Security Trends: 2007 and Beyond Dr Anton Chuvakin, GCIA, GCIH, GCFA Chief Logging Evangelist Interop Moscow, May 2007

Who is Anton? Chief Logging Evangelist @ LogLogic (San Jose, CA) Book author: “Security Warrior”, “Hacker’s Challenge 3”, “PCI”, “Know Your Enemy 2”, etc Presentations: SANS, CSI, FBI, USMA, others Involved with security standards: CEE, CVSS Security blogger – www.securitywarrior.org

Chief Logging Evangelist @ LogLogic (San Jose, CA)

Book author: “Security Warrior”, “Hacker’s Challenge 3”, “PCI”, “Know Your Enemy 2”, etc

Presentations: SANS, CSI, FBI, USMA, others

Involved with security standards: CEE, CVSS

Security blogger – www.securitywarrior.org

Today’s Outline The World of Security Now 1990s Security vs Early 2000s vs Late 2000s Attacks, Vulnerabilities, Defenses, Laws: Now and in the Future What Works and What Doesn’t?

The World of Security Now

1990s Security vs Early 2000s vs Late 2000s

Attacks, Vulnerabilities, Defenses, Laws: Now and in the Future

What Works and What Doesn’t?

Question: What is Security Today? Fighting hackers? Protecting networks? Fixing vulnerabilities? Selling “boxes”?  Managing risk? Hardening systems? ?

Fighting hackers?

Protecting networks?

Fixing vulnerabilities?

Selling “boxes”? 

Managing risk?

Hardening systems?

Answer: What is Security Today and Tomorrow? Protecting Information!

Protecting Information!

Q: Why Start Security From 1990s? A: Before 90s, There Was Security (Of Course!), But No Security Industry !

Q: Why Start Security From 1990s?

A: Before 90s, There Was Security (Of Course!), But No Security Industry !

Trends: 1990s Explosive global malware : Blaster, Slammer, ILoveYou Server exploits : IIS is a kind of Swiss cheese Hacking for fun and fame…mostly : system penetrations, DDoS “for fun” Buffer overflows everywhere Purchasing : Incident-driven (or F.U.D.-based) Think about it! - we call this “ good old days !” 

Explosive global malware : Blaster, Slammer, ILoveYou

Server exploits : IIS is a kind of Swiss cheese

Hacking for fun and fame…mostly : system penetrations, DDoS “for fun”

Buffer overflows everywhere

Purchasing : Incident-driven (or F.U.D.-based)

Think about it! - we call this “ good old days !” 

Trends: Early 2000s Small circulation commercial malware , spyware (but lots of it!) Bots : “ industrial revolution ” in hacking Web and “Web 2.0” attacks Rapid rise of client-side attacks Hacking for money : Phishing, Spam, DDoS for ransom, etc Purchasing : Incident-driven + regulatory purchasing + some “best practices”

Small circulation commercial malware , spyware (but lots of it!)

Bots : “ industrial revolution ” in hacking

Web and “Web 2.0” attacks

Rapid rise of client-side attacks

Hacking for money : Phishing, Spam, DDoS for ransom, etc

Purchasing : Incident-driven + regulatory purchasing + some “best practices”

Trends: Late 2000s – Near Future Mobile malware? Cell/mobile phones, PDAs, other connected devices New Technologies : VOIP, “Web 2.0”, etc More application and web application hacking: more stuff moves to the web Attackers focus more on data , less on infrastructure Purchasing: Mostly regulatory + “best practices” + some incident-driven

Mobile malware? Cell/mobile phones, PDAs, other connected devices

New Technologies : VOIP, “Web 2.0”, etc

More application and web application hacking: more stuff moves to the web

Attackers focus more on data , less on infrastructure

Purchasing: Mostly regulatory + “best practices” + some incident-driven

Final Thoughts Security is here not because of “TCP/IP” or Mr Bill G. It is here because of humans  New technologies -> new attacks -> new defenses: endless cycle Following “ checkbox security ” of the near future -> protected as much as the next guy -> get 0wned as much as him  Now go review your incident response plans!

Security is here not because of “TCP/IP” or Mr Bill G. It is here because of humans 

New technologies -> new attacks -> new defenses: endless cycle

Following “ checkbox security ” of the near future -> protected as much as the next guy -> get 0wned as much as him 

Now go review your incident response plans!

Thank You For Attending!!! Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org Chief Logging Evangelist LogLogic, Inc Author of “Security Warrior” book (O’Reilly 2004) – www.securitywarrior.org See www.info-secure.org for my papers, books, reviews and other security resources related to security and logs

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA

http://www.chuvakin.org

Chief Logging Evangelist

LogLogic, Inc

Author of “Security Warrior” book (O’Reilly 2004) – www.securitywarrior.org

See www.info-secure.org for my papers, books, reviews and other security resources related to security and logs