??????????????????????????%20????????????????????%20New%20Emerging%20Security%20Trends

1
??????????????????????????????????????????????Ne
w Emerging Security Trends
????????? ????????????????????? ????????????????
?????????????????????????????????? ???????????????
????????????????????????????? ??????????????????
??????????????????????? High Performance IT
Security Technology and Digital Certificate
Trend SVOA/NetScreen/ACERT - Sheraton Grande
Sukhumvit, ?????? ? ???????? ?.?. ????

2
????????????

• ?????????????????????????????
• ?????????????????????????????
• ??????????? (????????? ???????? ???...)
• ??????????????(???)??????
• ????????????????????
• ???????????????????????????????
• ????????????????????

3
?????????????????????????????????????????????
4
????????????????? ????????????????? Internet
????? (???????????)
5
????????????????? ???????????????????????????????
??
??????? CERT / CC
????????????????????????????
6

7
U.S.A CHINA INFORMATION WARFARE
8
U.S.A CHINA INFORMATION WARFARE
9
U.S.A CHINA INFORMATION WARFARE
10
???????????????????????????????
11
Computer Virus
xxx .exe
12
??????????????????????????????????? 10 ?.?. 10
?.?. 2545
13
?????????????????????????????????????????????????
Sircam, Nimda, Badtrans ?????????????? ThaiCERT
14
????????????????????????????????????????????????
???
?????????? Computer Economics, Inc. 2001
15
??????????????????????????????????????????????????
????
16
??????????????????????????????????

• The incredible growth of our society's deployment
  of computing has too often been conducted with
  concerns for speed or lowest cost rather than
  with concern for issues of safety, security, and
  reliability.
• Security cannot be easily or adequately added on
  after-the-fact and this greatly complicates our
  overall mission.

The software and hardware being deployed today
has been designed by individuals with little or
no security training, using unsafe methods, and
then poorly tested. This is being added to the
fault-ridden infrastructure already in place and
operated by personnel with insufficient awareness
of the risks. Therefore, none of us should be
surprised if we continue to see a rise in
break-ins, defacements, and viruses in the years
to come.
Prof. Gene Spafford Perdue University
17
?????????????????????????????????????????????????
??????
1. ????????????? (Data Acquisition) 2.
??????????????? (Data Entry) 3. ???????????
(Data Processing) 4. ??????????
(Duplication) 5. ????????????????(Data
Communication) 6. ?????????????? (Data
Scraping)
18
??????????????????????? ?????????????????????
?????????????? (OS) ????????????????
?????????????? (OS) ???????????????
19
?????? U.S.A.
?????????????? (OS) ???????
???????
20
??????????????????????
21
??????????????????????????????????

• Security is currently where networking was 15
  years ago
• Many parts pieces
• Complex parts
• Lack of expertise in the industry (60 vacancy
  with no qualified personnel)
• No common GUIs
• Lack of standards
• Attacks are growing
• Customers require security for biz

22
As Systems Get Complex, Attackers are Less
Sophisticated
HIGH
CROSS SITE SCRIPTING
STEALTH/ADVANCED SCANNING TECHNIQUES
INTRUDER KNOWLEDGE
DENIAL OF SERVICE
STAGED ATTACK
PACKET SPOOFING
SNIFFERS
DISTRIBUTED ATTACK TOOLS
WWW ATTACKS
AUTOMATED PROBES/SCANS
SWEEPERS
GUI
BACK DOORS
NETWORK MANAGEMENT DIAGNOSIS
DISABLING AUDITS
HIJACKING SESSIONS
ATTACK SOPHISTICATION
BURGLARIES
EXPLOITING KNOWN VULNERABILITIES
PASSWORD CRACKING
SELF-REPLICATING CODE
PASSWORD GUESSING
LOW
1980
1985
1990
1995
2000
23
???????????????????????????
?????????????????????????????????????????????????
??????????????????????????????????????????????????
??????????????????????????????????????????????????
????????????????????????????????????
???????????????????????????????????????????????
???????????????????????????? ?????????????????????
?????????????????????????? ???? Virus Computer,
Trojan Horse, Bombs, Rabbit, Sniffer, DoS
24
Software Is Too Complex
50
45

• Sources of Complexity
• Applications and operating systems
• Data mixed with programs
• New Internet services
• XML, SOAP, VoIP
• Complex Web sites
• Always-on connections
• IP stacks in cell phones, PDAs, gaming consoles,
  refrigerators, thermostats

