1 / 31

Host Based Security

Host Based Security. John Scrimsher, CISSP jps@hp.com. Pre-Quiz. Name Do you own a computer? What Brand? Email address City of Birth Have you ever had a computer virus?. Why Host Based Security?. Perimeter Security vs. Host Based. 66% $. 34% $$$. Why Host Based Security?.

orsen
Télécharger la présentation

Host Based Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Host Based Security John Scrimsher, CISSP jps@hp.com

  2. Pre-Quiz • Name • Do you own a computer? What Brand? • Email address • City of Birth • Have you ever had a computer virus?

  3. Why Host Based Security? • Perimeter Security vs. Host Based 66% $ 34% $$$

  4. Why Host Based Security? • Protect the Data • Malware • Internal Threats • Employee Theft • Unpatched systems

  5. What is Malware? Anything that you would not want deliberately installed on your computer. • Viruses • Worms • Trojans • Spyware • More……

  6. The Common Factor Where are the threats? • Un-patched Computers • Email • Network File Shares • Internet Downloads • Social Engineering • Blended Threats • Hoaxes / Chain Letters

  7. Phishing • Email messages sent to large distribution lists. • Disguised as legitimate businesses • Steal personal information

  8. Phishing Link goes to dllbat.com

  9. Identity Theft • Since viruses can be used to steal personal data, that data can be used to steal your identity • Phishing • Keystroke loggers • Trojans • Spyware

  10. Legal Issues • Many countries are still developing laws • Privacy Laws can prevent some investigation

  11. Kaspersky Quote "It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness. The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports. We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource." Eugene KasperskyHead of Antivirus Research

  12. Notable Legal History • Robert Morris Jr. - “WANK” worm. First internet worm ever created, set loose by accident across the internet. • Randal Schwartz - hacked into Intel claiming he was trying to point out weaknesses in their security. • David Smith - Melissa. First known use of mass-mailing technique used in a malicious manner. Some jail time. • “OnTheFly”, The Netherlands - “Anna” virus using worm generator tool. The writer was a youth who was “remorseful” but little was done to punish him. • Philippines - “Loveletter”. No jail time because there were no laws. • Jeffrey Lee Parsons – 2005 – 18 months in prison for variant of Blaster worm.

  13. Regulatory Issues • Sarbanes Oxley Act (2002) • Graham-Leach-Bliley Act (1999) • Health Information Portability and Accountability Act (1996) • Electronic Communications Privacy Act (1986)

  14. Security Security Security Security Organization Management Technology Infrastructure What is Management’s role? • Management ties everything together • Responsibility • Ownership Security is a Mindset, not a service. It must be a part of all decisions and implementations.

  15. Now, what do we do about it? • C.I.A. Security Model • Confidentiality • Integrity • Availability • Current Solutions • Antivirus / AntiSpyware • Personal Firewall / IDS / IPS • User Education

  16. How do you find new threats? • Honeypots • Sensors (anomaly detection) • User suspicion

  17. Things to look for…User Suspicion • Unusually high number of network connections (netstat –a) • CPU Utilization • Unexpected modifications to registry RUN section. • Higher than normal disk activity • Spoofed E-Mail

  18. How do these products Help?Honeypots • Capture sample of suspicious code / activity • Forensic Analysis • Behavior tracking • Related Technologies • Honey Net • Dark Net

  19. How do these products help?Sensors • Host Firewall / IPS blocks many unknown and known threats • Alarm system

  20. How do these products help?Sensors • Antivirus Captures Threats that use common access methods • Web Downloads • Email • Application Attacks (Buffer Overflow) VBSim demo

  21. Detection and Prevention Technologies • Antivirus • Signature based • Heuristics based • Host Firewall • hIDS / hIPS • Signature based • Anomaly based • Whitelist • Blacklist

  22. Social Engineering … 70 percent of those asked said they would reveal their computer passwords for a … Bar of chocolate Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1

  23. Educated Users Help The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element. Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002.

  24. How do these products help? • User Education • Don’t open suspicious email • Don’t download software from untrusted sites. • Patch

  25. On the Horizon - Microsoft • House on the hill • Targeted because they are Big? • Insecure because they are Big?

  26. On the Horizon • Early Detection and Preventative Tools • Virus Throttle • Active CounterMeasures • Principle of Least Authority (PoLA) • WAVE • Anomaly Detection • Viral Patching

  27. On the Horizon • Viral Targets • Mobile Phones, PDAs • Embedded Operating Systems • Automobiles • Sewing Machines • Bank Machines • Kitchen Appliances

  28. On the Horizon • Octopus worms • Multiple components working together • Warhol Worms • MSBlaster was proof of capability

  29. Learn Learn Learn Authors: • Sarah Gordon • Peter Szor • Roger Grimes • Kris Kaspersky • Search your library or online

  30. Questions?

  31. Resources • http://www.pcworld.com/news/article/0,aid,116163,00.asp • http://www.detnews.com/2003/technology/0309/03/technology-258376.htm • http://www.sans.org/rr/whitepapers/engineering/1232.php • http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html

More Related