1 / 62

Security Update 2009

Security Update 2009. Presented by: David M. Cieslak, CPA.CITP, GSEC. Agenda. Goals of IT Security Trends Portals of Opportunity Other Issues & Remediation. Goals of IT Security. Confidentiality Data is only available to authorized individuals Integrity

rocco
Download Presentation

Security Update 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Update 2009 Presented by: David M. Cieslak, CPA.CITP, GSEC

  2. Agenda Goals of IT Security Trends Portals of Opportunity Other Issues & Remediation

  3. Goals of IT Security • Confidentiality • Data is only available to authorized individuals • Integrity • Data can only be changed by authorized individuals • Availability • Data and systems are available when needed • Accountability • Changes are traceable/attributable to author

  4. Threats & Vulnerabilities • Threats • Active agent that seeks to violate or circumvent policy • Part of the environment – beyond user’s control • Vulnerability • A flaw or bug • Part of the system – within user’s control • Risk • Likelihood of harm resulting of exploitation of vulnerability by threat

  5. IT Security Response No single product, vendor or strategy Defense in Depth, i.e. Layers of Security

  6. ** IT Security – “Short List” ** • Anti- • Virus • Botnets • Spam • Spyware • Passwords / Passphrases • Patches • Wireless Security • Unprotected Shares • Firewall • Perimeter • Personal/Application • Web-based e-mail/file sharing • Router/IP Addressing • Physical Access • Backups 6

  7. Security Trends

  8. Security Trends • On May 29, 2009, President Obama said… • “the U.S. has reached a "transformational moment" when computer networks are probed and attacked millions of times a day. It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation," Obama said, adding, "We're not as prepared as we should be, as a government or as a country." • Ready to name a “Cyber Czar”

  9. Security Trends • Vulnerabilities • Overall < 20% • > 90% affect applications vs. OS  trend moving from OS to apps is increasing • Exploits • ~ 10% of available exploits work reliably

  10. Security Trends • OS • Windows XP OS attacks – 42% of total • Windows Vista OS attacks – 6% of total • 64-bit versions of all products less than 32-bit counterparts • Browsers • Victims of browser exploits • > 47% - Chinese • > 23% - US English • Many legitimate websites now compromised and hosting malware (drive-by downloads)

  11. Security Trends • E-Mail • Two extensions (*.html & *.zip) accounted for > 97% of blocked attachments • Roughly 50% of spam messages are for pharmaceutical products • Image spam is making a comeback – now > 20%

  12. Security Trends • Data loss • > 37% due to stolen equipment • < 23% due to “hacking” • TrojanDownloader and TrojanDropper malware up significantly

  13. Security Trends • Goal of compromise is still – steal confidential information, i.e. banking, credit card, etc. • New approaches: • Application and information-centric security • Ubiquitous encryption

  14. Portals of Opportunity

  15. Operating Systems

  16. Vista SP1 • Security Features (vs. XP SP3) • BitLocker drive encryption • Granular audit • UAC (User Account Control) • Smart Card support • Biometric support - 3rd party

  17. User Account Control (UAC) Introduced in Vista Limits application software to “standard user” privilege without additional authorization

  18. Windows 7 • Security Features (vs. XP SP3 & Vista SP1): • Improved BitLocker drive encryption • BitLocker To Go • AppLocker • Multiple active firewall profiles • Improved UAC • Biometric support – native • *DEMO* - Control Panel\System and Security\Action Center

  19. Browser Security

  20. Browser Security • Internet Explorer 8 • Compatible with XP SP3 and newer • Safety menu • InPrivate Browsing - helps prevent IE from storing data about browsing sessions, including cookies, temporary Internet files, history, and other data • Security/trust by zones • Blocks sites known to host malware • By default, runs in protected mode – can’t make system-wide changes • *DEMO*

