Upload
roxanne-wilkinson
View
215
Download
2
Embed Size (px)
Citation preview
NuGenSoft/CERTConf 2000/Intro
Introduction to Information Security
Presented to CERTConf 2000
September 26, 2000
Stephen M. Nugen, [email protected]
2
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Overview
PurposeProvide a broad, brief, overview of information securityContext for understanding more detailed sessions
Common vocabularyProblem domain... ThreatsSolution domain... Responses
Pointers to helpful Resources
Speaker prejudices20+ years IT and IT-related R&DFounder and CTO of NuGenSoftCertified Information Systems Security Professional (CISSP)
Informal style... questions [email protected]
3
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Overview cont’d
Information systems securityDiscipline that protects the confidentiality, integrity, and availability of
information and information servicesaka
Network security, Computer securityInformation assurance, Information operationsCyberSecurity, CyberWarfare, Cyberattack
Remember C-I-AConfidentiality: protecting from unauthorized disclosureIntegrity: protecting from unauthorized modificationAvailability: making data accessible when needed, reliably
InfoSec discipline includesTechnologiesPolicies; processesOperations
4
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat
Threat topicsDifferent types of malicious softwareCommon program threatsPort Scans and SniffersDenial of serviceMisrepresentationVandalismTheftOther vulnerabilitiesSize and trends
5
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Malware
VirusesSelf-replicating programsOftentimes attached to a host file
Boot sectorSystem fileDocument (macro)
WormsPropagate through networksEx: Lovebug... email attachment propagated through email to other
recipients
6
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Malware cont’d
Trojan HorseMalicious program disguised as something benignTwo parts
Visible useful partInvisible malicious part... may be destructive or create vulnerability for
future exploitationReplicate through users sharing files
Ex: Fun executableVisible effect: Entertaining cartoonConcealed effect: Installs remote-control programReplicates: Users share with each other via email, floppy disk, etc.
Note: These different types not mutually exclusive
7
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Program Threats
Logic bombHidden program activated under certain conditionsEx:
if lookup of “Bill Ellison” in payroll file fails then for every entry in payroll file if entry.salary > 100K then set entry.salary = 10K endif endfor endif
Back doorHole in system security deliberately installed by designers or
maintainersIntent not always sinister
8
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Program Threats cont’d
Remote control programsAllow remote control of local workstationEffect may be known (presumably benign) or unknown (presumably
malicious)Ex: PCAnywhereEx: BackOrficeEx: Zombie (compromised PC does what its master commands)
Buffer overflowsExploits unintentional vulnerabilities in programs, oftentimes less-
tested error-recovery routinesSophisticated hackers able to cause their data (really hand-crafted
instructions) to overflow internal data structures into control registers
9
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Program Threats cont’d
Browser componentsActiveX or JAVA applets downloaded automatically from web pageJAVA applets constrained to sandbox, but implementation errors can
be exploitedActiveX components unrestricted, security depends on evaluating
their source Trusted components oftentimes marked safe for scripting
Provides useful functionalityProvides potential vulnerabilities
10
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Port Scans
Send a packet to a specific machine, particular port... analyze the response (if any)
Part of a classic attack strategyReconnaissance:
Determine which ports are openWhat services are respondingUse responses to determine version of operating system, web server, etc.
Planning: Use results of port scans to select tools and methods for specific operating system, services, etc.RootShell.com and other hacker sites have helpful search engines...
Attack: Focused attack, customized to target systemNote: Newer attack forms just attack blindly without prior port
scans... lower probability of success, but much faster and no prior warnings
11
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Port Scans cont’d
Port scanning very prevalentLots of good toolsSecurity assessments and self-defense strategies usually include
scanning yourself
Folks disagree about the criminality of port scansLike someone looking in a storefront window?Like someone trying the doors, after normal business hours?Like someone testing your doors and windows while you sleep?
12
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Sniffers
Capture all the packets on a LAN (or WAN) segmentNormally, NIC ignores all packets except the ones addressed to
specific machineNIC in promiscuous mode processes every packetDifficult to detect when purely passive
Have to cut TX-line or configure very carefully so sniffer system doesn’t respond to anything
Used maliciously toCapture passwordsObtain credit card numbers, etc.
Used legitimatelyTo diagnose difficult network problemsBy intrusion detection systems
13
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Denial of Service
DefinitionAimed at making services unavailableCalled by some the “ultimate Internet security nemesis”aka DoS
Simple typesCommunications-level
Ex: Flood the server with SYN packets from one or more sources, overwhelming the TPC/IP protocol stack resources
Service basedEx: Send malformed header to listening RPC service, forcing server into
spinning error recovery
Network-basedEx: Compromise a router or assume its identify... Then, send ICMP
messages to clients telling them their access is unalloyed or the network is unreachable
14
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | DoS cont’d
Simple types cont’dDistributed
Utilize an army of Zombie PCs, previously compromised via a virus, trojan, etc..
