Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported.

Published byVictor Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported."— Presentation transcript:

1 Recent Security Threats & Vulnerabilities Computer security Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported by U. S. Department of Energy contract DE-AC02-76SF00515

2 18 October 2004HEPiX - Fall 20042 Windows uRecent Windows Vulnerabilities uWindows patching uPhishing and viruses uWeb exposures (IE) uSpyware uXP SP2

3 18 October 2004HEPiX - Fall 20043 Recent Windows Vulnerabilities uASP.NET path vulnerability uGDI+ jpeg (can’t just block jpegs) uIE patches – lots; Outlook Express update uNetDDE (not enabled by default) uWindows shell (exploit thru web) uIIS (document footer javascript) uAllows code execution: NNTP; SMTP, zipped folders; Excel; WP converter; HTML Help; Task Scheduler; POSIX (old sys)

4 18 October 2004HEPiX - Fall 20044 Windows Patching uPatches do _NOT_ get e-mailed to you! uWindows systems in Active Directory can be patched automatically (mostly) uOffsite users must do their own patching uMay investigate ”bigfix” as partial solution l Support for Linux / Macintosh l Non-Ad users l Non Microsoft software (winzip, realplayer, acrobat) l http://www.bigfix.com/products/products_patch.html http://www.bigfix.com/products/products_patch.html

5 18 October 2004HEPiX - Fall 20045

6 18 October 2004HEPiX - Fall 20046 Recent Phishing E-mail

7 18 October 2004HEPiX - Fall 20047 E-Mail Attacks & Protection uPhishing = Emails (and phonecalls) engineered to get information from you or just to get you to click and download virus uNeed to have Multi-Level Protection l Email gateways strip attachments l Exchange/desktop AV detects & removes l Gateway tags as [SPAM:###] if a link in the e- mail would download malicious code

8 18 October 2004HEPiX - Fall 20048 Don’t Take the Bait

9 18 October 2004HEPiX - Fall 20049 Forged FDIC E-mail

10 18 October 2004HEPiX - Fall 200410 Fake FDIC Website

11 18 October 2004HEPiX - Fall 200411 Real FDIC Website

12 18 October 2004HEPiX - Fall 200412 E-mail With Virus Attached

13 18 October 2004HEPiX - Fall 200413 AD & SUS->WUS uProblematic patching l Office vs.Windows Update l Require product CD? uXP will have improvements (someday) l Who let them name it WUS? http://www.wordsculpture.se/english_corner/slang.asp l But sites still must address non-MS software

14 18 October 2004HEPiX - Fall 200414 Viruses uMore sophistication uRun automatically uLeave backdoors; smtp for spam uKeyboard loggers uAlert Oct 18, 2004 – bypass AV for McAfee, CA, Sophos, Kaspersky, Eset, RAV zip file checking

15 18 October 2004HEPiX - Fall 200415 IE Exposures uUnpatched vulnerabilities uCannot escape IE (but can control) uXP SP2 has fixed some problems uThere is still problem of user knowledge

16 18 October 2004HEPiX - Fall 200416 Spyware uInvade privacy uKeyloggers compromise security uAllowed by some AV products l User agrees to software’s actions through license agreement uUS state and federal legislation will solve the problem (just like with SPAM) - NOT

17 18 October 2004HEPiX - Fall 200417 XP SP2 uProblem areas l Spyware causes bluescreen l Popup blocking causes problems w/ some sites l Multiple firewalls cause conflicts uNeed to allow vulnerability scanning l ICMP off by default (no ping response) l Open ports fo file / print sharing or l Run software agent that can be “contacted”

18 18 October 2004HEPiX - Fall 200418 Unix & Linux uLocal Exploits = Remote Exploits uSamba uLSF – rtok lsadmin eauth uPHP in web servers uchown udrivers (sparse code chking tool) usendmail usshd – scanning for weak passwords

19 18 October 2004HEPiX - Fall 200419 Fedora uSupports RH 7.3 and RH 9 uSecurity fixes can take several months after vulnerability is announced uLarge pkg of fixes released Oct 18, 2004 uISO9660, Soundblaster, file offset pointers, nfs group ID, drivers, several integer oveflows, other DOS, memory leaks, information leaks.

20 18 October 2004HEPiX - Fall 200420 Universities & Labs uExploits against Solaris, AIX, Linux uAttacker(s) are knowledgeable uInstall SK rootkit on Linux uInstall trojaned sshd l gets passwords from keyboard/tty entry l accesses RSA keys l CERN break-in (LXPLUS) recent example (LSF) uAre one time password tokens in your future?

21 18 October 2004HEPiX - Fall 200421 Universities and Labs (cont) uUser “klogd” scans for open X sessions uForwards captured passwds thru port 8181 uUsed on patched machines uJust notified sites in US (USC, UCSB, NYU, Princeton, PSU, etc) of problems. uAlso RAL, Fermilab, SLAC, Cornell, Bristol, INFN, Stanford

22 18 October 2004HEPiX - Fall 200422 Cisco uCatOS – Telnet, HTTP, SSH uBGP – another DOS

23 18 October 2004HEPiX - Fall 200423 Macintosh uSafari – open in browser; javascript uDisk image mounter ulibpng ukerberos ursync uOpenSSH uiChat uQuickTime

24 18 October 2004HEPiX - Fall 200424 Other Vulnerabilities uAXIS video camera and server uIM – gaim, AIM & Yahoo Messenger uCVS uRealPlayer uWinzip uWeb HP JetAdmin uAcrobat Reader 6.0 uFirewire (announced Nov 11)

25 18 October 2004HEPiX - Fall 200425 Email uEvils of HTML email l It’s big & it hides bad stuff uPhishing scams l Citibank, eBay, PayPal, Wells Fargo uOutlook 2003 setting (reg for Outlook XP) uNew default for Outlook Express

26 18 October 2004HEPiX - Fall 200426 Outlook 2003 Tools -> Options -> Preferences

27 18 October 2004HEPiX - Fall 200427 Final Thoughts uAttacks coming faster; attackers getting smarter uNo simple solution works l Patching helps l Firewalls help l AV & attachment removal help l Encrypted passwords/tunnels help uYou can’t be “secure”; only “more secure” uWe must share information better

28 What is the Most Important Component of Computer Security? YOU!

Download ppt "Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported."

Similar presentations

Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2004 – Edinburgh, UK Work supported by.

Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2004 – Edinburgh, UK Work supported by.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.

How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.

Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
How to Protect Your PC Grayware Adware, Malware, Spyware.

How to Protect Your PC Grayware Adware, Malware, Spyware.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Security. Physical security Protection from fire/water Protection from dust and extremes of temperature.

Security. Physical security Protection from fire/water Protection from dust and extremes of temperature.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.

Similar presentations

Ads by Google