Your SlideShare is downloading. ×
  • Like
  • Save
Anton Chuvakin on What is NOT Working in Security 2004
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Anton Chuvakin on What is NOT Working in Security 2004

  • 1,414 views
Published

Anton Chuvakin on What is NOT Working in Security 2004: Focus on ‘what works’ is good, but sometimes negative motivation works as well! Let’s take a (fairly subjective) look at what doesn’t work for a …

Anton Chuvakin on What is NOT Working in Security 2004: Focus on ‘what works’ is good, but sometimes negative motivation works as well! Let’s take a (fairly subjective) look at what doesn’t work for a change. Things change, technologies (and even processes) improve, that is why the title has a date. Also, please take into account that the information provided is subjective by nature and represents my outlook on things, mostly collected from working in (and watching!) the security industry.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,414
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Focus on ‘what works’ is good, but sometimes negative motivation works as well! Let’s take a (fairly subjective) look at what doesn’t work for a change. Things change, technologies (and even processes) improve, that is why the title has a date. Also, please take into account that the information provided is subjective by nature and represents my outlook on things, mostly collected from working in (and watching!) the security industry.

Transcript

  • 1. What is NOT Working in Security 2004 Anton Chuvakin, Ph.D., GCIA, GCIH Security Strategist October 6, 2004
  • 2. Outline
    • Threat Landscape Overview
      • Current
      • Emerging
      • Underappreciated
      • Non-threats
    • Current countermeasures
      • Working
      • NOT working
      • Underappreciated
    • Emerging countermeasures
      • Promising
      • Questionable
  • 3. Current Threats
    • What is still out there ? Old classics 
    • Malware
      • Worms
      • Viruses
      • Trojans
      • Backdoors
      • Rootkits
      • Hybrid/Blended malware
    • Spam
    • Malicious humans 
      • Script kiddies
      • Blackhats
  • 4. Emerging Threats
    • Coming strong 
    • More malware
      • Spyware (all kinds )
    • Phishing
      • A wave of it!
    • Network client attacks
      • Web browsers and others
    • Mobile (cell, PDA) attacks
      • Just wait a bit more
    • Wireless attacks
    • IM attacks
    • Source code attacks
  • 5. Less hyped threats
    • Its there, but few care 
    • Internal attacks and IP theft
    • Web application security
    • SCADA security
    • Content/lexical attacks
    • Zero day and custom attacks
  • 6. Non-threats
    • Some think they are, but they aren’t
    • Linux viruses
      • Not going to happen (*). Period.
    • Crypto attacks
      • Crypto is never the weakest link
    • (*) except in the lab or (in rare cases) custom written
  • 7. Remote Future Threats
    • I am most certainly wrong here…but let’s use the “Feynman method” – whatever goes now will continue
    • So, let's gaze into our extra-murky crystal ball
      • User-driven malware will continue – users will not improve
      • Script kiddies and blackhats will not vanish
      • Hacking for money will increase – why do it for free
      • Classic automated worms will decline (did I really say that?  )
      • Client attacks will increase as vendors harden servers
      • Wireless attacks will become more frequent and impactful
  • 8. Countermeasures
    • Working mean…
      • Solve the problem AND
      • Widespread AND
      • Value for the money
    • Not working is…
      • Not solve the problem OR
      • Niche OR
      • Not get than you paid for
    • Not appreciated:
      • Can work if people use them more
      • Fit the two of the above, but not widespread
  • 9. Gartner Take on It!
    • OMG, did I just utter the “G word”? 
    • What you definitely need:
      • HIPS, quarantine, vulnerability management, IdM, audit logs, AES, SSL, anti-spam/AV, BCP
    • What you probably don’t need:
      • Quantum encryption, NIDS, biometrics, DRM, security awareness posters, 500 page policies, TEMPEST shielding, personal digital signatures, default passwords
    • Source: Gartner, “Management Update: The Future of Enterprise Security”, Sep 15, 2004
  • 10. What works!
    • Soft:
    • End-to-end security process and defense in-depth
    • Incident response process
    • Hard:
    • Firewalls
    • VPN
    • Vulnerability scanning
    • NIDS - with correlation and context data
    • NIPS - for a narrow range of known attacks
  • 11. As we prepare…
    • What does the typical company deploy today ?
      • Anti-virus
      • Firewall
      • Router ACLs
      • Password management
      • NIDS
      • Anti-spam
    • Are they happy with it?
    • What else do they need?
  • 12. What is NOT working?
    • Anti-virus
      • “ What  ? It’s the best we have” Well, not good enough.
    • Patching
      • People just don’t do it (tools work, processes don’t)
    • NIDS – yes, it is in both categories!
      • With no correlation and context data – it fails
    • Anti-spam
      • Well, it kills 99% of it and the remaining 1% kills you 
    • Code reviews
      • Application security is not getting better
    • Security awareness
      • Users are hopelessly broken…and will remain so
  • 13. Not appreciated
    • Log analysis and log management
      • Effective, but needs to be used more
    • Hardening
      • Even less popular than patching, works.
    • HIPS
      • It works. Do YOU run it? Probably not.
    • Honeypots
      • Honeyfarm or “honeytokens” deployment
    • Security standards
      • Standard is simple! Simple is secure!
  • 14. Future Countermeasures
    • Promising
      • Better firewalls
      • Better correlation for IDS and logs
      • Better client security
      • NAC/NAP quarantine
      • Worm defenses
    • Questionable
      • Pureplay anomaly detection
  • 15. Conclusion
    • Security will remain fun!  It will be funded too as threats will persist
    • Prevention will never supplant detection , detection will never supplant response – thus all technologies will remain
    • Underappreciated today will move into mainstream tomorrow!
  • 16. Thanks for Viewing the Presentation
    • Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
    • http://www.chuvakin.org
    • Author of “Security Warrior” (O’Reilly) – http://www.securitywarrior.org
    • Book on logs is coming soon!
    • See http://www.info-secure.org for my papers, books, reviews and other security resources related to logs