Exploiting Web Technologies for Fun and Profit
Download
Report
Transcript Exploiting Web Technologies for Fun and Profit
Introduction to Information Security
Presented to CERTConf 2000
September 26, 2000
Stephen M. Nugen, CISSP
[email protected]
NuGenSoft/CERTConf 2000/Intro
NuGenSoft
Overview
Purpose
Provide a broad, brief, overview of information security
Context for understanding more detailed sessions
Common vocabulary
Problem domain... Threats
Solution domain... Responses
Pointers to helpful Resources
Speaker prejudices
20+ years IT and IT-related R&D
Founder and CTO of NuGenSoft
Certified Information Systems Security Professional (CISSP)
Informal style... questions welcome
[email protected]
NuGenSoft/CERTConf 2000/Intro
2
NuGenSoft
Overview cont’d
Information systems security
Discipline that protects the confidentiality, integrity, and availability of
information and information services
aka
Network security, Computer security
Information assurance, Information operations
CyberSecurity, CyberWarfare, Cyberattack
Remember C-I-A
Confidentiality: protecting from unauthorized disclosure
Integrity: protecting from unauthorized modification
Availability: making data accessible when needed, reliably
InfoSec discipline includes
Technologies
Policies; processes
Operations
NuGenSoft/CERTConf 2000/Intro
3
NuGenSoft
Threat
Threat topics
Different types of malicious software
Common program threats
Port Scans and Sniffers
Denial of service
Misrepresentation
Vandalism
Theft
Other vulnerabilities
Size and trends
NuGenSoft/CERTConf 2000/Intro
4
NuGenSoft
Threat | Malware
Viruses
Self-replicating programs
Oftentimes attached to a host file
Boot sector
System file
Document (macro)
Worms
Propagate through networks
Ex: Lovebug... email attachment propagated through email to other
recipients
NuGenSoft/CERTConf 2000/Intro
5
NuGenSoft
Threat | Malware cont’d
Trojan Horse
Malicious program disguised as something benign
Two parts
Visible useful part
Invisible malicious part... may be destructive or create vulnerability for
future exploitation
Replicate through users sharing files
Ex: Fun executable
Visible effect: Entertaining cartoon
Concealed effect: Installs remote-control program
Replicates: Users share with each other via email, floppy disk, etc.
Note: These different types not mutually exclusive
NuGenSoft/CERTConf 2000/Intro
6
NuGenSoft
Threat | Program Threats
Logic bomb
Hidden program activated under certain conditions
Ex:
if
lookup of “Bill Ellison” in payroll file fails
then
for every entry in payroll file
if entry.salary > 100K
then set entry.salary = 10K
endif
endfor
endif
Back door
Hole in system security deliberately installed by designers or
maintainers
Intent not always sinister
NuGenSoft/CERTConf 2000/Intro
7
NuGenSoft
Threat | Program Threats cont’d
Remote control programs
Allow remote control of local workstation
Effect may be known (presumably benign) or unknown (presumably
malicious)
Ex: PCAnywhere
Ex: BackOrfice
Ex: Zombie (compromised PC does what its master commands)
Buffer overflows
Exploits unintentional vulnerabilities in programs, oftentimes lesstested error-recovery routines
Sophisticated hackers able to cause their data (really hand-crafted
instructions) to overflow internal data structures into control registers
NuGenSoft/CERTConf 2000/Intro
8
NuGenSoft
Threat | Program Threats cont’d
Browser components
ActiveX or JAVA applets downloaded automatically from web page
JAVA applets constrained to sandbox, but implementation errors can
be exploited
ActiveX components unrestricted, security depends on evaluating
their source
Trusted components oftentimes marked safe for scripting
Provides useful functionality
Provides potential vulnerabilities
NuGenSoft/CERTConf 2000/Intro
9
NuGenSoft
Threat | Port Scans
Send a packet to a specific machine, particular port...
analyze the response (if any)
Part of a classic attack strategy
Reconnaissance:
Determine which ports are open
What services are responding
Use responses to determine version of operating system, web server,
etc.
