the laws of vulnerabilities the laws of vulnerabilities
play

The Laws of Vulnerabilities The Laws of Vulnerabilities Terry Ramos - PowerPoint PPT Presentation

Jan 05, 2023 •337 likes •752 views

The Laws of Vulnerabilities The Laws of Vulnerabilities Terry Ramos Terry Ramos Qualys Qualys 02/15/06 - HT1-202 02/15/06 - HT1-202 Are We Getting Better or Worse ? What is a vulnerability? How significant is this vulnerability? How

  1. The Laws of Vulnerabilities The Laws of Vulnerabilities Terry Ramos Terry Ramos Qualys Qualys 02/15/06 - HT1-202 02/15/06 - HT1-202

  2. Are We Getting Better or Worse ? What is a vulnerability? How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? How quickly should I patch this vulnerability?

  3. Security Trend Indicators • Malicious Code ( ↑ ) • Vulnerabilities ( ↑ ) • Spam and Spyware ( ↑ ) • Phishing and Identity Theft ( ↑ ) ….and • Time to Exploitation ( ↓ )

  4. First Generation Threats • Spreading mostly via email, file-sharing • Human Action Required • Virus-type spreading / No vulnerabilities • Examples: Melissa Macro Virus, LoveLetter VBScript Worm • Replicates to other recipients • Discovery/Removal: Antivirus

  5. Second Generation Threats • Active worms • Leveraging known vulnerabilities • Low level of sophistication in spreading strategy (i.e. randomly) • Non Destructive Payloads • Remedy: Identify and Fix Vulnerabilities

  6. Third Generation Threats • Automated Attacks Leveraging Known and Unknown Vulnerabilities • Collaboration of Social Engineering and Automated Attacks • Multiple Attack Vectors — Email, Web, IM, Vulnerabilities,… • Active Payloads • Remedy: Security Enforcement / NAC / NAM

  7. The Laws of Vulnerabilities: Studying Vulnerabilities and Patching • Objective: Understanding prevalence of critical vulnerabilities over time in real world • Timeframe: 2002 - Ongoing • Data Source: — 70% Global Enterprise networks — 30 % Random trials • Methodology: Automatic Data collection with statistical data only – no possible correlation to individual user or systems • Scanning: Agentless/Remote

  8. Analyzing 32,000,000 Vulnerability Scans Millions 8 Zotob 7 Worm Internal/Intranet Scans 6 External/Perimeter Scans 5 4 Sasser 3 Worm 2 Witty Worm Blaster Slammer 1 Worm Worm 0 Q402 Q103 Q203 Q303 Q403 Q104 Q204 Q304 Q404 Q105 Q205 Q305

  9. Raw Results • Largest collection of global real-world vulnerability data: — 32,147,000 IP-Scans from Q3/2002 to Q3/2005 — 21,347,000 critical vulnerabilities identified • Scope of Vulnerabilities included — 1,060 out of 1,556 unique critical* vulnerabilities * Providing an attacker the ability to gain full control of the system, and/or leakage of highly sensitive information. For example, vulnerabilities may enable full read and/or write access to files, remote execution of commands, and the presence of backdoors.

  10. The Changing Vulnerability Landscape • From server to client applications • Before: Vulnerabilities in server applications: — Webserver, Mailserver, Operating System services, • Now: More than 60% of new critical vulnerabilities in client applications: — Web Browser, Backup Software, Media Player, Antivirus Software, Flash, …

  11. Microsoft WebDAV Vulnerability 120% 100% Microsoft Windows 2000 Microsoft Windows 2000 WebDAV Buffer Overflow IIS WebDAV Buffer IIS WebDAV Buffer Overflow Vulnerability 80% Overflow Vulnerability CAN-2003-0109 CAN-2003-0109 60% Qualys ID 86479 Qualys ID 86479 Released: March 2003 40% Released: March 2003 20% 0% 10/5/2002 12/5/2002 2/5/2003 4/5/2003 6/5/2003 8/5/2003 10/5/2003 12/5/2003 2/5/2004 4/5/2004 6/5/2004 8/5/2004 10/5/2004 12/5/2004 2/5/2005 4/5/2005 6/5/2005 8/5/2005

