SlideShare a Scribd company logo

Maurizio_Taffone_Emerging_Security_Threats

Maurizio Taffone
Maurizio Taffone
Technology
1 of 24
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 1 Emerging Security T h rea ts Maurizio Taffone m t affone@ c is c o. c om P rod uc t Manag er S ec urit y E urop ean Mark et s
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 2 Agenda Trends in Motivation E x ist ing t h rea t s a nd L e s s ons f r om th e P as t N e w Th rea t s C o p ing w it h Th rea t s: C onc l u s ions a nd R ec o m m enda t io ns
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 3 T rend s in mo tiv a tio ns The threat ec o n o m y
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 4 S o m e s t at i s t i c s
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 5 T h r eat E c o no m y : I n t h e P as t E nd V al ue Espionage ( C or por at e/ G ov er nm ent ) F am e T h ef t W rit ers A s s et V ir u s T ool and T ool k it W r it er s W or m T r oj ans M al w ar e W r it er s C om pr om ise I nd iv id u al H ost or A ppl ic at ion C om pr om ise Env ir onm ent
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 6 T h r eat E c o no m y : T o day Writers M id d l e M en S ec o n d S ta g e A b u sers Bot-N e t M a n a g e m e n t: F or R e n t, f or L e a s e , f or S a l e Bot-N e t C r e a ti on P e r s on a l I n f or m a ti on E l e c tr on i c I P L e a k a g e W or m s S p y w a r e T ool a n d T ool k i t W r i te r s V i r u s e s T r oj a n s M a l w a r e W r i te r s F irst S ta g e A b u sers M a c h i n e H a r v e s ti n g I n f or m a ti on H a r v e s ti n g H a c k e r / D i r e c t A tta c k I n te r n a l T h e f t: A b u s e of P r i v i l e g e I n f or m a ti on Br ok e r a g e S p a m m e r P h i s h e r E x tor ti on i s t/ D D oS -f or -H i r e P h a r m e r / D N S P oi s on i n g I d e n ti ty T h e f t C om p r om i s e d H os t a n d A p p l i c a ti on E n d V a l u e F i n a n c i a l F r a u d C om m e r c i a l S a l e s F r a u d u l e n t S a l e s C l i c k -T h r ou g h R e v e n u e E s p i on a g e ( C or p or a te / G ov e r n m e n t) F a m e E x tor te d P a y -O f f s T h e f t
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 7 C h angi ng F ac e o f T h r eat s Change in p u r p o s e S h if t f r om f am e to oth e r , h ig h e r -val u e m otivations : p r of it, r e ve ng e , c om p e tition B y f ar th e s tr ong e s t m otivator is now p r of it: th e r e ’s g ood , r e l ative l y e as y m one y to b e m ad e b y c om m itting a c om p u te r c r im e or tw o Change in ex p ec t ed b ehav io r L e s s nois y Mor e s op h is tic ate d Mor e var iants , s m al l e r s c op e of e ac h
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 8 O l d a nd unres o l v ed th rea ts
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 9 O l d ( and U nr es o l v ed) T h r eat s W o rm s a nd V iru ses B o t net s S p a m S p y w a re P h ish ing , P h a rm ing , a nd I dent it y Th ef t A p p l ic a t io n S ec u rit y
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 10 T h r eat s t o Y o u r U s er s : W o r m s and V i r u s es 2 0 0 6 - N o t a b i g y e a r i n w o r m s a n d v i r u s e s …W h y ? O p p o r t u n i t y s h r i n k i n g M o t i v a t i o n c h a n g i n g
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 11 R es u r genc e o f B o t net s B o t net : a c o l l ec t io n o f c o m p ro m ised m a c h ines ru nning p ro g ra m s u nder a c o m m o n c o m m a nd a nd c o nt ro l inf ra st ru c t u re B u il ding t h e B o t net : Viruses, worms; infected spam; drive-b y downl oads; etc. C o nt ro l l ing t h e B o t net : C overt-ch annel of some form U sing a B ot net t o S end S pam 1 . A b otn e t op e r a tor s e n d s ou t v i r u s e s or w or m s , i n f e c ti n g or d i n a r y u s e r s ’ W i n d ow s P C s 2 . T h e P C s l og i n to a n I R C s e r v e r or oth e r c om m u n i c a ti on s m e d i u m 3 . A s p a m m e r p u r c h a s e s a c c e s s to th e b otn e t f r om th e op e r a tor 4 . T h e s p a m m e r s e n d s i n s tr u c ti on s v i a th e I R C s e r v e r to th e i n f e c te d P C s — 5 . . . . c a u s i n g th e m to s e n d ou t s p a m m e s s a g e s to m a i l s e r v e r s S ou r c e : w w w . w i k i p e d i a . or g
