Security Issues in ECommerce

1

• Security Issues in E-Commerce

Elton Chen elton_at_hgiga.com HGiga Inc.
2
Agenda

• Security Issues overview
• Network attack types
• Introduction to Viruses
• What is SPAM ?
• Solutions Introduction

3
Security Issues

• Internet is not safe because
• ?Hacker?Cracker attack?intrude Sniffing
• ?Physical damage (Hardware?Network device?
  Physical line )
• ?Virus attack
• ?Spam
• ?System down

4
Network attack types Hacker attack

• SYN-Flood?SMTP
• IP Spoofing
• DNS Spoofing
• Session Hijack
• Port Scanning
• Web Bomb?ICQ Bomb?Mail Bomb
• Trojan horse attack
• Back door
• DoS?DDoS
• Packet sniffing

5
Network attack types DoS attack types

• TCP/IP weakness
• A.System protocol weakness
• ?Ping of Death
• ?Teardrop
• B.TCP/IP natural weakness
• ?SYN Flood
• LAND
• C. Smurf
• ? ICMP(Internet Control Message Protocol) echo
  request packet

6
Network attack types Intrusion types

• SUID attack
• Password attack
• Remote Password Guessing
• Local Password Cracking
• Trusted-Access attack
• Sequence Number Prediction Attack
• Session Hijacking Attack
• Trojan Horse Attack

7
Network attack types Packet Sniffing types

• Tcpdump
• Scanport
• Sniffer
• NetXray

8
Network attack types Physical damage

• Hardware crashes
• Physical line cut-off

9

• Introduction to Viruses

10
What is a virus?

• Spreads around disks and networks by making
  copies of itself, usually surreptitiously.
• Can produce undesired side-effects on computers
  in which it is active (payload).

A computer program which
11
How do viruses spread?
Infections spread from machine to machine in a
number of different ways

• Modifying legitimate files
• .EXE, .COM
• .DOC, .XLS
• Modifying boot sectors
• E-mail
• IRC

12
In the days before the net...
13
Increasingly connected world
14
Types of virus
Trojan Horse Worm Script Macro

• Boot sector
• Parasitic
• Multipartite
• Companion
• Link

15
Link Viruses - a new lease of life in Windows

• W32/Pretty
• Patches registry to redirect calls to .exe files

16
Link Viruses - a new lease of life in Windows

• W32/Pretty
• Patches registry to redirect calls to .exe files

Also W32/Navidad W32/Verona-B
17
Types of virus

• Trojan Horses (eg Troj/Mine)
• A program which performs functions other than
  those stated in its specification. (Usually
  malicious)
• These can be used to drop viruses.
• Files infected with parasitic viruses become
  Trojan Horses
• Do not replicate
• AIDS Information V2.00

18
Types of virus

• Worm (eg VBS/Lovelet-a)
• Similar to viruses but require no carrier
• Replicate by making exact copies of itself
• Becoming very popular
• Top 3 viruses in July 2000 are all worms
• Often written in Visual Basic Script

19
Types of virus - Script worm

• Machine can become infected without the need to
  open attachments (rarely)
• Usually spread themselves automatically
• e-mail
• IRC
• open network shares
• Successful because
• easy to write
• exploit aspects of Windows previously considered
  safe

20
Types of virus - Script worm

• VBS/Lovelet, VBS/Kakworm, VBS/Stages all script
  worms
• Script viruses becoming more prevalent

21
Types of virus - Macro

• Use document macros to become active and infect
  other documents
• Machine is infected when infected document is
  opened
• Spread
• by distribution of infected documents
• automatically via e-mail (WM97/Melissa)
• Successful because
• Little specialist knowledge is required to write
• Platform independent
• Users still unaware of the dangers

22
Some specific examples
Fear 1823

• WM97/Concept

23
Some specific examples
W32/ExploreZip
24
Some specific examples

• However, most viruses look like this...

