Lessons from Star Trek: Towards Self Defending Hosts
Upcoming SlideShare
Loading in...5
×
 

Lessons from Star Trek: Towards Self Defending Hosts

on

  • 869 views

 

Statistics

Views

Total Views
869
Views on SlideShare
868
Embed Views
1

Actions

Likes
0
Downloads
7
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • McCoy accidentally injects himself with an overdose of cordrazine , a drug which makes him exhibit signs of paranoia and madness, while treating an ailing Sulu on the Bridge. Delirious, he beams down to a nearby planet's surface, with Kirk and a landing party on his heels. They are too late to stop the doctor from leaping through a living time machine called "The Guardian of Forever." At that moment, the U.S.S. Enterprise ceases to exist and the landing party is stranded. The Guardian explains that McCoy went back into Earth 's history and changed it, thereby altering the future. Kirk and Spock go through the Guardian, to Depression-era America, a few days before McCoy is to arrive and change history. They encounter a social worker, Edith Keeler , who helps them find work to pay for the equipment Spock requires to build a tricorder . Unknown to Kirk and Spock, Edith has taken in the recently-arrived and ill McCoy. Kirk promptly falls in love with Edith and is devastated when Spock completes his tricorder and discovers that in order to repair history, they must let Edith Keeler be killed in an auto accident. If they allow McCoy to save her — as he did before — she will start an effective pacifist movement that will delay the United States' entrance into World War II, thus allowing Hitler's Germany to develop the atomic bomb first and conquer the planet. When the moment comes, a heartbroken Kirk stops McCoy from saving Edith, and the three officers journey back through the Guardian, where they find things as they should be again. Cast: William Shatner as James T. Kirk Leonard Nimoy as Spock DeForest Kelley as Leonard H. McCoy James Doohan as Montgomery Scott Nichelle Nichols as Uhura George Takei as Hikaru Sulu Guest Cast: Joan Collins as Edith Keeler John Harmon as Rodent Hal Baylor as Policeman David L. Ross as Lt. Galloway John Winston as Transporter Chief Bart La Rue as Guardian of Forever Voice Creative Staff: Director:  Joseph Pevney Written By: Harlan Ellison
  • This was Carpenter's first feature length film as a director. It was originally made as a short while a postgraduate at college. He later expanded it into feature length with his friend and co-writer Dan O'Bannon. Dan was also the writer of Alien and Return Of The Living Dead, an excellent Night Of The Living Dead spoof. Dark Star is an inspired black comedy. Four astronauts travel around the universe indentifying and destroying unstable planets that might turn into black holes. The ship is called Dark Star, hence the films title. Technology rules the crews lives to such an extent that they are left with little to do in the monotonous stretches of space. This leads to apathy and constant bickering amongst the crew. Captain Powell (Joe saunders) has died in a gruesome accident involving an automatic seat belt he is being kept in deep freeze. He is still 'conscious' and helps the crew out as a sort of counsillor and advisor. The nervous and nerdy Pinback (O'Bannon) bears the brunt of the crews boredom and frustration. He is forced to look after an alien he has rescued, the first encounter with 'intelligent' life. This alien bears a strong resemblance to a beach ball. At one point the alien escapes from its pen and Pinback is forced to track it down. leading to some of the funniest scenes in the film. This alien beach ball has been pointed to as the source of O'Bannons script for Alien, where a rough crew (again, another Alien simliarity) are preyed upon by a killing machine that hunts them around the ship. Another and more obvious reference is the name of the ships computer in Dark Star, it is called Mother, the same name given to the computer in Alien. During a meteor storm one of the intelligent bombs arms itself and attempts to carry out its primary goal in life i.e. to explode. The crew try to reason with the bomb using philosophical arguments to convince it not to explode. This is a hilarious scene (yes, there are loads in this film) that has rightly made the film famous. Perhaps the only sane character in Dark Star is Talby, the spaced out hippy who just spends his time looking at the stars. The other characters are alwasy squabbling while Talby just relaxes. Dark Star is a very funny film, it depicts an all too plausible future where technology has robbed man of any meaningful control over his life. It offers a witty and bleak alternative to the scientific Utopia of 2001 and the excitement of Blade Runner. Alternate Versions - A Special Edition has been released in the USA but is no longer freely available. This has been re-edited to remove all the stuff that was added to turn the film from a college project to a feature film. The extra stuff is at the end. The format is widescreen. The re-release of Dark Star in the UK has led to some magazines re-reviewing it : New Musical Express, August 1997, Andrew Sumner : John Carpenter's ultra-low budget student debut Dark Star, co-written by the director with future Alien screenwriter Dan O'Bannon, was a warped slap in the face to the kind of self-important sci-fi crypticism ushered in by Stanley Kubrick's ponderous, wildy overated 2001: A Space Odyssey two years before. Starring O'Bannon himself as ultra-neurotic spaceman Pinback, plus a cast of hirsute unknowns, the movies covers the last days in the life of four deep-space stoner garbage men trapped in a rusting starship and lumbered with a brain-numbingly tedious 20 year bombing mission. Highlights include Pinback's running battle with an alien space hopper, wobbly conversations with the ship's deep-frozen captain and a lengthy philosophical debate with a sentient, megalomaniacal bomb which has become convinced it is God. A subversive college-boy masterpiece which remains eminently watchable nearly 30 years later, Dark Star foreshadowed the pure cinematic brilliance of Assault On Precint 13 and serves as a sobering testament to Carpenter's pre-schlockmesiter brilliance.
