Transcript Personal Security - Faculty Homepages (homepage.smc.edu)

Personal Security
Security Tips for Home Internet
Users
Securing your home computer
• Accessing the Internet from home
–
–
–
–
Convenient
Abundance of information
Exposes your computer
Can be costly or damaging
Overview
•
•
•
•
•
Internet access
Why Should I be concerned with Security
What are the most common vulnerabilities
What security tools are available
Where can I find more information
Internet
• Complex system of attached networks
• Designed to distribute data geographically
at high speeds in a short period of time
• Data is distributed in a variety of formats
– Examples: PDF, JPEG, MOV, MP3, Text
• Information is stored or viewed locally on
your computer
Broadband
• High speed access to the home user
• Types
– DSL
– Cable Modem
DSL
• Digital Subscriber Line
• Typically ADSL
– Asymmetric Digital Subscriber Line
• Offers dedicated bandwidth
• Speed
–
–
–
–
384 kbps downstream
128 kbps upstream
Up to 1.5 Mbps down 800 kbps up
Varies depending on service level and distance from
CO (Central Office)
– Maximum distance varies 14000 – 17500 ft
DSL Configuration
• DSL Modem
• DSL Splitter and Filters
• DSLAM
– Digital Subscriber Line
Access Multiplexer
• ISP
– Internet Service Provider
Cable Modem
• Shared bandwidth
• Speed per channel
– 27 Mbps shared
download
– 10 Mbps Upload
• Connects to CMTS
(Cable Modem
Transmission System) at
cable company
– Provides packet filtering,
and traffic shaping
What about security?
•
•
•
•
Why should I be concerned?
What are the vulnerabilities?
What can I do to protect myself?
How do I recover from an attack?
Why should I be Concerned
•
•
•
•
You lose crucial data
You spend time and money on recovery
You feel violated, helpless and foolish
You risk propagating the attack to your
peers and others
• Your peers and others know how foolish
you are
Vulnerabilities
•
•
•
•
Viruses
Hacks
Data Capturing
Lack of contingency planning
Virus
•
•
•
•
60,000 Variations in circulation
Types of Viruses
Antivirus Software
Best Practices
Types of Viruses
• Viruses are Segments of code or complete
programs that can damage your system or
degrade system performance.
– Trojan Horse
– Worm
– Hoax
Trojan Horses
• A program disguised as having a desired purpose
while subversively performing an unwanted action
on your system.
• Often open backdoor access to your system
• Notorious Trojan Horses
–
–
–
–
–
Simpson's
Backdoor
Sub7
BackOrafice
NetBus
Worm
• Self Propagating independent program that
adversely affects your computer performance or
damages your computer
• Hall of fame
–
–
–
–
–
–
Melissa
Nimda
LoveLetter
Anna Kournikova
CodeRed
SirCam
Hoax
• An unsubstantiated virus alert intended to cause
panic
• Typically warning of the most damaging or
dangerous virus
• Examples
–
–
–
–
–
BudweiserFrogs
A virtual card for you
!0000 – Stop mass mailings
Wobbler
Win a holiday
Best Practice: Virus prevention
• Always verify your antivirus software is
running and Update your antivirus
software
Best Practice: Virus prevention 2
• When receiving email do not open
attachments unless you are expecting them
• Take virus alerts seriously
• Sources of alerts
– Institutional Notification
– News Media alerts
– Word of mouth
Virus recovery
• Use antivirus software and tools to clean
system
– http://www.mcafee.com
– http://www.symantec.com
• Find manual steps for virus removal
• Reinstall your system from scratch
Hacks
• Hacking
– What is hacking
– How does hacking happen
• Types of attacks
• Prevention methods
Hacking
• Gaining unauthorized access to computer
systems for malicious purposes
How Hacking Happens
• System information is collected
–
–
–
–
Footprinting
Scanning
Probing
Enumeration
• Software vulnerabilities are exploited
• System passwords are guessed or not
employed
Types of Attacks
• Interference
• Interception
• Impersonation
Interference
• Attacks that render objects or services
unusable
– Denial of service
– Distributed Denial of service
– System alteration
Interception
• Captures Data through monitoring or
redirection
– Monitoring
• Wire taps
• Network Monitoring
– Redirection
• Alteration of DNS servers
• Man in the middle
Impersonation
• When the attacker assumes the identity of a
trusted source
– Spoof attacks
• Using the IP source address of a trusted source
computer
– Password attacks
• Password enumeration
Prevention Methods
•
•
•
•
Know your system
Tools to help protect your system
Watch for and apply security patches
Contingency planning
Know your system
• Inventory your system
• Baseline system and network performance
• Identify vulnerabilities
Inventory your system
• Software Inventory
–
–
–
–
–
–
Running Software
File and printer sharing
Startup Software
Installed Software
Software Keys
Software Licensing
• Hardware
– Installed components
– Vendor specific device drivers
Inventory Tools
• Microsoft
– System Information 98
– Manage Computer System summary
– Windows NT Diagnostics
Inventory Tools 2
• Belarc Advisor
System Baseline
• Task manager
– Memory Utilization
– Process Utilization
• Performance monitor
– Log low use system state
– Log high use system state
Network Baseline
• Check Internet
Bandwidth speed
– McAfee
Speedometer
• http://promos.mcafee
.com/speedometer/te
st_0150.asp
– Ftp Large Files
• Hash
• Download Statistics
Network Baseline 2
• Use traceroute
– Check TTL stats
• Use performance
monitor to check
utilization
– Network
Utilization
Identify Vulnerablilities
• Filesharing
– Opens access to your files remotely
– Should be turned off if not used
– Protected with security device and used with complex
passwords
• Web Browsing
– Personal information is accessible via cookie files
– ActiveX components can launch Visual Basic
Application components included in Microsoft Office
– Disable ActiveX components unless necessary
Security Boundries
• Personal Computer
• Local Network Security
• Internet Security
Internet Protocol (IP)
• Address your computer on the network and where
your computer can be reached
• 32 Bit numeric device address.
