1 / 28

Recent Security Threats & Vulnerabilities Computer security

Recent Security Threats & Vulnerabilities Computer security. In. Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Spring 2004 – Edinburgh, UK. Work supported by U. S. Department of Energy contract DE-AC03-76SF00515. Windows. Worms Windows AD & SUS for patching Viruses

lilike
Download Presentation

Recent Security Threats & Vulnerabilities Computer security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Recent Security Threats & VulnerabilitiesComputer security In Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Spring 2004 – Edinburgh, UK Work supported by U. S. Department of Energy contract DE-AC03-76SF00515

  2. Windows • Worms • Windows AD & SUS for patching • Viruses • Web exposures (IE) • Leaked code for WinNT & Win2K HEPiX - Spring 2004

  3. MSBlaster Released MSBlaster at SLAC HEPiX - Spring 2004

  4. Sasser Experience (MS 04-011) • Patched Quickly • Servers within 10 hours • All workstations within 80 hours • VPN changes • No access to local drives of desktops • Firestorm of protest • Disappeared after dust settled (Citrix & RDP) • Ongoing problems w/ unpatched systems HEPiX - Spring 2004

  5. AD & SUS for patching • Problematic patching • Office vs.Windows Update • Front Page DLL’s • MDAC • Machine vs. User GPOs • SUS Update times • New Installs • XP SP2 has many improvements (in 2005) HEPiX - Spring 2004

  6. The way we were … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL HEP Accelerator HEPiX - Spring 2004

  7. The way we were … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL HEP Accelerator HEPiX - Spring 2004

  8. The way we were … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL HEP Accelerator HEPiX - Spring 2004

  9. The way we were … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL HEP Accelerator HEPiX - Spring 2004

  10. The way we were … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL HEP Accelerator HEPiX - Spring 2004

  11. The way we are now … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL Servers HEP Accelerator HEPiX - Spring 2004

  12. The way we are now … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL Servers HEP Accelerator HEPiX - Spring 2004

  13. The way we are now … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL Servers HEP Accelerator HEPiX - Spring 2004

  14. The way we are now … Internet Visitor BaBar Detector SLAC Basic BSD-Private Remote access BSD SSRL Servers HEP Accelerator HEPiX - Spring 2004

  15. Viruses • More sophistication (Bobax and Kibuv) • Zip files • Encrypted zip files • From microsoft.com • From security@<your-domain-name> • Run automatically • Leave backdoors; smtp for spam HEPiX - Spring 2004

  16. IE Exposures • Numerous unpatched vulnerabilities • Cannot escape IE (but can control) • Unclear how much XP SP2 will fix • There is still problem of user knowledge HEPiX - Spring 2004

  17. Unix & Linux • Local Exploits = Remote Exploits • mremap (2 times) • ASN.1 • do_brk • Solaris: vfs_getvfsws() • CDE dt….. • Xfree86 • yp* HEPiX - Spring 2004

  18. Universities & Labs • Exploits against Solaris, AIX, Linux • Attacker(s) seem sophisticated • Install SK rootkit on Linux • Install trojaned sshd • gets passwords from keyboard/tty entry • accesses RSA keys • Cracks yp or kerberos password files • One time password tokens are in your future HEPiX - Spring 2004

  19. Cisco • Router • BGP (TCP problem) • Wireless access points • PIX • Stolen code for IOS HEPiX - Spring 2004

  20. Security Software • Checkpoint • Black Ice • Zone Alarm • ISS RealSecure (IDS) • TCPDump / Ethereal • Norton anti-virus • PIX HEPiX - Spring 2004

  21. Macintosh • USB Keyboard - ^C gives local root • Apple File Server bo • Quicktime bo • URL processing in Terminal app • Safari – Help system bo • Volume URI handler registration (no fix) HEPiX - Spring 2004

  22. Other Software • Grid – Slashdot & 2600 • IM software – AIM & Yahoo Messenger • CVS • RealPlayer • Winzip • Web HP JetAdmin • Acrobat Reader 5.1 • Dameware & Serv-U HEPiX - Spring 2004

  23. DameWare How I spent my Christmas vacation HEPiX - Spring 2004

  24. DameWare (2) • Over 13 different Warez kits installed • 30 compromised machine, half used for scanning other systems • ftp speed tests were run to measure suitability for storing warez • Serv-U ftp and Radmin installed at random port numbers. • Look at Hacker Defender – rootkit for Windows available in source to avoid AV scanners HEPiX - Spring 2004

  25. Email • Evils of HTML email • It’s big & it hides bad stuff • Phishing scams • Citibank, eBay, PayPal • Outlook 2003 setting (reg for Outlook XP) • didtheyreadit.com HEPiX - Spring 2004

  26. Outlook 2003 Tools -> Options -> Preferences HEPiX - Spring 2004

  27. didtheyreadit.com • Email tracking using transparent gif image • Not clear how they track time open • Follows forwarding of email • Technically easily defeated • but most don’t know how HEPiX - Spring 2004

  28. Final Thoughts • Attacks coming faster; attackers getting smarter • Complex attacks using multiple vulnerabilities • No simple solution works • Patching helps • Firewalls help • AV & attachment removal help • Encrypted passwords/tunnels help • You can’t be “secure”; only “more secure” • We must share information better • HEPiX Security email list – do we need a PGP encrypted remailer? HEPiX - Spring 2004

More Related