  • 25th Anniversary of TRON        07/09/2007 9:20 by Todd " TheReelTodd " Washburn It was on July 9, 1982 that the ground breaking film TRON was released upon movie audiences. The world got its first glimpse in to a little something called cyberspace long before the term cyberspace even existed. The digital world of TRON offered new and amazing 3D computer animation, the likes of which had never before been seen by movie audiences. The visual effects were incredible and had many of us dropping our jaws in awe of its amazing look and style. The concept of taking a living, breathing human and digitizing him in to the world within the computer's active memory was equally as impressive as the stunning visuals. In 1982, most kids were hooked on the relatively new form of entertainment known as video games - playing in the arcades and also at home on the classic consoles of the day. Home computers were just starting to catch on. Watching the character of Kevin Flynn being forced to play video games, from within the computer itself, was something that every video game enthusiast longed for... or at least many of us did. TRON unfortunately didn't do well at the box office. It wasn't exactly promoted very well. I clearly remember seeing TV commercials for the film and wondering to myself, ''What? With all the cool stuff in the film, they're showing that?'' Many of us first learned of TRON in a TV special called ''Computers Are People Too''. The story they did on TRON in that TV special was far better than any advertising I saw just before it came out. Poor promotion, perhaps along with an audience that didn't quite grasp the concept of a digital world lead to TRON not doing well at the box office. My first thoughts after seeing TRON (once I was able to come off the high of seeing it compose myself) was that it would no doubt be as big as Star Wars had a few years before. I didn't understand how it just faded away so quickly without the huge frenzy that Star Wars generated, but that is how it went 25 years ago. Over the years, TRON has remained a favorite to many of us who were fortunate enough to have caught it in the theater in 1982. It has also picked up many new fans in the time since - many of which were not even alive when TRON first hit the theaters. TRON has, in fact, had more staying power and created more new fans over the years than almost any other film from 25 years ago. Today, on this 25th anniversary, we are looking back on this amazing blend of energy, light, art, science, and storytelling. TRON is 25 and still glowing strong! The celebration doesn't stop here. Our friend and resident pixel pusher Sketch has some cool TRON desktop wallpapers that are available for download. Special thanks to Sketch for taking the time to make these awesome wallpapers, based on the 25th Anniversary poster graphic he designed for this story!
  • Clarke privately circulated in 1945 May a proposal titled The Space-Station: Its Radio Applications in six typed manuscripts. The top copy of that is now in the National Air and Space Museum, Smithsonian Institution, Washington D.C. It was reprinted in Spaceflight , Vol 10. no 3, March 1968 pp 85-86 and in Ascent to Orbit pp 57-58. In Ascent to Orbit Clarke says the paper with original title The Future of World Communications was written in late June and submitted to the RAF censor on July 7th. It was sent to Wireless World on August 13th and accepted on September 1st. The editor had changed title to Extra-Terrestrial Relays and published it in the 1945 October issue of Wireless World (pages 305-308). The 150 dpi scanned images of pages 305-308 of an original 1945 Wireless World magazine is linked below. Note that the last two pages reprinted in Ascent to Orbit have been reformatted omiting an illustration on page 307 which had no Figure number. See also the copy edited OCR text in HTML.
  • Navigation: Make this their agenda – get their buy in Confirm time make it look like you are rushed by them and use it as an excuse to ask the tough questions
  • Customization of off-the-shelf software is the weakest link in application security. This is particularly true for widely used enterprise products such as SAP AG and Oracle Corp” Gartner, 09/2005
  • Main point of the slide: In addition to securely extending your enterprise, you need to comply with new corporate governance requirements (e.g. internal controls referenced in Sarbanes-Oxley) and government regulations (e.g. data privacy referenced in HIPAA, CA 1386, GLBA, etc.). A new industry framework called Information Security Governance is the means to achieve both objectives. The new reality is that businesses are in a constant balancing act, trying to meet the demands of stakeholders by extending them deeper access to information assets while also protecting that information from attack/theft AND complying with multiple government regulations around information privacy and corporate governance. , established in December 2003, has been challenged to create a new framework called Information Security Governance (ISG). The ISG framework will help enterprises assess and remediate information security issues, comply with various privacy regulations, and ultimately result in improved national cybersecurity.
  • Ask about patch management How do you deal with it Who do you use Ask questions without making it a survey See if they are a security pragmatist / prudent Ask about partner requirements Shield without patch – find out about how many applications and legacy systems
  • Sample Script: Unlike Application Proxy or System Execution Control approaches that mitigate once the attack has penetrated into user-mode or in the case of System Execution Control when the application is attempting to execute the malicious attack - A Deep HIP approach blocks at the network layer, before it has had a chance to penetrate the system. Additionally, by being implemented in kernel mode as a driver, our agent is more secure and less prone to attacks itself.
  • Sample Script: Accuracy is important consideration of any security control and usually measured based on ability to prevent false negatives and false positives. False negatives are instances where malicious system execution or data is not prevented by the control and are allowed to occur. False positives on the other hand, are instances where the control prevents appropriate system execution or data traffic. The two curves are related by sensitivity, as security sensitivity is increased to lower false negatives, the incidence of false positives increases and vice versa when sensitivity is relaxed to reduce false positives. By providing a layered model, our approach allows organizations to tune the system for optimum accuracy and lowest false negatives. Our data correction capabilities allow a reduction in both false negatives and false positives by neutralizing suspect traffic without dropping the transaction – additionally, smart filters reduces dependency on signature based approaches which are prone to false positives.

