ALAN PALLER THE SANS INSTITUTE Beyond Security Awareness!

Slides:



Advertisements
Similar presentations
Information Security The Responsibility of Security Lies on The Shoulders of Each and Every User……. R. LaRocca 1997 Robert LaRocca - Director Information.
Advertisements

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3,
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
7 Effective Habits when using the Internet Philip O’Kane 1.
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
What is identity theft, and how can you protect yourself from it?
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.
Alan Paller The SANS Institute
Hands-On Ethical Hacking and Network Defense
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Welcome to EECS 354 Network Penetration and Security.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Computer Security and Penetration Testing
Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Social impacts of the use of it By: Mohamed Abdalla.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Introduction to Computer Ethics
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Computer & Internet Security Sean Lanham, CISSP - ISO University of Texas at Arlington Information Security Office.
Information Warfare Playgrounds to Battlegrounds.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
E-Safety E-safety relates to the education of using new technology responsibly and safely focusing on raising awareness of the core messages of safe content,
Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
How To Keep Kids Safe Online By:Isabelle Knoth and Gia H ill.
IS Network and Telecommunications Risks Chapter Six.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Project Scenario # 3 Daniel Gomez. I am the Information Systems Security Manager at Western Technical College. A virus has penetrated the network firewall.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Social impacts of ICT. Local Community IT has been good in the local community for families who need to keep in touch with family they can use Facebook.
1 Executive Leadership of Cybersecurity Austin, TX December 3, 2014 ELOC Bank Table Top Exercise.
Information Warfare Playgrounds to Battlegrounds.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
CyberPatriot Workshop New Coach Training. Intros - name, school, job title + why interested in CP. Also, any other contests? CyberPatriot Overview - who,
Security threats from pervasive broadband access Prof. Jim Norton Chartered Director & Chartered Engineer Senior Policy Adviser e-Business & e-Government.
INTRODUCTION & QUESTIONS.
Tech Vocab Slideshow Quarter 4 By: Jordan McCamman.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Information Management System Ali Saeed Khan 29 th April, 2016.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Cybersecurity Outlook for 2011
Threats to computers Andrew Cormack UKERNA.
Answer the questions to reveal the blocks and guess the picture.
Cybersecurity Awareness
Risk of the Internet At Home
Information Security Session October 24, 2005
Introduction to Systems Security
Case Study: Code Red Author: Jedidiah R. Crandall,
Presentation transcript:

ALAN PALLER THE SANS INSTITUTE Beyond Security Awareness!

The Public Is Awakening editorial on Jan 26 Why the 'China virus' hack at US energy companies is worrisome by John Yemma, Editor “The stakes in the global cyber- war are at least as high as those in the global war on terror.” 2

Four years building to public outrage August 29, 2005: Titan Rain August 17, 2006: Gen. Lord Confirms 3

Major General William Lord “China has downloaded 10 to 20 terabytes of data from the NIPRNet” “They’re looking for your identity so they can get into the network as you,” “There is a nation-state threat by the Chinese.” Maj. Gen. William Lord, director of information, services and integration in the Air Force’s Office of Warfighting Integration and Chief Information Officer August 21, 2006 Government Computer News “Red Storm Rising” October 6, 2006: Commerce BIS Division The federal government's Commerce Department admitted Friday that heavy attacks on its computers by hackers working through Chinese servers have forced the bureau responsible for granting export licenses to lock down Internet access for more than a month. 4

Four years building to public outrage Dec 1, 2007: 300 British Companies Apr 8, 2009: The Grid 5

Four years building to public outrage January 15, 2010 Google & more January 25, 2010: Oil Companies 6

The Big One We’ve Been Expecting 7

YOUR BANK ACCOUNT YOUR BROKERAGE ACCOUNT YOUR PEACE OF MIND YOUR JOB SECURITY How Do These Attacks Threaten You? 8

Your Bank Account Attacker: Opens accounts in most banks You: Get your machine infected (we’ll come back to how you did that) Attacker: Installs keystroke logger You: Visit your bank site and sign on Attacker: Captures your keystrokes; sends the data to his server; signs on to your account; moves money to his account in the same bank; takes your money away Big difference: personal account; business account 9 99

Your brokerage account Attacker: Buys a lot of shares in a penny stock You: Get your machine infected (we’ll come back to how you did that) Attacker: Installs keystroke logger You: Visit your brokerage site and sign on Attacker: Captures your keystrokes; sends the data to his server; signs on to your account; sells your shares; uses your money to buy the penny stock causing the price to rise sharply; moves money to his account in the same bank; takes your money away. Called pump & dump 10