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 12 W h at Ab o u t S p y w ar e? S t il l a m aj or t h reat D riv e-b y d o w n l o a d s stil l a m a j o r so u rc e o f in f esta tio n I m a g e-b a sed v u l n era b il ities in p a rtic u l a r en a b l e th is ( WM F a n d j p g v u l n era b il ities a re g o o d ex a m p l es) H o w ev er, c o n f u sin g o r m isl ea d in g E U L A s stil l a p ro b l em A Troj an b y any ot h er nam e— S p y w a re is in c rea sin g l y in d istin g u ish a b l e f ro m c erta in c l a sses o f v iru s N a sty ra c e c o n d itio n : sh eer n u m b er o f v a ria n ts m a k es it v ery d if f ic u l t f o r tec h n o l o g y so l u tio n s to h it 10 0 % a c c u ra c y a t a g iv en m o m en t R is e of int el l ig ent s p y w are D irec ted a d v ertisin g is m o re v a l u a b l e th a n u n d irec ted M o re so p h istic a ted sp y w a re m a tc h es u ser-g a th ered d a ta w ith d irec ted a d v ertisin g B o t-b a sed sp y w a re is a l so m o re v a l u a b l e, a s it c a n b e u p d a ted o v er tim e
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 13 P h i s h i ng, P h ar m i ng, and I dent i t y T h ef t M U N D O -B A N K . C O M H os ts F i l e : m u n d o-b a n k . c om = 1 7 2 . 1 6 8 . 2 5 4 . 2 5 4 1 7 2 . 1 6 8 . 1 . 1 C o m e s e e u s a t w w w . m u n d o -b a n k . c o m < 172. 168. 254. 254> MUNDO-B A NK . C OM   ¡ ¢ £ ¤ ¥¦ ¥ §¨ © ¥ ¤ M U N D O -B A N K . C O M 1 7 2 . 1 6 8 . 1 . 1 ! ! # ! $ ! P H I S H I N G P H A R M I N G MUNDO- B A NK . C OM 1 7 2 . 1 6 8 . 2 5 4 . 2 5 4 % ' £ ¥ ¢ £ ¡ ¥ ¡ ( MUNDO- B A NK . C OM 1 7 2 . 1 6 8 . 2 5 4 . 2 5 4 • I d en tity th ef t c o n tin u es to b e a p ro b l em • P h ish in g sc a m s g ro w in g in so p h istic a tio n ev ery d a y • P ro tec tin g y o u r u sers: im p l em en t so m e tec h n o l o g y , b u t d o n ’t f o rg et u ser ed u c a tio n ! ! • I f y o u ’re a ta rg et: • C o n sid er “p erso n a l iz a tio n ” tec h n o l o g ies ( e. g . u ser-c h o sen im a g es o n a w eb p a g e) • S u p p o rt id en tif ied m a il in itia tiv es, l ik e D K I M
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 14 Example: Hybrid Threats Combination Attacks involving V ir u se s and P h ish ing Example: Hybrid Threats Combination Attacks involving V ir u se s and P h ish ing
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 15 Ap p l i c at i o n S ec u r i t y : P o r t 4 4 3 P r o b l em W e’v e “so lv ed” the po rt 8 0 pro blem P or t 8 0 p r oble m: e ve r y th ing r id e s on p or t 8 0 , as it’s u nive r sally op e n ou tbou nd H ow e ve r , th at give s r ise to: P o rt 4 4 3 pro blem: en c rypted po rt 8 0 pro blem Ho w do I en f o rc e po lic y o v er the en c rypted tu n n el? S e r vice u se e nf or ce me nt: P 2 P f ile sh ar ing; instant me ssaging; ou tbou nd inf or mation cond u its Acce p table u se monitor ing: anony mou s p r ox ie s, r e d ir e cts, e tc. to ge t ar ou nd U R L F ilte r ing M alw ar e scanning: cannot scan obj e cts—e mail, I M , w e b d ow nload s N o te the c o ro llary ( an d less disc u ssed) pro blem o f po rt 2 2 ( S S H)
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 16 N ew th rea ts
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 17 N ew T h r eat s R F I D Th rea t s S erv ic e-O rient ed A rc h it ec t u res V o ic e o v er I P Th rea t s D ev ic e P ro l if era t io n a nd M o b il e D ev ic es O u t so u rc ing D ist rib u t ed W o rk f o rc e C o nnec t ed H o m e
