Email Security - Applied Computer Science

Download Report

Transcript Email Security - Applied Computer Science

Virus
 Trojan
 Worm
 Adware
 Spyware
 Spam
 Phishing
 Key loggers
 Access Points

Malicious software
 Software written to damage or disrupt a
computer, such as a virus or a trojan
horse.


http://www.hpenterprisesecurity.com/co
llateral/infographics/HP_Ponemon_Infogr
aphic.pdf

A computer virus is a small program
written to alter the way a computer
operates, without the permission or
knowledge of the user. A virus must meet
two criteria:
› It must execute itself. It will often place its
own code in the path of execution of
another program.
› It must replicate itself. For example, it may
replace other executable files with a copy of
the virus infected file. Viruses can infect
desktop computers and network servers
alike.

Some viruses are programmed to damage the
computer by damaging programs, deleting files, or
reformatting the hard disk. Others are not designed
to do any damage, but simply to replicate
themselves and make their presence known by
presenting text, video, and audio messages.
› Even these benign viruses can create problems for the
computer user. They typically take up computer memory
used by legitimate programs.

As a result, they often cause erratic behavior and
can result in system crashes. In addition, many
viruses are bug-ridden, and these bugs may lead
to system crashes and data loss.





Trojan horses are impostors--files that claim to be something
desirable but, in fact, are malicious.
A very important distinction from true viruses is that they do not
replicate themselves, as viruses do. Trojans contain malicious code,
that, when triggered, cause loss, or even theft, of data. In order for a
Trojan horse to spread, you must, in effect, invite these programs
onto your computers--for example, by opening an email
attachment.
The main objective of this type of malware is to install other
applications on the infected computer, so it can be controlled from
other computers.
Additionally, they can capture keystrokes or record passwords
entered by users. Given all these characteristics, they are frequently
used by cyber-crooks, for example, to steal confidential banking
information.
http://www.pandasecurity.com

Worms are programs that replicate themselves from system to
system without the use of a host file. This is in contrast to
viruses, which requires the spreading of an infected host file.

In contrast to viruses, worms are standalone software and do
not require a host program or human help to propagate.

To spread, worms either exploit a vulnerability on the target
system or use some kind of social engineering to trick users
into executing them. A worm enters a computer through a
vulnerability in the system and takes advantage of filetransport or information-transport features on the system,
allowing it to travel unaided.
Worms have also been adapted to fit the
new malware dynamic. Previously, worms
were designed largely to achieve notoriety
for the creators, and were therefore
programmed to spread massively and
infect computers around the world.
 Now, however, worms are more geared
towards generating financial gain. They are
used to create botnets which control
thousands of computers around the world.


A malicious bot is self-propagating malware designed to
infect a host and connect back to a central server or servers
that act as a command and control (C&C) center for an
entire network of compromised devices, or "botnet."

With a botnet, attackers can launch broad-based, "remotecontrol," flood-type attacks against their target(s).

In addition to the worm-like ability to self-propagate, bots can
include the ability to log keystrokes, gather passwords,
capture and analyze packets, gather financial information,
launch DoS attacks, relay spam, and open back doors on the
infected host.

Blended threats combine the
characteristics of viruses, worms, Trojan
horses, and malicious code with server
and Internet vulnerabilities to initiate,
transmit, and spread an attack. By using
multiple methods and techniques,
blended threats can rapidly spread and
cause widespread damage.






Characteristics of blended threats include the following:
Causes harm
Launches a Denial of Service (DoS) attack at a target IP address, defaces
Web servers, or plants Trojan horse programs for later execution.
Propagates by multiple methods
Scans for vulnerabilities to compromise a system, such as embedding code in
HTML files on a server, infecting visitors to a compromised Web site, or
sending unauthorized email from compromised servers with a worm
attachment.
Attacks from multiple points
Injects malicious code into the .exe files on a system, raises the privilege level
of the guest account, creates world read and writeable network shares,
makes numerous registry changes, and adds script code into HTML files.
Spreads without human intervention
Continuously scans the Internet for vulnerable servers to attack.
Exploits vulnerabilities
Takes advantage of known vulnerabilities, such as buffer overflows, HTTP
input validation vulnerabilities, and known default passwords to gain
unauthorized administrative access.
Greyware is malicious software.
 Considered to fall in the "grey area"
between normal software and a virus.
 Greyware is a term for which all other
malicious or annoying software such as
adware, spyware, trackware, and other
malicious code and malicious shareware
fall under.


