Presentation is loading. Please wait.

Presentation is loading. Please wait.

Current Threats to Corporate Information Security Management

Published byLiani Kusnadi Modified over 6 years ago

Similar presentations

Presentation on theme: "Current Threats to Corporate Information Security Management"— Presentation transcript:

1 Current Threats to Corporate Information Security Management
YOUNG Wo Sang Program Committee, PISA

2 Two Recent Attacks SirCAM (July 2001) Code Red II (Aug 2001)

3 Top 10 Internet Security Threats
Consensus Report 2000 - SANS, the NIPC, and the Federal CIO Council “These aren't the only threats…just the most common at the moment. Hopeful we will eliminate these threats and create a new list next year.” SANS, the NIPC, and the Federal CIO Council published a consensus report on the Top Ten Internet Security Threats in 2000 summer ( The idea is to publicize a list for all to work on. It was expected that a new list can come up in the next year. However, it seems a lot of outstanding issues still deal with the original 10 threats, like the SirCAM and Code Reds .

4 Top 10 Internet Security Threats
1. Bind 2. Vulnerable CGI Programs 3. Remote Procedure Calls (RPC) 4. Microsoft IIS weakness 5. Sendmail Buffer Overflow 6. sadmind (Solaris) and mountd 7. Global file sharing 8. User ID's / Passwords 9. IMAP and POP 10. Default SNMP Code Red II 1. Code Red and Code Red II uses the IIS weakness, though different from the one quoted in year 2000 2. SirCAM exploits the NETBIOS file sharing (ports in NT; port 445 in W2K). It also take advantage of weak password in Windows. SirCAM

5 SirCAM Damage Distribution Exploit
Release or destroy sensitive information Distribution Mass mailing to addresses found in address book Malicious computer write to unprotected Windows share in the network Exploit Vulnerability of Global File Sharing & Weak Password

6 Code Red II Damage Distribution Exploit
Install “Backdoors” on the infected web servers that allows any remote attacker to further compromise the system Distribution Scan for vulnerable hosts to infect Exploit Vulnerability of Buffer Overflow in Index service that come with IIS (installed by default) Code Red II is much more harmful than Code Red. It opens the victim machine for greater risk.

7 The Implications 1 Self-sufficiency and Self-learn
They do not rely on the system to spread, but scan for the next victim on the network Optimized for High Efficiency Code Red II spreads much faster than previous Code Red by using a more intelligent algorithm to select victim IP address More and more adaptive -- just a start of a greater attack 3. Un-patched systems hinder total suppression. If we use a biological analogy to depict the breakthroughs of SirCAM and Code Red, we found that they have been regenerated to a more tough, intelligent and more automatic organisms. More self-motivated virus/worm using newer algorithms from AI will increase the spreading, penetration and difficulty of detection. (Evolution of Organisms) The high speed network removes bottleneck of internet traffic , AS WELL AS worm spreading traffic. 3. Un-patched system = those who have virus to infect others, though the virus has no impact to them. e.g. many infected system by Code Red 1 were not patched because the owner did not think the need to fix an unused service (IIS installed by default). However, their machines were used as zombie to attack others.

8 The Implications 2 4. Remote Exploit 5. Allow further attack
A hacker can run commands on the system without having to access it directly. 5. Allow further attack They broadcast to the Internet the servers that are vulnerable to these flaws, allowing others to further attack the victims by other means 6. Next Victims Hackers will find ways to attack more critical components like routers and network equipment 5. Analogy of Code Red II to grant possibilities to other attacks is similar to “complication” (bing fa diseases) in medicine. 6. More crafted attacks is possible. Code Red and SirCAM seems to test water. IIS being the focus of the year but there are a lot other devices with weak security protection.

9 Potential Threats 1 When the old tricks can win the new game
Variants exploiting same old vulnerability When we breaks our Firewall perimeter Remote VPN, Wireless LAN When the Trust fails Mobile workers, Contractors and Guests Unpatched systems with old vulnerability still open to be attached Traditional perimeter protection could be bypassed by VPN. Few consider VPN as insecure. Yes, the channel is encrypted but it does not mean the remote system is well protected. Wireless LAN makes cable tapping control even more difficult. Mobile workers bring with the infected notebooks to the office. Contractors and Guests are more likely to cause infections. Hong Kong Government intranet and several big companies were infected. They have deployed perimeter defense but …

10 Potential Threats 2 When one thinks he has done enough
“I can just reboot the server when the server is defaced by the Code Red” When Nobody cares about the Others “why patch? The infection does not hurt me …” When it is too late when I know People awareness is very doubtful People do not care about others, just like they do not care about the environment Some do care, but they do not possess the tools to detect and defend

11 Technical Controls Protection
Protect network outside firewall as well as Inside firewall Control Outgoing connections besides Incoming connections Avoid Trojans Avoid spread of worm from infected internal machine Wireless LAN: employ secure channel LAN : Control cable tap (hard job!) Firewall configuration Some old configuration just block incoming traffic. People should think about blocking outgoing traffic as well. This prevents Trojan from initiating connection from inside out This also prevents infected system from attacking out Network tapping control Wireless LAN should allow only encrypted connection Common LAN is more difficult to control. Servers should tighten password and permission control to avoid network attack.

12 Technical Controls Protection (cont.) Detection Correction
Tighten all access control, password control IMMEDIATELY Detection Check Server Integrity Scan internal network for vulnerability Install Intrusion Detection System Correction Backup & Recovery Detection We need to change our way of thinking -- Treat internal network more toward untrusted network Do Penetration test to systems to find flaws Install IDS to alert attacks Correction Make sure we backup systems

13 Management Controls Server patch management (not easy)
Effective Information Asset Management Ongoing Patch & Change Management Scan all incoming notebooks (not easy) Manage and Scan Remote PCs (hard!) Management Problems Too many patches – what to patch, what has been patched and what has not? There is a need to have a list of all information assets, listed in order of risk. Control of patch and change is required Out of office systems (notebook, remote PCs) are high risk area. Control must be tightened.

14 Detection and Reporting
Development of Detection, Analysis, Warning and Response Capabilities in corporate and governmental environment Crisis Management Legislation framework We see immature infrastructure both globally and in corporate level in detecting, analyzing and warning of incidences and response. Crisis Management – there is no strong state command of the crisis. Every country, every corp did their own protection. Communication is weak. CERTs need to work a lot harder. CERTs need to have central coordination and yet have to develop distributed points in corps. Teenage Hacking using kiddy hacking tools – hindrance in prosecution

15 Lack of Resources and Expertise
Outsource Information Security Management Outside help must be seek to manage the situation, if resources is limited. Demand of the information security industry and profession outgrows the supply

16 Lesson learned Our individual security depends on our mutual security
The consequences of failure could drive your company out of business

17 References Top 10 Internet Security Threats 2000
Code Red, Code Red II, and SirCAM Attacks highlight Need for Proactive Measures Code Red II Worm Analysis Update

18 Q & A Thank You

Download ppt "Current Threats to Corporate Information Security Management"

Similar presentations

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Chapter 12 Network Security.

Chapter 12 Network Security.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google