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 18 N ew T hr eat s in A p p l ic at io n S ec u r it y : X M L and S er v ic e O r ient ed A r c hit ec t u r es W h a t is a n S O A ? Interlinked system of serv ic es, c ommu nic a ting w ith a sta nda rd meth odolog y (XM L , S O A P , etc ) – “W eb serv ic es” E na b les “systems of systems”; tying tog eth er disp a ra te b a c kend a p p lic a tion systems into a c oh esiv e w h ole M a j o r S ec u rit y C o nsidera t io ns: D irec tly ex p oses th e a p p lic a tion tier to ex terna l entities for th e first time S ec u rity c onc erns inv olv e b oth access co n t r o l p rob lems (b a sed on strong or w ea k identity c redentia ls) , a s w ell a s n ew at t ack t y p es (“X-ma lw a re”, “X-D oS ”, etc ) E na b les new sec u rity c a p a b ilities for integ rity a nd c onfidentia lity: field-lev el enc ryp tion serv ic es; doc u ment sig ning ; c ontent tra nsforma tion serv ic es, etc . N ot “new ” th is yea r p er se, b u t sta rting to h it c ritic a l ma ss
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 19 N ew T h r eat : V o i c e o v er I P T h r eat s G ar tne r G r ou p S u m s I t u p B e s t: “T h e h y p e s u r r ou nd ing V oI P th r e ats h as , th u s f ar , ou tp ac e d ac tu al attac k s ” T h ou g h ts on W h y : O p p or tu nity : w e l l u nd e r s tood b u s ine s s r is k is p r om oting inte g r ation of s e c u r ity te c h nol og ie s in voic e d e p l oy m e nts O p p or tu nity : l im ite d p ool of te c h nic al e x p e r ts on voic e w ith in attac k e r c om m u nity Motivation: no w e l l -e s tab l is h e d b u s ine s s m od e l d r iving f inanc ial inc e ntive s to attac k
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 20 C o p i ng w i t h T h r eat s C onc l u s ions and R e c om m e nd ations
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 21 I nc i dent R es p o ns e B as i c s I nc id ent R es p ons e L ife C y c l e P r e-I nc id ent P l anning D et ec t ion and A nal y sis C ont ainm ent and C ont r ol R ec ov er y P ost -I nc id ent P ol ic y and P r oc ess A nal y sis 1 2 34 5 M ost imp orta nt step : S t ep 1 S ec ond most imp orta nt step : S t ep 5 M ost c ommonly skip p ed step : S t ep 1 S ec ond most c ommonly skip p ed step : S t ep 5 T h er e’s a m essag e i n h er e so m ew h er e… A d a p te d f r om r e p or ts a t w w w . g a r tn e r . c om a n d w w w . s e c u r i ty f oc u s . c om
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 22 F i l l i ng i n t h e C i s c o S ec u r i t y S o l u t i o n C isc o o f f ers a b ro a d su ite o f h ig h l y in teg ra ted n etw o rk en d p o in t sec u rity so l u tio n s a c ro ss a l l p o in ts in th e n etw o rk F ir ew al l S it e-t o-S it e and R em ot e A c c ess V P N I D S / I P S N et w or k A d m ission C ont r ol S ec u r it y M anagem ent I n t e r n e t E n d p oi n t Cisco Security Agent N etw ork Ad m ission Control N e tw or k P e r i m e te r F irew a l l , I P S SSL V P N , Anti-X Br a n c h O f f i c e F W , I P S, V P N W i r e l e s s S e c u r i ty R ogue AP , I P S I P C S e c u r i ty I nf ra structure, Ca l l M a na gem ent, Ap p l ica tions, E nd p oints D a ta C e n te r I ro n p o rt ex p a n d s th a t en d -to -en d so l u tio n w ith m essa g in g a n d w eb c o n ten t sec u rity serv ic es E M A I L Security Ap p l ia nce W E B Security Ap p l ia nce S e n d e r Ba s e I r o n p o r t M e s s a g i n g S e c u r i ty
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 23 Cis c o A gr eem ent t o A c q u ir e I r o np o r t S y s t em s Mar k e t – C is c o ex p and ing from $ 5 B N et w ork S ec urit y m ark et int o ad j ac ent $ 2 . 0 B Mes s ag ing S ec urit y m ark et Mar k e t P os ition – I ronp ort is Mes s ag ing S ec urit y Mark et L ead er P r od u c ts and T e c h nol og y – I ronp ort Mes s ag ing S ec urit y S ol ut ions b uil t on: • H ig h -p erform anc e A p p l ianc es • I ronp ort Mes s ag ing S ec urit y S erv ic es : S end erB as e ® ( A nt i-S p am , C ont ent F il t ering , et c . ) • P art ner S erv ic es : A nt i-V irus , U R L F il t ering , et c .
© 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 24

