THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES - PowerPoint PPT Presentation

About This Presentation
Title:

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES

Description:

... and patched vulnerabilities ... Virus definitions and patches not available ' ... Patching systems, either internally or externally, produce same effect ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 6
Provided by: seanf6
Category:

less

Transcript and Presenter's Notes

Title: THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES


1
THE CASE FOR PROACTIVE NETWORK SECURITYWORMS,
VIRUSES BUSINESS CONTINUITYPresented to
Dr. Yan ChenMITP 458- Information Security
AssuranceBusiness Case Study Presentation09
June 2007by The Loop GroupFarney, Heilprin,
Leonard
2
2001 THE END OF REACTIVE NETWORK SECURITY
  • The Year of the Worm (3) major worms released
    July-September 2001
  • Code Red
  • 2.6bn estimated damage
  • Simple buffer overflow infected 350,000 hosts in
    single day
  • Code Red II
  • Same attack vector (.ida), but different
    signature
  • Nimda
  • Mass-mailing, multivariate attack
  • All based on previously released and patched
    vulnerabilities
  • MS01-033, MS00-052, MS00-078, MS01-020
  • A/V software useless
  • Used firewall ports not needed (externally) in
    the first place
  • 135, 137, 138, 139, 445, 593, 1639, 2000-3000,
    3127-3198

100 Preventability!
3
HEROIC IT NOT ENOUGH, PEOPLE AND PROCESS
REQUIRED
  • Speed of attack dispersion and increased
    geographic expansion make it impossible to react
    to todays threats
  • Design and deploy network security operations
    infrastructure in which automatic patch
    management plays central role
  • Vulnerabilities addressed on release day (making
    test assumption)
  • Proactively tighten defenses
  • deny all vs. allow all on interior firewall
    interfaces
  • Perform network analysis to determine required
    business functions and corresponding ports, deny
    all else

2001 attacks responsible for major shift in
corporate defenses
  • Heroic IT Management Is No Longer Enough, Diamond
    Cluster Viewpoint, 2004

4
NEXT PARADIGM SHIFT STRING SCANNING -gt
HEURISTICS
  • Zero Day attacks becoming more common
  • Virus definitions and patches not available
  • Ex post mechanism is folly- by focusing on
    catching attack of the past, you miss the attack
    of the future1
  • A new proactivity required behavior based
    security
  • Create behaviors for which to look for, not
    specific strings
  • Heuristics is the only way to protect against
    Zero Day attacks
  • Looks for anomalous activity like
  • Use off the shelf software, security services, or
    product like Internet Motion Sensor
  • Most A/V software today uses heuristics at some
    level
  • Most effective are agent-based products dedicated
    to this type of analysis
  • The Efficacy of Network-Level SPAM Mitigation ,
    Sean Farney, MITP 458, 2007

5
PERSONAL LESSONS LEARNED
  • Globally dispersed operations offers challenges
  • Follow-the-sun staffing great for finite
    day-to-day tasks, but can impede focus on large
    events
  • Lack of 24x7 line responsibility allows
    transition gaps and requires re-activation energy
  • Consider centralization and/or sourcing to true
    24x7 model/provider for consistent and efficient
    handling of operations
  • Patching systems, either internally or
    externally, produce same effect
  • Remove human element from revision compliance
  • Commonplace now, but still new in 2001
  • Fight battles before they start, be as proactive
    as possible
  • The Freedom1 of Deny All
  • See Nietzsches Twilight of the Idols
Write a Comment
User Comments (0)
About PowerShow.com