40
35
30
MILLIONS
18
20
16.5
15
10
4
3
0
WINDOWS 3.1 (1992)
WINDOWS NT (1992)
WINDOWS 95 (1995)
WINDOWS 98 (1998)
WINDOWS NT 4.0 (1996)
WINDOWS 2000 (2000)
WINDOWS XP (2001)
25
Security Must Make Business Sense to Be Adopted
OPTIMAL LEVEL OF SECURITY AT MINIMUM COST
COST ()
TOTAL COST
COST OF SECURITY COUNTERMEASURES
COST OF SECURITY BREACHES
0
SECURITY LEVEL
100
26
????????????????? (??????)
?????????
27
Security Lifecycle Solutions
Assess
plan
Secure Architecture and Code Design Business
Continuity/Disaster Recovery Planning PKI
Solutions Policy and Procedures Site Evaluation

Requirements Analysis Risk Assessment Product/Serv
ice Evaluation Trade-Off Study Compliance
Verification Architecture Review Application
Testing
SSE-CMM ISO 9000 SAS 70 BS 7799
observations
standards
Training Firewall/IDS Configuration VPN OS
Hardening Roles Responsibility Integration
Incident Response and Recovery Vulnerability
Scans Penetration Testing Alert Monitoring Log
Analysis System Audit Integrity Monitoring
baseline
28
Why are Security Risks Increasing?

• Denial of the problem
• Improperly designed infrastructure of existing
  systems, apps, networks, etc.
• Acceleration of new technologies with no security
  capabilities
• Lack of proper threat assessment for assets and
  development of protective measures for same
• No legislative impetus
• Improper recognition of risks by senior
  management

29
Classic Current IT Risks

• DNS attacks
• DDoS, DoS, etc.
• Virii, worms, etc.
• Spoofs and redirects
• Social engineering
• Router table attacks
• OS holes, bugs
• Application code problems
• Insider attacks
• Others

30
Other Protection Problems

• Privacy
• Family
• Personal assets
• Relationships
• The Standard Stuff
• Telecom infrastructure
• Internet infrastructure
• Intellectual Property
• Etc

31
????????????????????

• ????????????????????
• ????????????????????????????????????????
• ?????? IT
• ??????????????????????????????????? PKI
• ??????????????????????????????? -- CERT
• ?????????????????????????????

32
Security Markets and Technologies
risk assessment
forensics
privacy
smart cards
intrusion detection
e-Business
access controls
digital signatures
Application and Commerce Security
Fraud Risk Management
spam
applets
Policy, Audit and Security Management
PKI
worms
Audit
Avoidance
Reliance
Identification
Compliance
Assurance
Pattern matching
Network Security
Authentication
Suppliers
Content filtering
Employees
Privacy
Authorization
Partners
Information flow
Internet services
Customers
viruses
Applications
Data
tokens
VPNs
biometrics
firewalls
e-Mail
web servers
RAS
AberdeenGroup
e-directories
cryptography
monitoring and reporting
33
??????????????????? ?????????????????
34
Security ?????????????? ?
35
????????????????????What is Intrusion Detection?

• Different flavors, different uses
• Network-based
• Host network-based
• Host-based
• Application-based
• Functional Loop-based
• Basic components
• Sensor components
• Rule base for the sensor
• Patterns
• Anomaly detection
• Consolidation database (central)
• Intelligent analysis
• Alarm/alert generation facilities
• Functional Loop Execution
• Incident response

36
???????? Computer Security Policy ????????
Non-Technical Tool
Tool Availability
Technical Tool
CostPerformance
SecurityPolicy
37
??????????????????????????????????????????????
Security Policy
38
?????????????????????????
CEO
39
Legal Infrastructure for e-Business

• Radio Frequency Management Act
• Telecommunications Business Act B.E.2544
• Electronic Transactions Act B.E.2544(Inforporatin
  g Electronic Signature Act)
• National Information infrastructure Act
  (Universal Access Act)
• Computer-related Crime Act
• Data Protection Act
• Electronic Funds Transfer Act

40
???????.?????????????????????????????? ?.?. ....
?????????????????????????????? ???????????????????
??????????????????????????????????????????????????
????? ?????? ???????????????????????
?????????????????? ???????????????????????????????
???????????? ??????????????????????????
?????????????????????????????????????
???????????????????????? ?????????????????????????
??????????????????????????????????????????????????
??????????????????????????????????????????????????
??????????????? ??????? ??????? ?????????
??????????????????????????????????????????????????
?????????????? ??
41
??????????????????????????????????? PKI

• ?????????
• ??????????? ???????? (Encryption)gt Cipher
  text
• ??????????? (Cipher text) ???????(Decryptiongt?
  ??????????
• ??????
• ????????????????????? ???? ????????
• (Symmetric Key or Secret Key Cryptography)
• ?????????????????????? ???? ????????????(Asymmetri
  c Key or Public Key Cryptography)

42
??????????????????????????????? -- CERT
CERT
Computer Emergency Response Team

• An organization or a team that provides, to
  defined constituency, services and support for
  both preventing and responding the computer
  security incidents.

