Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October."— Presentation transcript:

1 University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October 2003

2 University of WashingtonComputing & Communications Major Attacks Dec 2000: Hospital records release Jul 2001: Microsoft web server (Code Red) Sep 2001: Microsoft web server (Nimda) Mar 2002: SSH libraries (e.g. Slapper) Jun 2002: DNS libraries Aug 2002: The Great Spam Attack Jan 2003: Microsoft SQL (Slammer) Jul 2003: Microsoft RPC (Blaster, etc) Aug 2003: SoBig.F virus

3 University of WashingtonComputing & Communications January 2003: Microsoft SQL (Slammer) Allows system takeover Aggressive spread (unintended DOS?) Many vulnerable applications High impact on network routers Significant collateral damage to adjacent computers/subnets Simple port blocking damages legit traffic

4 University of WashingtonComputing & Communications Slammer Impact on UW Older routers failed under load Hard to identify/shutoff source during attack Some critical subnets affected for many hours Older net infrastructure hampers defense –Accelerated phase-out of older routers –Hubs/Switches/wireplant still a problem Improved locate/isolate tools

5 University of WashingtonComputing & Communications July 2003: Microsoft RPC (Blaster, etc.) Several variants (directed & worm attacks) Some attacks allow system takeover Windows vulnerability: all recent versions Two Microsoft patches (so far) Border blocking: –effective only temporarily –breaks popular applications –or forces deployment of VPNs

6 University of WashingtonComputing & Communications RPC Impact on UW Windows infection rate: over 20% (6200) Mean-Time-To-Infection: 2 minutes > 12,000 msgs handled by SecOps in Sept Lots of tools developed to detect/block/fix –real-time auto-blocking –self-service unblocking –internal patch page CD campaign for returning students

7 University of WashingtonComputing & Communications Security Trouble Ticket Trend

8 University of WashingtonComputing & Communications RPC Impact Elsewhere UNC: med center - “total infection” Uchicago: $1000 reconnect fee? Evergreen: “virtually shutdown” Several: contracts w/students, fees to fix Everywhere: enormous costs

9 University of WashingtonComputing & Communications SoBig.F Virus Ultra aggressive Forged addresses, bogus auto-responses JUL: 17M messages in, 48K viruses AUG: 25M messages in, 6M viruses Believed to aid spammers Phase II attack thwarted Self-terminated on Sept 10 “most widely e-mailed virus ever”

10 University of WashingtonComputing & Communications Lessons Huge strategic problem for UW Huge costs and risks ahead Only decision to make: –do we pay for prevention?, or –do we pay for clean-up? Prevention requires paradigm shift –unmanaged PCs must be eliminated –lots of network upgrades & tools needed 2003 is a turning point

Download ppt "University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October."

Similar presentations

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.
1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.

1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.

Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.

The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.
Protect Your Computer Protect Your Work Computing & Communications.

Protect Your Computer Protect Your Work Computing & Communications.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
VIRUS Jan Damsgaard Dept. of Informatics Copenhagen Business School

VIRUS Jan Damsgaard Dept. of Informatics Copenhagen Business School

Similar presentations

Ads by Google