Host Based Security JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Why Host Based Security? Perimeter Security vs. Host Based 66% $ 34% $$$ Why Host Based Security? Malware Internal Threats Employee Theft Unpatched systems What is Malware? Anything that you would not want deliberately installed on your computer. Viruses Worms Trojans Spyware More…… Where are the threats? Un-patched Computers Email Network File Shares Internet Downloads Social Engineering Blended Threats Hoaxes / Chain Letters The Common Factor Privacy - Phishing Email messages sent to large distribution lists. Disguised as legitimate businesses Steal personal information Privacy - Identity Theft Since viruses can be used to steal personal data, that data can be used to steal your identity Phishing Keystroke loggers Trojans Spyware Social Engineering … 70 percent of those asked said they would reveal their computer passwords for a … Bar of chocolate Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1 Legal Issues Many countries are still developing laws Privacy Laws Investigations Content Security Instant Messaging Internet Email Kaspersky Quote "It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness. The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports. We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource." Eugene Kaspersky Head of Antivirus Research Regulatory Issues Sarbanes Oxley Act (2002) Graham-Leach-Bliley Act (1999) Health Information Portability and Accountability Act (1996) Electronic Communications Privacy Act (1986) What is Management’s role? Management ties everything together Responsibility Ownership Organization Management Technology Infrastructure Security is a Mindset, not a service. It must be a part of all decisions and implementations. Business Management Business Acquisition Questions Are the acquired assets as secure as your company? What are the network integration plans during an outbreak? Is Security software sufficient Updated Patched Emergency segregation of networks Vulnerability Lifecycle 0-day is a fallacy Instant Messaging Confidential Information Leakage Business needs Privacy of employees Now, what do we do about it? C.I.A. Security Model Confidentiality Integrity Availability Current Solutions Antivirus / AntiSpyware Personal Firewall / IDS / IPS User Education How do these products help? Host Firewall / IPS blocks many unknown and known threats How do these products help? Antivirus Captures Threats that use common access VBSim demo methods Web Downloads Email Application Attacks (Buffer Overflow) Educated Users Help The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element. Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002. How do these products help? User Education Don’t open suspicious email Don’t download software from untrusted sites. Patch Things to look for… Abnormal computer activity Disk access CPU utilization Network activity Bank Histories Unfamiliar transactions Small but numerous transactions Audit trails Open Source Shared information Business Models Is it more secure? Development model Security reviewers tend to be the same people doing the proprietary reviews Value in education Lots of good security tools Open Source - Browsers Firefox vs. Internet Explorer Vulnerabilities reported in 2005 Internet Explorer Firefox •SecurityFocus – 43 •SecurityFocus – 43 •Secunia Research – 9 •Secunia Research– 17 •Symantec - 13 •Symantec - 21 What about shared vulnerabilities? Plugins, WMF images On the Horizon - Microsoft Targeted because they are Big? Insecure because they are Big? Vista Operating System On the Horizon Early Detection and Preventative Tools Virus Throttle Active CounterMeasures Principle of Least Authority (PoLA) WAVE Anomaly Detection Viral Patching On the Horizon Viral Targets Mobile Phones, PDAs Embedded Operating Systems Automobiles Sewing Machines Bank Machines Kitchen Appliances Learn Learn Learn Authors: Sarah Gordon Peter Szor Roger Grimes Kris Kaspersky Search your library or online Questions?