host based security
DESCRIPTION
Host Based Security. John Scrimsher, CISSP [email protected]. Pre-Quiz. Name Do you own a computer? What Brand? Email address City of Birth Have you ever had a computer virus?. Why Host Based Security?. Perimeter Security vs. Host Based. 66% $. 34% $$$. Why Host Based Security?. - PowerPoint PPT PresentationTRANSCRIPT
Host Based SecurityJohn Scrimsher, CISSP
Pre-Quiz
Name Do you own a computer? What
Brand? Email address City of Birth Have you ever had a computer
virus?
Why Host Based Security? Perimeter Security vs. Host
Based66%
$34%
$$$
Why Host Based Security? Protect the Data Malware Internal Threats
Employee Theft Unpatched systems
What is Malware?
Anything that you would not want deliberately installed on your computer.
Viruses Worms Trojans Spyware More……
Where are the threats? Un-patched Computers Email Network File Shares Internet Downloads Social Engineering Blended Threats Hoaxes / Chain Letters
The Common Factor
Phishing
Email messages sent to large distribution lists.
Disguised as legitimate businesses
Steal personal information
Phishing
Link goes to dllbat.com
Identity Theft
Since viruses can be used to steal personal data, that data can be used to steal your identity
Phishing Keystroke loggers Trojans Spyware
Legal Issues
Many countries are still developing laws
Privacy Laws can prevent some investigation
Kaspersky Quote"It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness.The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports.We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource."
Eugene KasperskyHead of Antivirus Research
Notable Legal History Robert Morris Jr. - “WANK” worm. First
internet worm ever created, set loose by accident across the internet.
Randal Schwartz - hacked into Intel claiming he was trying to point out weaknesses in their security.
David Smith - Melissa. First known use of mass-mailing technique used in a malicious manner. Some jail time.
“OnTheFly”, The Netherlands - “Anna” virus using worm generator tool. The writer was a youth who was “remorseful” but little was done to punish him.
Philippines - “Loveletter”. No jail time because there were no laws.
Jeffrey Lee Parsons – 2005 – 18 months in prison for variant of Blaster worm.
Regulatory Issues
Sarbanes Oxley Act (2002) Graham-Leach-Bliley Act (1999) Health Information Portability
and Accountability Act (1996) Electronic Communications
Privacy Act (1986)
What is Management’s role? Management ties everything
together Responsibility Ownership
TechnologyInfrastructure
Organization
Management
Security is a Mindset, not a service. It must be a part of all decisions and implementations.
Now, what do we do about it? C.I.A. Security Model
Confidentiality Integrity Availability
Current Solutions Antivirus / AntiSpyware Personal Firewall / IDS / IPS User Education
How do you find new threats?
Honeypots Sensors (anomaly
detection) User suspicion
Things to look for…User Suspicion Unusually high number of
network connections (netstat –a) CPU Utilization Unexpected modifications to
registry RUN section. Higher than normal disk activity Spoofed E-Mail
How do these products Help?Honeypots Capture sample of suspicious
code / activity Forensic Analysis Behavior tracking Related Technologies
Honey Net Dark Net
How do these products help?Sensors Host Firewall / IPS blocks many
unknown and known threats Alarm system
How do these products help?Sensors Antivirus
Captures Threats that use common access methods Web Downloads Email Application Attacks
(Buffer Overflow)
VBSim demo
Detection and Prevention Technologies Antivirus
Signature based Heuristics based
Host Firewall hIDS / hIPS
Signature based Anomaly based
Whitelist Blacklist
Social Engineering
… 70 percent of those asked said they would reveal their computer passwords for a …
Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1
Bar of chocolate
Educated Users HelpThe biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element.
Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002.
How do these products help?
User Education
Don’t open suspicious email
Don’t download software from untrusted sites.
Patch
On the Horizon - Microsoft House on the
hill Targeted
because they are Big?
Insecure because they are Big?
On the Horizon
Early Detection and Preventative Tools Virus Throttle Active CounterMeasures Principle of Least Authority (PoLA) WAVE Anomaly Detection Viral Patching
On the Horizon
Viral Targets Mobile Phones, PDAs Embedded Operating Systems
Automobiles Sewing Machines Bank Machines Kitchen Appliances
On the Horizon
Octopus worms Multiple components working
together Warhol Worms
MSBlaster was proof of capability
Learn Learn Learn
Authors: Sarah Gordon Peter Szor Roger Grimes Kris Kaspersky Search your library or online
Questions?
Resources http://www.pcworld.com/news/article/0,aid,116163,0
0.asp http://www.detnews.com/2003/technology/0309/03/
technology-258376.htm http://www.sans.org/rr/whitepapers/engineering/1232
.php http://www.research.ibm.com/antivirus/SciPapers/
Gordon/Avenger.html