Professional Documents
Culture Documents
CSA 581
WEEK 5
1
TODAY WE WILL TALK ABOUT:
2
Importance
New threats
New tools and services to protect
New organization to manage
Better results under worse conditions
3
Security technology innovations, cyber attacks continued to
be successful. Emails that look like normal communication
from financial institutions contained links to malicious look-
alike sites that either
trick users into typing their passwords into the malicious
sites.
4
Countermeasures and Challenges
5
One type of malware logs user keystrokes and
send user names and passwords to criminal data
collection websites. Antivirus and intrusion detection
vendors still create signatures for the latest spyware
and malware, and SOC staff develop routine
procedures to eradicate the software once it is
identified.
6
The network intrusion detection technology vendors
offer the SOC staff a feature that
would sever the network connection of any user
who was downloading malware, but to accomplish
it, they had to replace all of their intrusion detection
system with intrusion prevention systems.
7
The mid-2000s also saw a dramatic increase in
organized crime on the Internet, and identity theft was
rampant.
incidents of lost laptops and backup
tapes that contained large quantities of the type of PII
used to commit identity theft.
8
This raised awareness of the habits of remote users, who
frequently kept such data on the laptops that they took
with them on travel and also used removable media such
as USB devices to carry data with them between home
and work.
9
While some of the technologies had been
configured with the threat of device theft or loss in
mind (e.g., smart phones containing software and
data programmed to destroy all data if a user enters
too many inaccurate passwords), many had never
even been the
subject of security review.
10
Understanding the risk
11
Theft of storage devices extended even into the data
center. So many devices were being encrypted, it
became difficult for administrators to keep up with
procedures to safeguard encryption keys.
12
Security vendors stepped in with automated
key storage and retrieval systems. Often keys
are stored on special hardware chips physically
protected in isolated locations and accessible
only by the equipment used to control access
to the devices.
13
There has been no evolution in email security since the
Morris Worm, only patches for known vulnerabilities. Even
today, the protocols by which servers communicate and share
information are not encrypted without very specialized
agreements on both sides of the communication.
Email is easy to observe with network equipment and is
routinely routed via multiple Internet service providers
before landing at its destination.
14
Although there have been some attempts to identify
authorized email servers via certificate like keys, they are
often ignored for fear of blocking legitimate email users by
accident. Email security vendors created software to assist in
the analysis of email content, and many companies who
suspected that confidential
data such as PII was being sent via email for work-at-home
purposes thereby found that many of their business processes
routinely emailed such data to customer or service providers.
15
They may also use free software (“freeware”) for which no
source code is available. Much of this code has known
security bugs and flaws. These have been dubbed software
security “mistakes” by security software consultants and
vendors. Like the lists of viruses and software
vulnerabilities, software security mistakes have been
cataloged as part of the National Vulnerability Database
project.
16
Cyber security vendors have created security source
code analysis software to be incorporated into
source code control systems so these bugs can be
found before software is deployed. These work
using static software analysis, which reads code as
written, or dynamic software analysis, which reads
code as it is being executed.
17
18
Challenges
19
Challenges
20
Today’s hacker activities
21
Correct cyber security can keep out the joyriders.
In many domains, joyriders are not even perceived as
an issue anymore, as the more dangerous threats
come from hardened criminals and espionage agents.
22
New paradigms of thinking about cyber security
protection are needed to face these challenges.
23
Smart Grid
24
Smart grid
25
26
Thanks for your attention
27