Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

Slides:



Advertisements
Similar presentations
Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.
Advertisements

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
System Security Scanning and Discovery Chapter 14.
Denise Heagerty, CERN, HEPiX Meeting Oct HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,
System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Fermilab VPN Service What is a VPN ?.
Managed Host Security – Patch Management   BigFix Deployment April-September 2004 Jay Stamps, ITSS Turing Auditorium, May 21, 2004.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at RAL 09 Dec 2002 Work supported by U. S. Department of Energy contract.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Cyber Patriot Training
Laptops and Computer Security Gareth Smith. Current Situation in PPD Standardised on Dells (D400, D600) Total bought to date by department: ~50. Loan.
CERN’s Computer Security Challenge
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
1 Technology Coordinator Meeting Humanities 019 Friday, March 29, 2002.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Honeypot and Intrusion Detection System
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Windows 7 Firewall.
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
Module 11: Remote Access Fundamentals
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Windows XP Professional Features ©Richard L. Goldman February 5, 2003.
Simplifying the Configuration of Student Laptops — StirlingVPNSetup Simon Booth University of Stirling Laptop Forum 27th June 2006.
Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.
Security at NCAR David Mitchell February 20th, 2007.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Computer Security Update Bob Cowles, SLAC stanford.edu Presented to HEPiX at Fermilab 23 Oct 2002 Work supported by U. S. Department of Energy.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
TCOM Information Assurance Management System Hacking.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Getting Connected to NGS while on the Road…
Working at a Small-to-Medium Business or ISP – Chapter 8
Chapter 6 Application Hardening
Common Methods Used to Commit Computer Crimes
Technology Update TSAG Meeting 5/11/04.
What is an Operating System?
Real Microsoft Exam Questions and Answers
Internet Basics.
Information Security Session October 24, 2005
Getting Connected to NGS while on the Road…
Implementing Client Security on Windows 2000 and Windows XP Level 150
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
IT Management, Simplified
Division of Engineering Computing Services
Presentation transcript:

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy contract DE-AC03-76SF00515

23 Oct 2003HEPiX - TRIUMF2

23 Oct 2003HEPiX - TRIUMF3 Slammer Impact

23 Oct 2003HEPiX - TRIUMF4 Australia Japan Korea China India

23 Oct 2003HEPiX - TRIUMF5

23 Oct 2003HEPiX - TRIUMF6

23 Oct 2003HEPiX - TRIUMF7 MSBlaster Released MSBlaster at SLAC

23 Oct 2003HEPiX - TRIUMF8 FireWall Log – Infected Machines Sep 16 18:29:18 icmp > (8/0) Sep 16 18:29:19 icmp > (8/0) Sep 16 18:29:20 icmp > (8/0) Sep 16 18:38:46 tcp (3325) -> (135) Sep 16 18:38:47 tcp (3169) -> (135) Sep 16 18:38:48 tcp (3249) -> (135) Sep 16 18:40:06 icmp > (8/0) Sep 16 18:40:06 icmp > (8/0) Sep 16 18:40:07 icmp > (8/0) Sep 16 18:40:17 tcp (4107) -> (135) Sep 16 18:40:18 tcp (4194) -> (135) Sep 16 18:40:19 tcp (4292) -> (135) Sep 16 22:28:25 tcp (4413) -> (135) Sep 16 22:28:26 tcp (4377) -> (135) Sep 16 22:28:27 tcp (4383) -> (135)

23 Oct 2003HEPiX - TRIUMF9 Infection SLAC 32%VPN 22%DHCP (reg, internal network) 20%Fixed IP On vacation, laptop infected outside, etc. 14%Infected during build / patch 12%Dialup

23 Oct 2003HEPiX - TRIUMF10 Blaster - Easy to Get Infected 09/29/103 11:46:42 Host: Port: 135 TCP Blocked 09/29/103 11:46:41 Host: Port: 135 TCP Blocked 12:21pm: Bob, is host "illusion" yours, as per my so-called memory? But the mac addr is registered to Richard Mount... Sep 29 11:41:37 dhcp2 dhcpd: DHCPACK on to 00:10:a4:e4:2a:b8 (illusion) host roam-rmount2 { hardware ethernet 00:10:a4:e4:2a:b8; }# 01/25/00 # PC54566, Richard Mount

23 Oct 2003HEPiX - TRIUMF11

23 Oct 2003HEPiX - TRIUMF12

23 Oct 2003HEPiX - TRIUMF13

23 Oct 2003HEPiX - TRIUMF14

23 Oct 2003HEPiX - TRIUMF15

23 Oct 2003HEPiX - TRIUMF16

23 Oct 2003HEPiX - TRIUMF17

23 Oct 2003HEPiX - TRIUMF18

23 Oct 2003HEPiX - TRIUMF19

23 Oct 2003HEPiX - TRIUMF20

23 Oct 2003HEPiX - TRIUMF21

23 Oct 2003HEPiX - TRIUMF22

23 Oct 2003HEPiX - TRIUMF23 It Sucks Not to Patch Popular rookit in many variations Hides files, directories, processes; precompiled password With keyboard and/or ssh sniffers Listens on *all* open ports for backdoor Any port open inbound allows backdoor signal, sk thens opens outbound tcp for encrypted shell connection

23 Oct 2003HEPiX - TRIUMF24 suckit (cont) Home page Latest versions not publicly available Also find exploits for –ptrace –sendmail 8.11.x

23 Oct 2003HEPiX - TRIUMF25 Last 24 Hours Last 30 Days

23 Oct 2003HEPiX - TRIUMF26 Gartner ITXpo Windows has fewer vulnerabilities than RH Linux [RH6] No roadmap for Linux. There’s nobody to hold accountable for security issues The security of Microsoft products is our top priority. We have our best brains on it. We understand this is an issue of customer satisfaction.

23 Oct 2003HEPiX - TRIUMF27 Stanford Universities tend to be a worst case Diverse, unmanaged –Population –Hardware –Software Unlikely to fit into AD model Stanford had 8000 machines compromised by Blaster BEFORE students returned for classes

23 Oct 2003HEPiX - TRIUMF28 Feedback to Microsoft Clear & meaningful impact statements Fix IE (30+ outstanding bugs) Reduce the attack vector (profile services) Don’t require license check for security patches (e. g. MS Office CD) No tie-in to IE (no active scripting)

23 Oct 2003HEPiX - TRIUMF29 Feedback to Microsoft (cont) Open up patching tools and process Understand 3 rd party tools +/- Allow other vendors to use same tools for their Windows products Provide feedback on real patch status (local & remote) Need general patch deployment tool not requiring AD

23 Oct 2003HEPiX - TRIUMF30 Conclusions [Unchanged from last year] Poor administration is still a major problem Firewalls cannot substitute for patches Multiple levels of virus/worm protection are necessary Clue is more important than open source

23 Oct 2003HEPiX - TRIUMF31 No Easy Solutions Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.