• No results found

Attacks from the Inside

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Attacks from the Inside"

Copied!
40
0
0

Loading.... (view fulltext now)

Download now ( 40 Page )

Full text

(1)

Attacks from the Inside

Eddy Willems, G Data

(2)

Attacks from the Inside.

Agenda

-

Social Networking / Engineering

-

Where are the threats coming from

-

Where are the threats coming from

-

Infection vectors

-

The Cloud

(3)

New territories:

Social Networking

 Blogs, forums

 Wiki

 MySpace, YouTube

 Other online communities:

(4)
(5)
(6)

The Enterprise Web Server Application Server Databases Backend Server/System The Internet DoS

Anti-spoofing Web Server

know vulner-abilities Cross Site Scripting Parameter Tampering Access Control

And Firewall IDS/IPS

Application Firewall

The Threats only originated

from outside?

Host protection (server and desktop)

Layer 4 – 7 protection (content, URL, Web)

Content Control

Data Leakage management

The Internet

Anomaly detection

Intrusion prevention

Vulnerability management

Remediation/Patching

Compliance and risk management

User Identification

Access Control

Encrypted transport of data

Firewall

Universal threat management

(7)

Today’s Networks Lack Clear,

Crisp Boundaries.

Contractors Contractors Contractors Contractors Telecommuters TelecommutersTelecommuters Telecommuters • Internal/External network

• Individual Users connect from multiple locations

• Managed/Unmanaged devices

• Individual devices operate both inside the network, and on public networks

Internet Contractors Contractors Contractors Contractors Mobile Mobile Mobile Mobile Users UsersUsers Users Network Wireless WirelessWireless Wireless Users UsersUsers Users

the network, and on public networks • New Devices on the Network eg.

(8)
(9)

Department

Infection scenario – Start

(10)

Department

Infected web site “Drive-by infection” Infected

web-site

• Contains malicious script – Day Zero.

• Infects files on disk • Spreads through ARP

(11)

Department

Infected web site “Infection Payload”

- Downloader - Downloads new

Malware - Spreads Malicous web site

(12)

Malware spread vector: widely used ports

Most used spreading protocols

(13)

Why are CIFS and SMB

important?

Malware spread vector : widely used ports

CIFS/SMB

(14)

Avoid infections

– User training (MSN, unknown pop-up’s,

e-mail, etc. )

– Patch management

– (Hardware) Remediation

– Anti-virus management

– Anti-virus management

• Activated, according to policies • Up-to-date definition files

• Discovery of unknown nodes in the network • Alerts

(15)

Network transparent real-time malware-scanner

In-Line Network Content

Scanner

Scans HTTP, FTP, SMTP, TFTP, RPC, POP3, IRC, SMB/CIFS

No IP No

IP

(16)
(17)
(18)

In the Cloud

Difficult to “lay down” a definition as it

depends on the use

“Cloud Computing is an on-demand

service model of IT provision often based on virtualization and distributed

computing technologies. It’s divided up in several categories.”

(19)

In the Cloud: SaaS

Software as a Service:

• SaaS is software offered by a third-party provider, available on demand, usually via the Internet and available on demand, usually via the Internet and remotely configurable.

• Examples include online word processing and

(20)

In the Cloud: PaaS

• Platform as a Service

• PaaS allows customers to develop new applications using APIs deployed and configurable remotely. The using APIs deployed and configurable remotely. The platforms offered include development tools,

(21)

In the Cloud: IaaS

• Infrastructure as a Service

• IaaS provides virtual machines and other abstracted hardware and operating systems which may be

hardware and operating systems which may be controlled through a service API.

(22)

Malware Information Initiative (Mii)

In the Cloud technology

1000000 1200000 1400000 1600000 1800000 Incidents File Incidents 0 200000 400000 600000 800000 1000000

January February March April May June July August

(23)

The security benefits of cloud

computing:

• The benefits of scale and rapid smart scaling of resources • Standardized interfaces for managed security services • Audit and evidence gathering

• More timely, effective and efficient updates and defaults.

We love cloud computing

Questions: Questions:

What about the in-the-cloud infrastucture ? DDOS?

(24)

Top 9 “In-The-Cloud”

Problems

(25)

Top 9 “In-The-Cloud”

Problems

(26)

Top 9 “In-The-Cloud”

Problems

(27)

Top 9 “In-The-Cloud”

Problems

(28)

Top 9 “In-The-Cloud”

Problems

(29)

#4 Unknown Risk Profile

(30)

#3 Hidden Logs/Intrusion Attempts

Top 9 “In-The-Cloud”

(31)

#2 Insider abuse

(32)

#1 Centralized AAA Abuse/Trust

(Authentication,Authorization en

Accounting)

Top 9 “In-The-Cloud”

Problems

(33)
(34)

AM security model

Detection rates

Response to new threats

Frequency of updates

The big change?

Security has changed!!!

Frequency of updates

The new security model

It’s not what your AM knows about

But what’s allowed to run on your computer

(35)
(36)
(37)
(38)
(39)

Nanobots

In his story “A Menace in

Miniature” (1937),

Science Fiction ideas that

came true (sort of)

Miniature” (1937),

Raymond Z. Gallun

(40)

Eddy Willems

Security Evangelist

[email protected]

Righard J. Zwienenberg

Chief Research Officer

References

Download now ( PDF - 40 Page - 1.62 MB )

Related documents

Security Considerations

Regardless of the strength of security measures in the service provider’s network, you are exposed to Internet attacks on this kind of con- nection, and you have to firewall in

The Leading Security Suites

Bridge Mode It is located in line with mail server and setup SMTP traffic to inflow SpamSniper. Switch Firewall INTERNET Client PC Switch Firewall INTERNET Mail Server

Physiognomic and physiologic changes in mountain grasslands in response to environmental and anthropogenic factors

GAMs of the environmental and anthropogenic factors correlated with negative and positive changes in the indices in the physiognomic and physiologic properties of the grasslands

Concepts of Logistics System Design. Richard C. Owens, Jr. Timothy Warner

In a fixed order size, variable order interval (or order point) system, a specific fixed amount of a commodity is ordered whenever inventory falls below a certain level, called

Some new results on Lipschitz regularization for parabolic equations

conclude that the Lipschitz constant of solutions for super-quadratic Hamiltonians does not depend on the initial datum after a certain time.. (Actually, the bound depends on

A phylogenetic analysis of Apostasioideae (Orchidaceae) based on ITS, trn L-F and mat K sequences

To study the position of Apostasioideae within Orchidaceae and their intra- and intergeneric rela- tionships, a molecular phylogenetic analysis has been conducted on the nuclear

NNMB Technical Report No: 23 NATIONAL NUTRITION MONITORING BUREAU

In India, the micronutrient deficiencies of public health significance are vitamin 'A' deficiency (VAD), iron deficiency anaemia (IDA) and iodine deficiency

Kellogg School of Management, Management & Organizations Department, Northwestern University Visiting Scholar, Fall 2013

Finalist: Wiley Blackwell Award for Outstanding Dissertation Research in Business Policy and Strategy, 2013 (Academy of Management (AoM), Business Policy and Strategy Division)