28
FUTURE DIRECTION FUTURE DIRECTION SAK 5514 SAK 5514

FUTURE DIRECTION

  • Upload
    osborn

  • View
    35

  • Download
    5

Tags:

Embed Size (px)

DESCRIPTION

FUTURE DIRECTION. SAK 5514. Increasing Threat. Increasing Threat. Attackers can coordinate a fast scan. Scan very slowly. Modulating the technique to be almost undetectable. Cyber-Terrorism. Main theme of all advanced denial of service is Internet Relay Chat (IRC) - PowerPoint PPT Presentation

Citation preview

Page 1: FUTURE DIRECTION

FUTURE DIRECTIONFUTURE DIRECTION

SAK 5514SAK 5514

Page 2: FUTURE DIRECTION

Increasing ThreatIncreasing Threat

Page 3: FUTURE DIRECTION

Increasing ThreatIncreasing Threat

Attackers can coordinate a fast scan.Attackers can coordinate a fast scan. Scan very slowly.Scan very slowly. Modulating the technique to be Modulating the technique to be

almost undetectable.almost undetectable.

Page 4: FUTURE DIRECTION

Cyber-TerrorismCyber-Terrorism

Main theme of all advanced denial of service Main theme of all advanced denial of service is Internet Relay Chat (IRC) is Internet Relay Chat (IRC)

- Groups of hackers fighting for - Groups of hackers fighting for

control of IRC chat rooms developed control of IRC chat rooms developed

the denial-of-service tools. the denial-of-service tools.

Page 5: FUTURE DIRECTION

Large-Scale CompromiseLarge-Scale Compromise

A number of vulnerabilities in Microsoft's Internet A number of vulnerabilities in Microsoft's Internet Explorer have been reported.Explorer have been reported.

These attacks are at the bottom of the food chain in These attacks are at the bottom of the food chain in some sense—PCs—many of which are some sense—PCs—many of which are

-dial up connections -dial up connections

-government facilities-government facilities

- corporations- corporations

-educational institutions-educational institutions

-homes with broadband connectivity. -homes with broadband connectivity.

Page 6: FUTURE DIRECTION

Improved TargetingImproved Targeting

Techniques to maximize results using broadcast Techniques to maximize results using broadcast packets when possible.packets when possible.

Avoidance of dangerous IP address ranges.Avoidance of dangerous IP address ranges.

Sharing reconnaissance data between scanning Sharing reconnaissance data between scanning organizations minimizes the footprint. organizations minimizes the footprint.

Page 7: FUTURE DIRECTION

Defending Against the ThreatDefending Against the Threat

This section is discussing the natural limits and This section is discussing the natural limits and then considers the development of skills and then considers the development of skills and tools for defenders. tools for defenders.

The below are the limits that ought to slow them The below are the limits that ought to slow them down a bit. down a bit.

-The current DDoS type attack tools like Leaves -The current DDoS type attack tools like Leaves and litmus have their command and control via and litmus have their command and control via Internet Relay Chat. Internet Relay Chat.

Page 8: FUTURE DIRECTION

-The money is primarily going into the defensive -The money is primarily going into the defensive side of the house. side of the house.

Page 9: FUTURE DIRECTION

Analysts Skill SetAnalysts Skill Set

Intrusion-detection systems have the problem that Intrusion-detection systems have the problem that cannot detect new attacks because there is no cannot detect new attacks because there is no signature for them. signature for them.

The recommending is coping strategies like a box The recommending is coping strategies like a box recording all traffic. recording all traffic. - it is possible to go back after the NID - it is possible to go back after the NID - examine the stimulus that lead to the activity - examine the stimulus that lead to the activity

reported by the NID.reported by the NID. - to keep a cache of at least several days of raw - to keep a cache of at least several days of raw data data

Page 10: FUTURE DIRECTION

In the future, as console solutions are fielded, it In the future, as console solutions are fielded, it might be possible to do much of this with canned might be possible to do much of this with canned searches.searches.