Planning: Use results of port scans to select tools and methods for
specific operating system, services, etc.
RootShell.com and other hacker sites have helpful search engines...
Attack: Focused attack, customized to target system
Note: Newer attack forms just attack blindly without prior port
scans... lower probability of success, but much faster and no prior
warnings
NuGenSoft/CERTConf 2000/Intro
10
NuGenSoft
Threat | Port Scans cont’d
Port scanning very prevalent
Lots of good tools
Security assessments and self-defense strategies usually include
scanning yourself
Folks disagree about the criminality of port scans
Like someone looking in a storefront window?
Like someone trying the doors, after normal business hours?
Like someone testing your doors and windows while you sleep?
NuGenSoft/CERTConf 2000/Intro
11
NuGenSoft
Threat | Sniffers
Capture all the packets on a LAN (or WAN) segment
Normally, NIC ignores all packets except the ones addressed to
specific machine
NIC in promiscuous mode processes every packet
Difficult to detect when purely passive
Have to cut TX-line or configure very carefully so sniffer system doesn’t
respond to anything
Used maliciously to
Capture passwords
Obtain credit card numbers, etc.
Used legitimately
To diagnose difficult network problems
By intrusion detection systems
NuGenSoft/CERTConf 2000/Intro
12
NuGenSoft
Threat | Denial of Service
Definition
Aimed at making services unavailable
Called by some the “ultimate Internet security nemesis”
aka DoS
Simple types
Communications-level
Ex: Flood the server with SYN packets from one or more sources,
overwhelming the TPC/IP protocol stack resources
Service based
Ex: Send malformed header to listening RPC service, forcing server into
spinning error recovery
Network-based
Ex: Compromise a router or assume its identify... Then, send ICMP
messages to clients telling them their access is unalloyed or the network
is unreachable
NuGenSoft/CERTConf 2000/Intro
13
NuGenSoft
Threat | DoS cont’d
Simple types cont’d
Distributed
Utilize an army of Zombie PCs, previously compromised via a virus,
trojan, etc..
Multiple sources harder to counter
Traffic from each individual source may appear legit
Systems unable to cope with aggregation of multiple simultaneous
sources... especially when consuming extra resources recovering from
protocol errors, etc.
NuGenSoft/CERTConf 2000/Intro
14
NuGenSoft
Threat | DoS cont’d
Example
Threat
When systems boot, they broadcast a message indicating their identity
(IP address)
A malicious system can be configured to respond to every such
broadcast with “Hey, I’m already using that IP address!”
Thus, to avoid an IP conflict, booting system fails to initialize its
networking services
Recovery
Find the box... good luck, they can be very small
Disable Proxy ARP service on the system (or remove the system from
the LAN)
Reboot every affected system
NuGenSoft/CERTConf 2000/Intro
15
NuGenSoft
Threat | Misrepresentation
Router spoofing
Machine X claims to be the trusted router
Enables redirection
Enables denial of service and man-in-the-middle attacks
Man-in-the-middle
Can read (snoop) and/or change contents in-transit
Email
Purchase orders
Quotes
Packet filtering with detailed time-stamped logs help to detect these
attacks
NuGenSoft/CERTConf 2000/Intro
16
NuGenSoft
Threat | Misrepresentation cont’d
Web spoofing
Entice users to link through hacker-controlled portal
Hacker portal does pass-through and
Can monitor everything
Can modify the response returned by the legitimate server to something
more interesting...
1: Request
HackerControlled
Server/Portal-A
User
5: Spoofed
Response
2: Request
Legitimate Web
Server-B
3: Legit
response
4: Monitor and/or
modify response
NuGenSoft/CERTConf 2000/Intro
17
NuGenSoft
Threat | Vandalism
Rewriting someone else’s web page to display the vandal’s
message
Classic examples
Department of Justice; August 1996
Hackers vandalized www.usdoj.gov with swastikas, obscene pictures, and
criticisms of the CDA
CIA; September 1996
Vandalized www.odci.gov/cia with “Welcome to the Central Stupidity Agency”, etc.
