Module F

1
(No Transcript)
2
Information Assurancevulnerabilities, threats,
and controls

• Dr. Wayne Summers
• TSYS Department of Computer Science
• Columbus State University
• Summers_wayne_at_colstate.edu
• http//csc.colstate.edu/summers

3
(No Transcript)
4
SQL Slammer

• It only took 10 minutes for the SQL Slammer worm
  to race across the globe and wreak havoc on the
  Internet two weeks ago, making it the
  fastest-spreading computer infection ever seen.
• The worm, which nearly cut off Web access in
  South Korea and shut down some U.S. bank teller
  machines, doubled the number of computers it
  infected every 8.5 seconds in the first minute of
  its appearance.
• It is estimated that 90 of all systems that fell
  victim to the SQL Slammer worm were infected
  within the first 10 minutes.

5
BLASTER

• On Aug. 11, the Blaster virus and related bugs
  struck, hammering dozens of corporations.
• At least 500,000 computers worldwide infected
• Maryland Motor Vehicle Administration shut its
  offices for a day.
• Check-in system at Air Canada brought down.
• Infiltrated unclassified computers on the
  Navy-Marine intranet.
• In eight days, the estimated cost of damages
  neared 2 billion.

6
SOBIG.F

• Ten days later, the SoBig virus took over,
  causing delays in freight traffic at rail giant
  CSX Corp. forcing cancellation of some
  Washington-area trains and causing delays
  averaging six to 10 hours.
• Shutting down more than 3,000 computers belonging
  to the city of Forth Worth.
• One of every 17 e-mails scanned was infected (AOL
  detected 23.2 million attachments infected with
  SoBig.F)
• Worldwide, 15 of large companies and 30 of
  small companies were affected by SoBig -
  estimated damage of 2 billion.

7
Information Assurance

• Definitions
• Vulnerabilities
• Threats
• Controls
• Conclusions

8
Computer Security

• the protection of the computer resources against
  accidental or intentional disclosure of
  confidential data, unlawful modification of data
  or programs, the destruction of data, software or
  hardware, and the denial of one's own computer
  facilities irrespective of the method together
  with such criminal activities including computer
  related fraud and blackmail. Palmer

9
Definitions

• vulnerability - weakness in the security system
  that might be exploited to cause a loss or harm.
• threats - circumstances that have the potential
  to cause loss or harm. Threats typically exploit
  vulnerabilities.
• control - protective measure that reduces a
  vulnerability or minimize the threat.

10
Vulnerabilities reported

• 1995-1999
• 2000-2003
• In 2002 over 80 vulnerabilities in IE patched
  There are currently 24 items, updated on
  2004/01/27. http//www.safecenter.net/UMBRELLAWEB
  V4/ie_unpatched/index.html
• Incidents reported increased from 82,094 in 2002
  to 137,529 in 2003

11
Security Incidents

• Total incidents reported (1988-2003) 319,992. An
  incident may involve one or thousands of sites
  and incidents may last for long periods.
• Source CERT/CC

12
Vulnerabilities

• Todays complex Internet networks cannot be made
  watertight. A system administrator has to get
  everything right all the time a hacker only has
  to find one small hole. A sysadmin has to be
  lucky all of the time a hacker only has to get
  lucky once. It is easier to destroy than to
  create.
• Robert Graham, lead architect of Internet
  Security Systems

13
Recent News

• November 29, Washington Post - Hackers find cell
  phones next weak link to exploit -Virus converts
  each icon into a death's head
• November 05, Asbury Park Press (NJ) - Computer
  virus hits state offices. Drivers and applicants
  endured sometimes long waits at the newly
  overhauled New Jersey Motor Vehicle Commission's
  (MVC) offices on three days last week after a
  hard charging computer virus struck its statewide
  system.
• A survey conducted by Internet service provider
  America Online Inc. found that 20 of home
  computers were infected by a virus or worm, and
  that various forms of snooping programs such as
  spyware and adware are on a whopping 80 of
  systems. Even so, more than two-thirds of home
  users think they are safe from online threats.
  ComputerWorld, OCTOBER 25, 2004
• A zero-day exploit targeting one of the latest
  Microsoft flaws was publicly announced Tuesday,
  just one week after Microsoft announced a record
  number of 10 security bulletins, seven of them
  critical. 20 Oct 2004 SearchSecurity.com
• The Gartner Group estimates that in the last
  year, 57 million U.S. adults received phishing
  e-mails, of which 11 million clicked on the
  provided links, and 1.78 million provided
  passwords and other sensitive personal
  information. In total, the scams resulted in
  fraud losses of 2.4 billion. Gartner report,
  June 2004
• IM Worms could spread in seconds Symantec has
  done some simulationsand has found that half a
  million systems could be infected in as little as
  30 to 40 seconds. InternetWeek Jun 21

14
Virus? Use this patch immediately !

• Dear friend , use this Internet Explorer patch
  now!
• There are dangerous virus in the Internet now!
• More than 500.000 already infected!
• E-mail from "Microsoft ltsecurity_at_microsoft.comgt

15
Malware and other Threats

• Viruses / Worms (over 100,000 viruses 11/2004)
• 1987-1995 boot program infectors
• 1995-1999 Macro viruses (Concept)
• 1999-2003 self/mass-mailing worms (Melissa-Klez)
• 2001-??? Megaworms blended attacks (Code Red,
  Nimda, SQL Slammer, Slapper)
• Trojan Horses
• Remote Access Trojans (Back Orifice)
• Computer parasites (pests spyware, BHOs,
  keylogger, dialers, SPIM)
• Computer security company Trend Micro detected
  1,485 viruses in September 2004, a 600
  increase over the 250 spotted a year ago. Of
  those, 45 were Trojan horses attempting to steal
  personal data, the company said. The company also
  reported a surge in zombie networks, saying it
  had found 400 programs in the past month compared
  with 17 a year ago.

16
Social Engineering

• we have met the enemy and they are us POGO
• The greatest security risk facing large companies
  and individual internet users over the next 10
  years will be the increasingly sophisticated use
  of social engineering to bypass IT security
  defences, according to analyst firm Gartner.
  ZDNet Australia, November 01, 2004
• Social Engineering getting people to do things
  that they wouldnt ordinarily do for a stranger
  The Art of Deception, Kevin Mitnick

17
Controls

• Reduce and contain the risk of security breaches
• Security is not a product, its a process
  Bruce Schneier Using any security product
  without understanding what it does, and does not,
  protect against is a recipe for disaster.
• Security is NOT installing a firewall.

18
Defense in Depth

• Antivirus
• Keep it up to date
• Deploy a Firewall
• Review settings and logs frequently
• Authentication Techniques (passwords, biometric
  controls)
• Disable or secure file shares
• Keep your patches up-to-date
• BACKUP

19

• The most potent tool in any security arsenal
  isnt a powerful firewall or a sophisticated
  intrusion detection system. When it comes to
  security, knowledge is the most effective tool
• Douglas Schweizer The State of Network
  Security, Processor.com, August 22, 2003.

20
Resources

• http//www.sans.org
• http//www.cert.org
• http//www.cerias.purdue.edu/
• http//www.linuxsecurity.com/
• http//www.linux-sec.net/
• http//www.microsoft.com/security/
• Cuckoos Egg Clifford Stoll
• Takedown Tsutomu Shimomura
• The Art of Deception Kevin Mitnick

21
COMPUTER SECURITY DAYNovember 30, 2004
ACCENTUATE THE POSITIVE