DOC PREVIEW
NU MSIT 458 - The Case for proactive network security

This preview shows page 1-2 out of 5 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business Case Study Presentation 09 June 2007 by The Loop Group Farney, Heilprin, Leonard2001: THE END OF REACTIVE NETWORK SECURITY“HEROIC IT” NOT ENOUGH, PEOPLE AND PROCESS REQUIREDNEXT PARADIGM SHIFT: STRING SCANNING -> HEURISTICSPERSONAL LESSONS LEARNEDTHE CASE FOR PROACTIVE NETWORK SECURITY:WORMS, VIRUSES & BUSINESS CONTINUITYPresented to Dr. Yan ChenMITP 458- Information Security & AssuranceBusiness Case Study Presentation09 June 2007by The Loop GroupFarney, Heilprin, Leonard- 2 -2001: THE END OF REACTIVE NETWORK SECURITYThe Year of the Worm; (3) major worms released July-September 2001•Code Red-$2.6bn estimated damage-Simple buffer overflow infected 350,000+ hosts in single day•Code Red II-Same attack vector (.ida), but different signature•Nimda-Mass-mailing, multivariate attack•All based on previously released and patched vulnerabilities-MS01-033, MS00-052, MS00-078, MS01-020-A/V software useless•Used firewall ports not needed (externally) in the first place-135, 137, 138, 139, 445, 593, 1639, 2000-3000, 3127-3198 100% Preventability!100% Preventability!- 3 -“HEROIC IT” NOT ENOUGH, PEOPLE AND PROCESS REQUIREDSpeed of attack dispersion and increased geographic expansion make it impossible to react to today’s threats •Design and deploy network security operations infrastructure in which automatic patch management plays central role-Vulnerabilities addressed on release day (making test assumption)•Proactively tighten defenses-“deny all” vs. “allow all” on interior firewall interfaces-Perform network analysis to determine required business functions and corresponding ports, deny all else (1) Heroic IT Management Is No Longer Enough, Diamond Cluster Viewpoint, 20042001 attacks responsible for major shift in corporate defenses2001 attacks responsible for major shift in corporate defenses- 4 -NEXT PARADIGM SHIFT: STRING SCANNING -> HEURISTICS Zero Day attacks becoming more common•Virus definitions and patches not available•“Ex post mechanism is folly- by focusing on catching attack of the past, you miss the attack of the future”1 A new proactivity required: behavior based security•Create behaviors for which to look for, not specific strings•Heuristics is the only way to protect against Zero Day attacks-Looks for anomalous activity like -Use off the shelf software, security services, or product like Internet Motion Sensor -Most A/V software today uses heuristics at some level·Most effective are agent-based products dedicated to this type of analysis(1) The Efficacy of Network-Level SPAM Mitigation , Sean Farney, MITP 458, 2007- 5 -PERSONAL LESSONS LEARNEDGlobally dispersed operations offers challenges•Follow-the-sun staffing great for finite day-to-day tasks, but can impede focus on large events-Lack of 24x7 line responsibility allows transition gaps and requires re-activation energy•Consider centralization and/or sourcing to true 24x7 model/provider for consistent and efficient handling of operations Patching systems, either internally or externally, produce same effect•Remove human element from revision compliance•Commonplace now, but still new in 2001 Fight battles before they start, be as proactive as possible•The Freedom1 of “Deny All”(1) See Nietzsche’s Twilight of the


View Full Document

NU MSIT 458 - The Case for proactive network security

Documents in this Course
Snort

Snort

25 pages

Hacked

Hacked

23 pages

Hacked

Hacked

6 pages

Firewalls

Firewalls

52 pages

Load more
Download The Case for proactive network security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view The Case for proactive network security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view The Case for proactive network security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?