Host Based Security - PowerPoint PPT Presentation

Host based security
1 / 31

  • Uploaded on
  • Presentation posted in: General

Host Based Security. John Scrimsher, CISSP Pre-Quiz. Name Do you own a computer? What Brand? Email address City of Birth Have you ever had a computer virus?. Why Host Based Security?. Perimeter Security vs. Host Based. 66% $. 34% $$$. Why Host Based Security?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Host Based Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Host based security

Host Based Security

John Scrimsher, CISSP

Pre quiz


  • Name

  • Do you own a computer? What Brand?

  • Email address

  • City of Birth

  • Have you ever had a computer virus?

Why host based security

Why Host Based Security?

  • Perimeter Security vs. Host Based





Why host based security1

Why Host Based Security?

  • Protect the Data

  • Malware

  • Internal Threats

    • Employee Theft

    • Unpatched systems

What is malware

What is Malware?

Anything that you would not want deliberately installed on your computer.

  • Viruses

  • Worms

  • Trojans

  • Spyware

  • More……

Where are the threats

The Common Factor

Where are the threats?

  • Un-patched Computers

  • Email

  • Network File Shares

  • Internet Downloads

  • Social Engineering

  • Blended Threats

  • Hoaxes / Chain Letters



  • Email messages sent to large distribution lists.

  • Disguised as legitimate businesses

  • Steal personal information



Link goes to

Identity theft

Identity Theft

  • Since viruses can be used to steal personal data, that data can be used to steal your identity

  • Phishing

  • Keystroke loggers

  • Trojans

  • Spyware

Legal issues

Legal Issues

  • Many countries are still developing laws

  • Privacy Laws can prevent some investigation

Kaspersky quote

Kaspersky Quote

"It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness.

The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports.

We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource."

Eugene KasperskyHead of Antivirus Research

Notable legal history

Notable Legal History

  • Robert Morris Jr.- “WANK” worm. First internet worm ever created, set loose by accident across the internet.

  • Randal Schwartz - hacked into Intel claiming he was trying to point out weaknesses in their security.

  • David Smith - Melissa. First known use of mass-mailing technique used in a malicious manner. Some jail time.

  • “OnTheFly”, The Netherlands - “Anna” virus using worm generator tool. The writer was a youth who was “remorseful” but little was done to punish him.

  • Philippines - “Loveletter”. No jail time because there were no laws.

  • Jeffrey Lee Parsons – 2005 – 18 months in prison for variant of Blaster worm.

Regulatory issues

Regulatory Issues

  • Sarbanes Oxley Act (2002)

  • Graham-Leach-Bliley Act (1999)

  • Health Information Portability and Accountability Act (1996)

  • Electronic Communications Privacy Act (1986)

What is management s role









What is Management’s role?

  • Management ties everything together

  • Responsibility

  • Ownership

Security is a Mindset, not a service. It must be a part of all decisions and implementations.

Now what do we do about it

Now, what do we do about it?

  • C.I.A. Security Model

    • Confidentiality

    • Integrity

    • Availability

  • Current Solutions

    • Antivirus / AntiSpyware

    • Personal Firewall / IDS / IPS

    • User Education

How do you find new threats

How do you find new threats?

  • Honeypots

  • Sensors (anomaly detection)

  • User suspicion

Things to look for user suspicion

Things to look for…User Suspicion

  • Unusually high number of network connections (netstat –a)

  • CPU Utilization

  • Unexpected modifications to registry RUN section.

  • Higher than normal disk activity

  • Spoofed E-Mail

How do these products help honeypots

How do these products Help?Honeypots

  • Capture sample of suspicious code / activity

  • Forensic Analysis

  • Behavior tracking

  • Related Technologies

    • Honey Net

    • Dark Net

How do these products help sensors

How do these products help?Sensors

  • Host Firewall / IPS blocks many unknown and known threats

  • Alarm system

How do these products help sensors1

How do these products help?Sensors

  • Antivirus Captures Threats that use common access methods

    • Web Downloads

    • Email

    • Application Attacks (Buffer Overflow)

VBSim demo

Detection and prevention technologies

Detection and Prevention Technologies

  • Antivirus

    • Signature based

    • Heuristics based

  • Host Firewall

  • hIDS / hIPS

    • Signature based

    • Anomaly based

  • Whitelist

  • Blacklist

Social engineering

Social Engineering

… 70 percent of those asked said they would reveal their computer passwords for a …

Bar of chocolate

Schrage, Michael. 2005. Retrieved from

Educated users help

Educated Users Help

The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element.

Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002.

How do these products help

How do these products help?

  • User Education

  • Don’t open suspicious email

  • Don’t download software from untrusted sites.

  • Patch

On the horizon microsoft

On the Horizon - Microsoft

  • House on the hill

  • Targeted because they are Big?

  • Insecure because they are Big?

On the horizon

On the Horizon

  • Early Detection and Preventative Tools

    • Virus Throttle

    • Active CounterMeasures

    • Principle of Least Authority (PoLA)

    • WAVE

    • Anomaly Detection

    • Viral Patching

On the horizon1

On the Horizon

  • Viral Targets

    • Mobile Phones, PDAs

    • Embedded Operating Systems

      • Automobiles

      • Sewing Machines

      • Bank Machines

      • Kitchen Appliances

On the horizon2

On the Horizon

  • Octopus worms

    • Multiple components working together

  • Warhol Worms

    • MSBlaster was proof of capability

Learn learn learn

Learn Learn Learn


  • Sarah Gordon

  • Peter Szor

  • Roger Grimes

  • Kris Kaspersky

  • Search your library or online









  • Login