When most people read about Internet hacking incidents, they get the impression that these are highly complex, technical attacks that takes a genius to create. Reality is that the really smart people first come up with these highly complex, technical attacks, but they share the information and the tools required to pull off the attack on the Internet. The “open sharing” of hacking information and tools allows individuals with minimal technical knowledge to duplicate the attack. Often, it is as easy as downloading the attack tool from the Internet and launching it against targets. You don’t need to know anything other than how to run the attack tool. The bottom line is that it doesn’t take a genius to successfully attack systems and networks, it just takes someone downloading attack tools.
The cost of not securing the network - The “Forensic Challenge” allowed incident handlers around the world to examine an image of a compromised Red Hat Linux server – and identify both how it had been attacked and how to repair it ( www. projecthoneynet .org ). The Challenge found it took 34 hours to clean up and deal with the damage which an intruder had caused in half an hour. Based on an annual salary of $70,000, that represented a cleanup cost of over US$2000 for a single incident. If this was a real world server, it could be one of dozens, if not hundreds, of intrusions. - A survey by the FBI and Computer Security Institute (www.gocsi.com) found that in 2001 the financial loss due to security breaches among 186 surveyed companies was nearly $378 million, compared to $266 million reported by 249 respondents in 2000. The average security breach cost was, therefore, approximately $2.0m in 2001, up from $1.0m in 2000. But this is only a fraction of the true cost…. - Imagine a healthcare provider whose network has been penetrated, and patient information stolen. Or a financial institution that is breached with the loss of client account data. Both organizations would face litigation, and a huge loss of customer credibility and trust. This type of collateral damage can far outweigh any immediate financial loss caused by an attack. Deployment cost Against these potentially huge sums, the cost of deploying robust security is modest. Consider first the hardware component of a security solution: - Protecting a branch office could be achieved for $10,000 - A teleworkers home office could be secured for $500 - An e-commerce web site could be protected for $25,000 These figures represent the typical hardware cost in deploying key security technologies - including firewalling, intrusion protection, virtual private networking, identity and management systems. Security hardware typically represents 10-20 % of the total security solution cost of ownership, with the balance represented by licensing, support and staffing costs. Even with this multiplier factored in, there is a rapid ROI benefit. One serious or publicized security breach can exceed the cost of proactive defense. Type of crime 1998 2000 Theft of proprietary information $ 33.6 $ 66.7 (20%) Financial fraud $ 11.2 $ 56.0 (11%) Virus $ 7.9 $ 29.2 (85%) Insider Net Abuse $ 3.7 $ 28.0 (79%) Sabotage $ 2.1 $ 27.1 (17%) Unauthorized access by insiders $ 50.6 $ 22.6 (71%) Laptop theft $ 5.3 $ 10.4 (60%) Denial of service $ 2.8 $ 8.2 (27%) System penetration by outsiders $ 1.6 $ 7.1 (25%) TOTAL $ 118.9M $ 256M
Relying on signatures for anything forces you to start at GAME OVER. Quite frankly, you CAN'T keep up with signatures, which is why the market is beginning to focus on non-signature security technologies. While there is a great deal of discussion over using signature names for forensic (post attack) analysis, the exponential increase in reported vulnerabilities suggests that there likely will NOT be a signature for a given attack. Even products that rely on signatures (e.g. Entercept) admit this, with technologies like &quot;Classes of Attacks&quot;. But from a forensics point of view, all you're likely to see in the &quot;Attack Class&quot; alert is &quot;Unknown buffer overflow attack&quot;.
So, Cisco is the leader in the firewall and VPN markets , and we think we’re also in a leadership position with regard to a few trends on the horizon . I thought it might be useful to let you know where we see the market headed in the next few years. Total solution providers will win: Security is going mainstream/ fundamental requirement of e-business/no longer an afterthought. More and more e-Businesses are requiring vendors to help them figure out how to integrate security services into the e-Business infrastructure. As I’ve shown you, there are many more access points to the network than ever before. Taking a point product approach, where your security solution can only protect a network from a single point on its perimeter, just isn’t adequate. As a result, there is a school of thought now that security must be comprehensive, yet simple, and as transparent as possible. We think businesses are starting to move away from point product vendors – those who only supply one or two pieces of the puzzle -- and they’re starting to favor security companies providing complete solutions. Winning security vendors will address each of the five key requirements for securing networks: secure connectivity, perimeter security, security monitoring, identity and management. Industry consolidation/partnering: As I’ve shown you, Cisco addresses the 5 key elements of security, and we’re well positioned to expand our market leadership. While several of our competitors have trumpeted the value of providing point products, we think they’re actually starting to recognize that the trend is toward total solutions. Check Point has started talking about “comprehensive security solutions,” as part of its Next-Generation marketing campaign. Although they’d done a very good job of adding functionality through partnerships, we’d argue that they are still miles away from putting any real meat on the marketing stick. In IDS, Internet Security Systems (ISS) recently acquired Network Ice, which makes Black Ice personal firewall software. It was a very logical move for them and shows that ISS is trying to follow Cisco’s lead in providing customers with complete solutions. Conclusion: So, going forward, I think you’re going to see a number of companies trying to offer the complete package by either acquiring technology or securing it through partnership. Some will succeed. Others won’t. And you are going to see many smaller security vendors either not getting it, or not knowing how to contend with it, and they will disappear altogether. More regulation: There is a lot of government interest in security issues, particularly as they relate to privacy. This is spreading to many areas of the Internet and networked organizations, and that’s only going to increase as hackers continue to compromise sensitive information. In addition to healthcare, government and banking, we expect to see the SEC taking interest in on-line and wireless trading Legislation will extend to protecting student privacy as well (already several bills in varying stages of review in Congress).
