1 / 80

IA Summer School – Practice

IA Summer School – Practice. Willis Marti June 2006. Agenda. Tuesday Lecture Wednesday Guest plus Hands-on Thursday Hands-on Bibliography. Tuesday Agenda. Ethics & Overview of ‘Practice’ Forensics & Legal Issues Vulnerabilities Threats, Protection & Mitigation Incident Response.

jolie
Download Presentation

IA Summer School – Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IA Summer School –Practice Willis Marti June 2006

  2. Agenda • Tuesday • Lecture • Wednesday • Guest plus Hands-on • Thursday • Hands-on • Bibliography

  3. Tuesday Agenda • Ethics & Overview of ‘Practice’ • Forensics & Legal Issues • Vulnerabilities • Threats, Protection & Mitigation • Incident Response

  4. Wednesday Agenda • Dr. Dave McIntyre, ICHS • Lions, Tigers, Bears and Rootkits • Encryption Tools • Log Analysis

  5. Thursday Agenda • Port Scanning • Packet Analysis • Attack Scripts • Intrusion Detection & Prevention

  6. Ethics & Overview • Ethics is a general term for what is often described as the “science (study) of morality”. In philosophy, ethical behavior is that which is “good” or “right.” • a set of moral principles or values • Keys: • More than one way! • A way to judge behavior

  7. More than One System • Understand your environment • Laws • Regulation • Custom • Understand your users • Globalization is real • Backgrounds can’t be assumed

  8. What are Ethics? • According to the Webster Dictionary, ethics is the system or code of morals of a particular person, religion, group or profession. • Ethics are subject to personal interpretation. Two people may not view the same ethical issue the same way.

  9. What are Ethics? (continued) • Ethical issues are not legal issues. • Individuals can choose if they wish to follow the ethical guideline or not. • Legal issues have documented definitions (laws) and specific consequences if the laws are broken. • Ethical issues are guidelines set by a specific group of people with no real documented definitions of what is right and what is wrong.

  10. Three Ethical Decision Theories 1. Utilitarianism Theory • Considers the ethical issue and its relationship to individuals • Makes decision a decision based on what benefits the most people • "The greater good of the most people". Utilitarianism Example: An 8:00 am class has 10 students in it. Nine of those students and the Teaching Assistant (TA) all live in Friley Hall, which is on one side of campus, while one student lives in Hawthorn Court, on the other side of campus. The TA decides to move the lecture to Pearson Hall instead of Lagomarcino Hall, as Pearson is much closer to the ten individuals' dorm than the one individuals' dorm. This benefits 10 people and inconveniences one person, thus more people are benefited than not.

  11. Three Ethical Decision Theories(cont.) • 2. Pluralism Theory • Believes there are two options in an ethical issue, right and wrong decisions • Pluralism stresses each person has a decision-making duty, must make ethical decisions based on that duty, and never break away from the decision-making duty. • All decisions are clear-cut, black and white Pluralism Example: • No one should ever lie. Your best friend recently was picked up for OWI. Ten minutes before the arrest you were in the vehicle and knew your friend was intoxicated. The police have asked about your whereabouts during this time and if you could attest to your friends' intoxicated state. You have to make a decision to lie or tell the truth. You decide to tell the truth because you have a duty to always tell the truth.

  12. Three Ethical Decision Theories(cont.) • 3. Rights-based Theory • All people have rights, and those rights must be respected • Decisions are based on respecting individual rights • All decisions are clear-cut, black and white Rights-based Example: • You are a network administrator with access to many email accounts. The temptation to read personal email is strong. However, you know you should never read a person’s email because it violates a person’s rights to privacy, and resist the temptation.

  13. Ethical Issues Related to Computers • Fraud • Privacy • Program Ownership

  14. Academic Controversy Questions • What is the ethical question in this scenario? • What can be done to eliminate the ethical question? • What is the individual’s questionable behavior? • What different views could there be concerning this ethical question? • Justify why the persons actions are right or wrong • What do you think the right thing is to do? What would you do in this situation?

  15. Novice Academic Controversy #1 Josh is an employee at HOW Programs, a programming company that specializes in writing customized software for large corporations. Josh's boss, Jo Ann, asked him to write a program enabling ABC Wood Company to analyze their sales and predict what supplies the company should stock up on to maintain a proper inventory. After sitting down with the ABC Wood Company representatives to get an idea of what they wanted for the program, Josh realized there were commercial software packages that would do bits and pieces of what he wanted to write in his program. Josh felt he could take a few shortcuts, thus getting the program to ABC sooner if he took the program already written and incorporated it into his program code. By completing such a large project a few days earlier, Josh received a bonus and promotions. Were Josh's actions ethical?

  16. Novice Academic Controversy #2 Three years later, Caroline began working at HOW Programs. She was given a project that required her to write a program that would evaluate inventory and determine the rate of production needed so that inventory would not get too high or too low. After doing some research on the project, Caroline found a program Josh wrote for the ABC Wood Company. Caroline realized Josh's project was similar. She decided that a combination of the same basic ideas behind Josh's program and some new program code would work well in her program. Caroline used pieces of Josh's program as she wrote the remainder of the program. Caroline received a bonus and a promotion because of the program. Were Caroline's actions ethical?

  17. Bottom Line • There are standards. • There are punishments (sanctions). • It’s not how the user views the ethics/legality of a situation, it’s how your environment views it.

