Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Layered Defenses to Stop Internet Worms

Posted by michael on from the belt-and-suspenders dept.

An anonymous submitter writes "Following last week's release of security configuration guidance for Mac OS X, the National Security Agency has released a paper on Internet worms and how to stop new worms using layered defenses (pdf). A good read - your US tax dollars at work."

20 of 148 comments (clear)

  1. my guide to avoiding worms by 56ker · · Score: 2, Insightful

    1) Always run antivirus software
    2) Automatically filter all emails with attachments into a seperate folder
    3) Only have one user/computer
    4) Always virus scan software first
    5) Always run a firewall
    6) Always have twice as much bandwidth on the website as you need
    7) Block virus/worm emails using filters

    --


    Video Game cheats, hints a
    1. Re:my guide to avoiding worms by Daedala · · Score: 3, Insightful

      Ok, here's mine:

      Use OS X.
      Run Software Update every once and a while.
      Make sure the firewall stays on.
      Back up.
      Watch Slashdot for malware that isn't just FUD.

      --
      What I say does not represent the views of my employers, my friends, my cats, or myself.
    2. Re:my guide to avoiding worms by Wolfger · · Score: 3, Insightful
      3) Only have one user/computer
      Yeah. That works real well. I'll just tell my boss that right now. Which one user should we allow on our server?

      A more useful list would be shorter yet:
      1) Make sure all users are intelligent with regards to computers.
      ...hard to implement, though. That's why IT Security exists.
      --
      Nothing to see here. Move along.
    3. Re:my guide to avoiding worms by RealAlaskan · · Score: 4, Insightful
      And *my* guide to avoiding worms :

      1) Use Linux

      Well, the mods think it's funny, but I've been doing exactly that since 1997, and it's worked wonders for me. Linux was ready for my desktop back then, it was ready for the desktop of most clerical employees, and it's gotten nothing but better in the last seven years. For most folks, there's no reason not to use Linux except inertia.

      Of course, if you don't mind buying Apple hardware, there's always OSX. If your organization has an exclusive contract with Dell, that's not an option, though.

      --
      See what I've been reading.
    4. Re:my guide to avoiding worms by dfj225 · · Score: 4, Insightful

      I know this was meant to be funny, but I think it is this type of thinking that could one day lead to other operating systems being exploited or filled with worms as much as Windows is now. I don't care what operating system you run, if you do not patch a hole it is still exteremly dangerous to your system. I think that this problem afflicts Mac users more than linux ones as I've often heard one too many Mac lover say how Apple's machines never get viruses or suffer from security problems. (Don't get me wrong, I love my Mac, but I know the importance of keeping it patched.) If someone honestly thinks that simply running an operating system other than Windows will keep them safe, then I fear the future will be much dimmer.

      --
      SIGFAULT
    5. Re:my guide to avoiding worms by Anonymous Coward · · Score: 1, Insightful

      ya, lets ignore the rest of the world, that uses MS solutions...

      write me some real full blown solutions, that will install without a week or month of rewriting cfg files, recompiling, and it has to be compatible with the cabinet full of other software used...or go back to the corner and whine some more.

      MS is not the single solution to any infrastructure, and neither is Linux, so get off the soapbox already! Use the best tool for the job, never put all your eggs in one basket.

      Don't follow zealots, they always fail in the long run, because they wear blinders to reality!

    6. Re:my guide to avoiding worms by droleary · · Score: 2, Insightful

      I know this was meant to be funny, but I think it is this type of thinking that could one day lead to other operating systems being exploited or filled with worms as much as Windows is now.

      Get back to us when "one day" comes, then. Like the people who play the "Windows marketshare ensures it is the most exploited" game, your logic is flawed. Alternatives to Windows all start from a different base and evolve in a different manner, so you can't assume that what trouble 95% of users today will necessarily trouble 95% of users in a mythical Unix-ubiquitious future.

      If someone honestly thinks that simply running an operating system other than Windows will keep them safe, then I fear the future will be much dimmer.

      Your fear is a baseless phobia. The truth today is that, yes, simply running an OS other than Windows will keep them safer. I realize that there is no guarantees for the future, but for today I would get my mom a Mac and fret very little even if she never did a software update unless I was there, whereas I know she'd be bombarded by malware every day if I pushed Windows on her.

  2. Just Makes Sense by TheFlyingGoat · · Score: 5, Insightful

    Obviously multilayered security is a solution to many problems. A worm would have to exploit problems at multiple levels before being able to do what it wants. This would make it much harder for the average script kiddie to write a worm, and would force an excellent programmer to write a much larger program. It also has the benefit of stopping worm variations by applying a security fix at any one of the security levels, since it's unlikely for that complex a worm to include multiple attacks for every level.

    --
    You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
  3. Good greif by jedkiwi · · Score: 3, Insightful

    Odviously this is aimed at the average american, as all the IT people and geeks out there already know this. But tell me, what average user is auctually going to take the time to read this?

  4. What happened to Darwinism? by DeepFried · · Score: 5, Insightful

    I wish they could just come out and clearly advocate diverstity among OSes. The biggest threat IMO is the ubiquity of holes, not severity.

    In my perfect world they would advocate open standards and address the flaws in the system not just individual "patients." As these plagues come and go, if we all have the same immune systems, our collective odds are not good.

    I am glad they are putting good info out there. I guess I am hoping that in each case they identify the larger problem so we can all keep our eye on the ball.

    --


    Who is General Failure, and why is he reading my hard disk?
  5. NSA vs. l33t h4x... by Sebastopol · · Score: 5, Insightful

    Does anyone else find it pretty cool that this battle is NSA vs script kiddies? I mean, a $2B a year cost is equvialent to a small terrorist attack, this is a big problem. I'm glad to see people from all walks of life attempting to combat the little punks.

