Presentation is loading. Please wait.

Presentation is loading. Please wait.

2001 Symantec Corporation, All Rights Reserved Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13 th November 2002.

Similar presentations


Presentation on theme: "2001 Symantec Corporation, All Rights Reserved Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13 th November 2002."— Presentation transcript:

1 2001 Symantec Corporation, All Rights Reserved Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13 th November 2002

2 2 – 2001 Symantec Corporation, All Rights Reserved Who is the enemy ? DestructionPhysical Infrastructure Terrorists, Non-State Actors Cyber Terrorist Political Power, Balance Change Political Infrastructure Government Organization Information Warfare Monetary GainAssets‘Criminal’ Cracker, ‘Black Hat’ Computer Crime Downtime, Defacement, Denial of Service , Web Sites Vandal, Script Kiddie, Packet Monkey Computer Crime ResultsTargetAttacker Description Classification

3 3 – 2001 Symantec Corporation, All Rights Reserved Where do the threats come from? CountryAttacks Israel33.1 Hong Kong22.1 France19.9 Belgium17.6 Thailand15.9 Countries > 1M Internet Users CountryAttacks Kuwait50.8 Iran30.8 Peru24.5 Chile24.4 Nigeria22.3 Attacks per 10,000 Internet Users Countries < 1M Internet Users Jan. – Jun. 2002(Symantec 2002)

4 4 – 2001 Symantec Corporation, All Rights Reserved The Redundant Message.. Cost of Damage CodeRed Estimated: 2.5 Billion Dollars Nimda Cost Estimated: 500+ Million Dollars 186 Respondents in 2001 CSI/FBI Survey $151,230,100 – Theft of proprietary information $45,288,150 – Virus $35,001,650 – Insider Net Abuse $19,066,601 – System Penetration $4,283,600 – Denial of Service

5 5 – 2001 Symantec Corporation, All Rights Reserved The Blended Threat  Isn’t going away  Combines hacking, DoS, and worm-like propagation  Most recent example – W32.Bugbear.mm  Mass mailing worm  It’s own SMTP engine  Discovers and utilises network shares to spread  Does keystroke logging  Creates a backdoor for access  Attempts to disable AV and personal firewall products  Due to a bug in shared drive exploit, it can overwhelm shared printers causing them to print reams of gibberish

6 6 – 2001 Symantec Corporation, All Rights Reserved Blended Threat Defence  Proactive vulnerability management  Security in layers  Security in depth  Superior security response

7 7 – 2001 Symantec Corporation, All Rights Reserved The Sleeper Virus  Not a fast mailer or a mass mailer - It's slower and more subtle  Hybris - a computer worm that uses encrypted plug-ins to update itself over the internet  Sits quietly monitoring traffic  Compiles list of addresses and slowly leaks infections  Morphs depending on updates

8 8 – 2001 Symantec Corporation, All Rights Reserved The Sleeper Virus Defence  Update virus definitions frequently  Treat attachments with suspicion  Use a personal firewall

9 9 – 2001 Symantec Corporation, All Rights Reserved Shatter Attacks The mechanism used is the Win32 API, which has been relatively static since Windows NT 3.5 was released in July 1993 Microsoft cannot change it – without full scale redesign An example – Windows messaging / queuing An attacker can use these techniques to escalate their privileges

10 10 – 2001 Symantec Corporation, All Rights Reserved Shatter Attacks - Defence  Full-scale Windows redesign (scrapping Win32)  Better design by every Windows application vendor  Protect your windows systems to make it hard for undesirables to get access they can exploit  Needs continual monitoring

11 11 – 2001 Symantec Corporation, All Rights Reserved Cross site scripting attacks - XSS  “Expert hacks Hotmail in 1 line of code!”  Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash to fool a user  Exploits dynamic web-site content resulting in:  account hijacking  changing of user settings  cookie theft/poisoning  false advertising  Will become more common, even automated

12 12 – 2001 Symantec Corporation, All Rights Reserved XSS attacks - Defence  Design web pages that validates user input  HTML escaping  Using PERL scripting tools designed to help

13 13 – 2001 Symantec Corporation, All Rights Reserved Biometrics More secure and stronger identification. moving away from (multiple) IDs/Passwords, reducing risk from “lost” or loaned credentials (including tokens). Most common Fingerprint, hand, iris / retina / facial / voice recognition. Provides the inextricable link – the guarantee that the registered user is actually present. Or does it…….?

14 14 – 2001 Symantec Corporation, All Rights Reserved Biometrics Relatively high cost solutions, immature technology – bigger cost/risk if they fail (but cheaper to support) Privacy and intrusiveness issues Accuracy – false positive / false negative rates Facial recognition: only 60-80% accurate, 1 in 100 false +ve Unproven/untested technologies – just how hard/easy are they to spoof? Example: Finger print recognition Can be spoofed for <$20 in about 30 minutes using “jelly” fingers

15 15 – 2001 Symantec Corporation, All Rights Reserved

16 16 – 2001 Symantec Corporation, All Rights Reserved Background security checks Less than 60% of organisations carry out checks on new staff  IT Security Professionals  Banking  Critical infrastructure  Energy  Telecoms  Utilities  Employees are still the weakest link

17 17 – 2001 Symantec Corporation, All Rights Reserved Targeted Attacks Focussed attack on specific targets within the organisation: Spoof or CD. Social engineering to create “familiarity”: Message on business opportunity,hobby, interest. Low activity malware implanted: Disable AV. Collecting keystrokes or audio. data out. Response – “Combined interoperable defence.”

18 18 – 2001 Symantec Corporation, All Rights Reserved The Good News…The Bad News…Airborne Viruses Personal, Local and Wide Area Connectivity is enabling the Enterprise the Enterprise Source: Symantec can be visible from over a mile away. Bluetooth 30 feet 2.5 and 3G can be visible for many miles and exposing to new security risk

19 19 – 2001 Symantec Corporation, All Rights Reserved Airborne Viruses - Defence  Unless you don’t have assets worth protecting... ... Don’t use wireless technology without putting in the countermeasures that are available!

20 20 – 2001 Symantec Corporation, All Rights Reserved The law of requisite variety (Prof.Ross Ashby) Formal Descriptions The abundance or variety of alternative control actions which a control mechanism is capable of executing must be at least equal to the abundance or variety of the spontaneous fluctuations which have to be corrected by the control mechanism, if the control mechanism is to perform its function effectively. Only a greater amount of variety in a regulator can control the variety present in a given system. The larger the variety of actions available to a control system. The larger the variety of perturbations it is able to compensate Only variety can destroy variety. There must be as much variety in the control mechanism as there is variety in the threat

21 21 – 2001 Symantec Corporation, All Rights Reserved Ways to win..  Proactive security – mitigate your risk (do not just rely on technology..)  Threats are defeated by Information + Technology  Superior response capability  “In-source” / outsource  Size and flexibility in defence

22 22 – 2001 Symantec Corporation, All Rights Reserved References Symantec Figures: Internet Security Threat Report Volume II Blended Threats: Sleeper Virus:http://news.zdnet.co.uk/story/0,,t269-s ,00.html Shatter Attacks:http://security.tombom.co.uk/shatter.html Cross Site Scripting: Biometrics – BBC:http://news.bbc.co.uk/1/hi/sci/tech/ stm Airborne Virus:http://www.networkmagazine.com/article/NMG S0001/2 Ross Ashby:http://pespmc1.vub.ac.be/ASHBBOOK.html


Download ppt "2001 Symantec Corporation, All Rights Reserved Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13 th November 2002."

Similar presentations


Ads by Google