Register

Forgot Password

Site FAQ

Home > IT Answers > Security > Unknown Threats

Czarleo

0 pts.

Unknown Threats

Apart from honeypots, what are the different methods to find unknown threats which are prevalent? and how to find methods to mitigate them. PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find methods to find such unknown threats??

Software/Hardware used:

ASKED: July 28, 2007 2:24 PM

UPDATED: November 2, 2011 8:40 AM

RELATED QUESTIONS

Answer Wiki:

Aside from honey pots, there are also honey nets (google on honey nets or on the name Lance Spitzner who is very much involved. He's got some good books out on the subject. Microsoft (and maybe other groups as well) has what is called a "Honey Monkey" project. Similar in objective to a honey pot, it is pro-active where there are a number of computers running different versions (updates and such) of supported operating systems and browsers (Win 2000, Win XP, Vista, etc.) and possibly other applications. These systems go out and search many web sites, looking to get compromised. If you start with XP, service pack 2 for example, and the system gets compromised, then the URL that did the damage is referred to a more recently patched version of the O/S or browser. If it still gets compromised when they're up to the latest version of everything, then they've found a Zero-Day exploit - and they can start work on a patch before the bad guys are aware that they know about it. The reason for this is that with the increase in organized crime (and others) trying to compromise PCs, many of the folks who discover a vulnerability do NOT want to share or publicize it - they want to keep it for themselves for their own use. As for vulnerabilities for which patches are known and available - why aren't they patched immediately? The answer is not as simple as it might seem - but here are some major factors. Lazy and/or ignorant system administrators Overworked system administrators Management which does not make this a priority Personal Computer owners who are lazy or ignorant Personal Computer owners who are fearful of applying ANY change Anyone who is not aware that applications as well as operating systems need patching due to vulnerabilities For most people and most systems, the Microsoft automatic Windows Update is adequate. There is also Office Update. The official "new" standard is "Microsoft Update" but this has been plagued with several problems - not going into those. To do a little "myth busting" here, the hackers are mostly NOT 10 steps ahead. There are some very skilled individuals out there, but most of the hackers are taking advantage of vulnerabilities for which patches have long been available. I recommend that you read some of Ira Winkler's books on the subject. He has some strong opinions (with which I agree), but he presents his material well and is a known authority on the subject. Does this answer your question? Bob =============== Unknown threats are in any computer system or network are indeed unseen and unknown to our knowledge because those are program codes running within the computer or operating system. The best way to know unknown threats are to scan your computer system in a full system scan mode to make sure that all areas are scanned carefully. Make sure that you will use the latest and updated antivirus software before doing it.

Aside from honey pots, there are also honey nets (google on honey nets or on the name Lance Spitzner who is very much involved.  He's got some good books out on the subject.

Microsoft (and maybe other groups as well) has what is called a "Honey Monkey" project. Similar in objective to a honey pot, it is pro-active where there are a number of computers running different versions (updates and such) of supported operating systems and browsers (Win 2000, Win XP, Vista, etc.) and possibly other applications.  These systems go out and search many web sites, looking to get compromised.  If you start with XP, service pack 2 for example, and the system gets compromised, then the URL that did the damage is referred to a more recently patched version of the O/S or browser.  If it still gets compromised when they're up to the latest version of everything, then they've found a Zero-Day exploit - and they can start work on a patch  before the bad guys are aware that they know about it.  The reason for this is that with the increase in organized crime (and others) trying to compromise PCs, many of the folks who discover a vulnerability do NOT want to share or publicize it - they want to keep it for themselves for their own use.

As for vulnerabilities for which patches are known and available - why aren't they patched immediately?

The answer is not as simple as it might seem - but here are some major factors.

Lazy and/or ignorant system administrators
Overworked system administrators
Management which does not make this a priority
Personal Computer owners who are lazy or ignorant
Personal Computer owners who are fearful of applying ANY change
Anyone who is not aware that applications as well as operating systems need patching due to vulnerabilities

For most people and most systems, the Microsoft automatic Windows Update is adequate.  There is also Office Update.  The official "new" standard is "Microsoft Update" but this has been plagued with several problems - not going into those.

To do a little "myth busting" here, the hackers are mostly NOT 10 steps ahead.  There are some very skilled individuals out there, but most of the hackers are taking advantage of vulnerabilities for which patches have long been available.  I recommend that you read some of Ira Winkler's books on the subject.  He has some strong opinions (with which I agree), but he presents his material well and is a known authority on the subject.