Lessons from Star Trek: Towards Self Defending Hosts Lessons from Star Trek: Towards Self Defending Hosts Presentation Transcript

  • SELF-DEFENDING HOSTS: LESSONS FROM STAR TREK Brian O’Higgins CTO, Third Brigade
  •  
  •  
  • Reasoning with Computers
  •  
  • Science Fiction
    • “Any sufficiently advanced
    • technology is indistinguishable
    • from magic”.
      • Arthur C. Clarke
      • "Profiles of The Future”, 1961
      • (Clarke's third law)
  • October, 1945
  •  
  • Planning for the Future
    • “ Prediction is very difficult,
    • especially about the future”
      • Neils Bohr
  • Planning for the Unknown
    • “… because as we know , there are known knowns ; there are things we know we know . We also know there are known unknowns ; that is to say we know there are some things we do not know . But there are also unknown unknowns -- the ones we don't know we don't know .”
      • Donald Rumsfeld (a man “in the know”)
  • Self Healing Hosts
    • Introduction
    • Trends
    • Risk
    • Conclusions and research challenge
  • Trends Section 2 of 4
  • Recent changes in IT- big influence for security
    • Mobility
    • Mass collaboration
    • Cybercrime
    • Virtualization
    • Datacenter consolidation
    • SaaS
    • Today’s toys become tomorrow’s tools
    • Microsoft’s push into security
  • It’s quiet out there, too quiet….
  • Malware “Firsts” ‘ Big’ attacks were common a few years ago Malware is becoming more stealthy now Elk Cloner Apple II 1981 1980 1990 2000 2007 Len Eidelman Coins ‘virus’ 1983 1 st PC boot Sector virus ‘ Brain’ 1986 1 st worm Morris Worm 1988 1 st poly-morphic virus 1990 1 st mass-hysteria Michangelo 1992 1 st macro virus ‘ concept’ 1995 CIH virus first version appears 1998 Melissa, Targets word and outlook 1999 ‘ I love you” Virus. Most costly. 2001 Code Red, Nimda 2001 SQL Slammer, Blaster 2003 Witty, Sasser 2003 Santy, 1 st web worm 2004 1 st MySpace worm 2006 WMF 1 st zero day 2005
  • Evolution of the Attacks
    • Investment in network controls stops simple mass attacks
    • Attacks now ‘move up the stack’, attack applications and users
    • Targeted attacks work, and are often unreported. Growing faster than mass attacks. Economic damage increases. (TJX)
    • Gartner says the cost of a sensitive data breach will increase 20%/yr through 2009.
    ?
  •  
  • Security Market Hamster Wheel Exploits occur Temporary Balance Bad guys innovate Consolidation Point Solutions
  • Vulnerability Cycle Discovery Crude Tools Users exploit Crude tools Automated scanning tools Widespread use Time Intruders move to New exploits www.cert.org 2005: average 6 days from discovery to exploit, average 54 days for a patch ( Symantec Internet Security Threat Report, 2005 ) Security holes don’t die, the half-life is 19 days after a patch is issued for critical vulnerabilities (48 days for internal systems) * Qualys Jan 2006 Hacking festival kicks off
  • Application Software = Achilles Heel
    • “ 75% of attacks now take place at the
    • application layer” Gartner, 2006
    “ 4,375 vulnerabilities in the first 9 months of 2006. Web flaws are the 3 most common.” Mitre Corp, 09/2006
      • “ Customization of off-the-shelf software is
      • the weakest link in application security”.
      • Gartner, 09/2005
      • “ By 2009, 80% of enterprises will fall victim to an application attack”.
      • Gartner, 2007
  • Vulnerabilities Many ways to exploit a vulnerability with targeted attacks Web Server Microsoft, Apache, Netscape… Database Oracle, Microsoft, Sybase, IBM… Firewall Firewall Firewall App Server BEA, IBM, Oracle, Sun… Insider Authenticated Pre-authenticated OS Windows, Linux, Solaris OS OS
  • Cross Site Scripting (cross site request forgeries), bypass network defenses “Sleeping Giant” vulnerability Web Server Corporate Network Boundary Firewall + Network Intrusion Prevention
    • User browses (rules allow this)