The advantages of personal firewalls on the host The advantages of personal firewalls on the host computers of security-aware employees are computers of security-aware employees are enormous and really add to the network-based enormous and really add to the network-based data. data.

Page 11: FUTURE DIRECTION

Improved ToolsImproved Tools

Dragon could have been a contender.Dragon could have been a contender.

SiteProtector is just too new to be evaluated.SiteProtector is just too new to be evaluated.

-The author prediction is that the answer ill come -The author prediction is that the answer ill come down to the skills versus tools argument.down to the skills versus tools argument.

Snort is the most widely deployed sensor on the Snort is the most widely deployed sensor on the planet and the Snort ruleset and language are planet and the Snort ruleset and language are the most commonly read and written. the most commonly read and written.

Page 12: FUTURE DIRECTION

Defense in DepthDefense in Depth

How firewall workingHow firewall working

serves as an effective noise filter, stopping many attacks serves as an effective noise filter, stopping many attacks before they can enter your network. before they can enter your network.

Within your internal net, the router or switch can be Within your internal net, the router or switch can be configured to watch for signs of intrusion or fraud.configured to watch for signs of intrusion or fraud.

When a detect occurs, the switch either can block the When a detect occurs, the switch either can block the session and seal off the host or just send a silent alarm. session and seal off the host or just send a silent alarm.

Page 13: FUTURE DIRECTION
Page 14: FUTURE DIRECTION

Implement Defense in Depth in Implement Defense in Depth in today and near futuretoday and near future

The five rules of the road are as follows:The five rules of the road are as follows:- Squelch all outgoing ICMP error unreachable - Squelch all outgoing ICMP error unreachable

messages.messages.- Split horizon DNS.- Split horizon DNS.- Proxy when possible- Proxy when possible- Network Address Translation (NAT).- Network Address Translation (NAT).- Implement auto-response.- Implement auto-response.

Page 15: FUTURE DIRECTION
Page 16: FUTURE DIRECTION

Defense in depth includes Defense in depth includes

-configuration management-configuration management

-personal firewalls, anti-virus-personal firewalls, anti-virus

-content scanning at the perimeter-content scanning at the perimeter

-operating system patches-operating system patches

-an active vulnerability scanning program.-an active vulnerability scanning program.

Page 17: FUTURE DIRECTION

Large-Scale Intrusion DetectionLarge-Scale Intrusion Detection Three large-scale intrusion detection efforts:Three large-scale intrusion detection efforts:

a) Aris by SecurityFocus.coma) Aris by SecurityFocus.com

b) MyNetWatchmanb) MyNetWatchman

c) Dshield used to discover the Ramen, Lion, c) Dshield used to discover the Ramen, Lion, and Leaves worms.and Leaves worms.

These works by providing reporting software to hundreds These works by providing reporting software to hundreds or even thousands of clients. or even thousands of clients.

These clients range from Check Point firewalls and These clients range from Check Point firewalls and Linksys cable routers to personal firewalls. Linksys cable routers to personal firewalls.

Page 18: FUTURE DIRECTION

The data is sent to a central site that allows it to The data is sent to a central site that allows it to be examined for trends.be examined for trends.

collect data and the information passes a certain collect data and the information passes a certain thresholdthreshold

Can create automated or semi-automated Can create automated or semi-automated reports and send them to the responsible party reports and send them to the responsible party for an IP address.for an IP address.

Page 19: FUTURE DIRECTION

By Richard Bejtlich:By Richard Bejtlich: "I make optimum use of my network intrusion "I make optimum use of my network intrusion

detection system (NIDS) by asking four detection system (NIDS) by asking four questions:questions:

a) What could cause suspicious traffic to be a) What could cause suspicious traffic to be

generated? generated?

b) What events could my NIDS miss?b) What events could my NIDS miss?

c) How does real Internet behavior differ from c) How does real Internet behavior differ from

textbook descriptions?textbook descriptions?

d) Should I share events with the security d) Should I share events with the security

community?community?

