Title: Information Security
1Information Security
- Introduction to Security Fundamentals and Practice
2Agenda
- Introduction
- The problem
- Security Basics Framework
- Identity What is it?
- FTC Identity Theft problems and trends
- Authentication
- Network Access
- Cryptography
- WWW
- Assurance
- Security Process
3Goal of this class
- At the end of this class you will
- Be able to hold an intelligent conversation about
Information Security - Identify the RISK associated with user behavior
or a proposed application - Evaluate possible remedies to combat the risk
- Ask the right questions
4The Problem
5The first internet attack
6More incidents
- As the internet grew into a business medium
attacks increased in frequency and in disruption
7Vulnerabilities Reported by YEAR
Source CERT
8(No Transcript)
9- Given the widespread use of automated attack
tools, attacks against Internet-connected systems
have become so commonplace that counts of the
number of incidents reported provide little
information with regard to assessing the scope
and impact of attacks. Therefore, as of 2004, we
will no longer publish the number of incidents
reported.
Source CERT
10(No Transcript)
11Hacker Tools trend
packet forging / spoofing
Hacking Tools
sniffer / sweepers
exploiting known vulnerabilities
back doors
GUI
Relative Technical Complexity
stealth diagnostics
hijacking sessions
self-replicating code
disabling audits
Average Intruder
password cracking
password guessing
1980 1985 1990
1995
Source GAO Report to Congress, 1996
12Hacker tools trends
Hacking Tools
DDoS Insertion Tools
Zotob
Bagel
Trinoo
Windows Remote Control
Slammer
MyDoom
PrettyPark
Relative Technical Complexity
Stacheldraht
Melissa
Kiddie Scripter Trojans
2000
2001
2005
2004
2003
2002
13Users are left out in the cold by their vendors
- An unpatched Windows PC connected to the
Internet will last for only an average of 20
minutes before it's compromised by malware - http//whitepapers.techrepublic.com.com/webcast.as
px?docid108140 - Patch and Pray
- It's the dirtiest little secret in the software
industry Patching no longer works. And there's
nothing you can do about it. Except maybe patch
less. Or possibly patch more. - http//www.csoonline.com/read/080103/patch.html
14The Evolution of the Hacker
- Early hackers were often security advocates
trying to call attention to the problems - Morris
- Shimomura
152nd Generation
- The intellectual hackers
- Legion of Doom
- Cult of the Dead Cow
- Back orifice
- www.bo2k.com
- DefCon
- 2600
- http//www.defcon.org/
- http//www.2600.com/
163rd Generation
- Script Kiddies
- Melissa
- Stacheldraht Denial of service
- http//www.honeynet.org/papers/enemy/index.html
174th generation
- Organize Crime
- Russia
- Eastern Europe
- China
- Political Hackers
- India
- Pakistan
- Rent 3000 infected PCs for 20
18Its a numbers game
- Many blackhats randomly probe the Internet
searching for a known vulnerability - Only 1 percent of systems may have this
vulnerability - You can compromise 10,000 systems if you scan
over a million.
19An example threat from the Honeynet
- Over a three week period we monitored these
blackhats as they communicated over IRC (Internet
Relay Chat). - You can gain a better understanding of their
motives and psychology by reviewing their
conversations.
20Who are they?
- As we listened in, we could make out their
origins. - These were hackers from Pakistan.
- Parts of the conversation were in Urdu (which
were duly translated) - Claiming to have political motives and posing as
self-styled cyber-soldiers.
21Skill level
Try to figure out a sniffer
jack thats the root pass for xxx.example.com
? robert no jack nope its not jack its on a
subnet jack then? robert then? robert I
dunno robert where are you sniffing
from? robert umm doesnt it have to be the same
network? jack xxx.example.com jack dunno
robert 192.168.1.23 192.168.1.7 robert yeah
robert just wait robert and I think you
wioll get someones password
22Skill Level
- They prefer the simplicity of windows
jill yaar dos1ng is easy from windows jack
ofcourse jill linux main banda confuse hojatha
hai "In linux, a person gets confused"
23Motives
- Many hacker groups are similar to gangs. Elevate
your status by demonstrating technical skill.
robert deface yahoo.com robert and people
will respect you jack i mostly do indian sites
robert www.india.com robert
orsomethign robert somethinf famous robert
like whitehouse.gov jack i am defacing
mail.namestaindia.com jill u mean defacing now
? jack yep? jack we can deface and fix the
index after attrtion mirrors
24Motives
- They join carding and trade stolen credit cards.
- They use stolen cards for registering domains for
themselves.
Co0lWoRx ok? Ricky ii have 2 cards i will
trade Agent yo Agent is a master card a
16 digit or 13 ? NPN 16 dariuss ? NPN
1234/5678/9102/3456
25Psychology
robert I WANT TO SMOKE WEED jack OR U WANT
THE OTHE RGUY FIRST! jack ?! robert NO jack
WEE! jack WEED! jack WEED! jack
WEED! robert WEEEEEEEEED jack what if the
cops bust u jack ??????? robert NOT IF I
SMOKE AT MY BACKYARD robert HEHE robert THEY
WONT BUST ME robert MY DADS LEAVING robert
TIME TO GET HIGH
26The Results
- They are still highly successful
jack hehe come with yure ip ill add u to the
new 40 bots jack i owned and trojaned 40
servers of linux in 3 hours jack ))))) jill
heh jill damn jack heh jill 107
bots jack yup
27More Results
- They get 5000 accounts on an ISP
jack i have the whole billing system jack
glined jack i have the whole billing system of
zooom jack oye jack heh jill lol jill
glined how ? jill they didn't have the same ip
jill billing system of zooom ?? jill how ?
28Further Readings
- The Morris Incident (legal papers)
- http//www.rbs2.com/morris.htm
- Knowing your enemy
- www.honeynet.org