if a network falls in the internet does it make a sound?

If a network falls in the Internet does it make a sound?

(The top 5 threats you don’t hear enough about.)

Jayson E. Street, CISSP, GSEC, GCFA

IEM, IAM, CCSE, CCSA, Security+, etc…

Let go of my EGO

• Lets start out with a little about yours truly.

jstreet@stratagem-one.com

Know yourself know your enemy

• Sun Wu (Tzu) “Ping-fa”(The Art of War)• “Thus it is said that one who knows the enemy and

knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement!”

Contents

• INTRO• The IRC• Reverse Engineering• Botnets• Insider Threats• Just google it• Now what?• Discussion

IRC + CC = SOS

Do things seem a little Fuzzy?

• Browser bug a day – HD Moore• Microsoft patch Tuesday = IDA Pro Wednesday • SQL Slammer a look back at the good ole days.

– Made known at DEFCON July of 2002 Patched by MS with MS02-039 Hit on 1/25/03.

• MS06-040 Changed the infection rate from 250,000 machines a month to 250,000 machines a DAY! In the first few days of release. (Source Trend Micro)

• Fuzzyri0t.pl Made in Oklahoma

Not domo arigato Mr. Roboto70 million computers subverted worldwide

(Source Trend Micro)

Government Agencies whose computers may have been compromised.– Alabama Research and Education Network– Argonne National Laboratory– Arkansas Dept. of Information Systems– Connecticut Dept. of Information Technology– Iowa Communications Network– Pittsburgh Supercomputing Center– U.S. Dept. of Defense– U.S. Navy(Source Information Week Magazine 10/9/06)

Hiring the harm

• A simple question to INFOSEC personnel.Have you used security privileges to look at information you’re not authorized to access?

Out of 648 responses on http://darkreading.com10% Yes on a regular basis27% Yes a few times in their career.63% No• The 2005 FBI Computer Crime Survey

Use of antivirus, antispyware, firewalls and antispam software is almost universal among those who responded. But the software apparently did little to stop malicious insiders.

Got Google?

Okay now what can we do?

• Without understanding where the opponent's weaknesses are you cannot borrow their strength to use against them. (Cheng Man Ching)

• http://www.infragard.net/chapters/oklahoma/ • http://OSVDB.org• http://www.issa-ok.org/• http://isc.sans.org

This presentation is located @– http://f0rb1dd3n.com/s1s/WP/

Now let’s learn from others

• Discussion and Questions????

• Or several minutes of uncomfortable silence it is your choice.

Once again those links

• http://www.infragard.net/chapters/oklahoma/ • http://OSVDB.org• http://www.issa-ok.org/

• http://isc.sans.org

This presentation is located @

– http://f0rb1dd3n.com/s1s/WP/