Security: “The four eyed monster”
Joel Sible
Security TM
Juniper Networks
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
1
Agenda
 Security landscape and its evolution
 Challenges for the user and Universities
• Methods of University firewalling
 Types of firewalls and their evolution
 Layer 7 attacks and the response for mitigation
 SSL VPNs: ubiquitous and secure access
 Juniper Security Solutions
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
2
Beneath The Surface…
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
3
All segments have real concern
• Service Providers
• Reliability, Bandwidth Piracy, Customer Data
• Security As a Differentiator
• Utilities
• Regulatory, Audit, SCADA Systems
• Financial Services
• GLB, Sarbanes-Oxley, Audit, SEC…
• Healthcare Related
• Privacy, Intellectual Property, Service continuity
• Federal, State & Local Government
• DHS Regs, HIPPA, Privacy, Hacktivism, Service continuity
• Universities
• Peer-to-Peer, RIAA
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
4
Vulnerabilities
Vulnerabilities Reported
Vulnerabilities Over Time
4500
4000
3500
3000
2500
2000
1500
1000
500
0
1995
CERT/CC - www.cert.org
Copyright © 2004 Juniper Networks, Inc.
1996
1997
1998
1999
2000
2001
2002
2003
Year
Proprietary and Confidential
www.juniper.net
5
Vulnerabilities this week alone!

2004-07-27: RiSearch/RiSearch Pro Open
Proxy Vulnerability 2004-07-27: phpMyFAQ
Image Manager Authentication Bypass
Vulnerability 2004-07-27: Opera Web Browser
Location Replace URI Obfuscation
Weakness 2004-07-26: Sun Solaris 'ypbind'
Unspecified Buffer Overflow
Vulnerability 2004-07-26: Zero G
InstallAnywhere Insecure Temporary File
Creation Vulnerability 2004-0726: OpenDocMan Access Control Bypass
Vulnerability 2004-07-26: Apple Mac OSX
Internet Connect Insecure Temporary File
Handling Symbolic Link Vulnerability 2004-0726: Subversion 'mod_authz_svn' Access
Control Bypass Vulnerabilities 2004-0726: Dropbear SSH Server Digital Signature
Standard Unspecified Authentication
Vulnerability 2004-07-26: Invision Power
Board Index.php Query String Cross-Site
Scripting Vulnerability 2004-07-26: MoinMoin
Unspecified Privilege Escalation
Vulnerability 2004-07-26: MoinMoin
PageEditor Unspecified Privilege Escalation
Vulnerability 2004-07-26: PostNuke Reviews
Module Cross-Site
Copyright © 2004 Juniper Networks, Inc.

2004-07-26: PHP Strip_Tags() Function
Bypass Vulnerability 2004-07-26: PHP
memory_limit Remote Code Execution
Vulnerability 2004-07-26: XLineSoft
ASPRunner Multiple Vulnerabilities 2004-0726: Nucleus CMS Action.PHP SQL Injection
Vulnerability 2004-07-26: EasyWeb
FileManager Module Directory Traversal
Vulnerability 2004-07-24: EasyIns Stadtportal
Site Parameter Remote File Include
Vulnerability 2004-07-24: eSeSIX Thintune
Thin Client Devices Multiple
Vulnerabilities 2004-07-24: Microsoft
Systems Management Server Remote Denial
Of Service Vulnerability 2004-0724: PostNuke Install Script Administrator
Password Disclosure Vulnerability 2004-0723: HP-UX SMTKFONT Remote Unauthorized
Access Vulnerability 2004-07-23: HP-UX XFS
Remote Unauthorized Access
Vulnerability 2004-07-23: Ethereal Multiple
Unspecified iSNS, SMB and SNMP Protocol
Dissector Vulnerabilities 2004-07-23: Apache
mod_userdir Module Information Disclosure
Vulnerability 2004-07-23: Computer
Associates Common Services Multiple Denial
Of Service Vulnerabilities 2004-0723: Nessus Insecure Temporary File Creation
Vulnerabiliry
Proprietary and Confidential
www.juniper.net
6
The Vulnerability & Threat Lifecycle
Before new vulnerability is known
New vulnerability discovered
Exploit developed
advisory
released to public
Worm released
Getting shorter
Getting shorter
time
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
7
Incidents (Realized Threats)
Incidents Over Time
160000
Incidents Reported
140000
120000
100000
80000
60000
40000
20000
0
1995 1996 1997 1998 1999 2000 2001 2002 2003
Year
CERT/CC - www.cert.org
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
8
Blended Threats / Worms




Slapper
Slammer
Code Red
Nimda
Copyright © 2004 Juniper Networks, Inc.