  12. Buffer Overflow in Microsoft Local Security Authority Subsystem Service (LSASS) 120% Buffer overflow in Microsoft 100% Buffer overflow in Microsoft Microsoft LSASS Local Security Authority Local Security Authority Subsystem Service Subsystem Service (LSASS) 80% (LSASS) CAN-2003-0533 60% CAN-2003-0533 Qualys ID 90108 Qualys ID 90108 40% Released: April 2004 Released: April 2004 20% 0% 10/5/2002 12/5/2002 2/5/2003 4/5/2003 6/5/2003 8/5/2003 10/5/2003 12/5/2003 2/5/2004 4/5/2004 6/5/2004 8/5/2004 10/5/2004 12/5/2004 2/5/2005 4/5/2005 6/5/2005 8/5/2005

  13. Vulnerability Half-Life 100% For a critical vulnerability For a critical vulnerability every 19 days the number every 19 days the number 75% of vulnerable systems of vulnerable systems is reduced by 50% on external systems is reduced by 50% on external systems 50% 25% 19 days 38 days 57 days 76 days 95 days 114 days

  14. Microsoft Exchange Server Buffer Overflow Vulnerability 120.00% 100.00% Exchange Server Buffer Overflow Microsoft Exchange Server Microsoft Exchange Server Buffer Overflow Vulnerability 80.00% Buffer Overflow Vulnerability 60.00% CAN-2003-0714 CAN-2003-0714 Qualys ID 74143 Qualys ID 74143 40.00% Released: October 2003 Released: October 2003 20.00% 0.00% 10/5/2002 1/5/2003 4/5/2003 7/5/2003 10/5/2003 1/5/2004 4/5/2004 7/5/2004 10/5/2004 1/5/2005 4/5/2005 7/5/2005

  15. Adobe Acrobat Reader Format String Vulnerability 120% 100% Adobe Acrobat Reader Adobe Acrobat Reader Format String Vulnerability Format String Vulnerability 80% Adobe Acrobat Format String Vulnerability CAN-2004-1153 60% CAN-2004-1153 Qualys ID 38385 Qualys ID 38385 40% Released: December 2004 Released: December 2004 20% 0% 10/5/2002 12/5/2002 2/5/2003 4/5/2003 6/5/2003 8/5/2003 10/5/2003 12/5/2003 2/5/2004 4/5/2004 6/5/2004 8/5/2004 10/5/2004 12/5/2004 2/5/2005 4/5/2005 6/5/2005 8/5/2005

  16. Microsoft Server Message Block Remote Execution (MS05-011) 120% Remote Code Execution 100% Remote Code Execution Vulnerability in Microsoft Vulnerability in Microsoft SMB Remote Execution Vulnerability Server Message Block Server Message Block (SMB) 80% (SMB) 60% CAN-2005-0045 CAN-2005-0045 Qualys ID 90230 Qualys ID 90230 40% Released: February 2005 Released: February 2005 20% 0% 10/5/2002 12/5/2002 2/5/2003 4/5/2003 6/5/2003 8/5/2003 10/5/2003 12/5/2003 2/5/2004 4/5/2004 6/5/2004 8/5/2004 10/5/2004 12/5/2004 2/5/2005 4/5/2005 6/5/2005 8/5/2005

  17. External vs. Internal Half-life For a critical vulnerability every For a critical vulnerability every 19 days (48 days on internal networks) 100% 19 days (48 days on internal networks) 50 % of vulnerable systems 50 % of vulnerable systems are being fixed are being fixed 75% 50% 25% 19 days 38 days 57 days 76 days 95 days 114 days 133 days 152 days 171 days

  18. The Changing Half-life 2003 2004 2005 2006 30 21 19 External ? days days days Half-life 62 48 Internal - ? days days Half-life

  19. Predefined vs. Irregular Vulnerability Releases Vulnerabilities released Vulnerabilities released on a predefined known on a predefined known 120% schedule show 18% 100% schedule show 18% Predefined Release faster patch response 80% faster patch response 60% 120% 100% 40% 20% 80% 60% 0% Irregular Release 7/30/2005 8/6/2005 8/13/2005 8/20/2005 8/27/2005 9/3/2005 9/10/2005 9/17/2005 9/24/2005 10/1/2005 40% 20% 0% 7/30/2005 8/6/2005 8/13/2005 8/20/2005 8/27/2005 9/3/2005 9/10/2005 9/17/2005 9/24/2005 10/1/2005

