Security threats facing SA businessess

Download Security threats facing SA businessess

Post on 12-Nov-2014

733 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

Presentation by Charl de Walt in 2001. The presentation aims to educate people that IT security is relevant to SA business. The presentation begins with examples of defaced SA company websites. Various attacks such as DDoS and semantic attacks are discussed. The presentation ends with a discussion on IP manipulation

TRANSCRIPT

  • 1. Security Threats Facing S.A Businesses 2001 SensePost (Pty) Ltd charl van der walt www.sensepost.com
  • 2. INTRODUCTION
        • About me
        • SensePost
        • Objective
        • [email_address]
  • 3. Agenda
    • Is the Threat Real
    • We are from .za, is it still Real?
    • Types of attacks seen in the wild
            • Application Layer
            • DDoS
            • Trojans & Worms
            • Semantic Attacks
            • Advanced IP Manipulation
  • 4.
  • 5. Is the Threat Real?
    • In the last month, we have experienced single days of mirroring over 100 defaced web sites, over three times the total for 1995 and 1996 combined .
      • Attrition.org. 21 May 2001
    • Since the archive started
      • 16,070 defaced Websites
    • Security Incidents on ARIS
      • In the last 24hrs: 27,406
      • In the last 7 days: 465,267
  • 6. INFORMATION SECURITY AWARENESS jaco van graan
  • 7. INFORMATION SECURITY AWARENESS jaco van graan
  • 8. DDoS
  • 9. Feb Fun
    • Major attack launched between February 7 and 14 2000
    • Approximately 1,200 sites affected
    • Including a number of high profile sites:
      • CNN.com, Yahoo, eBay, Amazon, Dell, Buy.com
    • Simple bandwidth usage
    • Yahoo! Attack lasted from about 10:30 a.m. till 1 p.m.
      • requests totaled roughly 1 gigabit per second
    • Canadian teen Mafiaboy arrested in April
      • pleads guilty to 55 charges in Montreal, November 2000
      • Faces 2 years & US$650
  • 10. Feb Fun the Aftermath
    • FBI estimates that DoS attacks during February 2000 cost $1.2 billion
    • eBays share price fell 25% the day after its Website was taken down costing them a total of US1,2bn.
    • Reportedly spent US$ 100 000 in securing their site against further attacks.
  • 11. Whos calling? The Phonemasters!
    • 11 20-somethings
    • Phocused on telephone networks
      • AT&T Corp
      • British Telecommunications Inc
      • MCI WorldCom
      • Sprint Corp
    • Could eavesdrop on phone calls & redirect communications at will.
    • Access to portions of the national power grid & air-traffic-control systems
    • Hacked their way into a digital cache of unpublished telephone numbers at the White House
    • Redirected FBI phone numbers to chatlines
    • Prices: FBI's Crime Information Center = $100
    • Trapped at the end of 1998 using a PSTN sniffer
  • 12.
    • Is the Threat Ours?
  • 13.
  • 14. Owned by aKt0r ... Due to Y2K Problems we have lost all our customer information and also our customers money. Im making history in SA someone give me a decent job and mark gilmen interview me I think you roq...
  • 15. Mr_Twig??
      • Defaced in 2001
        • www.callacar.co.za
        • www.itweb.co.za
        • www.metrofm.co.za
        • www.infosat.co.za
        • rf.nokia.co.za
        • www.pnet.co.za
        • www.nedcore.co.za
        • www.atlassecurity.co.za
        • www.durbanexports.co.za
        • www.curriespost.co.za
        • www.dcs.co.za
        • www.dap.co.za
        • www.aids2000.co.za
        • www.nnp.org.za
  • 16.
    • JSE-listed NetActive reportedly experienced two attacks in April 2000
    • The Edcon group reportedly lost R1m when a disgrunteled programmer brought down 600 stores for a whole day
    • irc.posix.co.za
      • January 2001
      • Classic SMURF
      • Killed the server
      • Affected all POSIX clients
    RSADoS (in the motherland)
  • 17. Types Of Attacks
    • Types of attacks seen in the wild
          • Application Layer
          • DDoS
          • Trojans & Worms
          • Semantic Attacks
          • Advanced IP Manipulation
  • 18.
    • "I would put patching in the top two things an admin can do to secure their computers"
      • Lance Spitzner, Honeynet Project.
    • Failing to responsibly patch computers led to 99 percent of the 5,823 Web site defacements last year
      • Attrition.org
    • wu-FTP
      • Discovered June 2000
      • Still being used by Ramen worm
    • MS IIS RDS (MDAC) vulnerability
      • Released June 1998
      • Patched in July 1998
      • Advisory released again July 1999
      • and again in July 2000
      • Still # 4 on SANS Top 10 (www.sans.org/topten.html)
    • IIS ISAPi bug used to deface > 9000 servers to date
    Application Level Attacks
  • 19. Types Of Attacks
    • Types of attacks seen in the wild
          • Application Layer
          • DDoS
          • Trojans & Worms
          • Semantic Attacks
          • Advanced IP Manipulation
  • 20. DoS using Amplifiers - SMURF
  • 21.
    • TCP connection is established via a 3-way handshake
      • SYN
      • SYN/ACK
      • ACK
    • SYN flood is based on an incomplete handshake
      • SYN but not ACK
    • TCP/IP stack adds an entry in a table in kernel memory for each SYN received.
      • Wait a while before deleting entry
      • Cant accept connections when aleady full
    • A heavy flood can prevent legitimate connections.
    SYN floods
  • 22. New Kid on the block - DDoS
  • 23. Profile of a typical attack

Recommended

View more >