Proprietary Security New Trends New Issues 1022020 Proprietary
- Slides: 38
Proprietary Security New Trends, New Issues 10/2/2020
Proprietary Context Historical view of threats n Emerging view of threats n Segue: n – n Concept of scale Introducing asymmetric threat challenges Mc. Afee Research 10/2/2020 2
Proprietary 10/2/2020 Traditional Views of Computer & Network Security
Proprietary 10/2/2020 4 Threat Evolution: Malicious Code Human response impossible Automated response required, i. e. , automated remediation and automated attribution Seconds Minutes Hours Days Weeks or months “Flash” “Sasser” Human response impossible Automated response unlikely Threats, Proactive blocking possible i. e. , Sasser “Warhol” threats Human response difficult/impossible Blended Automated response possible threats e-mail Worms Human response possible Macro Viruses File Viruses Time Mc. Afee Research Early 1990 s Boot, Com Infectors Mid 1990 s Late 1990 s 2000 2003 2004
Proprietary 10/2/2020 5 Attack Types - by Vulnerability Category Social Engineering Logic Error Data Injection Data Modification Data Extraction Inappropriate Trust Malicious Code System Disruption Network Disruption Configuration Errors Mc. Afee Research Policy Oversight Weakness Authentication Host Access Protection Bypass
Proprietary 10/2/2020 6 Vulnerability Exploits - Examples Social Engineering impersonation of authority via phone or via Windows Messging / IM / IRC email Logic Error malicious code injection through buffer overflow data cache corruption workload amplification request/response source spoofing insider information theft ambiguous / weak / no information disclosure policy Policy Oversight Mc. Afee Research MS-Office macro virii / worms cross-site HTML scripting null / fixed / weak passwords null authentication poor certificate infrastructure Weakness authentication bypass improper/no software integrity verification weak / no information access controls capture of unsecured communications exploit via "unpatched" software
Proprietary Network Incidents are Increasing Source: CMU Computer Emergency Response Team Last updated January 22, 2004 Mc. Afee Research 10/2/2020 7
Proprietary Discovered Virus Threats per Day Source: Mc. Afee AVERT Mc. Afee Research 10/2/2020 8
Proprietary 10/2/2020 Machines Infected per Hour at Peak Source: Mc. Afee AVERT Mc. Afee Research 9
Proprietary 10/2/2020 The Speed of Attacks Accelerates SQL Slammer: n Blended threat exploits known vulnerability n Payload was single 404 byte UDP packet n Doubled every 8. 5 seconds n Achieved full scanning rate (over 55 million scans per second) after approximately 3 minutes n Infected 90% vulnerable hosts worldwide within 10 minutes Mc. Afee Research 10
Proprietary 10/2/2020 Incident Response Cost is Increasing In billions [1] Blaster cost includes the cost of the near simultaneous Sobig. F virus Source: Net. Worm. org Mc. Afee Research 11
Proprietary 10/2/2020 12 Application Vulnerabilities are Increasing Source: CMU Computer Emergency Response Team Last updated August 3, 2004 Mc. Afee Research
Proprietary 10/2/2020 Emerging Views of Computer and Network Security
Proprietary Phishing Attack Trends [1] Represents data for four days Source: Anti-Phishing Working Group Mc. Afee Research 10/2/2020 14
Proprietary 10/2/2020 15 Timeline: W 32/Lov. San. worm & W 32/Nachi. worm Vulnerability discovered in DCOM RPC, Microsoft posts MS 03 -026 Jul 16 Jul 25 IRC-BBot remote access Trojan uses RPC vulnerability RPCSS Jul 29 Jul 31 Aug 2 X focus (Chinese hacking group) forwards attack source code to public security lists Mc. Afee Research Downloader-DM Trojan gets media attention . . . Unconfirmed incident of RPC exploit being used to execute NET SEND spam attack Aug 11 Nachi worm and Lovsan Killer Aug 18 Lovsan worm
Proprietary 10/2/2020 16 War for Bragging Rights Fueled by Vulnerability Bulletins Net. Sky. F My. Doom. K Net. Sky. K My. Doom. G Net. Sky. B Net. Sky. G Aug 20? Jan 18 My. Doom. L Net. Sky. L Bagle. O ? ? ? Net. Sky. A Microsoft Security Bulletin MS 04 -011 Bagle. J Bagle. E Bagle. A Net. Sky. P ? ? ? My. Doom. P Bagle. L Bagle. G Bagle. B My. Doom. A ? ? ? My. Doom. F Microsoft Security Bulletin MS 03 -032 Bagle. P Bagle. K Bagle. F My. Doom. E Net. Sky. E My. Doom. J My. Doom. O Net. Sky. J Net. Sky. O Bagle. M Bagle. Q Bagle. H Bagle. C ? ? My. Doom. C My. Doom. M ? Net. Sky. C My. Doom. H Bagle. I ? My. Doom. D Mc. Afee Research Net. Sky. M Net. Sky. H Bagle. D My. Doom. I ? My. Doom. Q Bagle. N ? Net. Sky. D ? Net. Sky. I Sasser. A Apr 13 My. Doom. N Net. Sky. Q
