David M. Cieslak, CPA.CITP, GSEC

1
Security Update 2009

• Presented by
• David M. Cieslak, CPA.CITP, GSEC

2
Agenda

• Goals of IT Security
• Trends
• Portals of Opportunity
• Other Issues Remediation

3
Goals of IT Security

• Confidentiality
• Data is only available to authorized individuals
• Integrity
• Data can only be changed by authorized
  individuals
• Availability
• Data and systems are available when needed
• Accountability
• Changes are traceable/attributable to author

4
Threats Vulnerabilities

• Threats
• Active agent that seeks to violate or circumvent
  policy
• Part of the environment beyond users control
• Vulnerability
• A flaw or bug
• Part of the system within users control
• Risk
• Likelihood of harm resulting of exploitation of
  vulnerability by threat

5
IT Security Response

• No single product, vendor or strategy
• Defense in Depth, i.e. Layers of Security

6
IT Security Short List

• Anti-
• Virus
• Botnets
• Spam
• Spyware
• Passwords / Passphrases
• Patches
• Wireless Security
• Unprotected Shares

• Firewall
• Perimeter
• Personal/Application
• Web-based e-mail/file sharing
• Router/IP Addressing
• Physical Access
• Backups

6
7
Security Trends
8
Security Trends

• On May 29, 2009, President Obama said
• the U.S. has reached a "transformational moment"
  when computer networks are probed and attacked
  millions of times a day. It's now clear this
  cyber threat is one of the most serious economic
  and national security challenges we face as a
  nation," Obama said, adding, "We're not as
  prepared as we should be, as a government or as a
  country."
• Ready to name a Cyber Czar

9
Security Trends

• Vulnerabilities
• Overall
• 90 affect applications vs. OS ? trend moving
  from OS to apps is increasing
• Exploits
• 10 of available exploits work reliably

10
Security Trends

• OS
• Windows XP OS attacks 42 of total
• Windows Vista OS attacks 6 of total
• 64-bit versions of all products less than 32-bit
  counterparts
• Browsers
• Victims of browser exploits
• 47 - Chinese
• 23 - US English
• Many legitimate websites now compromised and
  hosting malware (drive-by downloads)

11
Security Trends

• E-Mail
• Two extensions (.html .zip) accounted for
  97 of blocked attachments
• Roughly 50 of spam messages are for
  pharmaceutical products
• Image spam is making a comeback now 20

12
Security Trends

• Data loss
• 37 due to stolen equipment
• TrojanDownloader and TrojanDropper malware up
  significantly

13
Security Trends

• Goal of compromise is still steal confidential
  information, i.e. banking, credit card, etc.
• New approaches
• Application and information-centric security
• Ubiquitous encryption

14
Portals of Opportunity
15
Operating Systems
16
Vista SP1

• Security Features (vs. XP SP3)
• BitLocker drive encryption
• Granular audit
• UAC (User Account Control)
• Smart Card support
• Biometric support - 3rd party

17
User Account Control (UAC)

• Introduced in Vista
• Limits application software to standard user
  privilege without additional authorization

18
Windows 7

• Security Features (vs. XP SP3 Vista SP1)
• Improved BitLocker drive encryption
• BitLocker To Go
• AppLocker
• Multiple active firewall profiles
• Improved UAC
• Biometric support native
• DEMO - Control Panel\System and Security\Action
  Center

19
Browser Security
20
Browser Security

• Internet Explorer 8
• Compatible with XP SP3 and newer
• Safety menu
• InPrivate Browsing - helps prevent IE from
  storing data about browsing sessions, including
  cookies, temporary Internet files, history, and
  other data
• Security/trust by zones
• Blocks sites known to host malware
• By default, runs in protected mode cant make
  system-wide changes
• DEMO

21
Browser Security

• Mozilla Firefox 3
• Sandbox security model
• Bug bounty for severe security hole discovery
• Fewer documented security holes
• Google Chrome 1.01
• Periodically downloads 2 blacklists phishing
  malware
• Each tab is its own process
• Icognito browsing

22
Content filtering

• Windows Live Family Safety
• Create filters for each person
• Administer/authorize from anywhere
• Monitor web chat activity
• https//fss.live.com

23
DNS options

• Feb 2009 Time Warner DNS servers in So. Cal
  subject to DDoS attack
• Consider modifying router configuration to hard
  code alternate Public DNS server, rather that
  using broadband provider to resolve DNS
• Example
• OpenDNS 208.67.222.222
• 4.2.2.2 - Level 3 Communications (Broomfield, CO,
  US)

24
E-Mail / Spam / Phishing
25
E-Mail / Spam / Phishing

• Issues
• 90 of all e-mail is spam
• Desktop solutions are inadequate
• In-house (perimeter) solutions often require
  significant care feeding
• Image spam
• Making a resurgence
• Now accounts for 25 of all Spam
• Difficult to detect/filter due to lack of
  context

26
(No Transcript)
27
(No Transcript)
28
E-Mail / Spam / Phishing

• Solutions
• In-House
• Current version of Exchange (2007)
• E-mail filtering appliance
• Barracuda
• DoubleCheck

29
E-Mail / Spam / Phishing

• Solutions
• Hosted
• Microsoft Online Services
• Electricm_at_il
• Blended
• In-house post office / Managed Service for
  filtering
• Google Postini
• Message Labs / Symantec
• McAfee

30
Chat / Social Networking
31
Chat

• Users install without company knowledge/consent
• Users opening messages and clicking graphics and
  links that expose their machines to almost
  immediate compromise

32
Trillian Astra (beta)

• Single IM interface for Windows Live, AIM,
  Yahoo, Google, ICQ, Skype, Facebook, Jabber,
  MySpace Twitter
• 400 new features!

