Cyber Security KTN - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Cyber Security KTN

Description:

about malicious code? ... Malicious code is a threat, but doesn't necessarily pose a risk; ... measurements look at malicious code and vulnerabilities, but ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 13
Provided by: aeat49
Category:
Tags: ktn | cyber | security

less

Transcript and Presenter's Notes

Title: Cyber Security KTN


1
Cyber Security KTN Metrics SIG Kick-off
Meeting Presentation by Jeremy Ward
2
Todays Internet Threat Landscape
  • Cybercrimes online fraud and the theft of
    confidential information have some publicity.
  • But surveys (eg DTI breaches survey) show that
    the impression is that Internet threats are less
    significant as a result of decline in
    well-publicised threats.
  • Quieter, stealthier threats now the norm, through
    bots using customizable or modular malicious
    code.
  • Web applications and web browsers increasingly
    the focal point of attacks.
  • In countries with a longer history of on-line
    trading (eg USA), there is evidence of
    plateauing, or decline because trust is lost.

3
What does the Internet look like?
  • Cybercrime is likely to increase
  • as the rewards get more attractive, it is
    logical that attackers will improve their
    methods.
  • We believe that traditional perimeter defenses
    are not enough
  • with the rise in client side attacks and web
    application attacks, it seems likely that
    attackers are able to find new ways into the
    network.
  • We think that the volume and severity of attacks
    continues to rise
  • because there is a short patch window,
    increasing numbers of malicious code variants and
    stealthy, silent attacks.
  • HOWEVER, WE DONT KNOW FOR SURE

4
We have some evidence
  • Japanese Power Plant Compromised
  • Database accessed with a hidden file sharing
    program. Peer-to-Peer software allowed inside the
    network.
  • European Bank Customers Compromised by Phishing
  • Customers of large banks in the UK, Spain and
    Germany have been infected with the sophisticated
    Metafisher Trojan horse.
  • Text Files Compromised
  • The Briz.A Trojan horse enabled a hacker to
    obtain 62MB of text files (62,000 printed pages).
    The hacker organised them into folders by
    victims nationality and sold them to the highest
    bidder.
  • These are good stories but theyre only
    anecdotal!

5
What do we know objectivelyabout malicious code?
  • Modular malicious code accounts for 88 of the
    top 50 malicious code in a 6 month reporting
    period

6
What do we know objectivelyabout threats to
confidentiality?
  • Threats to confidential information continue to
    increase with 80 of the Top 50 reported
    malicious code having the potential to expose
    confidential information.

7
What do we know objectively about
vulnerabilities?
  • In the last 6 months of 2005, 69 of all
    vulnerabilities reported to Symantec were web
    application vulnerabilities.

8
The Challenges
  • Malicious code is a threat, but doesnt
    necessarily pose a risk
  • Vulnerabilities dont pose a risk unless there
    are available exploits and they are unpatched
  • Current measurements look at malicious code and
    vulnerabilities, but dont objectively assess the
    risk they pose to ordinary Internet-connected
    systems
  • No clear, objective, statistically valid way of
    measuring the effectiveness of technological
    countermeasures in ordinary Internet-connected
    systems.

9
Proposal
  • SIG should consider the design of a series of
    testbeds to benchmark the reality of Internet
    threats and the effectiveness of technological
    countermeasures.
  • These should be representative of client systems
    actually connected to the Internet.
  • Their build should be proportionate to market
    representation in terms of OS, applications and
    Web browsers.
  • They should be protected by a representative
    selection of Firewalls and AV systems.
  • Each testbed should be monitored by IDS.
  • All updated signatures and patches should be
    applied.

10
Composition of Ordinary Systems Testbeds
OS Market Share
Browser Market Share
Data from Netapplications.com
11
Issues
  • Statistically correct apportioning of
    countermeasures to testbeds?
  • Number of testbeds needed?
  • Maintenance of testbeds?
  • Location of testbeds?
  • Variability in delay of patching and updating?
  • Can we do/do we need generation of false
    traffic/Web browsing etc?
  • Design of analysis system for monitoring?
  • Is this the right approach, or is there something
    better?

12
Next Steps
  • Volunteer to answer the questions on previous
    slide!
  • Join the debate.
  • Design the testbeds and the testing regime.
Write a Comment
User Comments (0)
About PowerShow.com