Recommended

Ceh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversCeh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversMehrdad Jingoism
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceMehrdad Jingoism
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha Isaacs
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
Ceh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowCeh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowMehrdad Jingoism
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingMehrdad Jingoism
 
Building the Organization of the Future: Leveraging Machine Learning
Building the Organization of the Future: Leveraging Machine LearningBuilding the Organization of the Future: Leveraging Machine Learning
Building the Organization of the Future: Leveraging Machine LearningAmazon Web Services
 
Transcripts and PC
Transcripts and PCTranscripts and PC
Transcripts and PCAkshay Padwal
 

Recommended

Ceh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversCeh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversMehrdad Jingoism
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceMehrdad Jingoism
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha Isaacs
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
Ceh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowCeh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowMehrdad Jingoism
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingMehrdad Jingoism
 
Building the Organization of the Future: Leveraging Machine Learning
Building the Organization of the Future: Leveraging Machine LearningBuilding the Organization of the Future: Leveraging Machine Learning
Building the Organization of the Future: Leveraging Machine LearningAmazon Web Services
 
Transcripts and PC
Transcripts and PCTranscripts and PC
Transcripts and PCAkshay Padwal
 
Metodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteMetodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteWaldo Ruben Santander Quispe
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotAerial Oy
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013Francis Bell
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-sStephen Kelleher
 
ground water contamination
ground water contaminationground water contamination
ground water contaminationAnushkeMadurawala
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
diploma1
diploma1diploma1
diploma1Milos Djurovic
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
Hoja de vida jogc
Hoja de vida jogcHoja de vida jogc
Hoja de vida jogcjogc62
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Formnearnow
 
From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to KnowledgeFabien Richard
 
H3LP DTR V.2.0.
H3LP DTR V.2.0.H3LP DTR V.2.0.
H3LP DTR V.2.0.Kocsis Gabor
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMShailesh kumar
 
Certificates and Credentials new
Certificates and Credentials newCertificates and Credentials new
Certificates and Credentials newsidharthbiswas9185
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUPhil Vincent
 
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media BuyingThe Media Kitchen
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015The Media Kitchen
 
Manejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaManejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaNaturpharma (Medicina Biológica)
 
EMB 145 Recurrent
EMB 145 RecurrentEMB 145 Recurrent
EMB 145 RecurrentCordell Hadeed
 
Baypack invito evento_27_maggio
Baypack invito evento_27_maggioBaypack invito evento_27_maggio
Baypack invito evento_27_maggioBeatrice Belotti
 
Festivals de música
Festivals de músicaFestivals de música
Festivals de músicafoixrm
 

More Related Content

What's hot

Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotAerial Oy
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013Francis Bell
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
Hoja de vida jogc
Hoja de vida jogcHoja de vida jogc
Hoja de vida jogcjogc62
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Formnearnow
 
From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to KnowledgeFabien Richard
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMShailesh kumar
 
Certificates and Credentials new
Certificates and Credentials newCertificates and Credentials new
Certificates and Credentials newsidharthbiswas9185
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUPhil Vincent
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015The Media Kitchen
 

What's hot (20)

Metodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteMetodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporte
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)
 
Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - Lentoestevalot
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-s
 
ground water contamination
ground water contaminationground water contamination
ground water contamination
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA Training
 
diploma1
diploma1diploma1
diploma1
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
 
Hoja de vida jogc
Hoja de vida jogcHoja de vida jogc
Hoja de vida jogc
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Form
 
From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to Knowledge
 
H3LP DTR V.2.0.
H3LP DTR V.2.0.H3LP DTR V.2.0.
H3LP DTR V.2.0.
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEM
 
Certificates and Credentials new
Certificates and Credentials newCertificates and Credentials new
Certificates and Credentials new
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJU
 
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media Buying
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015
 
Manejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaManejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos Guna
 
EMB 145 Recurrent
EMB 145 RecurrentEMB 145 Recurrent
EMB 145 Recurrent
 

Viewers also liked

Baypack invito evento_27_maggio
Baypack invito evento_27_maggioBaypack invito evento_27_maggio
Baypack invito evento_27_maggioBeatrice Belotti
 
Festivals de música
Festivals de músicaFestivals de música
Festivals de músicafoixrm
 
Evaluation task 6
Evaluation task 6Evaluation task 6
Evaluation task 6mm12744
 
CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_ CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_ Rosette Ibanez
 
Daniel Lausas Resume 8-4-15
Daniel Lausas Resume 8-4-15Daniel Lausas Resume 8-4-15
Daniel Lausas Resume 8-4-15Daniel Lausas
 
CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_ CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_ Rosette Ibanez
 
X5 Retail Group: Как стать поставщиком СТМ федеральных сетей
X5 Retail Group: Как стать поставщиком СТМ федеральных сетей X5 Retail Group: Как стать поставщиком СТМ федеральных сетей
X5 Retail Group: Как стать поставщиком СТМ федеральных сетей Егор Красотин
 
