The Changing Nature of

minorbigarmΑσφάλεια

30 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

62 εμφανίσεις

OSAC/ISMA Conference

The Changing Nature of

Cyber Space

Ryan W. Garvey

OSAC/ISMA Conference

Overview



Smartphone’s



Threats



Protection



Cyber

threats



Emerging



Defense

and

mitigation




Outlook



Social

media/networking



Hacktivism

OSAC/ISMA Conference


Architecture
, technologies and
capabilities of
telecommunication
networks
and mobile phones
have
significantly changed


BlackBerry and
iPhone and third
generation (3G) mobile
networks


Millions of
people around the world
can
make calls
from almost any place
in
the
world


True mobility
in accessing
internet
and
information


“Anywhere
,
Anytime
, any
Device”



OSAC/ISMA Conference


Popular

usage

of

mobile

phones

and

smartphone’s


Company’s

e
-
mail

service

(e
.
g
.

via

RIM

Blackberry

or

MS

Mobile

Outlook)


Company’s

calendar

service

(e
.
g
.

via

MS

Mobile

Outlook

and

Microsoft

Exchange)


Shared

file

systems

(e
.
g
.

Microsoft

SharePoint)


Customer

Relationship

Management

(CRM)

and

Enterprise


Resource

Planning

(ERP)

systems


Applications

dedicated

to

mobile

phones


Mobile

Sales

Force

Automation

(SFA)


SMS

alerts

and

notifications


Company’s

internal

network

via

Virtual

Private

Network

(VPN)

connections
.

OSAC/ISMA Conference


E
-
commerce

and

E
-
banking

purposes



User

authentication

via

software

tokens

running

on

Smartphone’s



Access

to

mobile

banking

applications

to

make

money

transfers



Electronic

transaction

authentication



Via

one

time

passwords

sent

by

bank

to

the

users

via

SMSes



Micropayments

via

SMS,

USSD

or

interactive

voice

channel



Premium

content

purchase

(so

called

Premium

SMS)




Alerts

and

notifications



Change

of

account

balance,

debit

or

credit

card

usage

etc
.



Electronic

signatures

via

online,

native

or

SIM

card

applications


Practical application of mobile phones and

Smartphone's is almost endless

OSAC/ISMA Conference

Realities


Mobile malware is not a future threat but a
current threat


First mobile phone malware seen over 10
years ago


In September 2009



100 known families



More than 500 modifications


In 2010
-

today


Every month a new mobile malware was identified


March 2011


60 malicious apps found in Android
Marketplace




OSAC/ISMA Conference


Possible crossover’s from PC to Mobile:


Redirect user’s web traffic through attacker’s proxy server or
unauthorized access point


Attacker may remotely change mobile browser and network configuration,


Recording and sharing all web information sent from mobile device (e.g. all
information from HTTP GET and POST)


Modifying web browser (e.g. Firefox for iPhone, or Opera Mini)


Replacing executable binaries on the phone, so all information sent to the
Internet can be intercepted


Unauthorized remote use of phone’s personal area network
capabilities (Bluetooth, Wi
-
Fi)


Remotely attack another user and penetrate networks that are in the range of
Smartphone, creating mobile Botnets


Perform distributed denial of service attacks on any target via “regular” (e.g.
Internet) or mobile (e.g. SMSes, MMSes etc.) communication channels

OSAC/ISMA Conference


Two Android examples


Tap Snake


In the Android Market Place


Tracks and monitors user’s location
-

GPS Spy


GPS data includes date and time of user’s
location


Physical access required to enable GPS Spy
feature


Movie Player


Not in Android Market Place


SMS Trojan


Poses as harmless media player application


Sends SMS messages to premium
-
rate numbers


Scam has only affected Android Smartphone
users in Russia.


OSAC/ISMA Conference

Impacts


Loss of valuable data


Loss of Intellectual Property


Loss of productivity


Negative impact on profits or
stock price


Brand damage


Lawsuits


Class actions

OSAC/ISMA Conference

Cyber Threats

OSAC/ISMA Conference

Types of Threats


OSAC/ISMA Conference

Even More Threats



Cybercrime
, online fraud and the theft of confidential

information



Bots
, Botnets and “modular” malicious code



Web
applications are increasingly become the focal point
of attacks




Man
-
in
-
the
-
Middle” attacks that circumvent multi
-
factor
authentication






OSAC/ISMA Conference

Security Defense
-
in
-
Depth



Adversaries attack the weakest link…where is yours?



