Network Security Fundamentals

Similar documents
Technology in Action

CS System Security Mid-Semester Review

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

Introduction to Security. Computer Networks Term A15

Unit 5. System Security

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

The Security Problem

Language-Based Protection

Protecting Virtual Environments

Network Fundamentals. Chapter 7: Networking and Security 4. Network Fundamentals. Network Architecture

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

Seqrite Antivirus for Server

(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

A Review Paper on Network Security Attacks and Defences

An Introduction to Virus Scanners

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Quick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology.

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Intelligent and Secure Network

Malware, , Database Security

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Computer Hacking Forensics Investigator

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

Endpoint Protection : Last line of defense?

Ethical Hacking and Prevention

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

BEST PRACTICES FOR PERSONAL Security

Automating Security Response based on Internet Reputation

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Intel Security Advanced Threat Defense Threat Detection Testing

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

Securing Today s Mobile Workforce

Training UNIFIED SECURITY. Signature based packet analysis

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

What to Look for When Evaluating Next-Generation Firewalls

Cyber Security Practice Questions. Varying Difficulty

Securing the SMB Cloud Generation

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

Phishing in the Age of SaaS

Course Outline (version 2)

ECDL / ICDL IT Security. Syllabus Version 2.0

Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing

CS System Security 2nd-Half Semester Review

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

SECURE USE OF IT Syllabus Version 2.0

Accounting Information Systems

Elementary Computing CSC 100. M. Cheng, Computer Science

Lecture 12. Application Layer. Application Layer 1

Ethical Hacking. Content Outline: Session 1

How To Remove Virus From Computer Without Using Antivirus In Windows Xp

INDEX. browser-hijacking adware programs, 29 brute-force spam, business, impact of spam, business issues, C

Securing Information Systems

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Chapter 6 Network and Internet Security and Privacy

Venusense UTM Introduction

Security Gap Analysis: Aggregrated Results

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Symantec Ransomware Protection

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

Prolexic Attack Report Q4 2011

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

The Scenes of Cyber Crime

Computer Security. Solutions

Symantec Endpoint Protection 14

Types Of Computer Virus Sources Of Virus Virus Warning Signs Virus Detection(Anti-Virus) Virus Prevention and Removal

Service Provider View of Cyber Security. July 2017

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

NHS South Commissioning Support Unit

Virus Analysis. Introduction to Malware. Common Forms of Malware

ABOUT LAVASOFT. Contact. Lavasoft Product Sheet: Ad-Aware Free Antivirus+

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?

How We Delivered Compliance to a London-based Law Firm. A Network Security Project Case Study.

Teleworking and Security: IT All Begins with Endpoints. Jim Jessup Solutions Manager, Information Risk Management June 19, 2007

IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006

Getting over Ransomware - Plan your Strategy for more Advanced Threats

How To Remove A Virus Manually Windows 7 Laptop Using Antivirus Program

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

EXECUTIVE REPORT 20 / 12 / 2006

The Interactive Guide to Protecting Your Election Website

CHAPTER 8 SECURING INFORMATION SYSTEMS

Manually Remove Of Xp Internet Security Protect Virus Manually

A Unified Threat Defense: The Need for Security Convergence

Transcription:

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013

Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Today s Threats

Viruses & Worms

Viruses Program that copies itself to other programs In the same directory In a fixed directory Virus spreads by the copying of files By users, typically When program invoked Virus executes first Copies itself to other programs Optionally, performs some malicious action Then executes host program Example: W97M.Marker 04/13 cja 2013 4

Worms Viruses that use network to replicate No dependence on copying files Worm generates its own targets Via self-stored data Via host-stored data Randomly Combinations thereof Example: Blaster 04/13 cja 2013 5

Types of Viruses Boot sector Executable infector Multipartite TSR Stealth Encrypted Polymorphic Metamorphic 04/13 cja 2013 6

Macro Viruses Virus instructions are interpreted Platform independent Infect common applications Microsoft Excel, Easily spread Easily defeated Prohibit automatic execution of code 04/13 cja 2013 7

Virus distribution Sophos study (2002) 26.1% macro viruses 26.1% Trojan horses 19.2% executable viruses 6.8% script viruses 21.8% other (Unix, boot sector, worms, file, Macintosh, multipartite) 04/13 cja 2013 8

Malicious code types, 2010 04/13 Source: Symantec Global Internet Security Threat Report, Vol. XVI, April 2011 cja 2013 9

Malicious Code Types, 2012 Figure B11: Propagation Mechanisms Source: Symantec Internet Security Threat Report, Vol. 17, April 2012 cja 2013 02/13 10

Antiviral approaches Detection Scan for virus code signatures More difficult for encrypting viruses Polymorphic - decrypt using emulator, or analyze encrypted virus body statistically Metamorphic - harder Identification Vendor databases Removal Quarantine render harmless by encryption or compression copy to quarantine area Delete 04/13 cja 2013 11

