1 Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman
2 Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The Cloud - Q&A
3 Blogs, forums Wiki MySpace, YouTube Other online communities: Who s on Facebook, Twitter? New territories: Social Networking
4 Social networking and privacy concerns.
5 And how it is to be fooled
6 The Threats only originated from outside? Access Control And Firewall IDS/IPS Application Firewall DoS Web Server The Enterprise Databases The Internet Antispoofing Parameter Tampering Web Server know Cross Site vulnerabilities Scripting Application Server Backend Server/System Port Scanning Pattern- Based Attacks SQL Injection Cookie Poisoning User Identification Access Control Encrypted transport of data Firewall Universal threat management Anomaly detection Intrusion prevention Vulnerability management Remediation/Patching Compliance and risk management Host protection (server and desktop) Layer 4 7 protection (content, URL, Web) Content Control Data Leakage management Source:IBM
7 Today s Networks Lack Clear, Crisp Boundaries. Internal/External network Individual Users connect from multiple locations Managed/Unmanaged devices Individual devices operate both inside the network, and on public networks New Devices on the Network eg. Netbooks, Mobile devices, etc Network Telecommuters Contractors Internet Mobile Users Wireless Users
8 Today's networks
9 Infection scenario Start Department Internet Firewall Content Switch Data centre Security
10 Infected web site Infection scenario drive by infection Drive-by infection Infected web-site Contains malicious script Day Zero. Infects files on disk Spreads through ARP Department Internet Firewall Content Switch Data centre Security
11 Infection scenario II Infected web site Payload Malicous web site Infection Payload - Downloader - Downloads new Malware - Spreads Department Internet Firewall Content Switch Data centre Security
12 Most used spreading protocols Malware spread vector: widely used ports CIFS/SMB RPC
13 Why are CIFS and SMB important? Malware spread vector : widely used ports CIFS/SMB RPC
14 Avoid infections User training (MSN, unknown pop-up s, e- mail, etc. ) Patch management (Hardware) Remediation Anti-virus management Activated, according to policies Up-to-date definition files Discovery of unknown nodes in the network Alerts In-line Network traffic content scanning
15 In-Line Network Content Scanner Network transparent real-time malware-scanner Scans HTTP, FTP, SMTP, TFTP, RPC, POP3, IRC, SMB/CIFS No IP No IP Admin IP
16 Content scanning: where to install? SCADA Legacy Environments? Networks?
17 Changing Solutions? Worms Spyware Viruses Data Theft PeerToPeer attacks Adware Internal Hacker Bad Stuff Spam External Hacker Exploits Identity Theft User Phishing DoS Vulnerabilities DDoS Mailers
18 In the Cloud Difficult to lay down a definition as it depends on the use Cloud Computing is an on-demand service model of IT provision often based on virtualization and distributed computing technologies. It s divided up in several categories. Working definition from Enisa
19 In the Cloud: SaaS Software as a Service: SaaS is software offered by a third-party provider, available on demand, usually via the Internet and remotely configurable. Examples include online word processing and spreadsheet tools, CRM services and web content delivery services (Google Docs, etc.).
20 In the Cloud: PaaS Platform as a Service PaaS allows customers to develop new applications using APIs deployed and configurable remotely. The platforms offered include development tools, configuration management and deployment platforms. Examples are Microsoft Azure or the Google App engine
21 In the Cloud: IaaS Infrastructure as a Service IaaS provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API. Examples are Terremark Enterprise Cloud, Windows Live Skydrive, etc
22 Malware Information Initiative (Mii) In the Cloud technology Incidents File Incidents Url Incidents Machines Files Machines Urls Machines January February March April May June July August 2010
23 The security benefits of cloud computing: The benefits of scale and rapid smart scaling of resources Standardized interfaces for managed security services Audit and evidence gathering More timely, effective and efficient updates and defaults. We love cloud computing Questions: What about the in-the-cloud infrastucture? DDOS? Could it be circumvented? How will the user react? How will the vendor react?
24 Top 9 In-The-Cloud Problems #9 Identity management
25 Top 9 In-The-Cloud Problems #8 Nefarious use of Service
26 Top 9 In-The-Cloud Problems #7 Account/Service Hijacking
27 Top 9 In-The-Cloud #6 Financial DDOS Problems
28 Top 9 In-The-Cloud Problems #5 Data Loss/Data Leakage
29 Top 9 In-The-Cloud Problems #4 Unknown Risk Profile
30 Top 9 In-The-Cloud Problems #3 Hidden Logs/Intrusion Attempts
31 #2 Insider abuse Top 9 In-The-Cloud Problems
32 Top 9 In-The-Cloud Problems #1 Centralized AAA Abuse/Trust (Authentication,Authorization en Accounting) Now you see why we love the cloud...