  20. SSL Server Allows Cleartext Communication 3500 3000 SSL Server allows Cleartext SSL Server Allows SSL Server Allows 2500 Cleartext Communication Cleartext Communication 2000 Qualys ID 38143 Qualys ID 38143 1500 1000 500 0 3/1/2003 5/1/2003 7/1/2003 9/1/2003 11/1/2003 1/1/2004 3/1/2004 5/1/2004 7/1/2004 9/1/2004 11/1/2004 1/1/2005 3/1/2005 5/1/2005 7/1/2005 9/1/2005

  21. SQL Slammer Vulnerability 120% 100% SQL Slammer Vulnerability MS-SQL 8.0 UDP MS-SQL 8.0 UDP 80% Slammer Worm Buffer Slammer Worm Buffer Overflow Vulnerability Overflow Vulnerability 60% CAN-2002-0649 CAN-2002-0649 Qualys ID 19070 Qualys ID 19070 40% Released: July 2002 Released: July 2002 20% 0% 2/8/2003 4/8/2003 6/8/2003 8/8/2003 10/8/2003 12/8/2003 2/8/2004 4/8/2004 6/8/2004 8/8/2004 10/8/2004 12/8/2004 2/8/2005 4/8/2005 6/8/2005 8/8/2005

  22. Lingering Vulnerabilities: SNMP Writable 100% 120% 20% 40% 60% 80% 0% 10/5/2002 1/5/2003 4/5/2003 7/5/2003 10/5/2003 1/5/2004 4/5/2004 7/5/2004 10/5/2004 SNMP Writeable 1/5/2005 4/5/2005 7/5/2005

  23. Vulnerability Lifespan 100% 4% of critical vulnerabilities 4% of critical vulnerabilities remain persistent and remain persistent and 75% their lifespan is unlimited their lifespan is unlimited 50% 25% 19 days 38 days 57 days 76 days 95 days 114 days

  24. Window of Exposure 100% 80% of exploits are 80% of exploits are available within the first half-life available within the first half-life 75% period of critical vulnerabilities period of critical vulnerabilities 50% 25% 19 days 38 days 57 days 76 days 95 days 114 days

  25. A Continuous Cycle of Infection 180 160 Codered Slapper 140 Blaster 120 Nachi Automated attacks create 85% Automated attacks create 85% Sasser 100 Zotob of their damage within the of their damage within the 80 first fifteen days from outbreak first fifteen days from outbreak 60 and have unlimited life time and have unlimited life time 40 20 0 3/1/2003 5/1/2003 7/1/2003 9/1/2003 11/1/2003 1/1/2004 3/1/2004 5/1/2004 7/1/2004 9/1/2004 11/1/2004 1/1/2005 3/1/2005 5/1/2005 7/1/2005 9/1/2005

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Extractive Laws in Africa: What is the state of these laws? Why are our laws a problem? Why and on

Extractive Laws in Africa: What is the state of these laws? Why are our laws a problem? Why and on

Extractive Laws in Africa: What is the state of these laws? Why are our laws a problem? Why and on what should we call for reforms? Yao Graham s speaking notes at 2018 Alternative Mining Indaba 1. Greetings to all. Gratitude to organisers for

605 views • 6 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction Session Goals Presenter and Trustwave SpiderLabs background Analysis Overview Data Source Most frequently found SEVERE vulnerabilities

907 views • 62 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus <Stephan.Neuhaus@disi.unitn.it> Thomas Zimmermann <tzimmer@microsoft.com> Vulnerabilities are important because fixing them costs a lot of money (2005

1.9k views • 73 slides
Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid A new class

787 views • 54 slides
Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Last time We finished up By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow defenses (and workarounds) Format string vulnerabilities Integer overflow vulnerabilities This time

1.29k views • 80 slides
Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Vulnerabilities in C-based languages

633 views • 59 slides
By-Laws Click here for Index Click here to Exist Manual on How to draft Index of

By-Laws Click here for Index Click here to Exist Manual on How to draft Index of

By-Laws Click here for Index Click here to Exist Manual on How to draft Index of available By- By-Laws Laws Click here to return to previous page Manual on By-Laws Bylaws Toolbox Subject matter By-Laws User Guide