In addition to introducing the Cisco SAFE framework, Cisco is also announcing several new products and security ecosystem enhancements.
ABC corporation was able to use the existing routers to connect to the Internet [build] taking advantage of Cisco IOS Firewall that runs on the routers and decided to put a dedicated appliance firewall to protect the Main Office Network. [build] The PIX Firewall stateful failover system was implemented.
Napoleon once said, “planning is everything, the plan is nothing” It’s the process of planning and the execution that results from it that are important. In security, it’s not so much the development of the policy or plan – but the wheel of activities that follow. The key is to operationalize the process of continual implementation, monitoring, and reacting
Cisco is the right choice to provide your security and management tools. Not only are the products world class, but compatibility, single vendor savings and one point support benefits make Cisco the right choice. Security has evolved over the last two years from a niche market to a big company market. Small niche players can no longer devote the resources needed to be successful, and corporations can no longer trust security to a company that may not be in existence a year from now.
Cisco SAFE Networking For Higher Education Network Security Team Cisco Systems, inc
Education Today We are educating our children more than ever before on the value of Technology.
The Challenge: To improve student academic achievement through the use of technology.
The Solution: Teach children how to use the technological tools available to them and integrate that technology into the curriculum to improve student achievement.
HOW TECHNOLOGY CAN WORK WELL IN SCHOOLS
No Child Left Behind focuses on how teachers and students can use technology Previous federal programs focused on increasing access to more technology. In an effort to improve student achievement through the use of technology, U.S. Secretary of Education Rod Paige announced a new Enhancing Education Through Technology (ED Tech) initiative. The goals of Education Technology are to:
Improve student academic achievement through the use of technology in elementary schools and secondary schools.
Assist students to become technologically literate by the time they finish the eighth grade.
Ensure that teachers are able to integrate technology into the curriculum to improve student achievement.
Percentage of students who reported using a computer at school at least once a week, by grade.
The Facts About...21st-Century Technology US Department Of Education No child left behind program
Technologies and Procedures to Prevent Student Access to Inappropriate Material on the Internet
Among schools using technologies or procedures to prevent student access to inappropriate material on the Internet, 91 percent reported that teachers or other staff members monitored student Internet access .
Eighty-seven percent used blocking or filtering software, 80 percent had a written contract that parents have to sign, 75 percent had a contract that students have to sign, 46 percent used monitoring software, 44 percent had honor codes, and 26 percent used their intranet 12 . As these numbers suggest, most of the schools (96 percent) used more than one procedure or technology as part of their Internet use policy
Since 99 percent of public schools were connected to the Internet in 2001, most schools had the capability to make information available to parents and students directly via e-mail or through a Web site. This section presents key findings on the availability of school-sponsored e-mail addresses and on school Web sites.
National Center for Education Statistics Office of Educational Research & Improvement, U.S. Dept. of Education
Security and the Evolving Enterprise Needs Sophistication of Hacker Tools 1990 1980 Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Hijacking Sessions Sweepers Sniffers Stealth Diagnostics Technical Knowledge Required High Low 2000
What’s the Impact of Not Properly Securing Your Network ?
Cost — directly affects the school’s budget
How do you budget for a system outage?
Credibility — end-user perception
Is the children’s information safe?
Productivity — ability to use your system
Downtime is lost time and productivity
Viability — can ultimately affect your network
What are the staffing requirements?
Liability — are you responsible?
If you don’t take actions to stop outbound attacks, are you liable for damages inflicted on others?
* FBI and Computer Security Institute(CSI) ― 2002
Intrusion Prevention: Security Without Signatures Proactive Security for Desktops and Servers
“ Signature-based detection methods, which are already showing signs of extreme strain under current malicious code trends, will not be able to keep up with the new set of malicious-code risks created by the pervasive adoption and use of Web services and active content.” John Pescatore and Arabella Hallawell, Gartner Research Note, 8/31/01
OKENA Aggregates Multiple Endpoint Security Functions OKENA Conventional Distributed Firewall Block Incoming Network Requests Stateful Packet Analysis Detect /Block Port Scans Detect /Prevent Malicious Applications Detect/Prevent Known Buffer Overflows Detect/Prevent Unauthorized File Modification Operating System Lockdown Conventional Host-based IDS Detect/Prevent Unknown Buffer Overflows Block Outgoing Network Requests Detect /Block Network DoS Attacks X X X X X X X X X X X X X X X Desktop/Laptop Protection X X X X X X X
OKENA Complements Traditional Desktop AV OKENA Anti-Virus Malicious Code Protection X Stop Known Virus/Worm Propagation Stop Unknown Virus/Worm Propagation Scan/Detect Infected Files “ Clean” Infected Files Identify Viruses/Worms by Name No Signature Updates Required Distributed Firewall Functionality Operating System Lockdown Correlates Events Across Endpoints X X X X X X X X X
SECURE MONITOR and RESPOND TEST MANAGE and IMPROVE A Continual, Multistage Process Focused on Incremental Improvement Security Philosophy: The Security Wheel
Overview – Intrusion Detection Drivers NAS DMZ Servers Data Center Users Internet Corporate Office Business Partner Intranet/Internal IDS Protects Data Centers and Critical Assets from Internal Threats Internet IDS Complements FW and VPN by Monitoring Traffic for Malicious Activity Extranet IDS Monitors Partner Traffic Where “Trust” is Implied But Not Assured Remote Access IDS Hardens Perimeter Control by Monitoring Remote Users