Presentation is loading. Please wait.

Presentation is loading. Please wait.

Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.

Published byElla Baker Modified over 7 years ago

Similar presentations

Presentation on theme: "Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002."— Presentation transcript:

1 Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002

2 Presented by… This presentation is by the DePaul University Information Security Team. Visit us at

3 Risks

4 Information Security Encompasses… Computer Security Network Security Data Security

5 Threats Generally, attackers fall into one of three categories. Script Kiddiez – scum of the earth, limited skills, enjoy easy attacks, etc. Hackers – curious individuals with a “need to know”. Crackers – malicious attackers with advanced skills, able to write and implement exploit code, etc.

6 Victims Who is at risk? Institutions Corporations Home Users Governments

7 Motives The underground hacking world has many motives including: Political Statements Turf Wars between Hacking Groups Financial Gain Arrogance Curiosity Boredom

8 Motives (cont’d) These motives are surely bound to carry into the “overground” in the form of Industrial Espionage Financial Gain Political Statements

9 Attacks Denial or interruption of Services Elevation of privileges permitting access to sensitive data Destruction, modification or theft of data Identity theft, forgery or impersonation

10 Statistics

11 Incident Reports The CERT Coordination Center (CERT/CC) gathered the following annual incident statistics [1]. 1997: 2,134 1998: 3,734 1999: 9,859 2000: 21,756 2001: 52,658 2002(Q1): 26,829

12 Published Vulnerabilities CERT/CC also maintains the following statistics on public vulnerability reports [1]. 1997: 311 1998: 262 1999: 417 2000: 1,090 2001: 2,437 2002(Q1): 1,065

13 Threat Analysis

14 Our threat analysis will focus on Internet worms

15 Morris Internet Worm Unleashed on 02 November 1988 by Robert Morris Jr. Experimental code not intended to cause widespread infection Infected approximately 6000 hosts, which equaled 10% of the Internet in 1988 Exploited UNIX and VAX operating system variants through rsh/rexec, sendmail and finger applications Proved the weaknesses of such unauthenticated protocols

16 “Code Red version 2” Release Date: July 19, 2001 Known as a “worm” as the program connected, infected and replicated itself onto other hosts Infected more than 359,000 unique hosts within 14 hours At peak infection time 2,000 new hosts were infected per minute Infected unpatched Microsoft IIS web servers Continued on, after infection, to attack local and remote hosts Was concerned with quantity, not quality, of infection Exploited a known vulnerability from June 18, 2001.

17 “Code Red version 2” (cont’d) Exploited known vulnerabilities Maintained an intelligent engine for scouting out new victims Brought the “worm” to new levels.

18 Common Ground The Morris and CRv2 worms, 13 years apart, both used the same common methods of attack. Attacked vulnerable unauthenticated applications and protocols Spread via network, and not disk-to-disk transfer (as viruses spread) Were fairly intelligent in design and infection methods

19 Lessons Learned Worms can be more intelligent than we would hope The impact of a worm can reach catastrophic levels and threaten critical infrastructure components of daily life Vendors continue to distribute vulnerable code; even after such vulnerabilities are discovered! One cannot trust the vendor solely for security Research and development of information security tools and procedures can assist in mitigating attacks

20 No End in Sight New viruses and worms are released daily. Many new automated attacks focus on circumventing firewalls and monitoring devices through the manipulation of peer to peer communication. Exploits are plenty in the underground.

21 Impact

22 University Environment Distributed in nature Continuously growing A known “playground” for attackers Increased risks due to the lack of centralized security Requires active management efforts and monitoring of systems

23 University Env. (cont’d) Different groups within the organization require different policies and procedures Centralized security policies are necessary

24 Recommendations

25 Centralization Commission INFOSEC to draft recommendations for the University including Acceptable Use Policies Installation and Configuration Guidelines Response Procedures and Incident Handling Guidelines

26 Centralization (cont’d) Implement a University-wide committee dedicated to increasing the security posture of the University, and act as a role model for other organizations

27 Enforcement Require new hosts, or network resources, to abide by guidelines set forth in University-wide policies Recommend departmental audits of critical resources on a recurring basis

28 Management Departments should allocate a technical contact responsible for each resource If not possible, require unmanaged systems to be taken over by Information Systems (IS)

29 The End Thank you for your time and attention

30 Please Visit… … our website at …

31 References [1] CERT/CC Statistics 1988-2002

Download ppt "Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Network security policy: best practices

Network security policy: best practices
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Similar presentations

Ads by Google