25
The increasing threat
26
What is SPAM ?
27
Spam stats

• Spam collected by Sophoss global honeypot
  network has doubled since 5 October 2003
• Content obfuscation is the cheapest way for a
  spammer to bypass anti-spam filters, especially
  signature-reliant systems of any sort
• 40 of spam uses content obfuscation
• 8 use more than one obfuscation method
• We see 2-3 new obfuscation techniques per month

28
Spam stats

• Spammer source and destination obfuscation has
  historically been expensive. Machine hijacking
  is the latest method
• 30 of spam now coming from known dial up and
  broadband IP addresses, meaning almost a third of
  all spam is being sent from hijacked innocent
  computers

29
Spam Moving Target
Early Spam No effort to disguise content
Simple Adaptation Text-based disguised content
HTML Email HTML-based disguised content
Still single and waiting?  If so, you're in luck
- because now there are more singles online
Search and Join FREE today!  Click here!
Still ingle and waiting?  If so, you're in luck
- because now there are more ingles online
Search and J0in F R E E today!  Click
here!
Spam
Time

• 1st Gen Filtering
• keyword searches
• e.g. Join FREE,
• Click here!,
• Viagra
• Signature checks
• RBLs
• ???,???

• 2nd Gen Filtering
• adds complex
• expressions
• e.g. /s, 0/o, 1/i,
• s p a c i n g text,
• word separation
• reverse DNS checks
• cumulative test scoring

• 3rd Gen Filtering
• HTML-based obfuscation
• tests
• e.g. slice/dice, text interrupts, the big
  picture, black hole
• velocity/anomaly checks
• learning engines
• rapid-update capable

Spam Filtering
30
Introduction

• Spammers have noticed that anti-spam filtering
  works, and they dont like it
• To evade anti-spam filters, they are deploying an
  arsenal of tricks to fool simplistic
  keyword-based filters. And simple anti-spam
  filters are easily fooled

31
Spam overview

• There are three major technologies that spammers
  use to obscure messages
• Simple plain text trickery
• MIME
• HTML
• Spammers will often use multiple tricks for
  maximum effect

32
Spam overview MIME

• MIME is a standard for sending mail in multiple
  chunks (used to send attachments)
• Most HTML email clients (e.g. Outlook or Outlook
  Express) use MIME to send both HTML and plain
  text versions of your message
• The recipient decides which to display (HTML or
  plain text)
• MIME provides a playground for spammers

33
Spam overview HTML

• HTML is a common language for email clients
• Most email clients choose to display the HTML
  version of an email, instead of the plain text
  version
• HTML email is very attractive to spammers because
  it provides a rich set of tools for creating
  messages
• Some people believe HTML email is a bad thing

34
Spam overview HTML

• Spammers love HTML email because
• They can send rich messages with fonts, colours
  and links
• They can send messages that include images that
  are not attached, but loaded when the email is
  displayed

35
Spam overview HTML

• Spammers love HTML email because
• They can include web bugs that fire up when you
  open the email, validating the email address and
  encouraging more spam
• HTML provides many ways to hide messages from
  simpler anti-spam filters
• 80-90 of all spam is sent in HTML format

36
Tricks of the spam trade

• Spammers want two things from their tricks
• For you to see the message theyre sending
• But, for an anti-spam to see something else
• We refer to the first as the eye space of the
  message, what it looks like to you
• The second is the ASCII space, what the message
  looks like to a program
• As well see they can differ enormously

37
Future of spam

• Intelligent anti-spam filtering is driving
  spammers to send two types of spam in the future
• Spam that consists of nothing but a link and an
  image
• la/chalkboard.gif"
  iagra-site.com/Sla/eb.php?x52c"
  src"http//www.some-viagra-site.com/Sla/pitch.gif
  "
• Chatty plain text messages with no HTML
• Hi, I saw your profile and wanted to get in
  touch, please check out my site at
  www.some-viagra-site.com