Multiple sources harder to counter
Traffic from each individual source may appear legit
Systems unable to cope with aggregation of multiple simultaneous sources... especially when consuming extra resources recovering from protocol errors, etc.
15
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | DoS cont’d
ExampleThreat
When systems boot, they broadcast a message indicating their identity (IP address)
A malicious system can be configured to respond to every such broadcast with “Hey, I’m already using that IP address!”
Thus, to avoid an IP conflict, booting system fails to initialize its networking services
RecoveryFind the box... good luck, they can be very small
Disable Proxy ARP service on the system (or remove the system from the LAN)
Reboot every affected system
16
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Misrepresentation
Router spoofingMachine X claims to be the trusted router
Enables redirectionEnables denial of service and man-in-the-middle attacks
Man-in-the-middleCan read (snoop) and/or change contents in-transit
EmailPurchase ordersQuotes
Packet filtering with detailed time-stamped logs help to detect these attacks
17
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Misrepresentation cont’d
Web spoofingEntice users to link through hacker-controlled portalHacker portal does pass-through and
Can monitor everythingCan modify the response returned by the legitimate server to something
more interesting...
1: Request 2: Request
3: Legitresponse
4: Monitor and/ormodify response
5: SpoofedResponse
UserHacker-
Controlled Server/Portal-A
Legitimate Web Server-B
18
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Vandalism
Rewriting someone else’s web page to display the vandal’s message
Classic examplesDepartment of Justice; August 1996
Hackers vandalized www.usdoj.gov with swastikas, obscene pictures, and criticisms of the CDA
CIA; September 1996Vandalized www.odci.gov/cia with “Welcome to the Central Stupidity Agency”, etc.
Air Force; December 1996Vandalized www.af.mil with X-rated picture captioned “This is what the government
is doing to you.”Example: NASA; March 1997
Vandalized www.nasa.gov with references to the Internet Liberation Front (ILF)
More recent examples include World Trade Organization Activist organizations urging DoS attacks on others
19
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Theft
Types of theftTheft of moneyTheft of servicesTheft of intellectual property
Direct gainExtortionMaking valuable IP public domain, adversely impacting its copyright
status
Theft of reputation... similar to vandalism and denial of service
20
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Theft cont’d
Ex: Trojan horse dialerVisitors to www.1adult.com offered the opportunity to view free
pictures using special download softwareSpecial download software
Lowers modem volumeDisconnects from ISPReconnects to an overseas ISP
Thought to be Moldova, later found to be CanadaVery high connect fees, charged to their modem telephone line
Some customers preferred to pay very high phone bills than to explain them... (social engineering)
Ex: Two hackers stole communication company’s 5-year plan for cellular systemsDemanded $2M to destroy the systemMade their demands through an ISP owned by the same company...
21
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Theft cont’d
Ex: Cereal companiesCompany-A secretly develops new cerealCompany-B releases a nearly identical product just before
Company-ACompany-A loses $1BCoincidence or industrial espionage?
Ex: Adult entertainment company hires hacker to download all content from a competing siteFilters usually prevent massive downloadsHacker succeeded, posted content to newsgroupsPotentially weakens copyright protection of stolen content
22
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Other Vulnerabilities
Browser flawsHostile servers can exploit weaknesses in MS IE and Netscape
Communicator to access local files, etcA continuous journey of discovery, response, etc.
Untrusted hackers aren’t breaking in... trusted employees are unwittingly opening the door by accessing hostile web pages
Server flawsHackers can exploit server-side vulnerabilities, installing hostile code
on a trusted server that exploits clients
Cross-site scripting complicates the issue... only countermeasure is good server-side defensive programming
23
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Vulnerabilities cont’d
Network print serversPrinter vendors slower to add strong security featuresEx: SpaWar
Intruder hacked into the printer and reconfigured the routing tables on other SpaWar equipment.
