![Page 1: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/1.jpg)
1
Through The Eye of The
Hacker: A Look At
Security And The Future
Krizi Trivisani,Chief Security Officer
Amy Hennings, Assistant Director
November 6, 2003
Copyright Krizi Trivisani, Amy Hennings 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
![Page 2: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/2.jpg)
2
Agenda
•The Security Landscape – The Violation Situation
•Worm Damage and Trends
•Attacker Strategies
•Security Awareness
![Page 3: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/3.jpg)
3
The Security Landscape – The Violation Situation 2001
Total Violations went from 354 to 5526 – an increase of 1,560%
Security Metrics Comparison 2001
0
2000
4000
6000
8000
10000
Total Minor Violations Total Severe Violations Total Violations by Month
Month and Total Violations
Num
ber o
f Vio
latio
ns
JanuaryFebruaryMarchAprilMayJuneJulyAugustSeptemberOctoberNovemberDecember
![Page 4: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/4.jpg)
4
The Security Landscape – The Violation Situation 2002
Security Metrics Comparison 2002
010002000300040005000600070008000
Total MinorViolations
Total SevereViolations
Total Violations byMonth
Month and Total Violations
Nu
mb
er
of
Vio
lati
on
s
November
December
January '02
February '02
March '02
April '02
May '02
June '02
July '02
August '02
September '02
October '02
November '02
Average number of violations per month in 2002 is 7197
![Page 5: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/5.jpg)
5
The Violation Situation ContinuedEmail Viruses Filtered
Trend Virus Filter Monthly Comparison
0
50,000
100,000
150,000
200,000
Month and Total Viruses
Nu
mb
er
of
Vio
lati
on
s
December
January '02
February '02
March '02
April '02
May '02
June '02
July '02
August '02
September '02
October '02
November '02
22,271 in December of 2001 increased to 150,936 in November of 2002
![Page 6: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/6.jpg)
6
The Violation Situation ContinuedEmail Viruses Filtered
150,936 in November of 2002 increased to 1,629,194 in August of 2003
Trend Virus Filter Monthly Comparison
0
500,000
1,000,000
1,500,000
2,000,000
Month and Total Viruses
Nu
mb
er
of
Vio
lati
on
s
September '02
October '02
November '02
December '02
January '03
February '03
March '03
April '03
May '03
June '03
July '03
August '03
![Page 7: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/7.jpg)
7
The Security Landscape – The Violation Situation 2003
Violations per month in 2003 have increased so dramatically we had to change what we were tracking!
•Incidents just to [email protected] August = 2073
•Correspondence = 138•Incident notices = 100•Random/User errors = 19•SPAM = 423•Virus = 1287•Virus Complaints = 106
•Blaster infections – 800•Minor scans, Minor hacks, Incidents of suspicious activity, External Attempted Hacks – tens of thousands per month!
![Page 8: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/8.jpg)
8
History of Security at GW
InformationSecurityOffice Created
May2000
Nov2002
Sep2000
NISTLevelsEnvisioned
Jan2001
Jul2001
BaselineSecurity AssessmentGrade C
Aug2001
Sep2001
Nov2001
FormalScanningLabCreated &1st SecurityForum
Jan2002
Dec2001
Jul2002
Aug2002
Oct2002
1st Month of RecordedViolations – 354
Trend VirusFilter AddedTo Email39,329 FilteredIn 1st Month
TotalViolationsFor 200146,378VirusesFiltered August - December206,410
PolicyCenter&NISTLevel 1 Achieved
Web pages&AwarenessProgram
SecurityArchitecture
NovemberONLYSecurityViolations = 7,200VirusesFiltered = 155,032
Throughout 2001 and 2002, the network has not been brought down by a security incident.
Viola
tions
354
7,200
Viruse
s
Filtered
155,032
![Page 9: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/9.jpg)
9
History of Security at GW
Nov2002
Wirelesswith VPN
Jan2003
Application LevelSecurity Assessment
Mar2003
May2003
ContinuedScanningenhancements
July2003
Aug2003
Sep2003
RecordedViolations reach over 30,000
Workstation management tools
Aggressiveawareness of patches, anti-virus
6000 ResNetStudents return
1,629,194 Viruses Filtered
800 Blaster Infections
Throughout 2003, the network has not been brought down by a security incident.
