Network Threats


Published on

Most users do not see front-line activity and 'normal business usage' to be a contributing factor to network security; but it's not all about the back-end. Business behavior is a direct impact to business information system risks.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Network Threats

  1. 1. Network Threats A brief discussion of how security issues of concern at the corporate level are sneaking in on the backs of individual users ©2004 Dan Oblak -
  2. 2. First they have to find you? <ul><li>FORMER TRUTHS: </li></ul><ul><li>An attack can’t get to your PC if it doesn’t know where/who you are. </li></ul><ul><li>A user has to take some action to allow an attack to proceed. </li></ul><ul><li>A Windows PC will ask permission before allowing the addition of software. </li></ul>
  3. 3. First they have to find you? <ul><li>NEW THREAT LEVEL: </li></ul><ul><li>An attack can find it’s way to your PC by meandering through several networks until it has ‘touched’ every available PC. </li></ul><ul><li>A PC can be infected, affected, or controlled without having been compromised by a user’s action (or inaction). </li></ul><ul><li>Windows PCs can be controlled, damaged, monitored, weakened or abused without a user’s knowledge. </li></ul>
  4. 4. Like termites, they sneak… <ul><li>Email is still a favorite inward route </li></ul><ul><ul><li>Users should watch for unexpected attachments. </li></ul></ul><ul><ul><li>A ‘healthy paranoia’ is prudent when reviewing incoming email that is not part of an ongoing (existing) message thread. </li></ul></ul><ul><ul><li>Since the ‘from’ address field is often compromised, it is no longer enough to simply avoid email from unknown senders. </li></ul></ul><ul><ul><li>Antivirus software should be scanning at both the client and server levels. </li></ul></ul>
  5. 5. Like termites, they sneak… <ul><li>Email is still a favorite inward route (cont’d) </li></ul><ul><ul><li>Disabling HTML rendering (not even possible in some email clients) is the only way to stay safe from many types of attacks. </li></ul></ul><ul><ul><li>Many ‘social engineering’ ploys try to get a user to follow a hyperlink to an attack waiting outside the network. </li></ul></ul><ul><ul><li>Much ‘SPAM’ (unsolicited commercial advertising by email) is often an attempt at ‘reconnaissance’ to evaluate your PC or network before an attack. </li></ul></ul>
  6. 6. How to Fight Spam Strategically By Gary A. Bolles, CIO Insight December 2, 2003 “ Paul Judge, CTO of antispam vendor CipherTrust Inc., says spam comprises up to 61 percent of all in-bound corporate e-mail. “ Antispam service provider Brightmail Inc. claims that out of the 70 billion messages it processes every month for the 300 million users in its worldwide network, over 50 percent are spam. “ The country's biggest e-mail provider, America Online, claims it stops an average of more than 1.5 billion spam messages a day, spiking at times to more than 2.5 billion. “ Says Michelle Boggess, electronic data security coordinator for Pensacola, Fla.-based Baptist Health Care, a $743 million not-for-profit: ‘Some of our users were getting spammed so heavily that they were spending large amounts of their own time picking through e-mail. The deluge creates a huge drain on worker productivity.’”
  7. 7. <ul><li>Opt-out of SPAM? </li></ul><ul><ul><li>There is no legitimate opt-out registry that all SPAM-generators look at, or are legally bound by. </li></ul></ul><ul><ul><ul><li>The ‘National Antispam’ is a scam! </li></ul></ul></ul><ul><ul><ul><li>If a company is within the United States borders, they can be prosecuted -- so those still sending SPAM are usually ‘unreachable’. </li></ul></ul></ul><ul><ul><ul><li>There is no world-wide organization or governing body that oversees the internet. If the US government can’t shut down a SPAMmer, there is no larger entity to appeal to. </li></ul></ul></ul>What measures can be taken?
