Embed Size (px)
Citation preview
Emerging Threats:What’s next?
George G. McBrideManaging PrincipalLucent Technologies Professional Consultinghttp://www.lucent.com/security
Lucent Worldwide ServicesSecurity Practices
Lucent Technologies – ©2005 2
Agenda Introduction
– What are we going to talk about today?
Past performance is not necessarily indicative of future performance
– What we used to see
Emerging Threats
– What will we be seeing
Countermeasures
Wrap-Up
Audience Thoughts
Lucent Technologies – ©2005 3
Phishing
Mass e-mails sent to millions of users– Can be targeted, usually not
Directs users to a malicious “cloned” site– Sign up for a new service
– Account updates
– Potential fraud
Quantity Sent: Up Effectiveness: Down Countermeasures:
– Awareness
– ISP Blocking
– Quick take-down of phishing sites
Lucent Technologies – ©2005 4
Pharming
User’s don’t have to “click” on a e-mailed link
Browser independent
DNS or host file poisoning
How do you detect?
Effective countermeasures
– Anti-Virus/Malware software
– Checking site server certificates
Lucent Technologies – ©2005 5
Script-Kiddies are growing upThere are plenty of sites available to educate the “script-kiddie”. Have they grown up yet?
What’s out there?– 0-Day Exploits
– Worms
– Trojans
– Viruses
– Unauthorized users
– Unauthorized systems
– Remote control applications
– Keystroke loggers
– And a lot more….
Lucent Technologies – ©2005 6
The “Graduating Class”
Have you looked at your Firewall logs lately?
What is your SOC seeing?
Slow, persistent, targeted scans?
No longer looking for fame and notoriety
Effective countermeasures:– Event correlation
– Log retention
– Well trained SOC staff
Lucent Technologies – ©2005 7
Business Continuity and Disaster Recovery
We’re seeing more catastrophic and severe weather patterns, terrorism, and “acts of god” such as typhoons, floods, and earthquakes.
What used to be “too rare to plan for”, now must be!
Plans are not “actionable” – they have not been tested and verified
Countermeasures:
– Designate BC/DR accountability and ownership
– Test plan regularly and update plan as factors change
Lucent Technologies – ©2005 8
Complex networks
Trying to find the risks and vulnerabilities is a challenge (but not impossible)
Service providers have hundreds of firewalls, VPN points, web portals, FTP sites, SSH inbound
Often have unknown ingress points, business partner connections, long forgotten dial-up access
Countermeasures:
– ITU X.805 assessment
– Regular assessments
Lucent Technologies – ©2005 9
Obscure applications and operating systems move to the “Mainstream”
Mac OSX, Linux, Firefox, and others used to enjoy relative solitude based on their minority stakes
As application and OS acceptance increases, so does the “return on investment” for the malicious individual
Security solutions selections may be limited compared to the “very mainstream” Microsoft Windows
Countermeasures:
– Apply Security just like the Windows users!
• Firewalls, Anti-virus and anti-spyware tools
Lucent Technologies – ©2005 10
Voice Over IP: VoIP
Spam over VoIP aka SPIT
– Like spam, but generally costs you money!
– Will evolve to include offensive materials
VoIP vulnerabilities
– Consumer services (CLID Spoofing)
• What’s reviewable
– Enterprise solutions (Hack the PSTN Interface!)
Countermeasures
– Assessments to identify the risk and then developing and following a remediation plan
– Awareness and security by default!
– Open standards
– Understand the technology and utilize the security features
Lucent Technologies – ©2005 11
Governance and Regulatory Compliance Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act, SAS-
70 Audits or CICA 5900 Audits, Health Insurance Portability and Accountability Act, etc, etc, etc.
The risk here is non-compliance:
– Not aware of compliance requirements
– Customer demands
– Audit findings are a surprise
Countermeasures:
– Pre-assessments
– Compliance officers
– Governance boards
Lucent Technologies – ©2005 12
Mobile Security and data loss
Research firms continue to predict increases in mobile devices (iPAQs, Palm Pilots, Blackberry devices, etc) and laptops as prices drop and functionality increases
Data is unencrypted. Devices lack authentication.
