Security: New Trends,
New Issues
Internet 2 Fall Members Meeting
Austin TX
September 29, 2004
Let’s Start With A Quote
The president of a telecommunications firm said…
“But nowadays, it's such a stupid crime
because it's so easy to catch them.“
He continued…
“The sad part about it is it's almost 95
percent minors that are involved in this
thing. And that's the case with almost all
the computer hackers. .“
CHANGE DATE
2
Now The Context
The timeframe was late 70s/early 80s.
The company was Dial America.
The theft was about USD 6K in long distance.
Credit card numbers may have also been traded on
the Apple //e bulletin board.
CHANGE DATE
3
Some Things Stay Constant…
 Playgrounds
• Telephone networks, computer systems, banks,
governments, schools,…
 Motivations
• Money and advancement, ideology, ego, curiosity,…
 Sociology
• Minors on bulletin boards are now script kiddies in chat
rooms
CHANGE DATE
4
…Others Change…
 Terminology
• What the president called “hacking” would be “phreaking”
now
• See the “New Hacker’s Dictionary”, 3rd Edition
 Amounts
• Earlier this month, an overseas woman was arrested on
suspicion of over USD 3M long distance theft
• A stolen Juniper router password will fetch many credit
card numbers…
CHANGE DATE
5
…And Change…
Telephone Technology Evolution
• Manual operator assistance was replaced with in-band
multi-frequency (MF) signaling
• MF was replaced with Common Channel Signaling (CCS)
• PSTN augmented with calling features, VoIP, and multiple
generations of cellular
Packet Network Evolution
• Static routing and /etc/hosts.txt files replaced with dynamic
routing and DNS
• Vulnerable BGP/DNS being hardened with MD5, IPSec,
DNSsec
• Will there be new signaling protocols and transportoptimized extensions?
CHANGE DATE
6
…And Change
 Attack Tools
• Instead of “Black boxes”, “Blue boxes”, “Red boxes”, we
have “Vmail attacks” and “cell phone cloning”
• The Internet has its own: “Botnets”, “Root kits”,
“Zombies”, “phishing”, ad infinitum
 Policies and Laws
• Though some would argue not enough…
 People
• Steve Jobs at one point sold blue boxes… now he sells
mostly white ones
CHANGE DATE
7
Today’s Panel
We’ll hear how things are changing from two
perspectives:
 Erik Mettala
• VP, Network Associates
• Director, McAfee Research
 Doug Pearson
• Director, Research and Education Networking –
Information Sharing and Analysis Center (REN-ISAC)
• Senior Manager, Global Network Operations Center (Global
NOC)
CHANGE DATE
8
Topics
 Is it getting worse, or do we just see more?
 What trends are most worrisome?
 What safeguards are working? What aren’t?
 What's the right balance between host and
network-based techniques?
 How are the R&E and commercial spaces similar?
How are they different?
 What's the single most valuable thing a campus
could do to improve their overall IT security?
CHANGE DATE
9
Panel Protocol
 30-40 minutes of broadcast traffic
• Each presenter delivers prepared comments
• Please hold your questions until the end
 20-30 minutes of unicast/multicast
query/responses
• Open Q&A
• Direct questions to one or both panelists
• If you don’t ask, then the panelists will ask you
 Trivia question contest
• First person to answer question correctly receives prize
• I2 employees and their families are ineligible
CHANGE DATE
10
Thank You