Скачать презентацию Servers in the Wild and the threats that
eac80747c6f06d86bf3569fa5c7bcafa.ppt
- Количество слайдов: 31
Servers in the Wild… …and the threats that lurk about. De. Paul University Information Security Team TLT Presentation 08 May 2002
Presented by… This presentation is by the De. Paul University Information Security Team. Visit us at
Risks
Information Security Encompasses… n n n Computer Security Network Security Data Security
Threats Generally, attackers fall into one of three categories. n n n Script Kiddiez – scum of the earth, limited skills, enjoy easy attacks, etc. Hackers – curious individuals with a “need to know”. Crackers – malicious attackers with advanced skills, able to write and implement exploit code, etc.
Victims Who is at risk? n n Institutions Corporations Home Users Governments
Motives The underground hacking world has many motives including: n n n Political Statements Turf Wars between Hacking Groups Financial Gain Arrogance Curiosity Boredom
Motives (cont’d) These motives are surely bound to carry into the “overground” in the form of n n n Industrial Espionage Financial Gain Political Statements
Attacks n n Denial or interruption of Services Elevation of privileges permitting access to sensitive data Destruction, modification or theft of data Identity theft, forgery or impersonation
Statistics
![Incident Reports The CERT Coordination Center (CERT/CC) gathered the following annual incident statistics [1].](https://present5.com/presentation/eac80747c6f06d86bf3569fa5c7bcafa/image-11.jpg "Incident Reports The CERT Coordination Center (CERT/CC) gathered the following annual incident statistics [1].")
Incident Reports The CERT Coordination Center (CERT/CC) gathered the following annual incident statistics [1]. n n n 1997: 2, 134 1998: 3, 734 1999: 9, 859 2000: 21, 756 2001: 52, 658 2002(Q 1): 26, 829
![Published Vulnerabilities CERT/CC also maintains the following statistics on public vulnerability reports [1]. n](https://present5.com/presentation/eac80747c6f06d86bf3569fa5c7bcafa/image-12.jpg "Published Vulnerabilities CERT/CC also maintains the following statistics on public vulnerability reports [1]. n")
Published Vulnerabilities CERT/CC also maintains the following statistics on public vulnerability reports [1]. n n n 1997: 311 1998: 262 1999: 417 2000: 1, 090 2001: 2, 437 2002(Q 1): 1, 065
Threat Analysis
Threat Analysis Our threat analysis will focus on Internet worms
Morris Internet Worm n n n Unleashed on 02 November 1988 by Robert Morris Jr. Experimental code not intended to cause widespread infection Infected approximately 6000 hosts, which equaled 10% of the Internet in 1988 Exploited UNIX and VAX operating system variants through rsh/rexec, sendmail and finger applications Proved the weaknesses of such unauthenticated protocols
“Code Red version 2” n n n n Release Date: July 19, 2001 Known as a “worm” as the program connected, infected and replicated itself onto other hosts Infected more than 359, 000 unique hosts within 14 hours At peak infection time 2, 000 new hosts were infected per minute Infected unpatched Microsoft IIS web servers Continued on, after infection, to attack local and remote hosts Was concerned with quantity, not quality, of infection Exploited a known vulnerability from June 18, 2001.
“Code Red version 2” (cont’d) n n n Exploited known vulnerabilities Maintained an intelligent engine for scouting out new victims Brought the “worm” to new levels.
Common Ground The Morris and CRv 2 worms, 13 years apart, both used the same common methods of attack. n n n Attacked vulnerable unauthenticated applications and protocols Spread via network, and not disk-to-disk transfer (as viruses spread) Were fairly intelligent in design and infection methods
Lessons Learned n n n Worms can be more intelligent than we would hope The impact of a worm can reach catastrophic levels and threaten critical infrastructure components of daily life Vendors continue to distribute vulnerable code; even after such vulnerabilities are discovered! One cannot trust the vendor solely for security Research and development of information security tools and procedures can assist in mitigating attacks
No End in Sight n n n New viruses and worms are released daily. Many new automated attacks focus on circumventing firewalls and monitoring devices through the manipulation of peer to peer communication. Exploits are plenty in the underground.
Impact
University Environment n n n Distributed in nature Continuously growing A known “playground” for attackers Increased risks due to the lack of centralized security Requires active management efforts and monitoring of systems
University Env. (cont’d) n n Different groups within the organization require different policies and procedures Centralized security policies are necessary
Recommendations
Centralization Commission INFOSEC to draft recommendations for the University including n n n Acceptable Use Policies Installation and Configuration Guidelines Response Procedures and Incident Handling Guidelines
Centralization (cont’d) Implement a University-wide committee dedicated to increasing the security posture of the University, and act as a role model for other organizations
Enforcement n n Require new hosts, or network resources, to abide by guidelines set forth in University-wide policies Recommend departmental audits of critical resources on a recurring basis
Management n n Departments should allocate a technical contact responsible for each resource If not possible, require unmanaged systems to be taken over by Information Systems (IS)
The End Thank you for your time and attention
Please Visit… … our website at …
![References [1] CERT/CC Statistics 1988 -2002 <http: //www. cert. org/stats/cert_stats. html>](https://present5.com/presentation/eac80747c6f06d86bf3569fa5c7bcafa/image-31.jpg "References [1] CERT/CC Statistics 1988 -2002 <http: //www. cert. org/stats/cert_stats. html>")
References [1] CERT/CC Statistics 1988 -2002