Any software that covertly gathers user information
through the user's Internet connection without his or her
knowledge.

Spyware applications are typically bundled as a hidden
component of freeware or shareware programs that can
be downloaded from the Internet; however, it should be
noted that the majority of shareware and freeware
applications do not come with spyware.

Once installed, the spyware monitors user activity on the
Internet and transmits that information in the background
to someone else. Spyware can also gather information
about e-mail addresses and even passwords and credit
card numbers.

A form of spyware that collects
information about the user in order to
display advertisements in the Web
browser based on the information it
collects from the user's browsing
patterns.

Some do this with your knowledge.

The act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user
into surrendering private information that will be used for identity
theft.

The e-mail directs the user to visit a Web site where they are
asked to update personal information, such as passwords and
credit card, social security, and bank account numbers, that the
legitimate organization already has. The Web site, however, is
bogus and set up only to steal the user’s information.


How can you recognize a phishing website?
What should you do if you are or think you have been a victim of
a phishing website?

Source http://www.webopedia.com

"Spam" is unsolicited email sent in massive
quantities simultaneously to numerous users,
generally trying to advertise or publicize
certain products or services.

This junk mail is also often used as a
bridgehead for other types of cyber-crime,
such as phishing or email scams.

Spam can be classified into different groups, largely in accordance with the
content of the messages:
I. Advertising spam. This is really the pioneer of all the other types. It
involves advertising products or services, normally at knockdown prices.
The advertising itself and the products advertised (fake designer
products, pharmaceuticals, music, etc.) often infringe intellectual
property rights, patents or health and safety legislation.
Hoaxes. These are simply false or trick messages. They are often ‘chain
emails’, asking the recipient to forward the message to a certain number
of contacts. They contain unlikely stories of social injustice or formulas to
achieve success. The real aim of the hoax is to collect email addresses
(accumulated as the message is forwarded) which are then used for
other types of spam. Sending of these messages is not a crime in itself, as
they have no apparent commercial aim, but the relation with cybercrime is evident, and they are exploiting a legal loophole.
III. Fraudulent spam. As mentioned above, spam is also often used to
launch phishing attacks, scams and other types of fraud through email
messages sent massively to millions of users.
II.

Drive by download- If your computer has a bug in the OS
or program your PC may become infected with malware
simply by visiting a malicious website. You do not even
have to download anything, but just visit the page.

Denial of Service (DOS)- Attack that can crash a
vulnerable program or computer (denies the service).


Remote code execution- Allows an attacker to run any
command on a computer such as installing remote
control software. Holes of this nature are very dangerous.

Zero Day- refers to a flaw that surfaces before
a fix is available.


Proof of concept- A flaw or attack that
researchers have discovered but has yet been
used to exploit computers. Some never get
used to exploit computers.


In the wild- Opposite of proof of concept.
When an exploit is in the wild it is being used to
attack vulnerable computers.
No one thing will make computers and networks completely safe. Instead
users and administrators must apply a variety of methods to decrease
the risk to threats.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Physical Security
Passwords
Windows Updates
Antivirus, adware spyware Software
Firewalls
Wireless access points
Attachments and downloads
Storage of sensitive data.
Proper disposal of old hard drives, CD’s, DVD’S and other mediums.
Turn off Your Computer
Backup of data
Store computer(s) in a private location
that limits who has physical access to it.
 Servers are in a locked temperature
controlled room.


http://www.cbc.ca/news/canada/otta
wa/story/2013/01/25/ottawa-free-creditchecks-after-student-loans-data-loss.html

Make sure that the computer is password protected. Just
having a password set is not enough. Passwords should
consist of at least three of the following traits:
1.
Upper case letters
Lower case letters
Alphanumeric characters (numbers)
Special characters (!@#%&* and so on)
2.
3.
4.


It is also a good idea for passwords to be 6-8 characters in
length
A good Example of this would be WPG05!uw or Pass##99.



