Transcript Keeping Your Computers Safe

Information Security
Awareness
The Problem of Network Security
• The Internet allows an attacker to attack from anywhere in the
world from their home desk.
• They just need to find one vulnerability: a security analyst need
to close every vulnerability.
• According to www.SANS.org , the top vulnerabilities available for
a cyber criminal are
–
–
–
–
Web Browser
IM Clients
Web Applications
Excessive User Rights
2008 CSI/FBI Computer Crime and Security
Survey
• The most expensive computer security incidents are those involving
financial fraud, with an average loss of $500,000.
• Frequency of occurrence :
–
–
–
–
–
Human/Software Incompetence
Insider abuse of the network
Theft of laptops and mobile devices
Outside hacker
Unknown
31%
1%
35%
32%
1%
Crackers
Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Know how to
execute programs
Criminals:
Create & sell bots -> spam
Sell credit card numbers,…
System Administrators
Some scripts are useful
to protect networks…
Hacker Bulletin Board
Sql Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Malware package=$1K-2K
1 M Email addresses = $8
10,000 PCs = $1000
Computer Virus
• A virus attaches itself to a program, file,
or disk
• When the program is executed, the
virus too is executed
• When the program is executed
(email/floppy) the virus spreads
• The virus may be benign or malignant
but executes its load pay at some point
(often upon contact)
• Viruses result in crashing of computers
and loss of data.
• In order to recover/prevent virus
attacks:
–
–
–
–
Avoid potentially unreliable web sites/emails
System Restore
Re-install operating system
Virus Protection.
•
Freeware i.e. AVG , Avira Antivirus
Game
A
Extra Code:
Delete file
infects
Game
B
Worm
Independent program which replicates itself and sends copies from
computer to computer across network connections. Upon arrival the
worm may be activated to replicate.
Logic Bomb
Trojan Horse
Logic Bomb: Malware logic will execute upon certain conditions. It is
used for more legitimate reasons but could be used for nefarious
purposes.
• Software which will malfunction if maintenance fee is not paid
• Employee triggering a database erase when he is fired.
Trojan Horse: Malware has malicious purpose in addition to functional
purpose
• Social Engineering: “Try this game…it is so cool”
– Game also emails password file.
– The word Trojan war has a piece of history attached to it. (In
Greek mythology, the Trojan War was waged against the city of
Troy by the Achaeans (Greeks) after Paris of Troy stole Helen
from her husband Menelaus, the king of Sparta. )
Phishing (Fake Email)
• Phishing is portraying
yourself as a trustworthy
entity by an e-mail and
asking for sensitive
information such as SSN,
credit card numbers, login
IDs and passwords.
• Recent example that was
in news : 10,000 Hotmail
passwords revealed by a
user on PasteBin. Believe
it not, the password that
was used the most was
“123456” (a total of 64
times).
Pharming (Fake web pages)
Pharming : An Example
The link provided in the e-mail leads to a fake webpage which collects all
the important information and submits it to the owner.
Botnets
Botnets: Bots
Attacker
China
Handler
Hungary
Bots: Host illegal
movies, music,
pornography,
criminal web sites,
…
Forward Spam for
financial gain
Zombies
Social Engineering
Social engineering is the act of manipulating people into performing actions or
divulging confidential information. While similar to a confidence trick or simple
fraud, the term typically applies to trickery or deception for the purpose of
information gathering, fraud, or computer system access.
This is John,
the System
Admin. What
is your
password?
What ethnicity
are you? Your
mother’s
maiden name?
and have
some
software
patches
I have come
to repair
your
machine…
Hacking Networks
War Driving:
• Can I find a wireless network?
War Dialing:
• Can I find a modem to connect to?
• What IP addresses exist, and what
ports are open on them?
• What versions of software are
implemented on devices?
Man-In-The-Middle Attack
Man in the middle attacks occur when an attacker pretends to be your
final destination on the network. As in the figure, if a person is trying to
connect to a specific web server, an attacker can mislead him to his
computer, pretending to be that web server. MITM also result in
spoofing.
Root Kit
Root Kit
• Upon penetrating a
computer, a hacker installs
a root kit
• May enable:
– Easy entrance for the
hacker (and others)
– Keystroke logger
• Eliminates evidence of
break-in
• Modifies the operating
system
• Example : Sony BMG CD
Protection scandal.
Wisconsin 134.98
Data Breach Notification Law
Restricted data includes:
• Social Security Number
• Driver’s license # or state ID #
• Financial account number (credit/debit) and
access code/password
• DNA profile (Statute 939.74)
• Biometric data
In US, HIPAA protects:
• Health status, treatment, or payment
Recognizing a
Break-in or Compromise
Symptoms:
• Antivirus software detects a problem
• Pop-ups suddenly appear (may sell security
software)
• Disk space disappears
• Files or transactions appear that should not be
there
• System slows down to a crawl
• Stolen laptop (1 in 10 stolen in laptop lifetime)
• Often not recognized
Malware awareness
Spyware symptoms
Change to your browser homepage/start page
Ending up on a strange site when conducting a search
System-based firewall is turned off automatically
Lots of network activity while not particularly active
Excessive pop-up windows
New icons, programs, favorites which you didn’t add
Frequent firewall alerts about unknown programs trying
to access the Internet
Bad/slow system performance
Malware awareness (cont.)