Risk assessment



Security planning, policies,
procedures



Configuration management and
control



Contingency planning



Incident response planning



Security awareness and training



Security in acquisitions



Physical security



Personnel security



Security
assessments and
authorization



Access control mechanisms



Identification & authentication

mechanisms


(Biometrics, tokens, passwords)



Audit mechanisms



Encryption mechanisms



Boundary and network protection devices


(Firewalls, guards, routers, gateways)



Intrusion protection/detection systems



Security configuration settings



Anti
-
viral, anti
-
spyware, anti
-
spam software



Smart
cards



Continuous monitoring


Links in the Security Chain: Management, Operational, and Technical Controls

OSAC/ISMA Conference


Inventories of authorized and unauthorized
devices and software


Don’t allow personal preferences


Don’t let outside connect flash drives or other
devices to your network


Use software such as DeviceLock


Do not download software from the Internet, do
not use outside CDs, DVDs


Wireless device control







Hardware and Software Inventories

OSAC/ISMA Conference

Trust but Verify


Maintenance, monitoring, and analysis of
security audit logs


Continuous vulnerability assessment and
remediation


System of sanctions for improper behavior


Remote scanning from HQ


Intrusion detection systems

OSAC/ISMA Conference

Limit Access to Need


Controlled Use of Administrative Privileges


Should only be used for administrator duties


Use “
RunAs
” command whenever possible


Do not leave systems logged on


Controlled access based on need to know


Account monitoring and control


OSAC/ISMA Conference

Application Software Security



Be a good implementer


No need to reinvent the wheel


Patch quickly
-

organizations take twice as long
to patch application vulnerabilities as they take
to patch operating system vulnerabilities


Use automated updates when possible


OSAC/ISMA Conference

Malware Defenses


Firewalls: Block most hacker tools and network
worms.


Antispyware: Blocks spyware, Trojans, network
and email worms, spyware, but not viruses.


Antivirus: Blocks viruses and email worms.


Intrusion Prevention Software: Block viruses,
worms and other malware by looking for the
typical behavior of these attacks.

OSAC/ISMA Conference

Data Loss Prevention


Backups


Redundancy


Different schedules


Offsite backup


Secure Network Engineering


Penetration Tests and Red Team Exercises


Incident Response Capability


Data Recovery Capability


OSAC/ISMA Conference

Education of Users


Don’t download programs from the Internet


Do not use outside CDs, DVDs


Don’t attach outside devices


Don’t open unfamiliar e
-
mails, especially
attachments


Don’t surf sites not needed for work


Scan all files before opening

OSAC/ISMA Conference

Quick and Easy Protective Strategies

Immediate

Future

Password Length

Length and complexity do matter!

A six character password takes 13.7 days 6.05 hours
and 51.5 minutes to crack

An eight character password takes 17 years, 10.7
months and 24.2 days to crack

(Complex Passwords)

Real Time Risk Evaluation

Implement a solution that provides a
transparent layer of authentication at log in

This is crucial allowing a merchant, retailer or bank
the ability to create a real
-
time digital identity for
online users based on multiple factors including use
behavior, machine identification and user preference.

Regular Password Changes


Require Internet customers to change static
passwords at regular intervals. This will cause any
compromised date to become “stale” among fraudster
groups.

Provide Authentication Options

Offer customers varying authentication methods and
encourage adoption based on a customers risk profile
e.g. retail, vs. trust and high net worth clients

Tokens, strong passwords, strong security questions,
encryption certificates.

Ask Transactional Questions

Ask questions that pertain to the users account. Last
time used, amount charged. These techniques will
ensure your help desk is talking to THE customer.

Customer Account Monitoring and Alerting

Give customers the option to select transactional
alerts and account notifications.

Change of address, transfers, withdrawals, various
other account changes

Customer Communication / Awareness

Regular communication with customers, identification
and early notification of suspected issues


OSAC/ISMA Conference

Security Program Minimums

Vulnerability Management

Incident Response

Vulnerability Scanning

Conduct external vulnerability assessments monthly
internal vulnerability assessments quarterly


Computer Forensics

Analysis and Evidence collection of computer system /
application data for the legal preservation of security
event case information

Penetration Testing


Annual penetration testing should be conducted to
identify accessible systems, probe for known
vulnerabilities, provide insight into possible attack
vectors and provide recommendations on how to
effectively mitigate any identified threat

Event management

Respond to events identified by IDS and AV
-
Systems,
verify system integrity after an event has been
detected.

Firewall Rule Review

All firewall changes should be reviewed by the security
group to ensure proper security practices

Incident Investigation

Policy violations / inappropriate use, data collection
and event analysis of Internal investigations in
cooperation with internal business groups (HR, Legal)

Intrusion Detection / Prevention

IDS/IPS should be deployed to server as both a
forensic function and to validate the efficacy of other
control methods.


E
-
Discovery

Data collection and preservation for legal e
-
discovery
requests

Anti
-
Virus Systems

Anti
-
Virus software should be deployed to all Windows
based server and desktop systems.

Phishing

Response and management of both phishing and
brand abuse attacks

OSAC/ISMA Conference

Outlook



Social Networking



Continued growth



Continued threats



Hacktivism



Anonymous



DoS



Reputation & other attacks



Increased focus on Corporations?


OSAC/ISMA Conference

Ryan W. Garvey

Coordinator Information Security

& Cyber Threats

571
-
345
-
7748

garveyrw@state.gov