Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Published byEzra Dean Modified over 9 years ago

Similar presentations

Presentation on theme: "IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27."— Presentation transcript:

1 IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Chris_kuo@acer.com.tw Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27

2 2 Goals of Information Security Target of Protection: Data Goals of Protection: Confidentiality, Integrity and Availability of Data Integrity Availability Confidentiality Ensure the data is available and timely Ensure the data is not disclosed improperly Ensure the data is correct

3 3 Attacks on availability of PC Grid Enterprises may use PC grid to run complicated and critical applications where businesses rely on PC grid relies on the health of underlying PCs PC..... A virtualized computer using security mechanisms of authentication, digital signature, encryption, etc Critical AP

4 4 Emerging Client Security Issues (I) Client security becomes more important –In the past, security has been focused on perimeter (network devices) and servers –Performance and capacities of client machines are increasing –Client devices, such as NBs & PCs, are assuming greater roles in infrastructure as P2P and other emerging applications –Clients may contain vital information just as servers

5 5 Emerging Security Issues (II) Attack origins shift –Security deployment of client machines are often neglected Virus pattern not updated, AV software turned off, … –Client devices are easier than servers to hack More unprotected channels: via e-mail or web-browsing Loose security sense of device owners –Clients are becoming the target of more and more attacks (malware: Trojans, backdoors, …) –Client-originated outward communications are rarely blocked, and becomes the major channel for information leakages –Client-originated internal attacks are much more effective than direct external assaults

6 6 Detection & Removal Effort Malware Breakout Scenarios (A)Known virus due to faulty Anti-Virus (AV) software deployment (B)Virus variant incapable to remove variant version of virus by existing AV (C)New malware beyond the detection of any AV or IDS system malware: virus, backdoor (Trojan), spyware, bot, … Risk Low High Low High AV system AV Monitoring Anti-Malware Monitoring Virus Malware (A) known virus (B) virus variant (C) new malware

7 7 Targeted Phishing Mail Attacks Hacker VPN Firewall Intrusion Detection Authentication Critical info leakage PC User Social Engineering (Phishing Mail)

8 8 Phishing Mail Testing Results 1st test2nd test Number of tested persons 981 Number of mails for each person 10 Number of victims300+200+ Ratio of Victims35%+25%+ Number of total test mails 9810 Successful mails1000+500+ Successful rate10%+5%+

9 9 Fail to Detect Malware http://www.virustotal.com/en/indexf.html

10 10 Detection & Removal Effort Defense Against Malware Risk Low High Low High AV system AV Monitoring Anti-Malware Monitoring Virus Malware (A) known virus (B) virus variant (C) new malwareCause: new malware cannot be detected by AV or IDS Phenomena: network congestion or system overload network congestion or system overload un-noticed information leak by backdoor un-noticed information leak by backdoor devices can be illegally controlled remotely devices can be illegally controlled remotelySolution: monitor network behavior to catch malware activities monitor network behavior to catch malware activities identify malware hosts identify malware hosts perform forensics on hosts perform forensics on hosts

11 11 Malware Detection Example(I) Set filtering rules and get interested events –Outbound connections for hosts in China and the connections were denied by firewall

12 12 Malware Detection Example(II) The Event Diagram shows suspicious hosts Inspect the hosts to get suspicious files

13 13 Malware Monitoring Information Source: Firewall –Firewall contains logs of all traffic transactions permitted or denied –Considerable resources and capabilities are required to effectively analyze firewall logs, “in real-time!” In Acer SOC, about 100M event per day! Network Behavior Model –By firewall logs, the legal/illegal network behavior model of a site may be constructed –Rules to allow or detect/alert network behavior must be established –Illegal behavior, once identified, must be alerted in the form of “security incidents” –Response team must address security incidents in specified time (under SLA) and perform forensic actions to understand the intrusion In 2006, Acer SOC uncovered >200 new malware!

14 14 Security Management Flow EventSources Workflow Layer  Case Assignment  Trouble Shooting  Resolution and Tracking Intelligence Layer  Analysis & Trend Tracking  Behavior Models  Automatic Case Creation Import Layer  Message Aggregation  Message Normalization FirewallVPNIDS/IPSAnti-VirusSwitch... Security Information Management System Operation Workflow System

15 15 Security Management Platform A system to monitor/manage 1000+ customers A system worth 2M~3M US dollars A distributed PC grid may save money and management efforts

16 16 Summary Ubiquitous computing(like PC grid) has raised the importance of client devices Network behavior of client devices must be constructed to allow comprehensive view on security –Firewall logs is the sole source for the understanding of comprehensive network behavior –Network behavior is monitored in real-time via SOC operations Existing AV systems, along with SOC, are part of defense infrastructure Defense weaponry –AV system: to detect any known virus events –AV monitoring: collecting AV event messages from AV server –Anti-malware monitoring: collecting firewall logs Grid computing has the potential to be used in security information management

17 17 Q&A

Download ppt "IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Security Guidelines and Management

Security Guidelines and Management
Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.

Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Securing Information Systems

Securing Information Systems
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

Similar presentations

Ads by Google