Files were hijacked from printing queue, sent to server in Russia, and then sent back to SpaWar printer... hijacker can keep a copy or even modify
Noticed only when impatient user investigated why he had to wait so long for his job to start printing
24
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Vulnerabilities cont’d
WiretappingOmaha’s telephone infrastructure fairly old, relatively easy to crack Access to public telephone lines uncontrolled
Toadstools and manholes not lockedDetermining which wiring pair belongs to the target is easy...just call the
number from a cell phone and feel for the ring current
PBXs complicate the problem, but only a little...PBX’s can be hackedAccess to company wiring closets gained through social engineeringMost PBX’s have a feature that allows a single extension to hard-
assigned to a specific loopTypically used for the operator or executivesHackers like this feature
Most speaker phones can be remotely commanded for listening, even when the phone is on-hook
25
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Vulnerabilities cont’d
Pager messages can be interceptedEx: White House Communications Agency, 1997
Hackers intercepted and published transcripts from pager messages sent while the President was visiting Philadelphia
No national security compromise, but unearthed vulnerability and romantic affairs among White House staff
26
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Size
Difficult to measureOrganizations don’t detect or report every incidentHackers sometimes credited for IT problems not related to InfoSecInfoSec firms influencing demand for the their products and services
1998 poll of 163 organizations31% reported $123M in damages69% couldn’t even quantify their damage
1998 FBI study of 428 intrusions in US21% initiated by disgruntled employees17% initiated by independent hackers11% initiated by U.S. competitors 6% initiated by foreign competitors
1999 survey of 185 Fortune 500 firmsClean-up costs and lost productivity due to worms and viruses $7.5B
for first half of 1999
27
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Size cont’d
1999 survey of Fortune 1000 companies$45B in losses from theft of proprietary informationUnknown how much of that was sponsored by competitors’
Earlier survey found more than half of 600 companies surveyed felt their competitors were likely source of cyberattack
2000 survey of large corporations and government agenciesComputer Security Institute, March 2000 with FBI participation90% detected computer security breaches in previous 12-months
70% reported “serious” breaches74% reported financial losses
42%, or 273 organizations, able and willing to quantify their loss: $265MMost serious financial losses from theft of proprietary information
28
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Size cont’d
2000 survey of 4,900 IT professionals across 30 nationsInformationWeek and PricewaterhouseCoopers, July 2000Only 50,000 US firms large enough to be impacted by and able to
accurately tally to cost of software virusesUS impact: $266B
Represents 2.5% of Gross Domestic ProductMuch more than $15B estimated for 1999, different methodsLost productivity: ~7,000 person-years
Worldwide impact: $1.6T
29
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Trends
Subjective views (multiple sources)Decentralized multi-vendor systems make it harder to rely on
vendors to detect and close vulnerabilitiesSome vulnerabilities can’t be closed by software vendors... closure has to
come from overworked application and web programmers
Increasing complexity of software increases the probability and number of vulnerabilitiesSome experts more pessimistic today than two years ago
Number of good hacker tools is increasing, making it easier to hackEven for the technically-challenged “script-kiddies”Internet provides powerful opportunities for knowledge-sharing,
collaborationCopying costs are negligible
30
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Trends cont’d
AI techniquesConflict of interest disclosure: NuGenSoft’s focus areaAI techniques can be used to discover vulnerabilities and exploitsProvided with public-domain case histories of past exploits, Case
Based Reasoning technologies can be used to generate plausible hypotheses of what other vulnerabilities are present/exploitable
Goal-directed scripts can test the hypotheses on private client-server LANs... 24X7... undetectedSimple as iterating over field lengths, header contents, ports, etc..Analyze responses
Delayed response may indicate server-intensive error processing... Denial of Service vulnerabilityNo response may indicate crashed service... Denial Of Service... maybe even a buffer overflow opportunity
Hypothesis: Attackers that develop new tools offline over 6-mo, 24X7, enjoy computational advantage over defenders responding real-time
31
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Threat | Trends cont’d
Demand for solutions exceeds supplyDemand increasing rapidlySupply effectively flat or increasing slowly
Best countermeasure: specialized human expertise... Security specialistsSystem administrators
...Who are well-trained, experienced, informedTraining: Certifications and education initiatives increase supply but at a
lower rate than demandStaying informed very hard and time-consuming
Nearly impossible when working full-timeCISSP and SANS certifications expire without continuing education and/or periodic retestEffectively decreases supply
Government speaker: “Wanting a security consultant real bad may mean getting a security consultant real bad.”