U-M Anti-virus http://safecomputing.umich.edu/antivirus/ Free Microsoft Security Essentials for personally-owned Windows machines Microsoft Forefront Endpoint Protection for university owned Windows machines 32- and 64-bit versions Free Sophos Anti-Virus for Mac OS X machines All versions of OS X up to and including 10.7 (Lion) Good, concise security recommendations http://www.safecomputing.umich.edu/tools/security_shorts.html" http://www.safecomputing.umich.edu/mds/ http://www.safecomputing.umich.edu/students.php More information http://www.safecomputing.umich.edu/ 04/13 cja 2013 12

Spyware Generic name for software that tracks users behavior Wide range of activities Keystroke loggers Tracking cookies File inspectors Location awareness Remote video & audio recording Store-and-forward As hard to detect remotely as botnets are 04/13 cja 2013 13

Spyware Detection and removal tools Windows Defender (née Microsoft AntiSpyware) http://www.microsoft.com/athome/security/spyware/ software/default.mspx Lavasoft Ad-Aware http://www.lavasoftusa.net/ Spybot Search&Destroy http://www.safer-networking.org/ 04/13 cja 2013 14

Botnets

Botnets Malware installed on victim machines listens for transmitted instructions Attack other machines Transmit spam Participate in DDOS attacks Crack passwords Installed via well-known vectors Communicate with command and control host(s) via anonymous message services Typically irc Typically encrypted Typically silent, so hard to find 04/13 cja 2013 16

Botnets One of the major threats Large increase in 4Q2006 spam traffic 30-450% increase Very large botnets 1.5 x 10 6 bots in Dutch botnet (2005) 5 x 10 6 bots in Conficker (2009)» Encrypted & authenticated» Some recent progress in detection 2 x 10 6 bots in CoreFlood (2011)» Operating for 8+ years 04/13 cja 2013 17

Microsoft Security Intelligence Report 1H2011 04/13 http://www.microsoft.com/security/sir/default.aspx cja 2013 18

Microsoft Security Intelligence Report 1H2012 04/13 http://www.microsoft.com/security/sir/default.aspx cja 2013 19

Super botnets 1Q2013 DDOS attacks 48 Gbps average (130 Gbps peak) Up from 6 Gbps 1Q2012 Attackers targeting Web servers Much more bandwidth Wordpress, Joomla, other DIY Source: Prolexic Quarterly Global Ddos Attack Report, Q1 2013 04/13 cja 2013 20

Today s Threats

Attack Toolkits, 2011 Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 22

Total vulnerabilities, 2011 Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 23

Web Browser Vulnerabilities, 2011 Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 24

Web Browser Vulnerabilities, 2010 Source: Symantec Global Internet Security Threat Report, Vol. 16, April 2011 10/12 cja 2012 25

Today s threats In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques, such as server-side polymorphism to colossal effect. This technique enables attackers to generate an almost unique version of their malware for each potential victim. Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 26

Today s threats We saw a rising tide of advanced targeted attacks in 2011 (94 per day on average at the end of November 2011). In terms of people who are being targeted, it s no longer only the CEOs and senior level staff. 58% of the attacks are going to people in other job functions such as Sales, HR, Executive Assistants, and Media/ Public Relations. Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 27

Today s threats High-profile hacks of Certificate Authorities, providers of Secure Sockets layer (SSL) Certificates, threatened the systems that underpin trust in the internet itself. Website owners recognized the need to adopt SSL more broadly to combat Man-In-The-Middle (MITM) attacks, notably for securing non-transactional pages, as exemplified by Facebook, Google, Microsoft, and Twitter adoption of Always On SSL. Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012. 28

Today s threats Gartner predicts sales of smartphones to end users will reach 461.5 million in 2011 and rise to 645 million in 2012. [M]obile offers new opportunities to cybercriminals that potentially are more profitable. A stolen credit card may go for as little as USD 40-80 cents. Malware that sends premium SMS text messages can pay the author USD $9.99 for each text. Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 29

Today s threats More than 232.4 million identities were exposed overall during 2011. [B]reaches caused by hacking attacks had the greatest impact and exposed more than 187.2 million identities, the greatest number for any type of breach in 2011. The most frequent cause of data breaches was theft or loss of a computer or other medium, such as a USB key or a back-up medium. Theft or loss accounted for 34.3% of breaches that could lead to identities exposed. Source: Symantec Global Internet Security Threat Report, Vol. 17, 2012 10/12 cja 2012 30

References http://en.wikipedia.org/wiki/ Timeline_of_notable_computer_viruses_and_worms http://www.symantec.com/threatreport/ Symantec Internet Security Threat Report, Volume 17, April 2012 http://www.blackhat.com/presentations/bh-dc-09/marlinspike/ BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf http://arstechnica.com/security/2013/04/fueled-by-super-botnetsddos-attacks-grow-meaner-and-ever-more-powerful/ 04/13 cja 2013 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback