrivate Blocking
– Helps to put users in control of their info to third-party sites. – Assess, on an ongoing basis, user exposure to third-party
content.– Helps to prevent information disclosure by automatically
blocking high-frequency third-party content from sites users visit.
13
New in IE 9• Improved Application Reputation
– Uses reputation data to remove unnecessary warnings for well-known files, and show more severe warnings when the download is a higher risk of being malicious
• Improved SmartScreen Filter– Helps protect users from malware and phishing sites
• Malvertizing Protection– On some occasions a trustworthy site may inadvertently embed a
malicious advertisement that can be used to attack you. IE9 helps protect you from risks such as these
14
Deployment challenges?• The most IT friendly browser, with tools to
manage and deploy– Nearly 1500 group policies– Ability to set preferences using IEAK– Integration with Windows to ensure ease of
deployment
15
Some GP Examples for IE SecurityGroup Policy SettingTurn off Managing Phishing Filter AutomaticTurn off “Delete Browsing History functionality” EnableSecurity Zones: Do not allow users to change policies Enable
Security Zones: Do not allow users to add/delete sites Enable
\Internet Control Panel\Disable the Security page Enable\Internet Control Panel\Prevent ignoring certificate errors
Enable
\Internet Control Panel\Security page\Turn on automatic detection of the intranet
Enable
\Internet Control Panel\Security page\ Turn on information bar notification for Intranet content
Enable
16
Feeling Secure Already?
• Domain Highlighting
• SmartScreen Filter
• XSS Filter
• Delete Browsing History
• InPrivate Browsing
• IE 9 Security
Secure, reliable, and privateLeading malware protection
Over 1 billion malware blocks Always improving efficiency
160 million phishing blocks
SmartScreen download reputation
Internet Explorer 9
Firefox
Safari
ChromeOpera
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
85%
29% 29%17%
0.5%
Malware Block RateSource: NSS Labs Socially En-gineered Malware Test Report
virtual techdaysINDIA │ 9-11 February 2011
Have a safe browsing experience with:
THANK YOU !