US-CERT Overview & Cyber Threats

Similar documents
CERT/CC Overview & CSIRT Development Team Activities

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Cisco Advanced Services for Network Security

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Defending Against Data Beaches: Internal Controls for Cybersecurity

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Security Management. Keeping the IT Security Administrator Busy

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

ICS-CERT Incident Response Summary Report

Payment Card Industry Data Security Standard

Emerging Security Technological Threats

Network Incident Report

Critical Security Controls

FERPA: Data & Transport Security Best Practices

Guideline on Auditing and Log Management

Promoting Network Security (A Service Provider Perspective)

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Basics of Internet Security

Data Security Incident Response Plan. [Insert Organization Name]

White Paper. Information Security -- Network Assessment

Lessons from Defending Cyberspace

Information Security Incident Management Guidelines

Data Management Policies. Sage ERP Online

Jort Kollerie SonicWALL

SUPPLIER SECURITY STANDARD

Network and Host-based Vulnerability Assessment

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

External Supplier Control Requirements

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

A Systems Engineering Approach to Developing Cyber Security Professionals

Working with the FBI

DATA PROTECTION LAWS OF THE WORLD. India

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Data Management & Protection: Common Definitions

Protecting Your Organisation from Targeted Cyber Intrusion

FIREWALL POLICY November 2006 TNS POL - 008

Top tips for improved network security

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

THE TOP 4 CONTROLS.

Cyber Security Metrics Dashboards & Analytics

Seven Strategies to Defend ICSs

Global Partner Management Notice

How To Audit The Mint'S Information Technology

Cyber Essentials Scheme

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

September 20, 2013 Senior IT Examiner Gene Lilienthal

The Business Case for Security Information Management

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Cyber Security Response to Physical Security Breaches

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Attachment A. Identification of Risks/Cybersecurity Governance

The Protection Mission a constant endeavor

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

Project 25 Security Services Overview

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

E-Business, E-Commerce

Incident categories. Version (final version) Procedure (PRO 303)

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

24/7 Visibility into Advanced Malware on Networks and Endpoints

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Secure Your Mobile Workplace

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Common Cyber Threats. Common cyber threats include:

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Cyber Essentials KAMI VANIEA 2

Privacy and Security in Healthcare

A Decision Maker s Guide to Securing an IT Infrastructure

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

FORBIDDEN - Ethical Hacking Workshop Duration

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

U.S. Cyber Security Readiness

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Cybersecurity and internal audit. August 15, 2014

Transcription:

US-CERT Overview & Cyber Threats National Cyber Security Division United States Computer Emergency Readiness Team June 2006

Agenda Introduction to US-CERT Overview of why we depend on a secure cyberspace Vulnerabilities and cyber attack trends What can you do? Questions

NCSD/US-CERT Organization Chart Acting Director Andy Purdy Strategic Planning Milestones Progress Report Policy International Privacy Human Resources Budget/Contracts Office Management COOP PCII Office of Director US-CERT Jerry Dixon LE/Intelligence Michael Levin Awareness/Outreach Liesyl Franz Strategic Initiatives Cheri McGuire Security Operations Focused Operations Mission Support Intel Requirements LE Coordination NCRCG Outreach Awareness International Affairs and Public Policy CIP Cyber Security Control Systems Software Assurance Training & Education Exercise Planning & Coordination Standards & Best Practices R&D Coordination

US-CERT Organizational Chart Deputy Director Jerry Dixon Mission Support Chief of Staff Reggie McKinney Focused Operations Director Rob Pate Operations Director Mike Witt

The National Strategy to Secure Cyberspace provides a framework articulating priorities to secure cyberspace I. National Cyberspace Security Response System II. III. IV. National Cyberspace Threat and Vulnerability Reduction Program National Cyberspace Security Awareness and Training Program Securing Governments Cyberspace V. International Cyberspace Security Cooperation

Operations Branch Watch Analysis Malware Lab Information Services Provide 24x7x365 triage support to federal, public, and private sectors Monitors cyber security events available from various sources Compiles and coordinates US-CERT reports for dissemination Follow up with appropriate sources to ensure proper mitigation Provide fused current and predictive cyber analysis based on reporting Correlates incident data from a myriad of disparate reporting sources Provide on-site Incident Response capabilities to federal and state Support ongoing federal law enforcement investigations Provide behavior techniques for dynamic and static analysis Review malicious code for novel attacks; i.e. do we already know Support forensic investigations with cursive analysis on artifacts Provide on-site malware analytic and recovery support Malicious code submission and collection program Provides operational output content, design, and development Overall design and implementation of US-CERT public facing website Provides support to NCSD with distribution of divisional products Develop and participate in national and international level exercises Interacts and provides operational international support for US-CERT

Vulnerabilities Handled by US-CERT FY-06 Over 3,872 vulnerabilities reported since October 05 1,293 of the 3,872 were rated as high severity utilizing the Common Vulnerability Scoring System or other factors: http://www.us-cert.gov/nvd.html http://nvd.nist.gov/cvss.cfm These are just the ones we know about that cover a wide range of technologies from operating systems, devices, and SCADA control systems There is no shortage of opportunities for exploitation depending on your security posture and network environment

Vulnerability Handling Read and comprehend the reports Contact vendors Describe the report Add our comments and analysis Facilitate discussion about the vulnerability Publish documents describing the vulnerability

Vulnerability Handling (2) Impact What incremental benefit does the attacker gain? Root compromise User compromise (which user?) Denial of service (which service?)