02- Hope ZWCAD+ Brochure - 2015
02- Hope ZWCAD+ Brochure - 201502- Hope ZWCAD+ Brochure - 2015
02- Hope ZWCAD+ Brochure - 2015Hope India
 

Viewers also liked (12)

Baypack invito evento_27_maggio
Baypack invito evento_27_maggioBaypack invito evento_27_maggio
Baypack invito evento_27_maggio
 
Festivals de música
Festivals de músicaFestivals de música
Festivals de música
 
Kan transportveiligheid een vlucht maken 20160324
Kan transportveiligheid een vlucht maken 20160324Kan transportveiligheid een vlucht maken 20160324
Kan transportveiligheid een vlucht maken 20160324
 
Evaluación contestada
Evaluación contestadaEvaluación contestada
Evaluación contestada
 
Evaluation task 6
Evaluation task 6Evaluation task 6
Evaluation task 6
 
CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_ CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_
 
Scan0222
Scan0222Scan0222
Scan0222
 
Daniel Lausas Resume 8-4-15
Daniel Lausas Resume 8-4-15Daniel Lausas Resume 8-4-15
Daniel Lausas Resume 8-4-15
 
Eric Smidth
Eric SmidthEric Smidth
Eric Smidth
 
CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_ CV Rosette Ibanez _updated_
CV Rosette Ibanez _updated_
 
X5 Retail Group: Как стать поставщиком СТМ федеральных сетей
X5 Retail Group: Как стать поставщиком СТМ федеральных сетей X5 Retail Group: Как стать поставщиком СТМ федеральных сетей
X5 Retail Group: Как стать поставщиком СТМ федеральных сетей
 
02- Hope ZWCAD+ Brochure - 2015
02- Hope ZWCAD+ Brochure - 201502- Hope ZWCAD+ Brochure - 2015
02- Hope ZWCAD+ Brochure - 2015
 

Similar to Maurizio_Taffone_Emerging_Security_Threats

Document-MundyInternshipDescription
Document-MundyInternshipDescriptionDocument-MundyInternshipDescription
Document-MundyInternshipDescriptionHanna Mundy
 
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarMentor
 
Week 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docxWeek 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docxmelbruce90096
 
Rigger and Signal Person
Rigger and Signal PersonRigger and Signal Person
Rigger and Signal PersonJason Wilson
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itShivamSharma909
 
School Violence and student
School Violence and studentSchool Violence and student
School Violence and studentacastane
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Underwater Diagnosis
Underwater DiagnosisUnderwater Diagnosis
Underwater DiagnosisHugo Marino
 
Dr. Frances Elliot
Dr. Frances ElliotDr. Frances Elliot
Dr. Frances ElliotInvestnet
 
Strategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the CurriculumStrategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the Curriculumchar booth
 
cl liu.pdf
cl liu.pdfcl liu.pdf
cl liu.pdfnehru3
 
Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012Vidhyalakshmi K
 
Overview of chemistry
Overview of chemistryOverview of chemistry
Overview of chemistryJheny Biglete
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxkenjordan97598
 

Similar to Maurizio_Taffone_Emerging_Security_Threats (20)

Endorsements
EndorsementsEndorsements
Endorsements
 
Document-MundyInternshipDescription
Document-MundyInternshipDescriptionDocument-MundyInternshipDescription
Document-MundyInternshipDescription
 
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
 
Week 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docxWeek 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docx
 
Rigger and Signal Person
Rigger and Signal PersonRigger and Signal Person
Rigger and Signal Person
 
Software Presentation
Software PresentationSoftware Presentation
Software Presentation
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of it
 
School Violence and student
School Violence and studentSchool Violence and student
School Violence and student
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Underwater Diagnosis
Underwater DiagnosisUnderwater Diagnosis
Underwater Diagnosis
 
Asia Offer Latter
Asia Offer LatterAsia Offer Latter
Asia Offer Latter
 
Dr. Frances Elliot
Dr. Frances ElliotDr. Frances Elliot
Dr. Frances Elliot
 
Strategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the CurriculumStrategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the Curriculum
 
cl liu.pdf
cl liu.pdfcl liu.pdf
cl liu.pdf
 
WeCT Infographic
WeCT InfographicWeCT Infographic
WeCT Infographic
 
Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012
 
software Demo
software Demosoftware Demo
software Demo
 
Master batches
Master batchesMaster batches
Master batches
 
Overview of chemistry
Overview of chemistryOverview of chemistry
Overview of chemistry
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
 

Recently uploaded

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Maurizio_Taffone_Emerging_Security_Threats

