View
219
Download
3
Tags:
Embed Size (px)
Citation preview
1
Security Update
Vaughn BookSVP – Chief Technology Officer
Arrowhead Credit UnionNovember 9, 2004
2
Why security is important Good security practices are
essential to protecting your company’s most important resources Data Reputation
Security risks are increasing due to the demands of the always on, always connected economy
3
Security Trends
On-line Identity Theft Consumers are increasingly becoming
the victims of identity theft as a result of their online activities
e-Commerce web site compromises Spam Phishing Malware
4
Security Trends
Increasing regulatory involvement Health Insurance Portability and
Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Sarbanes Oxley Act (SOX) California Security Breach Information
Act (S.B. 1386)
5
Security Trends
Application vulnerabilities increasing Software packages are becoming
larger and more complex New vulnerabilities are discovered on a
daily basis Software vendors are unable to
address vulnerabilities before exploits are available, leading to 0 day attacks
6
Security Trends
Wireless access is becoming pervasive Wireless networks are easy to deploy,
but hard to secure High profile wireless security problems
Best Buy Lowe’s
Easy access for hackers and spammers Rogue access points
7
Security Trends Hacking is becoming easier
Identifying and exploiting security vulnerabilities no longer requires in-depth technical skills
Open source vulnerability detection tools are readily available:
Nessus Wisker NMAP Google
8
Security Trends Hacking is becoming easier – Con’t
Virus and backdoor tool kits Easy to use tools are freely available
on the Internet for creating worms, viruses and backdoor programs:
Menu driven, point and click interface Variety of distribution methods available Use encryption and polymorphism to
bypass anti-virus programs
9
Security Trends Time to patch is decreasing
The creators of security exploits are using ever more sophisticated tools to reverse engineer patches after they are released. This is decreasing the time between the release of a patch to the exploit of the vulnerability being fixed.
Slammer Worm – 6 Months Blaster – 26 days Microsoft ASN1 Critical Vulnerability – 3 days
Microsoft is now releasing patches only once a month
10
Security Trends
Changing Motives In the past many hackers and virus
writers were mainly interested in bragging rights and the respect of their peers.
Today there is a profit motive. There is money to me made in relaying spam and stealing personal and financial data for use in identity theft.
11
Security Trends
Phishing Recent exploits:
Citibank Ebay Wells Fargo
Huge returns for phishers when people answer the messages
12
Security Trends Malware is proliferating:
Viruses Worms Trojans Back doors Bots Key Loggers Ad Ware Spy Ware
13
Security Trends Malware is becoming more sophisticated
Multiple infection vectors Downloadable trojan E-mail attachment Worm infecting un-patched systems
Scan for other vulnerable or infected systems Harvest e-mail addresses, credit card
numbers and other personal information Polymorphic – evolve to evade detection Virtual Machine Aware – Difficult to analyze by
security researchers
14
Security Trends The rise of the Bot
More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, to collect personal information and to launch distributed denial of service (DDOS) attacks
Able to phone home Often controlled via Internet Relay
Chat (IRC)
15
Security Trends Phatbot
Popular and full featured Bot running on Windows
Can take over 100 different actions triggered over the network from the attacker
Add Windows share, FTP files, add startup registry entry, scan for security vulnerabilities, harvest e-mail addresses, launch packet floods and more
Includes a software developer’s kit (SDK) so that hackers can easily add new features and customize functionality
16
Security Trends The future of Malware
Windows Root Kits Modify the operating system to hide the presence of
malicious code by hiding files, registry settings and running processes
BIOS Manipulation Malware makers will be able to hide malicious code in
the PC’s BIOS making it more difficult to detect and remove
Microcode Rewriting Current version of the Intel Pentium and AMD Athlon
processors include feature to update the CPU’s microcode. Security researchers believe that future exploits could take advantage of this ability for malicious uses
17
Steps For Improved Security Keep up with the latest attacks
Sign up to receive e-mail updates of security related issues from Microsoft, anti-virus providers and other software vendors key to your company’s operations
Install Patches Regularly Test before rollout to avoid application breakage Use Microsoft Software Update Services (SUS)
instead of automatic updates in a corporate environment
Install Antivirus software everywhere Desktop PCs, mail servers, file servers Update virus signatures daily Centralize virus notification Consider using virus protection from multiple vendors
18
Steps For Improved Security Configure firewalls for least access
Many firewalls block inbound access while allowing unlimited outbound access. This can allow malicious programs to easily contact the attacker and to spread.
Scan your network for security vulnerabilities regularly. Open source tools such as NMAP and
Nessus can identify internal and external vulnerabilities and find back door programs before they are exploited.
19
Steps For Improving Security Be Aware of Intrusion Detection
Systems (IDS) limitations IDS can identify potential attacks but can
not stop them IDS are blind to attacks encrypted by SSL
and other methods IDS often go unwatched due to the large
number of false positives Evaluate host based intrusion
prevention systems with the ability to detect and prevent attacks as an alternative
20
Resources - Tools NMAP
NMAP is a free network port scanning tool which uses a number of techniques including, connect, syn, fin scans to identify running services and firewall and router rule sets. NMAP can also identify the operation system running the remote system using a variety of TCP/IP stack fingerprinting techniques.
www.insecure.org/nmap/ Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tethereal is included.
www.ethereal.com/ Nessus
Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unixes. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
www.nessus.org
Snort Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis
and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort.
www.snort.org
21
Resources – Web Sites SANS
www.sans.org Security Focus
www.securityfocus.org Microsoft Security Guidance Center
www.microsoft.com/security/guidance Foundstone
www.foundstone.com