Air Force; December 1996
Vandalized www.af.mil with X-rated picture captioned “This is what the government
is doing to you.”
Example: NASA; March 1997
Vandalized www.nasa.gov with references to the Internet Liberation Front (ILF)
More recent examples include
World Trade Organization
Activist organizations urging DoS attacks on others
NuGenSoft/CERTConf 2000/Intro
18
NuGenSoft
Threat | Theft
Types of theft
Theft of money
Theft of services
Theft of intellectual property
Direct gain
Extortion
Making valuable IP public domain, adversely impacting its copyright
status
Theft of reputation... similar to vandalism and denial of service
NuGenSoft/CERTConf 2000/Intro
19
NuGenSoft
Threat | Theft cont’d
Ex: Trojan horse dialer
Visitors to www.1adult.com offered the opportunity to view free
pictures using special download software
Special download software
Lowers modem volume
Disconnects from ISP
Reconnects to an overseas ISP
Thought to be Moldova, later found to be Canada
Very high connect fees, charged to their modem telephone line
Some customers preferred to pay very high phone bills than to
explain them... (social engineering)
Ex: Two hackers stole communication company’s 5-year
plan for cellular systems
Demanded $2M to destroy the system
Made their demands through an ISP owned by the same company...
NuGenSoft/CERTConf 2000/Intro
20
NuGenSoft
Threat | Theft cont’d
Ex: Cereal companies
Company-A secretly develops new cereal
Company-B releases a nearly identical product just before
Company-A
Company-A loses $1B
Coincidence or industrial espionage?
Ex: Adult entertainment company hires hacker to download
all content from a competing site
Filters usually prevent massive downloads
Hacker succeeded, posted content to newsgroups
Potentially weakens copyright protection of stolen content
NuGenSoft/CERTConf 2000/Intro
21
NuGenSoft
Threat | Other Vulnerabilities
Browser flaws
Hostile servers can exploit weaknesses in MS IE and Netscape
Communicator to access local files, etc
A continuous journey of discovery, response, etc.
Untrusted hackers aren’t breaking in... trusted employees are
unwittingly opening the door by accessing hostile web pages
Server flaws
Hackers can exploit server-side vulnerabilities, installing hostile code
on a trusted server that exploits clients
Cross-site scripting complicates the issue... only countermeasure is
good server-side defensive programming
NuGenSoft/CERTConf 2000/Intro
22
NuGenSoft
Threat | Vulnerabilities cont’d
Network print servers
Printer vendors slower to add strong security features
Ex: SpaWar
Intruder hacked into the printer and reconfigured the routing tables on
other SpaWar equipment.
Files were hijacked from printing queue, sent to server in Russia, and
then sent back to SpaWar printer... hijacker can keep a copy or even
modify
Noticed only when impatient user investigated why he had to wait so long
for his job to start printing
NuGenSoft/CERTConf 2000/Intro
23
NuGenSoft
Threat | Vulnerabilities cont’d
Wiretapping
Omaha’s telephone infrastructure fairly old, relatively easy to crack
Access to public telephone lines uncontrolled
Toadstools and manholes not locked
Determining which wiring pair belongs to the target is easy...just call the
number from a cell phone and feel for the ring current
PBXs complicate the problem, but only a little...