  • 1. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 1 Emerging Security T h rea ts Maurizio Taffone m t affone@ c is c o. c om P rod uc t Manag er S ec urit y E urop ean Mark et s
  • 2. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 2 Agenda Trends in Motivation E x ist ing t h rea t s a nd L e s s ons f r om th e P as t N e w Th rea t s C o p ing w it h Th rea t s: C onc l u s ions a nd R ec o m m enda t io ns
  • 3. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 3 T rend s in mo tiv a tio ns The threat ec o n o m y
  • 4. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 4 S o m e s t at i s t i c s
  • 5. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 5 T h r eat E c o no m y : I n t h e P as t E nd V al ue Espionage ( C or por at e/ G ov er nm ent ) F am e T h ef t W rit ers A s s et V ir u s T ool and T ool k it W r it er s W or m T r oj ans M al w ar e W r it er s C om pr om ise I nd iv id u al H ost or A ppl ic at ion C om pr om ise Env ir onm ent
  • 6. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 6 T h r eat E c o no m y : T o day Writers M id d l e M en S ec o n d S ta g e A b u sers Bot-N e t M a n a g e m e n t: F or R e n t, f or L e a s e , f or S a l e Bot-N e t C r e a ti on P e r s on a l I n f or m a ti on E l e c tr on i c I P L e a k a g e W or m s S p y w a r e T ool a n d T ool k i t W r i te r s V i r u s e s T r oj a n s M a l w a r e W r i te r s F irst S ta g e A b u sers M a c h i n e H a r v e s ti n g I n f or m a ti on H a r v e s ti n g H a c k e r / D i r e c t A tta c k I n te r n a l T h e f t: A b u s e of P r i v i l e g e I n f or m a ti on Br ok e r a g e S p a m m e r P h i s h e r E x tor ti on i s t/ D D oS -f or -H i r e P h a r m e r / D N S P oi s on i n g I d e n ti ty T h e f t C om p r om i s e d H os t a n d A p p l i c a ti on E n d V a l u e F i n a n c i a l F r a u d C om m e r c i a l S a l e s F r a u d u l e n t S a l e s C l i c k -T h r ou g h R e v e n u e E s p i on a g e ( C or p or a te / G ov e r n m e n t) F a m e E x tor te d P a y -O f f s T h e f t
  • 7. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 7 C h angi ng F ac e o f T h r eat s Change in p u r p o s e S h if t f r om f am e to oth e r , h ig h e r -val u e m otivations : p r of it, r e ve ng e , c om p e tition B y f ar th e s tr ong e s t m otivator is now p r of it: th e r e ’s g ood , r e l ative l y e as y m one y to b e m ad e b y c om m itting a c om p u te r c r im e or tw o Change in ex p ec t ed b ehav io r L e s s nois y Mor e s op h is tic ate d Mor e var iants , s m al l e r s c op e of e ac h
  • 8. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 8 O l d a nd unres o l v ed th rea ts
  • 9. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 9 O l d ( and U nr es o l v ed) T h r eat s W o rm s a nd V iru ses B o t net s S p a m S p y w a re P h ish ing , P h a rm ing , a nd I dent it y Th ef t A p p l ic a t io n S ec u rit y
  • 10. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 10 T h r eat s t o Y o u r U s er s : W o r m s and V i r u s es 2 0 0 6 - N o t a b i g y e a r i n w o r m s a n d v i r u s e s …W h y ? O p p o r t u n i t y s h r i n k i n g M o t i v a t i o n c h a n g i n g
  • 11. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 11 R es u r genc e o f B o t net s B o t net : a c o l l ec t io n o f c o m p ro m ised m a c h ines ru nning p ro g ra m s u nder a c o m m o n c o m m a nd a nd c o nt ro l inf ra st ru c t u re B u il ding t h e B o t net : Viruses, worms; infected spam; drive-b y downl oads; etc. C o nt ro l l ing t h e B o t net : C overt-ch annel of some form U sing a B ot net t o S end S pam 1 . A b otn e t op e r a tor s e n d s ou t v i r u s e s or w or m s , i n f e c ti n g or d i n a r y u s e r s ’ W i n d ow s P C s 2 . T h e P C s l og i n to a n I R C s e r v e r or oth e r c om m u n i c a ti on s m e d i u m 3 . A s p a m m e r p u r c h a s e s a c c e s s to th e b otn e t f r om th e op e r a tor 4 . T h e s p a m m e r s e n d s i n s tr u c ti on s v i a th e I R C s e r v e r to th e i n f e c te d P C s — 5 . . . . c a u s i n g th e m to s e n d ou t s p a m m e s s a g e s to m a i l s e r v e r s S ou r c e : w w w . w i k i p e d i a . or g