33
Chat

• Other multi-protocol client options
• Digsby
• Pidgin
• Miranda

34
Chat

• Chat protocols /conversations may not be
  confidential?

35
Chat

• Meebo https//www.meebo.com

36
Chat

• Simp by Secway

37
Social Networking

• Facebook
• Facebook currently has over 200 million users
• Compromised Facebook accounts send malicious
  links to friends
• Users are prompted to enter login names
  passwords
• Attackers use harvested info. to attempt to login
  to other sites services (are you using the same
  login name and password for confidential data?)

38
Social Networking

• TwitterCut (5/27/09)
• Message appears to be from friend with link to
  TwitterCut web site
• TwitterCut site looks like Twitter page
• Person is prompted to enter login details
  (phishing attack)
• Entire contact list then recvs. similar message

39
Social Networking

• Flock Social Web Browser
• Modified version of Mozilla browser
• Automatically connects to 20 online services

40
Antivirus
41
Antivirus

• Re-set
• Issues -
• Performance problems users turning AV off
• Not filtering all sources web e-mail, chat,
  etc.
• AV updates not done on all machines
• AV products not catching all malware
• Suites are bloated
• Result compromise!

42
Antivirus

• Beware of rogue PC security applications
  (antivirus/anti-spam/anti-spyware). Look
  official, but likely promoting purchase of their
  products, or worse install trojans!
• Recent examples
• Personal Antivirus
• Antivirus 360
• System Guard 2009

43
(No Transcript)
44
(No Transcript)
45
Antivirus

• Future of AV products will most likely be
• Better distribution and redundancy of AV function
  between cloud, perimeter devices, servers
  clients,
• More application centric
• Protection at document level (digital rights)

46
System Patches / Updates
47
Conficker post mortem

• aka Conflicker, Downadup, DownAndUp, Kido
• Superworm surfaced 11/21/2008
• Targets Windows OS machines with known
  vulnerability (MS08-067)  patch was available
  10/08
• At height, may have infected 15 million PCs
• Variants still infecting 50,000 new PCs per day
• Purpose create a botnet of infected computers
• To determine if machine is infected, visit
  http//www.confickerworkinggroup.org/infection_tes
  t/cfeyechart.html

48
Patch Management

• Windows OS
• Demo - Control Panel\System and
  Security\Windows Update

49
Patch Management

• Other MS apps -
• Non-MS Applications case by case

50
Other Issues Remediation
51
Notebook Security
52
Notebook Security

• Security Lock
• Never leave a laptop unattended!
• Drive encryption
• PGP
• BitLocker (Vista W7)

53
Notebook Security

• Backup
• Clickfree automated backup
• Lo Jack for Laptops
• Firmware BIOS level software
• Premium version offers remote delete

54
Virtualization
55
Virtualization

• What is it?
• Allows the use of multiple virtual machines
  (operating system instances) to run on a single
  physical computer
• Benefits
• Application compatibility
• Testing / Sandboxing
• Portability
• Safe surfing
• Server/service administration
• Still need to ensure VMs are secure!

56
Virtualization

• Configuration
• Server
• Desktop
• Notable products
• VMWare
• Microsoft
• Virtual Iron
• Citrix XenSource
• Pre-configured VMs
• DEMO

57
Encryption
58
Data Encryption

• Hard drive encryption Software-based
• Windows Encrypting File System (EFS)
• Supported on NTFS volumes (W2K, XP Vista)
• Encrypt/decrypt files and/or folders in real time
• Uses certificate issued by Windows

59
Data Encryption

• Hard drive encryption Software-based
• Vista BitLocker
• Encrypts entire Windows Operating System volume
• Available with
• Vista Ultimate
• Vista Enterprise
• Third party, commercial encryption software
• Numerous options!

60
Data Encryption

• USB Thumb Drives
• Most older drives completely insecure
• If you want to store/transfer secure data on USB
  thumb drive, look for device that can
• Encrypt data
• Authenticate user
• BitLocker to Go in Windows 7

61
Finally

• Tips
• Update your software!
• Change passwords on a schedule
• Dont use the same password for everything
• Dont open unknown or unexpected attachments
• Dont click unsubscribe link in unsolicited
  e-mail
• Turn on password protection on screensaver

62
Contact Info.

• David Cieslak dcieslak_at_arxistechnology.com
• Phone (805)306-7800
• Web www.arxistechnology.com
• Address 2468 Tapo Canyon Rd.
• Simi Valley, CA 93063