A Failure to Learn from the Past Presented

  • Slides: 12
Download presentation
A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors

A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden

Introduction • • Internet Worm and its Behavior Consequences to the Creator/Originator Resulting actions

Introduction • • Internet Worm and its Behavior Consequences to the Creator/Originator Resulting actions taken What have we learned?

Internet Worm • October, 1988 Internet Contained 60, 000 hosts • Worm attack affected

Internet Worm • October, 1988 Internet Contained 60, 000 hosts • Worm attack affected 3000 -6000 (5%10%) • Infection lasted 3 -4 days • Only Unix based systems affected

Internet Worms -- Terms • Worm – Independent program that can replicate itself •

Internet Worms -- Terms • Worm – Independent program that can replicate itself • Virus – Code that requires a host, and cannot run independently • Malware – Malicious Software

Inernet Worm -- Operation • Fingerd – Buffer Overflow (C-Language gets() – altering fingerd

Inernet Worm -- Operation • Fingerd – Buffer Overflow (C-Language gets() – altering fingerd functionality • Sendmail – DEBUG options exploit allowed execution of commands • Password discovery • Identify Trusted Machines • Cleanup after Execution • Chronology

Consequences • • • Author Robert T Morris No Prison, 400 Hours Community Service

Consequences • • • Author Robert T Morris No Prison, 400 Hours Community Service Fine of $13, 776 Suspended from graduate studies at Cornell Malicious Intent not proven Ultimately received Ph. D from Harvard, and is currently an associate professor at MIT. • Adequate?

Resulting Actions • CERT (Computer Emergency Response Team) • Central switchboard for computer emergencies

Resulting Actions • CERT (Computer Emergency Response Team) • Central switchboard for computer emergencies on ARPAnet and MILnet • Not enough?

What have we learned? • Software Flaws • Incident Response • Laws and Ethics

What have we learned? • Software Flaws • Incident Response • Laws and Ethics

Learned? (Software Flaws) • 95% of reported malware is against Microsoft • Trust Relationships

Learned? (Software Flaws) • 95% of reported malware is against Microsoft • Trust Relationships – Software – Hardware – Personal • Buffer Overflows • Default Configurations

Learned? (Incident Response) • • CERT/CC Delayed Communications Not Comprehensive What communication is good

Learned? (Incident Response) • • CERT/CC Delayed Communications Not Comprehensive What communication is good enough?

Laws and Ethics • • • Fewer than a dozen people convicted Expensive/Difficult to

Laws and Ethics • • • Fewer than a dozen people convicted Expensive/Difficult to Investigate Lack of Tools/Expertise Lack of Foreign Laws Lack of international cooperation

Conclusion • Punishment not adequate – Needed precedence • Awareness needs to be heightened

Conclusion • Punishment not adequate – Needed precedence • Awareness needs to be heightened • Software processes need to recognize lack of expertise • Security should be a priority to product management