Information Security

1
Information Security

• Introduction to Security Fundamentals and Practice

2
Agenda

• Introduction
• The problem
• Security Basics Framework
• Identity What is it?
• FTC Identity Theft problems and trends
• Authentication
• Network Access
• Cryptography
• WWW
• Assurance
• Security Process

3
Goal of this class

• At the end of this class you will
• Be able to hold an intelligent conversation about
  Information Security
• Identify the RISK associated with user behavior
  or a proposed application
• Evaluate possible remedies to combat the risk
• Ask the right questions

4
The Problem

• Our journey begins

5
The first internet attack

• Year?
• Intent?
• Result?

6
More incidents

• As the internet grew into a business medium
  attacks increased in frequency and in disruption

7
Vulnerabilities Reported by YEAR
Source CERT
8
(No Transcript)
9

• Given the widespread use of automated attack
  tools, attacks against Internet-connected systems
  have become so commonplace that counts of the
  number of incidents reported provide little
  information with regard to assessing the scope
  and impact of attacks. Therefore, as of 2004, we
  will no longer publish the number of incidents
  reported.

Source CERT
10
(No Transcript)
11
Hacker Tools trend
packet forging / spoofing
Hacking Tools
sniffer / sweepers
exploiting known vulnerabilities
back doors
GUI
Relative Technical Complexity
stealth diagnostics
hijacking sessions
self-replicating code
disabling audits
Average Intruder
password cracking
password guessing
1980 1985 1990
1995
Source GAO Report to Congress, 1996
12
Hacker tools trends
Hacking Tools
DDoS Insertion Tools
Zotob
Bagel
Trinoo
Windows Remote Control
Slammer
MyDoom
PrettyPark
Relative Technical Complexity
Stacheldraht
Melissa
Kiddie Scripter Trojans
2000
2001
2005
2004
2003
2002
13
Users are left out in the cold by their vendors

• An unpatched Windows PC connected to the
  Internet will last for only an average of 20
  minutes before it's compromised by malware
• http//whitepapers.techrepublic.com.com/webcast.as
  px?docid108140
• Patch and Pray
• It's the dirtiest little secret in the software
  industry Patching no longer works. And there's
  nothing you can do about it. Except maybe patch
  less. Or possibly patch more.
• http//www.csoonline.com/read/080103/patch.html

14
The Evolution of the Hacker

• Early hackers were often security advocates
  trying to call attention to the problems
• Morris
• Shimomura

15
2nd Generation

• The intellectual hackers
• Legion of Doom
• Cult of the Dead Cow
• Back orifice
• www.bo2k.com
• DefCon
• 2600
• http//www.defcon.org/
• http//www.2600.com/

16
3rd Generation

• Script Kiddies
• Melissa
• Stacheldraht Denial of service
• http//www.honeynet.org/papers/enemy/index.html

17
4th generation

• Organize Crime
• Russia
• Eastern Europe
• China
• Political Hackers
• India
• Pakistan
• Rent 3000 infected PCs for 20

18
Its a numbers game

• Many blackhats randomly probe the Internet
  searching for a known vulnerability
• Only 1 percent of systems may have this
  vulnerability
• You can compromise 10,000 systems if you scan
  over a million.

19
An example threat from the Honeynet

• Over a three week period we monitored these
  blackhats as they communicated over IRC (Internet
  Relay Chat).
• You can gain a better understanding of their
  motives and psychology by reviewing their
  conversations.

20
Who are they?

• As we listened in, we could make out their
  origins.
• These were hackers from Pakistan.
• Parts of the conversation were in Urdu (which
  were duly translated)
• Claiming to have political motives and posing as
  self-styled cyber-soldiers.

21
Skill level
Try to figure out a sniffer
jack thats the root pass for xxx.example.com
? robert no jack nope its not jack its on a
subnet jack then? robert then? robert I
dunno robert where are you sniffing
from? robert umm doesnt it have to be the same
network? jack xxx.example.com jack dunno
robert 192.168.1.23 192.168.1.7 robert yeah
robert just wait robert and I think you
wioll get someones password
22
Skill Level

• They prefer the simplicity of windows

jill yaar dos1ng is easy from windows jack
ofcourse jill linux main banda confuse hojatha
hai "In linux, a person gets confused"
23
Motives

• Many hacker groups are similar to gangs. Elevate
  your status by demonstrating technical skill.

robert deface yahoo.com robert and people
will respect you jack i mostly do indian sites
robert www.india.com robert
orsomethign robert somethinf famous robert
like whitehouse.gov jack i am defacing
mail.namestaindia.com jill u mean defacing now
? jack yep? jack we can deface and fix the
index after attrtion mirrors
24
Motives

• They join carding and trade stolen credit cards.
• They use stolen cards for registering domains for
  themselves.

Co0lWoRx ok? Ricky ii have 2 cards i will
trade Agent yo Agent is a master card a
16 digit or 13 ? NPN 16 dariuss ? NPN
1234/5678/9102/3456
25
Psychology

• Most likely kids

robert I WANT TO SMOKE WEED jack OR U WANT
THE OTHE RGUY FIRST! jack ?! robert NO jack
WEE! jack WEED! jack WEED! jack
WEED! robert WEEEEEEEEED jack what if the
cops bust u jack ??????? robert NOT IF I
SMOKE AT MY BACKYARD robert HEHE robert THEY
WONT BUST ME robert MY DADS LEAVING robert
TIME TO GET HIGH
26
The Results

• They are still highly successful

jack hehe come with yure ip ill add u to the
new 40 bots jack i owned and trojaned 40
servers of linux in 3 hours jack ))))) jill
heh jill damn jack heh jill 107
bots jack yup
27
More Results

• They get 5000 accounts on an ISP

jack i have the whole billing system jack
glined jack i have the whole billing system of
zooom jack oye jack heh jill lol jill
glined how ? jill they didn't have the same ip
jill billing system of zooom ?? jill how ?
28
Further Readings

• The Morris Incident (legal papers)
• http//www.rbs2.com/morris.htm
• Knowing your enemy
• www.honeynet.org