Recent Security Threats - PowerPoint PPT Presentation

About This Presentation
Title:

Recent Security Threats

Description:

SLAC Computer Security. Thinking evil thoughts. Protecting from evil deeds ... Keyloggers compromise security. Allowed by some AV products ... – PowerPoint PPT presentation

Number of Views:113
Avg rating:3.0/5.0
Slides: 29
Provided by: bobc182
Learn more at: https://www.racf.bnl.gov
Category:

less

Transcript and Presenter's Notes

Title: Recent Security Threats


1
Recent Security Threats VulnerabilitiesCompute
r security
In
  • Bob Cowles
  • bob.cowles_at_slac.stanford.edu
  • HEPiX, Fall 2004 Brookhaven, NY, USA

Work supported by U. S. Department of Energy
contract DE-AC02-76SF00515
2
Windows
  • Recent Windows Vulnerabilities
  • Windows patching
  • Phishing and viruses
  • Web exposures (IE)
  • Spyware
  • XP SP2

3
Recent Windows Vulnerabilities
  • ASP.NET path vulnerability
  • GDI jpeg (cant just block jpegs)
  • IE patches lots Outlook Express update
  • NetDDE (not enabled by default)
  • Windows shell (exploit thru web)
  • IIS (document footer javascript)
  • Allows code execution NNTP SMTP, zipped
    folders Excel WP converter HTML Help Task
    Scheduler POSIX (old sys)

4
Windows Patching
  • Patches do _NOT_ get e-mailed to you!
  • Windows systems in Active Directory can be
    patched automatically (mostly)
  • Offsite users must do their own patching
  • May investigate bigfix as partial solution
  • Support for Linux / Macintosh
  • Non-Ad users
  • Non Microsoft software (winzip, realplayer,
    acrobat)
  • http//www.bigfix.com/products/products_patch.html

5
(No Transcript)
6
Recent Phishing E-mail
7
E-Mail Attacks Protection
  • Phishing Emails (and phonecalls) engineered to
    get information from you or just to get you to
    click and download virus
  • Need to have Multi-Level Protection
  • Email gateways strip attachments
  • Exchange/desktop AV detects removes
  • Gateway tags as SPAM if a link in the
    e-mail would download malicious code

8
Dont Take the Bait
9
Forged FDIC E-mail
10
Fake FDIC Website
11
Real FDIC Website
12
E-mail With Virus Attached
13
AD SUS-gtWUS
  • Problematic patching
  • Office vs.Windows Update
  • Require product CD?
  • XP will have improvements (someday)
  • Who let them name it WUS?
  • http//www.wordsculpture.se/english_corner/slang.a
    sp
  • But sites still must address non-MS software

14
Viruses
  • More sophistication
  • Run automatically
  • Leave backdoors smtp for spam
  • Keyboard loggers
  • Alert Oct 18, 2004 bypass AV for McAfee, CA,
    Sophos, Kaspersky, Eset, RAV zip file checking

15
IE Exposures
  • Unpatched vulnerabilities
  • Cannot escape IE (but can control)
  • XP SP2 has fixed some problems
  • There is still problem of user knowledge

16
Spyware
  • Invade privacy
  • Keyloggers compromise security
  • Allowed by some AV products
  • User agrees to softwares actions through license
    agreement
  • US state and federal legislation will solve the
    problem (just like with SPAM) - NOT

17
XP SP2
  • Problem areas
  • Spyware causes bluescreen
  • Popup blocking causes problems w/ some sites
  • Multiple firewalls cause conflicts
  • Need to allow vulnerability scanning
  • ICMP off by default (no ping response)
  • Open ports fo file / print sharing or
  • Run software agent that can be contacted

18
Unix Linux
  • Local Exploits Remote Exploits
  • Samba
  • LSF rtok lsadmin eauth
  • PHP in web servers
  • chown
  • drivers (sparse code chking tool)
  • sendmail
  • sshd scanning for weak passwords

19
Fedora
  • Supports RH 7.3 and RH 9
  • Security fixes can take several months after
    vulnerability is announced
  • Large pkg of fixes released Oct 18, 2004
  • ISO9660, Soundblaster, file offset pointers, nfs
    group ID, drivers, several integer oveflows,
    other DOS, memory leaks, information leaks.

20
Universities Labs
  • Exploits against Solaris, AIX, Linux
  • Attacker(s) are knowledgeable
  • Install SK rootkit on Linux
  • Install trojaned sshd
  • gets passwords from keyboard/tty entry
  • accesses RSA keys
  • CERN break-in (LXPLUS) recent example (LSF)
  • Are one time password tokens in your future?

21
Universities and Labs (cont)
  • User klogd scans for open X sessions
  • Forwards captured passwds thru port 8181
  • Used on patched machines
  • Just notified sites in US (USC, UCSB, NYU,
    Princeton, PSU, etc) of problems.
  • Also RAL, Fermilab, SLAC, Cornell, Bristol, INFN,
    Stanford

22
Cisco
  • CatOS Telnet, HTTP, SSH
  • BGP another DOS

23
Macintosh
  • Safari open in browser javascript
  • Disk image mounter
  • libpng
  • kerberos
  • rsync
  • OpenSSH
  • iChat
  • QuickTime

24
Other Vulnerabilities
  • AXIS video camera and server
  • IM gaim, AIM Yahoo Messenger
  • CVS
  • RealPlayer
  • Winzip
  • Web HP JetAdmin
  • Acrobat Reader 6.0
  • Firewire (announced Nov 11)

25
Email
  • Evils of HTML email
  • Its big it hides bad stuff
  • Phishing scams
  • Citibank, eBay, PayPal, Wells Fargo
  • Outlook 2003 setting (reg for Outlook XP)
  • New default for Outlook Express

26
Outlook 2003
  • Tools -gt Options -gt Preferences

27
Final Thoughts
  • Attacks coming faster attackers getting smarter
  • No simple solution works
  • Patching helps
  • Firewalls help
  • AV attachment removal help
  • Encrypted passwords/tunnels help
  • You cant be secure only more secure
  • We must share information better

28
What is the Most Important Component of Computer
Security?
  • YOU!
Write a Comment
User Comments (0)
About PowerShow.com