Host Based Security.ppt

Download Report

Transcript Host Based Security.ppt 

Host Based Security
John Scrimsher, CISSP
[email protected]
Pre-Quiz
Name
 Do you own a computer? What
Brand?
 Email address
 City of Birth
 Have you ever had a computer virus?

Why Host Based Security?

Perimeter Security vs. Host Based
66%
$
34%
$$$
Why Host Based Security?
Protect the Data
 Malware
 Internal Threats

Employee Theft
 Unpatched systems

What is Malware?
Anything that you would not want
deliberately installed on your
computer.
 Viruses
 Worms
 Trojans
 Spyware
 More……
Where are the threats?







Un-patched Computers
Email
Network File Shares
Internet Downloads
Social Engineering
Blended Threats
Hoaxes / Chain Letters
The Common Factor
Phishing
Email messages sent to large
distribution lists.
 Disguised as legitimate businesses
 Steal personal information

Phishing
Link goes to dllbat.com
Identity Theft
Since viruses can be used to steal
personal data, that data can be used
to steal your identity
 Phishing
 Keystroke loggers
 Trojans
 Spyware

Legal Issues
Many countries are still developing
laws
 Privacy Laws can prevent some
investigation

Kaspersky Quote
"It's hard to imagine a more ridiculous situation: a
handful of virus writers are playing unpunished
with the Internet, and not one member of the
Internet community can take decisive action to
stop this lawlessness.
The problem is that the current architecture of the
Internet is completely inconsistent with information
security. The Internet community needs to accept
mandatory user identification - something similar
to driving licenses or passports.
We must have effective methods for identifying and
prosecuting cyber criminals or we may end up
losing the Internet as a viable resource."
Eugene Kaspersky
Head of Antivirus Research
Notable Legal History






Robert Morris Jr.
- “WANK” worm. First
internet worm ever created, set loose by accident
across the internet.
Randal Schwartz - hacked into Intel claiming he was
trying to point out weaknesses in their security.
David Smith - Melissa. First known use of massmailing technique used in a malicious manner.
Some jail time.
“OnTheFly”, The Netherlands - “Anna” virus using
worm generator tool. The writer was a youth who
was “remorseful” but little was done to punish him.
Philippines - “Loveletter”. No jail time because
there were no laws.
Jeffrey Lee Parsons – 2005 – 18 months in prison
for variant of Blaster worm.
Regulatory Issues
Sarbanes Oxley Act (2002)
 Graham-Leach-Bliley Act (1999)
 Health Information Portability and
Accountability Act (1996)
 Electronic Communications Privacy
Act (1986)

What is Management’s role?
Management ties everything together
 Responsibility
 Ownership

Organization
Management
Infrastructure
Technology
Security is a Mindset, not a service. It must be a part of
all decisions and implementations.
Now, what do we do about it?

C.I.A. Security Model
Confidentiality
 Integrity
 Availability


Current Solutions
Antivirus / AntiSpyware
 Personal Firewall / IDS / IPS
 User Education

How do you find new threats?
Honeypots
 Sensors (anomaly
detection)
 User suspicion

Things to look for…
User Suspicion
Unusually high number of network
connections (netstat –a)
 CPU Utilization
 Unexpected modifications to registry
RUN section.
 Higher than normal disk activity
 Spoofed E-Mail

How do these products Help?
Honeypots
Capture sample of suspicious code /
activity
 Forensic Analysis
 Behavior tracking
 Related Technologies

Honey Net
 Dark Net

How do these products help?
Sensors
Host Firewall / IPS blocks many
unknown and known threats
 Alarm system

How do these products help?
Sensors

Antivirus Captures
Threats that use
common access
methods



Web Downloads
Email
Application Attacks
(Buffer Overflow)
VBSim demo
Detection and Prevention
Technologies

Antivirus
Signature based
 Heuristics based

Host Firewall
 hIDS / hIPS

Signature based
 Anomaly based

Whitelist
 Blacklist

Social Engineering
… 70 percent of those asked said they
would reveal their computer
passwords for a …
Bar of chocolate
Schrage, Michael. 2005. Retrieved from
http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1
Educated Users Help
The biggest threat to the security of a company is not a
computer virus, an unpatched hole in a key program or a
badly installed firewall. In fact, the biggest threat could be
you. What I found personally to be true was that it's easier
to manipulate people rather than technology. Most of the
time organizations overlook that human element.
Mitnick, Kevin, “How to Hack People.” BBC NewsOnline,
October 14, 2002.
How do these products help?

User Education
Don’t open suspicious
email
 Don’t download software
from untrusted sites.
 Patch

On the Horizon - Microsoft
House on the hill
 Targeted
because they are
Big?
 Insecure
because they are
Big?

On the Horizon

Early Detection and Preventative
Tools
Virus Throttle
 Active CounterMeasures
 Principle of Least Authority (PoLA)
 WAVE
 Anomaly Detection
 Viral Patching

On the Horizon

Viral Targets
Mobile Phones, PDAs
 Embedded Operating Systems

 Automobiles
 Sewing
Machines
 Bank Machines
 Kitchen Appliances
On the Horizon

Octopus worms


Multiple components working together
Warhol Worms

MSBlaster was proof of capability
Learn Learn Learn
Authors:
 Sarah Gordon
 Peter Szor
 Roger Grimes
 Kris Kaspersky
 Search your library or online
Questions?
Resources




http://www.pcworld.com/news/article/0,aid,116163,00.asp
http://www.detnews.com/2003/technology/0309/03/technol
ogy-258376.htm
http://www.sans.org/rr/whitepapers/engineering/1232.php
http://www.research.ibm.com/antivirus/SciPapers/Gordon/Av
enger.html