1 / 23

100% Security

“. ”. 100% Security. The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it ….

mariancdavis
Download Presentation

100% Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ” 100% Security The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake mylife on it …. Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University

  2. The Internet Challenge E-Commerce Workforce Optimization Internet Business Value Customer Care Supply ChainManagement E-Learning Internet Presence Expansion of E-Business!! CorporateIntranet Internet Access Expanded Access Heightened Network Security Risks

  3. Technical Knowledge Required Threat Capabilities:More Dangerous & Easier To Use Internet Worms Packet Forging/ Spoofing High Stealth Diagnostics DDOS Sweepers Back Doors Sophistication of Hacker Tools Sniffers Exploiting Known Vulnerabilities Disabling Audits Self Replicating Code Password Cracking Password Guessing Low 1980 1990 2000

  4. Examples

  5. Distributed Denial of Service (DDoS) • Stacheldraht - “barbed wire” • Trinoo • Tribe Flood Network (TFN) and TFN2000 • Shaft

  6. Connected to www.test.com www.test.com Attacks Keep Getting Easier

  7. l0PHT Crack Dumps All Passwords from the NT Registry Specify a Computer:

  8. l0PHT Crack Dumps the Password Files

  9. The Intruder Opens a Word Dictionary

  10. and Runs the Crack

  11. A new generation of attacks:The Internet Worms

  12. The Code Red & NIMDA WormsWhat Happened?? Code Red - July 19-20/2001 - 359,104 Hosts in 13 hours - $2.6 Billion in Damages! Estimates from Computer Economics (Carlsbad, CA) NIMDA • September 18, 2001 • Fastest spreading virus • 300K+ Hosts, 2.2M devices Damage still being assessed

  13. Code Red Spreads July 19, Midnight – 159 hosts infected

  14. Code Red Spreads July 19, 11:40 am – 4,920 hosts infected

  15. Code Red Spreads July 20, Midnight – 341,015 hosts infected

  16. The Code Red WormHow It Works • Conceals itself in HTTP Packets. Firewalls alone cannot safeguard against the virus • The worm exploits vulnerabilities found in Microsoft’s Internet Information Server (IIS) v4&5 via a buffer overflow attack • It then exploits arbitrary code and installs a copy of itself into the infected computer’s memory – which infects other hosts.

  17. The NIMDA WormHow It Works • Hybrid of Worm & Virus • Spread by: • E-mail attachment (virus)- Network Shares (worm)- Javascript by browsing compromised web site (virus)- Infected hosts scanning for exploitable hosts (worm)- Infected hosts scanning for backdoors created by Code-Red and sadmind/IIS worms (worm)

  18. 1 - The Enabling Vulnerability 2 - Propagation Mechanism 3 - Payload Anatomy Of A Worm

  19. 1 The Enabling Vulnerability IIS IIS Internet IIS IIS IIS Using the Index Server buffer overflow attack, the worm attempts to install itself on IIS Web servers.

  20. 2 Propagation GO IIS IIS IIS After gaining access to the servers, the worm replicates itself and selects new targets for infection.

  21. 3 Payload • STEAL • DEFACE • BACK DOOR • ROOTKIT When the server is infected with a worm, the attacker has administrator-level access to the server. Not only can the attacker deface Web pages, but they also have the power to reformat the hard drive, install a rootkit, steal credit card numbers, etc.

  22. Additional Information • Compulsory Reading • "Hacking Exposed". • Security Links (vulnerabilities, tips, exploits, tools) • http://www.securityfocus.com • http://packetstorm.securify.org • http://www.insecure.org

More Related