Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

7 Effective Habits when using the Internet Philip O’Kane 1.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Enterprise Network Security Accessing the WAN Lecture week 4.
Network security policy: best practices
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Computer Crime and Information Technology Security
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Introduction to Computer Ethics
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
CPT 123 Internet Skills Class Notes Internet Security Session A.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Randy Beavers CS 585 – Computer Security February 19, 2009.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Topic 5: Basic Security.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Module 11: Designing Security for Network Perimeters.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
CSCE 548 Secure Software Development Security Operations.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Computer Security By Duncan Hall.
Bahasa Inggris 3 Arranged by Pikir Wisnu Wijayanto, M.Hum Aris Hermansyah, S.S. Prodi D3 Manajemen Informatika Fakultas Ilmu Terapan Universitas Telkom.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
MIS323 – Business Telecommunications Chapter 10 Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
1 What will be the Coming Super Worms and Viruses By Alan S H Lam.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Performing Risk Analysis and Testing: Outsource or In-house
Cybersecurity - What’s Next? June 2017
Critical Security Controls
Patch Management Patch Management Best Practices
Security Standard: “reasonable security”
Viruses and Other Malicious Content
Nessus Vulnerability Scanning
Intrusion Detection system
Computer Emergency Response Team
Presentation transcript:

Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002

Presented by… This presentation is by the DePaul University Information Security Team. Visit us at

Risks

Information Security Encompasses… Computer Security Network Security Data Security

Threats Generally, attackers fall into one of three categories. Script Kiddiez – scum of the earth, limited skills, enjoy easy attacks, etc. Hackers – curious individuals with a “need to know”. Crackers – malicious attackers with advanced skills, able to write and implement exploit code, etc.

Victims Who is at risk? Institutions Corporations Home Users Governments

Motives The underground hacking world has many motives including: Political Statements Turf Wars between Hacking Groups Financial Gain Arrogance Curiosity Boredom

Motives (cont’d) These motives are surely bound to carry into the “overground” in the form of Industrial Espionage Financial Gain Political Statements

Attacks Denial or interruption of Services Elevation of privileges permitting access to sensitive data Destruction, modification or theft of data Identity theft, forgery or impersonation

Statistics

Incident Reports The CERT Coordination Center (CERT/CC) gathered the following annual incident statistics [1]. 1997: 2, : 3, : 9, : 21, : 52, (Q1): 26,829

Published Vulnerabilities CERT/CC also maintains the following statistics on public vulnerability reports [1]. 1997: : : : 1, : 2, (Q1): 1,065

Threat Analysis

Our threat analysis will focus on Internet worms

Morris Internet Worm Unleashed on 02 November 1988 by Robert Morris Jr. Experimental code not intended to cause widespread infection Infected approximately 6000 hosts, which equaled 10% of the Internet in 1988 Exploited UNIX and VAX operating system variants through rsh/rexec, sendmail and finger applications Proved the weaknesses of such unauthenticated protocols

“Code Red version 2” Release Date: July 19, 2001 Known as a “worm” as the program connected, infected and replicated itself onto other hosts Infected more than 359,000 unique hosts within 14 hours At peak infection time 2,000 new hosts were infected per minute Infected unpatched Microsoft IIS web servers Continued on, after infection, to attack local and remote hosts Was concerned with quantity, not quality, of infection Exploited a known vulnerability from June 18, 2001.

“Code Red version 2” (cont’d) Exploited known vulnerabilities Maintained an intelligent engine for scouting out new victims Brought the “worm” to new levels.

Common Ground The Morris and CRv2 worms, 13 years apart, both used the same common methods of attack. Attacked vulnerable unauthenticated applications and protocols Spread via network, and not disk-to-disk transfer (as viruses spread) Were fairly intelligent in design and infection methods

Lessons Learned Worms can be more intelligent than we would hope The impact of a worm can reach catastrophic levels and threaten critical infrastructure components of daily life Vendors continue to distribute vulnerable code; even after such vulnerabilities are discovered! One cannot trust the vendor solely for security Research and development of information security tools and procedures can assist in mitigating attacks

No End in Sight New viruses and worms are released daily. Many new automated attacks focus on circumventing firewalls and monitoring devices through the manipulation of peer to peer communication. Exploits are plenty in the underground.

Impact

University Environment Distributed in nature Continuously growing A known “playground” for attackers Increased risks due to the lack of centralized security Requires active management efforts and monitoring of systems

University Env. (cont’d) Different groups within the organization require different policies and procedures Centralized security policies are necessary

Recommendations

Centralization Commission INFOSEC to draft recommendations for the University including Acceptable Use Policies Installation and Configuration Guidelines Response Procedures and Incident Handling Guidelines

Centralization (cont’d) Implement a University-wide committee dedicated to increasing the security posture of the University, and act as a role model for other organizations

Enforcement Require new hosts, or network resources, to abide by guidelines set forth in University-wide policies Recommend departmental audits of critical resources on a recurring basis

Management Departments should allocate a technical contact responsible for each resource If not possible, require unmanaged systems to be taken over by Information Systems (IS)

The End Thank you for your time and attention

Please Visit… … our website at …

References [1] CERT/CC Statistics

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.