Network Security Threat Matrix May 2004

Transcription

1 May 2004 By Lawrence Allhands BlueMotorcycle Consulting 650/ Flores #18 San Mateo, CA

2 Abstract Know your enemy If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. Sun Tzu on The Art of War Network security is a constantly moving target. A war of ever changing tactics is being waged 24/7 against your home and business networks. Unfortunately, the enemy needs only to be lucky once to succeed, we, the defenders, must be lucky all the time. To fully understand the scope of the threat, one must survey the battlefield and know well the tactics of the enemy. The purpose of this paper is to identify some of the major elements of the battlefield and the common modus operandi of today s cyber enemy. 1

3 Definitions/Figures Probability Level Occasional Probable Remote Improbable Specific Event Will occur several times Likely to occur sometime Possible to occur, but unlikely Very unlikely, may never be experienced Severity Level Catastrophic Critical Marginal Negligible Characteristics System loss or severe damage Severe damage to major systems Minor system performance degradation Nuisance, slight performance degradation Potential Vulnerability Level Severity Occasional Probable Remote Improbable Catastrophic Critical Marginal Negligible (5=High, 4=Med-High, 3=Med, 2=Med-Low, 1=Low) Figure 1 2

4 Network Security Threats Outside Threats (Human) Risk Analysis: 5 (High) Critical impact Individuals or groups of individuals that attempt to penetrate systems through computer networks, public switched telephone networks or other sources. These attacks generally target known security vulnerabilities of systems. Insiders, hackers and "Script Kiddies" are the main components of the human threat factor. These threats can be broken down into four primary sub-sets; Corporate (Industrial) Espionage Primary attribute and motivation is access to systems or information for economic or strategic objectives. Currently, this is the highest growth area both in terms of number of intrusions and monetary damage. Foreign Espionage The primary attribute and motive is access to systems or information for national economic or strategic objectives. Terrorism (Foreign and Domestic) The primary attribute and motive is the disruption or destruction of a target s key infrastructure components. Hacker Community Usually act independently in the pursuit of personal goals. The motive of these individuals can be defined as the challenge or thrills of gaining access to a computer system. May work in groups to achieve goals. 3

5 Hosts Risk Analysis: 5 (High) Critical impact Most operating systems have security flaws which vendors fix with software patches. Unpatched systems can be a major security risk. Inadequate physical security can also lead to a compromise of the host. Vendor software is often received without appropriate software patches installed, and requires further action by System Administrators to install the additional patches. These patches often close significant security vulnerabilities within operating systems that could otherwise be exploited. If the vulnerabilities are exploited, including physical access, unauthorized users can obtain privileged status and gain access to critical information and technology. Services Risk Analysis: 5 (High) Critical impact Some system services are security risks to the host computer and can be easily compromised to gain privileged system access. Some services such as tftp, nfs, nis, and the r commands present significant security risks that are not easily countermanded. Compromises of system services present a grave concern to the security of the system. Most of these services operate at the system level and with system privileges. These services are well documented, well analyzed and subverted by the hacker community. Telecommunications Risk Analysis: 3 (Medium) Remote occurrences with Critical impact Network telecommunication components such as bridges, hubs, patch panels, routers, and switches are key equipment pieces that define a network and its internal and external connectivity. Unprotected telecommunication components can lead to a compromise of network integrity and the data contained therein. Network devices and segments would be susceptible to rerouting. 4

6 Malicious Code & Viruses Risk Analysis: 4 (Medium-High) Marginal impact Malicious code can attack a system in one of two ways, either internally or externally. Traditionally, the virus has been an internal threat, while the worm, to a large extent, has been a threat from an external source. Trojan Horses generally leave an undocumented "back door" into the system for later exploitation by unauthorized personnel, both employees and non-employees. There are many avenues by which viruses and malicious code may impact systems, applications, and files. Malicious code can be introduced into a system through ftp or as attachments to . Applications Risk Analysis: 3 (Medium) Probable occurrences with Marginal impact Application vulnerabilities can be exploited to gain system privileges. Errant applications can create undocumented vulnerabilities. These vulnerabilities are well documented and exploited in the hacker community. Application software, because of their reliance on the operating system to provide adequate security, often contains code that can be a determent to the information processed through the application. Further, many applications do not behave properly and can interfere with system performance. For example, software that fails to perform adequate bounds checking can invade areas of system memory used by other software packages. This interference can give the user special privileges afforded the application software, or can result in a total system lock-up. 5