Blaster
Nachi / Welchia
Witty
Sasser
Proprietary and Confidential
www.juniper.net
9
Shareware tools
 Password crackers
 Keystroke loggers
 GUI driven exploit engines
 Publicly available exploit / vulnerability research
 Worm customization tools
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
10
Hacker fun….
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
11
Here’s what he saw on his screen…
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
12
More hacker fun….
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
13
Extortion
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
14
Manipulation of Stock Market
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
15
Today’s Security Challenges for Universities





Growing need to provide secure, scalable access to internal/external users
Increasing network vulnerabilities
No trusted network
Increasing application attacks
Need to securely run your business
Computer Labs
Students
Campus
ADMIN
Internet
Univ
Finance
Department
Servers
Schools
DMZ
Public
Data Center
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
16
Different Products, Different Levels of
Security
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Application Traffic
00000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000 000000000000000000000000000 000000000000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00
00000000000000000000000000000000
00000000000000000000000000000000
0
00000000000000000000000000000000
000000000000000000000000000000000
Stateful Inspection
Firewall
Purpose
Attacks Protected
Limitations
Copyright © 2004 Juniper Networks, Inc.
Deny Some Attacks
Deny Traffic
IDS
Proxy Firewall
Protect network layer &
access control
Terminates all sessions
Compliance monitoring
DoS, Port scans, IP
Spoofing
Specific protocols
None
Application-level attacks get
in
Low performance, limited
protocols, HA
No attack protection, passive
Proprietary and Confidential
www.juniper.net
17
Need for Pervasive Network &
Application Attack Protection
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Application Traffic
00000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000 000000000000000000000000000 000000000000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00
00000000000000000000000000000000
00000000000000000000000000000000
0
00000000000000000000000000000000
000000000000000000000000000000000
Detects
Attacks
Drops
Attacks
Deny Some Attacks
Deny Traffic
Pervasive Security Requirements
Intrusion Prevention
•
Firewall becomes application aware
 network and application-level
attack protection
•
Complement firewall
 2nd layer of defense to prevent
attacks
•
Operate as network device
 good performance, more
protocols, more attack coverage
•
Increase accuracy
 detect more attacks, reduce false
alarms
•
Enable analysis functions
 comprehensive logging
•
Simplify management
 rule-based, centralized control
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
18
Deep Inspection™ Firewall Delivers
Network and Application level protection …
Deep
Inspection
Protocol conformance
Application Attack
00000000000000000000000000000000
Application Traffic
Reassemble, normalize, eliminate ambiguity
Stateful
Inspection
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
Track sessions
Packets
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Application Traffic
00000000000000000000000000000 000000000000000000000000000 000000000000000000000000000000000000000
000000000000000000000000000000
00
000000000000000000000000000000
000
000000000000000000000000000
Copyright © 2004 Juniper Networks, Inc.
Deny Some Attacks
Deny Traffic
Proprietary and Confidential
www.juniper.net
19
Antivirus
 Detect attacks at the file level based on patterns
 AV deployed at desktop and mail servers
 Gateway deployment growing as additional layer
Remote Site
Central and Branch Offices
Third Layer
Gateway
Antivirus
Copyright © 2004 Juniper Networks, Inc.
Second Layer First Layer
File / Mail
Server
Antivirus
Desktop
Antivirus
Proprietary and Confidential
www.juniper.net
20
Enterprise Run VPN Solutions
Fixed-site
Site-to-site telecommuter
VPN
IPSec VPN
Intranet
Access
Whole
Enterprise Control
Traditional Remote
Remote
access
access
Extranet
access
SSL VPN
Secure Meeting
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
21
Juniper’s Layered Security
Solutions
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
22
Security Product Line
Integrated Firewall/IPSEC VPN Solutions
Appliances with various security options, interface,
power supply and performance configurations for
large/med enterprise and Service Providers
Secure Access SSL VPN Solutions
3 product lines for secure LAN, extranet and intranet
access to mobile employees, customers and partners
with no client software deployment or changes to LAN
infrastructure
Intrusion Detection and Prevention Solutions
4 products that help Intrusion prevention appliance
protects network, critical resources from attacks
through detection and prevention
Secure Meeting
Enables secure cross-enterprise online meetings and
application sharing
Central Policy-based Management Solution
3-tier system provide role-based administration and
central control and logging of all NS FW/VPN
solutions
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
23
Education & Research Customers
 Stanford University  Amherst
 Cornell University
 Brown University
 California State
 DePaul University
 University of
Buffalo
 Cambridge University
 Massachusetts Maritime
Academy
 Gallaudet
University
 Oxford University
 Cardiff University
 University of Miami  Osaka University
 Indiana University  Columbia University
 Johns Hopkins
University
 UCSF
Copyright © 2004 Juniper Networks, Inc.
 Tokyo University
 Japan Advanced Institute of
Science and Technology
 Michigan State University
 Oklahoma State University
 Oregon State
 UC Berkeley
 University of
Pittsburgh
 Tufts University
 Creighton University
Proprietary and Confidential
www.juniper.net
24
It’s All
About Risk
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
25
Managing Risk
Vulnerability
Threat
X
Risk =
Copyright © 2004 Juniper Networks, Inc.
Asset Value
X
$
________
Countermeasures
Proprietary and Confidential
www.juniper.net
26
Points to remember
 There is no “silver bullet”
 Exploitation is no longer the domain of the
specialist hacker
 People & their behavior is the weakest link
 Security policy outweighs point product
 Security is a revenue generation issue
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
27
Thank you
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
28