Viola
tions
10’s ofthousands
Viruse
s
Filtered
1,629,194
SecurityCommitteeFormed
FTC and GLB
NetworkMonitoringUpgrades
AshburnData CenterCreated
![Page 10: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/10.jpg)
10
Vulnerabilities on the RiseNew Vulnerabilities per Week
10
2530
50
70
0
10
20
30
40
50
60
70
'99 '00 '01 '02 '03 Proj.Source: Symantec
![Page 11: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/11.jpg)
11
What Attacks??
•A worm is a program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
•A worm is a special type of virus that can replicate itself and use memory, but does not attach itself to other programs.
![Page 12: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/12.jpg)
12
Worm In Action
![Page 13: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/13.jpg)
13
Worldwide Impact of Slammer
• Telecommunications services failed throughout South Korea
• Airlines were impacted, several had to resort to manual backup procedures which slowed service
• Thousands of ATMs and related transactions halted• Bank of America • Canadian Imperial Bank of Commerce in Toronto• Publix supermarket cash back functions unavailable
• US Dept of State, Agriculture, Commerce, and units of Defense were hit especially hard.
• Analysts blame dip in Asian stock market on the worm • Many news agencies were crippled:
– Associated Press– The Philadelphia Inquirer– The Atlanta Journal-Constitution
![Page 14: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/14.jpg)
14
Blaster, Welchia, And Others
A recent survey including 882 respondents determined that the MS Blaster worm: – Remediation cost $475,000 per company (median
average - including hard, soft and productivity costs) with larger node-count companies reporting losses up to $4,228,000
– Entered company networks most often through infected laptops, then through VPNs, and finally through mis-configured firewalls or routers
– From TruSecure / ICSA Labs
![Page 15: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/15.jpg)
15
Blaster, Welchia, And Others
• Slower moving• Who was affected?
– Blaster infected over 500,000 IPs worldwide– Maryland MVA– BMW, 3M– AirCanada cancelled flights– Federal Reserve Bank of Atlanta– Philadelphia’s City Hall– Airports, Amtrak– State Department (Welchia)– Northeastern power grid ?
![Page 16: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/16.jpg)
16
![Page 17: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/17.jpg)
17
•
![Page 18: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/18.jpg)
18
Who’s Vulnerable?
• "75% of all web servers running MS IIS 5.0 are vulnerable to exploitation."
– Security News Portal
![Page 19: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/19.jpg)
19
What Are They Attacking?
• 31 new vulnerabilities announced by MS as of yesterday since the end of the summer
• Exploits are developed much sooner
• Patches are quickly and narrowly developed
• Awareness is limited
• People don’t care– I won’t do anything until my computer stops
working.
![Page 20: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/20.jpg)
20
Decentralized Attack Trends
• Why take the chance to rob a bank when its much easier to rob the people as they leave the bank with money?
Why attack the server when users’ desktops are much easier to get to?