• Dotted Decimal Notation
– Ex: 192.168.99.32
• Consists of network and host address.
• Determined by subnet mask
– 255.255.255.0
– Network 192.168.99.0
– Host 0.0.0.32
Network Security
• Dynamic Addressing
– IP address changes over scheduled time
• Private Addressing
–
–
–
–
Reserved address range by IANA
10.0.0.0
192.168.0.0
172.16.0.0
• Encryption
Encryption
• Method of repackaging data into cyphertext in order to
keep observers from viewing data and preserve data
integrity
• SSL – Secure Sockets Layer
– Encrypts Communication between web browsers and web servers
over the internet
– Uses Public and private key exchange
• VPN – Virtual Private Networking
– Secure Tunnel
– Key Encryption
• Symmetric
• Asymmetric
– Encryption Algorithms
• SHA – Secure Hashing Algorithm
• DES – Data Encryption Standard
What your ISP does for you
•
•
•
•
Private addressing
Dynamic addressing
Email virus scanning
[email protected]
Security Tools
• Routers
• Proxy Servers
• Firewalls
– Application
– Circuit Switching
• Scanners
Routers
• ACL Filter packets
– Deny or Allow
– Destination or Source
• Separate Networks
– Gateway
– Private Network
Proxy Server
•
•
•
•
Resides between web sites and web browser
Takes Request from client
Issues request to web server
Caches web content locally
– Improves network performance
Firewalls
• Separates untrusted external network with
trusted internal network.
• Types of Firewalling
• Personal Firewall
• Network Firewall
Types of Firewalling
• ACL – Access Control Lists
– Filters Packets
• Application Firewalling
– Verifies command legitimacy
– Can be performance intensive
• Proxying
• Circuit Switching
– Allows data sessions by request
Personal Firewall
•
•
•
•
•
Installed on local Computer
Rules Based
Alerts to system intrusion
Accounting Logs events for network forensics
Risky can affect stability of your computer
– Personal firewalls replace operating system kernel components and
can conflict with other applications
• Vendors
–
–
–
–
–
Sygate Personal Firewall – http://www.sygate.com
Black Ice Defender – http://www.networkice.com
McAfee Personal Firewall – http://www.mcafee.com
Norton Personal Firewall – http://www.symantec.com
Zone Alarm – http://www.zonelabs.com
Network Firewalls
• DSL Cable Routers
– Filter Packets
– Separates Network
• Uses Private Addressing
• Vendors
• Linksys DSL/Cable Router
– http://www.linksys.com
• Dlink Home Gateway Internet Sharing and Firewall
– http://www.dlink.com
• Proxim – Netline Gateway
– http://www.proxim.com
• SMC Barricade
– http://www.smc.com
Port Scanners
• Scans IP Port numbers for
available services
• Gibson Research Center
– http://www.grc.com
Contingency
•
•
•
•
Backup your data
Often
Use Rotation schedule
Store software, license and key information
in a safe convenient place.
• Software includes device drivers,
application software, and operating system
Who can I turn to?
• [email protected]
• System Administration Networking Security
– http://www.sans.org
• Carnegie Mellon - Computer Emergency
Response Center
– http://www.cert.org
• FBI – Internet Fraud Complaint Center
– http://www.fbi.gov/interagency/ifcc/filingcomplaint.ht
m
Links
•
•
•
Broadband
– http://www.cable-modem.net/gc/questions.html
– http://www.dslreports.com/
Antivirus
– http://www.mcafeeb2b.com/naicommon/avert/avert-researchcenter/default.asp
– http://www.symantec.com/avcenter/index.html
System Inventory
– http://www.belarc.comPersonal Firewalls
– http://www.zonelabs.com
– http://www.symantec.com
– http://www.mcafee.com
– http://www.networkice.com
– http://www.sygate.com
Links 2
•
•
•
Network Firewalls/Routers
– http://www.linksys.com
– http://www.dlink.com
– http://www.proxim.com
– http://www.smc.com
System and Port Scanners
– http://www.grc.com
– http://security1.norton.com/us/home.asp
– http://www.mcafee.com/support/system_req/browser_test.asp
– http://www.microsoft.com/technet/mpsa/start.asp
Agencies
– http://www.ciac.org/ciac/
– http://www.sans.org
– http://www.fbi.gov/interagency/ifcc/filingcomplaint.htm
– Report abuse to any ISP. Ex [email protected]
• This Presentation
– http://homepage.smc.edu/rojas_dan