  8. 8. What measures can be taken? <ul><li>Block SPAM? </li></ul><ul><ul><li>SPAM-generators regularly change commonly-blocked criteria to slip past slow-to-react human administrators. </li></ul></ul><ul><ul><ul><li>Millions of messages can be sent out from a particular server address (i.e.: ‘’), and just minutes later, another batch can be sent out from the same computer using completely different information (i.e.: ‘’). </li></ul></ul></ul><ul><ul><ul><li>While corporate America scrambles to block an originating address, that one instantly becomes obsolete and the attacks continue. </li></ul></ul></ul>
  9. 9. What measures can be taken? <ul><li>Filter SPAM? </li></ul><ul><ul><li>Certain key phrases can be filtered out at the server level, to cut down on how much illegitimate mail actually gets through to users’ inboxes. </li></ul></ul><ul><ul><ul><li>“ Make money fast!” </li></ul></ul></ul><ul><ul><ul><li>“ Enlarge your … without surgery!” </li></ul></ul></ul><ul><ul><ul><li>“ Hide porn from your boss!” </li></ul></ul></ul><ul><ul><ul><li>“ Bad Credit? No Credit? No Problem!” </li></ul></ul></ul><ul><ul><li>Filtering for complex phrases slows delivery dramatically; filtering single words causes very little impact on email server performance. </li></ul></ul><ul><ul><ul><li>Trapping email by single-word filters (‘rich’, ‘credit’, ‘enlarge’) keeps many legitimate messages from getting through (called ‘false positives’). </li></ul></ul></ul>
  10. 10. Like termites, they sneak… <ul><li>Instant Messaging use is increasing, as is it’s abuse as a transport for attacks </li></ul><ul><ul><li>Unlike with email, most companies aren’t able to filter IM traffic for virus, SPAM, and other malevolent attacks. </li></ul></ul><ul><ul><li>Users who don’t lock down their IM software to accept traffic only from those already in their ‘buddy lists’ can be the targets of social engineering, hostile attachments, or harassment. </li></ul></ul>
  11. 11. IM Spam Expected to Triple March 28, 2004 By Robyn Greenspan “ The annoying unwanted messages that overflow inboxes are now also spreading onto desktops in the form of SPIM — spam over instant messaging (IM). The Radicati Group estimates that SPIM will account for roughly 5 percent of instant messages traversing public networks (consumer and corporate) by the end of 2004, tripling from 400 million messages in 2003 to 1.2 billion .” “ Pornographic messages make up the majority of SPIM at 70 percent, followed by ‘get rich’ schemes at 12 percent, product sales at 9 percent, and loans or finance messages at 5 percent, according to Radicati's research. Nearly all (90 percent) of SPIM messages are short one-line sentences followed by a URL, such as, ‘Hello, check out my Web cam at’ ” “ Increased awareness will help to alleviate the problem and Radicati recommends that users not click on unknown links that appear during an instant messaging session, and that businesses should refrain from publishing IM names in corporate directories.”
  12. 12. Like termites, they sneak… <ul><li>Recent worms (self-propagating hostile applications) need only to be connected to a network with other unprotected PCs to spread. </li></ul><ul><ul><li>Most networks are designed only to keep data protected from those not authorized to access it. This foundational short-sightedness doesn’t protect PCs; just information. </li></ul></ul><ul><ul><li>As more people add broadband internet connections in their homes, and public WiFi (wireless internet access) becomes more common, the reach of available highways for worms grows . </li></ul></ul>
  13. 13. Anatomy of a Worm <ul><li>Once a single PC on your network has been infected, any other PCs on the same segment of that network (that have the same vulnerability) are ‘found’ and infected as well. No user interaction is necessary. </li></ul>INFECTED OK OK OK OK OK OK OK OK OK
  14. 14. Like termites, they sneak… <ul><li>Compromised PCs are a threat to all </li></ul><ul><ul><li>DOS (Denial of Service) attacks are often waged on larger targets by hijacking thousands of desktop PCs which are then directed to aim a crippling barrage of requests at a server when triggered remotely by a command or when a predetermined time is reached. </li></ul></ul><ul><ul><li>Many recent viruses are engineered to include their own SMTP server, so the desktop does not require access to an email server to propogate to all email addresses collected from text files on that same PC. </li></ul></ul>