    --
    https://www.accountkiller.com/removal-requested
  6. If this story about worms ... by Anonymous Coward · · Score: 1, Insightful

    ... why is there a picture of a caterpillar?

  7. Why I don't want a "secure" OS by RealProgrammer · · Score: 4, Insightful

    There is a regular discussion (or flame war) over which operating system is more "secure": Windows, Linux, the BSDs, Mac OS X, or whatever. Anyone with a bit of understanding knows that there's no answer to that discussion, except if you ask which one is easiest to secure, and even then you have to ask who the securer is and what tasks will be performed. But that's not what I want to talk about.

    Telling less experience users that a particular OS is "secure" leads them to think they don't need to be vigilant. Same thing with telling them a firewall will solve their worm problems, or that as long as they keep up with patches they're safe from attacks. All of these are important, but no single one of them is a panacea.

    I didn't RTFPDF, but it's common wisdom that a multi-layered approach to security is best. No individual step fixes everything, nor usually even stops all of the attacks it's designed to stop. All we do is raise the bar, and hope attackers will go elsewhere.

    So don't tell me that an OS is "secure". I know there isn't such a thing. Tell me what its soft spots are, so I can layer other defenses around them. Maybe the bad guys will pass me by for a while.

    --
    sigs, as if you care.
  8. Make MS security a point of nat;l security by gelfling · · Score: 5, Insightful

    I really don't understand that if the government spends billions of dollars a year on IT products and billions more in house fixing the holes why they don't simply create a master RFP for Microsoft clearly articulating what the security requirements are and that if they are not met they lose pieces of the bid until it is. I mean if the DoD doesn't have the clout to bash these lazy slackers in Redmond upside the head then we're all wasting our time worrying about security.

    MS annnounced yesterday that they are seriously considering ending FREE security patches in order,

    now listen real carefully -

    NOT to provide better or worse security, but to wield an effective blunt object against counterfeiters.

    Microsoft views YOUR security as nothing more than a convenient tool to blackmail the entire known world into paying for MS's product. It doesn't matter that you or I never actually stole any of their product - we WILL be threatened with cyber terrorism for the criminalities of other people until WE ALL cough up more money to pay.

    And at the end of the day MS makes zero warranty that patches that cost real money will be any better than the FREE updates we already get.

    Seriously, in other countries and in other industries this why industries get nationalized by an irate fed up underserviced populace.

  9. Re:Difficult thing about worms... by RAMMS+EIN · · Score: 2, Insightful

    ``They take advantage of things that no one previously thought of''

    From what I can tell, holes exploited by worms are often just common vulnerabilities. Buffer overflows, format strings, cross-site scripting vulnerabilities, are all old news.

    --
    Please correct me if I got my facts wrong.
  10. *BSD by Anonymous Coward · · Score: 2, Insightful

    FreeBSD and OpenBSD make damn good worm-resistant webservers too.

  11. Re:Good grief by lifeblender · · Score: 2, Insightful

    From their own report, it doesn't look like it:

    "It is unrealistic to assume that users will become cautious about running unknown files."
    p. 6, last line of second paragraph

    Even the NSA thinks ordinary people won't get smart about computer security.

    --
    Playing pornographics games during the day is evil! Play at night!
  12. Re:Alive? by Twanfox · · Score: 4, Insightful

    Considering there is a complete cycle that the worms take to propagate and persist, without user intervention, I would say that you could (not have to) consider them akin to what kinds of life you would find in biological viruses. They're pretty stupid. They generally stick to doing one thing. Once they're known and decoded, a defense can be formed.

    However, reading the article, the advance of programming technology is getting pretty sneaky. Self-decrypting program code (hmm.. similar to DNA, only the parts in use are exposed), Self-modifying code (probably close here, though with VB's capacity to recompile on any windows machine...), Command and Control, built in analytical heuristics (worms using scanners and 'decision making' on how to propogate), and even getting to the point where they start to operate at less than full throttle to avoid the common detection method, interference in the host's performance.

    The similarity between computer worms and viruses and biological viruses is very close, just on different platforms. While these aren't 'alive' in the common sense, they sure have the capacity to act like it on occasion.

    Wonder what's next. Worms that record where it sends itself to in order to form a distributed AI Network?

  13. Why I don't have to be vigilant by RealProgrammer · · Score: 2, Insightful
    [Setup is a firewall and locked-down OS]. Would they still need to be vigilent? Is there anything that is likely to be able to bust through that kind of security? Even if a potential exploit existed somewhere along the chain, isn't the chain sufficiently extensive that nobody could ever make use of it?

    My point is that you need to have that kind of situation, which is a multi-layered approach.

    But to answer directly, yes, they still need to be vigilant. They're still being a client, unless the box is unplugged from the network. Do I download that RPM or MSI and install it, or do I check it out first? Do I log in as root, or do I waste time with a luser account?

    The user who thinks he has a "secure" OS doesn't bother with the basics, or with a virus checker, or checking the signature on a tarball.

    --
    sigs, as if you care.
  14. Tax Joke? by MicroBerto · · Score: 4, Insightful
    I'm not sure if "Your tax dollars at work" was a joke or not, but even as a Libertarian, I have no problem with this. If the government spends resources to educate some people and it ends up saving them hundreds of thousands in the long haul, then that is worth my taxdollars if you ask me.

    Then again, they should already know how to do this and learn for themselves, but a dollar saved is a dollar earned. Damn worms!

    --
    Berto