PBX’s can be hacked
Access to company wiring closets gained through social engineering
Most PBX’s have a feature that allows a single extension to hardassigned to a specific loop
Typically used for the operator or executives
Hackers like this feature
Most speaker phones can be remotely commanded for listening,
even when the phone is on-hook
NuGenSoft/CERTConf 2000/Intro
24
NuGenSoft
Threat | Vulnerabilities cont’d
Pager messages can be intercepted
Ex: White House Communications Agency, 1997
Hackers intercepted and published transcripts from pager messages sent
while the President was visiting Philadelphia
No national security compromise, but unearthed vulnerability and
romantic affairs among White House staff
NuGenSoft/CERTConf 2000/Intro
25
NuGenSoft
Threat | Size
Difficult to measure
Organizations don’t detect or report every incident
Hackers sometimes credited for IT problems not related to InfoSec
InfoSec firms influencing demand for the their products and services
1998 poll of 163 organizations
31% reported $123M in damages
69% couldn’t even quantify their damage
1998 FBI study of 428 intrusions in US
21% initiated by disgruntled employees
17% initiated by independent hackers
11% initiated by U.S. competitors
6% initiated by foreign competitors
1999 survey of 185 Fortune 500 firms
Clean-up costs and lost productivity due to worms and viruses $7.5B
for first half of 1999
NuGenSoft/CERTConf 2000/Intro
26
NuGenSoft
Threat | Size cont’d
1999 survey of Fortune 1000 companies
$45B in losses from theft of proprietary information
Unknown how much of that was sponsored by competitors’
Earlier survey found more than half of 600 companies surveyed felt their
competitors were likely source of cyberattack
2000 survey of large corporations and government
agencies
Computer Security Institute, March 2000 with FBI participation
90% detected computer security breaches in previous 12-months
70% reported “serious” breaches
74% reported financial losses
42%, or 273 organizations, able and willing to quantify their loss:
$265M
Most serious financial losses from theft of proprietary information
NuGenSoft/CERTConf 2000/Intro
27
NuGenSoft
Threat | Size cont’d
2000 survey of 4,900 IT professionals across 30 nations
InformationWeek and PricewaterhouseCoopers, July 2000
Only 50,000 US firms large enough to be impacted by and able to
accurately tally to cost of software viruses
US impact: $266B
Represents 2.5% of Gross Domestic Product
Much more than $15B estimated for 1999, different methods
Lost productivity: ~7,000 person-years
Worldwide impact: $1.6T
NuGenSoft/CERTConf 2000/Intro
28
NuGenSoft
Threat | Trends
Subjective views (multiple sources)
Decentralized multi-vendor systems make it harder to rely on
vendors to detect and close vulnerabilities
Some vulnerabilities can’t be closed by software vendors... closure has to
come from overworked application and web programmers
Increasing complexity of software increases the probability and
number of vulnerabilities
Some experts more pessimistic today than two years ago
Number of good hacker tools is increasing, making it easier
to hack
Even for the technically-challenged “script-kiddies”
Internet provides powerful opportunities for knowledge-sharing,
collaboration
Copying costs are negligible
NuGenSoft/CERTConf 2000/Intro
29
NuGenSoft
Threat | Trends cont’d
AI techniques
Conflict of interest disclosure: NuGenSoft’s focus area
AI techniques can be used to discover vulnerabilities and exploits
Provided with public-domain case histories of past exploits, Case
Based Reasoning technologies can be used to generate plausible
hypotheses of what other vulnerabilities are present/exploitable
Goal-directed scripts can test the hypotheses on private client-server
LANs... 24X7... undetected
Simple as iterating over field lengths, header contents, ports, etc..
Analyze responses
Delayed response may indicate server-intensive error processing...
Denial of Service vulnerability
No response may indicate crashed service... Denial Of Service...
maybe even a buffer overflow opportunity
Hypothesis: Attackers that develop new tools offline over 6-mo,
24X7, enjoy computational advantage over defenders responding
real-time
NuGenSoft/CERTConf 2000/Intro
30
NuGenSoft
Threat | Trends cont’d
Demand for solutions exceeds supply
Demand increasing rapidly
Supply effectively flat or increasing slowly
Best countermeasure: specialized human expertise...
Security specialists
System administrators
...Who are well-trained, experienced, informed
Training: Certifications and education initiatives increase supply but at a
lower rate than demand
Staying informed very hard and time-consuming
Nearly impossible when working full-time
CISSP and SANS certifications expire without continuing education
and/or periodic retest
Effectively decreases supply
Government speaker: “Wanting a security consultant real bad may mean
getting a security consultant real bad.”