34 The big change? Security has changed!!! AM security model Detection rates Response to new threats Frequency of updates The new security model It s not what your AM knows about But what s allowed to run on your computer But what s allowed to run on your network
36 Viruses on your RADIO?
37 Viruses on your refrigerator?
38 Oh no Crossover viruses!
39 Nanobots Science Fiction ideas that came true (sort of) In his story A Menace in Miniature (1937), Raymond Z. Gallun imagined sinister ultramicrobots.
40 Eddy Willems Security Evangelist Righard J. Zwienenberg Chief Research Officer
s for PCI DSS Compliance A Trend Micro White Paper Addressing PCI DSS Requirements with Trend Micro Enterprise July 2010 I. PCI DSS AND TREND MICRO ENTERPRISE SECURITY Targeted threats, distributed environments,
Unified Security Monitoring Best Practices June 8, 2011 (Revision 1) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
INTRODUCING THE WATCHGUARD INTELLIGENT LAYERED SECURITY ARCHITECTURE: BETTER SECURITY FOR THE GROWING ENTERPRISE NOVEMBER 2005 WHY INTELLIGENT LAYERED SECURITY? The security landscape grows more complex
Lecture Click to add text Infrastructure Security Lead IBM Bluemix team Agenda 2 Overview of Cloud security Different security considerations across different types of cloud Differences against traditional
Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE MARCH 2011 Image Area VARAD G. VARADARAJAN ENTERPRISE ARCHITECTURE COE COGNIZANT TECHNOLOGY SOLUTIONS For details please email:
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not
Network security: A guide for small and medium businesses (SMBs) A Star Technology White Paper March 2008 www.star.net.uk Summary Network security is essential as it helps to prevent threats from damaging
Log Correlation Engine Best Practices August 14, 2012 (Revision 3) Copyright 2012. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations Leveraging Configuration and Vulnerability Analysis for Critical Assets and Infrastructure May 2015 (Revision 2) Table of
Top 10 SIEM Implementer s Checklist Operationalizing Information Security Compliments of AccelOps www.accelops.com Table of Contents Executive Summary....................................................................
Advance in Electronic and Electric Engineering. ISSN 2231-1297, Volume 4, Number 1 (2014), pp. 107-112 Research India Publications http://www.ripublication.com/aeee.htm Cloud Computing Services and its
Enterprise Anti-Virus APRIL - JUNE 2013 Dennis Technology Labs www.dennistechnologylabs.com This report aims to compare the effectiveness of anti-malware products provided by well-known security companies.
RESELLER BRANDING BEST PRACTICE GUIDE TO MAIL & WEB. CONTENTS 1. INTRODUCTION...2 Page 2. PROTECTING YOUR MAIL SERVER...3 3. ANTI-SPAM + EFFECTIVE ANTI-MALWARE = COMPREHENSIVE SERVER SECURITY... 5 4. PROTECTING
Splunk and the SANS Top 20 Critical Security Controls Mapping Splunk Software to the SANS Top 20 CSC Version 4.1 Copyright 2014 by Splunk Inc. All rights reserved. Splunk, Splunk>, Listen to Your Data,
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
Nine Essential Requirements for Web Security Enabling safe, productive access to social media and other web applications Table of Contents Executive Summary...3 Introduction...4 Web Security Concerns....4
Think Before You Click UH Information Security Team Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers Information Security Specialists INFOSEC@HAWAII.EDU
White Paper WP152002EN Supersedes January 2014 electrical distribution systems Authors Max Wandera, Brent Jonasson, Jacques Benoit, James Formea, Tim Thompson, Zwicks Tang, Dennis Grinberg, Andrew Sowada,
Trend Micro Deep Security Server Security Protecting the Dynamic Datacenter A Trend Micro White Paper August 2009 I. SECURITY IN THE DYNAMIC DATACENTER The purpose of IT security is to enable your business,
In this White Paper Connectivity is good. Secure connectivity is essential. This white paper by Thales UK explains how Thales Gateway Services protect the exchange of data across security domains. It discusses
An Effective Measurement of Data Security in a Cloud Computing Environment A.A. Elusoji Computer Technology Department Yaba College of Technology, Yaba Lagos State, Nigeria email@example.com L.N. Onyejegbu
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Enterprise Anti-Virus Protection APRIL - JUNE 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware