john scrimsher, cissp, ccna jps@hp.com host based security

JOHN SCRIMSHER, CISSP, CCNAJPS@HP.COM

Host Based Security

Why Host Based Security?

Perimeter Security vs. Host Based

66%

$34%

$$$

Why Host Based Security?

MalwareInternal Threats

Employee Theft Unpatched systems

What is Malware?

Anything that you would not want deliberately installed on your computer.

VirusesWormsTrojansSpywareMore……

Where are the threats?

Un-patched ComputersEmailNetwork File SharesInternet DownloadsSocial EngineeringBlended ThreatsHoaxes / Chain Letters The Common Factor

Privacy - Phishing

Email messages sent to large distribution lists.

Disguised as legitimate businessesSteal personal information

Privacy - Identity Theft

Since viruses can be used to steal personal data, that data can be used to steal your identity

PhishingKeystroke loggersTrojansSpyware

Social Engineering

… 70 percent of those asked said they would reveal their computer passwords for a …

Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1

Bar of chocolate

Legal Issues

Many countries are still developing laws

Privacy Laws Investigations Content Security

Instant Messaging Internet Email

Kaspersky Quote

"It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness.The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports.We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource."

Eugene KasperskyHead of Antivirus Research

Regulatory Issues

Sarbanes Oxley Act (2002)Graham-Leach-Bliley Act (1999)Health Information Portability and

Accountability Act (1996)Electronic Communications Privacy Act

(1986)

What is Management’s role?

Management ties everything togetherResponsibilityOwnership

TechnologyInfrastructure

Organization

Management

Security is a Mindset, not a service. It must be a part of all decisions and implementations.

Business Management

Business Acquisition Questions Are the acquired assets as secure as your company? What are the network integration plans during an

outbreak? Is Security software sufficient

Updated Patched

Emergency segregation of networks

Vulnerability Lifecycle

0-day is a fallacy

Instant Messaging

Confidential Information LeakageBusiness needsPrivacy of employees

Now, what do we do about it?

C.I.A. Security Model Confidentiality Integrity Availability

Current Solutions Antivirus / AntiSpyware Personal Firewall / IDS / IPS User Education

How do these products help?

Host Firewall / IPS blocks many unknown and known threats

How do these products help?

Antivirus Captures Threats that use common access methods Web Downloads Email Application Attacks

(Buffer Overflow)

VBSim demo

Educated Users Help

The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element.

Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002.

How do these products help?

User Education

Don’t open suspicious email

Don’t download software from untrusted sites.

Patch

Things to look for…

Abnormal computer activity Disk access CPU utilization Network activity

Bank Histories Unfamiliar transactions Small but numerous transactions

Audit trails

Open Source

Shared informationBusiness ModelsIs it more secure?

Development model Security reviewers tend to be the same people

doing the proprietary reviews

Value in educationLots of good security tools

Open Source - Browsers

Firefox vs. Internet ExplorerVulnerabilities reported in 2005

Internet Explorer

•SecurityFocus – 43

•Secunia Research – 9

•Symantec - 13

Firefox

•SecurityFocus – 43

•Secunia Research– 17

•Symantec - 21

What about shared vulnerabilities?

Plugins, WMF images

On the Horizon - Microsoft

Targeted because they are Big?

Insecure because they are Big?

Vista Operating System

On the Horizon

Early Detection and Preventative Tools Virus Throttle Active CounterMeasures Principle of Least Authority (PoLA) WAVE Anomaly Detection Viral Patching

On the Horizon

Viral Targets Mobile Phones, PDAs Embedded Operating Systems

Automobiles Sewing Machines Bank Machines Kitchen Appliances

Learn Learn Learn

Authors:Sarah GordonPeter SzorRoger GrimesKris KasperskySearch your library or online

Questions?