![Page 21: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/21.jpg)
21
The Increase of Perimeter Security
• Core system security increase– Firewalls, IDS, IPS– Still new exploits (Cisco, etc) arise
• How to circumvent?– Attack areas that still lack adequate perimeter security
(universities)– Get someone to do it for you– Attacking the systems people don’t know are
computers – Attacking the tools security professionals use
![Page 22: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/22.jpg)
22
Exploiting Weaknesses in User Education
• Get someone to do it for you– Trojaned user downloads – Bundled games, music, movies– P2P examples– Spyware– Social engineering
![Page 23: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/23.jpg)
23
Exploiting Weaknesses in User Education
• Get someone to do it for you– AIM username and password stealing
• www.haxr.org
– Fun code execution• http://www.malware.com/badnews.html
![Page 24: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/24.jpg)
24
Embedded Systems
• Computer system enclosed in an electronic device– Protection is poor or nonexistent– Increased power of new devices– Standardization– No real scanning/assessment ability
• Real Examples: 3 GW printer cases
![Page 25: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/25.jpg)
25
•http://www.bluestumbler.org
Cell Phone Hacking•Cyber-stalking with GPS
•Keep your phone firmware up to date
•Bluetooth enabled device vulnerabilities:
•Allows anonymous access to Data, Phonebook, Calendar, Media files, Pictures, Text messages
![Page 26: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/26.jpg)
26
Internet Appliances
• Built-in PC is a 300MHz National Semiconductor Geode processor
• 128MB of RAM and a 17GB hard disk• Windows 98
![Page 27: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/27.jpg)
27
Radio Frequency Devices
• Building Access Cards
• Mobile speedpass, toll tags
• Cell phones, pagers
• Wireless cams
![Page 28: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/28.jpg)
28
Attacking The Tools Security Professionals Use
• Trojaned sendmail and openssh programs
• Trojaned tcpdump and libpcap
• Snort attacks/DOS
• Anti-virus gateway DOS attacks
• Anti-forensics tools
![Page 29: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/29.jpg)
29
What to do?
• Do what you know, knowing they know what you’ll do
• Absolutely keep up to date on new vulnerabilities and exploits– Even if you can’t stay a step ahead, at least keep up
to date on what the new attacks/exploits are
• Keep in mind that these trends – attacks will not continue to primarily be traditional attacks from the outside against core systems
![Page 30: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/30.jpg)
30
Still A Critical Element: People Access
• People are our greatest asset and our weakest security link
• Security processes and technologies are developed to reduce the burden on people
• But, almost every security measure can be beaten by social engineering – “Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.” The Art of Deception
![Page 31: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/31.jpg)
31
Process
People
Technology
Systems must be built to technically
adhere to policy
People must understand their responsibilities
regarding policy
Policies must be developed,
communicated, maintained and
enforced
Processes mustbe developed thatshow how policies
will be implemented
Security ImplementationRelies On:
![Page 32: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/32.jpg)
32
What Is Security Awareness?
Security awareness is knowledge of potential threats. It is the advantage of knowing what types of security issues and incidents members of our organization may face in the day-to-day routine of their University functions.
Technology alone cannot provide adequate information security. People, awareness and personal responsibility are critical to the success of any information security program.
![Page 33: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/33.jpg)
33
Poor Awareness and Preparation
“It’s a frightening fact, but nine out of ten employees would unwittingly open or execute a dangerous virus-carrying email attachment”
“Two-thirds of security managers felt that the overall level of security awareness is either inadequate or dangerously inadequate”
“Nine out of ten employees revealed their password on request in exchange for a free pen”
These things don’t happen as a result of malicious intent, but rather a lack of
awareness of security risks.
![Page 34: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/34.jpg)
34
GW’s Security Awareness Program - Materials
Program materials Monthly posters focusing on a specific awareness topic Monthly article in GW Technology Today Brochures available for:
New students (Colonial Inauguration) New employees (Orientation) Training programs Free security screen saver
Online security tutorial – S.T.A.R.T. Sample password tester Animated security awareness banners Next phase – “Protect IT” Security Awareness Workshop Next phase – Online quizzes
![Page 35: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/35.jpg)
35
Our Challenge
To reduce risk by To reduce risk by implementing best implementing best
practice practice information information
security practices security practices while balancing while balancing
academic freedomacademic freedom
![Page 36: 1 Through The Eye of The Hacker: A Look At Security And The Future Krizi Trivisani, Chief Security Officer Amy Hennings, Assistant Director November 6,](https://reader030.vdocument.in/reader030/viewer/2022012918/56649cba5503460f94982785/html5/thumbnails/36.jpg)
36
Thanks!Special thanks and resources:
• www.securityawareness.com• http://www.phenoelit.de• Exploitlabs.com• Zone-h.org• Gary Golomb• http://www.esg.de/media/embedded_systems.jpg• www.symantec.com• www.teledesignsecurity.com• www.securitystats.com