  21. Browser Security • Mozilla Firefox 3 • Sandbox security model • “Bug bounty” for severe security hole discovery • Fewer documented security holes • Google Chrome 1.01 • Periodically downloads 2 blacklists – phishing & malware • Each tab is it’s own process • Icognito browsing

  22. Content filtering • Windows Live Family Safety • Create filters for each person • Administer/authorize from anywhere • Monitor web & chat activity • https://fss.live.com

  23. DNS options • Feb 2009 – Time Warner DNS servers in So. Cal subject to DDoS attack • Consider modifying router configuration to hard code alternate Public DNS server, rather that using broadband provider to resolve DNS • Example: • OpenDNS – 208.67.222.222 • 4.2.2.2 - Level 3 Communications (Broomfield, CO, US)

  24. E-Mail / Spam / Phishing

  25. E-Mail / Spam / Phishing • Issues: • > 90% of all e-mail is spam • Desktop solutions are inadequate • In-house (perimeter) solutions often require significant care & feeding • Image spam • Making a resurgence • Now accounts for >25% of all Spam • Difficult to detect/filter due to “lack of context”

  26. E-Mail / Spam / Phishing • Solutions: • In-House • Current version of Exchange (2007) • E-mail filtering appliance • Barracuda • DoubleCheck

  27. E-Mail / Spam / Phishing • Solutions: • Hosted • Microsoft Online Services • Electricm@il • Blended • In-house post office / Managed Service for filtering • Google Postini • Message Labs / Symantec • McAfee

  28. Chat / Social Networking

  29. Chat Users install without company knowledge/consent Users opening messages and clicking graphics and links that expose their machines to almost immediate compromise

  30. Trillian™ Astra (beta) Single IM interface for – Windows Live, AIM, Yahoo, Google, ICQ, Skype, Facebook, Jabber, MySpace & Twitter 400+ new features!

  31. Chat • Other multi-protocol client options • Digsby • Pidgin • Miranda

  32. Chat Chat protocols /conversations may not be confidential?

  33. Chat Meebo – https://www.meebo.com

  34. Chat Simp by Secway

  35. Social Networking • Facebook • Facebook currently has over 200+ million users • Compromised Facebook accounts send malicious links to friends • Users are prompted to enter login names & passwords • Attackers use harvested info. to attempt to login to other sites & services (are you using the same login name and password for confidential data?)

  36. Social Networking • TwitterCut (5/27/09) • Message appears to be from friend with link to TwitterCut web site • TwitterCut site looks like Twitter page • Person is prompted to enter login details (phishing attack) • Entire contact list then recvs. similar message

  37. Social Networking • Flock Social Web Browser • Modified version of Mozilla browser • Automatically connects to 20 online services

  38. Antivirus

  39. Antivirus • Re-set: • Issues - • Performance problems – users turning AV off • Not filtering all sources – web e-mail, chat, etc. • AV updates not done on all machines • AV products not catching all malware • Suites are bloated • Result – compromise!

  40. Antivirus • Beware of rogue PC security applications (antivirus/anti-spam/anti-spyware). Look official, but likely promoting purchase of their products, or worse – install trojans! • Recent examples: • Personal Antivirus • Antivirus 360 • System Guard 2009

  41. Antivirus • Future of AV products will most likely be… • Better distribution and redundancy of AV function between cloud, perimeter devices, servers & clients, • More application centric • Protection at document level (digital rights)

  42. System Patches / Updates

  43. Conficker – post mortem aka – Conflicker, Downadup, DownAndUp, Kido Superworm surfaced 11/21/2008 Targets Windows OS machines with known vulnerability (MS08-067) – patch was available 10/08 At height, may have infected > 15 million PCs Variants still infecting 50,000 new PCs per day Purpose – create a botnet of infected computers To determine if machine is infected, visit – http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

  44. Patch Management • Windows OS *Demo* - Control Panel\System and Security\Windows Update

  45. Patch Management • Other MS apps - • Non-MS Applications – case by case…

  46. Other Issues & Remediation

More Related