Page 20: FUTURE DIRECTION

Emerging TechniquesEmerging Techniques

Current intrusion-detection systems are fairly Current intrusion-detection systems are fairly limited.limited.

Network-based systems are not well suitedNetwork-based systems are not well suited- to detect the insider threat, - to detect the insider threat, - to detect mobile code, - to detect mobile code, - to detect intelligence-gathering viruses, - to detect intelligence-gathering viruses, - to detect modem-based attacks, or - to detect modem-based attacks, or - runs along the trust model. - runs along the trust model.

Page 21: FUTURE DIRECTION

Host-based systemsHost-based systems

- can detect these attacks, but they suffer from - can detect these attacks, but they suffer from

two big problems: two big problems:

the cost of deployment. the cost of deployment. the system overhead "tax."the system overhead "tax."

Page 22: FUTURE DIRECTION

Virus Industry RevisitedVirus Industry Revisited No security tool has better desktop penetration No security tool has better desktop penetration

than anti-virus software.than anti-virus software.

Intrusion-detection tools often have fewer than Intrusion-detection tools often have fewer than 500 signatures.500 signatures.

Virus software comes with implementations for Virus software comes with implementations for firewalls, server systems, or the desktop.firewalls, server systems, or the desktop.

These tools can identify, contain, eradicate, and These tools can identify, contain, eradicate, and recover with minimal user intervention.recover with minimal user intervention.

Page 23: FUTURE DIRECTION

Anti-virus companies have fully solved the issue of Anti-virus companies have fully solved the issue of updating a user's signature table with a variety of updating a user's signature table with a variety of painless options.painless options.

Many large organizations have site licenses with these Many large organizations have site licenses with these software companies and are pretty satisfied.software companies and are pretty satisfied.

Anti-virus companies are already oriented to very fast Anti-virus companies are already oriented to very fast turnaround of a signature table when a new exploit is turnaround of a signature table when a new exploit is detected.detected.

These software companies often have companion These software companies often have companion products with security capabilities.products with security capabilities.

Page 24: FUTURE DIRECTION

Hardware-Based IDHardware-Based ID

There are three serious challenges to There are three serious challenges to network-based intrusion detection:network-based intrusion detection:

- Encrypted packets that foil string - Encrypted packets that foil string

matchingmatching

- Fast networks beyond the speed of the - Fast networks beyond the speed of the

sensorsensor

- Switched networks- Switched networks

Page 25: FUTURE DIRECTION

Program-Based IDProgram-Based ID

Simson Garfinkle, who is writing software Simson Garfinkle, who is writing software designed for special-security applications.designed for special-security applications.

To protect his intellectual property from intrusion To protect his intellectual property from intrusion (software piracy)(software piracy)

To ensure the software cannot be misused To ensure the software cannot be misused without it being clear and obvious which copy of without it being clear and obvious which copy of the software is the origin.the software is the origin.

Page 26: FUTURE DIRECTION

The program could then detect an unauthorized The program could then detect an unauthorized entity is trying to access it.entity is trying to access it.

It could then block the attack and raise an alarm.It could then block the attack and raise an alarm.

Programs could even develop profiles about Programs could even develop profiles about their uses.their uses.

Intrusion detection at the program level is to put Intrusion detection at the program level is to put a wrapper around the program.a wrapper around the program.

Page 27: FUTURE DIRECTION

Smart AuditorsSmart Auditors According to Alan Kay, the best way to predict According to Alan Kay, the best way to predict

the future is:the future is:

- is to invent it- is to invent it

- SANS should be engaged in helping to - SANS should be engaged in helping to

establish pragmatic tools and resources for establish pragmatic tools and resources for

auditors.auditors.

Page 28: FUTURE DIRECTION

Emerging TrendEmerging Trend Is for auditors to understand security-assessment tools Is for auditors to understand security-assessment tools

and to be able to operate them. and to be able to operate them.

