Cyber Attack Update - PowerPoint PPT Presentation

1 / 4
About This Presentation
Title:

Cyber Attack Update

Description:

Cyber Attack Update. ITD. 9/28/2006. Cyber Attack Update. Threat: MS Windows Server Service ... must have an ability to update ITD with patch and/or ... – PowerPoint PPT presentation

Number of Views:77
Avg rating:3.0/5.0
Slides: 5
Provided by: mass80
Category:
Tags: attack | cyber | update | windows

less

Transcript and Presenter's Notes

Title: Cyber Attack Update


1
Cyber Attack Update
  • ITD
  • 9/28/2006

2
Cyber Attack Update
Incident Overview
  • Threat MS Windows Server Service
  • Remote Buffer Overflow (code execution)
    Vulnerability
  • MS 06-040 unpatched machines were exposed to the
    Microsoft
  • Windows Server Service Remote Buffer Overflow
    Vulnerability,
  • announced with patch, by Microsoft on August 8,
    2006. MS06-
  • 040 addressed a critical issue in the Server
    Service that allows
  • for remote code execution on vulnerable systems.
  • Alert to Agencies
  • August 9th - ITD transmitted a Security Alert to
    agencies via
  • nav.notifications_at_listserv.state.ma.us (List
    Manager Application)
  • COMM-DL - Network Administration (Outlook GAL
    entry)

3
Hello Worm
  • Hello Worm
  • W32.Wargbot Worm is a network-aware worm that
    downloads a
  • Botnet Program. The botnet network, introduced in
    this instance by
  • The backdoor IRC channel (port 18067), attempted
    to open a back
  • Door (i.e., covert) connection from the
    compromised hosts (pre
  • Windows XP SP2/Windows and Server 2003 SP1) to
    Internet Relay
  • Chat (IRC) servers in China.
  • The W32.Wargbot Worm successfully exploited the
    first unpatched MAGNet hosts on Saturday, 8/12/06
  • ITD deployed ACL (access control lists) on the
    affected subnet while customer worked to
    remediate infected nodes
  • August 14 August 21 Wargbot infected a total
    of 32 Agencies, 74 sites, and 428 hosts

4
Cyber Attack Update
Recommendations
  • Communications is the first (and most
    challenging) step
  • Critical Security Vulnerability Alerting (MAN)
  • ITD must ensure that customer service impacts are
    communicated
  • Customer contacts must be documented and
    maintained
  • Customers must have an ability to update ITD with
    patch and/or remediation status
  • Patching AV Updating is important security
    vulnerability patching is crucial
  • Shortening period between announcement exploit
    arrival
  • Know/document/share
  • Network communications design
  • Application dependencies
  • Asset locations and configurations
  • Aggressive removal remediation of infected and
    vulnerable nodes
  • Prevents unexpected application
    availability/performance issues
  • Timing of Access Control Deployment is critical
Write a Comment
User Comments (0)
About PowerShow.com