Docstoc

Host Based Security_W07_HP_Guest Lecture

Document Sample
Host Based Security_W07_HP_Guest Lecture Powered By Docstoc
					Host Based Security

  JOHN SCRIMSHER, CISSP, CCNA
                 JPS@HP.COM
             Why Host Based Security?

 Perimeter Security vs. Host Based

         66%
         $
                                      34%
                                      $$$
            Why Host Based Security?

 Malware
 Internal Threats
   Employee Theft

   Unpatched systems
               What is Malware?

Anything that you would not want deliberately
  installed on your computer.
 Viruses
 Worms
 Trojans
 Spyware
 More……
              Where are the threats?

 Un-patched Computers
 Email
 Network File Shares
 Internet Downloads
 Social Engineering
 Blended Threats
 Hoaxes / Chain Letters       The Common Factor
                 Privacy - Phishing

 Email messages sent to large distribution lists.
 Disguised as legitimate businesses
 Steal personal information
                Privacy - Identity Theft

 Since viruses can be used to steal personal data, that
    data can be used to steal your identity
   Phishing
   Keystroke loggers
   Trojans
   Spyware
            Social Engineering
… 70 percent of those asked said they would
 reveal their computer passwords for a …


                          Bar of chocolate




 Schrage, Michael. 2005. Retrieved from
 http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1
                Legal Issues


 Many countries are still developing laws
 Privacy Laws
   Investigations

   Content Security
     Instant Messaging
     Internet Email
            Kaspersky Quote

"It's hard to imagine a more ridiculous situation: a
handful of virus writers are playing unpunished
with the Internet, and not one member of the
Internet community can take decisive action to
stop this lawlessness.
The problem is that the current architecture of the
Internet is completely inconsistent with
information security. The Internet community
needs to accept mandatory user identification -
something similar to driving licenses or passports.
We must have effective methods for identifying and
prosecuting cyber criminals or we may end up
losing the Internet as a viable resource."
                                      Eugene Kaspersky
                           Head of Antivirus Research
                Regulatory Issues

 Sarbanes Oxley Act (2002)
 Graham-Leach-Bliley Act (1999)
 Health Information Portability and Accountability
  Act (1996)
 Electronic Communications Privacy Act (1986)
          What is Management’s role?

 Management ties everything together
 Responsibility
 Ownership                                      Organization




                                            Management

                                                                Technology
                                Infrastructure




         Security is a Mindset, not a service. It must be a part of
         all decisions and implementations.
                  Business Management

 Business Acquisition Questions
   Are the acquired assets as secure as your company?

   What are the network integration plans during an outbreak?

   Is Security software sufficient
       Updated
       Patched

     Emergency segregation of networks
Vulnerability Lifecycle

0-day is a fallacy
               Instant Messaging

 Confidential Information Leakage
 Business needs
 Privacy of employees
Now, what do we do about it?
     C.I.A. Security Model
       Confidentiality

       Integrity

       Availability




   Current Solutions
     Antivirus / AntiSpyware
     Personal Firewall / IDS / IPS
     User Education
         How do these products help?

 Host Firewall / IPS blocks many unknown and
 known threats
        How do these products help?
 Antivirus Captures
 Threats that use
 common access             VBSim demo
 methods
    Web Downloads
    Email
    Application Attacks
     (Buffer Overflow)
       Educated Users Help
The biggest threat to the security of a company is not a
computer virus, an unpatched hole in a key program or a
badly installed firewall. In fact, the biggest threat could be
you. What I found personally to be true was that it's easier to
manipulate people rather than technology. Most of the time
organizations overlook that human element.

                 Mitnick, Kevin, “How to Hack People.” BBC NewsOnline,
                 October 14, 2002.
How do these products help?
           User Education


           Don’t open suspicious email
           Don’t download software from
            untrusted sites.
           Patch
                 Things to look for…

 Abnormal computer activity
   Disk access

   CPU utilization

   Network activity

 Bank Histories
   Unfamiliar transactions

   Small but numerous transactions

 Audit trails
              Open Source

 Shared information
 Business Models
 Is it more secure?
   Development model

   Security reviewers tend to be the same people doing
    the proprietary reviews
 Value in education
 Lots of good security tools
     Open Source - Browsers
Firefox vs. Internet Explorer
Vulnerabilities reported in 2005

     Internet Explorer                 Firefox
  •SecurityFocus – 43         •SecurityFocus – 43
  •Secunia Research – 9       •Secunia Research– 17
  •Symantec - 13              •Symantec - 21


        What about shared vulnerabilities?
              Plugins, WMF images
           On the Horizon - Microsoft

 Targeted because they are
  Big?
 Insecure because they are Big?
 Vista Operating System
                 On the Horizon

 Early Detection and Preventative Tools
   Virus Throttle

   Active CounterMeasures

   Principle of Least Authority (PoLA)

   WAVE

   Anomaly Detection

   Viral Patching
                     On the Horizon

 Viral Targets
   Mobile Phones, PDAs

   Embedded Operating Systems
     Automobiles
     Sewing Machines
     Bank Machines
     Kitchen Appliances
                Learn Learn Learn

Authors:
 Sarah Gordon
 Peter Szor
 Roger Grimes
 Kris Kaspersky
 Search your library or online
Questions?