Transcript IT Security

Introduction to Computer
Security
Common Security Terminology










Password Cracking
Biometrics
Public Key Cryptography
SSL
Man-in-the-Middle Attack
Zombies
Denial of Service Attack
Key Logging Software
Firewalls
Security Exploit
Terminology
 Password Cracking
• Password Cracker
– An application that tries to obtain a password by
repeatedly generating and comparing encrypted
passwords or by authenticating multiple times to an
authentication source.
– Repeatedly trying to access your accounts
• Common methods of Password cracking
– Brute Force
– Dictionary
Terminology
 Password Cracking (cont’d)
• Passwords are usually stored in an encrypted
form with a one way encryption algorithm
– If this data is compromised, password cracking can
be moved to a standalone system for easier control
and speed of cracking.
Terminology
 Biometrics
• Science and technology of measuring and
statistically analyzing biological data
• When used in Information Technology it usually
refers to the use of human traits for
authentication
• This method can include fingerprints, eye
retinas and irises, voice patterns, and a host of
other consistent biological data
Terminology
 Public Key Cryptography
• Two Keys, “certificates”, are available for each
resource, one public and one private
• As the names imply, the public key can be
shared freely while the private key is kept secret
• Items encrypted using the public key are
decrypted using the private key and conversely
anything encrypted with the private key can be
decrypted with the public key
• This method of encryption is used to ensure
secure communication is only between a valid,
“known”, sender and recipient
Terminology
 SSL
• “Secure Sockets Layer”
• Uses Public Key Cryptography
• Negotiates a method to encrypt communication
between a client and server
• Allows other network protocols to connect “over
top” of it, such as web browsing and e-mail
protocols
• “Transport Layer Security” (TLS) is a variant of
SSL used to negotiate encryption within the
network protocol being used
Terminology
 Man-in-the-Middle Attack
• A system between two hosts that either
passively watches traffic to gain information
used to “replay” a session or actively interferes
with the connection, potentially imitating the
remote system
Terminology
 Zombies
• Computer system infected by a virus or Trojan
horse that allows the system to be remotely
controlled for future exploits
• These systems may be used to send large
amounts of spam e-mail or take part in
Distributed Denial of Service (DDoS) attacks
Terminology
 Denial of Service Attack (DoS)
• Sending large amounts of data and requests to
a remote system in order to inundate the remote
computer or network
• A Distributed DoS is a coordinated effort by a
number of systems to perform a DoS on a single
host
Terminology
 Key Logging Software / Hardware
• Software installed on a system to capture and
log all keystrokes
• Hardware installed between the keyboard and
computer used to capture and log all keystrokes
 Security Exploit
• A software bug, or feature, that allows access to
a computer system beyond what was originally
intended by the operator or programmer
Terminology
 Firewall
• Network hardware device or software used to
filter traffic to and from the connected resources
• Ranges from simple filters, blocking certain
services and protocols, to more complex
systems that plot network traffic patterns
• Local operating system firewalls are referred to
as “personal firewall software”
Firewall
Password Security
 Password limitations
 Reasons for complex passwords
 Helpful suggestions for creating complex
passwords
 Future password requirements
Password Security
 According to CERT/CC (Computer
Emergency Response Team / Coordination
Center) approximately 80% of all network
security issues are caused by bad
passwords
 Computer to Computer authentication can
use large keysets and complex encryption
while Human to Computer authentication
relies on much easier methods
Password Security
 Password Limitations and why they are in
place
• Password Expiration
– Decreases the chances of your password being
cracked
• Complex Passwords
– Requiring complexity actually increases the possible
character combinations required by brute-force
cracking
• Password Length Requirements
– The longer your password the more possible
character combinations are present and the harder it
is to crack
Password Security
 Dealing with Password Limitations
• Password lockouts
– If a certain number of login attempts fail within a
given timeframe the account is automatically locked
out for a preset amount of time
– Using this limitation stops brute force authentication
attempts
• Dictionary Checks
– Simple checks against common dictionaries are used
to increase password complexity
Password Security
 Are Password rules too complex?
• With the increase of computer hardware speed
and the decrease of computer prices, we can
use more advanced methods to keep security
high
• Post-it Notes
– Is your computer in a locked room?
– Who has physical access to your system?
– A majority of system attacks originate through the
network.
Password Security
 Suggestions for Complex Passwords
• Think of a phrase and use the first characters of
each word, mixing case and adding numbers
and special characters
– It is good to change your password every 6 months
= Iig2cyPe6m
– UI vandals are number one = UiVdlsR#1
• Using a favorite word or phrase and breaking it
up with numbers and special characters
– Happy = Hap3py1
– Motorcycle = M0tor6cyc!e
Password Security
 Possible Future Password Requirements
• Decreasing password expiration time
• Certificate authentication
• Use of Biometrics
• Two part identification, where you use a
password and another physical item
Password Security
 Passwords are like Underwear!
• Don’t leave yours lying around
• Don’t Share them with friends
• The longer the better (cold weather)
• Change yours often
• Be mysterious
E-mail Security
 Some common E-mail protocols
 Secure E-mail protocols at the UI
E-mail Security
 Common E-mail protocols
• POP
– Post Office Protocol

