Getting the most from your IPS System.pdf

(1446 KB) Pobierz
Security Trends and Network
Intrusion Detection and
Prevention
Jonathan Limbo
<jlimbo@cisco.com>
Security Researcher
CCIE Security #10508
CCIE Summit 2006
© 2006, Cisco Systems, Inc. All rights reserved.
1
Agenda
The Security Climate
The Evolution of Security Attacks
Exploit Trends and Common Attack Vectors
Intrusion Detection and Prevention “101”
Deployment Considerations
Network Sensor Deployment
Post Deployment Issues
-
Custom Signatures
-
False Positives In-Depth
-
Security Intelligence/Awareness
CCIE Summit 2006
© 2006, Cisco Systems, Inc. All rights reserved.
2
The Security Climate
CCIE Summit 2006
© 2006, Cisco Systems, Inc. All rights reserved.
3
The Security Climate – Sept 5 to
Oct 1
Increasing Activity
-
142 events (74 were Vulnerability Alerts, 56 Security Issue
Reports, 5 Malicious Code Alerts, 5 Daily Virus Reports, and
2 Security Activity Reports)
-
The month included several "zero-day" Microsoft
vulnerabilities in Microsoft Office products and Internet
Explorer
- Microsoft responded to the Windows VML Document
Arbitrary Code Execution Vulnerability with an out-of-cycle
security bulletin and patch on September 26, 2006
(Data from Intellishield)
CCIE Summit 2006
© 2006, Cisco Systems, Inc. All rights reserved.
4
The Security Climate – Sept 5 to
Oct 1
Microsoft Windows VML Document Arbitrary Code
Execution Vulnerability
-
Functional exploit code is publicly available, and attackers
are actively exploiting this vulnerability in the wild. Malicious
software that exploits the vulnerability, Exploit-VMLFill, is
currently in circulation
Microsoft Internet Explorer WebViewFolderIcon
ActiveX Control setSlice() Integer Overflow
-
Functional exploit code for this vulnerability on all affected
Windows platforms is active in the wild.
CCIE Summit 2006
© 2006, Cisco Systems, Inc. All rights reserved.
5

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin