"In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness...
-
Upload
amice-davis -
Category
Documents
-
view
216 -
download
0
Transcript of "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness...
![Page 1: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/1.jpg)
"In the Beginning, ARPA created the ARPANET.
And the ARPANET was without form and void.
And darkness was upon the deep. And the spirit of ARPA moved
upon the face of the network and ARPA said, 'Let there be a protocol,' and there was a
protocol. And ARPA saw that it was good.
And ARPA said, 'Let there be more protocols,' and it was so.
And ARPA saw that it was good. And ARPA said, 'Let there be
more networks,' and it was so." -- Danny Cohen
Source: “Computer History Museum” http://www.computerhistory.org/internet_history/
![Page 2: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/2.jpg)
2
The Shifting Landscape of IT Security
EDUCAUSE Security Professionals Conference 2008
Brian Smith-Sweeney Project Lead, New York University
Copyright Brian Smith-Sweeney 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to
republish requires written permission from the author.
![Page 3: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/3.jpg)
NYU Info
• 14 Schools and Colleges• 65,000+ users, 50,000 active accounts
– 50,000 enrolled– 16,000 staff– 11,000 residential
• ~50,000 nodes on NYU-NET • 1.4Gb/sec+ connectivity
– 1.2Gb/sec commodity– 200 Mb/sec Internet2– Multi-Gb/sec specialiazed/R&E connectivity
![Page 4: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/4.jpg)
Part I: Ancient IT Security History (Internet Time)
![Page 5: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/5.jpg)
Contemporary Internet Security History
The 80s• Malware largely written for fun and mischief • IT security was “don’t share floppies”• “Security” personnel mostly physical security
The 90s• Malware complexity improved dramatically• IT security added “be careful of attachments”• IT security professionals arrive in EDU
© 1983 Metro-Goldwyn-Mayer Studios Inc.
© 1992 Universal Studios
![Page 6: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/6.jpg)
2001: “Year of the Worm”
• Self-propagating malware develops• CodeRed, Nimda, Li0n, Ramen• Some network professionals became
network security professionals• SANS Internet Storm Center formed• Early IT security strategy in .edu
TM & © 2001 Warner Bros.
![Page 7: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/7.jpg)
SQL Slammer worm network
traffic visualization
Normal network traffic Worm network traffic
Drops
Accepts
Source: “The effect of worms on the Internet”, http://www.e-things.org/worms
![Page 8: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/8.jpg)
Security Lifecycle
![Page 9: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/9.jpg)
Security Lifecycle
![Page 10: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/10.jpg)
.edu IT Security: 2001-?
• Mostly operational. Sometimes tactical. Rarely strategic.
• Detection became easy. Reaction was harder.
• Assessment and protection? Still operational and reactive!– Nessus and Netreg– Top-X lockdown lists– Education and awareness
![Page 11: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/11.jpg)
Part II: Defining the Shifting Landscape
![Page 12: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/12.jpg)
The Shifting Landscape: The good guys
• OS/app vendors have found security!
• Firewalls on by default
• Passwords enabled by default
• Automatic patching
![Page 13: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/13.jpg)
The Shifting Landscape: The bad guys
• It’s all about the money
• Attacker community is evolving and specializing– Malware authors have become bot herders– Site defacers have become phishing hosts
• Attackers are becoming more organized
![Page 14: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/14.jpg)
How Organized? The RBN
• Involved in hacking, phishing, DoSing, child pornography, botnets
• Hosting for all of the above (Only $600 US!)
• Rumored political ties
• Possibly connected to the Storm Worm
![Page 15: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/15.jpg)
Shifting Landscape Fallout
• The death of the Internet worm
• The rise of the client-side attack
• The rise of the application-layer attack
• The rebirth of the Internet worm
• The failure of classic IT security strategies
![Page 16: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/16.jpg)
NYU Safetynet
• Agentless NAC for NYU ResNet
• Relied on network security posture assessment
• Complex technical architecture
• Initial ResNet vulnerability rate: 30%
• By 2006, only 1.9% of registered systems were marked vulnerable.
![Page 17: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/17.jpg)
Anti-malware: Losing the
battle
Source: “Antivirus Systems’ Performance Graphs”, http://winnow.oitc.com/AntiVirusPerformance.html
50%
![Page 18: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/18.jpg)
Storm Worm: the future of malware?
