University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

Slides:



Advertisements
Similar presentations
Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.
Advertisements

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
Welcome to EECS 354 Network Penetration and Security.
THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.
1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.
Protect Your Computer Protect Your Work Computing & Communications.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
VIRUS Jan Damsgaard Dept. of Informatics Copenhagen Business School
1 The Spread of the Sapphire/Slammer Worm D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver Presented by Stefan Birrer.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.
A Study of Mass- mailing Worms By Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang, Carnegie Mellon University, 2004 Presented by Allen.
1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.
Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
APA of Isfahan University of Technology In the name of God.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Internet Worms Brad Karp UCL Computer Science CS GZ03 / th December, 2007.
CERN’s Computer Security Challenge
Talking points Attacks are more frequent, more aggressive, require more time to repair and prevent Machines get compromised in 2003 for the same reasons.
How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Security at NCAR David Mitchell February 20th, 2007.
Lesson 4 Networked Computer Security Attacks on Internet Computers.
Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Page 1 8 Oct 2004 IT Security Awareness Dangers in the Networked World Lai Zit Seng NUS School of Computing.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.
台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan The first message about the worm we got.
1 Very Fast containment of Scanning Worms By: Artur Zak Modified by: David Allen Nicholas Weaver Stuart Staniford Vern Paxson ICSI Nevis Netowrks ICSI.
Computer Viruses By: Eyad Al-Hazmi. Roadmap Introduction : Computer Viruses in brief Danger of Virus attacks Virus Attacks and Ethics Economic Impact.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
ProjectImpactResourcesDeadlineResourcesDeadline Forecast Plan Time Resources Risk 001xx 002xx 003xx 004xx 005xx 006xx 007xx TotalXX Example 1: Portfolio.
1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.
By: Shannon O’Hara The internet is born! 1971 People communicate over a network for the first time. is invented! A program to send messages.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Evolution of Computer Viruses A Technical Presentation by: Logan Kallop.
By: Austen Perelman-Hall COSC 101 Presentation.  What is a worm? What is a virus?  What is the Red Worm?  Where did it come from? Causes  Effects.
1 What will be the Coming Super Worms and Viruses By Alan S H Lam.
Information Security Session October 24, 2005
Internet Worm propagation
A Distributed DoS in Action
Brad Karp UCL Computer Science
Jonathan Griffin Andy Norman Jamie Twycross Matthew Williamson
CSE551: Introduction to Information Security
Introduction to Internet Worm
Presentation transcript:

University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October 2003

University of WashingtonComputing & Communications Major Attacks Dec 2000: Hospital records release Jul 2001: Microsoft web server (Code Red) Sep 2001: Microsoft web server (Nimda) Mar 2002: SSH libraries (e.g. Slapper) Jun 2002: DNS libraries Aug 2002: The Great Spam Attack Jan 2003: Microsoft SQL (Slammer) Jul 2003: Microsoft RPC (Blaster, etc) Aug 2003: SoBig.F virus

University of WashingtonComputing & Communications January 2003: Microsoft SQL (Slammer) Allows system takeover Aggressive spread (unintended DOS?) Many vulnerable applications High impact on network routers Significant collateral damage to adjacent computers/subnets Simple port blocking damages legit traffic

University of WashingtonComputing & Communications Slammer Impact on UW Older routers failed under load Hard to identify/shutoff source during attack Some critical subnets affected for many hours Older net infrastructure hampers defense –Accelerated phase-out of older routers –Hubs/Switches/wireplant still a problem Improved locate/isolate tools

University of WashingtonComputing & Communications July 2003: Microsoft RPC (Blaster, etc.) Several variants (directed & worm attacks) Some attacks allow system takeover Windows vulnerability: all recent versions Two Microsoft patches (so far) Border blocking: –effective only temporarily –breaks popular applications –or forces deployment of VPNs

University of WashingtonComputing & Communications RPC Impact on UW Windows infection rate: over 20% (6200) Mean-Time-To-Infection: 2 minutes > 12,000 msgs handled by SecOps in Sept Lots of tools developed to detect/block/fix –real-time auto-blocking –self-service unblocking –internal patch page CD campaign for returning students

University of WashingtonComputing & Communications Security Trouble Ticket Trend

University of WashingtonComputing & Communications RPC Impact Elsewhere UNC: med center - “total infection” Uchicago: $1000 reconnect fee? Evergreen: “virtually shutdown” Several: contracts w/students, fees to fix Everywhere: enormous costs

University of WashingtonComputing & Communications SoBig.F Virus Ultra aggressive Forged addresses, bogus auto-responses JUL: 17M messages in, 48K viruses AUG: 25M messages in, 6M viruses Believed to aid spammers Phase II attack thwarted Self-terminated on Sept 10 “most widely ed virus ever”

University of WashingtonComputing & Communications Lessons Huge strategic problem for UW Huge costs and risks ahead Only decision to make: –do we pay for prevention?, or –do we pay for clean-up? Prevention requires paradigm shift –unmanaged PCs must be eliminated –lots of network upgrades & tools needed 2003 is a turning point