  15. 15. Like termites, they sneak… <ul><li>Social engineering relies on the fact the majority of users don’t have the time or patience to learn all that would be necessary to see through many attacks. </li></ul><ul><ul><li>This fact will never change -- because few people spend most of their day staying current on security issues (unless they happen to be an IT professional). </li></ul></ul><ul><ul><li>Training users to be all-knowing & sufficiently paranoid has failed . </li></ul></ul><ul><ul><li>It’s time for a new plan. </li></ul></ul>
  16. 16. Complexity = Compromise <ul><li>Software vendors have competed largely on the number of features they can cram into each new release and upgrade. </li></ul><ul><ul><li>Users have come to expect a high level of complexity in software applications; they feel that it is the price necessary for the availability of large feature-sets. </li></ul></ul><ul><ul><li>It has become impossibly difficult to keep systems compatible, stable, or even running at all due to the incredible number of relationships and dependencies that are built into software systems. </li></ul></ul><ul><ul><li>Bug fixes and security patches are so common and so complex themselves that administrators have difficulty keeping track of which ones should be installed in their respective environments. </li></ul></ul>
  17. 17. Simplicity = Stability <ul><li>Software vendors will continue to add to feature-bloat until customers vote with their dollars. </li></ul><ul><ul><li>Most corporate users don’t use more than 20% of what’s available in Microsoft Word. Consider choosing a simpler word processor, and you’ll save money while decreasing your risk of infection by macro viruses. </li></ul></ul><ul><ul><li>Install only the software you know will be used. Follow the 70/30 rule: applications that are used 70% of the time may have an impact on how the system is configured; less-used applications are considered expendable unless they don’t impact other software in any way. </li></ul></ul><ul><ul><li>Apply all bug fixes and security updates within several days of their release. If this is unrealistic in your environment, switch operating systems or management tools so you can. </li></ul></ul>
  18. 18. Apps = Ability? <ul><li>Document Standards </li></ul><ul><ul><li>RTF, PDF, TXT are the only universally-acceptable formats. Don’t let applications run your business. </li></ul></ul><ul><ul><ul><li>Most companies choose the Microsoft Office suite only because of it’s ‘critical mass’ in the business application market. Otherwise, it’s overkill for most users. </li></ul></ul></ul><ul><ul><ul><li>Even Microsoft’s ‘enhanced’ version of RTF brings with it the same insecurities and privacy concerns of Microsoft Word. A macro-infested Word document can be disguised as an RTF file and Word will still execute the code on any Windows PC. </li></ul></ul></ul><ul><ul><ul><li>HTML-formatted documents can contain threats and dirty code that can dissolve a document’s usefulness after several generations. </li></ul></ul></ul>
  19. 19. Take Control of Your Apps <ul><li>Document Standards (cont’d) </li></ul><ul><ul><li>Find out what document formats your industry can use (read, print, copy, insert…). </li></ul></ul><ul><ul><li>Remove applications that cause your business contacts to strain harder at security, user training, and cost just for the sake of being compatible with your documentation. </li></ul></ul><ul><ul><li>Provide users with adequate training so that they can get 100% usefulness out of ‘lite’ apps, vs. the 20% they might experience with industrial-strength counterparts. </li></ul></ul>
  20. 20. Email is Not a Transport <ul><li>Most corporate users are tied at the wrist to email as a transport mechanism. </li></ul><ul><ul><li>File size can clog email servers and user accounts </li></ul></ul><ul><ul><li>File types can cause problems for recipients with differing software installations </li></ul></ul><ul><ul><li>Attachments can carry viruses and other threats </li></ul></ul><ul><ul><li>Users trust a document because it arrived by email; though the integrity or actual source of the file is not guaranteed. </li></ul></ul><ul><ul><li>File attachments are chosen for the ability to ‘dress up’ the presentation of a thought. </li></ul></ul>
  21. 21. Email is a Channel <ul><li>Companies should be able to rely on email as the first and best method for communicating thoughts, ideas, and opportunities. </li></ul><ul><ul><li>Plain text email is small, light, and fast. </li></ul></ul><ul><ul><li>All mail readers (including PDA, pagers, and mobile phones) can read text messages. </li></ul></ul><ul><ul><li>Virus threats can’t travel unseen over text alone. </li></ul></ul><ul><ul><li>Plain-text URLs to the location of external files are visible, and more secure than grey-origin files. </li></ul></ul><ul><ul><li>External files can complement a communication; but shouldn’t be necessary for the message. </li></ul></ul>