Protecting Networks Hackers, worms, and other things that can ruin your day…
Jan 15, 2016
Protecting Networks
Hackers, worms, and other things that can ruin your day…
Discussion Points
Introduction Security, privacy, and governance Security lingo – don’t be scared Security threats Security solutions A couple war stories Open for discussion
Security, Privacy, & Governance
Evolution of security Privacy and Data Protection
USA Europe and elsewhere
Governance issues Operational risk concept (Basel II) Network and IT governance
Growing complexity
Security and Privacy Evolution
System Controls
Security Privacy
Protect Resources Protect Data Protect Information
Time, Awareness, & Law
sysadmin / IT CIO Everyone
Source: http://www.privacyinternational.org/survey/dpmap.jpg
Laws & Regulations
Security Threats
Hackers and criminals System and network vulnerabilities Viruses and worms Social engineering Passwords Open transmissions (non-encrypted) Trends
Threats Can be From Internal Sources
Source: CSI / FBI Security Study 2003
InternalMost expensive attacks come from inside (Up to 10x more costly)
Accidental:Misconfiguration or mistakes (opening that weird email attachment from Bob…)
Increasing Threats from External Sources
Source: CSI / FBI Security Study 2003
External78% of attacks come fromInternet connection
(up from 57% in 1999)
Threat from Hackers
2,524 new vulnerabilities discovered in 2002Many recently discovered vulnerabilities remain highly viable
targets for future threats“Blended threats” present the greatest risk Companies experience 30+ attacks per week2000% increase (1999 - 2002) in financial losses from hacker-
caused denial of service $65.6M in reported costs (2002)
Threat from TheftTheft of proprietary information causes greatest financial
loss: $2.7M per incident (2003)90% of respondents detected computer security breaches
within last 12 monthsSource: CSI / FBI Security Study 2003
“The average amount of money, as a % of revenue, that companies spend on IT security is .0025 % or slightly less than they spend on coffee.”Richard ClarkeFormer Special Advisor to the President for Cyberspace Security
Connected to www.test.com
www.test.com
.--. l$$$$l ------ [ design by j0hnny7 / zho-d0h ]----
l$$$$l .-. .-. .-. l$$$$l .,g%T$$b%g,. .,g%T$$$T%y,. .,g%T$T%y,.l$$$l .-. l$$$l
.glS$$$$Slyl$$$$' '$$$$lg$$$T' '$$$$ll$$$$' '$$$$l$$$l.,gdT$'l$$$l,gl$$$lp,.l$$$$$$$$$$l$$$$ $$$$l$$$$$ '---'l$$$$ $$$$l$$$$T"~'' l$$$llll$$$lllll'"lT$$$$Tl"l$$$$ $$$$l$$$$$ l$$$$ $$$$l$$$$Tbg. l$$$l'"l$$$l"' l$$$$l l$$$$. ,$$$$l$$$$$ l$$$$ $$$$l$$$l~"$Tp._l$$$l l$$$l l$$$$l ~"$TbggdT$"~ '---' '---' `---"---' '---"---' l$$$l l$$$$l .,. ::' there is no stopping, what can't be stopped... ''---'
`$$$$Tbg.gdT$ `--------'
-----[ version 6.66 .. 2308200 .. [email protected] ]----
-| Ok a bit about the kit... Version based on lrk style trojans-| made up from latest linux sources .. special thanks to
-| k1ttykat/j0hnny7 for this..
-| First rootkit of its kind that is all precompiled and yet allows-| you to define a password.. password is stored in a external encrypted
-| file. The trojans using this are login/ssh/finger ..
-| This kit was designed with the main idea of being portable and quick-| to be mainly used for mass hacking linux's, hence the precompiled bins.
-| Usage : ./t0rn <password> <ssh-port>
Security Threats on IT Networks
GlobalGlobalInfrastructureInfrastructure
ImpactImpact
RegionalRegionalNetworksNetworks
MultipleMultipleNetworksNetworks
IndividualIndividualNetworksNetworks
IndividualIndividualComputerComputer
GlobalGlobalInfrastructureInfrastructure
ImpactImpact
RegionalRegionalNetworksNetworks
MultipleMultipleNetworksNetworks
IndividualIndividualNetworksNetworks
IndividualIndividualComputerComputer
Target and Target and Scope of Scope of DamageDamage
Target and Target and Scope of Scope of DamageDamage
1st Gen• Boot viruses
1st Gen• Boot viruses
2nd Gen• Macro viruses• Email • DoS• Limited
hacking
2nd Gen• Macro viruses• Email • DoS• Limited
hacking
3rd Gen• Network
Denial of Service (DoS)
• Blended threat (worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
3rd Gen• Network
Denial of Service (DoS)
• Blended threat (worm + virus+ trojan)
• Turbo worms • Widespread
system hacking
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven • Distributed
Denial of Service (DDoS)
• Damaging payload viruses and worms
Next Gen• Infrastructure
hacking • Flash threats• Massive
worm driven • Distributed
Denial of Service (DDoS)
• Damaging payload viruses and worms
1980s1980s 1990s1990s TodayToday FutureFuture
““Time to Propagate”Time to Propagate”
Security Threats on IT Networks
WeeksWeeks
DaysDays
MinutesMinutes
SecondsSeconds
Code Red Propagation
July 19, Midnight - 159 Hosts Infected
Code Red Propagation
July 19, 11:40 am - 4,920 Hosts Infected
Code Red Propagation
July 20, Midnight - 341,015 Hosts Infected
Security, Privacy, & Governance
Evolution of security Privacy and Data Protection
USA Europe and elsewhere
Governance issues Operational risk concept (Basel II) Network and IT governance
Growing complexity
Security Solutions Technologies
Firewalls Intrusion detection/prevention Virus protection Encryption
Policies The importance of policy Types of policies User buy-in and awareness
Services and processes Vulnerability assessment, audit, and testing Design and implementation
Encryption Personal System
Deploy Security as an Integrated System
Secure TransportSecure TransportCard ReadersCard ReadersSecurity Room CCTVSecurity Room CCTV
Secured Doors and VaultsSecured Doors and VaultsSurveillance and AlarmsSurveillance and Alarms Patrolling Security GuardPatrolling Security Guard
Firewalls and Router ACLsFirewalls and Router ACLsNetwork and Host-based
Intrusion DetectionNetwork and Host-based
Intrusion Detection ScannerScanner
Centralized Security and Policy Management
Centralized Security and Policy Management
Identity, Access Control Servers and Certificate
Authorities
Identity, Access Control Servers and Certificate
Authorities
Encryption and Virtual Private Networks (VPN’s)
Encryption and Virtual Private Networks (VPN’s)
A Couple War Stories
Money, nukes, and critical infrastructures… Buying protected information on the cheap… SQL Slammer reaches out of the box… Wireless everywhere (and not secure)…
Good places to visit…www.gslis.utexas.edu/~netsec (Infosec class
web page)www.pcwebopedia.com (look up security
technologies and terms) www.amazon.com (enter “network security”) http://dir.yahoo.com/Computers_and_Internet/
Security_and_Encryption/ (Yahoo Security Resource Page) http://www.cert.org/tech_tips/home_networks.html (home
network security tips)
Organizations that help…
The CERT www.cert.orgSANS www.sans.orgNIST’s Computer Security Resource Center
http://csrc.nist.gov/The National Infrastructure Protection Center
http://www.nipc.gov/www.securityfocus.com
Let’s start a discussion…