network security overview
DESCRIPTION
Network Security Overview. Ali Shayan 2008.08.06. Network Security Management’s Perspective. Dangers: Negligence Dereliction of duty Liable for damaged Misconduct Sabotage Aiding and abetting crime. Network Security Management’s Perspective. Issues Training - PowerPoint PPT PresentationTRANSCRIPT
Network Security Overview
Ali Shayan2008.08.06
Network Security Management’s Perspective
• Dangers:– Negligence– Dereliction of duty– Liable for damaged– Misconduct– Sabotage– Aiding and abetting crime
Network Security Management’s Perspective
• Issues– Training– Continuity and crisis planning– Assume information security is YOUR responsibility
Lack of awareness can lead to negligence and liability!
Understanding Components of an IT Security Audit
Modern Technology Roadmap
• Early 1990s: Virus scanners• Mid 1990s: Firewalls• Late 1990s: Over-reliance on encryption (PKI)• Early 2000s: Over-reliance on intrusion
detection systems (IDS)• Late 2000s: Over-reliance on intrusion
prevention systems/artificial intelligence
Vulnerabilities• There was a total of 7,247 vulnerabilities in 2006, 39.5% more than
2005.• June was the busiest month of the year with 696 vulnerabilities.• Week 46 (the week before Thanksgiving) was the busiest week of
2006 for new vulnerabilities.• The most popular day for vulnerability discloser was Tuesday.• The top three vulnerable vendor in 2006 were Microsoft, Oracle
and Apple.• 88.4 percent of all 2006 vulnerabilities could be exploited remotely.• Over half (50.6%) of 2006 vulnerabilities would allow an attacker to
gain access to the host after successful exploitation.
VulnerabilitiesPer Annum Vulnerabilities Count
VulnerabilitiesPer Month
Vulnerabilities by Day of Week
Vulnerabilitiesby Day of Week
VulnerabilitiesWeekdays vs. Weekends
VulnerabilitiesTop Ten Vulnerable Vendors
From which countries does spam originate?
Incident and Events by Sector
Quantifying by Losses
• 9 out of 10 businesses affected by cybercrime (FBI 2005)
• $67.2 billion per year is lost to cybercrime in the USA (FBI 2005)
• 61% of US computers are compromised (Cyber Security Alliance 2006)
• Estimated 14,000 – 17,000 Botnet C&Cs (Shadowserver.org)
Notable Trends in Cyber Criminality
• Motivation: Financial motives are making attackers more sophisticated.
• Targeted attacks: Attacks are much more targeted than before.
• Targets: The user and the user workstation (desktop or laptop) becomes the easiest path into the network.
References
• http://www.coresecurity.com• http://www.cert.com• http://www.iss.com• http://www.alexa.com
Thanks