Embed Size (px)
Citation preview
What do you know about What do you know about your network your network
Or maybe you don’t know Or maybe you don’t know who’s really therewho’s really there
By Dennis Peasley CISSP Digital Government October 2004
Who Controls Your Security PriorityWho Controls Your Security Priority
Vendors and Magazines control what Vendors and Magazines control what people are talking about when it people are talking about when it comes to Information Securitycomes to Information Security
Each one is trying to sell you Each one is trying to sell you somethingsomething
Each one selling a technology or Each one selling a technology or serviceservice
By Dennis Peasley CISSP Digital Government October 2004
What is important to youWhat is important to you
Every device on your network can be Every device on your network can be a vulnerabilitya vulnerability
Every Device is activeEvery Device is active In most cases, every device can talk In most cases, every device can talk
to every other device. At least locallyto every other device. At least locally
What devices are on your network?What devices are on your network?
By Dennis Peasley CISSP Digital Government October 2004
IP, Internet ProtocolIP, Internet Protocol
Because we all use the Internet Because we all use the Internet Protocol now, everything is connectedProtocol now, everything is connected
The Sapphire Worm was the fastest The Sapphire Worm was the fastest computer worm in history. As it began computer worm in history. As it began spreading throughout the Internet, it spreading throughout the Internet, it doubled in size every 8.5 seconds. It doubled in size every 8.5 seconds. It infected more than 90 percent of infected more than 90 percent of vulnerable hosts within 10 minutes. vulnerable hosts within 10 minutes.
By Dennis Peasley CISSP Digital Government October 2004
The Key to Vulnerabilities The Key to Vulnerabilities
No Operator inter-action No Operator inter-action neededneeded
As fast as the network allowsAs fast as the network allows
Who is on your networkWho is on your network
By Dennis Peasley CISSP Digital Government October 2004
Who’s on your networkWho’s on your network
Plenty of Dynamically Provided Plenty of Dynamically Provided AddressesAddresses
No requirements needed to get No requirements needed to get an addressan address
No membership or authorization No membership or authorization neededneeded
Microsoft Domains are not a blockMicrosoft Domains are not a block
By Dennis Peasley CISSP Digital Government October 2004
Who is on Your Network?Who is on Your Network?
In 2003 Herman Miller Inc. won the In 2003 Herman Miller Inc. won the RSA conference, Best Security Practice RSA conference, Best Security Practice of the year, for preventing a computer of the year, for preventing a computer without up-to-date Anti-Virus remotely without up-to-date Anti-Virus remotely accessing the network.accessing the network.
We have been infected with each of We have been infected with each of the major Worms since then.the major Worms since then.
What’s up with That? What’s up with That?
By Dennis Peasley CISSP Digital Government October 2004
Worms and VirusWorms and Virus
August 2003 –BlasterAugust 2003 –Blaster May 2004 - Sasser emergedMay 2004 - Sasser emerged Each of these worms found hosts on Each of these worms found hosts on
our network that we did not know our network that we did not know existed.existed.
We began a one year search for We began a one year search for computers we did not know were on computers we did not know were on our network.our network.
By Dennis Peasley CISSP Digital Government October 2004
Check with the vendorsCheck with the vendors
Most major vendors said they could Most major vendors said they could find every computer on our network.find every computer on our network.
The key is how fast.The key is how fast. Many laptops, many computers Many laptops, many computers
turned On and Offturned On and Off How big is your address rangeHow big is your address range We use 10.x.x.x - 16,777,214 We use 10.x.x.x - 16,777,214
possible host addressespossible host addresses
By Dennis Peasley CISSP Digital Government October 2004
Too many places to scanToo many places to scan
All of these addresses are not liveAll of these addresses are not live But who do we believe when we But who do we believe when we
decide not to check themdecide not to check them
Gota check’em allGota check’em all
By Dennis Peasley CISSP Digital Government October 2004
Who talks to WhoWho talks to Who
Routers talk to all of themRouters talk to all of them They can tell you of every one who They can tell you of every one who
talks to anyone else on the networktalks to anyone else on the network Ask the routers who’s thereAsk the routers who’s there They know every computer that talks They know every computer that talks
on the networkon the network With this information you can find With this information you can find
your network occupants your network occupants
By Dennis Peasley CISSP Digital Government October 2004
Find Them – Scan ThemFind Them – Scan Them
We scanned each host looking for We scanned each host looking for Windows but no Anti-Virus programWindows but no Anti-Virus program
We found computers that we couldn’t We found computers that we couldn’t talk to. We did not have rights.talk to. We did not have rights.
Policies? Do your Windows System Policies? Do your Windows System administrators have the right to administrators have the right to access all client computers.access all client computers.
What happens when you find the What happens when you find the computers that will be there.computers that will be there.
By Dennis Peasley CISSP Digital Government October 2004
Each Network has these Unknown HostsEach Network has these Unknown Hosts
These hosts are:These hosts are: UnmanagedUnmanaged Unpatched?Unpatched? Not backed upNot backed up Running unknown softwareRunning unknown software Running unknown servicesRunning unknown services Waiting to be used by the next wormWaiting to be used by the next worm Where are the real risk’sWhere are the real risk’s
By Dennis Peasley CISSP Digital Government October 2004
Vendor’s and Magazine’sVendor’s and Magazine’s
There are many risk’s running a There are many risk’s running a modern technology ecology.modern technology ecology.
The risks will never go away.The risks will never go away. Set the prioritiesSet the priorities Where will you focus your teamsWhere will you focus your teams
By Dennis Peasley CISSP Digital Government October 2004
Security is like QualitySecurity is like Quality
Security must be built inSecurity must be built in Security must be part of all managementSecurity must be part of all management Security must have measurable goalsSecurity must have measurable goals Operations teams are not usually Operations teams are not usually
measured by quality or securitymeasured by quality or security Separation of duties makes senseSeparation of duties makes sense Security should be equal to operations, Security should be equal to operations,
development and Infrastructuredevelopment and Infrastructure OR outside of IT OR outside of IT
