Host Based Security.ppt
Download
Report
Transcript Host Based Security.ppt
Host Based Security
John Scrimsher, CISSP
[email protected]
Pre-Quiz
Name
Do you own a computer? What
Brand?
Email address
City of Birth
Have you ever had a computer virus?
Why Host Based Security?
Perimeter Security vs. Host Based
66%
$
34%
$$$
Why Host Based Security?
Protect the Data
Malware
Internal Threats
Employee Theft
Unpatched systems
What is Malware?
Anything that you would not want
deliberately installed on your
computer.
Viruses
Worms
Trojans
Spyware
More……
Where are the threats?
Un-patched Computers
Email
Network File Shares
Internet Downloads
Social Engineering
Blended Threats
Hoaxes / Chain Letters
The Common Factor
Phishing
Email messages sent to large
distribution lists.
Disguised as legitimate businesses
Steal personal information
Phishing
Link goes to dllbat.com
Identity Theft
Since viruses can be used to steal
personal data, that data can be used
to steal your identity
Phishing
Keystroke loggers
Trojans
Spyware
Legal Issues
Many countries are still developing
laws
Privacy Laws can prevent some
investigation
Kaspersky Quote
"It's hard to imagine a more ridiculous situation: a
handful of virus writers are playing unpunished
with the Internet, and not one member of the
Internet community can take decisive action to
stop this lawlessness.
The problem is that the current architecture of the
Internet is completely inconsistent with information
security. The Internet community needs to accept
mandatory user identification - something similar
to driving licenses or passports.
We must have effective methods for identifying and
prosecuting cyber criminals or we may end up
losing the Internet as a viable resource."
Eugene Kaspersky
Head of Antivirus Research
Notable Legal History
Robert Morris Jr.
- “WANK” worm. First
internet worm ever created, set loose by accident
across the internet.
Randal Schwartz - hacked into Intel claiming he was
trying to point out weaknesses in their security.
David Smith - Melissa. First known use of massmailing technique used in a malicious manner.
Some jail time.
“OnTheFly”, The Netherlands - “Anna” virus using
worm generator tool. The writer was a youth who
was “remorseful” but little was done to punish him.
Philippines - “Loveletter”. No jail time because
there were no laws.
Jeffrey Lee Parsons – 2005 – 18 months in prison
for variant of Blaster worm.
Regulatory Issues
Sarbanes Oxley Act (2002)
Graham-Leach-Bliley Act (1999)
Health Information Portability and
Accountability Act (1996)
Electronic Communications Privacy
Act (1986)
What is Management’s role?
Management ties everything together
Responsibility
Ownership
Organization
Management
Infrastructure
Technology
Security is a Mindset, not a service. It must be a part of
all decisions and implementations.
Now, what do we do about it?
C.I.A. Security Model
Confidentiality
Integrity
Availability
Current Solutions
Antivirus / AntiSpyware
Personal Firewall / IDS / IPS
User Education
How do you find new threats?
Honeypots
Sensors (anomaly
detection)
User suspicion
Things to look for…
User Suspicion
Unusually high number of network
connections (netstat –a)
CPU Utilization
Unexpected modifications to registry
RUN section.
Higher than normal disk activity
Spoofed E-Mail
How do these products Help?
Honeypots
Capture sample of suspicious code /
activity
Forensic Analysis
Behavior tracking
Related Technologies
Honey Net
Dark Net
How do these products help?
Sensors
Host Firewall / IPS blocks many
unknown and known threats
Alarm system
How do these products help?
Sensors
Antivirus Captures
Threats that use
common access
methods
Web Downloads
Email
Application Attacks
(Buffer Overflow)
VBSim demo
Detection and Prevention
Technologies
Antivirus
Signature based
Heuristics based
Host Firewall
hIDS / hIPS
Signature based
Anomaly based
Whitelist
Blacklist
Social Engineering
… 70 percent of those asked said they
would reveal their computer
passwords for a …
Bar of chocolate
Schrage, Michael. 2005. Retrieved from
http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1
Educated Users Help
The biggest threat to the security of a company is not a
computer virus, an unpatched hole in a key program or a
badly installed firewall. In fact, the biggest threat could be
you. What I found personally to be true was that it's easier
to manipulate people rather than technology. Most of the
time organizations overlook that human element.
Mitnick, Kevin, “How to Hack People.” BBC NewsOnline,
October 14, 2002.
How do these products help?
User Education
Don’t open suspicious
email
Don’t download software
from untrusted sites.
Patch
On the Horizon - Microsoft
House on the hill
Targeted
because they are
Big?
Insecure
because they are
Big?
On the Horizon
Early Detection and Preventative
Tools
Virus Throttle
Active CounterMeasures
Principle of Least Authority (PoLA)
WAVE
Anomaly Detection
Viral Patching
On the Horizon
Viral Targets
Mobile Phones, PDAs
Embedded Operating Systems
Automobiles
Sewing
Machines
Bank Machines
Kitchen Appliances
On the Horizon
Octopus worms
Multiple components working together
Warhol Worms
MSBlaster was proof of capability
Learn Learn Learn
Authors:
Sarah Gordon
Peter Szor
Roger Grimes
Kris Kaspersky
Search your library or online
Questions?
Resources
http://www.pcworld.com/news/article/0,aid,116163,00.asp
http://www.detnews.com/2003/technology/0309/03/technol
ogy-258376.htm
http://www.sans.org/rr/whitepapers/engineering/1232.php
http://www.research.ibm.com/antivirus/SciPapers/Gordon/Av
enger.html