Week 13: Reading, Question for Class, and In The News…

Reading: Dyrmose, M. (2013). Beating the IPS. SANS Institute InfoSec Reading Room.  The paper: describes how to build an intrusion protection system research laboratory, introduces four evasion techniques, and illustrates how to use three of them in various combinations to avoid detection by 1 open source and 5 commercial intrusion protection systems (IPSs) to execute a successful web-based information security exploit.  The techniques include: Obfuscation, Fragmentation (including overlapping, reassembly order, and timeout variants), and Protocol violations.  The article demonstrated that the simple one-exploit attacks were detected by most of the IPSs, but particular combinations could be formulated to bypass any one of them.

Question for the Class:  Did you know that: “99% of all successful attacks/breaches involve a vulnerability that is at least 1 year old”, and “ 90% of all breaches involve a vulnerability from 7 years or older”?  (From: http://www.coresecurity.com/videos/what-your-scanner-isnt-telling-you)

InTheNews: Shackelford, S.J. (2015-10-30) Another ‘Back to the Future’ Moment – 27 Years After the World’s First Cyber Attack.  Twenty-seven years ago (1988) a Cornell University grad student (Robert Morris) launched the first “Internet worm” from MIT. Meant to measure the size of the Internet, the worm morphed into a denial of service exploit copying itself onto many of the 60,000 computers connected to the Internet. The worm caused between $100,000 to $10 million in damages. Morris received 3 years of probation and a $10,050 fine,  and note as “the world’s first cyber attacker” prosecuted under the Computer Fraud and Abuse Act. He is now a tenured MIT professor and dot-com millionaire. Today, there are > 9 billion devices and >3 billion people online.  Positive outcomes traceable to Morris’ exploit include: Carnegie Mellon University’s Cyber Emergency Response Team (CERT), proactive cybersecurity best practices, and the NIST Cybersecurity Framework. The government of Australia reports success in preventing 85% of cyberattacks based on following 3 common sense techniques: (1) Only permitting pre-approved programs to operate on networks (i.e. application whitelisting), (2) regular patching of operating systems and applications, and (3) minimizing the number of people on the network with admin privileges.

http://www.huffingtonpost.com/scott-j-shackelford/another-back-to-the-future-moment_b_8428352.html?utm_hp_ref=cybersecurity