Older protocol for downloading messages from an INBOX
• IMAP
– Internet Message Access Protocol

Full featured mail folder access
• SMTP
– Simple Mail Transfer Protocol

Standard for sending and receiving e-mail between clients and
servers, and from server to server
• MAPI
– Mail Application Programming Interface

A set of communication methods and standards used
predominately between Microsoft e-mail clients and servers
E-mail Security
 Secure protocols in place at the University of
Idaho
• POPS
– Pop mail over an SSL connection
• IMAPS
– IMAP over an SSL connection
• SMTP+TLS
– Negotiation of a TLS/SSL connection after connecting
• All popular e-mail clients support the use of
these protocols
Web Security
 Web specific definitions
•
•
•
•
•
HTTP
URL
SSL
Spyware / Adware
Web browser updates
 Some common methods of Web Security
Web Security
 HTTP (Hyper Text Transfer Protocol)
• Modern web browsers are capable of using
multiple protocols to download content although
most data transfers use HTTP
 URL (Uniform Resource Locator)
• “Web Address”
• protocol://server/resource
• http://www.uidaho.edu/registrar
Web Security
 SSL (Secure Sockets Layer)
• Very important on insecure networks such as
wireless
• How to verify SSL in a browser
– https: -- the web address begins with https meaning
the connection is using HTTP over SSL
– Look for a lock icon
– Internet Explorer may display a Security Alert that
states “you are about to view pages over a secure
connection”
Web Security
 SSL (cont’d)
• Certificate Authorities
– A “CA” is an entity that issues certificates
– If you “trust” a CA you will trust the certificates issued
by that CA
– Web browsers come with a standard collection of
common certificate authorities including Verisign,
Geotrust, Thawte, and a number of others
– Be wary of untrusted certificates as it has the
potential of being a man-in-the-middle attack
Web Security
 SSL (cont’d)
Web Security
 Spyware / Adware
• Spyware is software designed to intercept or
take partial control of a computer with out the
express consent of the operator
• Adware is similar to spyware except it is used
primarily for advertising purposes and may have
provided the user with information about its
operation
• Regardless of the network level security, when
browsing, spyware will have access to your data
Web Security
 Web Browser Software Updates
• Update, Update, Update
• Security exploits can use your web browser to
access your system, install software, delete
data, spread viruses, and much, much more.
Peer-to-Peer File sharing
 What is Peer-to-Peer File sharing
 Common applications
 Common issues to consider when using P2P
 How to protect yourself when using P2P
Peer-to-Peer File sharing
 Peer-to-Peer File sharing, or P2P, is using
software to facilitate the transfer of data
between two systems without the need for a
central file server
 Common P2P applications are:
•
•
•
•
Kazaa
eDonkey
Morpheus
Gnutella Clients (Limewire, Bearshare)
Peer-to-Peer File sharing
 Common issues with P2P file sharing
• Copyright issues
• Spyware / Adware
• Zombies
– Remote control
• Key logging
• Security exploits
• Sharing unexpected information
Peer-to-Peer File sharing
 How to protect yourself when using P2P
• Install Antivirus
– Symantec Antivirus
• Check for operating system and software
updates regularly
• Install Spyware Detection Software
– Microsoft Defender Beta 2
– Spybot
– Adaware