    4. Attack succeeds because internal servers not fully patched. 2. Javascript or other malware downloads 3. Malware probes internal servers DMZ
  • Getting Harder to Defend
    • Skills gap – attackers vs. internal
    • Web 2.0 and futures
      • Non-programmers programming in scripting languages
      • Applications now cross firewall boundaries
    The Good News: You don’t have to be perfect to be secure… just stay ahead of the crowd Choose 2: Qual Function Sched
  • Software Security
    • Write better software
      • “ The reason people keep breaking into your computer is because software sucks”, - Richard Clarke
      • Secure development lifecycle and tools
      • Only for new code
    • Vulnerability scanning
      • Patch or re-write to repair defect
      • Deploy application with compensating controls
    Always an acceptable choice, vs. patching which could be difficult or impossible. Host-based IPS plays a very important role.
  • Defining HIPS/HIDS: Intrusion Defense? HIPS A broad combination of techniques to detect and block attacks from exploiting the host Analysts IPS vendors Firewall vendors IDS vendors Anti-virus vendors NAC vendors
  • IPS Easier at the Host
    • Modern host-based IPS is a different story
    • Consider trying to spot the bad guy
      • In a crowded football stadium ?
      • On the street in front of your house ?
      • Trying to get into a door or window of your house?
    • Finer-grained filtering works.
      • It is much easier to spot the bad stuff trying to enter the host. Knowing the application context helps a lot!
  • De-perimeterization
    • Jericho Forum
    • An attack is an attack, internal or external
    • Protect IT assets from every threat, identified or potential
      • “it only takes one”: A single infected PC can take down an entire network
    • Start thinking about the applications, and work outwards. Not from the outside in.
  • Risk Section 3 of 4
  • Defining Risk
    • Risk = more things can happen than will happen
    • Risk = probability of occurrence X consequence
  • Minimizing Risk Threat * Vulnerability Countermeasures Risk = * Value Don’t look at threat vs countermeasures. Consider vulnerability vs countermeasures. Maximize this Minimize this People or thing
  • Security in Balance Security $ low high high Cost of breaches Cost of security Total Cost Optimal Expenditure
  • New threats increase risk source: Bob Blakely, Burton Group  (Re)Normalized Residual Risk 1 0 (Threat, Vulnerability) Product 1 Product 1 Risk Tax before new threat Product 1 Risk Tax after new threat
  • Compliance Balancing Act is Hard Suppliers Employees, Branch Offices Customers Streamlined Business Processes Access to Services & Information Extended Enterprise Information Security Governance Governance & Regulation HIPAA GLBA PCI Sarbanes-Oxley EU Data Protection Act FISMA Policies, Procedures, Operations MITS CA SB1386 PIPEDA SEC Regs NERC Others… Web
  • Compliance
    • Compliant ≠ secure
    • Being secure sure helps compliance
    • SOX expenditures on IT deficiencies are less than 5% of compliance spend
      • (accounting policies, financial processes are the big items)
  • Requirement for web application protection
    • Requirement 6.6:
    • “ Ensure that all web-facing applications are protected against known attacks by…installing an application layer firewall in front of web-facing applications .”
    • Must have by July, 2008
  • Source: Burton Group OWASP Top 10 PCI 6.5 Sub-requirements VISA PABP A1 Unvalidated Input 6.5.1 Unvalidated input 5.5.1 Unvalidated input A2 Broken Access Control 6.5.2 Broken access control 5.5.2 Broken access control A3 Broken Authentication and Session Management 6.5.3 Broken authentication and session management 5.5.3 Broken authentication and session management A4 Cross Site Scripting 6.5.4 Cross-site scripting (XSS) 5.5.4 Cross-site scripting (XSS) A5 Buffer Overflow 6.5.5 Buffer overflows 5.5.5 Buffer overflows A6 Injection Flaws 6.5.6 Injection flaws 5.5.6 Injection flaws A7 Improper Error Handling 6.5.7 Improper error handling 5.5.7 Improper error handling A8 Insecure Storage 6.5.8 Insecure storage 5.5.8 Insecure storage A9 Application Denial of Service 6.5.9 Denial of service 5.5.9 Denial of service A10 Insecure Configuration Management 6.5.10 Insecure configuration management 5.5.10 Insecure configuration management
