John Scrimsher, CISSP, CCNA - PowerPoint PPT Presentation


Title: John Scrimsher, CISSP, CCNA


1
Host Based Security
  • John Scrimsher, CISSP, CCNA
  • jps_at_hp.com

2
Why Host Based Security?
  • Perimeter Security vs. Host Based

66
34
3
Why Host Based Security?
  • Malware
  • Internal Threats
  • Employee Theft
  • Unpatched systems

4
What is Malware?
  • Anything that you would not want deliberately
    installed on your computer.
  • Viruses
  • Worms
  • Trojans
  • Spyware
  • More

5
Where are the threats?
  • Un-patched Computers
  • Email
  • Network File Shares
  • Internet Downloads
  • Social Engineering
  • Blended Threats
  • Hoaxes / Chain Letters

6
Privacy - Phishing
  • Email messages sent to large distribution lists.
  • Disguised as legitimate businesses
  • Steal personal information

7
Privacy - Identity Theft
  • Since viruses can be used to steal personal data,
    that data can be used to steal your identity
  • Phishing
  • Keystroke loggers
  • Trojans
  • Spyware

8
Social Engineering
  • 70 percent of those asked said they would
    reveal their computer passwords for a

Bar of chocolate
Schrage, Michael. 2005. Retrieved from
http//www.technologyreview.com/articles/05/03/iss
ue/review_password.asp?p1
9
Legal Issues
  • Many countries are still developing laws
  • Privacy Laws
  • Investigations
  • Content Security
  • Instant Messaging
  • Internet Email

10
Kaspersky Quote
  • "It's hard to imagine a more ridiculous
    situation a handful of virus writers are playing
    unpunished with the Internet, and not one member
    of the Internet community can take decisive
    action to stop this lawlessness.
  • The problem is that the current architecture of
    the Internet is completely inconsistent with
    information security. The Internet community
    needs to accept mandatory user identification -
    something similar to driving licenses or
    passports.
  • We must have effective methods for identifying
    and prosecuting cyber criminals or we may end up
    losing the Internet as a viable resource."
  • Eugene KasperskyHead of Antivirus Research

11
Notable Legal History
  • Robert Morris Jr. - WANK worm. First internet
    worm ever created, set loose by accident across
    the internet.
  • Randal Schwartz - hacked into Intel claiming he
    was trying to point out weaknesses in their
    security.
  • David Smith - Melissa. First known use of
    mass-mailing technique used in a malicious
    manner. Some jail time.
  • OnTheFly, The Netherlands - Anna virus using
    worm generator tool. The writer was a youth who
    was remorseful but little was done to punish
    him.
  • Philippines - Loveletter. No jail time because
    there were no laws.
  • Jeffrey Lee Parsons 2005 18 months in prison
    for variant of Blaster worm.

12
Regulatory Issues
  • Sarbanes Oxley Act (2002)
  • Graham-Leach-Bliley Act (1999)
  • Health Information Portability and Accountability
    Act (1996)
  • Electronic Communications Privacy Act (1986)

13
What is Managements role?
  • Management ties everything together
  • Responsibility
  • Ownership
  • Security is a Mindset, not a service. It must be
    a part of all decisions and implementations.

14
Business Management
  • Business Acquisition Questions
  • Are the acquired assets as secure as your
    company?
  • What are the network integration plans during an
    outbreak?
  • Is Security software sufficient
  • Updated
  • Patched
  • Emergency segregation of networks

15
Vulnerability Lifecycle
0-day is a fallacy
16
Instant Messaging
  • Confidential Information Leakage
  • Business needs
  • Privacy of employees

17
Now, what do we do about it?
  • C.I.A. Security Model
  • Confidentiality
  • Integrity
  • Availability
  • Current Solutions
  • Antivirus / AntiSpyware
  • Personal Firewall / IDS / IPS
  • User Education

18
How do these products help?
  • Host Firewall / IPS blocks many unknown and known
    threats

19
How do these products help?
  • Antivirus Captures Threats that use common access
    methods
  • Web Downloads
  • Email
  • Application Attacks (Buffer Overflow)

VBSim demo
20
Educated Users Help
  • The biggest threat to the security of a company
    is not a computer virus, an unpatched hole in a
    key program or a badly installed firewall. In
    fact, the biggest threat could be you. What I
    found personally to be true was that it's easier
    to manipulate people rather than technology. Most
    of the time organizations overlook that human
    element.

