Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer [email protected]

Citadel Security Software Presents

Are you Vulnerable?

Bill DiamondSenior Security Engineer

[email protected]

http://images.google.com/imgres?imgurl=http://www.lbl.gov/today/images/computers/cyber-security-lock.jpg&imgrefurl=http://www.lbl.gov/today/2004/Apr/09-Fri/4-09-2004.html&h=210&w=198&sz=53&tbnid=BoVuwM88lHMJ:&tbnh=100&tbnw=94&start=7&prev=/images%3Fq%3Dcomputer%2Bvulnerabilities%26hl%3Den%26lr%3D

© 2005 Copyright Citadel Security Software Inc.

2

Are you Vulnerable?

• Do you have or use ….


3

Odds aren’t in your favor

• Have High Speed Internet at home?– If you directly connected your computer, you

were probably infected in the first 15 seconds

• Why?– Most computers and devices aren’t configured

for proper security– Devices like cell phones, PDAs, computers are

designed for ease of use and to make internet access simple

• The simple truth is good security takes effort


4

Five Classes of Vulnerabilities

• Software Defects• Misconfigured Services• Unsecured Accounts and Passwords• Malware• Unnecessary services


5

What Vulnerabilities Allow

• An attacker to execute commands as another user• Allows an attacker to access data that is contrary to the specified

access restrictions for that data• Allows an attacker to pose as another entity• Allows an attacker to conduct a denial of service• Allows an attacker to conduct information gather activities• Allows an attacker to hide activities• Includes a capability that behaves as expected by can be easily

compromised• Is a primary point of entry that an attack may attempt to use to gain

access to the system or data• Is considered a problem according to some reasonable security

policy


6

Illustrating the Risk

• Some spyware is suspected of sending captured data to North Korean intelligence agency servers

• North Korean government is suspected of selling data to criminals and organizing Denial of Service Attacks

• South Korea’s Defense Ministry claims North Korea has an aggressive hacker training program that includes five years of university training

Source: http://www.nwfusion.com/reviews/2004/121304rev.html


7

Vulnerability Statistics

• Approximately 10 vulnerabilities per day are discovered and made public

• 18.78% are Extremely Critical or Highly Critical

• 36.6% are Moderately Critical• 37.49% are Less Critical• 7.13% are Not Critical

The difference is whether a vulnerability has an identified exploit or a suspected

exploit


8

Vulnerability Statistics

• 70.7% of all attacks are initiated remotely

• 11.4% of all attacks are initiated from the local network

• 17.89% are initiated from the local machine

• 27% of all attacks are to gain system access

• 21% are Denial of Service attacks• 12% are privilege escalation

attacks• 17% seek to expose sensitive or

system level information• Source: http://www.secunia.org/advisory_statistics


9

What’s Affected?

• Operating Systems• Desktop and Server

Applications• Network Devices• Wireless Phones• Even Antivirus Software

and Firewalls

Everything.

Source: http://isc.sans.org/index.php?off=dbstats


10

What Should You Do?

• Identify your assets– Servers, Desktops, Wireless Devices, Network Printers,

Hubs, Routers, Telephone Switches• Assess your risk.

– Follow security oriented web sites to keep up to date– Use vulnerability assessment tools to regularly evaluate

your degree of risk– Diagnose your systems for spyware and other malware

• Review and Evaluate– Your vulnerabilities against the risk identified

• Remediate– Apply patches but also review the advice in your

vulnerability assessment tool for specific advice– Review your security policies and how they are enforced

• Monitor and Maintain– Reassess with vulnerability assessment– Track system changes– Monitor compliance with security policies


11

How Can You Start?

• Use hardware firewalls– Software firewalls have been exploited

• Learn to use a vulnerability assessment scanner• Use antivirus software for all inbound and outbound email

– Newer versions also protect Instant Message applications– New generation products provide some protection against

phishing– You will not win a lottery you never heard of– You don’t have any mysterious relatives in Nigeria or South

Africa who want to wire money to your bank account.

• Patch Judiciously– Don’t just apply every patch. Make sure it applies to you.

• Develop and Implement Consistent, Measurable Policies• Stay Informed


12

Top Frauds and Scams

Type of Fraud % Of Total

Average Dollar Loss Per Incident

Auctions 51% $765

General Merchandise 20% $846

Nigerian Money Offers 8% $2,649

Phishing 5% $182

Information/”Adult” Services 3% $241

Fake Checks 3% $5,201

Lotteries/Lottery Clubs 3% $2,225

Computer Equipment/Software

1% $1,401

Fake Escrow Services 1% $2,585

Internet Access Services 1% $1,187

Source: Internet Fraud Watch

http://www.fraud.org


13

Summary

• Computer related crime has increased 36 fold since 1997• There were more than 56 Million computer attacks in 1994

– the majority were probes for existing, known vulnerabilities• As of March 2003, verifiable attacks cost more than $16

Billion in economic damage• 20% of all organizations are expected to experience a

serious security incident• 750,000 Americans had their identities hijacked in 2004• Average loss to fraud per victim increased to $895,

up from $527 in 2003• Email fraud has increased to 22%, up from 5% in 2003• Effective security policies and vulnerability management

are possible, regardless of operating system or application.


14

Questions?

For more information visit our web site at

http://www.citadel.com

Or contact me –

Bill Diamond

[email protected]

Documents

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer [email protected]