Larry Clinton Operations Officer Internet Security Alliance [email protected] 703-907-7028...
-
Upload
martina-barker -
Category
Documents
-
view
219 -
download
0
Transcript of Larry Clinton Operations Officer Internet Security Alliance [email protected] 703-907-7028...
-
Larry ClintonOperations OfficerInternet Security [email protected]
-
The Past
-
Source: http://cm.bell-labs.com/who/ches/map/gallery/index.htmlThe Present
-
The Internet Security AllianceThe Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance (EIA), a federation of trade associations with over 2,500 members.
-
Sponsors
-
US National Strategy to Secure Cyber SpaceThe vast majority of cyber attacks originate or pass through systems abroad, cross several boarders and require international cooperation to stop
-
US National Strategy to Secure Cyber SpaceThe US interests in promoting cyber security extends well beyond its boarders. Critical information infrastructures are directly connected to Canada, Mexico, Europe, Asia and LA. The nations economy and security are reliant on far-flung corporations and trading partners that requires secure and reliable information infrastructure to function.
-
The Threats The RisksHuman AgentsHackersDisgruntled employeesWhite collar criminalsOrganized crimeTerrorists
Methods of AttackBrute forceDenial of ServiceViruses & wormsBack door taps & misappropriation,Information Warfare (IW) techniquesExposuresInformation theft, loss & corruptionMonetary theft & embezzlementCritical infrastructure failureHacker adventures, e-graffiti/defacementBusiness disruption
Representative IncidentsCode Red, Nimda, SircamCD Universe extortion, e-Toys Hactivist campaign, Love Bug, Melissa Viruses
-
Attack Sophistication v. Intruder Technical KnowledgeHighLow19801985199019952000password guessingself-replicating codepassword crackingexploiting known vulnerabilitiesdisabling auditsback doorshijacking sessionssweeperssnifferspacket spoofingGUIautomated probes/scansdenial of servicewww attacksToolsAttackersIntruderKnowledgeAttackSophisticationstealth / advanced scanning techniquesburglariesnetwork mgmt. diagnosticsDDOS attacks
-
The Dilemma: Growth in Number of Vulnerabilities Reported to CERT/CC19952002
Chart2
171
345
311
262
417
1090
2437
4129
Sheet1
IncidentsVulnerabilities
19886
19891321995171
19902521996345
19914061997311
19927731998262
19931,3341999417
19942,34020001,090
19952,41220012,437
19962,57320024,129
19972,134
19983,734
19999,859
200021,756
200155,100
2002110,000
Sheet1
Sheet2
Sheet3
-
Growth in Incidents Reported to the CERT/CC
Chart1
19886
1989132
1990252
1991406
1992773
19931334
19942340
19952412
19962573
19972134
19983734
19999859
200021756
200155100
2002110000
Sheet1
IncidentsVulnerabilities
19886
19891321995171
19902521996345
19914061997311
19927731998262
19931,3341999417
19942,34020001090
19952,41220012437
19962,5732002
19972,134
19983,734
19999,859
200021,756
200155,100
2002110,000
Sheet1
Sheet2
Sheet3
-
Machines Infected per Hour at Peak
-
Computer Virus Costs (in billions)(Through Oct 7)$billion
-
Economic Impact of Cyber AttacksEstimates of total world-wide losses attributable to virus and worm attacks in 2003 range from $13 billion due to viruses and worms only to $226 billion for all forms of overt attacks---Congressional Research Service Report to Congress April 2004
-
Largest Study Ever Conducted Finds :PricewaterhouseCoopers Sept. 10 2004
Actual Spending on Security is flat
Most plan to increase security spending
The greatest barrier to effective security is inadequate budget
-
Companies Integrating Internet into Security 58% North America
41 % Asia
37 % South America
36% Europe
-
Data Protection as part of PolicyNorth America 51 %
Asia 44 %
Europe 40 %
South America 24 %
-
A Coherent 10 step Program of Cyber Security1. Members and CERT create best practices
2. Members and CERT share information
3. Cooperate with industry and government to develop new models and products consistent with best practices
-
A Coherent Program of Cyber Security4. Provide Education and Training programs based on coherent theory and measured compliance
5. Coordinate across sectors
6. Coordinate across borders
-
A coherent program7. Develop the business case (ROI) for improved cyber security8. Develop market incentives and tools for consistent maintenance of cyber security9. Integrate sound theory and practice and evaluation into public policy10. Constantly expand the perimeter of cyber security by adding new members
-
ISA Security Anchor ProposalGo beyond isolated conferences toFull service trade association for cyber security providing on-going services in:Information sharing on threats and incidentsBest practices/standards/assessment developmentLocally-based education and trainingDomestic & international policy developmentDevelop market incentives for cyber security
-
ISA Wholesale Membership ProgramMethod of Reaching Smaller Companies
Trade Associations Join for ISA lowest rate.
ALL their small members receive full associate services FREE OF CHARGE
-
Wholesale ServicesFREE Best Practices Guide for Small Businesses
FREE On-Line assessment and suggestions
FREE access to secure Portal with news on Emerging threats, vulnerabilities & what to do
FREE meetings/calls with experts
FREE Newsletter on Cyber & Physical for SB
-
Larry ClintonOperations OfficerInternet Security [email protected]
There wasnt much to the then ARPAnet in 1980. Few machines connected by slow by todays standards links. They were at research facilities, government, military, and contractors.Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html Credit should go to Bell Labs Internet Mapping Project.This map appeared in the December 1998 Wired.
Colors denote related IP addresses. Pink is MCI, the magnetic north of the Internet according to Bill Cheswick. They used traceroute among 61,000 routers around the world, as of 12/98.Vulnerability: a set of conditions in a software system that allows an intruder to violate an implicit or explicit security policy.Examples include: phf (remote command execution as user "nobody") rpc.ttdbserverd (remote command execution as root) world-writeable password file (modification of system-critical data) default password (remote command execution or other access) denial of service problems that allow an attacker to cause a Blue Screen of Death smurf (denial of service by flooding a network) The number of vulnerabilities reported to CERT/CC went up 160% in 2000 [417 to 1090] and 124% in 2001 [1090 to 2437]. Vulnerabilities reported through 3Q02 are 3222, which for the year equals (est) 4296, a projected 76% increase.CERT only releases approximately 10% of what we know about current vulnerabilities. We have significant evidence that indicates that once more information than this is released, the vulnerabilties are more broadly exploited with negative consequences.Incident: Any real or suspected adverse event in relation to the security of computer systems or networks; the act of violating an explicit or implied security policy.Examples include: failed or successful attempts to gain unauthorized access to a system or its data unwanted disruption or denial of service the unauthorized use of a system for the processing or storage of data changes to systems without the owner's consent the occurrence of computer viruses probes (single attempt) or scans (multiple attempts) for vulnerabilities via the network to a range of computer systemsThe number of incidents reported to CERT/CC went up 250% in 1999 [3734 to 9859], 220% in 2000 [9859 to 21756], 240% in 2001 [21756 to 52658]. Incidents reported through 3Q02 are 73,359, which for the year equals (est) 97,812, a projected 86% increase.Why has this happened? more computers more at stake more people reporting CERT better known more incidents