1 / 34

Chapter 8

Technology and Auditing Systems: Hardware and Software Defenses. II. POLICIES, PRACTICES, AND DEFENSIVE TECHNOLOGY. Chapter 8. Chapter 8 Learning Objectives. Defining defense-in-depth. Creating a layered-technology approach. Using multiple and diverse layers of security technology.

tibor
Download Presentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technology and Auditing Systems: Hardware and Software Defenses II. POLICIES, PRACTICES, AND DEFENSIVE TECHNOLOGY Chapter 8

  2. Chapter 8 Learning Objectives • Defining defense-in-depth. • Creating a layered-technology approach. • Using multiple and diverse layers of security technology. • Understanding the functions and limitations of security technology. • Reviewing security audits and logs.

  3. NEWSBlaster The Worst Worm of 2003

  4. Jeffrey Lee Parson releases Blaster.B • 18-year-old Jeffrey Lee Parson,known online as “teekid” [t33kid], admitted modifying the original Blaster worm and creating Blaster.B • Number of computers he infected: 7,000+ • Parson operated t33kid.com Website (hackers substitute 3 for the letter e in their online aliases) • http://www.foxnews.com/story/0,2933,96051,00.html High school senior arrested Aug. 29, 2003, for allegedly launching a worldwide computer virus.

  5. Blaster.B takes control of computers • Blaster.B contained malware so Parson could reconnect to his victim computers at any time later on. • Infected computers automatically registered themselves with Parson's t33kid.com Website so he could track their online activities.

  6. Federal agents take control of Parson’s seven computers • Parson faces one charge of knowingly causing over $5,000 in damage with an Internet worm • If convicted, he faces up to 10 years in prison and a $250,000 fine About 30 federal agents swooped down on Parson's apartment and seized his PCs.

  7. Blaster---Experts consider it one of the worst outbreaks of 2003 • Different versions of the virus-like worm, called LovSan or Blaster, jammed corporate networks. • Symantec (AV vendor) said the worm and its variants infected more than 500,000 computers worldwide. • All Blaster virus variants took advantage of a flaw in Microsoft Windows software.

  8. CyberSecurity Alerts Important Websites • Internet Security Systems, AlertCon https://gtoc.iss.net/ • Security Focus ThreatCon: www.securityfocus.com • Virus and Port Attacks (Sept. 2003) Virus: #1 Virus in USA: WORM_SOBIG.Fhttp://wtc.trendmicro.com/wtc/wmap.html • Internet Storm Center, Top 10 Target Ports: http://isc.incidents.org/top10.html

  9. Fight against viruses may move to servers Computer worms and viruses are moresophisticated, spreading faster and capable of doing more damagethan those prior to Sept 2003. • Viruses are so aggressive and sophisticated that they may soon be able to bypass AV programs installed on individual PCs. • The speed with which viruses and worms now propagate require technologies that predictoutbreaks before they happen. • Predictivesystems require intensive computing power beyond the capacity of desktop machines.

  10. No hardware or software is perfect Viruses such as Sobig.F can change during their attacks by receiving updates and new instructions from other computers or their creators. • While no software or hardware is perfect, it's much easier to spread viruses when so much of the world depends on Microsoft Windows OS. • Advocates of Unix, Linux, Mac and other OSs argue that those are more secure than Windows-----but those systems simply have not been targeted as much.

  11. Multiple and diverse layers of tech-defenses needed to protect companies and critical infrastructures

  12. Multiple and diverse layers of security software, hardware, and auditing systems are needed to... Multiple Layers of Tech-defenses • Validate and enforce compliance with AUPs, secure use practices, and other legal requirements. • Help stop the spread of malware. • Filter inbound packets and and outbound packets to deny transfer of dangerous packets. • Monitor for illegal activity that may cause financial loss or liability.

  13. Protection against Cyber terror attacks: Weapons ofMass Disruption • Telecommunications, transportation, financial services, chemical, water, energy and power grids comprise the critical infrastructuresthat the national economy depends on. • Companies in these sectors and their business partners must guard against cyber terrorism. • See President George W. Bush's CyberSecurity Report. Feb. 2003. http://www.whitehouse.gov/ Critical infrastructure protection is a national priority

  14. Case on PointWireless Vulnerability Discovered in Audit

  15. Wirelessvulnerability discovered during audit • An IT security analyst found serious network security gaps despite a multi-million dollar investment in IT security. • He discovered wireless access points that violated company security policy. • Violator: Director of marketing who was using a laptop with a wireless card and an unencrypted connection to the company network. • This single connection exposed the company's communication and file transfers to anyone with a PC or PDA, a $100 wireless card, and free detection software. Case on Point

  16. Factors Driving the Need for Diverse Technology Layers

  17. Growth in computer crime • Because of ever-new hacker/criminal activity, technology plans must be updated regularly and network activity must be monitored frequently for suspicious behavior. • The alternatives are to learn about an intrusion from: • a system crash • an angry system administrator • by reading it in the news...or worse.

  18. Growth in Software Complexity/Flaws • OSs and software are more vulnerable to malicious code and crime as Blaster proved. • eCommerce services, such as digital cash and inter organizational online collaboration created more opportunities for fraud.

  19. Growth in the Release Rate of Security Patches • Patches must first be downloaded from a commercial or government Website and then installed. • IT managers may spend about 2 hours per server to test and deploy a patch. • The total cost to a company with 1,000 servers is roughly $300,000 per patch.

  20. Characteristics of a Defensive Technology Infrastructure

  21. A defensive technology infrastructure depends on: The appropriate security technologies • properly installed and configured • at the correct checkpoints • on each device connected to the network • continuously maintained, patched, and audited • for which there are response and disaster recovery plans • that have been tested by people with technology expertise

  22. Functional Requirements of Hardware and Software • Confidentiality: protection from unauthorized disclosure. • Integrity: protection from unauthorized or unintentional modification. • Authenticity: not altered. • Non repudiation: a message is verifiable and cannot be denied. • Accountability: actions of an entity can be traced to that entity.

  23. Technical Definitions

  24. Techno-terms • TCP/IP(transmission control protocol/Internet protocol):the protocol of the Internet. • Port: a number that tells IP what application is trying to communicate. • Port numbers: assigned to each application on a network so packets get delivered to their intended application. • Routers: devices that transfer packets between two or more networks.

  25. Techno-terms • IP address: uses a four-part scheme to uniquely identify every computer connected to the Internet. • http(Hypertext Transfer Protocol): protocol for Web pages. • smtp(Simple Mail Transfer Protocol): protocol for email. • ftp (File Transfer Protocol): protocol for file transfer.

  26. Perimeter and File Protection

  27. Tools to protect against or monitor intrusions • Firewalls • Intrusion detection systems (IDS) • Access control and virtual private networks (VPN) • Biometrics and tokens • Antivirus software • Cryptography/encryption • Public key infrastructure (PKI) and certificates

  28. Access Control Devices • Token:a physical device (like an ID card) designed to be used by only one person to prove his/her identity. • Biometrics:devices that use something you were born with to positively identify you. • Fingerprints • Voice prints • Retinal scans

  29. Technologies for Enforcing AUPs

  30. Tools that enforce AUP by detecting violations and blocking transmission of prohibited content: • Email and IM filters • Content monitors • Pattern recognition • Sniffers and scanners • Auditing tools • Portable drives and backups

More Related