Proprietary 10/2/2020 E-Crime. Watch Survery Results for 2003 n n n n Virus or other malicious attack Denial of service attack Illegal generation of spam e-mail Unauthorized access by an insider Phishing Unauthorized access by an outsider Fraud Theft of intellectual property Theft of other proprietary info Sabotage by an insider Sabotage by an outsider Extortion by an insider Source: CSO E-Crime. Watch Survey Report May 24, 2004 Mc. Afee Research n n n n 77. 2% 43. 6% 38. 3% 35. 7% 31. 0% 27. 2% 21. 9% 20. 5% 16. 4% 10. 8% 3. 2% 2. 6% 17
Proprietary The Asymmetric Security Challenge 10/2/2020
Proprietary Orders of Magnitude Mc. Afee Research 10/2/2020 19
Proprietary 10/2/2020 Problem Statement n It is currently not possible to secure very complex networks against attacks from outside the perimeter due to asymmetries in – Network Topology – Grids – Protocols – Time – Social/Organizational Structures – Vulnerability Detection and Response Techniques Mc. Afee Research 20
Proprietary Abilene as an Enterprise Network Mc. Afee Research 10/2/2020 21
Proprietary Dimensions of the Asymmetric Security Problem n Dimension 1: n Dimension 2: n Dimension 3: n Dimension 4: n Dimension 5: n Dimension 6: Mc. Afee Research Network Topology Grids Protocols Time Social/Organizational Attacks 10/2/2020 22
Proprietary Dimension 1: Network Topology Multiple Paths; Multiple Providers yields complex backbone topologies n Events need to be detected, shared, and understood across multiple topologies n GEO Grid LEO Grid Theater Grid Tactical Grid Fixed Grid Tactical Grid Mc. Afee Research 10/2/2020 23
Proprietary Dimension 2: Grids Do. D’s GIG includes a layered view of grids, based on physical limitations of transport mechanisms n GEO Grid LEO Grid Theater Grid Tactical Grid Fixed Grid Tactical Internet Mc. Afee Research 10/2/2020 24
Proprietary Dimension 3: Protocols Benign transfers utilizing multiple protocols, e. g. SMTP, HTTP, TCP, UDP with latent assembly can trigger attack n Events need to be shared/detected across multiple protocols n HTTP SSL TCP IP IP Mc. Afee Research Ethernet 10/2/2020 25
Proprietary Dimension 4: Time The net works fast… faster than a speeding bullet n Events need to be detected, shared, understood, and blocked at varying chronons n Seconds Milli Sec Micro Sec Nano Sec Pico Sec Mc. Afee Research 10/2/2020 26
Proprietary 10/2/2020 Dimension 5: Social Organizations Human organize people and things into social organizations to provide abstractions for dealing with complex problems n In developing management abstractions, we introduce decision latencies that inhibit deployment of security solutions n Mc. Afee Research 27
Proprietary Dimension 6: Vulnerabilities Malicious transfers exploiting multiple vulnerabilities, e. g. SMTP, HTTP, TCP, UDP with latent assembly can trigger attack n Mc. Afee Research 10/2/2020 28
Proprietary 10/2/2020 29 Network Physics 1 Deterministic Internetworking Inside A Outside B Deterministic Internet Connection: Host A and Host B can exchange packets, which are routed through THE gateway (red line) between Inside and Outside. Mc. Afee Research Non-Deterministic Internetworking Inside A Outside B Non-Deterministic Internet Connection: Host A sends Host B a packet, which must be routed through 1 of 3 gateways (red lines) between Inside and Outside. But we can’t tell which one!
Proprietary 10/2/2020 30 Network Physics 2 n It doesn’t matter! – – Routers don’t examine contents, only headers; don’t maintain state Genius of the Internet is that it works regardless of whether the network is deterministic or nondeterministic Stateless core scales well, condenses into hardware n Endpoints maintain state, core maintains routes, each oblivious to the other n Mc. Afee Research Routing Experts Only; All Others Keep Out! A Inside Interconnected set of all routers in NIPRnet Abilene and Internet Outside B TCP state Hosts A and B communicate by sending IP packets. These IP packets will usually belong to a TCP connection that A and B establish.
