1 / 28

Recent Security Threats & Vulnerabilities Computer security

Recent Security Threats & Vulnerabilities Computer security. In. Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Fall 2004 – Brookhaven, NY, USA. Work supported by U. S. Department of Energy contract DE-AC02-76SF00515. Windows. Recent Windows Vulnerabilities Windows patching

blue
Télécharger la présentation

Recent Security Threats & Vulnerabilities Computer security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Recent Security Threats & VulnerabilitiesComputer security In Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported by U. S. Department of Energy contract DE-AC02-76SF00515

  2. Windows • Recent Windows Vulnerabilities • Windows patching • Phishing and viruses • Web exposures (IE) • Spyware • XP SP2 HEPiX - Fall 2004

  3. Recent Windows Vulnerabilities • ASP.NET path vulnerability • GDI+ jpeg (can’t just block jpegs) • IE patches – lots; Outlook Express update • NetDDE (not enabled by default) • Windows shell (exploit thru web) • IIS (document footer javascript) • Allows code execution: NNTP; SMTP, zipped folders; Excel; WP converter; HTML Help; Task Scheduler; POSIX (old sys) HEPiX - Fall 2004

  4. Windows Patching • Patches do _NOT_ get e-mailed to you! • Windows systems in Active Directory can be patched automatically (mostly) • Offsite users must do their own patching • May investigate ”bigfix” as partial solution • Support for Linux / Macintosh • Non-Ad users • Non Microsoft software (winzip, realplayer, acrobat) • http://www.bigfix.com/products/products_patch.html HEPiX - Fall 2004

  5. HEPiX - Fall 2004

  6. Recent Phishing E-mail HEPiX - Fall 2004

  7. E-Mail Attacks & Protection • Phishing = Emails (and phonecalls) engineered to get information from you or just to get you to click and download virus • Need to have Multi-Level Protection • Email gateways strip attachments • Exchange/desktop AV detects & removes • Gateway tags as [SPAM:###] if a link in the e-mail would download malicious code HEPiX - Fall 2004

  8. Don’t Take the Bait HEPiX - Fall 2004

  9. Forged FDIC E-mail HEPiX - Fall 2004

  10. Fake FDIC Website HEPiX - Fall 2004

  11. Real FDIC Website HEPiX - Fall 2004

  12. E-mail With Virus Attached HEPiX - Fall 2004

  13. AD & SUS->WUS • Problematic patching • Office vs.Windows Update • Require product CD? • XP will have improvements (someday) • Who let them name it WUS? http://www.wordsculpture.se/english_corner/slang.asp • But sites still must address non-MS software HEPiX - Fall 2004

  14. Viruses • More sophistication • Run automatically • Leave backdoors; smtp for spam • Keyboard loggers • Alert Oct 18, 2004 – bypass AV for McAfee, CA, Sophos, Kaspersky, Eset, RAV zip file checking HEPiX - Fall 2004

  15. IE Exposures • Unpatched vulnerabilities • Cannot escape IE (but can control) • XP SP2 has fixed some problems • There is still problem of user knowledge HEPiX - Fall 2004

  16. Spyware • Invade privacy • Keyloggers compromise security • Allowed by some AV products • User agrees to software’s actions through license agreement • US state and federal legislation will solve the problem (just like with SPAM) - NOT HEPiX - Fall 2004

  17. XP SP2 • Problem areas • Spyware causes bluescreen • Popup blocking causes problems w/ some sites • Multiple firewalls cause conflicts • Need to allow vulnerability scanning • ICMP off by default (no ping response) • Open ports fo file / print sharing or • Run software agent that can be “contacted” HEPiX - Fall 2004

  18. Unix & Linux • Local Exploits = Remote Exploits • Samba • LSF – rtok lsadmin eauth • PHP in web servers • chown • drivers (sparse code chking tool) • sendmail • sshd – scanning for weak passwords HEPiX - Fall 2004

  19. Fedora • Supports RH 7.3 and RH 9 • Security fixes can take several months after vulnerability is announced • Large pkg of fixes released Oct 18, 2004 • ISO9660, Soundblaster, file offset pointers, nfs group ID, drivers, several integer oveflows, other DOS, memory leaks, information leaks. HEPiX - Fall 2004

  20. Universities & Labs • Exploits against Solaris, AIX, Linux • Attacker(s) are knowledgeable • Install SK rootkit on Linux • Install trojaned sshd • gets passwords from keyboard/tty entry • accesses RSA keys • CERN break-in (LXPLUS) recent example (LSF) • Are one time password tokens in your future? HEPiX - Fall 2004

  21. Universities and Labs (cont) • User “klogd” scans for open X sessions • Forwards captured passwds thru port 8181 • Used on patched machines • Just notified sites in US (USC, UCSB, NYU, Princeton, PSU, etc) of problems. • Also RAL, Fermilab, SLAC, Cornell, Bristol, INFN, Stanford HEPiX - Fall 2004

  22. Cisco • CatOS – Telnet, HTTP, SSH • BGP – another DOS HEPiX - Fall 2004

  23. Macintosh • Safari – open in browser; javascript • Disk image mounter • libpng • kerberos • rsync • OpenSSH • iChat • QuickTime HEPiX - Fall 2004

  24. Other Vulnerabilities • AXIS video camera and server • IM – gaim, AIM & Yahoo Messenger • CVS • RealPlayer • Winzip • Web HP JetAdmin • Acrobat Reader 6.0 • Firewire (announced Nov 11) HEPiX - Fall 2004

  25. Email • Evils of HTML email • It’s big & it hides bad stuff • Phishing scams • Citibank, eBay, PayPal, Wells Fargo • Outlook 2003 setting (reg for Outlook XP) • New default for Outlook Express HEPiX - Fall 2004

  26. Outlook 2003 Tools -> Options -> Preferences HEPiX - Fall 2004

  27. Final Thoughts • Attacks coming faster; attackers getting smarter • No simple solution works • Patching helps • Firewalls help • AV & attachment removal help • Encrypted passwords/tunnels help • You can’t be “secure”; only “more secure” • We must share information better HEPiX - Fall 2004

  28. What is the Most Important Component of Computer Security? YOU!

More Related