Title: "Your risk is not what it used to be"
Presenter: A. Waissbein
Date: Sept. 28-29, 2008
Abstract:
Yesterday was the second Tuesday of the month - Microsoft’s patch Tuesday.
Today, the security officer gets the “exploits feed” from his pen-testing service and after some experimentation realizes that all of
his Windows servers have been vulnerable for the last 5 months (based on the virtual-machine snapshots he maintains for all the different types of servers he has, which he uses the exploit against). He analyzes his network diagram, plays with a pencil and realizes that someone could have hacked into the SQL server used for a corporate Web application, pivoted within the DMZ to the email server, or leveraged privileges to get into the administrator’s computer and temporarily open firewall ports to reach a database of the credit-card numbers. This type of analysis can be done whenever new vulnerability information is published.
It provides security officers with better vulnerability assessment data over their systems. In particular, it shows that information tied to older vulnerabilities can still alter his perception of the risks he assumes; the exercise will provide realistic information regarding the threats his systems face, and can help him to align stronger defenses; it may point him to certain historic log data that he can read to validate whether particular threats were actually exercised; and, it might give him a good reason to keep older logs for longer periods of time.
During this talk we will demonstrate how you can use modern technology to conduct this type of analysis efficiently and accurately, and discuss some of the various applications of this process referenced above.