Virus symptoms
Antivirus software often catches viruses
Unusual messages or displays on your monitor
Unusual sounds or music played at random times
Your system has less available memory than it
should
A disk or volume name has been changed
Programs or files are suddenly missing
Unknown programs or files have been created
Some of your files become corrupted or suddenly
don't work properly
Malware awareness (cont.)
Trojan Horse symptoms
Your computer screen flips upside down or inverts
Documents or messages print on your printer by
themselves
Your screen saver settings change by themselves
Your mouse pointer disappears
Your mouse moves by itself
Your Windows Start button disappears
Your computer shuts down and powers off by itself
Security: Defense in Depth
•
Defense in depth is a strategy to place multiple layers of defense on a system
to address all the technical, personnel and operational issues.
•
It is an approach conceived by NSA in order to ensure information and
electronic security.
A Firewall is a Filter
A firewall, as the name suggests acts as a wall between your
computer/private network and the internet. Hackers may use the internet to
find, use, and install applications on your computer. A firewall prevents
hacker connections from entering your computer.
Protecting the Network
Border Router: Packet Filter
The Internet
De-Militarized
Zone
Bastion Hosts
WLAN
Private Network
Proxy server firewall
Password Cracking:
Dictionary Attack & Brute Force
Pattern
Calculation
Result
Time to Guess
(2.6x1018/month)
Personal Info: interests, relatives
20
Manual 5 minutes
Social Engineering
1
Manual 2 minutes
80,000
< 1 second
American Dictionary
4 chars: lower case alpha
264
5x105
8 chars: lower case alpha
268
2x1011
8 chars: alpha
528
5x1013
8 chars: alphanumeric
628
2x1014
3.4 min.
8 chars alphanumeric +10
728
7x1014
12 min.
8 chars: all keyboard
958
7x1015
2 hours
12 chars: alphanumeric
6212
3x1021
96 years
12 chars: alphanumeric + 10
7212
2x1022
500 years
12 chars: all keyboard
9512
5x1023
16 chars: alphanumeric
6216
5x1028
Creating a Good Password
Merry Christmas
Bad
Password
(Lengthen)
Merry Xmas
MerryChrisToYou
(Synonym)
(Intertwine
Letters)
(convert vowels
to numeric)
MerryJul
(Abbreviate)
MaryJul
MerChr2You
(Keypad shift
Right …. Up)
MXemrays
Good
Password
Glad*Jes*Birth
,stuzc,sd
M5rryXm1s
Jq46Sjqw
Mary*Jul
mErcHr2yOu
Creating A Good Password
Combine 2 unrelated Mail + phone = m@!lf0n3
words
Abbreviate a phrase
My favorite color is blue=
Mfciblue
Music lyric
He was a scrawny calf, who
looked rather woozy
No one suspected he was
packing an Uzi
Cows with guns=
Hwascwlrwnoshwpaucwg
Password Recommendations
•
•
Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin
– Use a software firewall on each computer system, with antivirus &
antispyware.
A good password is:
– private: it is used and known by one person only
– secret: it does not appear in clear text in any file or program or on a piece of
paper pinned to the terminal
– easily remembered: so there is no need to write it down
– at least 8 characters
– a mixture of at least 3 of the following: upper case letters, lower case
letters, digits and punctuation
– not guessable by any program in a reasonable time, for instance less than one
week. Why you must change passwords
•
Even if you choose a good password, it can still be discovered: someone
may see you typing it or capture it by snooping on the computer or network.
If you accidentally type your password in place your login name, it may
appear in system log files
Patching/Updates
•
•
•
Microsoft regularly issues patches or updates to solve security problems in
their software. If these are not applied, it leaves your computer vulnerable to
hackers.
The Windows Update feature built into Windows 98, Me, NT, 2000, and XP
can check your PC against a common database of patches
More recent versions of windows have an Automatic Update feature
Combat Viruses
• Maintain Operating System Updates
• Install anti-virus, anti-spyware software
There are many freeware and paid options available in the market.
• Beware of opening unknown attachments
• Do not open email on your main server
• In case you are infected with a virus there are various options
available : system restore, virus removal tool, re-install OS.
Sensitive data
Know if your
information
is securely
transmitted
when
browsing!
Back up Important Information
• What information is valuable to you?
• Who has access to that information?
• Is your back-up:
Recent?
Off-site & Secure?
Process Documented?
Tested?
Encrypted?
The Fraud Problem
Internal Fraud Recovery
Organizations lose 5-6% of
revenue annually due to
internal fraud = $652 Billion
in U.S. (2006)
Average scheme lasts 18
months, costs $159,000
25% costs exceed $1M
$0 Recovered
Recovery<=25%
Substantial Recovery
Smaller companies suffer
greater average $ losses
than large companies
Essentials of Corporate Fraud, T L
Coenen, 2008, John Wiley & Sons
How Fraud is Discovered
%
How Fraud is Discovered
40
35
30
25
20
15
10
5
0
Tip
By Accident
Internal Audit
Internal
Controls
External Audit
Notified by
Police
Some fraud is discovered via multiple reporting methods,
Thus results do not sum to 100%
Tips come from Employee 64%, Anonymous 18%,
Customer 11%, Vendor 7% Essentials of Corporate
Fraud, T L Coenen,
Protected Computer is…
Computer fortified against
attackers
• Applications turned off
• Operating system patched
• Security configuration tightened
– Authorization
– Authentication
– Physical Access
• Using appropriate measures to
stop malware: viruses, worms:
Use antivirus AND avoid
unreliable emails or web
pages!