We Depend on a Secure Cyberspace to: Maintain national security Promote economic well being Ensure public safety, health, and citizen welfare Preserve privacy

Companies & other organizations that use IT systems Corporations US Government US Gov t agencies, Law Enforcement, DOD, sr. leadership, Intelligence Community, state & local gov t International Govt & CSIRTs US-CERT Software & Hardware Producers International Govt s International CSIRTs FIRST Community General Public Manufacturers of IT hardware, process control systems & software (both COTS & open source) Critical Infrastructure Operators (i.e. Power, Oil, Gas, Transportation) & ISACS Critical Infrastructure Operators Media & Public Affairs Public media outlets & DHS Public Affairs office

Today s Business and Economy are Global Business depends on cyberspace for automation, communication, tracking, and daily operations Government, business, and individuals rely on the integrity, confidentiality, and availability of data Traditional borders are gone unprecedented global interdependencies exist Global supply chains (JIT) Global partners Global customers Global infrastructure industries

Why are we at risk: Vulnerabilities A vulnerability is something that: Violates an explicit or implicit security policy Usually caused by a software defect, but not always (social engineering, undocumented features, poor security practices) Often causes unexpected system behavior A vulnerability can be: Used for theft of information Used for Denial of Service attack Used for network intrusions

Changes in attack behaviour exploiting passwords 1988 exploiting passwords exploiting known vulnerabilities Today exploiting known vulnerabilities exploiting protocol flaws examining source files for new security flaws probing systems for know types of flaws abusing web servers, email installing sniffer & spyware programs IP source address spoofing Distributed denial of service attacks - botnets widespread, automated scanning of the Internet

Surveyed Companies Identify Risks 53% (of 494 organizations responding) detected security breaches Detected breaches included: 78% viruses 59% insider abuse of net access 49% laptop theft 39% unauthorized access to information 17% denial of service 10% theft of proprietary information 5% financial fraud Source Computer Security Institute/FBI Survey

The chart below represents a snapshot of incident trends based on incident reporting to US-CERT

Growing Threats, Vulnerabilities and Risks Threats Disgruntled employees Hackers Organized crime Competitors Terrorists Governments Vulnerabilities OS Network Applications Databases PCs, PDA, phones Middleware E-communities (e-government, e-commerce, etc) Risks Disclosure of sensitive Information Sabotage of critical operations/service Extortion Theft of trade secrets EFT fraud Loss of client confidence Legal liability

The Scob Trojan Attacker Attackers exploits un-patched IIS web servers. Sites now deliver additional java script at the end of each page. Finally the attacker retrieves and uses the captured usernames, passwords Unknowing users casually browsers to these compromised sites. The java script executes downloading a key logger. This works because of an unknown/unpatched IE vulnerability. When users browse to web sites the key logger captures and forwards the strokes to other compromised systems.

Technology Based Mitigation Tools: Patch & Protect Firewall: A system designed to prevent unauthorized access to or from a private computer or network Content Filtering: Web and mail traffic for malicious or unapproved content Antivirus Software: A program that searches a hard disk and scans incoming data for known viruses and removes any that are found Remote Management Tools: Enterprise tools for installing patches, updating registry settings, and maintaining asset inventory Role Based Access Control Software: Software that manages access to critical services or applications Log Analysis & Event Correlation Tools: Automated tools to reduce the amount of manual work to analyze detected cyber events Patch: an actual piece of software inserted into a program to fix a particular problem or vulnerability Key word: UPDATE

Technical Defense in Depth Internet Firewall First Line of Defense Internet Email (SMTP) Gateway Internal Mail Servers Desktop Users Second Line of Defense Third Line of Defense

Non-Technical Risk Mitigation Tools Security awareness training for users & system administrators Security policies and guidelines for deploying new technologies or improving the security of existing IT infrastructure Establish a Security Operations team, either permanent or virtual with existing technical staff Report cyber incidents! Report cyber crime!

What More Can be Done? Changing the environment Security awareness to change your corporate culture Securing the system architecture Data integrity Increasing the risk to bad actors Legal action and international cooperation Strengthening the foundations Survivable systems Improving Software Security built-in

Technical comments or questions Contact US-CERT Security Operations Center Email: soc@us-cert.gov PGP/GPG key: 0xADC4BCED Fingerprint: 02FD 5294 A076 0ACE BEB1 929B 3730 09F3 ADC4 BCED Phone: +1 888-282-0870 Media inquiries US-CERT Public Affairs PGP/GPG key: 0x10A97BAC Fingerprint: 2762 28CF AFF6 EADB 95F4 6797 857D 91C1 10A9 7BAC Phone: +1 202-282-8010 General questions or suggestions US-CERT Information Request Email: info@us-cert.gov PGP/GPG key: 0x0A1E0DF7 Fingerprint: CFE4 9D1D 6897 44B3 9B85 B25A F575 177B 0A1E 0DF7 Phone: +1 703-235-5110 * Information available at http://www.us-cert.gov/contact.html

QUESTIONS?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information