Threats to your Network

1
Threats to your Network

• Internal and External
• How secure are you?

2
Security Overview

• All computers, from family home computers to
  those on desktops in the largest corporations in
  the country can be affected by computer security
  breachesHowever, security breaches can often be
  easily prevented. How? Importance of
  Security Spam Threats to Data Security
  Tools Viruses Anti-Virus Software Trojan
  Horses Security Policies Vandals Passwords
  Attacks Firewalls Data Interception Encryptio
  n Scams

3
Importance of Security

• While the Internet has transformed and greatly
  improved our lives, this vast network and its
  associated technologies have opened the doors to
  an increasing number of security threats from
  which individuals, families and businesses must
  protect themselves.
• 2.3 million hosts are connected to the net each
  month, and there arent 2.3 million systems
  administrators. Something has to give.
• The consequences of attacks can range from the
  mildly inconvenient to the completely
  debilitating. Important data can be lost,
  privacy can be violated and your computer can
  even be used by an outside attacker to attack
  other computers on the Internet.

4
Threats

• 86 of Cyber crime is from within an organization
• Over 70 of hacking occurs from within a network
• According to the FBI, the average cost of an
  insider breach is 2.4 million while the average
  cost of a break-in from the Internet is 27,000.

5
Internal Threats

• User Community
• E-mailing of sensitive information
• Copying of data to removable media
• ftp of information to unauthorized recipients
• Installation of unauthorized programs on PCs
• Performance problems
• Support issues
• Installation and use of hacker tools on systems
• Introduction of infected media from home/school

6
Internal Threats Contd

• Weak passwords
• Lack of proper policies and procedures
• Password
• Computer system usage
• Information privacy
• E-mail and Internet usage
• Equipment disposal
• Audit
• Incident response

7
Internal Threats Contd

• Lack of physical security
• Servers
• Data wiring closets
• Network access points
• Wireless LANs

8
Malicious or Accidental
9
Vulnerabilities inside the network

• Secure networking cannot be achieved without
  addressing these vulnerabilities.

10
Threats Are they Real?

• Demonstration of hacking tools
• 20 30 minutes

11
Threats

• Threats to Data
• As with any type of crime, the threat to the
  privacy and integrity of data comes from a very
  small minority. However, while a car thief can
  steal only one car at a time, a single hacker
  working from a single computer can generate
  damage to a large number of computer networks
  that can wreak havoc on our countrys information
  infrastructure.
• Whether you want to secure a car, a home or a
  nation, a general knowledge of security threats
  and how to protect yourself is essential.

12
Threats to Data (contd)

• Among the destructive sorts of break-ins and
  attacks, there are two major categories.
• Data Destruction
• Some of those perpetrate attacks are simply
  twisted individuals who like to delete things
• Data Diddling
• The data diddler is likely the worst sort,
  since the fact of a break-in might not be
  immediately obvious. Perhaps he's toying with the
  numbers in your spreadsheets, or changing the
  dates in your projections and plans.

13
Threats

• Viruses
• Viruses are the most widely known security
  threats because they often garner extensive press
  coverage.
• The effect of some viruses are relatively benign
  and cause annoying interruptions such as
  displaying a comical message when striking a
  certain letter on the keyboard. Other viruses
  are more destructive and cause such problems as
  deleting files from a hard drive or slowing down
  a system.
• A computer can be infected with a virus only if a
  virus enters through an outside source-most often
  an attachment to an E-mail or a file downloaded
  from the Internet. When one computer on a
  network becomes infected, the other computers on
  the network-or for that matter other computers on
  the Internet-are highly susceptible to
  contracting the virus.
• Attachments in email are probably still the
  number one threat.

14
Threats (Email)

• Emails with malformed MIME headers -The
  Nimda worm took the Internet by surprise,
  circumventing many email security tools and
  breaking into servers and corporate networks as
  well as infecting the home user. This worm uses a
  flaw within Outlook Express and Internet Explorer
  to spread through email.

15
Threats(Email)

• Attachments with malicious content
• Melissa and LoveLetter were among the first viri
  to illustrate the problem with email attachments
  and trust. They made use of the trust that exists
  between friends or colleagues.
• This is what happens with Melissa,
  AnnaKournikova, SirCam and several other similar
  email worms. Upon running, such worms usually
  proceed to send themselves out to email addresses
  from the victim's address book, previous emails,
  web pages caches to the local machine and similar
  methods.

16
Threats(Email)

• HTML mail with embedded scripts
• Outlook and other products use Internet
  Explorer components to display HTML email,
  meaning they inherit the security vulnerabilities
  found in Internet Explorer. These vulnerabilities
  can be exploited by email to hack into corporate
  networks, disseminate dangerous worms, and enable
  the execution of system functions such as
  reading, writing and deleting files. Viruses that
  use HTML email to circumvent security measures
  and infect computers include the Kak worm,
  BubbleBoy and HapTime.
• Viruses based on HTML scripts have the added
  danger of being able to run automatically when
  the malicious mail is opened. They do not rely on
  attachments therefore the attachment filters
  found in anti-virus software are useless in
  combating unknown HTML script viruses.

