Embed Size (px)
Citation preview
Blended Threats and Layered DefensesSecurity Protection in Today’s Environment
Marshall [email protected]
2 – © 2001 Symantec Corporation.
Business Trends Increasing importance of e-
business Disappearing enterprise perimeter Focus on business continuity Increasing concern over
information attack• Frequency• Complexity/Virulence• Cost
Polymorphic Viruses(Tequila)
Blended Threats (Code Red, Nimda)
Denial-of-Service(Yahoo!, eBay)
Mass Mailer Viruses(Love Letter/Melissa)
Zombies
Viruses
NetworkIntrusions
70,000
60,000
50,000
40,000
30,000
20,000
10,000
Nu
mb
er
of
Kn
ow
n T
hre
ats
3 – © 2001 Symantec Corporation.
54
56
58
60
62
64
66
1999 2000 2001
Insider vs. Outsider Attacks(based on % experienced)
CSI/FBI Study, 2001
Outsider
Insider
4 – © 2001 Symantec Corporation.
Policy is Key to Security
Mandate to implement security
Standard to measure security Basis for all security
technology and procedures
Policy
Standards
Procedures, Guidelines & Practices
5 – © 2001 Symantec Corporation.
Operational Security Standards ISO 17799 best practice areas SysTrust requirements established by the AICPA FISCAM requirements from GAO for U.S. fed. govt. COBIT requirements established by Information Systems Audit
and Control Association (ISACA) IETF Site and User Security Handbooks Top 20 Internet Security Threats from SANS VISA's ten requirements for on-line merchants Minimum standards of due care from The Center for Internet
Security (www.cisecurity.org)
http://enterprisesecurity.symantec.com/PDF/security_hyperlinks.pdf
6 – © 2001 Symantec Corporation.
ISO 17799 best practice areas
Security Policy
Communications & Operations
Compliance
Environmental &Physical Security
Business ContinuityPlanning
SecurityOrganization
PersonnelSecurity
Classification &Control of Assets
System Development& Maintenance
System AccessControls
7 – © 2001 Symantec Corporation.
Visa’s “Ten Commandments”
www.visabrc.com
1. Install and maintain a working network firewall to protect data accessible via the Internet
2. Keep security patches up-to-date 3. Encrypt stored data accessible from the Internet 4. Encrypt data sent across networks 5. Use and regularly update anti-virus software 6. Restrict access to data by business "need to know" 7. Assign unique IDs to each person with computer access to data 8. Track access to data by unique ID 9. Don't use vendor-supplied defaults for system passwords and
other security parameters10. Regularly test security systems and processes
8 – © 2001 Symantec Corporation.
Best Practices that Block Most Attacks Employ an application layer full inspection firewall Use automatically updated anti-virus at gateway,
server, and client Ensure security patches are up to date Ensure passwords are strong Turn off unnecessary network services
9 – © 2001 Symantec Corporation.
Managed Defense In Depth
PredictPreventDetectRespondRecover
10 – © 2001 Symantec Corporation.
Blended Threats: A Deadly Combination Blended threats combine
hacking, DoS, and worm-like propagation
Can rapidly compromise millions of machines
Often spread without human interaction
Klez
sadmind
BugBear
CodeRed
Nimda
11 – © 2001 Symantec Corporation.
Nimda: 2.2M Systems Infected in 3 Days!1. Infection of web server via “Code Red”-type attack
12 – © 2001 Symantec Corporation.
NIMDA
Nimda: 2.2M Systems Infected in 3 Days!2. Infection via email
13 – © 2001 Symantec Corporation.
Nimda: 2.2M Systems Infected in 3 Days!3. Infection via web browsing
14 – © 2001 Symantec Corporation.
Nimda: 2.2M Systems Infected in 3 Days!4. Infection via shared drives
15 – © 2001 Symantec Corporation.
NIMDA
NIMDA
NIMDA
NIMDA
NIMDA
Nimda: 2.2M Systems Infected in 3 Days!5. And infection to other files on each infected computer
through traditional viral methods
16 – © 2001 Symantec Corporation.
Blended Threats Change the Game Multiple propagation techniques required solutions
that are:• Multi-function• Multi-tier• Multi-platform
Blended threats demand superior response capabilities
17 – © 2001 Symantec Corporation.
Protecting Against Blended Threats
18 – © 2001 Symantec Corporation.
In House
Managed Services
Best Case Enterprise Security
Integrated Solutions•Client Security•Gateway Security Appliance
Point Technologies•IDS (host & network)•FW/VPN (SW & appliance)•AV/CF
Vulnerabilities•Penetration Testing
Decoy•Honeypots
Early Warning•Global Alerts
Environment• Policy Tools
Information•Incident Manager•Event Managers
(AV, FW, IDS)
Internal•Ghosting Tools
External•Security Response
(LiveUpdate)•7x24 Customer
Support•Consulting Services
Alert
Manage Respond
Protect
Proactive Control
19 – © 2001 Symantec Corporation.
Conclusion Security in the e-Business Age is challenging
• Perimeter is disappearing, threats are 360 degrees• Exploits and hacking tools are readily available• Skills required to exploit threats are low and dropping• Blended threats will become more sophisticated
Need defense in depth across gateway, server, client• Vulnerability management• Firewalls and VPNs• Anti-virus• Content filtering• Intrusion detection
Follow best practices to achieve due care Implement process to manage policy and incidents Top management support and awareness training are key