NuGenSoft/CERTConf 2000/Intro
31
NuGenSoft
Responses
Overview
Policy... processes
Policy comes first
Technical countermeasures need to consider the risk... the likelihood of
compromise, associated damaged
Technologies
Implementing the policies
Assessment
Measure operations to assess how well are implemented technologies
and processes satisfying management policies
NuGenSoft/CERTConf 2000/Intro
32
NuGenSoft
Response | Policy
Define security policy as part of risk management
Organization managers responsible for policy
Includes disaster recovery
Plan, in advance, how to respond to successful InfoSec attacks
Define the team who will respond to security incidents
Desired: Decide, in advance, to commit necessary resources and
endurance to prosecute intruders
Separation of duties
Don’t put ultimate trust in anyone... not even system administrators
Separate duties so that no single person can maliciously
compromise the system undetected
Probability of detection increases with the number of people involved
Mandatory vacations
NuGenSoft/CERTConf 2000/Intro
33
NuGenSoft
Response | Policy cont’d
Enable audits
Turn on system accounting (event logging)... configure for maximum
granularity
Log files will be large, but disk space is cheap
Detailed log files hard to review, but tools help
Good hack tools exist for deleting or modifying log files, so
Protect their access
If possible, log to a different system, not connected via LAN/WAN... use a
serial connection to standalone system with minimal O/S for example
Manage audit trails (system logs) to preserve an unbroken chain of
evidence that can be used to prosecute criminal behavior
Employers’ written policies
Signed ‘fair use’ agreements recommended
Valid even if employees don’t sign so long as the employees know they
exist
NuGenSoft/CERTConf 2000/Intro
34
NuGenSoft
Response | Technology
Topics
Authentication
Firewalls
Intrusion Detection
Cryptography
Authentication... based on
Something you know
Password
Something you own
ATM card
Coded ID badge
Something you are
Biometrics
Fingerprint scanner
...best practice: require two elements... ATM card + PIN
NuGenSoft/CERTConf 2000/Intro
35
NuGenSoft
Response | Technology cont’d
Firewalls
Partition, manage multiple operating zones
Firewalls used be 2-port (concept and implementation)
Internal (trusted)
External (untrusted)
Today, most firewalls are 3-port...
Internal (sort of trusted)
External (untrusted, lawless)
DMZ (war zone)
Protected private network
Payroll
Internal
Firewall
DB Srver
External
Firewall
Eng Wkstns
Hide private network...
NAT, etc.
NuGenSoft/CERTConf 2000/Intro
Router
Untrusted Internet
Connection
Have to expose DMZ
for customer access
Semi-protected DMZ
Web Srvr
Monitor...
E-Mail
DNS
36
NuGenSoft
Response | Technology cont’d
Firewalls cont’d
Evolving
From filters based on source address, destination address, and type of
service... to policy-based rules
Internal firewalls used to protect trusted internal networks from each
other
Dilbert example: Isolate/protect Engineering LAN from Executive
Management
Firewalls not enough...
New viruses and Trojans like BO2K-variations can vary their signature
(size, port, location, checksum, etc.) to slip past even good firewalls
Some claim 70% of firewalls can be penetrated
Organizations relying on perimeter firewalls for network security are like
Tootsie Rolls... hard on the outside, but soft and chewy inside
Overloading of http (via port 80) may render traditional firewalls less
effective
NuGenSoft/CERTConf 2000/Intro
37
NuGenSoft
Response | Technology cont’d
Intrusion detection systems (IDS)
IDS systems like a video camera at a convenience store
Passive, don’t prevent crimes/hacking
But, provide evidence... help to eliminate repeat offenders
Three types
Packet-based
Network-based
Host-based
NuGenSoft/CERTConf 2000/Intro
38
NuGenSoft
Response | Technology cont’d
Intrusion detection cont’d
Packet-based intrusion detection
Packet filtering: Examine every packet for known attack signatures
Problem-1:
Detection uses known signatures (from hacks that were already
successful somewhere)
But, once the vendor includes that attack signatures, hackers switch to
another strategy with a new signature, unknown to intrusion detection
software
Problem-2
There are 2,500-5,000 known attack signatures to compare with every
packet
But, comparative engines can only compare packets to an active set
of <200 signatures
Sometimes, old methods work once again...
