Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

Similar presentations


Presentation on theme: "IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information."— Presentation transcript:

1 IT Security Doug Brown Jeff Bollinger

2 What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information technology

3 Mistakes Computers don’t make mistakes; people do. People write programs. Each program that you run introduces another set of mistakes that the bad guys can use against you.

4 From the network Programs open ports Attackers probe these ports (Layer 4 - transport) to determine which programs are running, what version they are, and what they can attack

5 Firewalls (Layer 4 – Transport) What they do:

6 Why not stop there? A Firewall on your network is not a panacea You will probably have to allow some access to your network through the firewall If someone uses this access to hack a box on your network, then the firewall becomes inconsequential Firewalls are troublesome in some environments – like UNC

7 Break-ins Things the bad guys take advantage of Bad or weak passwords Poorly written programs Buffer Overflows Execution of code Detection of break-ins System logs IDS and/or Firewall logs Abnormal system behavior Complaint from another user

8 Intrusion Detection Normally a passive security tool Monitors network traffic in search of attacks Signature based Traffic pattern based Monitoring the IDS logs provide Evidence with which to respond to attacks Warnings to allow the stopping of attacks in progress Post-mortem information after attacks UNC is currently using Snort

9 An example from Snort Signature # Alerts# Sources # Destinations Detail link ida ISAPI Overflow 2274 1952 1583 Summary CUSTOM Port 65000 TCP traffic 2996 93 161 Summary WEB-MISC Invalid URL4387 111 637 Summary WEB-MISC 403 Forbidden45626281177Summary SMTP relaying denied507025144 Summary CUSTOM IRC file-sharing 7447 20 19Summary FTP EXPLOIT wu-ftpd overflow 779249596 Summary WEB-MISC Attempt to execute cmd8479246 1353Summary INFO Possible IRC Access 14784 127 76 Summary Incomplete Packet Fragments21201138140 Summary WEB-MISC http directory traversal2442614461643Summary

10 Intrusion Detection The downside of Intrusion Detection? False Positives!

11 Enter Intrusion Prevention Sits In-line and automatically drops bad traffic Layer 7 – Application Inspection With the right brand - No False Positives Security Zones (Attack Domains) contain infections

12 An example from Tipping Point Hit CountFilter 8988MS-RPC: DCOM 396Shell Command Exec 334IE CHM File Proc 202Code Red II Worm 83Nimda Attack

13 IE CHM File Processing This filter detects an attempt to exploit a vulnerability in Internet Explorer, specifically in IE's processing of compiled help (".chm") files. The flaw can be exploited by a malicious website to execute arbitrary code on a client system. Note that the vulnerability is being exploited in the wild to install malicious code named "Ibiza" on compromised systems.

14 Key Points People are behind the technology Security combats human error Goal of security is to ensure: Confidentiality - Integrity - Availability (of the data and systems)

15 Wireless Demo Wireless Implementations = Human Error


Download ppt "IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information."

Similar presentations


Ads by Google