Unknown Threats

pts.
Tags:
Application security
backdoors
configuration
Current threats
Database
Encryption
Firewalls
Forensics
Hacking
human factors
Incident response
Instant Messaging
Intrusion management
Microsoft Exchange
Network security
Networking
patching
PEN testing
Platform Security
Secure Coding
Security
Software
Spyware
Trojans
Viruses
VPN
vulnerability management
Wireless
worms
Apart from honeypots, what are the different methods to find unknown threats which are prevalent? How do I find methods to mitigate them. PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesn't happen..Hackers are at least 10 steps ahead. So how do I find methods to find such unknown threats?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Aside from honey pots, there are also honey nets (google on honey nets or on the name Lance Spitzner who is very much involved. He’s got some good books out on the subject.

Microsoft (and maybe other groups as well) has what is called a “Honey Monkey” project. Similar in objective to a honey pot, it is pro-active where there are a number of computers running different versions (updates and such) of supported operating systems and browsers (Win 2000, Win XP, Vista, etc.) and possibly other applications. These systems go out and search many web sites, looking to get compromised. If you start with XP, service pack 2 for example, and the system gets compromised, then the URL that did the damage is referred to a more recently patched version of the O/S or browser. If it still gets compromised when they’re up to the latest version of everything, then they’ve found a Zero-Day exploit – and they can start work on a patch before the bad guys are aware that they know about it. The reason for this is that with the increase in organized crime (and others) trying to compromise PCs, many of the folks who discover a vulnerability do NOT want to share or publicize it – they want to keep it for themselves for their own use.

As for vulnerabilities for which patches are known and available – why aren’t they patched immediately?

The answer is not as simple as it might seem – but here are some major factors.

Lazy and/or ignorant system administrators
Overworked system administrators
Management which does not make this a priority
Personal Computer owners who are lazy or ignorant
Personal Computer owners who are fearful of applying ANY change
Anyone who is not aware that applications as well as operating systems need patching due to vulnerabilities

For most people and most systems, the Microsoft automatic Windows Update is adequate. There is also Office Update. The official “new” standard is “Microsoft Update” but this has been plagued with several problems – not going into those.

To do a little “myth busting” here, the hackers are mostly NOT 10 steps ahead. There are some very skilled individuals out there, but most of the hackers are taking advantage of vulnerabilities for which patches have long been available. I recommend that you read some of Ira Winkler’s books on the subject. He has some strong opinions (with which I agree), but he presents his material well and is a known authority on the subject.

Does this answer your question?

Bob

===============

Unknown threats are in any computer system or network are indeed unseen and unknown to our knowledge because those are program codes running within the computer or operating system. The best way to know unknown threats are to scan your computer system in a full system scan mode to make sure that all areas are scanned carefully. Make sure that you will use the latest and updated antivirus software before doing it.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Papp
    Back in the day... oh sheeze here I go, we used tarpits and "Hall of Mirrors". Depending on the nature of attacks, or suspicions, and the exposed neighborhood. Tarpits can be damaging. As the name suggests unsuspecting users can get caught in them as well. Start with benign, and work your way up to sticky. Be careful, I have been told what I was doing was illegal. So if you take tarpits off the list, Hall of Mirrors can be fun with less damage. Mimic an entire operation center and double verify users to pass through to the real servers. Depending on your industry you could go as far as logic bomb-die packs... I love those. They leach beacons so even if they drop, their trail is still visible. All depends on if you want to be feeding your community through a stir stick or start tagging them. To be "civilized" you should listen to the gentleman above. Costly? yes. Fruitless? no. It just rubs the wrong way when your victimized, report it, and pay for the patch-fix depending on the product, in some cases the fix is 3 months out, or worse, nothing, due to intrinsic code designed to prevent piracy, or backed by lawsuits to exploit, under the guis of free speech (or worse, creativity). Honey only attacks them. Unless your in the security business for sales... why? Participating in a community effort is always a good idea, as long as you recognize that community is most likely a public company legally bound to show profit, and more profit. Finding long term security companies is like finding the street gang that sided with one "Boss" or another to survive. In most cases they are the best money can buy, just be aware of their duality even if they are not. I would like to see a security company that does not trade on the market! None of the owners or board members trade on the market, or sell information for trading on the market, or make any revenue other than protecting their customers. That would be a steep bill. aaaa.. what am I saying, good men like that shouldn't set themselves up to be assassinated. IT Templers= Friday the 13th. Or Charge of the Light Brigade? Let me tell you how the dialog would go if you tagged and bagged them.
      You- I caught this guy trying to go through our R&D
      FBI- How much money was stolen?
      You- None, I stopped them
      FBI- I am afraid there is nothing I can do. By the way, how did you do it? ...you have the right to remain silent... Do you know that code if copy write protected by international law...
    I am sure the script by now has been changed to phish more before they put on the cuffs, but you get the drift. If your real lucky the perp you caught is to embarrassing to prosecute... you! It isn't always about right and wrong. Sometimes you have to consider the fall-out. Canada has one regulator for IT Governance. Easy to petition for change. In the U.S. Identity theft is still a minor offense with ambiguity as far as State law enforcement. I wonder how they handle this in China? U.S.= Charge of the Light Brigade.
    310 pointsBadges:
    report
  • Papp
    Mimic, tagg, and block. Typically I would follow this with a quote from Liar, Liar, when he was picking up his car from the pound, but I do not want to offend. I share your frustration. Today's IT security is riddled with retreating moves of complexity until there is no room to move. To top it off, they expect you to shop at McDonalds when your hungry for tenderloin and baked potato.
    310 pointsBadges:
    report
  • Ysrd
    There are things you can do and there are things you can talk about and they are not a common set. I run two honeypots but they do not trap but they track. We are in the midst of determining what our true legal actions are. With the recent mini-'cyber war' in the balkins, with the attacks last year on estonia by russian hackers and with our current analysis placing the cyber war technology of today on the same par as airplanes were in early world war 1 I think that the answer to these questions will become fluid in the months and years to come. If you are intending to put up a pot of anykind it has to be on your own hardware. And you have to just collect data and stop access to your data but not retaliate against the attacker except to get the info required to later put a criminal or civil case forward or to help law enforcement or governmental oranizations in the future. Please leave the cyber war to the professionals.
    430 pointsBadges:
    report
  • EnterpriseDesktopATE
    This tip from SearchEnterpriseDesktop.com has some info on tools that can help with malware detection and removal.
    2,525 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following