john scrimsher, cissp, ccna [email protected] host based security
TRANSCRIPT
![Page 2: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/2.jpg)
Why Host Based Security?
Perimeter Security vs. Host Based
66%
$34%
$$$
![Page 3: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/3.jpg)
Why Host Based Security?
MalwareInternal Threats
Employee Theft Unpatched systems
![Page 4: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/4.jpg)
What is Malware?
Anything that you would not want deliberately installed on your computer.
VirusesWormsTrojansSpywareMore……
![Page 5: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/5.jpg)
Where are the threats?
Un-patched ComputersEmailNetwork File SharesInternet DownloadsSocial EngineeringBlended ThreatsHoaxes / Chain Letters The Common Factor
![Page 6: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/6.jpg)
Privacy - Phishing
Email messages sent to large distribution lists.
Disguised as legitimate businessesSteal personal information
![Page 7: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/7.jpg)
Privacy - Identity Theft
Since viruses can be used to steal personal data, that data can be used to steal your identity
PhishingKeystroke loggersTrojansSpyware
![Page 8: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/8.jpg)
Social Engineering
… 70 percent of those asked said they would reveal their computer passwords for a …
Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1
Bar of chocolate
![Page 9: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/9.jpg)
Legal Issues
Many countries are still developing laws
Privacy Laws Investigations Content Security
Instant Messaging Internet Email
![Page 10: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/10.jpg)
Kaspersky Quote
"It's hard to imagine a more ridiculous situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness.The problem is that the current architecture of the Internet is completely inconsistent with information security. The Internet community needs to accept mandatory user identification - something similar to driving licenses or passports.We must have effective methods for identifying and prosecuting cyber criminals or we may end up losing the Internet as a viable resource."
Eugene KasperskyHead of Antivirus Research
![Page 11: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/11.jpg)
Regulatory Issues
Sarbanes Oxley Act (2002)Graham-Leach-Bliley Act (1999)Health Information Portability and
Accountability Act (1996)Electronic Communications Privacy Act
(1986)
![Page 12: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/12.jpg)
What is Management’s role?
Management ties everything togetherResponsibilityOwnership
TechnologyInfrastructure
Organization
Management
Security is a Mindset, not a service. It must be a part of all decisions and implementations.
![Page 13: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/13.jpg)
Business Management
Business Acquisition Questions Are the acquired assets as secure as your company? What are the network integration plans during an
outbreak? Is Security software sufficient
Updated Patched
Emergency segregation of networks
![Page 14: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/14.jpg)
Vulnerability Lifecycle
0-day is a fallacy
![Page 15: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/15.jpg)
Instant Messaging
Confidential Information LeakageBusiness needsPrivacy of employees
![Page 16: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/16.jpg)
Now, what do we do about it?
C.I.A. Security Model Confidentiality Integrity Availability
Current Solutions Antivirus / AntiSpyware Personal Firewall / IDS / IPS User Education
![Page 17: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/17.jpg)
How do these products help?
Host Firewall / IPS blocks many unknown and known threats
![Page 18: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/18.jpg)
How do these products help?
Antivirus Captures Threats that use common access methods Web Downloads Email Application Attacks
(Buffer Overflow)
VBSim demo
![Page 19: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/19.jpg)
Educated Users Help
The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall. In fact, the biggest threat could be you. What I found personally to be true was that it's easier to manipulate people rather than technology. Most of the time organizations overlook that human element.
Mitnick, Kevin, “How to Hack People.” BBC NewsOnline, October 14, 2002.
![Page 20: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/20.jpg)
How do these products help?
User Education
Don’t open suspicious email
Don’t download software from untrusted sites.
Patch
![Page 21: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/21.jpg)
Things to look for…
Abnormal computer activity Disk access CPU utilization Network activity
Bank Histories Unfamiliar transactions Small but numerous transactions
Audit trails
![Page 22: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/22.jpg)
Open Source
Shared informationBusiness ModelsIs it more secure?
Development model Security reviewers tend to be the same people
doing the proprietary reviews
Value in educationLots of good security tools
![Page 23: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/23.jpg)
Open Source - Browsers
Firefox vs. Internet ExplorerVulnerabilities reported in 2005
Internet Explorer
•SecurityFocus – 43
•Secunia Research – 9
•Symantec - 13
Firefox
•SecurityFocus – 43
•Secunia Research– 17
•Symantec - 21
What about shared vulnerabilities?
Plugins, WMF images
![Page 24: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/24.jpg)
On the Horizon - Microsoft
Targeted because they are Big?
Insecure because they are Big?
Vista Operating System
![Page 25: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/25.jpg)
On the Horizon
Early Detection and Preventative Tools Virus Throttle Active CounterMeasures Principle of Least Authority (PoLA) WAVE Anomaly Detection Viral Patching
![Page 26: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/26.jpg)
On the Horizon
Viral Targets Mobile Phones, PDAs Embedded Operating Systems
Automobiles Sewing Machines Bank Machines Kitchen Appliances
![Page 27: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/27.jpg)
Learn Learn Learn
Authors:Sarah GordonPeter SzorRoger GrimesKris KasperskySearch your library or online
![Page 28: JOHN SCRIMSHER, CISSP, CCNA JPS@HP.COM Host Based Security](https://reader036.vdocuments.site/reader036/viewer/2022062304/56649e7a5503460f94b7a6c4/html5/thumbnails/28.jpg)
Questions?