What do you know about your network

Download Report

Transcript What do you know about your network

What do you know about
your network
Or maybe you don’t know who’s
really there
Who Controls Your Security Priority



Vendors and Magazines control what
people are talking about when it comes to
Information Security
Each one is trying to sell you something
Each one selling a technology or service
By Dennis Peasley CISSP
Digital Government
October 2004
What is important to you




Every device on your network can be a
vulnerability
Every Device is active
In most cases, every device can talk to
every other device. At least locally
What devices are on your network?
By Dennis Peasley CISSP
Digital Government
October 2004
IP, Internet Protocol


Because we all use the Internet Protocol
now, everything is connected
The Sapphire Worm was the fastest
computer worm in history. As it began
spreading throughout the Internet, it
doubled in size every 8.5 seconds. It
infected more than 90 percent of
vulnerable hosts within 10 minutes.
By Dennis Peasley CISSP
Digital Government
October 2004
The Key to Vulnerabilities
 No
Operator inter-action needed
 As
fast as the network allows
 Who
is on your network
By Dennis Peasley CISSP
Digital Government
October 2004
Who’s on your network
Plenty of Dynamically Provided
Addresses
 No requirements needed to get an
address
 No membership or authorization
needed
 Microsoft Domains are not a block

By Dennis Peasley CISSP
Digital Government
October 2004
Who is on Your Network?



In 2003 Herman Miller Inc. won the RSA
conference, Best Security Practice of the
year, for preventing a computer without
up-to-date Anti-Virus remotely accessing
the network.
We have been infected with each of the
major Worms since then.
What’s up with That?
By Dennis Peasley CISSP
Digital Government
October 2004
Worms and Virus




August 2003 –Blaster
May 2004 - Sasser emerged
Each of these worms found hosts on our
network that we did not know existed.
We began a one year search for
computers we did not know were on our
network.
By Dennis Peasley CISSP
Digital Government
October 2004
Check with the vendors





Most major vendors said they could find
every computer on our network.
The key is how fast.
Many laptops, many computers turned On
and Off
How big is your address range
We use 10.x.x.x - 16,777,214 possible
host addresses
By Dennis Peasley CISSP
Digital Government
October 2004
Too many places to scan


All of these addresses are not live
But who do we believe when we decide
not to check them
 Gota
By Dennis Peasley CISSP
check’em all
Digital Government
October 2004
Who talks to Who





Routers talk to all of them
They can tell you of every one who talks
to anyone else on the network
Ask the routers who’s there
They know every computer that talks on
the network
With this information you can find your
network occupants
By Dennis Peasley CISSP
Digital Government
October 2004
Find Them – Scan Them




We scanned each host looking for
Windows but no Anti-Virus program
We found computers that we couldn’t talk
to. We did not have rights.
Policies? Do your Windows System
administrators have the right to access all
client computers.
What happens when you find the
computers that will be there.
By Dennis Peasley CISSP
Digital Government
October 2004
Each Network has these Unknown Hosts

These hosts are:







Unmanaged
Unpatched?
Not backed up
Running unknown software
Running unknown services
Waiting to be used by the next worm
Where are the real risk’s
By Dennis Peasley CISSP
Digital Government
October 2004
Vendor’s and Magazine’s




There are many risk’s running a modern
technology ecology.
The risks will never go away.
Set the priorities
Where will you focus your teams
By Dennis Peasley CISSP
Digital Government
October 2004
Security is like Quality







Security must be built in
Security must be part of all management
Security must have measurable goals
Operations teams are not usually measured by
quality or security
Separation of duties makes sense
Security should be equal to operations,
development and Infrastructure
OR outside of IT
By Dennis Peasley CISSP
Digital Government
October 2004