Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect

Size: px

Start display at page:

Download "Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti. Sr. IT Security Architect"

Madeleine Walker
10 years ago
Views:

1 Vulnerabilità e Attacchi alle Infrastrutture IT Simone Riccetti Sr. IT Security Architect

2 Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 2

3 The mission of the IBM Internet Security Systems X-Force research and development team is to: Research and evaluate threat and protection issues Develop assessment and countermeasure technology Educate the media and user communities 3

threat and protection issues Develop assessment and

4 4 X-Force

5 Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 5

6 Vulnerability Highlights Overall number of disclosed vulnerabilities increased in comparison to previous years 5% increase over the first half of year

7 Patch Availability Date Y-Axis gg tra la patch e l annuncio della vulnerabilità X-Axis Data di annuncio della vulnerabilità Data 1,551 patches 15% Prima dell annuncio 54% All annuncio 31% Dopo l annuncio Courtesy: Stefan Frei, ETH Zurich

1,551 patches 15% Prima dell annuncio 54% All annuncio 31% Dopo l

8 Exploit Availability Date Exploit Availability Date Y-Axis Giorni trascorsi tra l annuncio della vulnerabilità e l exploit X-Axis Data di annuncio della vulnerabilità Data 3,428 exploits 23% disp. prima dell annuncio 58% disp. all annuncio 19% disp. dopo l annuncio Courtesy: Stefan Frei, ETH Zurich

vulnerabilità Data 3,428 exploits 23% disp. prima dell annuncio 58% disp.

9 Browser Vulnerabilities Memory corruption is the main vulnerability. No substantial difference. 9

10 Primary Exploit Target: Browser Plug-Ins The majority of publicly released exploits are for browser plug-ins The top five most exploited browser vulnerabilities all target plug-ins Although most active exploitation focuses on older vulnerabilities, newer attack tools have automatic methods to incorporate the most recent exploits 10

target plug-ins Although most active exploitation focuses on older vulnerabilities,

11 Web Server Application Vulnerabilities Three newcomers to the top ten vendor list were web server application software vendors Web server application vulnerabilities account for 54% of all 2008 H1 disclosures and 51% since

software vendors Web server application vulnerabilities

12 Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 12

13 ISS Preemptive Protection

14 Vulnerability Focused Protection

15 Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 15

16 How do you get owned these days? The Attach Lifecycle The initial culprits in owning a system can be as innocent as an from Mom or as malicious as a hacker set to steal valuable information. 16

owning a system can be as innocent as an email

17 The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. 17

18 The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability 18

19 The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability 19

Shellcode is then injected to enable remote code execution A proof of concept, or

20 The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability Shell code is executed to create a buffer overflow that opens the back door to the system 20

Shellcode is then injected to enable remote code execution A proof of concept, or exploit, is created to

21 The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution Malcode, such as a trojan or rootkit is executed to wreak havoc on the system A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability Shell code is executed to create a buffer overflow that opens the back door to the system 21

22 The Attack Lifecycle Inherent in any computer program are vulnerabilities, or small cracks in the code, that allow things in that were not originally intended. Shellcode is then injected to enable remote code execution Malcode, such as a trojan or rootkit is executed to wreak havoc on the system A proof of concept, or exploit, is created to take advantage of the lowered defenses from the vulnerability Shell code is executed to create a buffer overflow that opens the back door to the system 22

23 X-Force Protection Engines Cobion Cobion and content filtering technology has analyzed over 8.7B URLs and images and 1B unique spam messages. Over 100k web/700k spams analyzed daily. Shellcode Heuristics This engine uses generic shellcode detection to block shellcode payloads, one of the most prevalent method of infecting non-binary files like html, docs, and images. BOEP Buffer Overflow Exploit Prevention (BOEP) blocks execution payloads delivered through buffer overflow exploits, providing 0-day protection for this class of threats. PAM The Protocol Analysis Module (PAM) is the network IPS component in IBM ISS desktop, server, and network products. PAM uses behavioral and vulnerability-centric methods to detect and block network-based exploits affecting more than 7,400 vulnerabilities. VPS The Virus Prevention System (VPS) is a behavioral anti-virus technology that can stop not only new malware variants, but also new malware families. VPS uses pre-execution behavioral analysis to stop malware before it can run and do damage. 23

24 Conclusions The costs of data loss are significant but hard to calculate: the whole company is at risk. Collaboration brings complexity and with it many new risks. Statistics are showing how the endpoint and the data are targeted. A complete solutions must entail intrusion and extrusion prevention, as well as proper Authentication, Authorization and Accounting. 24

25 Agenda Team di Ricerca X-Force Vulnerabilità e Minacce Tecnologie di Protezione Attack Lifecycle Live Demo 25

26 GRAZIE! Domande? Simone Riccetti

IBM Protocol Analysis Module

IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network