• Constantly-improving distribution method
• Peer2peer communication protocol
• Encrypted communications
• Distribution of duties
• Rapid updates
• Active defense mechanisms
![Page 19: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/19.jpg)
Part III: Responding to The Shift
![Page 20: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/20.jpg)
Security Lifecycle Redux
![Page 21: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/21.jpg)
Security Lifecycle Redux
![Page 22: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/22.jpg)
But Wait, There’s More!
• Technical Issues– IPv6 – Encryption everywhere
• New Compliance Requirements
• Changing Management Expectations– Increased scrutiny– Decreasing budgets
– HIPPA– FERPA
– PCI– Breach Notification
![Page 23: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/23.jpg)
Asset Classification
1. Classify data types– Compliance requirements– Business requirements
2. Classify systems – Data classification– Availability requirements
3. Use classifications to drive – Security standards – Technical security architecture– Auditing and vulnerability assessment– Incident response
![Page 24: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/24.jpg)
Consulting Services
• Aligned with project management group
• Reached out to the folks that manage projects through the University
• Worked to clarify our role– Advisement? Enforcement? Reporting?
• (Nearly) always said yes!
![Page 25: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/25.jpg)
Vulnerability Assessment
• Moved away from “fire-and-forget” assessment
• Developed in-house web application vulnerability assessment
• Encouraged outsourced vulnerability assessments when appropriate
• Next steps– Automate “fire-and-forget” scans for clients– Develop tiered vulnerability assessment model
![Page 26: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/26.jpg)
Refocus on Education and Awareness
• Created list of security contacts among system administrators– Peer mailing list– Monthly system administrator meeting
• Improved security awareness month– Created security roadshows for departmental staff– Made training resources available online
• Leveraged local contacts as local educators• Next steps
– “Selling” online training as risk mitigation– Working with policy group to mandate education
![Page 27: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/27.jpg)
Looking Ahead
• Formalize risk management process• Re-re-balance detect and react• Work toward Enterprise Security Architecture• Overhaul policy structure• Continue to align with project management• Formalize, document, increase transparency
![Page 28: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/28.jpg)
Part IV: Wrapping up
![Page 29: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/29.jpg)
Summary Points
• Much of .edu security strategy – or lack thereof – was formed in the world of network worms. The Shifting Landscape has challenged the assumptions of those strategies.
• There are ever-more external pressures and compliance issues influencing which threats we must address.
• IT Security professionals aren't ronin anymore; we're part of the organization, and management expects us to behave as such.
• We have to keep an eye on the distinct technological challenges posed by these changes, as well as technologies that are changing for their own reasons.
![Page 30: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/30.jpg)
Summary Points
Meeting these challenges requires coherent strategic planning.
You have to take a step back, take a deep breath, look forward, and form a plan. If you can't get your head out of the keyboard you’ll sink or be replaced
by someone that can.
![Page 31: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/31.jpg)
Resources
• Internet2 SALSA-CSI2 working grouphttp://security.internet2.edu/csi2/
• REN-ISAChttp://www.ren-isac.net/
• EDUCAUSE/Internet2 Effective Practiceshttps://wiki.internet2.edu/confluence/display/secguide
• OWASP – web application securityhttp://www.owasp.org/index.php/Main_Page
• Learn more about Storm Wormhttp://www.cyber-ta.org/pubs/StormWorm/links.html
![Page 32: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/32.jpg)
References
• RBN study – before and afterhttp://isc.sans.org/presentations/RBN_Study.pdf
• Russian Business Network (RBN)http://rbnexploit.blogspot.com
• Wishing an (Un)Happy Birthday to Storm Wormhttp://blog.washingtonpost.com/securityfix/2008/01/unhappy_birthday_to_the_storm.html
• Schneier on Security: The Storm Wormhttp://www.schneier.com/blog/archives/2007/10/the_storm_worm.html
• Storm worm strikes back at security proshttp://www.networkworld.com/news/2007/102407-storm-worm-security.html
• SANS Internet Storm Centerhttp://isc.sans.org/about.html
• History of Malwarehttp://www.viruslist.com/en/viruses/encyclopedia?chapter=153280684
• Timeline of notable computer viruses and wormshttp://en.wikipedia.org/wiki/Timeline_of_notable_computer_viruses_and_worms
• Timeline of computer security hacker historyhttp://en.wikipedia.org/wiki/Timeline_of_hacker_history
![Page 33: "In the Beginning, ARPA created the ARPANET. And the ARPANET was without form and void. And darkness was upon the deep. And the spirit of ARPA moved upon.](https://reader030.fdocuments.us/reader030/viewer/2022032605/56649e795503460f94b79518/html5/thumbnails/33.jpg)
33
Questions?