Presentation on theme: "2001 Symantec Corporation, All Rights Reserved Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13 th November 2002."— Presentation transcript:
2001 Symantec Corporation, All Rights Reserved Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13 th November 2002
2 – 2001 Symantec Corporation, All Rights Reserved Who is the enemy ? DestructionPhysical Infrastructure Terrorists, Non-State Actors Cyber Terrorist Political Power, Balance Change Political Infrastructure Government Organization Information Warfare Monetary GainAssets‘Criminal’ Cracker, ‘Black Hat’ Computer Crime Downtime, Defacement, Denial of Service Email, Web Sites Vandal, Script Kiddie, Packet Monkey Computer Crime ResultsTargetAttacker Description Classification
3 – 2001 Symantec Corporation, All Rights Reserved Where do the threats come from? CountryAttacks Israel33.1 Hong Kong22.1 France19.9 Belgium17.6 Thailand15.9 Countries > 1M Internet Users CountryAttacks Kuwait50.8 Iran30.8 Peru24.5 Chile24.4 Nigeria22.3 Attacks per 10,000 Internet Users Countries < 1M Internet Users Jan. – Jun. 2002(Symantec 2002)
4 – 2001 Symantec Corporation, All Rights Reserved The Redundant Message.. Cost of Damage CodeRed Estimated: 2.5 Billion Dollars Nimda Cost Estimated: 500+ Million Dollars 186 Respondents in 2001 CSI/FBI Survey $151,230,100 – Theft of proprietary information $45,288,150 – Virus $35,001,650 – Insider Net Abuse $19,066,601 – System Penetration $4,283,600 – Denial of Service
5 – 2001 Symantec Corporation, All Rights Reserved The Blended Threat Isn’t going away Combines hacking, DoS, and worm-like propagation Most recent example – W32.Bugbear.mm Mass mailing worm It’s own SMTP engine Discovers and utilises network shares to spread Does keystroke logging Creates a backdoor for access Attempts to disable AV and personal firewall products Due to a bug in shared drive exploit, it can overwhelm shared printers causing them to print reams of gibberish
6 – 2001 Symantec Corporation, All Rights Reserved Blended Threat Defence Proactive vulnerability management Security in layers Security in depth Superior security response
7 – 2001 Symantec Corporation, All Rights Reserved The Sleeper Virus Not a fast mailer or a mass mailer - It's slower and more subtle Hybris - a computer worm that uses encrypted plug-ins to update itself over the internet Sits quietly monitoring email traffic Compiles list of addresses and slowly leaks email infections Morphs depending on updates
8 – 2001 Symantec Corporation, All Rights Reserved The Sleeper Virus Defence Update virus definitions frequently Treat email attachments with suspicion Use a personal firewall
9 – 2001 Symantec Corporation, All Rights Reserved Shatter Attacks The mechanism used is the Win32 API, which has been relatively static since Windows NT 3.5 was released in July 1993 Microsoft cannot change it – without full scale redesign An example – Windows messaging / queuing An attacker can use these techniques to escalate their privileges
10 – 2001 Symantec Corporation, All Rights Reserved Shatter Attacks - Defence Full-scale Windows redesign (scrapping Win32) Better design by every Windows application vendor Protect your windows systems to make it hard for undesirables to get access they can exploit Needs continual monitoring
12 – 2001 Symantec Corporation, All Rights Reserved XSS attacks - Defence Design web pages that validates user input HTML escaping Using PERL scripting tools designed to help
13 – 2001 Symantec Corporation, All Rights Reserved Biometrics More secure and stronger identification. moving away from (multiple) IDs/Passwords, reducing risk from “lost” or loaned credentials (including tokens). Most common Fingerprint, hand, iris / retina / facial / voice recognition. Provides the inextricable link – the guarantee that the registered user is actually present. Or does it…….?
14 – 2001 Symantec Corporation, All Rights Reserved Biometrics Relatively high cost solutions, immature technology – bigger cost/risk if they fail (but cheaper to support) Privacy and intrusiveness issues Accuracy – false positive / false negative rates Facial recognition: only 60-80% accurate, 1 in 100 false +ve Unproven/untested technologies – just how hard/easy are they to spoof? Example: Finger print recognition Can be spoofed for <$20 in about 30 minutes using “jelly” fingers
15 – 2001 Symantec Corporation, All Rights Reserved
16 – 2001 Symantec Corporation, All Rights Reserved Background security checks Less than 60% of organisations carry out checks on new staff IT Security Professionals Banking Critical infrastructure Energy Telecoms Utilities Employees are still the weakest link
17 – 2001 Symantec Corporation, All Rights Reserved Targeted Attacks Focussed attack on specific targets within the organisation: Spoof email or CD. Social engineering to create “familiarity”: Message on business opportunity,hobby, interest. Low activity malware implanted: Disable AV. Collecting keystrokes or audio. Email data out. Response – “Combined interoperable defence.”
18 – 2001 Symantec Corporation, All Rights Reserved The Good News…The Bad News…Airborne Viruses Personal, Local and Wide Area Connectivity is enabling the Enterprise the Enterprise Source: Symantec 2002 802.11 can be visible from over a mile away. Bluetooth 30 feet 2.5 and 3G can be visible for many miles and exposing to new security risk
19 – 2001 Symantec Corporation, All Rights Reserved Airborne Viruses - Defence Unless you don’t have assets worth protecting... ... Don’t use wireless technology without putting in the countermeasures that are available!
20 – 2001 Symantec Corporation, All Rights Reserved The law of requisite variety (Prof.Ross Ashby) Formal Descriptions The abundance or variety of alternative control actions which a control mechanism is capable of executing must be at least equal to the abundance or variety of the spontaneous fluctuations which have to be corrected by the control mechanism, if the control mechanism is to perform its function effectively. Only a greater amount of variety in a regulator can control the variety present in a given system. The larger the variety of actions available to a control system. The larger the variety of perturbations it is able to compensate Only variety can destroy variety. There must be as much variety in the control mechanism as there is variety in the threat
21 – 2001 Symantec Corporation, All Rights Reserved Ways to win.. Proactive security – mitigate your risk (do not just rely on technology..) Threats are defeated by Information + Technology Superior response capability “In-source” / outsource Size and flexibility in defence
22 – 2001 Symantec Corporation, All Rights Reserved References Symantec Figures: Internet Security Threat Report Volume II http://enterprisesecurity.symantec.com/content.cfm?EID=0&ArticleID=1539 Blended Threats: http://www.informationweek.com/story/IWK20020516S0020 http://www.symantec.com/symadvantage/012/blended.html Sleeper Virus:http://news.zdnet.co.uk/story/0,,t269-s2083648,00.html Shatter Attacks:http://security.tombom.co.uk/shatter.html Cross Site Scripting: http://www.securiteam.com/securityreviews/5FP000A81E.html Biometrics – BBC:http://news.bbc.co.uk/1/hi/sci/tech/1991517.stm Airborne Virus:http://www.networkmagazine.com/article/NMG20001130S0001/2 Ross Ashby:http://pespmc1.vub.ac.be/ASHBBOOK.html
Your consent to our cookies if you continue to use this website.