340 likes | 470 Views
Technology and Auditing Systems: Hardware and Software Defenses. II. POLICIES, PRACTICES, AND DEFENSIVE TECHNOLOGY. Chapter 8. Chapter 8 Learning Objectives. Defining defense-in-depth. Creating a layered-technology approach. Using multiple and diverse layers of security technology.
E N D
Technology and Auditing Systems: Hardware and Software Defenses II. POLICIES, PRACTICES, AND DEFENSIVE TECHNOLOGY Chapter 8
Chapter 8 Learning Objectives • Defining defense-in-depth. • Creating a layered-technology approach. • Using multiple and diverse layers of security technology. • Understanding the functions and limitations of security technology. • Reviewing security audits and logs.
Jeffrey Lee Parson releases Blaster.B • 18-year-old Jeffrey Lee Parson,known online as “teekid” [t33kid], admitted modifying the original Blaster worm and creating Blaster.B • Number of computers he infected: 7,000+ • Parson operated t33kid.com Website (hackers substitute 3 for the letter e in their online aliases) • http://www.foxnews.com/story/0,2933,96051,00.html High school senior arrested Aug. 29, 2003, for allegedly launching a worldwide computer virus.
Blaster.B takes control of computers • Blaster.B contained malware so Parson could reconnect to his victim computers at any time later on. • Infected computers automatically registered themselves with Parson's t33kid.com Website so he could track their online activities.
Federal agents take control of Parson’s seven computers • Parson faces one charge of knowingly causing over $5,000 in damage with an Internet worm • If convicted, he faces up to 10 years in prison and a $250,000 fine About 30 federal agents swooped down on Parson's apartment and seized his PCs.
Blaster---Experts consider it one of the worst outbreaks of 2003 • Different versions of the virus-like worm, called LovSan or Blaster, jammed corporate networks. • Symantec (AV vendor) said the worm and its variants infected more than 500,000 computers worldwide. • All Blaster virus variants took advantage of a flaw in Microsoft Windows software.
CyberSecurity Alerts Important Websites • Internet Security Systems, AlertCon https://gtoc.iss.net/ • Security Focus ThreatCon: www.securityfocus.com • Virus and Port Attacks (Sept. 2003) Virus: #1 Virus in USA: WORM_SOBIG.Fhttp://wtc.trendmicro.com/wtc/wmap.html • Internet Storm Center, Top 10 Target Ports: http://isc.incidents.org/top10.html
Fight against viruses may move to servers Computer worms and viruses are moresophisticated, spreading faster and capable of doing more damagethan those prior to Sept 2003. • Viruses are so aggressive and sophisticated that they may soon be able to bypass AV programs installed on individual PCs. • The speed with which viruses and worms now propagate require technologies that predictoutbreaks before they happen. • Predictivesystems require intensive computing power beyond the capacity of desktop machines.
No hardware or software is perfect Viruses such as Sobig.F can change during their attacks by receiving updates and new instructions from other computers or their creators. • While no software or hardware is perfect, it's much easier to spread viruses when so much of the world depends on Microsoft Windows OS. • Advocates of Unix, Linux, Mac and other OSs argue that those are more secure than Windows-----but those systems simply have not been targeted as much.
Multiple and diverse layers of tech-defenses needed to protect companies and critical infrastructures
Multiple and diverse layers of security software, hardware, and auditing systems are needed to... Multiple Layers of Tech-defenses • Validate and enforce compliance with AUPs, secure use practices, and other legal requirements. • Help stop the spread of malware. • Filter inbound packets and and outbound packets to deny transfer of dangerous packets. • Monitor for illegal activity that may cause financial loss or liability.
Protection against Cyber terror attacks: Weapons ofMass Disruption • Telecommunications, transportation, financial services, chemical, water, energy and power grids comprise the critical infrastructuresthat the national economy depends on. • Companies in these sectors and their business partners must guard against cyber terrorism. • See President George W. Bush's CyberSecurity Report. Feb. 2003. http://www.whitehouse.gov/ Critical infrastructure protection is a national priority
Wirelessvulnerability discovered during audit • An IT security analyst found serious network security gaps despite a multi-million dollar investment in IT security. • He discovered wireless access points that violated company security policy. • Violator: Director of marketing who was using a laptop with a wireless card and an unencrypted connection to the company network. • This single connection exposed the company's communication and file transfers to anyone with a PC or PDA, a $100 wireless card, and free detection software. Case on Point
Growth in computer crime • Because of ever-new hacker/criminal activity, technology plans must be updated regularly and network activity must be monitored frequently for suspicious behavior. • The alternatives are to learn about an intrusion from: • a system crash • an angry system administrator • by reading it in the news...or worse.
Growth in Software Complexity/Flaws • OSs and software are more vulnerable to malicious code and crime as Blaster proved. • eCommerce services, such as digital cash and inter organizational online collaboration created more opportunities for fraud.
Growth in the Release Rate of Security Patches • Patches must first be downloaded from a commercial or government Website and then installed. • IT managers may spend about 2 hours per server to test and deploy a patch. • The total cost to a company with 1,000 servers is roughly $300,000 per patch.
A defensive technology infrastructure depends on: The appropriate security technologies • properly installed and configured • at the correct checkpoints • on each device connected to the network • continuously maintained, patched, and audited • for which there are response and disaster recovery plans • that have been tested by people with technology expertise
Functional Requirements of Hardware and Software • Confidentiality: protection from unauthorized disclosure. • Integrity: protection from unauthorized or unintentional modification. • Authenticity: not altered. • Non repudiation: a message is verifiable and cannot be denied. • Accountability: actions of an entity can be traced to that entity.
Techno-terms • TCP/IP(transmission control protocol/Internet protocol):the protocol of the Internet. • Port: a number that tells IP what application is trying to communicate. • Port numbers: assigned to each application on a network so packets get delivered to their intended application. • Routers: devices that transfer packets between two or more networks.
Techno-terms • IP address: uses a four-part scheme to uniquely identify every computer connected to the Internet. • http(Hypertext Transfer Protocol): protocol for Web pages. • smtp(Simple Mail Transfer Protocol): protocol for email. • ftp (File Transfer Protocol): protocol for file transfer.
Tools to protect against or monitor intrusions • Firewalls • Intrusion detection systems (IDS) • Access control and virtual private networks (VPN) • Biometrics and tokens • Antivirus software • Cryptography/encryption • Public key infrastructure (PKI) and certificates
Access Control Devices • Token:a physical device (like an ID card) designed to be used by only one person to prove his/her identity. • Biometrics:devices that use something you were born with to positively identify you. • Fingerprints • Voice prints • Retinal scans
Tools that enforce AUP by detecting violations and blocking transmission of prohibited content: • Email and IM filters • Content monitors • Pattern recognition • Sniffers and scanners • Auditing tools • Portable drives and backups