Information Security Implications and Challenges

1
Information Security Implications and Challenges
John H. Saunders, Ph.D., GSEC National Defense
University
Information security challenges.ppt
2
National Security Functions
Structuring
Stationing
Integrity
Availability
Confidentiality
Manning
Deploying
Computer Networks
Sustaining
Equipping
Funding
Authenticity
Non-Repudiation
3
Information Security

• The Growing Problem
• Information Infrastructure Numbers of Computers
  Networks Expense to Purchase, Maintain
  Growing Importance in Operations Extent of
  Connectivity
• Attacks Types Numbers /Incidents
  Sophistication Propagation Speed
• Principal Challenges
• Risk Management how to best apply people,
  processes and technology for protection and
  recovery
• Education of the workforce Management,
  Technicians, Users

4
Increase in attacks and weaknesses
Increase in Attacks and Weaknesses
SOURCE www.cert.org
5
Increase in Bot /Spyware Networks
Increase in "Bot" and Spyware Networks
6
Increase in Speed of Attacks
Increase in Speed of Attacks
1. Source MI2g, UK
See also http//enterprisesecurity.symantec.com/co
ntent.cfm?articleid1539
7
Increase in Attack Sophistication
Increase in Attack Sophistication
email propagation of malicious code
DDoS attacks
stealth/advanced scanning techniques
increase in worms
sophisticated command control
widespread attacks using NNTP to distribute attack
widespread attacks on DNS infrastructure
anti-forensic techniques
executable code attacks (against browsers)
home users targeted
automated widespread attacks
Attack Sophistication
GUI intruder tools
distributed attack tools
hijacking sessions
increase in wide-scale Trojan horse distribution
Internet social engineering attacks
widespread denial-of-service attacks
Windows-based remote controllable Trojans (Back
Orifice)
techniques to analyze code for vulnerabilities wit
hout source code
automated probes/scans
packet spoofing
Intruder Knowledge
1990
2004
Rich Pethia, Carnegie Mellon Software Engineering
Institute, Bugs in the Programs Presentation at
DoD/DHS Software Assurance Forum, 31 Aug 2004
8
Risk Management
So ... What is The Challenge?
Information Technology Risk Management
Amount Allocated for Information Security US
Government, 2004 4.7 Billion 1,2
Mandated by U.S. Federal Information Security
Management Act (FISMA), 2002
1.) IT security spending to keep pace with
budget William Jackson . Government Computer
News, Feb 3, 2003 2.)GAO Report Information
Security Subcommittee Post-Hearing Questions
Concerning the Additional Actions Needed to
Implement Reform Legislation. GAO-02-649R  April
16, 2002 
9
Risk Management
Information Technology Risk Management
Assets
Protections
DECISIONS
10
So ... What is The Challenge?
Education
11
Number of Certified ProfessionalsCertified
Information System Security Professional (CISSP)
SOURCE ISC2.org/Download/
12
Enrolled Students Information Assurance
Certificate Information Resources Management
College
13
Information Security Education Training
Information Security Education Training

• You could send your employees to
• SANS - 2995 for 1 week course
• http//www.sans.org
• CISSP Review - 2500 for 1 week review
• http//www.isc2.org
• MIS Institute - 1600 for 3 day seminar
• http//www.misti.com
• Etc.
• Plus Travel and Expenses

14
Meeting the Challenge
Meeting the Challenge

• Goal Avoid Information Malfeasance
• Education Training to understanding weaknesses
  apply security controls
• Some Beginning Steps
• Build an Information Security Program
• Hire Staff
• Chief Information Security Officer
• Consultants
• Information Security Technicians
• Develop Policy
• Educate your People
• Perform Risk Assessment
• Apply Cost Effective Measures
• Capitalize via partnerships within and across
  trusted organizational boundaries

15
Increase in Complexity of Attacks
Increase in Complexity of Attacks
InfectedUNIX hosts
Newvector
SAdminDexploit Port 111
Un-patchedUNIX hosts
1. Scans Port 80 2. IIS Unicode Exploits Port
80 3. Deface Download on Port 80
Fails
Web Page Not Exploitedor fails
PatchedUNIX hosts
Exploit OK But Fails
SAdminD/IIS WormFirst Occurrence of a
Cross-Platform Worm
Winnt/system32 exploitcopies/renames
root.exe,in inetpub\scripts directoryas
backdoor open to port 80
Exploit OK
Windows systemswith web applicationsactive, not
patched
Scan Fail
Exploit Fail
Scan OK
Windows systemswith no webapplications active
Windows systemswith web applicationsactive,
patched
Unicode/IIS affects web servers And
Misconfigured PDC (IIS) Exchange
serversWorkstations (IIS),trust relationships,
etc