Does this answer your question?

Bob

===============

Unknown threats are in any computer system or network are indeed unseen and unknown to our knowledge because those are program codes running within the computer or operating system. The best way to know unknown threats are to scan your computer system in a full system scan mode to make sure that all areas are scanned carefully. Make sure that you will use the latest and updated antivirus software before doing it.

Last Wiki Answer Submitted: November 2, 2011 8:40 am by Bobkberg

1,070 pts.

All Answer Wiki Contributors: Bobkberg

1,070 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Dec 11, 2007 4:21 AM (GMT)

Back in the day… oh sheeze here I go, we used tarpits and “Hall of Mirrors”. Depending on the nature of attacks, or suspicions, and the exposed neighborhood. Tarpits can be damaging. As the name suggests unsuspecting users can get caught in them as well. Start with benign, and work your way up to sticky. Be carefull, I have been told what I was doing was illegal. So if you take tarpits off the list, Hall of Mirrors can be fun with less damage. Mimic an entire operation center and double verify users to pass through to the real servers. Depending on your industry you could go as far as logic bomb-die packs… I love those. They leach beacons so even if they drop, their trail is still visable. All depends on if you want to be feeding your community through a stir stick or start tagging them. To be “civilised” you should listen to the gentleman above. Costly? yes. Fruitless? no. It just rubbs the wrong way when your victimized, report it, and pay for the patch-fix depending on the product, in some cases the fix is 3 months out, or worse, nothing, due to intrinsic code designed to prevent piracy, or backed by lawsuits to expoit, under the guis of free speech (or worse, creativity). Honey only attacks them. Unless your in the security business for sales… why? Participating in a community effort is always a good idea, as long as you recognize that community is most likely a public company legaly bound to show profit, and more profit. Finding long term security companies is like finding the street gang that sided with one “Boss” or another to survive. In most cases they are the best money can buy, just be aware of thier duality even if they are not. I would like to see a security company that does not trade on the market! None of the owners or board members trade on the market, or sell information for trading on the market, or make any revenue other than protecting their customers. That would be a steep bill. aaaa.. what am I saying, good men like that shouldn’t set themselves up to be assasinated. IT Templers= Friday the 13th.
Or Charge of the Light Brigade?

Russian Porn= $
US Porn= $
IT Security= -$ and complexity for governments to monitor.

Let me tell you how the dialog would go if you tagged and bagged them.

You- I caught this guy trying to go through our R&D

FBI- How much money was stolen?

You- None, I stopped them

FBI- I am afraid there is nothing I can do. By the way, how did you do it? …you have the right to remain silent… Do you know that code if copywrite protected by internation law…

I am sure the script by now has been changed to phish more before they put on the cuffs, but you get the drift. If your real lucky the perp you caught is to embarassing to prosecute… you! It isn’t always about right and wrong. Sometimes you have to consider the fall-out. Canada has one regulator for IT Governance. Easy to petition for change. In the U.S. Identity theift is still a minor offence with anbiguity as far as State law enforcement. I wonder how they handle this in China?

U.S.= Charge of the Light Brigade.

Papp

310 pts.

POSTED: Dec 11, 2007 4:37 AM (GMT)

Mimic, tagg, and block.

Typically I would follow this with a quote from Liar, Liar, when he was picking up his car from the pound, but I do not want to offend.

I share your frustration. Today’s IT security is riddled with retreating moves of complexity until there is no room to move. To top it off, they expect you to shop at McDonalds when your hungry for tenderloin and baked potato.

Papp

310 pts.

POSTED: May 25, 2008 1:59 AM (GMT)

There are things you can do and there are things you can talk about and they are not a common set.
I run two honeypots but they do not trap but they track.
We are in the midst of determining what our true legal actions are. With the recent mini-’cyber war’ in the balkins, with the attacks last year on estonia by russian hackers and with our current analysis placing the cyber war technology of today on the same par as airplanes were in early world war 1 I think that the answer to these questions will become fluid in the months and years to come.

If you are intending to put up a pot of anykind it has to be on your own hardware. And you have to just collect data and stop access to your data but not retaliate against the attacker except to get the info required to later put a criminal or civil case forward or to help law enforcement or governmental oranizations in the future.
Please leave the cyber war to the professionals.

Ysrd

430 pts.

POSTED: Oct 23, 2008 5:58 PM (GMT)

This tip from SearchEnterpriseDesktop.com has some info on tools that can help with malware detection and removal.

EnterpriseDesktopATE

85 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags