1 / 35

MBA 560 Security 101

MBA 560 Security 101. Automated Attacks Defined Microsoft’s Approach to Vulnerabilities How to Protect Your P.C. Automated Attack Vectors. Automated Attack Vectors Viruses. A computer program file capable of attaching to disks or other files Necessary characteristics of a virus:

seamus
Download Presentation

MBA 560 Security 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MBA 560 Security 101 • Automated Attacks Defined • Microsoft’s Approach to Vulnerabilities • How to Protect Your P.C.

  2. Automated Attack Vectors

  3. Automated Attack VectorsViruses • A computer program file capable of attaching to disks or other files • Necessary characteristics of a virus: • It is able to replicate • It requires a host program as a carrier • It is activated by external action

  4. Automated Attack VectorsViruses: Polymorphic viruses • Creates copies during replication that are functionally equivalent but have distinctly different byte streams • Randomly insert superfluous instructions • Interchange order of independent instructions • Use encryption schemes • This variable quality makes difficult to locate, identify, or remove

  5. Automated Attack VectorsWorms • A self-replicating computer program, similar to a virus • A virus attaches itself to, and becomes part of, another executable program • A worm is self-contained and does not need to be part of another program to propagate itself

  6. Automated Attack VectorsWorms • Necessary characteristics of a worm: • It is able to replicate without user intervention • It is self-contained and does not require a host • It is activated by creating process • If it is a network worm, it can replicate across communication links • Some customers like to distinguish between worms that use buffer overruns to propagate and those that use e-mail

  7. Automated Attack VectorsWorms: Examples • SQL Slammer • Blaster • MyDoom • Sasser

  8. Automated Attack VectorsBots • Derived from the word Robot • Program designed to search for information Internet with little human intervention • Search engines, such as Yahoo and Altavista, typically use bots to gather information for their databases

  9. Automated Attack VectorsBots • Bots analogous to agent • Typically an exe • Bots are not exploits themselves • They are payloads delivered by worms, viruses and hackers • Installed after compromise • Infect system and maintain access for attackers to control them • Botnets – thousands of system controlled

  10. Automated Attack VectorsBots • Thousands of highly configurable bot packages available on Internet • Some use IRC channels to communicate • Easy to use • Control thousands of systems • Obscures traffic among legitimate IRC traffic (TCP port 6667) • Obscures attacker’s identity

  11. Automated Attack VectorsBots: uses • DDoS attacks • Information theft • keyboard logging, network monitoring, etc • Trade Bandwidth between hacker communities • Warez i.e. host illegal data • Pirated software, movies, games, etc.

  12. Automated Attack VectorsBots: prime targets • High bandwidth (“cable bots”) • High availability systems • Low user sophistication • System located in geography providing low likelihood of law enforcement effectiveness

  13. Automated Attack VectorsBots: examples • Agobot = Gaobot = Phatbot = Polybot • Thousands of variants • Uses MS03-001 and MS03-026/MS03-039 to propagate • TCP port 135 and TCP port 445 • Probes admin shares using hard coded list of user names and passwords

  14. Automated Attack VectorsBots: examples • Agobot = Gaobot = Phatbot = Polybot • Steals CD keys for hard coded list of popular games • Inventories running processes • Kills processes in hard coded list • Firewalls • AV software • Other worms

  15. Automated Attack VectorsBackdoors • Provides user access without using normal authorization or vulnerability exploitation • Typically run under system context • Once installed, allows anyone or any program that knows listening port number (and password) to remotely control host • Intruders access backdoor server using either text or graphics based client • Allows intruders to run any command or process

  16. Automated Attack VectorsTrojans • Term borrowed from Greek history • Malicious program disguised as something benign • Screen saver, game, etc. • exe, com, vbs, bat, pif, scr, lnk, js, etc. • It seems to function as user expects

  17. Automated Attack VectorsTrojans • May or may not appear in process list • May install a backdoor • Generally spread through e-mail and exchange of disks and files • Worms also spread Trojan horses, IRC channels, P2P applications, porn sites, etc.

  18. Security at Microsoft

  19. Vulnerability LifecyclePresentation Content • Overview of security teams at Microsoft • Security Bulletin Development Walk-thru • Vulnerability Reported • Investigation • Bulletin release • Support

  20. Security Teams at Microsoft

  21. Vulnerability Reported • Is the reported problem really a vulnerability? A security vulnerability is a flaw in a product that makes it infeasible – even when using the product properly – to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asp

  22. Vulnerability Reported

  23. Vulnerability Reported • Security vulnerabilities are reported to • MSRC https://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/alertus.asp • PSS Security • Other PSS support teams • Third parties • Reporters include: • Customers • Security consulting companies • MSRC actively looks for reports

  24. Vulnerability Reported

  25. Bulletin Release • MSRC writes bulletin and associated KB article(s) • Microsoft Security Notification Service http://www.microsoft.com/technet/security/bulletin/notify.mspx

  26. Bulletin Release • http://www.microsoft.com • http://www.microsoft.com/security • http://www.microsoft.com/office • http://www.microsoft.com/exchange • http://www.microsoft.com/sql • http://www.microsoft.com/servers • http://msdn.microsoft.com/security • http://www.microsoft.com/technet • http://www.microsoft.com/windows • http://www.microsoft.com/windows/ie • http://www.microsoft.com/windowsXP • http://www.microsoft.com/windows2000/server • http://www.microsoft.com/windows2000/professional • http://www.microsoft.com/NTServer • http://www.microsoft.com/ntserver/ProductInfo/terminal • http://www.microsoft.com/windowsMe • http://www.microsoft.com/windowsserver2003 • http://www.microsoft.com/protect

  27. Support • After release PSS Security responsible for: • Bulletin – accuracy and corrections • Related KB articles – accuracy and corrections • Download links – accuracy and corrections • Security update installation and functionality • Consulting on patch management strategy • Windows Update issues • Software Updates Services (SUS) • MSsecure.xml issues • Hacking, worms, viruses and Trojans using vulnerability

  28. Days between patch and exploit 331 180 151 25 SQL Slammer Nimda Blaster Welchia/ Nachi Security is our #1 PriorityThere is no silver bulletChange requires innovation SupportHelping Customers Avoid a Crisis Patches proliferating Time to exploit decreasing Exploits are more sophisticated Current approach is not sufficient

  29. Protecting Your P.C.

  30. How To Protect Your PC • Three primary ways to exploit you: • Weak passwords • Unpatched vulnerabilities • Social Engineering

  31. How To Protect Your PCUse Complex Passwords • At least eight characters long • Does not contain all or part of user's account name • Contain characters from three of following four categories: • English uppercase characters (A through Z) • English lowercase characters (a through z) • Base-10 digits (0 through 9) • Non-alphanumeric (for example, !, $, #, %) extended ASCII, symbolic, or linguistic characters

  32. How To Protect Your PCOther Options • Use a pass phrase instead of password • Use non-English words in password • Rename accounts including Administrator account

  33. How To Protect Your PCKeep Your PC Updated • Use Windows Update AND Office Update • Use automatic update client • XP SP2 • Run antivirus and anti-spyware software

  34. How To Protect Your PCSocial Engineering • Do not open e-mail from people you don’t know • Do not open e-mail attachments • Do not follow URLs sent in e-mail • Do not go to web sites that you cannot trust

  35. How To Protect Your PChttp://www.microsoft.com/protect

More Related