1 / 19

IT Security Awareness Dangers in the Networked World

IT Security Awareness Dangers in the Networked World. Lai Zit Seng NUS School of Computing. Topics. History: Recent Worms What is Security Why Worry What’s Happening in SOC. History – Code Red. Struck on 12th Jul 2001 Public announcement on 17th Jul 2001

blaze
Download Presentation

IT Security Awareness Dangers in the Networked World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Security AwarenessDangers in the Networked World Lai Zit Seng NUS School of Computing

  2. Topics • History: Recent Worms • What is Security • Why Worry • What’s Happening in SOC

  3. History – Code Red • Struck on 12th Jul 2001 • Public announcement on 17th Jul 2001 • CERT announcement on 19th Jul 2001, and again on 26th Jul 2001 • Exploited buffer overflow in IIS • CERT published advisory on 19th Jun 2001 • Patch available from MS since 18th Jun 2001 • Estimated $2B in damages (Aug 2001) • Source: Computer Economics (quoted by NewsFactor.com)

  4. History – Slammer Worm • Struck on 25th Jan 2003 • Infected 75K hosts • Our own NUSNET “melted down” for hours • Elsewhere: Disrupted ATMs, 911 systems • Exploited MS-SQL and MSDE vulnerabilities • Patch available from MS since 10th Jul 2002 • CERT advisory 29th Jul 2002 • Estimated US$1B in damages • Source: Mi2g

  5. History – W32/Blaster • Struck on 11th Aug 2003 • Exploits RPC vulnerabilities • CERT advisory on 17th Jul 2003 • Patch available from MS since 16th Jul 2003 • Unprecedented damages • Mi2g estimates $32.8B in economic damages (together with other malware of Aug 2003)

  6. History – Other Incidents • Apache/mod_ssl worm • CERT advisory 14th Sep 2002 • Vulnerability published by CERT since 30th Jul 2002 • Nimda worm • CERT announced 18th Sep 2001 • Exploits vulnerability for which patch available from MS since 29th Mar 2001

  7. Security Triad • Confidentiality: Ensuring that data contained in an information system is accessible only to those authorized. • Integrity: Ensuring that data contained in or functions carried out by an information system is correct. • Availability: Ensuring that an information system is accessible to those authorized to use it.

  8. Why Worry • Advances in technology: Convenience, cost, availability • Pervasiveness of networked computing • Network convergence: Single network for Voice, Video and Data • Human Issues: • Social Engineering

  9. Why Worry – cont’d • Infrastructure/Operations • ATMs, Power Grid etc exposed to Internet • Various risk exposures: Confidentiality, Integrity, Availability • Zero-Day exposures • Phishing attacks • Risks are outstripping safeguards

  10. 1988 Exploiting passwords Exploiting known vulnerabilities Today Exploiting protocol flaws Examining source code for security flaws Abusing public servers Installing sniffers Source address spoofing DoS, DDoS Widespread automated scanning Changes in Intrusion Profile

  11. Incidents Reported to CERT/CC From: CERT/CC Website

  12. How many incidents? From: 2004 CSI/FBI Computer Crime and Security Survey

  13. How many incidents from Outside? From: 2004 CSI/FBI Computer Crime and Security Survey

  14. How many incidents from Inside? From: 2004 CSI/FBI Computer Crime and Security Survey

  15. SOC IDS Activity Statistics for 1st Oct 2004: • 238155 IDS log entries • 42578 runs of portscanning activities • 12908 incidences of Windows/SMB traffic anomaly • 209 accesses to our honeypot

  16. SOC Network VA Statistics As on 8th Oct 2004: • 37 machines denied network access (due to enforcement) • 185 critical vulnerabilities unfixed

  17. Security Lab • Objective: • Enable learning and experimentation relating to IT Security • Setting up experiments and playground for anyone interested in IT Security • Activities relating to SIG^2 NUS Chapter • Servers, desktop computers and network equipment • Look out for upcoming news

  18. Questions and Answers Lai Zit Seng Email: laizs@comp.nus.edu.sg

More Related