Host Based Security - PowerPoint PPT Presentation

1 / 37

About This Presentation

Title:

Host Based Security

Description:

Host Based Security John Scrimsher, CISSP jps_at_hp.com – PowerPoint PPT presentation

Number of Views:215

Avg rating:3.0/5.0

Slides: 38

Provided by: JohnS728

Category:

more less

Transcript and Presenter's Notes

Title: Host Based Security

1
Host Based Security

John Scrimsher, CISSP
jps_at_hp.com

2
Virus Control

Prestidigitation

3
Why Host Security?

Defense in Depth
Threat management
Identification
Assessment
Response / Containment
Incident Management
Coordination of efforts
Damage Control
Public Relations

4
Why Host Based Security?

Perimeter Security vs. Host Based

66
34
5
Why Host Based Security?

Threat management Identification
Malware
Internal Threats
Employee Theft
Unpatched systems

6
What is Malware?

Anything that you would not want deliberately
installed on your computer.
Viruses
Worms
Trojans
Spyware
More

7
Where are the threats?Threat management
Assessment

Un-patched Computers
Email
Network File Shares
Internet Downloads
Social Engineering
Blended Threats
Hoaxes / Chain Letters

8
Phishing

Email messages sent to large distribution lists.
Disguised as legitimate businesses
Steal personal information

9
Identity Theft

Since viruses can be used to steal personal data,
that data can be used to steal your identity
Phishing
Keystroke loggers
Trojans
Spyware

10
Now, what do we do about it?Threat Management
Containment

C.I.A. Security Model
Confidentiality
Integrity
Availability

Current Solutions
Antivirus / AntiSpyware
Personal Firewall / IDS / IPS
User Education

11
Current Security View
12
Red Pill / Blue Pill
13
How do these products help?

Host Firewall / IPS blocks many unknown and known
threats

14
How do these products help?

Antivirus Captures Threats that use common access
methods
Web Downloads
Email
Application Attacks (Buffer Overflow)

VBSim demo
15
Social Engineering

70 percent of those asked said they would
reveal their computer passwords for a

Bar of chocolate
Schrage, Michael. 2005. Retrieved from
http//www.technologyreview.com/articles/05/03/iss
ue/review_password.asp?p1
16
Educated Users Help

The biggest threat to the security of a company
is not a computer virus, an unpatched hole in a
key program or a badly installed firewall. In
fact, the biggest threat could be you. What I
found personally to be true was that it's easier
to manipulate people rather than technology. Most
of the time organizations overlook that human
element.

Mitnick, Kevin, How to Hack People. BBC
NewsOnline, October 14, 2002.
17
How do these products help?

User Education
Dont open suspicious email
Dont download software from untrusted sites.
Patch

18
Things to look for

Unusually high number of network connections
(netstat a)
CPU Utilization
Unexpected modifications to registry RUN section.
Higher than normal disk activity

19
Open Source

Shared information
Business Models
Is it more secure?
Development model
Security reviewers tend to be the same people
doing the proprietary reviews
Value in education
Lots of good security tools

20
Open Source - Browsers

Firefox vs. Internet Explorer
Vulnerabilities reported in 2005

Internet Explorer
SecurityFocus 43
Secunia Research 9
Symantec - 13

Firefox
SecurityFocus 43
Secunia Research 17
Symantec - 21

What about shared vulnerabilities? Plugins, WMF
images
21
What is Managements role?

Management ties everything together
Responsibility
Ownership

Security is a Mindset, not a service. It must be
a part of all decisions and implementations.

22
What is Managements Role?

Compliance Monitoring
Policy Enforcement
Damage Control / Public Relations

23
Managements Role

Compliance Monitoring
Keep aware of security posture
Legal requirements
Company policies
Performance metrics

24
Managements Role

Policy Enforcement
Pro-actively address issues
Re-active contingency plans
Network access controls

25
Managements Role

Damage Control
Do you tell customers?
What about the media?
How soon to go public with results?
What does it cost to respond?

26
Legal Issues

Many countries are still developing laws
Privacy Laws can prevent some investigation
Regulatory Compliance
Organized Crime

27
Regulatory Issues

Sarbanes Oxley Act (2002)
Graham-Leach-Bliley Act (1999)
Health Information Portability and Accountability
Act (1996)
Electronic Communications Privacy Act (1986)

28
Notable Legal History

Robert Morris Jr. - WANK worm. First internet
worm ever created, set loose by accident across
the internet.
Randal Schwartz - hacked into Intel claiming he
was trying to point out weaknesses in their
security.
David Smith - Melissa. First known use of
mass-mailing technique used in a malicious
manner. Some jail time.
OnTheFly, The Netherlands - Anna virus using
worm generator tool. The writer was a youth who
was remorseful but little was done to punish
him.
Philippines - Loveletter. No jail time because
there were no laws.
Jeffrey Lee Parsons 2005 18 months in prison
for variant of Blaster worm.

29
Organized Crime
30
Kaspersky Quote

"It's hard to imagine a more ridiculous
situation a handful of virus writers are playing
unpunished with the Internet, and not one member
of the Internet community can take decisive
action to stop this lawlessness.
The problem is that the current architecture of
the Internet is completely inconsistent with
information security. The Internet community
needs to accept mandatory user identification -
something similar to driving licenses or
passports.
We must have effective methods for identifying
and prosecuting cyber criminals or we may end up
losing the Internet as a viable resource."
Eugene KasperskyHead of Antivirus Research