38
Future of spam

• Current legislation will not stop spam
• Indeed, recent legislation proposed by the USA
  may actually increase the amount of spam as they
  choose an opt out system instead of opt in
• Need international agreement, as spam can come
  from anywhere in the world

39
Future spam

• More incidents of spam rage - users so
  infuriated with spam that they take the law into
  their own hands. Examples include Charles Booher
  and Russian Minister Andrei Korotkov
• As the spammers and virus writers work together
  and exchange ideas, a consolidated solution to
  blocking viruses and spam is required

40
In summary

• Viruses and spam remain critical problems for
  business and home users
• Both viruses and spam are becoming more
  sophisticated in their attempts to avoid
  detection
• But anti-virus and anti-spam software is also
  evolving, and better than ever before
• As the separation between viruses and spam
  reduces, so the need for a consolidated solution
  which provides both virus and spam protection
  increases

41

• Solutions Introduction

42
Technique base

• OSLinux
• DatabaseMySQL
• ToolsPHP?Perl?C?Java Script
• Anti-VirusSophos(SAVI) ?InterCheck
• Anti-SpamHGiga SpamCheck
• Web filterSurfcontrol web database

??????????
43
Certificate
??????????
44
Golden product of Linux World 2003
Sherlock family
45
3-Tiers Protection
46
3-Tiers Protection
A?Virus attack
47
3-Tiers Protection
B? Physical line disconnect
48
3-Tiers Protection
C?Service down/ Hardware crash
49
Product Lines --Gateway Protection

• Function
• PowerStation
• Load Balance Security Gateway Improve Your
  IT Security Bandwidth   Performance.
• ViruSherlock
• The Anti-Virus Gateway advance Anti-Virus
  and Anti-spam Protection at Your   Gateway.

50
Product Lines --Filter

• Function
• ViruSherlock
• (1) block spam.(2) protect mail from being
  disclosed.(3) avoid occupation of bandwidth by
  unimportant mails.
• MailSherlock
• E-mail Management Balance between Efficiency and
  Security.
• SpamSherlock
•  Anti-Spam Email Filtering System.
• WebSherlock
• Web access filter deny

51
ViruSherlock-SMTP?POP3
Delete attachment
Virus Detect
Block
Mail Server
Fix
52
ViruSherlock-HTTP
53
ViruSherlock--FTP
Download
transmission Stop!
Combine
ftp//www.download.
ftp//www.download.
ftp//www.donload.com/ Downloads/files/funny.exe ?
djneffjsasBdsEHGasdL IOUafMNBLuiynblpyud
.com/donwloads/files/
.com/donwloads/files/
Funny.exe?djneffjs
asBdsEHGasdLIOU
afMNBLuiynblpyud
54
WebSherlock-content access control
55
Web types setup
56
Product Lines --Monitor

• Function
• PacketShow
• Maximize The Network Application Performance.
• SMS2way
• Server Monitor System to Wireless Access GSM !
•  

57
PacketShow-Packet analysis

• TCP/IP Stiffening

• Protocol/IP/Group flow statistical graph

• Top N

• Database

58
Top N

• Department Top N

• Personal Top N

59
SMS2WAy-frame
SMTP Service
Lotus Notes
Web Site
Send Alert Short Message
System Administrator
GSM Modules
SMS2Way Monitoring System
60
User Interface
61
Reference User
????
?????
????
????
????
????
62
Reference User
??????
????
???
????
63
HGiga Essentials

• Founded in 1993
• Headquarters in Hsinchu
• On the rim of Hsinchu Science Park
• Rapid growth
• 100 employees as of June 1, 2005
• Thousands of customers
• Revenues doubled in 2004
• Profit tripled in 2004
• Product focus
• Network security appliances and complementary
  software
• Perimeter defense (Power series)
• Content filtering (Sherlock series)

64
Q A