  • 12. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 12 W h at Ab o u t S p y w ar e? S t il l a m aj or t h reat D riv e-b y d o w n l o a d s stil l a m a j o r so u rc e o f in f esta tio n I m a g e-b a sed v u l n era b il ities in p a rtic u l a r en a b l e th is ( WM F a n d j p g v u l n era b il ities a re g o o d ex a m p l es) H o w ev er, c o n f u sin g o r m isl ea d in g E U L A s stil l a p ro b l em A Troj an b y any ot h er nam e— S p y w a re is in c rea sin g l y in d istin g u ish a b l e f ro m c erta in c l a sses o f v iru s N a sty ra c e c o n d itio n : sh eer n u m b er o f v a ria n ts m a k es it v ery d if f ic u l t f o r tec h n o l o g y so l u tio n s to h it 10 0 % a c c u ra c y a t a g iv en m o m en t R is e of int el l ig ent s p y w are D irec ted a d v ertisin g is m o re v a l u a b l e th a n u n d irec ted M o re so p h istic a ted sp y w a re m a tc h es u ser-g a th ered d a ta w ith d irec ted a d v ertisin g B o t-b a sed sp y w a re is a l so m o re v a l u a b l e, a s it c a n b e u p d a ted o v er tim e
  • 13. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 13 P h i s h i ng, P h ar m i ng, and I dent i t y T h ef t M U N D O -B A N K . C O M H os ts F i l e : m u n d o-b a n k . c om = 1 7 2 . 1 6 8 . 2 5 4 . 2 5 4 1 7 2 . 1 6 8 . 1 . 1 C o m e s e e u s a t w w w . m u n d o -b a n k . c o m < 172. 168. 254. 254> MUNDO-B A NK . C OM   ¡ ¢ £ ¤ ¥¦ ¥ §¨ © ¥ ¤ M U N D O -B A N K . C O M 1 7 2 . 1 6 8 . 1 . 1 ! ! # ! $ ! P H I S H I N G P H A R M I N G MUNDO- B A NK . C OM 1 7 2 . 1 6 8 . 2 5 4 . 2 5 4 % ' £ ¥ ¢ £ ¡ ¥ ¡ ( MUNDO- B A NK . C OM 1 7 2 . 1 6 8 . 2 5 4 . 2 5 4 • I d en tity th ef t c o n tin u es to b e a p ro b l em • P h ish in g sc a m s g ro w in g in so p h istic a tio n ev ery d a y • P ro tec tin g y o u r u sers: im p l em en t so m e tec h n o l o g y , b u t d o n ’t f o rg et u ser ed u c a tio n ! ! • I f y o u ’re a ta rg et: • C o n sid er “p erso n a l iz a tio n ” tec h n o l o g ies ( e. g . u ser-c h o sen im a g es o n a w eb p a g e) • S u p p o rt id en tif ied m a il in itia tiv es, l ik e D K I M
  • 14. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 14 Example: Hybrid Threats Combination Attacks involving V ir u se s and P h ish ing Example: Hybrid Threats Combination Attacks involving V ir u se s and P h ish ing
  • 15. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 15 Ap p l i c at i o n S ec u r i t y : P o r t 4 4 3 P r o b l em W e’v e “so lv ed” the po rt 8 0 pro blem P or t 8 0 p r oble m: e ve r y th ing r id e s on p or t 8 0 , as it’s u nive r sally op e n ou tbou nd H ow e ve r , th at give s r ise to: P o rt 4 4 3 pro blem: en c rypted po rt 8 0 pro blem Ho w do I en f o rc e po lic y o v er the en c rypted tu n n el? S e r vice u se e nf or ce me nt: P 2 P f ile sh ar ing; instant me ssaging; ou tbou nd inf or mation cond u its Acce p table u se monitor ing: anony mou s p r ox ie s, r e d ir e cts, e tc. to ge t ar ou nd U R L F ilte r ing M alw ar e scanning: cannot scan obj e cts—e mail, I M , w e b d ow nload s N o te the c o ro llary ( an d less disc u ssed) pro blem o f po rt 2 2 ( S S H)
  • 16. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 16 N ew th rea ts
  • 17. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 17 N ew T h r eat s R F I D Th rea t s S erv ic e-O rient ed A rc h it ec t u res V o ic e o v er I P Th rea t s D ev ic e P ro l if era t io n a nd M o b il e D ev ic es O u t so u rc ing D ist rib u t ed W o rk f o rc e C o nnec t ed H o m e
