Home > IT Answers > Networking > Unknown Threats
Help

Question

  Asked: Jul 28 2007   2:24 PM GMT
  Asked by: Czarleo

Unknown Threats


Networking, Security, Application security, Exchange, Instant Messaging, Encryption, Database, secure coding, Current threats, Viruses, worms, Hacking, Spyware, Trojans, backdoors, human factors, Network security, Firewalls, VPN, Intrusion management, Incident response, Forensics, Wireless, Platform Security, vulnerability management, patching, configuration, PEN testing, Tech support, Software

Apart from honeypots, what are the different methods to find unknown threats which are prevalent? and how to find methods to mitigate them.

PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find methods to find such unknown threats??

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Jul 28 2007  4:34 PM GMT  by bobkberg




Aside from honey pots, there are also honey nets (google on honey nets or on the name Lance Spitzner who is very much involved. He's got some good books out on the subject.

Microsoft (and maybe other groups as well) has what is called a "Honey Monkey" project. Similar in objective to a honey pot, it is pro-active where there are a number of computers running different versions (updates and such) of supported operating systems and browsers (Win 2000, Win XP, Vista, etc.) and possibly other applications. These systems go out and search many web sites, looking to get compromised. If you start with XP, service pack 2 for example, and the system gets compromised, then the URL that did the damage is referred to a more recently patched version of the O/S or browser. If it still gets compromised when they're up to the latest version of everything, then they've found a Zero-Day exploit - and they can start work on a patch before the bad guys are aware that they know about it. The reason for this is that with the increase in organized crime (and others) trying to compromise PCs, many of the folks who discover a vulnerability do NOT want to share or publicize it - they want to keep it for themselves for their own use.

As for vulnerabilities for which patches are known and available - why aren't they patched immediately?

The answer is not as simple as it might seem - but here are some major factors.

Lazy and/or ignorant system administrators
Overworked system administrators
Management which does not make this a priority
Personal Computer owners who are lazy or ignorant
Personal Computer owners who are fearful of applying ANY change
Anyone who is not aware that applications as well as operating systems need patching due to vulnerabilities

For most people and most systems, the Microsoft automatic Windows Update is adequate. There is also Office Update. The official "new" standard is "Microsoft Update" but this has been plagued with several problems - not going into those.

To do a little "myth busting" here, the hackers are mostly NOT 10 steps ahead. There are some very skilled individuals out there, but most of the hackers are taking advantage of vulnerabilities for which patches have long been available. I recommend that you read some of Ira Winkler's books on the subject. He has some strong opinions (with which I agree), but he presents his material well and is a known authority on the subject.

Does this answer your question?

Bob
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Networking, Security and Exchange.

Looking for relevant Networking Whitepapers? Visit the SearchNetworking.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Papp  |   Dec 11 2007  4:21AM GMT

Back in the day… oh sheeze here I go, we used tarpits and “Hall of Mirrors”. Depending on the nature of attacks, or suspicions, and the exposed neighborhood. Tarpits can be damaging. As the name suggests unsuspecting users can get caught in them as well. Start with benign, and work your way up to sticky. Be carefull, I have been told what I was doing was illegal. So if you take tarpits off the list, Hall of Mirrors can be fun with less damage. Mimic an entire operation center and double verify users to pass through to the real servers. Depending on your industry you could go as far as logic bomb-die packs… I love those. They leach beacons so even if they drop, their trail is still visable. All depends on if you want to be feeding your community through a stir stick or start tagging them. To be “civilised” you should listen to the gentleman above. Costly? yes. Fruitless? no. It just rubbs the wrong way when your victimized, report it, and pay for the patch-fix depending on the product, in some cases the fix is 3 months out, or worse, nothing, due to intrinsic code designed to prevent piracy, or backed by lawsuits to expoit, under the guis of free speech (or worse, creativity). Honey only attacks them. Unless your in the security business for sales… why? Participating in a community effort is always a good idea, as long as you recognize that community is most likely a public company legaly bound to show profit, and more profit. Finding long term security companies is like finding the street gang that sided with one “Boss” or another to survive. In most cases they are the best money can buy, just be aware of thier duality even if they are not. I would like to see a security company that does not trade on the market! None of the owners or board members trade on the market, or sell information for trading on the market, or make any revenue other than protecting their customers. That would be a steep bill. aaaa.. what am I saying, good men like that shouldn’t set themselves up to be assasinated. IT Templers= Friday the 13th.
Or Charge of the Light Brigade?

Russian Porn= $
US Porn= $
IT Security= -$ and complexity for governments to monitor.

Let me tell you how the dialog would go if you tagged and bagged them.

    You- I caught this guy trying to go through our R&D
    FBI- How much money was stolen?
    You- None, I stopped them
    FBI- I am afraid there is nothing I can do. By the way, how did you do it? …you have the right to remain silent… Do you know that code if copywrite protected by internation law…

I am sure the script by now has been changed to phish more before they put on the cuffs, but you get the drift. If your real lucky the perp you caught is to embarassing to prosecute… you! It isn’t always about right and wrong. Sometimes you have to consider the fall-out. Canada has one regulator for IT Governance. Easy to petition for change. In the U.S. Identity theift is still a minor offence with anbiguity as far as State law enforcement. I wonder how they handle this in China?

U.S.= Charge of the Light Brigade.

 

Papp  |   Dec 11 2007  4:37AM GMT

Mimic, tagg, and block.

Typically I would follow this with a quote from Liar, Liar, when he was picking up his car from the pound, but I do not want to offend.

I share your frustration. Today’s IT security is riddled with retreating moves of complexity until there is no room to move. To top it off, they expect you to shop at McDonalds when your hungry for tenderloin and baked potato.