host based security n.
Skip this Video
Download Presentation
Host Based Security

Loading in 2 Seconds...

play fullscreen
1 / 31

Host Based Security - PowerPoint PPT Presentation

  • Uploaded on

Host Based Security. John Scrimsher, CISSP Pre-Quiz. Name Do you own a computer? What Brand? Email address City of Birth Have you ever had a computer virus?. Why Host Based Security?. Perimeter Security vs. Host Based. 66% $. 34% $$$. Why Host Based Security?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Host Based Security' - orsen

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
host based security

Host Based Security

John Scrimsher, CISSP

pre quiz
  • Name
  • Do you own a computer? What Brand?
  • Email address
  • City of Birth
  • Have you ever had a computer virus?
why host based security
Why Host Based Security?
  • Perimeter Security vs. Host Based





why host based security1
Why Host Based Security?
  • Protect the Data
  • Malware
  • Internal Threats
    • Employee Theft
    • Unpatched systems
what is malware
What is Malware?

Anything that you would not want deliberately installed on your computer.

  • Viruses
  • Worms
  • Trojans
  • Spyware
  • More……
where are the threats

The Common Factor

Where are the threats?
  • Un-patched Computers
  • Email
  • Network File Shares
  • Internet Downloads
  • Social Engineering
  • Blended Threats
  • Hoaxes / Chain Letters
  • Email messages sent to large distribution lists.
  • Disguised as legitimate businesses
  • Steal personal information

Link goes to

identity theft
Identity Theft
  • Since viruses can be used to steal personal data, that data can be used to steal your identity
  • Phishing
  • Keystroke loggers
  • Trojans
  • Spyware
legal issues
Legal Issues
  • Many countries are still developing laws
  • Privacy Laws can prevent some investigation
kaspersky quote
Kaspersky Quote

"It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness.

The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports.

We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource."

Eugene KasperskyHead of Antivirus Research

notable legal history
Notable Legal History
  • Robert Morris Jr. - “WANK” worm. First internet worm ever created, set loose by accident across the internet.
  • Randal Schwartz - hacked into Intel claiming he was trying to point out weaknesses in their security.
  • David Smith - Melissa. First known use of mass-mailing technique used in a malicious manner. Some jail time.
  • “OnTheFly”, The Netherlands - “Anna” virus using worm generator tool. The writer was a youth who was “remorseful” but little was done to punish him.
  • Philippines - “Loveletter”. No jail time because there were no laws.
  • Jeffrey Lee Parsons – 2005 – 18 months in prison for variant of Blaster worm.
regulatory issues
Regulatory Issues
  • Sarbanes Oxley Act (2002)
  • Graham-Leach-Bliley Act (1999)
  • Health Information Portability and Accountability Act (1996)
  • Electronic Communications Privacy Act (1986)
what is management s role









What is Management’s role?
  • Management ties everything together
  • Responsibility
  • Ownership

Security is a Mindset, not a service. It must be a part of all decisions and implementations.

now what do we do about it
Now, what do we do about it?
  • C.I.A. Security Model
    • Confidentiality
    • Integrity
    • Availability
  • Current Solutions
    • Antivirus / AntiSpyware
    • Personal Firewall / IDS / IPS
    • User Education
how do you find new threats
How do you find new threats?
  • Honeypots
  • Sensors (anomaly detection)
  • User suspicion
things to look for user suspicion
Things to look for…User Suspicion
  • Unusually high number of network connections (netstat –a)
  • CPU Utilization
  • Unexpected modifications to registry RUN section.
  • Higher than normal disk activity
  • Spoofed E-Mail
how do these products help honeypots
How do these products Help?Honeypots
  • Capture sample of suspicious code / activity
  • Forensic Analysis
  • Behavior tracking
  • Related Technologies
    • Honey Net
    • Dark Net
how do these products help sensors
How do these products help?Sensors
  • Host Firewall / IPS blocks many unknown and known threats
  • Alarm system
how do these products help sensors1
How do these products help?Sensors
  • Antivirus Captures Threats that use common access methods
    • Web Downloads
    • Email
    • Application Attacks (Buffer Overflow)

VBSim demo

detection and prevention technologies
Detection and Prevention Technologies
  • Antivirus
    • Signature based
    • Heuristics based
  • Host Firewall
  • hIDS / hIPS
    • Signature based
    • Anomaly based
  • Whitelist
  • Blacklist
social engineering
Social Engineering

… 70 percent of those asked said they would reveal their computer passwords for a …

Bar of chocolate

Schrage, Michael. 2005. Retrieved from

educated users help
Educated Users Help

The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element.

Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002.

how do these products help
How do these products help?
  • User Education
  • Don’t open suspicious email
  • Don’t download software from untrusted sites.
  • Patch
on the horizon microsoft
On the Horizon - Microsoft
  • House on the hill
  • Targeted because they are Big?
  • Insecure because they are Big?
on the horizon
On the Horizon
  • Early Detection and Preventative Tools
    • Virus Throttle
    • Active CounterMeasures
    • Principle of Least Authority (PoLA)
    • WAVE
    • Anomaly Detection
    • Viral Patching
on the horizon1
On the Horizon
  • Viral Targets
    • Mobile Phones, PDAs
    • Embedded Operating Systems
      • Automobiles
      • Sewing Machines
      • Bank Machines
      • Kitchen Appliances
on the horizon2
On the Horizon
  • Octopus worms
    • Multiple components working together
  • Warhol Worms
    • MSBlaster was proof of capability
learn learn learn
Learn Learn Learn


  • Sarah Gordon
  • Peter Szor
  • Roger Grimes
  • Kris Kaspersky
  • Search your library or online