1 / 21

Security Update

Security Update. Vaughn Book SVP – Chief Technology Officer Arrowhead Credit Union November 9, 2004. Why security is important . Good security practices are essential to protecting your company’s most important resources Data Reputation

devi
Download Presentation

Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Update Vaughn Book SVP – Chief Technology Officer Arrowhead Credit Union November 9, 2004

  2. Why security is important • Good security practices are essential to protecting your company’s most important resources • Data • Reputation • Security risks are increasing due to the demands of the always on, always connected economy

  3. Security Trends • On-line Identity Theft • Consumers are increasingly becoming the victims of identity theft as a result of their online activities • e-Commerce web site compromises • Spam • Phishing • Malware

  4. Security Trends • Increasing regulatory involvement • Health Insurance Portability and Accountability Act (HIPAA) • Gramm-Leach-Bliley Act (GLBA) • Sarbanes Oxley Act (SOX) • California Security Breach Information Act (S.B. 1386)

  5. Security Trends • Application vulnerabilities increasing • Software packages are becoming larger and more complex • New vulnerabilities are discovered on a daily basis • Software vendors are unable to address vulnerabilities before exploits are available, leading to 0 day attacks

  6. Security Trends • Wireless access is becoming pervasive • Wireless networks are easy to deploy, but hard to secure • High profile wireless security problems • Best Buy • Lowe’s • Easy access for hackers and spammers • Rogue access points

  7. Security Trends • Hacking is becoming easier • Identifying and exploiting security vulnerabilities no longer requires in-depth technical skills • Open source vulnerability detection tools are readily available: • Nessus • Wisker • NMAP • Google

  8. Security Trends • Hacking is becoming easier – Con’t • Virus and backdoor tool kits • Easy to use tools are freely available on the Internet for creating worms, viruses and backdoor programs: • Menu driven, point and click interface • Variety of distribution methods available • Use encryption and polymorphism to bypass anti-virus programs

  9. Security Trends • Time to patch is decreasing • The creators of security exploits are using ever more sophisticated tools to reverse engineer patches after they are released. This is decreasing the time between the release of a patch to the exploit of the vulnerability being fixed. • Slammer Worm – 6 Months • Blaster – 26 days • Microsoft ASN1 Critical Vulnerability – 3 days • Microsoft is now releasing patches only once a month

  10. Security Trends • Changing Motives • In the past many hackers and virus writers were mainly interested in bragging rights and the respect of their peers. • Today there is a profit motive. There is money to me made in relaying spam and stealing personal and financial data for use in identity theft.

  11. Security Trends • Phishing • Recent exploits: • Citibank • Ebay • Wells Fargo • Huge returns for phishers when people answer the messages

  12. Security Trends • Malware is proliferating: • Viruses • Worms • Trojans • Back doors • Bots • Key Loggers • Ad Ware • Spy Ware

  13. Security Trends • Malware is becoming more sophisticated • Multiple infection vectors • Downloadable trojan • E-mail attachment • Worm infecting un-patched systems • Scan for other vulnerable or infected systems • Harvest e-mail addresses, credit card numbers and other personal information • Polymorphic – evolve to evade detection • Virtual Machine Aware – Difficult to analyze by security researchers

  14. Security Trends • The rise of the Bot • More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, to collect personal information and to launch distributed denial of service (DDOS) attacks • Able to phone home • Often controlled via Internet Relay Chat (IRC)

  15. Security Trends • Phatbot • Popular and full featured Bot running on Windows • Can take over 100 different actions triggered over the network from the attacker • Add Windows share, FTP files, add startup registry entry, scan for security vulnerabilities, harvest e-mail addresses, launch packet floods and more • Includes a software developer’s kit (SDK) so that hackers can easily add new features and customize functionality

  16. Security Trends • The future of Malware • Windows Root Kits • Modify the operating system to hide the presence of malicious code by hiding files, registry settings and running processes • BIOS Manipulation • Malware makers will be able to hide malicious code in the PC’s BIOS making it more difficult to detect and remove • Microcode Rewriting • Current version of the Intel Pentium and AMD Athlon processors include feature to update the CPU’s microcode. Security researchers believe that future exploits could take advantage of this ability for malicious uses

  17. Steps For Improved Security • Keep up with the latest attacks • Sign up to receive e-mail updates of security related issues from Microsoft, anti-virus providers and other software vendors key to your company’s operations • Install Patches Regularly • Test before rollout to avoid application breakage • Use Microsoft Software Update Services (SUS) instead of automatic updates in a corporate environment • Install Antivirus software everywhere • Desktop PCs, mail servers, file servers • Update virus signatures daily • Centralize virus notification • Consider using virus protection from multiple vendors

  18. Steps For Improved Security • Configure firewalls for least access • Many firewalls block inbound access while allowing unlimited outbound access. This can allow malicious programs to easily contact the attacker and to spread. • Scan your network for security vulnerabilities regularly. • Open source tools such as NMAP and Nessus can identify internal and external vulnerabilities and find back door programs before they are exploited.

  19. Steps For Improving Security • Be Aware of Intrusion Detection Systems (IDS) limitations • IDS can identify potential attacks but can not stop them • IDS are blind to attacks encrypted by SSL and other methods • IDS often go unwatched due to the large number of false positives • Evaluate host based intrusion prevention systems with the ability to detect and prevent attacks as an alternative

  20. Resources - Tools • NMAP • NMAP is a free network port scanning tool which uses a number of techniques including, connect, syn, fin scans to identify running services and firewall and router rule sets. NMAP can also identify the operation system running the remote system using a variety of TCP/IP stack fingerprinting techniques. • www.insecure.org/nmap/ • Ethereal • Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tethereal is included. • www.ethereal.com/ • Nessus • Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unixes. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. • www.nessus.org • Snort • Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort. • www.snort.org

  21. Resources – Web Sites • SANS • www.sans.org • Security Focus • www.securityfocus.org • Microsoft Security Guidance Center • www.microsoft.com/security/guidance • Foundstone • www.foundstone.com

More Related