190 likes | 322 Views
IT Security Awareness Dangers in the Networked World. Lai Zit Seng NUS School of Computing. Topics. History: Recent Worms What is Security Why Worry What’s Happening in SOC. History – Code Red. Struck on 12th Jul 2001 Public announcement on 17th Jul 2001
E N D
IT Security AwarenessDangers in the Networked World Lai Zit Seng NUS School of Computing
Topics • History: Recent Worms • What is Security • Why Worry • What’s Happening in SOC
History – Code Red • Struck on 12th Jul 2001 • Public announcement on 17th Jul 2001 • CERT announcement on 19th Jul 2001, and again on 26th Jul 2001 • Exploited buffer overflow in IIS • CERT published advisory on 19th Jun 2001 • Patch available from MS since 18th Jun 2001 • Estimated $2B in damages (Aug 2001) • Source: Computer Economics (quoted by NewsFactor.com)
History – Slammer Worm • Struck on 25th Jan 2003 • Infected 75K hosts • Our own NUSNET “melted down” for hours • Elsewhere: Disrupted ATMs, 911 systems • Exploited MS-SQL and MSDE vulnerabilities • Patch available from MS since 10th Jul 2002 • CERT advisory 29th Jul 2002 • Estimated US$1B in damages • Source: Mi2g
History – W32/Blaster • Struck on 11th Aug 2003 • Exploits RPC vulnerabilities • CERT advisory on 17th Jul 2003 • Patch available from MS since 16th Jul 2003 • Unprecedented damages • Mi2g estimates $32.8B in economic damages (together with other malware of Aug 2003)
History – Other Incidents • Apache/mod_ssl worm • CERT advisory 14th Sep 2002 • Vulnerability published by CERT since 30th Jul 2002 • Nimda worm • CERT announced 18th Sep 2001 • Exploits vulnerability for which patch available from MS since 29th Mar 2001
Security Triad • Confidentiality: Ensuring that data contained in an information system is accessible only to those authorized. • Integrity: Ensuring that data contained in or functions carried out by an information system is correct. • Availability: Ensuring that an information system is accessible to those authorized to use it.
Why Worry • Advances in technology: Convenience, cost, availability • Pervasiveness of networked computing • Network convergence: Single network for Voice, Video and Data • Human Issues: • Social Engineering
Why Worry – cont’d • Infrastructure/Operations • ATMs, Power Grid etc exposed to Internet • Various risk exposures: Confidentiality, Integrity, Availability • Zero-Day exposures • Phishing attacks • Risks are outstripping safeguards
1988 Exploiting passwords Exploiting known vulnerabilities Today Exploiting protocol flaws Examining source code for security flaws Abusing public servers Installing sniffers Source address spoofing DoS, DDoS Widespread automated scanning Changes in Intrusion Profile
Incidents Reported to CERT/CC From: CERT/CC Website
How many incidents? From: 2004 CSI/FBI Computer Crime and Security Survey
How many incidents from Outside? From: 2004 CSI/FBI Computer Crime and Security Survey
How many incidents from Inside? From: 2004 CSI/FBI Computer Crime and Security Survey
SOC IDS Activity Statistics for 1st Oct 2004: • 238155 IDS log entries • 42578 runs of portscanning activities • 12908 incidences of Windows/SMB traffic anomaly • 209 accesses to our honeypot
SOC Network VA Statistics As on 8th Oct 2004: • 37 machines denied network access (due to enforcement) • 185 critical vulnerabilities unfixed
Security Lab • Objective: • Enable learning and experimentation relating to IT Security • Setting up experiments and playground for anyone interested in IT Security • Activities relating to SIG^2 NUS Chapter • Servers, desktop computers and network equipment • Look out for upcoming news
Questions and Answers Lai Zit Seng Email: laizs@comp.nus.edu.sg