Mitnick, Kevin, How to Hack People. BBC
NewsOnline, October 14, 2002.
21
How do these products help?
  • User Education
  • Dont open suspicious email
  • Dont download software from untrusted sites.
  • Patch

22
Things to look for
  • Abnormal computer activity
  • Disk access
  • CPU utilization
  • Network activity
  • Bank Histories
  • Unfamiliar transactions
  • Small but numerous transactions
  • Audit trails

23
Open Source
  • Shared information
  • Business Models
  • Is it more secure?
  • Development model
  • Security reviewers tend to be the same people
    doing the proprietary reviews
  • Value in education
  • Lots of good security tools

24
Open Source - Browsers
  • Firefox vs. Internet Explorer
  • Vulnerabilities reported in 2005
  • Internet Explorer
  • SecurityFocus 43
  • Secunia Research 9
  • Symantec - 13
  • Firefox
  • SecurityFocus 43
  • Secunia Research 17
  • Symantec - 21

What about shared vulnerabilities? Plugins, WMF
images
25
On the Horizon - Microsoft
  • Targeted because they are Big?
  • Insecure because they are Big?
  • Vista Operating System

26
On the Horizon
  • Early Detection and Preventative Tools
  • Virus Throttle
  • Active CounterMeasures
  • Principle of Least Authority (PoLA)
  • WAVE
  • Anomaly Detection
  • Viral Patching

27
On the Horizon
  • Viral Targets
  • Mobile Phones, PDAs
  • Embedded Operating Systems
  • Automobiles
  • Sewing Machines
  • Bank Machines
  • Kitchen Appliances

28
On the Horizon
  • Octopus worms
  • Multiple components working together
  • Warhol Worms
  • MSBlaster was proof of capability

29
Learn Learn Learn
  • Authors
  • Sarah Gordon
  • Peter Szor
  • Roger Grimes
  • Kris Kaspersky
  • Search your library or online

30
Questions?
31
Resources
  • http//www.pcworld.com/news/article/0,aid,116163,0
    0.asp
  • http//www.detnews.com/2003/technology/0309/03/tec
    hnology-258376.htm
  • http//www.sans.org/rr/whitepapers/engineering/123
    2.php
  • http//www.research.ibm.com/antivirus/SciPapers/Go
    rdon/Avenger.html
View by Category
About This Presentation
Title:

John Scrimsher, CISSP, CCNA

Description:

First internet worm ever created, set loose by accident across the internet. ... and can act as a repeater for external attacks. For instance, ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 29
Provided by: JohnS527
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: John Scrimsher, CISSP, CCNA


1
Host Based Security
  • John Scrimsher, CISSP, CCNA
  • jps_at_hp.com

2
Why Host Based Security?
  • Perimeter Security vs. Host Based

66
34
3
Why Host Based Security?
  • Malware
  • Internal Threats
  • Employee Theft
  • Unpatched systems

4
What is Malware?
  • Anything that you would not want deliberately
    installed on your computer.
  • Viruses
  • Worms
  • Trojans
  • Spyware
  • More

5
Where are the threats?
  • Un-patched Computers
  • Email
  • Network File Shares
  • Internet Downloads
  • Social Engineering
  • Blended Threats
  • Hoaxes / Chain Letters

6
Privacy - Phishing
  • Email messages sent to large distribution lists.
  • Disguised as legitimate businesses
  • Steal personal information

7
Privacy - Identity Theft
  • Since viruses can be used to steal personal data,
    that data can be used to steal your identity
  • Phishing
  • Keystroke loggers
  • Trojans
  • Spyware

8
Social Engineering
  • 70 percent of those asked said they would
    reveal their computer passwords for a

Bar of chocolate
Schrage, Michael. 2005. Retrieved from
http//www.technologyreview.com/articles/05/03/iss
ue/review_password.asp?p1
9
Legal Issues
  • Many countries are still developing laws
  • Privacy Laws
  • Investigations
  • Content Security
  • Instant Messaging
  • Internet Email

10
Kaspersky Quote
  • "It's hard to imagine a more ridiculous
    situation a handful of virus writers are playing
    unpunished with the Internet, and not one member
    of the Internet community can take decisive
    action to stop this lawlessness.
  • The problem is that the current architecture of
    the Internet is completely inconsistent with
    information security. The Internet community
    needs to accept mandatory user identification -
    something similar to driving licenses or
    passports.
  • We must have effective methods for identifying
    and prosecuting cyber criminals or we may end up
    losing the Internet as a viable resource."
  • Eugene KasperskyHead of Antivirus Research

11
Notable Legal History
  • Robert Morris Jr. - WANK worm. First internet
    worm ever created, set loose by accident across
    the internet.
  • Randal Schwartz - hacked into Intel claiming he
    was trying to point out weaknesses in their
    security.
  • David Smith - Melissa. First known use of
    mass-mailing technique used in a malicious
    manner. Some jail time.
  • OnTheFly, The Netherlands - Anna virus using
    worm generator tool. The writer was a youth who
    was remorseful but little was done to punish
    him.
  • Philippines - Loveletter. No jail time because
    there were no laws.
  • Jeffrey Lee Parsons 2005 18 months in prison
    for variant of Blaster worm.

