Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

Published bySuzan Bishop Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy."— Presentation transcript:

1 Computer Security Update Bob Cowles, SLAC bob.cowles @ stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy contract DE-AC03-76SF00515

2 23 Oct 2003HEPiX - TRIUMF2

3 23 Oct 2003HEPiX - TRIUMF3 Slammer Impact

4 23 Oct 2003HEPiX - TRIUMF4 Australia Japan Korea China India

5 23 Oct 2003HEPiX - TRIUMF5 http://www.microsoft.com/security/security_bulletins/

6 23 Oct 2003HEPiX - TRIUMF6

7 23 Oct 2003HEPiX - TRIUMF7 MSBlaster Released MSBlaster at SLAC

8 23 Oct 2003HEPiX - TRIUMF8 FireWall Log – Infected Machines Sep 16 18:29:18 icmp 134.79.137.220 -> 134.79.72.98 (8/0) Sep 16 18:29:19 icmp 134.79.137.220 -> 134.79.72.198 (8/0) Sep 16 18:29:20 icmp 134.79.137.220 -> 134.79.73.42 (8/0) Sep 16 18:38:46 tcp 134.79.137.220(3325) -> 134.76.2.205(135) Sep 16 18:38:47 tcp 134.79.137.220(3169) -> 134.76.2.48(135) Sep 16 18:38:48 tcp 134.79.137.220(3249) -> 134.76.2.128(135) Sep 16 18:40:06 icmp 134.79.129.243 -> 134.79.72.0 (8/0) Sep 16 18:40:06 icmp 134.79.129.243 -> 134.79.72.64 (8/0) Sep 16 18:40:07 icmp 134.79.129.243 -> 134.79.72.128 (8/0) Sep 16 18:40:17 tcp 134.79.136.68(4107) -> 134.79.124.0(135) Sep 16 18:40:18 tcp 134.79.136.68(4194) -> 134.79.124.98(135) Sep 16 18:40:19 tcp 134.79.136.68(4292) -> 134.79.124.196(135) Sep 16 22:28:25 tcp 134.79.129.243(4413) -> 134.76.24.39(135) Sep 16 22:28:26 tcp 134.79.129.243(4377) -> 134.76.22.41(135) Sep 16 22:28:27 tcp 134.79.129.243(4383) -> 134.76.22.113(135)

9 23 Oct 2003HEPiX - TRIUMF9 Infection Sources @ SLAC 32%VPN 22%DHCP (reg, internal network) 20%Fixed IP On vacation, laptop infected outside, etc. 14%Infected during build / patch 12%Dialup

10 23 Oct 2003HEPiX - TRIUMF10 Blaster - Easy to Get Infected 09/29/103 11:46:42 Host: 134.79.25.55 Port: 135 TCP Blocked 09/29/103 11:46:41 Host: 134.79.25.55 Port: 135 TCP Blocked email @ 12:21pm: Bob, is host "illusion" yours, as per my so-called memory? But the mac addr is registered to Richard Mount... Sep 29 11:41:37 dhcp2 dhcpd: DHCPACK on 134.79.25.55 to 00:10:a4:e4:2a:b8 (illusion) host roam-rmount2 { hardware ethernet 00:10:a4:e4:2a:b8; }# 01/25/00 # PC54566, Richard Mount

11 23 Oct 2003HEPiX - TRIUMF11 https://rhn.redhat.com/errata/rh73-errata-security.html

12 23 Oct 2003HEPiX - TRIUMF12

13 23 Oct 2003HEPiX - TRIUMF13

14 23 Oct 2003HEPiX - TRIUMF14

15 23 Oct 2003HEPiX - TRIUMF15 http://docs.info.apple.com/article.html?artnum=61798

16 23 Oct 2003HEPiX - TRIUMF16

17 23 Oct 2003HEPiX - TRIUMF17

18 23 Oct 2003HEPiX - TRIUMF18

19 23 Oct 2003HEPiX - TRIUMF19 http://sunsolve.sun.com/pub-cgi/show.pl?target=security/sec

20 23 Oct 2003HEPiX - TRIUMF20

21 23 Oct 2003HEPiX - TRIUMF21 http://www.cisco.com/warp/public/707/advisory.html

22 23 Oct 2003HEPiX - TRIUMF22

23 23 Oct 2003HEPiX - TRIUMF23 It Sucks Not to Patch Popular rookit in many variations Hides files, directories, processes; precompiled password With keyboard and/or ssh sniffers Listens on *all* open ports for backdoor Any port open inbound allows backdoor signal, sk thens opens outbound tcp for encrypted shell connection

24 23 Oct 2003HEPiX - TRIUMF24 suckit (cont) Home page http://hysteria.sk/sd/http://hysteria.sk/sd/ Latest versions not publicly available Also find exploits for –ptrace –sendmail 8.11.x

25 23 Oct 2003HEPiX - TRIUMF25 Last 24 Hours Last 30 Days http://www.trendmicro.com/map/

26 23 Oct 2003HEPiX - TRIUMF26 Ballmer @ Gartner ITXpo Windows has fewer vulnerabilities than RH Linux [RH6] No roadmap for Linux. There’s nobody to hold accountable for security issues The security of Microsoft products is our top priority. We have our best brains on it. We understand this is an issue of customer satisfaction. http://www.theregister.co.uk/content/4/33522.html

27 23 Oct 2003HEPiX - TRIUMF27 Microsoft @ Stanford Universities tend to be a worst case Diverse, unmanaged –Population –Hardware –Software Unlikely to fit into AD model Stanford had 8000 machines compromised by Blaster BEFORE students returned for classes

28 23 Oct 2003HEPiX - TRIUMF28 Feedback to Microsoft Clear & meaningful impact statements Fix IE (30+ outstanding bugs) Reduce the attack vector (profile services) Don’t require license check for security patches (e. g. MS Office CD) No tie-in to IE (no active scripting)

29 23 Oct 2003HEPiX - TRIUMF29 Feedback to Microsoft (cont) Open up patching tools and process Understand 3 rd party tools +/- Allow other vendors to use same tools for their Windows products Provide feedback on real patch status (local & remote) Need general patch deployment tool not requiring AD

30 23 Oct 2003HEPiX - TRIUMF30 Conclusions [Unchanged from last year] Poor administration is still a major problem Firewalls cannot substitute for patches Multiple levels of virus/worm protection are necessary Clue is more important than open source

31 23 Oct 2003HEPiX - TRIUMF31 No Easy Solutions Questions?

Download ppt "Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy."

Similar presentations

Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.

Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Denise Heagerty, CERN, HEPiX Meeting Oct 20031 HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,

Denise Heagerty, CERN, HEPiX Meeting Oct HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Fermilab VPN Service What is a VPN ?.

Fermilab VPN Service What is a VPN ?.
Managed Host Security – Patch Management   BigFix Deployment April-September 2004 Jay Stamps, ITSS Turing Auditorium, May 21, 2004.

Managed Host Security – Patch Management   BigFix Deployment April-September 2004 Jay Stamps, ITSS Turing Auditorium, May 21, 2004.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at RAL 09 Dec 2002 Work supported by U. S. Department of Energy contract.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at RAL 09 Dec 2002 Work supported by U. S. Department of Energy contract.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Cyber Patriot Training

Cyber Patriot Training
Laptops and Computer Security Gareth Smith. Current Situation in PPD Standardised on Dells (D400, D600) Total bought to date by department: ~50. Loan.

Laptops and Computer Security Gareth Smith. Current Situation in PPD Standardised on Dells (D400, D600) Total bought to date by department: ~50. Loan.

Similar presentations

Ads by Google