Vulnerabilità e Attacchi alle Infrastrutture IT
Simone Riccetti
Sr. IT Security Architect
Agenda
Team di Ricerca X-Force
Vulnerabilità e Minacce
Tecnologie di Protezione
Attack Lifecycle
Live Demo
2
The mission of the
IBM Internet Security Systems™
X-Force® research and development
team is to:
Research and evaluate threat and protection issues
Develop assessment and countermeasure technology
Educate the media and user communities
3
X-Force
4
Agenda
Team di Ricerca X-Force
Vulnerabilità e Minacce
Tecnologie di Protezione
Attack Lifecycle
Live Demo
5
Vulnerability Highlights
Overall number of disclosed
vulnerabilities increased in
comparison to previous years
5% increase over the first half of
year 2007
6
Patch Availability Date
Y-Axis
gg tra la patch e
l’annuncio della
vulnerabilità
X-Axis
Data di annuncio della
vulnerabilità
Data
1,551 patches
15% Prima dell’annuncio
54% All’annuncio
31% Dopo l’annuncio
Courtesy: Stefan Frei, ETH Zurich – http://www.techzoom.net/risk/
Exploit Availability Date
Exploit Availability Date
Courtesy: Stefan Frei, ETH Zurich – http://www.techzoom.net/risk/
Y-Axis
Giorni trascorsi tra
l’annuncio della
vulnerabilità e l’exploit
X-Axis
Data di annuncio della
vulnerabilità
Data
3,428 exploits
23% disp. prima
dell’annuncio
58% disp. all’annuncio
19% disp. dopo l’annuncio
Browser Vulnerabilities
Memory corruption is the main vulnerability.
No substantial difference.
9
Primary Exploit Target: Browser Plug-Ins
The majority of publicly released
exploits are for browser plug-ins
The top five most exploited browser
vulnerabilities all target plug-ins
Although most active exploitation
focuses on older vulnerabilities,
newer attack tools have automatic
methods to incorporate the most
recent exploits
10
Web Server Application Vulnerabilities
Three newcomers to the top ten vendor list were web server application
software vendors
Web server application vulnerabilities account for 54% of all 2008 H1
disclosures and 51% since 2006
11
Agenda
Team di Ricerca X-Force
Vulnerabilità e Minacce
Tecnologie di Protezione
Attack Lifecycle
Live Demo
12
ISS Preemptive Protection
Vulnerability Focused Protection
Agenda
Team di Ricerca X-Force
Vulnerabilità e Minacce
Tecnologie di Protezione
Attack Lifecycle
Live Demo
15
How do you get “owned” these days?
The Attach Lifecycle
The initial culprits in owning a system can be as innocent as an email from
Mom or as malicious as a hacker set to steal valuable information.
16
The Attack Lifecycle
Inherent in any computer program
are vulnerabilities, or small cracks
in the code, that allow things in that
were not originally intended.
17
The Attack Lifecycle
Inherent in any computer program
are vulnerabilities, or small cracks
in the code, that allow things in that
were not originally intended.
A “proof of concept”, or exploit,
is created to take advantage of
the lowered defenses from the
vulnerability
18
The Attack Lifecycle
Inherent in any computer program
are vulnerabilities, or small cracks
in the code, that allow things in that
were not originally intended.
Shellcode is then
injected to enable
remote code
execution
A “proof of concept”, or exploit,
is created to take advantage of
the lowered defenses from the
vulnerability
19
The Attack Lifecycle
Inherent in any computer program
are vulnerabilities, or small cracks
in the code, that allow things in that
were not originally intended.
Shellcode is then
injected to enable
remote code
execution
A “proof of concept”, or exploit,
is created to take advantage of
the lowered defenses from the
vulnerability
20
Shell code is executed to
create a buffer overflow
that opens the back door
to the system
The Attack Lifecycle
Inherent in any computer program
are vulnerabilities, or small cracks
in the code, that allow things in that
were not originally intended.
Shellcode is then
injected to enable
remote code
execution
A “proof of concept”, or exploit,
is created to take advantage of
the lowered defenses from the
vulnerability
21
Malcode, such as a
trojan or rootkit is
executed to wreak
havoc on the system
Shell code is executed to
create a buffer overflow
that opens the back door
to the system
The Attack Lifecycle
Inherent in any computer program
are vulnerabilities, or small cracks
in the code, that allow things in that
were not originally intended.
Shellcode is then
injected to enable
remote code
execution
A “proof of concept”, or exploit,
is created to take advantage of
the lowered defenses from the
vulnerability
22
Malcode, such as a
trojan or rootkit is
executed to wreak
havoc on the system
Shell code is executed to
create a buffer overflow
that opens the back door
to the system
X-Force Protection Engines
Cobion
Shellcode Heuristics
Cobion e-mail and content
filtering technology has analyzed
over 8.7B URLs and images and
1B unique spam messages. Over
100k web/700k spams
analyzed daily.
This engine uses generic
shellcode detection to block
shellcode payloads, one of
the most prevalent method of
infecting non-binary files like
html, docs, and images.
PAM
The Protocol Analysis Module (PAM) is the
network IPS component in IBM ISS desktop, server,
and network products. PAM uses behavioral and
vulnerability-centric methods to detect and block
network-based exploits affecting more than 7,400
vulnerabilities.
23
BOEP
Buffer Overflow Exploit Prevention
(BOEP) blocks execution payloads
delivered through buffer overflow
exploits, providing 0-day protection
for this class of threats.
VPS
The Virus Prevention System (VPS) is a behavioral
anti-virus technology that can stop not only new
malware variants, but also new malware families.
VPS uses pre-execution behavioral analysis to
stop malware before it can run and do damage.
Conclusions
The costs of data loss are significant but hard to calculate: the whole
company is at risk.
Collaboration brings complexity and with it many new risks.
Statistics are showing how the endpoint and the data are targeted.
A complete solutions must entail intrusion and extrusion prevention, as
well as proper Authentication, Authorization and Accounting.
24
Agenda
Team di Ricerca X-Force
Vulnerabilità e Minacce
Tecnologie di Protezione
Attack Lifecycle
Live Demo
25
GRAZIE!
Domande?
Simone Riccetti
[email protected]
Scarica
  1. No category

Vulnerabilità e Attacchi alle Infrastrutture IT Simone

Diapositiva 1

Diapositiva 1

get on the presentation of our traceability services

get on the presentation of our traceability services

Helena Haganovà

Helena Haganovà

Q: How can I apply? A: You have to fill in and close the online

Q: How can I apply? A: You have to fill in and close the online

HEAT EXCHANGERS SCAMBIATORI DI CALORE

HEAT EXCHANGERS SCAMBIATORI DI CALORE

A345 A346

A345 A346

SRF - the Everywhere Project

SRF - the Everywhere Project

Presentazione standard di PowerPoint

Presentazione standard di PowerPoint

Call for papers

Call for papers

Diapositiva 1

Diapositiva 1