12
Regulatory Issues
  • Sarbanes Oxley Act (2002)
  • Graham-Leach-Bliley Act (1999)
  • Health Information Portability and Accountability
    Act (1996)
  • Electronic Communications Privacy Act (1986)

13
What is Managements role?
  • Management ties everything together
  • Responsibility
  • Ownership
  • Security is a Mindset, not a service. It must be
    a part of all decisions and implementations.

14
Business Management
  • Business Acquisition Questions
  • Are the acquired assets as secure as your
    company?
  • What are the network integration plans during an
    outbreak?
  • Is Security software sufficient
  • Updated
  • Patched
  • Emergency segregation of networks

15
Vulnerability Lifecycle
0-day is a fallacy
16
Instant Messaging
  • Confidential Information Leakage
  • Business needs
  • Privacy of employees

17
Now, what do we do about it?
  • C.I.A. Security Model
  • Confidentiality
  • Integrity
  • Availability
  • Current Solutions
  • Antivirus / AntiSpyware
  • Personal Firewall / IDS / IPS
  • User Education

18
How do these products help?
  • Host Firewall / IPS blocks many unknown and known
    threats

19
How do these products help?
  • Antivirus Captures Threats that use common access
    methods
  • Web Downloads
  • Email
  • Application Attacks (Buffer Overflow)

VBSim demo
20
Educated Users Help
  • The biggest threat to the security of a company
    is not a computer virus, an unpatched hole in a
    key program or a badly installed firewall. In
    fact, the biggest threat could be you. What I
    found personally to be true was that it's easier
    to manipulate people rather than technology. Most
    of the time organizations overlook that human
    element.

Mitnick, Kevin, How to Hack People. BBC
NewsOnline, October 14, 2002.
21
How do these products help?
  • User Education
  • Dont open suspicious email
  • Dont download software from untrusted sites.
  • Patch

22
Things to look for
  • Abnormal computer activity
  • Disk access
  • CPU utilization
  • Network activity
  • Bank Histories
  • Unfamiliar transactions
  • Small but numerous transactions
  • Audit trails

23
Open Source
  • Shared information
  • Business Models
  • Is it more secure?
  • Development model
  • Security reviewers tend to be the same people
    doing the proprietary reviews
  • Value in education
  • Lots of good security tools

24
Open Source - Browsers
  • Firefox vs. Internet Explorer
  • Vulnerabilities reported in 2005
  • Internet Explorer
  • SecurityFocus 43
  • Secunia Research 9
  • Symantec - 13
  • Firefox
  • SecurityFocus 43
  • Secunia Research 17
  • Symantec - 21

What about shared vulnerabilities? Plugins, WMF
images
25
On the Horizon - Microsoft
  • Targeted because they are Big?
  • Insecure because they are Big?
  • Vista Operating System

26
On the Horizon
  • Early Detection and Preventative Tools
  • Virus Throttle
  • Active CounterMeasures
  • Principle of Least Authority (PoLA)
  • WAVE
  • Anomaly Detection
  • Viral Patching

27
On the Horizon
  • Viral Targets
  • Mobile Phones, PDAs
  • Embedded Operating Systems
  • Automobiles
  • Sewing Machines
  • Bank Machines
  • Kitchen Appliances

28
On the Horizon
  • Octopus worms
  • Multiple components working together
  • Warhol Worms
  • MSBlaster was proof of capability

29
Learn Learn Learn
  • Authors
  • Sarah Gordon
  • Peter Szor
  • Roger Grimes
  • Kris Kaspersky
  • Search your library or online

30
Questions?
31
Resources
  • http//www.pcworld.com/news/article/0,aid,116163,0
    0.asp
  • http//www.detnews.com/2003/technology/0309/03/tec
    hnology-258376.htm
  • http//www.sans.org/rr/whitepapers/engineering/123
    2.php
  • http//www.research.ibm.com/antivirus/SciPapers/Go
    rdon/Avenger.html
About PowerShow.com