Devices have databases, contacts, e-mail, notes, intellectual property and more
Countermeasures
– Utilize available security products and add-ons
– Enable built-in security or acquire it!
– Awareness
Lucent Technologies – ©2005 13
Mal-Ware
How about a Worm, Trojan, or Virus that does that has some of the following characteristics:
– Multi-Exploit
– Multi-Platform
– Zero-Day
– Fast Spreading
– Polymorphic
– Metamorphic
– Destructive Payload
What if it has all of them?
What about custom mal-ware?
Lucent Technologies – ©2005 14
Bridging The Firewall
Remember that we used to give guidance “Don’t dial-out while connected to the corporate network?”
– That’s when analog lines were somewhat hard to find and dial-up time was measured in minutes
Now we’ve got eVDO, 3G, and GPRS interface cards that are no longer metered
– Employees on the network and maintaining a network connection
New laptops have built-in and often enabled Wi-Fi in ad-hoc mode ready to be connected to
Countermeasures:
– Technology based controls are quite inefficient (carrier and hardware independent)
– Awareness
– Purchasing and procurement policies, controls, and awareness
Lucent Technologies – ©2005 15
Wi-Fi Security Risks
Rogue Access Points:
– Users bringing in their personally or Business Unit purchased access point (AP) into the office and plugging it in
Wi-Fi Fishing or the “evil-twin”:
– A malicious individual somehow disables a legitimate AP and then impersonates the AP to capture credentials
Countermeasures:
– Rogue AP detection at the WLAN or LAN level
– Policy and Awareness
– Train users to look for and recognize certificates of the HotSpot
– Use a VPN to encrypt data (Google!)
Lucent Technologies – ©2005 16
Cyber-Espionage, Stalking, and Extortion As more data is stored, more transactions occur, and more
people rely on computer systems:
– Cyber espionage: obtaining information not intended for public consumption
– Cyber stalking: using schedules, school rosters, and personal web-sites to assist in physical or logical stalking
– Cyber extortion: pay $$$ or your site will be hit with a massive DDOS attack, information will be released to the public, etc
Countermeasures:
– Threat and Risk assessments
– Proper authentication, access controls, and encryption
– Minimization of publicly released information. Privacy Policies.
– Opt-Out options. Bogus information submissions
– Does paying help?
Lucent Technologies – ©2005 17
Methamphetamine Addicts!
USA Today (9/30/05) Reports that the Methamphetamine problems are growing “in complexity and size”
– Identity Theft
– Phishing e-mail scams
– Selling stolen goods at auction sites
Can stay up for several days performing tasks such as checking credit cards for validity
Countermeasures: ?
Lucent Technologies – ©2005 18
RFID Security Issues
Modification of data stored on chip
Interception of data possible at ranges longer than anticipated through stronger transmitters and receivers
RFID Uses: Supply Chain Logistics (asset location tracking), passports, location of students, senior citizens, and more.
Countermeasures:
– Opt-In clauses
– Physical protection of chip
– Effective privacy and usage policies
– Disposal of data when no longer needed
Lucent Technologies – ©2005 19
Other Topics
Bluetooth?
– Cars? Mobiles? Other devices? BlueSnarfing?
BGP Risks
– Session Hijacking
– Traffic Injection
DNS Risks
– We’ve talked about “pharming”, but what else?
Unmeasured security at Offshore Development Centers (ODC)s, outsourcers, business partners
Huge databases at data aggregators, clearinghouses, and service providers
Household IP infrastructure attacks: Zigbee DOS!
Lucent Technologies – ©2005 20
Anything Else?
Lucent TechnologiesBell Labs Innovations
Lucent Technologies Inc.Room 1B-237A101 Crawfords Corner RoadHolmdel, NJ 07733Phone: +1.732.949.3408E-mail: [email protected]
George G. McBrideManaging Principle
Lucent Worldwide Services
What do you see as emerging risks?
Please contact me with any questions, comments, complaints, or your own “emerging threats”.
Lucent Technologies – ©2005 21
Supporting Slides
Lucent Technologies – ©2005 22
Sources of risks:
Criminal Groups
Terrorists
Foreign Intelligence Agencies
Hackers
Spyware/Mal-Ware Authors
Spammers
Phishers/Pharmers
Insider Threat
Botnet Operators