Proprietary 10/2/2020 31 Network Physics 3 Security requires looking inside the box! n – Decision function: is this packet good (transmit) or bad (drop)? “Looking Inside” means parsing packets, following connection state n Endpoints paranoid of routing n – n Routers paranoid of endpoints – n Is this a Man-In-The-Middle attack? Is this packet dangerous? Inside Security confounds scalability – State explosion – Intolerance of dynamism – Violation of layering Typically delegate security close to endpoints Mc. Afee Research to decrease state burden n A Interconnected set of all routers in NIPRnet Abilene and Internet Outside B TCP state TCP State
Proprietary 10/2/2020 Media access details hidden from datagrams Asymmetries and Asynchronicities occur at all levels of abstraction n Hosts A and B transmit simultaneously to server S n Collisions on A-B network cause packets to be lost and require retransmission n S A Mc. Afee Research B 32
Proprietary 10/2/2020 Flows disappear as we zoom in & out Server resides on “backbone” of network n Backbone router interleaves requests from client networks due to asynchronicity of networks n Endpoints reassemble requests and responses n Mc. Afee Research 33
Proprietary 10/2/2020 34 Protocol Challenges Heterogeneous Protocol Implementation Strategies n Protocol Parsers n Protocol State Engines n Protocol Application Scheduling n Reliance on Operating System Services n Vulnerabilities are penetratable as we move up and down protocol stacks n Mc. Afee Research IP Protocol Processor TCP Protocol Processor IP Header TCP Header SSL Header HTTP Data SSL Protocol Processor SSL Footer TCP Footer HTTP Protocol Processor IP Footer
Proprietary 10/2/2020 Sessions disappear as we zoom in & out Routes may change during session without impact on client or server n Routes may differ from one request to next without impact n Routers may come and go without impact n Protocols, implemented at endpoints, provide guarantees (or not) of service. n Mc. Afee Research 35
Proprietary 10/2/2020 36 What do we mean by Secure? Robust Protocols n Access controls n All the normal anti-virus, antiintrusion, anti-spam, anti-scam techniques n Robustness - security implies availability n – deny DOS – minimize false positive Provide optimum safe level of service and connectivity Authentication Access Control Non-Repudiation Signature Availability n – Not always preventing, sometimes enabling connectivity Mc. Afee Research Data Integrity Confidentiality
Proprietary What is a Very Complex Network? n Network Complexity a function of – number of nodes, number of routers – Topological Complexity number of upstream peers, fractal complexity of peers, amount of bidirectional interaction with peers – Grid Complexity amount of state required to conduct conversations – Protocol Complexity speed of communications and distance of peers – Time Complexity sensitivity of information – Social Complexity – vulnerability of services – Attack Complexity – – Conceptually, the dot product of the complexity at each of the 6 dimensions n We suspect fractal geometry will be useful here n Fractals are defined formally based on dimension. n – We need similar formality Mc. Afee Research 10/2/2020 37
Proprietary 10/2/2020 Summary n n n n Traditional threats are real, varied, costly, and increasing: – Viruses, trojans, and worms; Spam; Hackers; Intrusions; and Distributed denial of service (DDo. S) attacks. Electronic crimes are increasingly pervasive, destructive, and expensive Asymmetric nature of Internet introduces service anomalies Systematic examination of asymmetries reveals a host of vulnerabilities Intrusion detection and response requires increasingly complex combinations of functionality. Performance requirements are increasing to maintain throughput and latency in high-speed networks. Security functionality in high-speed networks presently requires arrays of servers and load balancers to handle the processing load. Current solutions based on ASICs have long development lead-time, do not generally scale with Moore’s Law, and are not programmable to meet new threats and needs. Mc. Afee Research 38
- Privatesecurity
- Trends and issues in nursing
- Trends and issues in nursing
- Nursing now today's issues tomorrow's trends
- Nursing now today's issues tomorrow's trends
- Ethics in mis
- Blancco oy ltd
- Proprietary freeware
- Confidential and proprietary
- Assura inc
- Proprietary format
- Heliocentric vs geocentric venn diagram
- Open source advantages and disadvantages
- Proprietary theory
- Sip security issues
- Instant messaging security issues
- Professional issues in information security
- Legal and ethical issues in computer security
- Legal and ethical issues in computer security
- Security issues in ajax
- Software security issues
- Mengapa keamanan basis data menjadi penting
- Ecommerce security issues
- Legal and ethical issues in information security
- New trends in pediatric nursing
- Current trends in strategic management
- New trends in recruitment and selection
- New trends in language teaching
- Osi security architecture
- Guide to network security
- Wireless security in cryptography
- Visa international security model in information security
- Electronic mail security in network security
- Cnss model 27 cells example
- Security policy and integrated security in e-commerce
- Software security building security in
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- Equifax national consumer credit trends report