It is also a good idea to use different passwords
for different accounts. If one password is
compromised then all of your accounts will not
be vulnerable (school account, bank account,
email, web mail, and so on).
Password aging- Change your password often.
Use different passwords for account sign ups.
Microsoft releases patches/fixes to
problems and vulnerabilities that are
discovered.
 http://v4.windowsupdate.microsoft.com
/en/default.asp
 In it recommended to check for security
updates as often as possible, or set your
computer to accept automatic updates
(inside control panel).


Have antivirus software installed.
› Have it running.
› Be sure to have its virus definitions updated.
› Protect system startups. Make sure to
configure anti-virus software to launch
automatically and run constantly, ensuring
that you’re always protected.
The primary method for keeping a computer secure from
intruders. A firewall allows or blocks traffic into and out of a
private network or the user's computer.
 Firewalls are widely used to give users secure access to the
Internet as well as to separate a company's public Web server
from its internal network.


Windows XP service pack 2 and up (XP-7) comes with a software
firewall

http://www.microsoft.com/windowsxp/using/security/internet/sp
2_wfintro.mspx

Use Encryption
›

Limit Access to Your Network
›
›


Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your
computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice.
It should protect you against most hackers.
Allow only specific computers to access your wireless network. Every computer that is able to communicate with a
network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to
allow only devices with particular MAC addresses to access to the network. Some hackers have mimicked MAC
addresses, so don't rely on this step alone
For home networks be sure to secure all wireless access points via a password.
Change the name of your router from the default. The name of your router (often called
the service set identifier or SSID) is likely to be a standard, default ID assigned by the
manufacturer. Change the name to something unique that only you know.
Change your router's pre-set password. The manufacturer of your wireless router
probably assigned it a standard default password that allows you to set up and operate
the router. Hackers know these default passwords, so change it to something only you
know. Use passwords that are at least 10 characters long: the longer the password, the
tougher it is to crack.
Store Sensitive data offline.
 Eliminate the threat by storing the data
on a computer isolated from the Internet
or on a external hard drive/usb drive.


Don’t open email attachments unless
you know who they are from.
When disposing of old hard drives be
sure to either dispose by physically
destroying or erase the hard drive.
 It is possible to recover old information
that you may have though was “gone”
either because you deleted it or the
computer is “broken”.
 Deploy wiping software



If you’re shopping or banking online, stick to sites that use
encryption to protect your information as it travels from your
computer to their server. To determine if a website is
encrypted, look for https at the beginning of the web address
(the “s” is for secure).
Some websites use encryption only on the sign-in page, but if
any part of your session isn’t encrypted, the entire account
could be vulnerable. Look for https on every page of the site
you’re on, not just where you sign in.



Don’t Assume a Wi-Fi Hotspot is Secure
Most Wi-Fi hotspots don’t encrypt the information you send over the
internet and are not secure.
If you use an unsecured network to log in to an unencrypted site – or
a site that uses encryption only on the sign-in page – other users on
the network can see what you see and what you send. They could
hijack your session and log in as you.
›
New hacking tools – available for free online – make this easy, even for users with
limited technical know-how. Your personal information, private documents,
contacts, family photos, and even your login credentials could be up for grabs.

So what can you do to protect your information? Here are a few
tips:
› When using a Wi-Fi hotspot, only log in or send personal
information to websites that you know are fully encrypted.
To be secure, your entire visit to each site should be
encrypted – from the time you log in to the site until you
log out. If you think you’re logged in to an encrypted site
but find yourself on an unencrypted page, log out right
away.
› Don’t stay permanently signed in to accounts. When
you’ve finished using an account, log out.
› Do not use the same password on different websites. It
could give someone who gains access to one of your
accounts access to many of your accounts.

Many web browsers alert users who try to visit
fraudulent websites or download malicious
programs. Pay attention to these warnings, and
keep your browser and security software up-todate.

Installing browser add-ons or plug-ins can help,
too. For example, Force-TLS and HTTPS-Everywhere
are free Firefox add-ons that force the browser to
use encryption on popular websites that usually
aren't encrypted. They don’t protect you on all
websites – look for https in the URL to know a site is
secure.

It is a god idea of backup all data in
case you need to restore it.
http://www.onguardonline.gov
 http://www.pandasecurity.com

 http://www.webopedia.com
 http://www.symantec.com/business/s
upport/index?page=content&id=TEC
H98539

http://www.hpenterprisesecurity.com/co
llateral/infographics/HP_Ponemon_Infogr
aphic.pdf