NuGenSoft/CERTConf 2000/Intro
39
NuGenSoft
Response | Technology cont’d
Intrusion detection cont’d
Network-based intrusion detection
Look for social-engineering influences by determining who’s talking to
who and when
Inside-to-inside probably OK...
Inside-to-outside and outside-to-inside maybe OK
Outside-to-outside a definite problem
Pattern-based: search for changes, deviations from “normal”
Search for off-nominal network behavior... Day-worker Bob logging in
at 3:00AM
Search for changes in user behavior... Changes in what network
resources they use... Changes in what files they access
NuGenSoft/CERTConf 2000/Intro
40
NuGenSoft
Response | Technology cont’d
Intrusion detection cont’d
Host-based intrusion detection (host misuse detection)
Lots of vendor tools
Some use expert system technology to enforce security policies;
constantly re-learn user’s usage patterns
NuGenSoft/CERTConf 2000/Intro
41
NuGenSoft
Response | Technology cont’d
Cryptography
Motivation
Protecting information by ensuring its integrity and confidentiality... even
as it travels over untrusted networks
Includes authentication and non-repudiation services... digital signatures
for example
Private-key encryption
Requires sender and receiver to share the same key... exchanging it
before exchanging information
Relatively fast
Ex: DES, IDEA, RC2, RC4, RC5, Blowfish
Public-key encryption
Uses key pairs (mathematically-related)
Public portion published
Private portion kept secret
Doesn’t require senders and receivers to exchange private keys first
Much slower than private-key
NuGenSoft/CERTConf 2000/Intro
42
NuGenSoft
Response | Technology cont’d
Cryptography cont’d
Public-key encryption
Uses key pairs (math-related)
Public portion published
Private portion kept secret
Doesn’t require senders and
receivers to exchange keys first
Much slower than private-key
Example
Authenticates the sender
Only the sender knows secret key
corresponding to sender’s public key
Ensures confidentiality
Only intended receiver knows secret
key corresponding to receiver’s public
key
Note: Message digests more efficient
NuGenSoft/CERTConf 2000/Intro
Sender
sender’s
private key
receiver’s
public key
Untrusted
Transport
receiver’s
private key
senders
public key
Receiver
plaintext
encrypt
ciphertext-1
encrypt
ciphertext-2
decrypt
ciphertext-1
decrypt
plaintext
43
NuGenSoft
Response | Technology cont’d
Cryptography cont’d
Hybrid
Use public-key to establish and share a private key
Use private-key for bulk data encryption
Public Key Infrastructure (PKI)
A method of binding a user to their public key via a certificate from a
trusted authority
NuGenSoft/CERTConf 2000/Intro
44
NuGenSoft
Response | Technology cont’d
Cryptography cont’d
Authentication via challenge handshake
Prove possession of a secret as proof of identity
without disclosing the secret
User
2
[1] User’s non-secret credentials (username) and
corresponding secret (password) stored on server
4
[2] User provides their username to server
3
[3] Server generates the challenge... a random
string and sends to user
[4] User combines the challenge with their
password, hashes it, and responds with the result
1
Server
5
[5] Server reverses the process using its copy of
the user’s secret password... if the message
matches the random string, the user is
authenticated
Note: The secret password itself is never disclosed
NuGenSoft/CERTConf 2000/Intro
45
NuGenSoft
Response | Assessments
Three parts
External: access from internet
Dial-in: find modems inside the firewall
Internal: done on-site, connected to the LAN
External (aka perimeter check, external IP assessment,
network assessment)
Reconnaissance (discovery)
What the external hacker sees
What devices are visible
What ports are open
What services are accessible
Techniques
Public information, e.g. WHOIS DB... ISP info for hosted web sites
ICMP sweeps, e.g. Ping
Port scans
NuGenSoft/CERTConf 2000/Intro
46
NuGenSoft
Response | Assessments cont’d
External cont’d
Target vulnerabilities
Banner analysis... server response to port scans
Use DB of techniques
Use search engines at hacker sites like RootShell
Exploit
Automatic attack tools
Man-in-the-middle attacks
Secondary exploitation... penetrate one machine, launch new attacks
from it
NuGenSoft/CERTConf 2000/Intro
47
NuGenSoft
Response | Assessments cont’d
Dial-in
Includes a war-dialer to detect modems connected to trusted LAN,
Servers, or workstations
Execute during the day and at off-hours (unannounced) to detect
modems turned on by employees when they want to work from home
Three steps: find, identify, penetrate
Be certain to check digital lines such as IDSN, DSL
Internal
FBI study showed 75-80% of all [detected] attacks came from the
inside...
