Chapter 1 We’ve Got Problems… - PowerPoint PPT Presentation

darren
chapter 1 we ve got problems n.
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 1 We’ve Got Problems… PowerPoint Presentation
Download Presentation
Chapter 1 We’ve Got Problems…

play fullscreen
1 / 17
Download Presentation
Chapter 1 We’ve Got Problems…
98 Views
Download Presentation

Chapter 1 We’ve Got Problems…

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chapter 1We’ve Got Problems…

  2. Four Horsemen • … of the electronic apocalypse • Spam --- unsolicited bulk email • Over 70% of email traffic • Bugs --- software flaws • DoS --- denial of service • Malware --- malicious software • The “real war” is waged with malware

  3. Why Study Malware? • Deepest connections to other three • Propagated using spam • Used to send spam • Take advantage of bugs • Used to mount DoS attacks • Addressing malware vital to improving computer security • Computer security vital to protecting critical infrastructure

  4. Myth of Absolute Security • The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.  — Gene Spafford • People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.  — Bruce Schneier

  5. Risk Management • Risk others pose to you: 6 factors • Importance of the information • Impact if the security is breached • Who is the potential attacker • Attacker’s skills and resources • Constraints imposed by legitimate use • Resources available for security • Also,risk you pose to others…

  6. Cost of Malware • Difficult to assess • “Real costs” and “hidden costs”? • We’ll say direct costs and indirect costs • Direct costs --- computer is down, resources devoted to security, etc. • Indirect costs --- reputation, leaked information, etc. • Also costs to individuals

  7. Cost of Malware • According toBusiness Week • From paper by Ross Anderson, et al • Cyber crime cost$100Bin 2012 • Includes cost of direct, indirect, anticipation (i.e., AV), reputation, etc. • Market forAVproducts • $29 billion in 2008 • So, are people spending too much? • “Beware the prophet seeking profit”

  8. Number of Threats • Estimates vary by a factor of 2 • What to count? • All metamorphic copies? • In 1998, 15,000 automatically generated viruses appeared overnight • May also be some unknown malware • Malware is very target-specific • Should you care if you’re not affected?

  9. Speed of Propagation • In the past, • Propagation speed measured in months • For some malware, speed now measured in minutes or seconds • Not so popular today as when book written Worm propagation

  10. Speed of Propagation

  11. Speed of Propagation • To move curve to the left… • Attacker needs better search strategy • Warhol worm, flash worm, etc. • To move curve to the right… • Good guys need better defenses • To flatten curve… • Fewer vulnerable hosts/better defenses

  12. People • People are social, trusting, etc. • Good for friends, bad for security • People are often the problem • Social engineering attacks • Email scams • People click on links • Some people cannot not click on a link…

  13. People • People don’t demand enough of software vendors • With respect to security, that is • People want features, not security • Security is an anti-feature --- no attacks • My perspective… • Don’t fight against human nature • Users don’t want to be security experts • We don’t expect everyone to service their car, repair their drywall, etc.

  14. About this Book • Chapter 2: groundwork • Definitions and malware timeline • Chapter 3: viruses • Chapter 4: anti-virus techniques • Chapter 5: anti-anti-virus techniques • Chapter 6: exploited weaknesses • Both technical and social

  15. About this Book • Chapter 7: worms • Chapter 8: defenses against worms • Chapter 9: applications of malware • Chapter 10: people who create malware and defend against it • Chapter 11: final thoughts

  16. About this Book • Endnotes • 1 thru 99 --- additional related content • 100 and up --- citations and pointers • Lots of “can”, “could”, “may”, “might” • Not because author is wishy-washy • Because malware is malleable • Not a programming book, but programming knowledge is assumed

  17. Words of Warning • Working with malware is risky • Do all work in a lab or virtual machine disconnected from the network • Creating/distributing malware may violate local laws • Criminal and/or civil penalties possible • Defensive techniques can cause legal trouble too (e.g., patents)