43
?????????????????????? CERT
??????????? ??????????????????1.
???????????????????????????????????????? ????????
??? ?????????? 1. ??????????????? 2.
??????????????????????????????????????? 3.
?????????????????????????????????????????????
???????????? 4. ????????????????????? 5.
?????????????????????????????????????
6. ???????????????? 7. ????????????????????????? 8
. ??????????????????????? 9. ?????????????????????
????? 10. ???????????????????????????????????? 11.
?????????????????????????? 12. ?????????
44
?????????????????????????????????????????????????
???????????????????????????????????
ThaiCERT
45
??????????????????????????????????????????????????
??
46
????????????????????? CERT

• ??????????????????????
• ???? host ??? IP address
• ?????????? host
• ???? ???????????
• ??????????????????????(logfile ?????? ????)
• ?????
• Version ????????????
• Patch
• ?????????????

• ?????????????????????????????????????????
• ????
• ???????
• ??????????
• ???????
• ??????????.????????????
• ??????? fax
• E-mail
• ?????? ??? ????? ???????????)

47
CERT ??????????????????
????????????
48
Intelligence and Information Sharing During
Critical Events

• One of the biggest problems in cyber security
• Trust is a major factor and major problem
• Need to share critical information that may
  violate privacy laws or intellectual property
• May reveal collection methods, which is usually
  very sensitive to any entity
• Example
• May 2001 Hackers Union of China Global attacks
• Sympathetic attacks from Brazil and Bulgaria
• Force-multiplier worms from zombies
• U.S. initiatives
• ISACs
• Infragard (FBI private companies)

49
?????????????????????????????????????

• ??????????????? 2544 ????????????????????????????
  ????????????????...
• ISP ?????? ????????????????????????????????????
• ?????????????????????????????????????? caller ID
  ?????? ISP ??????
• ISP ?????? ??????????????????? access log
  ????????????? 3 ?????
• ???.????????????????? hotline ????????????????????
  ?????
• ?????????????????????????????? ????????????
  digital signature ????????????????????????????
• ?????????????????????????? ISP ??????
  ??????????????????? Internet Host
  ????????????????????

50
?????????????????????????????????????????????????
????????????????????
We cannot hope to protect our information
infrastructure without a sustained commitment to
the conduct of research -- both basic and applied
-- and the development of new experts.

• Prof. Gene Spafford
• Perdue University

51
??????www.nectec.or.th/users/htk/publish/

• ???????????????????????????????????????????
• ????????????????????????????
• PKI Task Force
• Smart-Card Working Group
• ThaiCERT
• ?????????????????????????????????????????????????
  ??????????????????????????????
• ? Critical Infrastructure Protection

52
??????????????????????????????????
1. ????????????????? 2. ???????????????????????? 3
. ???????????????????? (??????????????????????????
???????????????????????????) 4.
????????????????????????????????? e-mail 5.
??????????????????? ???????????? 6. ??????? patch
???????????????????? (OS) ???????????????????
????????????? 7. ?????????????????????????????????
??????? 8. ??????????????? Java, Java Script
??????? script ???????? e-mail 9.
???????????????? 10. ?????????????????????????????
?????????
53
Links
Coalition Against Unsolicited Commercial E-mail
(CAUCE) http//www.cauce.org/The European
Coalition Against Unsolicited Commercial E-mail
(Euro CAUCE) http//euro.cauce.org/en/Coalitio
n Against Unsolicited Bulk E-mail,
Australia http//www.caube.org.au/Network
Abuse Clearinghouse http//www.abuse.net/U.S.
Federal Trade Commission- Report of the Ad-Hoc
Working Group on Unsolicited Commercial E-mail
(1997) available at the Center for Democracy and
Technology web site http//www.cdt.org/spam/
Computer Emergency Response Team / Coordination
Center http//www.cert.org International
Computer Security Association -
ICSA http//www.icsa.net???????????????????????
???????????? (NITC) http//www.nitc.go.th?????
??????????????????????????????????????????????????
??? http//thaicert.nectec.or.th
54
????????? ThaiCERT
55
????????? ThaiCERT
URL http//thaicert.nectec.or.thE-mail
thaicert_at_nectec.or.thTelephone 0-2564-6868
Fax 0-2564-6871