17
(No Transcript)
18
Threats

• Trojan Horse Programs
• Trojan horse programs, are delivery vehicles for
  destructive computer code. Trojans appear to be
  harmless or useful software programs, such as
  computer games, but are actually enemies in
  disguise.
• Trojans can delete data, mail copies of
  themselves to E-mail address lists and open up
  computers to additional attacks. Trojans can be
  contracted only by copying the Trojan horse
  program to a computer, downloading from the
  Internet or opening an E-mail attachment.

19
Threats

• Spam
• Spam is the commonly used term for unsolicited
  E-mail or the action of broadcasting unsolicited
  advertising messages via E-mail. Spam is usually
  harmless, but it can be a nuisance, taking up
  peoples time and storage space on their
  computer. If you receive spam, you should report
  it to your Internet Service Provider (ISP).
  Check your ISP Help Areas to find out how to
  report spam.

20
Threats

• Such software was originally created for computer
  administrators to assist people who have
  forgotten their passwords or to determine the
  password of people that left a company without
  telling anyone what their passwords were. Placed
  in the wrong hands, however, this type of
  software can become very dangerous weapon.
• Access attacks are conducted to gain entry to
  E-mail accounts, databases and other confidential
  information.
• DoS attacks prevent access to all or part of a
  computer system. They are usually achieved by
  sending large amounts of jumbled or other
  unmanageable data to a machine that is connected
  to the Internet, blocking legitimate traffic from
  getting through. Even more malicious is a
  Distributed Denial of Service attack (DdoS) in
  which the attacker compromises multiple machines
  or hosts.

21
Threats

• Scams
• Con artists have been perpetrating scam
  operations for decades. Now more than ever, the
  stakes are higher as theyve got easy access to
  millions of people on the Internet.
• Scams are often sent by E-mail and may contain a
  hyperlink to a Web Site that asks you for
  personal information, including your password.
  Other times, scam E-mail may contain a
  solicitation for your credit card information in
  the guise of a billing request. There are ways
  to take proactive steps toward protecting
  yourself from scams on the Internet, such as
  never giving out your password, billing
  information or other personal information to
  strangers online.
• Because it is easy to fake E-mail addresses, be
  mindful of who youre listening to or talking
  with before you give out personal information.
  Dont click on hyperlinks or download attachments
  from people or Web Sites you dont know. Be
  skeptical of any company that doesnt clearly
  state its name, physical address and telephone
  number.

22
Threats

• Vandals
• Web Sites have come alive through the development
  of such software applications as ActiveX and Java
  Applets. These applications enable animation and
  other special effects to run, making web sites
  more attractive and interactive.
• However, the ease with which these applications
  can be downloaded and run had provided a new
  vehicle for inflicting damage. Vandals can take
  on the form of a software application or applet
  that causes destruction of various degrees. A
  vandal can destroy a single file or a major
  portion of a computer system.

23
Threats

• Attacks
• Innumerable types of network attacks have been
  documented, and they are commonly classified in
  three categories
• 1- Reconnaissance attacks
• 2- Access attacks, and
• 3- Denial of Service (DoS) attacks
• Reconnaissance attacks are essentially
  information gathering activities by which hackers
  collect data that is used to later compromise
  networks. Usually, software tools, such as
  sniffers and scanners, are used to map out and
  exploit potential weaknesses in home computers,
  web servers and applications. For example,
  software exists that is specifically designed to
  crack passwords.

24
Threats

• Data Interception
• Data transmitted via any type of network can be
  subject to interception by unauthorized parties.
  The intercepting perpetrator might eavesdrop on
  communications or even alter the data packets
  being transmitted.
• Perpetrators can use various methods to intercept
  data. IP spoofing, for example, entails posing
  as an unauthorized party in the data transmission
  by using the Internet Protocol (IP) address of
  one of the data recipients.

25
Threats

• IP Session Hijacking
• This is a relatively sophisticated attack.
  This is very dangerous, however, because there
  are now toolkits available in the underground
  community that allow otherwise unskilled
  bad-guy-wannabes to perpetrate this attack. IP
  Session Hijacking is an attack whereby a user's
  session is taken over, being in the control of
  the attacker. If the user was in the middle of
  email, the attacker is looking at the email, and
  then can execute any commands he wishes as the
  attacked user. The attacked user simply sees his
  session dropped, and may simply login again,
  perhaps not even noticing that the attacker is
  still logged in and doing things.

26
Threats Hijacking
27
Threats Whats the potential impact

• Damage to data and programs
• It could take day, weeks or months to notice
• Bad decision made on erroneous information
• Loss of sensitive information
• Competitors have inside scoop
• Disclosure of customer data
• Privacy compromised
• Reputation in community ruined
• Business is lost

28
Reference Sites

• www.sans.org Security alerts and articles
• www.securityfocus.com Policy development
• www.nwc.com Network security articles
• www.microsoft.com/security Security best
  practices

29
Questions?