32
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Responses
OverviewPolicy... processes
Policy comes firstTechnical countermeasures need to consider the risk... the likelihood of
compromise, associated damaged
TechnologiesImplementing the policies
AssessmentMeasure operations to assess how well are implemented technologies
and processes satisfying management policies
33
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Policy
Define security policy as part of risk managementOrganization managers responsible for policyIncludes disaster recoveryPlan, in advance, how to respond to successful InfoSec attacks
Define the team who will respond to security incidentsDesired: Decide, in advance, to commit necessary resources and
endurance to prosecute intruders
Separation of dutiesDon’t put ultimate trust in anyone... not even system administratorsSeparate duties so that no single person can maliciously
compromise the system undetectedProbability of detection increases with the number of people involvedMandatory vacations
34
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Policy cont’d
Enable auditsTurn on system accounting (event logging)... configure for maximum
granularityLog files will be large, but disk space is cheapDetailed log files hard to review, but tools help
Good hack tools exist for deleting or modifying log files, soProtect their accessIf possible, log to a different system, not connected via LAN/WAN... use a
serial connection to standalone system with minimal O/S for example
Manage audit trails (system logs) to preserve an unbroken chain of evidence that can be used to prosecute criminal behavior
Employers’ written policiesSigned ‘fair use’ agreements recommendedValid even if employees don’t sign so long as the employees know they
exist
35
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology
TopicsAuthenticationFirewallsIntrusion DetectionCryptography
Authentication... based onSomething you know
Password
Something you ownATM cardCoded ID badge
Something you areBiometricsFingerprint scanner
...best practice: require two elements... ATM card + PIN
36
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
FirewallsPartition, manage multiple operating zonesFirewalls used be 2-port (concept and implementation)
Internal (trusted)External (untrusted)
Today, most firewalls are 3-port...Internal (sort of trusted)External (untrusted, lawless)DMZ (war zone)
Response | Technology cont’d
Semi-protected DMZProtected private network
Have to expose DMZ for customer access
Hide private network... NAT, etc.
InternalFirewall
Eng Wkstns
ExternalFirewall
Untrusted Internet ConnectionRouter
Web Srvr
DNS
Monitor...
Payroll DB Srver
37
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Firewalls cont’dEvolving
From filters based on source address, destination address, and type of service... to policy-based rules
Internal firewalls used to protect trusted internal networks from each otherDilbert example: Isolate/protect Engineering LAN from Executive
Management
Firewalls not enough...New viruses and Trojans like BO2K-variations can vary their signature
(size, port, location, checksum, etc.) to slip past even good firewallsSome claim 70% of firewalls can be penetratedOrganizations relying on perimeter firewalls for network security are like
Tootsie Rolls... hard on the outside, but soft and chewy insideOverloading of http (via port 80) may render traditional firewalls less
effective
38
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Intrusion detection systems (IDS)IDS systems like a video camera at a convenience store
Passive, don’t prevent crimes/hackingBut, provide evidence... help to eliminate repeat offenders
Three typesPacket-basedNetwork-basedHost-based
39
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Intrusion detection cont’dPacket-based intrusion detection
Packet filtering: Examine every packet for known attack signaturesProblem-1:
Detection uses known signatures (from hacks that were already successful somewhere)But, once the vendor includes that attack signatures, hackers switch to another strategy with a new signature, unknown to intrusion detection software
Problem-2There are 2,500-5,000 known attack signatures to compare with every packet But, comparative engines can only compare packets to an active set of <200 signaturesSometimes, old methods work once again...
40
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Intrusion detection cont’dNetwork-based intrusion detection
Look for social-engineering influences by determining who’s talking to who and whenInside-to-inside probably OK...Inside-to-outside and outside-to-inside maybe OKOutside-to-outside a definite problem
Pattern-based: search for changes, deviations from “normal”Search for off-nominal network behavior... Day-worker Bob logging in at 3:00AM Search for changes in user behavior... Changes in what network resources they use... Changes in what files they access
41
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Intrusion detection cont’dHost-based intrusion detection (host misuse detection)
Lots of vendor toolsSome use expert system technology to enforce security policies;
constantly re-learn user’s usage patterns
42
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
CryptographyMotivation
Protecting information by ensuring its integrity and confidentiality... even as it travels over untrusted networks
Includes authentication and non-repudiation services... digital signatures for example
Private-key encryptionRequires sender and receiver to share the same key... exchanging it
before exchanging informationRelatively fastEx: DES, IDEA, RC2, RC4, RC5, Blowfish
Public-key encryptionUses key pairs (mathematically-related)
Public portion publishedPrivate portion kept secret
Doesn’t require senders and receivers to exchange private keys firstMuch slower than private-key