  • Business Drivers for Host Security
    •  Shield until patching
    •  Shield from targeted attacks
    •  Shield without patching
    PCI DSS SOX GLBA HIPAA COBIT MITS
  • HIPS: Network-based vs. Behavior-based Approach Applications & Services TCP/IP Network Approach Kernel-mode User-mode System Execution Control Hardware 2 1 Host Computer Behavior-based: System Execution Control blocks attacks at application calls to the OS 2 Network Approach: Deep Packet Inspection blocks attacks at the network layer 1 Management Overhead
  • Tuning Sensitivity Probability of error False Positives (FP): Appropriate system execution is halted or data traffic is dropped False Negatives (FN): Malicious system execution is allowed or data traffic accepted 0 1
    • Close to the host is the best location for tuning accuracy
    • Drive the curves down for a broader acceptable operating range
  • Blended filtering approach Filtered Traffic Raw Traffic Stateful Firewall Exploit Filters Vulnerability Filters Smart Filters Custom Filters 1 2 3 4 5 Deep packet inspection Greater chance of false negatives Greater chance of false positives
  • blended approach Filtered Traffic Allow known good Raw Traffic Stop known bad Shield known vulnerabilities Shield unknown vulnerabilities (Zero-day) Stateful Firewall Exploit Filters Vulnerability Filters Smart Filters Custom Filters 1 2 3 4 5 Protect specific applications Deep packet inspection
  • Protection for custom web applications Unprotected Protected Tested with industry-leading web application scanner, against 1000’s of attacks 17 10. Insecure configuration management 2 9. Denial of service 0 8. Insecure storage 23 7. Improper error handling 13 6. Injection flaws 3 5. Buffer overflows 8 4. Cross site scripting (XSS) flaws 10 3. Broken authentication and session mgt. 0 2. Broken access control 25 # Vuln’s 1. Unvalidated input OWASP Top 10 Vulnerabilities 2 0 0 0 0 0 0 0 0 0 # Vuln’s
  • Gartner Predicts...
    • By 2010, only one new security threat out of 10 will require the deployment of a tactical point solution , compared with eight out of 10 in 2005.
    • By 2011, 20% of desktops in large enterprises, and 70% of servers, will be equipped with virtual security partitions (VSPs) , up from less than 1% in 2006.
    Source, Gartner, Publication Date: 30 November 2006/ID Number: G00144411
  • VM Environments
    • Where does the host agent live?
    Host security Agent options Hardware VM Layer Guest OS Guest OS Guest OS Server Guest network shim Future of Network security Best app protection Most efficient
  • Research Challenge Section 4 of 4
  • Summary
    • Disconnect growing between danger levels and management estimations
    • Threats continue to evolve, need new controls
    • Application attacks recognized as a priority
    • Risk-based compliance arriving
    • HIPS is becoming recognized (now and future)
      • as a key approach to move from reactive to proactive
      • an important control for software assurance
      • as a foundation for self-defending host vision
      • no silver bullet, will always need new stuff
      • will continue to improve with better tuning…
  • DIR-604
  • Towards self-defending hosts in a dynamic threat environment Extended Enterprise Host security (IDS/IPS) everywhere there is IP Porous perimeter Recommendation Engine In-the-cloud collaboration Sensor Networks Vulnerability info Security Manager Research challenge: sense, and tune appropriately
  • THANK YOU www.thirdbrigade.com