Auditors can visit your site, plug in, and, while they are Auditors can visit your site, plug in, and, while they are interviewing you, run an assessment tool.interviewing you, run an assessment tool.

System administrators when we are audited, System administrators when we are audited, knowledgeable, equipped auditors could be one of the knowledgeable, equipped auditors could be one of the most effective countermeasures against the increasing most effective countermeasures against the increasing threat.threat.


Future Direction & Challenges - Navitas

Future Direction & Challenges - Navitas

Documents
History and Future Direction of Energy

History and Future Direction of Energy

Documents
The Right Direction for Your Future

The Right Direction for Your Future

Documents
2021 Survey Review and Future Direction

2021 Survey Review and Future Direction

Documents
Future direction of policy response

Future direction of policy response

Documents
8b_VAT Performance and Future Direction-English

8b_VAT Performance and Future Direction-English

Documents
Oracle Primavera Roadmap & Future Direction

Oracle Primavera Roadmap & Future Direction

Documents
Future Direction for Cancer Registries

Future Direction for Cancer Registries

Documents
Future Direction in Pharmacotherapy for Non-neurogenic ...eu-acme.org/europeanurology/upload_articles/Future... · Future Direction in Pharmacotherapy for Non-neurogenic Male Lower

Future Direction in Pharmacotherapy for Non-neurogenic ...eu-acme.org/europeanurology/upload_articles/Future... · Future Direction in Pharmacotherapy for Non-neurogenic Male Lower

Documents
TK - Future Direction

TK - Future Direction

Business
Global Outsourcing Current Challenges and Future Direction · 2014-10-16 · Global Outsourcing - Current Challenges and Future Direction 23 Managing a contract –future direction

Global Outsourcing Current Challenges and Future Direction · 2014-10-16 · Global Outsourcing - Current Challenges and Future Direction 23 Managing a contract –future direction

Documents
Security Features and Future Direction

Security Features and Future Direction

Documents
ApGrid: Current Status and Future Direction

ApGrid: Current Status and Future Direction

Documents
ECN2 Future Direction

ECN2 Future Direction

Documents
Future Direction Molecular Farming

Future Direction Molecular Farming

Documents
Future Direction of Technical Processing

Future Direction of Technical Processing

Documents
Future Direction For Agile

Future Direction For Agile

Technology
Email: The Future Direction

Email: The Future Direction

Technology
Defining Strategic Direction and Future Demand 3.pdf · Defining Strategic Direction and Future Demand ... change over the life of the facility, ... Defining Strategic Direction and

Defining Strategic Direction and Future Demand 3.pdf · Defining Strategic Direction and Future Demand ... change over the life of the facility, ... Defining Strategic Direction and

Documents
Strategy Formulation HCAD 5390. Strategies Defining Future Direction At what levels is future direction defined? Who is responsible for defining future

Strategy Formulation HCAD 5390. Strategies Defining Future Direction At what levels is future direction defined? Who is responsible for defining future

Documents
Proposed future direction for CHEETAH

Proposed future direction for CHEETAH

Documents
The Future Direction of IT

The Future Direction of IT

Technology
It’s Their Future: Decisions with Direction

It’s Their Future: Decisions with Direction

Documents
Online Advertising: Impact Analysis & Future Direction

Online Advertising: Impact Analysis & Future Direction

Documents
HIE - Global context and Future direction

HIE - Global context and Future direction

Documents
TTA Activity and Future Direction

TTA Activity and Future Direction

Documents
Evaluation & Future Direction of Next Generation Automated

Evaluation & Future Direction of Next Generation Automated

Documents
Your Future Direction

Your Future Direction

Economy & Finance
Packet Transport Networks: Overview and Future Direction

Packet Transport Networks: Overview and Future Direction

Documents
Future Direction of HROE Professional Development

Future Direction of HROE Professional Development

Documents