Your Peace of Mind You: Get your machine infected (we’ll come back to how you did that) Attacker: Installs attack software or denial of service tool or spam generation tool Attacker attempts to penetrate DoD using your computer, or denies service to a commercial site using your computer, or sends out 300,000 spam messages. At 3 AM one night, the FBI knocks on your door asking why you are attacking DoD, or attacking a commercial web site, or sending spam. An event you don’t forget. 11

Your Job Security You: Get your machine infected (we’ll come back to how you did that) – especially by the Chinese The attacker waits until you use your credentials to sign on to DoE’s systems. The attacker uses your access to gather data, infect other systems, and leave back doors. The attack is discovered and traced to your machine. You are asked to explain why you signed into DoE with an infected system – your answer affects your career 12

How Did Your System Get Infected? 13

… and the big one: Application Attacks Places you visit January: 87,000 web sites infected and infecting visitors who trusted them. 14

with attachments Osama was captured this morning – see attached pictures of him in custody The Department has just agreed to a 14% cutback in staff, the attached spreadsheet shows which groups are going to have to give up the most positions Britney Spears caught in an embarrassing position Give money to victims of the Pakistan flood Many, many more. 15

you respond to Spear Phishing - Victims being attacked while doing what they should be doing What’s wrong with this hypertext url? 16

How Spear Phishing works An arrives from your security officer saying: “ Microsoft has given us a heads-up about a major new vulnerability. They won’t be making the patch public until tomorrow but have offered us early access to the patches. Before you leave work today go to the following Microsoft site and download the new patch windows.mspx 17

Why it went to the wrong place: html code was actually: windows.mspx Would it have fooled anyone in your organization? 18

Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology April 17, 2007 Chairman: Jim Langevin "We don't know who's inside our networks. We don't know what information has been stolen. We need to get serious about this threat to our national security."  State Dept witness: Don Reid, Senior Coordinator for Security Infrastructure  Commerce Dept witness: Dave Jarrell, Manager, Critical Infrastructure Protection Program Setting the stage 19

Two responses Commerce 1.No idea when it got it in, how it got in, or where it spread 2.Took 8 days to filter (ineffective) 3.Unable to clean the systems; forced to replace them 4.Do not know whether they have found or gotten rid of the infections State 1.Detected it immediately 2.Put effective filter in place within 24 hours; shared filter with other agencies 3.Found two zero-days 4.Helped Microsoft and AV companies create patches and signatures 5.Cleaned infected systems, confident all had been found 20

What was the difference?  Was it tools? No  Almost same commercial tools – Commerce had more commercial IPS/IDS  Was it skills? Yes  Commerce – only experience was firewall operations not even firewall engineering. No training other than prep for Security + and later for CISSP  State – experience and training in forensics, vulnerabilities and exploits, deep packet inspection, log analysis, script development, secure coding, reverse engineering. Plus counter intelligence. And managers with strong technical security skills. 21

Which skills matter most?  Security skills:  System forensics; network forensics and deep packet inspection; Windows, UNIX, and PDA defensive configuration; log analysis; script development; exploits and penetration testing; secure coding; reverse engineering. Plus counter intelligence.  Foundations:  Networking and network administration; computer operations and system administration; Java and C/C+ programming including the 25 most dangerous programming errors 22

Is Any Country Investing In Developing These Skills? Wicked Rose Key weapons in future wars will be people with advanced, technical cyber security skills 23

Where do we find the people with skills? 1. Pathways to Professionalism – A Federal Initiative Security officers may continue in their positions after one year only if they master one of four key technical areas in security. 2. The US Cyber Challenge 24

Can the Cyber Challenge Find Highly Talented Young People? 25

Q. You're in your senior year in high school -- had you already taken computer courses at school? A. I enrolled to take Introduction to Programming this year, but they cancelled it; they couldn't find a suitable teacher. Q. How do people demonstrate and test their skills if they do not have the opportunity to play in the NetWars rounds? A. There aren't many options for kids with lots of cyber skill to be able to exercise and further develop those skills. Most would just simply target random servers and hack illegally, so it was great that I found NetWars. 26

Who is supporting the US Cyber Challenge? FBI NSA DHS 27

Seven Levels  Cyber Foundations  Cyber Patriot Cyber Defense Competition  The Security Treasure Hunts  NetWars  The Cyber Camps  Collegiate Cyber Defense Leagues  Internships and Scholarships 28

Questions? 29