43
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Cryptography cont’dPublic-key encryption
Uses key pairs (math-related)Public portion publishedPrivate portion kept secret
Doesn’t require senders and receivers to exchange keys first
Much slower than private-key
ExampleAuthenticates the sender
Only the sender knows secret key corresponding to sender’s public key
Ensures confidentialityOnly intended receiver knows secret
key corresponding to receiver’s public key
Note: Message digests more efficient
ciphertext-2
plaintext
ciphertext-1
sender’s private key
encrypt
Sender
receiver’s public key
encrypt
plaintext
ciphertext-1
receiver’sprivate key
decrypt
Receiver
senders public key
decrypt
UntrustedTransport
44
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Cryptography cont’dHybrid
Use public-key to establish and share a private keyUse private-key for bulk data encryption
Public Key Infrastructure (PKI)A method of binding a user to their public key via a certificate from a
trusted authority
45
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Technology cont’d
Cryptography cont’dAuthentication via challenge handshake
Prove possession of a secret as proof of identity without disclosing the secret
[1] User’s non-secret credentials (username) and corresponding secret (password) stored on server
[2] User provides their username to server
[3] Server generates the challenge... a random string and sends to user
[4] User combines the challenge with their password, hashes it, and responds with the result
[5] Server reverses the process using its copy of the user’s secret password... if the message matches the random string, the user is authenticated
Note: The secret password itself is never disclosed
User
Server1
2
3
4
5
46
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Assessments
Three partsExternal: access from internetDial-in: find modems inside the firewallInternal: done on-site, connected to the LAN
External (aka perimeter check, external IP assessment, network assessment)Reconnaissance (discovery)
What the external hacker seesWhat devices are visibleWhat ports are openWhat services are accessible
TechniquesPublic information, e.g. WHOIS DB... ISP info for hosted web sitesICMP sweeps, e.g. PingPort scans
47
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Assessments cont’d
External cont’dTarget vulnerabilities
Banner analysis... server response to port scansUse DB of techniquesUse search engines at hacker sites like RootShell
ExploitAutomatic attack toolsMan-in-the-middle attacksSecondary exploitation... penetrate one machine, launch new attacks
from it
48
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Response | Assessments cont’d
Dial-inIncludes a war-dialer to detect modems connected to trusted LAN,
Servers, or workstationsExecute during the day and at off-hours (unannounced) to detect
modems turned on by employees when they want to work from home
Three steps: find, identify, penetrateBe certain to check digital lines such as IDSN, DSL
InternalFBI study showed 75-80% of all [detected] attacks came from the
inside...An uncertain risk: are companies responsible when their employees [or
others] use company resources to attack other computer systems?
May include developing profiles of normal employee useIs it really trusted employee Bob logging in at 10:30PM, or a member of
the cleaning crew using Bob’s username and password?Why is Dilbert accessing the HR DB through remote access?
49
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Resources
Big caveat: Necessarily incomplete... a samplingCERTConf speakers
CERTConf 1999CERTConf 2000CERTConf 2001
NebraskaCERTwww.nebraskacert.orgCyber Security Forum (CSF)
Outreach program meeting monthly, everyone welcome
CISSP trainingTwo classes so farNumber of Omaha-area CISSP increased from two to ten with still more
getting ready to test
50
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Resources cont’d
GovernmentCERT
Operated by CMU under DoD contract, along with SEICERT teams exist at company, regional, agency, and national levelCERT issues advisories only for the most critical incidents...less-critical
vulnerabilities posted on web pagewww.cert.org
Federal Best Security Practices (BSPs)Drill-down for useful checklistsbsp.cio.gov
NISTComputer Security Resource Clearinghousecsrc.nist.gov
51
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Resources cont’d
NIPCNational Infrastructure Protection Center
Interagency effort, led by FBIOmaha FBI office is NIPC-aware
CyberNotes useful source of detailed informationwww.nipc.gov
InfraGardA public outreach program under NIPC
FBI facilitates the program, but does not run itInfraGard members run their local chapters... varies by location
Non-disclosureMembers required to sign non-disclosure agreements for InfraGard-provided informationInformation provided by other InfraGard membersInformation provided by NIPC just to InfraGard members
Local chapter in Omaha...
52
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Resources cont’d
Online sampler... portals, conferences, etc.www.sans.orgwww.isc2.orgwww.icsa.netwww.ntsecurity.netwww.antionline.comwww.securityportal.comwww.securityfocus.comwww.counterpane.comwww.gocsi.com
Local educationPKI IS&T (UNO)Creighton UniversityCollege of Saint MaryIowa State UniversityNBDC
53
NuGenSoft
NuGenSoft/CERTConf 2000/Intro
Resources cont’d
Newsletters, emailSecurity Wire Digest from www.infosecuritymag.comSecurity Update from www.win2000mag.comMicrosoft Product Security from www.microsoft.com/technet/security
Print magazinesMagazines specific to your operating system(s)Information Security... www.infosecuritymag.comSC Magazine... www.infosecnews.com
BooksToo many to list... new ones always being publishedSend focused request to [email protected]