100 Security The only system which is truly
- Slides: 23
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it …. Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University ” 1
The Internet Challenge E-Commerce Internet Business Value Internet Corporate Presence Internet Intranet Access Workforce Optimization Customer Care Supply Chain Management E-Learning Expansion of E-Business!! Expanded Access Heightened Network Security Risks 2
Threat Capabilities: More Dangerous & Easier To Use High Back Doors Packet Forging/ Spoofing Stealth Diagnostics DDOS Sweepers Sniffers Exploiting Known Vulnerabilities Technical Knowledge Required Password Cracking Password Guessing 1980 Sophistication of Hacker Tools Disabling Audits Self Replicating Code Low Internet Worms 1990 2000 3
Examples 4
Distributed Denial of Service (DDo. S) • Stacheldraht - “barbed wire” • Trinoo • Tribe Flood Network (TFN) and TFN 2000 • Shaft 5
Attacks Keep Getting Easier www. test. com Connected to www. test. com 6
l 0 PHT Crack Dumps All Passwords from the NT Registry Specify a Computer: 7
l 0 PHT Crack Dumps the Password Files 8
The Intruder Opens a Word Dictionary 9
and Runs the Crack 10
11
A new generation of attacks: The Internet Worms © 2001, Cisco Systems, Inc. All rights reserved. 12
The Code Red & NIMDA Worms What Happened? ? - - Code Red July 19 -20/2001 359, 104 Hosts in 13 hours $2. 6 Billion in Damages! Estimates from Computer Economics (Carlsbad, CA) - NIMDA September 18, 2001 Fastest spreading virus 300 K+ Hosts, 2. 2 M devices Damage still being assessed 13
Code Red Spreads July 19, Midnight – 159 hosts infected 14
Code Red Spreads July 19, 11: 40 am – 4, 920 hosts infected 15
Code Red Spreads July 20, Midnight – 341, 015 hosts infected 16
The Code Red Worm How It Works • Conceals itself in HTTP Packets. Firewalls alone cannot safeguard against the virus • The worm exploits vulnerabilities found in Microsoft’s Internet Information Server (IIS) v 4&5 via a buffer overflow attack • It then exploits arbitrary code and installs a copy of itself into the infected computer’s memory – which infects other hosts. 17
The NIMDA Worm How It Works • Hybrid of Worm & Virus • Spread by: - E-mail attachment (virus) - Network Shares (worm) - Javascript by browsing compromised web site (virus) - Infected hosts scanning for exploitable hosts (worm) - Infected hosts scanning for backdoors created by Code-Red and sadmind/IIS worms (worm) 18
Anatomy Of A Worm 1 - The Enabling Vulnerability 2 - Propagation Mechanism 3 - Payload 19
The Enabling Vulnerability IIS 1 IIS Internet IIS IIS Using the Index Server buffer overflow attack, the worm attempts to install itself on IIS Web servers. 20
Propagation GO 2 IIS IIS After gaining access to the servers, the worm replicates itself and selects new targets for infection. 21
Payload üSTEAL üDEFACE üBACK DOOR üROOTKIT 3 When the server is infected with a worm, the attacker has administrator-level access to the server. Not only can the attacker deface Web pages, but they also have the power to reformat the hard drive, install a rootkit, steal credit card numbers, etc. 22
Additional Information • Compulsory Reading "Hacking Exposed". • Security Links (vulnerabilities, tips, exploits, tools) http: //www. securityfocus. com http: //packetstorm. securify. org http: //www. insecure. org 23
- 100 100 100 100 100
- The only truly continuous pressure belt
- Privat security
- Domestic and international human resource management
- Laurent's steps to truly international hrm
- The life that is truly life
- No one is truly free
- It's truly an honor
- Truly heaven
- Barbara is a very healthy person
- Ecotourism can truly solve the problem of pollution
- Truly flat straight
- Very truly i tell you
- Take only photos leave only footprints
- 240 sayısının 25 inin 20 si kaçtır
- 200+200+100+100
- Box plots gcse
- Malloc lab 100/100
- Héroïne dans la guerre de 100 ans (100 years war).
- 100+100=200
- Big data on bare metal
- 200+200+300+300
- C/100=f-32/180=k-273/100
- What's 100 + 100