  • 18. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 18 N ew T hr eat s in A p p l ic at io n S ec u r it y : X M L and S er v ic e O r ient ed A r c hit ec t u r es W h a t is a n S O A ? Interlinked system of serv ic es, c ommu nic a ting w ith a sta nda rd meth odolog y (XM L , S O A P , etc ) – “W eb serv ic es” E na b les “systems of systems”; tying tog eth er disp a ra te b a c kend a p p lic a tion systems into a c oh esiv e w h ole M a j o r S ec u rit y C o nsidera t io ns: D irec tly ex p oses th e a p p lic a tion tier to ex terna l entities for th e first time S ec u rity c onc erns inv olv e b oth access co n t r o l p rob lems (b a sed on strong or w ea k identity c redentia ls) , a s w ell a s n ew at t ack t y p es (“X-ma lw a re”, “X-D oS ”, etc ) E na b les new sec u rity c a p a b ilities for integ rity a nd c onfidentia lity: field-lev el enc ryp tion serv ic es; doc u ment sig ning ; c ontent tra nsforma tion serv ic es, etc . N ot “new ” th is yea r p er se, b u t sta rting to h it c ritic a l ma ss
  • 19. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 19 N ew T h r eat : V o i c e o v er I P T h r eat s G ar tne r G r ou p S u m s I t u p B e s t: “T h e h y p e s u r r ou nd ing V oI P th r e ats h as , th u s f ar , ou tp ac e d ac tu al attac k s ” T h ou g h ts on W h y : O p p or tu nity : w e l l u nd e r s tood b u s ine s s r is k is p r om oting inte g r ation of s e c u r ity te c h nol og ie s in voic e d e p l oy m e nts O p p or tu nity : l im ite d p ool of te c h nic al e x p e r ts on voic e w ith in attac k e r c om m u nity Motivation: no w e l l -e s tab l is h e d b u s ine s s m od e l d r iving f inanc ial inc e ntive s to attac k
  • 20. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 20 C o p i ng w i t h T h r eat s C onc l u s ions and R e c om m e nd ations
  • 21. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 21 I nc i dent R es p o ns e B as i c s I nc id ent R es p ons e L ife C y c l e P r e-I nc id ent P l anning D et ec t ion and A nal y sis C ont ainm ent and C ont r ol R ec ov er y P ost -I nc id ent P ol ic y and P r oc ess A nal y sis 1 2 34 5 M ost imp orta nt step : S t ep 1 S ec ond most imp orta nt step : S t ep 5 M ost c ommonly skip p ed step : S t ep 1 S ec ond most c ommonly skip p ed step : S t ep 5 T h er e’s a m essag e i n h er e so m ew h er e… A d a p te d f r om r e p or ts a t w w w . g a r tn e r . c om a n d w w w . s e c u r i ty f oc u s . c om
  • 22. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 22 F i l l i ng i n t h e C i s c o S ec u r i t y S o l u t i o n C isc o o f f ers a b ro a d su ite o f h ig h l y in teg ra ted n etw o rk en d p o in t sec u rity so l u tio n s a c ro ss a l l p o in ts in th e n etw o rk F ir ew al l S it e-t o-S it e and R em ot e A c c ess V P N I D S / I P S N et w or k A d m ission C ont r ol S ec u r it y M anagem ent I n t e r n e t E n d p oi n t Cisco Security Agent N etw ork Ad m ission Control N e tw or k P e r i m e te r F irew a l l , I P S SSL V P N , Anti-X Br a n c h O f f i c e F W , I P S, V P N W i r e l e s s S e c u r i ty R ogue AP , I P S I P C S e c u r i ty I nf ra structure, Ca l l M a na gem ent, Ap p l ica tions, E nd p oints D a ta C e n te r I ro n p o rt ex p a n d s th a t en d -to -en d so l u tio n w ith m essa g in g a n d w eb c o n ten t sec u rity serv ic es E M A I L Security Ap p l ia nce W E B Security Ap p l ia nce S e n d e r Ba s e I r o n p o r t M e s s a g i n g S e c u r i ty
  • 23. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 23 Cis c o A gr eem ent t o A c q u ir e I r o np o r t S y s t em s Mar k e t – C is c o ex p and ing from $ 5 B N et w ork S ec urit y m ark et int o ad j ac ent $ 2 . 0 B Mes s ag ing S ec urit y m ark et Mar k e t P os ition – I ronp ort is Mes s ag ing S ec urit y Mark et L ead er P r od u c ts and T e c h nol og y – I ronp ort Mes s ag ing S ec urit y S ol ut ions b uil t on: • H ig h -p erform anc e A p p l ianc es • I ronp ort Mes s ag ing S ec urit y S erv ic es : S end erB as e ® ( A nt i-S p am , C ont ent F il t ering , et c . ) • P art ner S erv ic es : A nt i-V irus , U R L F il t ering , et c .
  • 24. © 2 0 0 7 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o C o n f i d e n t i a lE S T . p p t 24