230 likes | 383 Views
Protecting Networks. Hackers, worms, and other things that can ruin your day…. Discussion Points. Introduction Security, privacy, and governance Security lingo – don’t be scared Security threats Security solutions A couple war stories Open for discussion. Security, Privacy, & Governance.
E N D
Protecting Networks Hackers, worms, and other things that can ruin your day…
Discussion Points • Introduction • Security, privacy, and governance • Security lingo – don’t be scared • Security threats • Security solutions • A couple war stories • Open for discussion
Security, Privacy, & Governance • Evolution of security • Privacy and Data Protection • USA • Europe and elsewhere • Governance issues • Operational risk concept (Basel II) • Network and IT governance • Growing complexity
Security and Privacy Evolution sysadmin / IT CIO Everyone Security Privacy System Controls Protect Resources Protect Data Protect Information Time, Awareness, & Law
Source: http://www.privacyinternational.org/survey/dpmap.jpg
Laws & Regulations HIPAA California State Bill 1386 Gramm-Leach-Bliley Act (GLBA) EU Data Protection Directive Basel II
Security Threats • Hackers and criminals • System and network vulnerabilities • Viruses and worms • Social engineering • Passwords • Open transmissions (non-encrypted) • Trends
Threats Can be From InternalSources InternalMost expensive attacks come from inside (Up to 10x more costly) Accidental: Misconfiguration or mistakes (opening that weird email attachment from Bob…) Source: CSI / FBI Security Study 2003
Increasing Threats from ExternalSources External78% of attacks come fromInternet connection(up from 57% in 1999) Source: CSI / FBI Security Study 2003
Threat from Hackers • 2,524 new vulnerabilities discovered in 2002 • Many recently discovered vulnerabilities remain highly viable targets for future threats • “Blended threats” present the greatest risk • Companies experience 30+ attacks per week • 2000% increase (1999 - 2002) in financial losses from hacker-caused denial of service • $65.6M in reported costs (2002)
Threat from Theft • Theft of proprietary information causes greatest financial loss: $2.7M per incident (2003) • 90% of respondents detected computer security breaches within last 12 months Source: CSI / FBI Security Study 2003 “The average amount of money, as a % of revenue, that companies spend on IT security is .0025 % or slightly less than they spend on coffee.” Richard ClarkeFormer Special Advisor to the President for Cyberspace Security
Connected to www.test.com www.test.com Security Threats on IT Networks .--. l$$$$l ------ [ design by j0hnny7 / zho-d0h ]---- l$$$$l .-. .-. .-. l$$$$l .,g%T$$b%g,. .,g%T$$$T%y,. .,g%T$T%y,.l$$$l .-. l$$$l .glS$$$$Slyl$$$$' '$$$$lg$$$T' '$$$$ll$$$$' '$$$$l$$$l.,gdT$'l$$$l,gl$$$lp,. l$$$$$$$$$$l$$$$ $$$$l$$$$$ '---'l$$$$ $$$$l$$$$T"~'' l$$$llll$$$lllll '"lT$$$$Tl"l$$$$ $$$$l$$$$$ l$$$$ $$$$l$$$$Tbg. l$$$l'"l$$$l"' l$$$$l l$$$$. ,$$$$l$$$$$ l$$$$ $$$$l$$$l~"$Tp._l$$$l l$$$l l$$$$l ~"$TbggdT$"~ '---' '---' `---"---' '---"---' l$$$l l$$$$l .,. ::' there is no stopping, what can't be stopped... ''---' `$$$$Tbg.gdT$ `--------' -----[ version 6.66 .. 2308200 .. torn@secret-service.co.uk ]---- -| Ok a bit about the kit... Version based on lrk style trojans -| made up from latest linux sources .. special thanks to -| k1ttykat/j0hnny7 for this.. -| First rootkit of its kind that is all precompiled and yet allows -| you to define a password.. password is stored in a external encrypted -| file. The trojans using this are login/ssh/finger .. -| This kit was designed with the main idea of being portable and quick -| to be mainly used for mass hacking linux's, hence the precompiled bins. -| Usage : ./t0rn <password> <ssh-port>
Security Threats on IT Networks Target and Scope of Damage “Time to Propagate” Seconds GlobalInfrastructureImpact RegionalNetworks MultipleNetworks IndividualNetworks IndividualComputer • Next Gen • Infrastructure hacking • Flash threats • Massive worm driven • Distributed Denial of Service (DDoS) • Damaging payload viruses and worms Minutes • 3rd Gen • Network Denial of Service (DoS) • Blended threat (worm + virus+ trojan) • Turbo worms • Widespread system hacking Days • 2nd Gen • Macro viruses • Email • DoS • Limited hacking Weeks • 1st Gen • Boot viruses 1980s 1990s Today Future
Code Red Propagation July 19, Midnight - 159 Hosts Infected
Code Red Propagation July 19, 11:40 am - 4,920 Hosts Infected
Code Red Propagation July 20, Midnight - 341,015 Hosts Infected
Security, Privacy, & Governance • Evolution of security • Privacy and Data Protection • USA • Europe and elsewhere • Governance issues • Operational risk concept (Basel II) • Network and IT governance • Growing complexity
Security Solutions • Technologies • Firewalls • Intrusion detection/prevention • Virus protection • Encryption • Policies • The importance of policy • Types of policies • User buy-in and awareness • Services and processes • Vulnerability assessment, audit, and testing • Design and implementation • Encryption • Personal • System
Deploy Security as an Integrated System Surveillance and Alarms Patrolling Security Guard Secured Doors and Vaults Network and Host-based Intrusion Detection Firewalls and Router ACLs Scanner Security Room CCTV Secure Transport Card Readers Identity, Access Control Servers and Certificate Authorities Encryption and Virtual Private Networks (VPN’s) Centralized Security and Policy Management
A Couple War Stories • Money, nukes, and critical infrastructures… • Buying protected information on the cheap… • SQL Slammer reaches out of the box… • Wireless everywhere (and not secure)…
Good places to visit… • www.gslis.utexas.edu/~netsec (Infosec class web page) • www.pcwebopedia.com (look up security technologies and terms) • www.amazon.com (enter “network security”) • http://dir.yahoo.com/Computers_and_Internet/Security_and_Encryption/ (Yahoo Security Resource Page) • http://www.cert.org/tech_tips/home_networks.html (home network security tips)
Organizations that help… • The CERT www.cert.org • SANS www.sans.org • NIST’s Computer Security Resource Center http://csrc.nist.gov/ • The National Infrastructure Protection Center http://www.nipc.gov/ • www.securityfocus.com