Professional Documents
Culture Documents
Topics
Risk
Threat Vulnerability Event Cost
Risk
No system is 100% secure Get a clear picture
Assess weaknesses Prepare for the probable Protect the most critical resources
Risk Equation
Risk = Threat x Vulnerability x Event Cost
If Threat = 0, or Vulnerability = 0, or Event Cost = 0, or Then there is no Risk
Control of Parameters
Risk = Threat x Vulnerability x Event Cost
Vulnerability
Good Control
Event Cost
Some Control
Threat
Minimal Control
Categories of Risk
Malicious Code
Trojans, Viruses, & Worms
Human
Disgruntled employees Sticky-notes
Electronic
Port Scanning Hacking/Sniffing Defacement Spoofing
Email
Spam Phishing
X-ware
Adware Spyware
Physical
Theft
Down Time
Denial of Service attacks Power/Natural Disasters
Malicious Code
Trojans, Viruses, & Worms
Trojan Horse
A computer program that appears desirable, but contains a hidden function that causes damage to other programs
Trojan.Vundo
Threat Rate
12 per Day 28 per Day 122 per Day
Virus
A computer program that is part of another and inserts copies of itself.
It must execute itself. It will often place its own code in the path of execution of another program. It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.
Types of Viruses
File Infector
Jerusalem and Cascade
Boot Sector
Form, Disk Killer, Michelangelo, and Stoned
Types of Viruses
Multi-partite
One_Half, Emperor, Anthrax and Tequilla
Macro
W97M.Melissa, WM.NiceDay and W97M.Groov
Worm
A computer program that invades computers on a network, replicates itself to prevent deletion, and interferes with the host computers operation
This is in contrast to viruses, which requires the spreading of an infected host file. W32.Mydoom.AX@mm
Electronic Threats
What is out there waiting for the opportunity?
Port Scanning
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "wellknown" port number, the computer provides.
There are 65,536 ports
Threat Rate
1 1 6 9 per per per per 6 Days Day Day Day
Web Defacement
Web site defacement, a form of malicious hacking in which a Web site is vandalized. Often the malicious hacker will replace the sites normal content with a specific political or social message or will erase the content from the site entirely, relying on known security vulnerabilities for access to the sites content.
Web Defacement
Unicef.org
Web Defacement
AirTran.com
Threat Rate
15 per Day 61 per Day 180 per Day 580 per Day 900 per Day
Spoofing
Attempting to masquerade or closely mimic the URL displayed in a Web browsers address bar. Used in phishing attacks and other online scams to make an imposter Web site appear legitimate, the attacker obscures the actual URL by overlaying a legitimate looking address or by using a similarly spelled URL.
Physical
Theft
Physical
Stolen Laptops
May 22, 2006 - A laptop computer and external drive containing personal data on more than 26 million veterans and active duty military personnel was stolen.
Down Time
Denial of Service and Natural Disasters
Down Time
Denial of Service
A user or program that takes up all of the system resources by launching a multitude of requests, leaving no resources, and thereby denying service to other users. W32.DoS.funtime, Solaris.DoS.stacheld.c, Solaris.DoS.stacheld.t, Solaris.DoS.stacheld.m
Down Time
Natural Disasters
Weather
Katrina
Human
Disgruntled Employees
Insider Activity in the Banking And Finance Sector This report examines 23 incidents carried out by 26 insiders in the banking and finance sector between 1996 and 2002.
Human
Disgruntled Employees
In 87% of the cases studied, the insiders employed simple, legitimate user commands to carry out the incidents In 70% of cases studied, the insiders exploited or attempted to exploit systemic vulnerabilities in applications and/or processes or procedures
Human
Passwords
Sticky Notes Spouses Children Pets Mythology
Email
Spam and Phishing
Email
Spam
64% of the world's estimated 300,000 spam servers are located in Taiwan. About 23% are located in the United States.
Computer World July 10, 2006.
Email
Phishing
PayPal
X-Ware
Adware and Spyware
Adware
Programs that facilitate delivery for advertising content to the user and in some cases gather information from the user's computer, including information related to Internet browser usage or other computer habits.
Spyware
Programs that have the ability to scan systems or monitor activity and relay information to another computer or locations in cyberspace.
Vulnerability
Where are the holes in your systems?
Vulnerability Prevalence
Over 70% of sites with firewalls are still vulnerable to known attacks Over 80% of sites do not know what is on their networks and what is visible to the Internet
Event Cost
How much will recovery cost you?
Event Cost
Hard to Determine Cost of recovery can be more than a company can bear Organizations are often time reactive, not proactive
Melissa Virus
Data Taken from 131 corporations immediately after Melissa period 25 companies were compromised by Melissa between Monday, March 29, and Friday, April 5 1999 20 experienced major disaster (>25 workstations infected)
Melissa Virus
Average of 196 infected workstations and 9 servers per company 7,824 North American companies experienced compromise of more than 200 workstations 1,205,000 computers infected ICSA estimates total cost at $93 million dollars
Costs
Price of Security Breaches reaches nearly $14 million per incident. That's according to a study conducted by Ponemon Institute LLC for PGP Corp., a security software vendor in Palo Alto, California.
Source: Computerworld, November 14, 2005 http://www.computerworld.com/securitytopics/security/story/0,10801,106180, 00.html
Costs
It is estimated that the worldwide impact of malicious code was 13.2 billion dollars in the year 2001 alone, with the largest contributors being:
SirCam at $1.15 Billion Code Red (all variants) at $2.62 Billion NIMDA at $635 Million.
Source Computer Economics, 2 January 2002, http://www.computereconomics.com/cei/press/pr92101.htm
Costs
An estimated $7.8 Billion was lost to malicious code attacks in 2004 and 2005 combined. More than 35% of computer users do not have protective software installed on their computers.
Source: CNN Headline News August 8, 2006
Security Myths
Separating Fact from Fiction
Global Trends
Where is all of this going?
Internet Security
Increasing complexity drives exponential growth in vulnerability Rapidly changing environment drives rapidly changing risks Greater all-to-all connectivity drives greater potential for malicious connectivity
Internet Security
Growth in Internet users drives growth in Internet abusers Anonymity of the Internet drives tendency towards abuse
Essential Practices
What must be done?
In Practice
Block (deny access by default) Turn-off Services / Ports (off by default) Substitute low-risk methods for highrisk methods Update (apply service packs that affect your situation) Patch (apply hot fixes that affect your situation) Configure Monitor
Presentation Sources
Where did all of this information come from?
Sources
TruSecure
http://www.TruSecure.com/
ICSA
International Computer Security Association http://www.ICSALabs.com/
Symantec
http://www.Symantec.com/
Sources
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance June 2005
http://www.sei.cmu.edu/pub/docume nts/04.reports/pdf/04tr021.pdf
Webopedia
http://www.webopedia.com/