We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKatherine Walford
Modified over 3 years ago
Slide 11 June 2014© IRM Plc 2001 Eaten by the Worms Eaten by the Worms The perils of network hostile code Dr Neil Barrett Technical Director - IRM Plc 27 th September 2001 – Hong Kong
Slide 21 June 2014© IRM Plc 2001 Introduction Nature and development of Computer Worms Risk elements and damage potential Responses and preparation work Future of worms Conclusion
Slide 31 June 2014© IRM Plc 2001 What is a Computer Worm? A self-replicating program Copies itself from system to system Free-standing and complete Not really a virus But can carry a hostile Payload
Slide 41 June 2014© IRM Plc 2001 Where did Worms come from? Self-replicating programs in early 1984 By mid 1984 had become network mobile First viruses start to be proposed By 1985, self-replicating programs through trust networks Hostile viruses arise And then along came Robert Morris Jnr…
Slide 51 June 2014© IRM Plc 2001 The Morris Worm - 1988 First true Exploit Worm Used a security weakness to force replication –I.e., outside of the trust network Also followed trust network, but interest is in the exploit aspects Used a then new trick called Buffer Overflows
Slide 61 June 2014© IRM Plc 2001 The Morris Worm (2) Buffer overflows first proposed by Morris Snr Now well known, but then very new Allowed worm to be an automated hacker Did nothing deliberately damaging –Indeed, believed to have been loosed accidentally But resulted in system flooding
Slide 71 June 2014© IRM Plc 2001 Worms since Morris Took a few years for subsequent worms More interest in viruses Worms scripted to use emerging exploits –E.g., Word macro, Unicode, etc Slowly became objective focused
Slide 81 June 2014© IRM Plc 2001 Development of Worms Most early worms achieved no objective Damage resulted from flooding or from panic Solitary objective was self-propagation More recent worms grab and copy some information –E.g., PGP information Some military use of focused worms
Slide 91 June 2014© IRM Plc 2001 How do Modern Worms Work? E.g., NIMDA spread from server to server through Web exploits Spread from client to client through executables –I.e., persuasive mail attachments Potential for uncontrollable executables –I.e., Web pages, Outlook preview panel, etc
Slide 101 June 2014© IRM Plc 2001 Risk Elements and Damage Potential Essentially threefold Flooding and related panic behavior –System shutdown and associated costs Or information leakage –Leakage is so far only limited Or a set of destructive payloads –I.e., resetting BIOS and system information
Slide 111 June 2014© IRM Plc 2001 How Great a Risk? Reputation, financial, security risks Damage, disclosure or distrust of stored information Costs of repair or of business loss Reputation risks depend on worm publicity profile –I.e., wide spreading worm carries low reputation risk
Slide 121 June 2014© IRM Plc 2001 Countermeasures Best approach is to know ones exposure Not virus related But hacker related Best option is to have had focused, audit-based penetration testing –Because worms now use well-known hacking tricks –These can be looked for and removed
Slide 131 June 2014© IRM Plc 2001 Countermeasures (2) Constant system monitoring and correction of known existing weaknesses A culture of security awareness –Limits executable tricks An alert system management staff –That are a part of the community No Head in the Sand attitude –Share information and experiences
Slide 141 June 2014© IRM Plc 2001 Future No reason at all to believe that worms will stop! Increasing sophistication –More clever option controls –Multiple exploit selection –Multi-platform and multi-environment Increasing incidence of hostile intent Growth into non-IP environment –Mobile phones? PDA?
Slide 151 June 2014© IRM Plc 2001 Conclusion Best defense comes from knowledge Knowledge comes from testing Correct the faults shown through testing Share information with others Dont expect this problem to go away!
Slide 161 June 2014© IRM Plc 2001 Thank You! Dr Neil Barrett Technical Director – IRM Plc Tel: + 44 (0) 20 7808 6420 Neil.Barrett@IRMPLC.com Richard Stagg Managing Consultant – IRM Asia Level 30 Bank of China Tower Tel: 2251 8291 Richard.Stagg@IRMPLC.com
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
95-752:8-1 Application Security :8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
By: Matthew Newsome. The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Normalization Building Database Relationships. page 21/4/2014 Presentation Normalization Youve been creating tables without giving much thought to them.
Unit 2 - Hardware Computer Security.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
© 2017 SlidePlayer.com Inc. All rights reserved.