An uncertain risk: are companies responsible when their employees [or
others] use company resources to attack other computer systems?
May include developing profiles of normal employee use
Is it really trusted employee Bob logging in at 10:30PM, or a member of
the cleaning crew using Bob’s username and password?
Why is Dilbert accessing the HR DB through remote access?
NuGenSoft/CERTConf 2000/Intro
48
NuGenSoft
Resources
Big caveat: Necessarily incomplete... a sampling
CERTConf speakers
CERTConf 1999
CERTConf 2000
CERTConf 2001
NebraskaCERT
www.nebraskacert.org
Cyber Security Forum (CSF)
Outreach program meeting monthly, everyone welcome
CISSP training
Two classes so far
Number of Omaha-area CISSP increased from two to ten with still more
getting ready to test
NuGenSoft/CERTConf 2000/Intro
49
NuGenSoft
Resources cont’d
Government
CERT
Operated by CMU under DoD contract, along with SEI
CERT teams exist at company, regional, agency, and national level
CERT issues advisories only for the most critical incidents...less-critical
vulnerabilities posted on web page
www.cert.org
Federal Best Security Practices (BSPs)
Drill-down for useful checklists
bsp.cio.gov
NIST
Computer Security Resource Clearinghouse
csrc.nist.gov
NuGenSoft/CERTConf 2000/Intro
50
NuGenSoft
Resources cont’d
NIPC
National Infrastructure Protection Center
Interagency effort, led by FBI
Omaha FBI office is NIPC-aware
CyberNotes useful source of detailed information
www.nipc.gov
InfraGard
A public outreach program under NIPC
FBI facilitates the program, but does not run it
InfraGard members run their local chapters... varies by location
Non-disclosure
Members required to sign non-disclosure agreements for InfraGardprovided information
Information provided by other InfraGard members
Information provided by NIPC just to InfraGard members
Local chapter in Omaha...
NuGenSoft/CERTConf 2000/Intro
51
NuGenSoft
Resources cont’d
Online sampler... portals, conferences, etc.
www.sans.org
www.isc2.org
www.icsa.net
www.ntsecurity.net
www.antionline.com
www.securityportal.com
www.securityfocus.com
www.counterpane.com
www.gocsi.com
Local education
PKI IS&T (UNO)
Creighton University
College of Saint Mary
Iowa State University
NBDC
NuGenSoft/CERTConf 2000/Intro
52
NuGenSoft
Resources cont’d
Newsletters, email
Security Wire Digest from www.infosecuritymag.com
Security Update from www.win2000mag.com
Microsoft Product Security from www.microsoft.com/technet/security
Print magazines
Magazines specific to your operating system(s)
Information Security... www.infosecuritymag.com
SC Magazine... www.infosecnews.com
Books
Too many to list... new ones always being published
Send focused request to [email protected]
NuGenSoft/CERTConf 2000/Intro
53
NuGenSoft
Questions... Discussion
NuGenSoft/CERTConf 2000/Intro
54