336 views • 5 slides
What Does OCR Do? OCR enforces several civil rights laws. These laws prohibit discrimination on

What Does OCR Do? OCR enforces several civil rights laws. These laws prohibit discrimination on

The U.S. Department of Education Office for Civil Rights (OCR) Students with disabilities attending a postsecondary Institution Ohio AHEAD conference October 23, 2015 1 What Does OCR Do? OCR enforces several civil rights laws. These laws

412 views • 12 slides
Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer

Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer

Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer (Geoffrey Arnold and Brian Zorman) Sixth Annual Jini Community Meeting Boston June 17-20, 2002 Presentation Outline Introduction

357 views • 18 slides
Determination of Electricity Demand Forecast by combining Medium Term Time Trend and Long Term

Determination of Electricity Demand Forecast by combining Medium Term Time Trend and Long Term

CEYLON ELECTRICITY BOARD Determination of Electricity Demand Forecast by combining Medium Term Time Trend and Long Term Econometric Modelling Eng. Buddhika Samarasekara Chief Engineer (Generation Planning) Transmission Division Ceylon

464 views • 35 slides
Division of Habitat ADF&G / Habitat Legal Authority Title 16 THE FISHWAY ACT - AS

Division of Habitat ADF&G / Habitat Legal Authority Title 16 THE FISHWAY ACT - AS

Mat-Su Salmon Symposium 2016 Ron Benkert Division of Habitat ADF&G / Habitat Legal Authority Title 16 THE FISHWAY ACT - AS 16.05.841 ANADROMOUS FISH ACT - AS 16.05.871 and 5 AAC 95.011 SPECIAL AREAS - 5 AAC 95.700 2 ADF&G

228 views • 10 slides
Detailed Presentation TH JUNIOR SRL 18-20 Soseaua Nationala - Iasi 700415 - Romania Email:

Detailed Presentation TH JUNIOR SRL 18-20 Soseaua Nationala - Iasi 700415 - Romania Email:

Detailed Presentation TH JUNIOR SRL 18-20 Soseaua Nationala - Iasi 700415 - Romania Email: mentor@winmentor.ro TEL: + (40) 232 217 260 SUMMARY 1. COMPANY PRESENTATION 3 2. REFERENCES 5 WinMENTOR ENTERPRISE PRESENTATION 3. 7 8 3.1.

259 views • 23 slides
A QoS-driven Resource Allocation Framework based on the Risk Incursion Function and its

A QoS-driven Resource Allocation Framework based on the Risk Incursion Function and its

A QoS-driven Resource Allocation Framework based on the Risk Incursion Function and its Incorporation into a Middleware Structure & Mechanisms Supporting Distributed Fault Tolerant Real-time Computing Applications For presentation at the

1.35k views • 113 slides
Security and Defence Sub-committee of the European Parliament 16 th March 2016 Simon Church

Security and Defence Sub-committee of the European Parliament 16 th March 2016 Simon Church

EU NAVFOR SOMALIA OP ATALANTA Security and Defence Sub-committee of the European Parliament 16 th March 2016 Simon Church Industry Liaison Officer EU NAVFOR COUNTERING PIRACY OFF THE COAST OF SOMALIA SCOPE EU NAVFOR Operation ATALANTA

345 views • 13 slides
THE EMPLOYMENT SERVICE CONTINUUM THE EMPLOYMENT SERVICE CONTINUUM Supported Employment model:

THE EMPLOYMENT SERVICE CONTINUUM THE EMPLOYMENT SERVICE CONTINUUM Supported Employment model:

Multiple barriers & employment Support Multiple barriers & employment Support Facilitator: Sean McEwen THE EMPLOYMENT SERVICE CONTINUUM THE EMPLOYMENT SERVICE CONTINUUM Supported Employment model: Supported Employment model: Supported

253 views • 22 slides
RoSoftware - SoftEx Company Juridical status & General presentation How it began and

RoSoftware - SoftEx Company Juridical status & General presentation How it began and

RoSoftware - SoftEx Company Juridical status & General presentation How it began and where are we now Major projects Databases used & expertise Samples and details about several large projects Spicy/Exotic

603 views • 18 slides

More recommend