Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.

Slides:

Advertisements

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Advertisements

The Approach to Security in CLRC Gareth Smith With acknowledgements to all the members of the CLRC Computer Network and Security Group, especially Trevor.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

By Hiranmayi Pai Neeraj Jain

The Evolving Threat of Internet Worms Jose Nazario, Arbor Networks.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewall Configuration Strategies

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Enterprise Network Security Accessing the WAN Lecture week 4.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Talking points Attacks are more frequent, more aggressive, require more time to repair and prevent Machines get compromised in 2003 for the same reasons.

Honeypot and Intrusion Detection System

Web Application Firewall (WAF) RSA ® Conference 2013.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Internet and Intranet Fundamentals Class 9 Session A.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

Modeling Worms: Two papers at Infocom 2003 Worms Programs that self propagate across the internet by exploiting the security flaws in widely used services.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Recent Internet Viruses & Worms By Doppalapudi Raghu.

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Module 11: Designing Security for Network Perimeters.

Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.

Blackhat 2001 Las Vegas, Nazario, “The Future of Internet Worms” The Future of Internet Worms Jose Nazario Crimelabs Research.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

Slammer Worm By : Varsha Gupta.P 08QR1A1216.

© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Critical Security Controls

Threats to computers Andrew Cormack UKERNA.

Viruses and Other Malicious Content

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

CS4622 Team 4 Worms, DoS, and Smurf Attacks

Information Security Session October 24, 2005

Brad Karp UCL Computer Science

Lecture 3: Secure Network Architecture

Intrusion Detection system

CSE551: Introduction to Information Security

Introduction to Internet Worm

Presentation transcript:

Defense and Detection Strategies Against Internet Worms Usman Sarwar Network Research Group, University Science Malaysia.

Agenda Basically we have two parts in the presentation Understanding the worm Planning the strategies

Worms A computer worm is a program that self-propagates across a network exploiting security or policy flaws in widely-used services. A computer worm is a program that travels from one computer to another but does not attach itself to the operating system of the computer it infects.

Destruction by worms In recent years there were lots of massive destruction by the worms which somehow paralyzed the organizations for example: Code red [$2 billion ] Love bug [$9 billion ]

Types of worms There are two types of worms Host worms Network worms

Construction of worm Target platform? How it will attack the remote system Selecting computer language Scanning techniques Payload delivery mechanism Installation on target host Establishing the worm network

Introduction mechanisms Single point Multiple point Delayed trigger

Components of worms There are five components of worms Reconnaissance Attack components. Communication components Command components Intelligence components

Infection patterns Random Scanning Random Scanning using lists Island hoping Directed attacking Hit-list scanning

Worm network topologies Hierarchical tree Centrally connected network Shockwave Rider-type and guerilla networks Hierarchical networks Mesh networks

Target vulnerabilities Prevalence of target Homogeneous versus heterogeneous targets

Traffic analysis Growth in traffic volume Rise in the number of scans and sweeps Change in traffic patterns for some hosts Predicting scans by analyzing the scan engine

Pattern Matching Port Matching IP Address matching

Host based detection Host firewalls Virus detection software Partitioned privileges Sandboxing of applications Disabling unneeded services and features Patching known holes

Firewall & Network Defenses Perimeter firewalls Subnet firewalls Reactive IDS deployments

Proxy Defenses Configuration Authentication via proxy server Mail server proxies Web based proxies

Software vulnerabilities Most security vendors focus on adding features rather than fixing existing products SQL SERVER (Slammer worm) Windows (blaster worm)

Attacking the worm network Shutdown messages Bluffing with worm Slowing down the spread

Future worms attributes expectations Intelligence Polymorphism techniques Modular and upgradability Better hiding techniques Web crawlers as worms Super worms Political messages.

References 1- Ranum, M. J., and F. M. Avolio, A Toolkit and Methods for Internet Firewalls, Proc. USENIX Summer, 1994, pp. 37–44. 2 Safford, D. R., D. L. Schales, and D. K. Hess, The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment, Proc. Fourth USENIX Security Symposium, Santa Clara, CA, 1993, pp. 91– Wack, J., K. Cutler, and J. Pole, Guidelines on Firewalls and Firewall Policy: Recommendations of the National Institute of Standards and Technology, Available at sp pdf. 4- Chapman, D. B., Network (In)Security Through IP Packet Filtering, Proc. UNIX Security Symposium III, Baltimore, MD, 1992, pp. 63–76. 5-Mullen, T., The Right to Defend, Available at www. securityfocus.com/columnists/98. 6-Liston, T., LaBrea, Available at 7-Defense and Detection strategies against internet worms by Jose Nazario.