7 Firewalls Risk Analysis: 3 (Medium) Remote occurrences with Critical impact Firewalls are an important network security component. Firewalls are the first, not the only, defense against outside attacks. Effective installation can help keep unauthorized users outside the firewall from accessing the network while allowing authorized users to access the network through the firewall. Improper installation and unknown software vulnerabilities are an open invitation to any knowledgeable hacker. Improper maintenance of the firewall, whether by failure to install the latest software patches or by the improper application of Rules, can facilitate unauthorized access and lead to a loss or compromise of information. Inadequate physical security can also lead to a compromise of the firewall. Files Risk Analysis: 3 (Medium) Negligible impact File permissions should be adequately set so only authorized individuals have access to them in the due performance of their jobs. This includes users as well and administrators. Groups should be effectively used and files appropriately assigned to groups to further restrict access. Minimum access permissions should be defined at the directory level and inherited by files. In an open environment where users have ultimate control over the accesses to data under their control, it can be expected that file and directory permissions will vary from their optimum settings. Indeed, even system administrators have unwittingly altered access permissions during file server maintenance activities. 6

8 Personnel (Human) Risk Analysis: 4 (Medium-High) Marginal impact Insiders are legitimate users of a system. When they use their access to circumvent security, it is known as an insider attack. Insiders account for nearly 80% of recorded attacks; most of these are inadvertent, but a significant 14% are intentional attacks by insiders. The primary threat to computer systems has traditionally been the insider attack. Insiders are likely to have specific goals and objectives, and have legitimate access to the system. Insiders can plant Trojan horses, keystroke loggers, or browse through the file system. This type of attack can be extremely difficult to detect or protect against. Their motivation tends to be revenge, though convenience and opportunity contribute significantly to white-collar computer crime. This particular risk is enhanced and facilitated by the lack of due care or diligence applied to the foregoing threats, and increases or decreases in indirect proportion to the level of effort given to those threats. The importance of a firewall in protecting data from outside access diminishes in direct proportion to the vulnerabilities that are not adequately controlled behind the firewall. While Outsiders are kept at bay, Insiders can be throwing things out the open, gated window. Any user with physical access to a computer generally has the ability to trivially override any system security. This is certainly true on most UNIX systems by default; anyone with physical access to the machine can break in regardless of the operating system in use. Proper use of passwords just makes entry a little more time consuming. 7

9 Change Control Risk Analysis: 5 (High) Potentially Catastrophic impact Conclusion A change control board should be established to monitor and approve major changes in the network environment that may affect overall security. Without adequate planning and oversight, modifications to the network architecture may impact security of the entire system and compromise sensitive or proprietary data. Effective network security cannot be attained through ad hoc measures, but requires a comprehensive policy encompassing the risks previously identified. This policy should then be extracted into a set of procedures and plans to attain the policy goal; the protection and preservation of network resources and data. Unfortunately, network security is usually an afterthought. The majority of network users begrudgingly adhere to even the most basic security procedures and openly grumble at the hint of any changes in policy. BlueMotorcycle has formalized a standard security policy system that can be deployed in any environment, a living document that dynamically changes to reflect new, changed, or rescinded requirements. These modifications are based on technology advances and new vulnerabilities that are identified-part of the risk assessment process where nothing is in stasis, but dynamic change is all around. About BlueMotorcycle Consulting BlueMotorcycle is a systems integration and professional services consulting group conversant in high-quality, high-value, sensible technology solutions, specifically focused on networks, systems, security and specialized communications solutions. For more information, please call (650) or visit BlueMotorcycle, Inc. All rights reserved. 8