View
212
Download
0
Category
Preview:
Citation preview
Internet Drivers LicenseCSS411/BIS421 Computing Technology & Public PolicyMark KochanskiSpring 2010
IssuesProtection of InfrastructureProtection of Resources
◦Governments◦Industry◦Individuals
Protection of Intellectual PropertyIdentity TheftEnabling Criminal Investigation
MalwareMalicious Software
◦Viruses◦Worms◦Trojans◦Root Kits◦Spyware
Malware
US-CERT Incident CategoriesCAT 1: Unauthorized AccessCAT 2: Denial of Service (DoS)CAT 3: Malicious CodeCAT 4: Improper Usage (based on
Policy)CAT 5: Scans, Probes, or
Attempted AccessCAT 6: Under Investigation
US-CERT Reported Cyberspace Security Incidents by Category
Quarterly Trends FY09 Q1 (June 2009)
Quarterly Trends FY06 Q3 (June 2006)
US-CERT Reported Cyberspace Security Incidents
Quarterly Trends FY09 Q1 (June 2009)
Quarterly Trends FY07 Q4 (December 2007)
DDoS Attacks
DDoS Attacks (Last Two Years)http://www.shadowserver.org/wiki/pmwiki.php/Stats/DDoSCharts
Infection RatesCode Red
◦150,000 computers in 14 hoursNIMDA
◦Nationwide in 1 hour
Example: Spread of the Witty Worm
Figure 2: The exponential spread of the Witty worm. The number of active machines in five minutes (green line) stabilized after 45 minutes, indicating that almost all of the vulnerable machines had been compromised. After that point, dynamic addressing (e.g. DHCP) caused the cumulative IP address total (the red line) to continue to rise. We estimate the total number of hosts infected by the Witty worm to be 12,000 hosts at most.
Shannon, Colleen and David Moore. “The Spread of the Witty Worm”, CAIDA, 2008.
http://www.caida.org/research/security/witty/
Uses of BotnetsDistributed Denial of Service
AttacksSpammingSniffing TrafficKeyloggingSpreading New MalwareLeveraging AdvertisingManipulating Polls and GamesMass Identity Theft
Spam by Botnet Type
Example: Rustock
Botnet StatisticsSeptember 2006: Botnets capable of
generating10-20Gbps of junk dataDavos 2007: Up to 25% (150 million
hosts) may be participants in a botnetLast two year trends [ShadowServer]
Hosts on the Internet
Quality of Software
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
*0
2,000
4,000
6,000
8,000
Total Vulnerabilities Catalogued (US CERT)
US CERT [http://www.cert.org/stats/] Through Q3 2008
Zero AV Detection
IPV4 Network Routing
http://www.eventhelix.com/realtimemantra/networking/ip_routing.htm
IPV4 Packet Fields
IPV4 Infrastructure
RIPE NCC (January 2010)http://www.ripe.net/is/hostcount/stats/all/2010-01
National PolicyNational Strategy to Secure Cyberspace,
2003◦Public-private engagement through DHS◦Federal Priorities
I. A National Cyberspace Security Response SystemII. A National Cyberspace Security Threat and
Vulnerability Reduction ProgramIII. A National Cyberspace Security Awareness and
Training ProgramIV. Securing Governments’ CyberspaceV. National Security and International
Federal Information Security Management Act, 2002 (FISMA)
National Strategy to Secure Cyberspace, 2003. p. 9
Guiding PrinciplesA national effect
Use government to facilitate / communicate
Protect privacy and civil libertiesRegulations and market forces
Leverage market forcesAccountability and responsibilityEnsure flexibilityMultiyear planning
Government InvolvementII. A National Cyberspace Security Threat
and Vulnerability Reduction ProgramInclude efforts to◦ Identify and remediate existing
vulnerabilities◦Develop systems with fewer vulnerabilitiesWith goals and objectives including◦Securing mechanisms of the internet◦ Improving the security and resilience of key
internet protocols◦Promoting improved internet routing◦ Improve management (of the internet)
DHS NIPP-Cyber Security(National Infrastructure Protection Plan)Industry-specific partnership: IT Sector
◦IT SCCSector Coordinating Council
◦IT GCCGovernment Coordinating Council
◦IT ISACInformation Sharing and Analysis Center
◦US-CERTU.S. Computer Emergency Readiness Team
Security Industry
53.60%
18.80%
13.80%
13.80%
2005 Anti-Virus Industry
SymantecMcAfeeTrend MicroOther
2005: $4 billion with 13.6% Growth (Gartner)
Recommended