Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 –...
-
Upload
cordelia-mcgee -
Category
Documents
-
view
213 -
download
0
description
Transcript of Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 –...
![Page 1: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/1.jpg)
Recent Security Threats & Vulnerabilities
Computer security
Bob [email protected], Spring 2006 – CASPUR
Work supported by U. S. Department of Energy contract DE-AC03-76SF00515
![Page 2: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/2.jpg)
07 April 2006 HEPiX - Spring 2006 2
Skype Securityhttp://www.secdev.org/conf/skype_BHEU06.handout.pdf
http://www.networkworld.com/reviews/2005/121205-skype-test.html?page=1
Extremely difficult to block Assessments show encryption is good No known backdoors (now US-based ?) No bandwidth concern for calls Supernode concerns
User agreement Network impact Not done for NAT-ed systems
![Page 3: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/3.jpg)
07 April 2006 HEPiX - Spring 2006 3
Flu Pandemichttp://www.csoonline.com/read/020106/planning_pandemic.html
Employees required to stay home – 10 days Need to know where critical employees live Be prepared for work from home Implications of home computers accessing
critical applications on network
![Page 4: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/4.jpg)
07 April 2006 HEPiX - Spring 2006 4
Port Knockinghttp://www.portknocking.org/
Server has no open ports but monitors connection attempts
Client sends SYN (the “knock”) Ports must be “knocked” in proper
sequence to be allowed application access The sequence can also be used a covert
channel
![Page 5: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/5.jpg)
07 April 2006 HEPiX - Spring 2006 5
Bumping Lockshttp://www.toool.nl/bumping.pdf
File the shoulder of a key Insert and use impact to jar pins Works best with expensive locks Works with “dimple” locks
![Page 6: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/6.jpg)
07 April 2006 HEPiX - Spring 2006 6
Passwords POP3
kastela3, Romania2, ecdMJee4dD, baum2kid, ghbghb, 1@roma06, ubc789, 84relax, 4q63wbg, light2484, tDsfCxJs
IMAP Dadoes63, cal1pat0
dnow12i, Bruck5BD *hoFK87, 1etsg0, 21filipch ckmckmir,obheyto, authum1808R2gsumb0, rugbybearv3sm9r-EGEE, k7u0naDad123Red345, 123456Tuesday, ippin, nk0
SMTP lworib4u, iosara44,
tuesday, ha66il33
ICQ gg147231, lalamisi
xircom12, power0123stell, B7A8
FTP !!
![Page 7: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/7.jpg)
07 April 2006 HEPiX - Spring 2006 7
Passwords (http) - 2 auradoo indovina mrakovnjacha 268jld823 hepix ovidVM1 sebastian 123pirla bazzy 637xre286 argxb@$$ e4077a97
rl57ux27 pfstef fireball frump 585tnc172 anais admin cband tig4yet pincopallino JSAjNTU= st1mpy3483
![Page 8: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/8.jpg)
07 April 2006 HEPiX - Spring 2006 8
Passwords (http) - 3 d115872m Hammerhead S0ph0S 268jld823 bravodb monkies fifth r0|01010 figarek 844dbc784 aK`5huHn e4077a97
1hepix sonia 637xre286 fin_maggie frump elijah anais courier cband tig4yet pincopallino Mammoths
![Page 9: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/9.jpg)
07 April 2006 HEPiX - Spring 2006 9
Instant Messaging http://internet.newsforge.com/internet/05/10/07/1521221.shtml?tid=13
OTR – variety of IM clients and platforms Encrypts data on IM channel – independent
of central server (AIM, Gtalk, etc.) Authenticates IM partner
First communication – user/computer requires fingerprint verification
Subsequently – exchanges encryption key
![Page 10: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/10.jpg)
07 April 2006 HEPiX - Spring 2006 10
Wireless Configuration Issueshttp://www.theta44.org/karma/
Client remembers previous networks Custom WAP can get client to
associate T-mobile, linksys, netgear ….. Works with Windows, MAC OS X
![Page 11: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/11.jpg)
07 April 2006 HEPiX - Spring 2006 11
Stealth by Design malwarehttp://invisiblethings.org/
Use private file infector (survive reboot) Inject thread into existing process Passive covert channels to avoid sockets Relocate into block of storage & unload Not detectable by normal rootkit detectors Coming soon to a PC near you ….
![Page 12: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/12.jpg)
07 April 2006 HEPiX - Spring 2006 12
10 Best for Securityhttp://www.cio.com.au/index.php/id;1449363213;fp;16;fpid;0
Assess your risk Define you boundaries Rely on multiple solutions Market your program
User awareness Take your measure
Define metrics and measure continually
Set your standard (NIST 800-xx, ISO 17799,
etc._ Train and mentor Use biometrics Avoid common mistakes Don’t forget Process
Control Networks (PCN)
![Page 13: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/13.jpg)
07 April 2006 HEPiX - Spring 2006 13
TAN Codes http://www.theregister.co.uk/2006/03/24/trojan_captures_token/
Thought to be safe against phishing – sent via SMS or paper mail
Trojan-Spy.Win32.Bancos.pw intercepts https traffic to obtain passcode
Displays error message to user – scammer can quickly enter passcode themselves
![Page 14: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/14.jpg)
07 April 2006 HEPiX - Spring 2006 14
Computing Dragons DNA just a program Use computer to design (evolve) lizard DNA
and tweak results based on simulations. Produce designer pets
http://www.economist.com/science/displayStory.cfm?story_id=6740040
![Page 15: Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Spring 2006 – CASPUR…](https://reader031.fdocuments.us/reader031/viewer/2022022804/5a4d1be37f8b9ab0599e0aad/html5/thumbnails/15.jpg)
07 April 2006 HEPiX - Spring 2006 15
Computing Dragons DNA just a program Use computer to design (evolve) lizard DNA
and tweak results based on simulations. Produce designer pets
http://www.economist.com/science/displayStory.cfm?story_id=6740040