THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.

Slides:



Advertisements
Similar presentations
A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.
Advertisements

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
By Hiranmayi Pai Neeraj Jain
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© 2004 Internet Security Systems. All rights reserved. Contents are property of Internet Security Systems. Beyond Intrusion Detection - Prevention & Protection.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.
Copyright Silicon Defense Worm Overview Stuart Staniford Silicon Defense
Yan Chen Dept. of Computer Science Northwestern University Information Security Curriculum Development in Northwestern.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 IS 8950 Managing Network Infrastructure and Operations.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Hosted Security: Complete Protection With A Peace Of Mind Leonard Sim Client Services Manager – South Asia Symantec Hosted Services 1.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense Cliff C. Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.
Herbert Thompson, Ph.D., CISSP Chief Security Strategist People Security Software Security.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Module 11: Designing Security for Network Perimeters.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
1 Very Fast containment of Scanning Worms By: Artur Zak Modified by: David Allen Nicholas Weaver Stuart Staniford Vern Paxson ICSI Nevis Netowrks ICSI.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.
Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
Chapter 8 System Management Semester 2. Objectives  Evaluating an operating system  Cooperation among components  The role of memory, processor,
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
By: Austen Perelman-Hall COSC 101 Presentation.  What is a worm? What is a virus?  What is the Red Worm?  Where did it come from? Causes  Effects.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.
Internet Quarantine: Requirements for Containing Self-Propagating Code
Chapter 7: Identifying Advanced Attacks
Microsoft’s Security Strategy
Security in Networking
Intrusion Prevention Systems
Networking for Home and Small Businesses – Chapter 8
CSE551: Introduction to Information Security
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Introduction to Internet Worm
Using Software Restriction Policies
Presentation transcript:

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business Case Study Presentation 09 June 2007 by The Loop Group Farney, Heilprin, Leonard

: THE END OF REACTIVE NETWORK SECURITY The Year of the Worm; (3) major worms released July-September 2001 Code Red -$2.6bn estimated damage -Simple buffer overflow infected 350,000+ hosts in single day Code Red II -Same attack vector (.ida), but different signature Nimda -Mass-mailing, multivariate attack All based on previously released and patched vulnerabilities -MS01-033, MS00-052, MS00-078, MS A/V software useless Used firewall ports not needed (externally) in the first place -135, 137, 138, 139, 445, 593, 1639, , % Preventability!

- 2 - “HEROIC IT” NOT ENOUGH, PEOPLE AND PROCESS REQUIRED Speed of attack dispersion and increased geographic expansion make it impossible to react to today’s threats Design and deploy network security operations infrastructure in which automatic patch management plays central role -Vulnerabilities addressed on release day (making test assumption) Proactively tighten defenses -“deny all” vs. “allow all” on interior firewall interfaces -Perform network analysis to determine required business functions and corresponding ports, deny all else (1)Heroic IT Management Is No Longer Enough, Diamond Cluster Viewpoint, attacks responsible for major shift in corporate defenses

- 3 - NEXT PARADIGM SHIFT: STRING SCANNING -> HEURISTICS Zero Day attacks becoming more common Virus definitions and patches not available “Ex post mechanism is folly- by focusing on catching attack of the past, you miss the attack of the future” 1 A new proactivity required: behavior based security Create behaviors for which to look for, not specific strings Heuristics is the only way to protect against Zero Day attacks -Looks for anomalous activity like -Use off the shelf software, security services, or product like Internet Motion Sensor -Most A/V software today uses heuristics at some level ·Most effective are agent-based products dedicated to this type of analysis (1)The Efficacy of Network-Level SPAM Mitigation, Sean Farney, MITP 458, 2007

- 4 - PERSONAL LESSONS LEARNED Globally dispersed operations offers challenges Follow-the-sun staffing great for finite day-to-day tasks, but can impede focus on large events -Lack of 24x7 line responsibility allows transition gaps and requires re-activation energy Consider centralization and/or sourcing to true 24x7 model/provider for consistent and efficient handling of operations Patching systems, either internally or externally, produce same effect Remove human element from revision compliance Commonplace now, but still new in 2001 Fight battles before they start, be as proactive as possible The Freedom 1 of “Deny All” (1)See Nietzsche’s Twilight of the Idols

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.