  18. Forensics & Legal Issues (Computer) Forensics is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage.

  19. Forensic Subjects • Computer Crime • Basic Forensic • A Few Technology Issues • Legal Challenges • Search and Seizure of Computers • Collection of Evidence from a “Live” System • Forensic Imaging and Verification • Data Recovery and Analysis • Encryption • Real World

  20. Computer Crime • What is a computer crime? • Types of evidence • Why collect evidence • The rules of evidence (next slide!) • Locard’s Exchange Principle • Why is computer forensics necessary? • Computer Forensics as part of an Incident Response Plan

  21. Criminal Civil Administrative Sysadmin 95%+ 51% 25% ? ??? Differing Standards

  22. Basic Forensics • The forensics objective • The principles of evidential integrity and continuity • Chain of Custody • Computer Forensics Methodology • General Evidence Processing Guidelines and Procedures

  23. Types of storage Hard disks Review of disk geometry Tables and file structure Sectors and clusters File storage Unallocated File Space Spool, Temporary, and Swap Files Floppy disks Allocated vs. Unallocated space Deleted files, File Slack Computer memory and RAM Slack Bios control Device drivers Initialization files The Boot sequence General overview of Networks A Few Technology Issues

  24. Search and Seizure of Computers • Preparing a Forensic Checklist • To seize or not to seize • How to handle a “live” computer • Understanding the boot sequence for forensic control • What to seize and where to look • Photographing and recording equipment layout • Bagging, tagging and removing equipment • Storage of seized equipment

  25. Collection of Evidence from a “Live” System • Build Forensic Response Toolkit • Trusted Source Files • Built-in Operating System Utilities • Specialized Windows tools • Analysis of Data • Log Analysis and Correlation • File Access Times • Abnormal Processes • Reviewing Relevant Files • Unusual of Hidden Files

  26. Data Recovery and Analysis • Overview of analysis software • Demonstration of analysis techniques • Keyword searching • Graphic searching • Producing, viewing, and sorting file listings • Extracting files • Undeleting files • Investigating floppy disks • Use the Forensics Toolkit

  27. Vulnerabilities • People are our biggest vulnerability. • People are unavoidable.

  28. Unwarranted Trust • Address spoofing • Viruses & worms • Denial of service attacks • Packet sniffing • Password cracking

  29. Everything’s Vulnerable • Design Vulnerabilities • Implementation Vulnerabilities • Configuration Vulnerabilities • Resource Vulnerabilities • User Vulnerabilities • Business Process Vulnerabilities

  30. Why Vulnerabilities • Engineers assume things should work. • Rarely does anyone consider deliberate deception. • Programs and people that lie can gain advantage.

  31. Vulnerability Management • Process to identify and remediate vulnerabilities in the enterprise to reduce risk posture • Processes • Asset Classification • Incident, Vulnerability & Threat Handling • Incident Categorization, Assessment, Response • Vulnerability & Threat Identification and Response • Enterprise Remediation • Threat/Vulnerability Prioritization, Accountability, etc. • Remediation Tracking • Metrics

  32. Security Metrics Security Processes: Threat, Vuln, IAM, NAC Security Program Value Security Staff: Expertise, Experience Security Infrastructure: Assess, Plan, Implement How to Manage

  33. Active Management • “Discovery Scans” • Frequent Scans to Baseline and Discover Assets • Identify & Classify Assets and Enforce Policies • Conduct Vulnerability Scans on Critical Assets • Automated Recurring Scans • Shift from Quarterly or Yearly Consultative Scans • Aggregate, Prioritize and Assign Accountability • Workflow System to Track Remediation Effort • Result = Awareness of Critical Assets Exposure

  34. CVE • http://www.cve.mitre.org/

  35. Threats, Protection & Mitigation

  36. Defining Network Security Securityis prevention of unwanted information transfer • What are the components? • ...Physical Security • …Operational Security • …Human Factors • …Protocols

  37. Areas for Protection • Privacy • Data Integrity • Authentication/Access Control • Denial of Service

  38. Security Threat, Value and Cost Tradeoffs • Identify the Threats • Set a Value on Information • Add up the Costs (to secure) Cost < Value * Threat *Likelihood

  39. Threats • Hackers/Crackers (“Joyriders”) • Criminals (Thieves) • Rogue Programs (Viruses, Worms) • Internal Personnel • System Failures

  40. Network Threats • IP Address spoofing attacks • TCP SYN Flood attacks • Random port scanning of internal systems • Snooping of network traffic • Buffer overrun attacks

  41. Network Threats (cont.) • Backdoor command attacks • Information leakage attacks via finger, echo, ping, and traceroute commands • Attacks via download of Java and ActiveX scripts • TCP Protocol Attacks

  42. Threat, Value and Cost Tradeoffs • Operations Security • Host Security • Firewalls • Cryptography: Encryption/Authentication • Monitoring/Audit Trails

  43. Host Security • Security versus Performance & Functionality • Unix/Linux, Microsoft Windows, MVS, etc • Desktops vs Servers • “Security Through Obscurity” L

  44. Host Security (cont) • Programs • Configuration • Regression Testing

  45. Network Security • Traffic Control • Not a replacement for Host-based mechanisms • Firewalls and Monitoring, Encryption • Choke Points & Performance • IDS/IPS • NetSQUID

  46. Access Control • Host-based: • Passwords, etc. • Directory Rights • Access Control Lists • Superusers L • Network-based: • Address Based • Filters • Encryption • Path Selection

  47. Network Security and Privacy • Protecting data from being read by unauthorized persons. • Preventing unauthorized persons from inserting and deleting messages. • Verifying the sender of each message. • Allowing electronic signatures on documents.

  48. FIREWALLS • Prevent against (many) attacks • Access Control • Authentication • Logging • Notifications

  49. Types of Firewalls • Packet Filters • Network Layer • Stateful Packet Filters • Network Level • Circuit-Level Gateways • Session Level • Application Gateways • Application Level Application Presentation Session Transport Network Data Link Physical

  50. Packet Level • Sometimes part of router • TAMU “Drawbridge” ROTW Drawbridge Router Campus

More Related