Session 3C Computer Security

Download Report

Transcript Session 3C Computer Security

 It’s
a system of safeguards designed to
protect a computer system and data from
deliberate or accidental damage or
access by unauthorized persons.
 The simplest is example is the logon
procedure, requiring the user to enter an
ID and password recognised by the
system.
1
 Unauthorised
disclosure of Information
 Unauthorised
modification of Information
 Unauthorised
withholding of Information
2
 1. Use
protection software "anti-virus
software" and keep it up to date.
 2. Don't open unknown, unscanned or
unexpected email attachments.
 3. Use hard-to-guess passwords.
 4. Protect your computer from Internet
intruders -- use "firewalls".
 5. Don't share access to your computers with
strangers.
 Learn about file sharing risks.
3





7. Back up your computer data.
8. Disconnect from the Internet when not in
use.
9. Regularly download security protection
update "patches".
10. Check your security on a regular basis.
Understand the risks and use measures to
minimize your exposure.
11. Share security tips with family members,
co-workers and friends.
4
Secured Waste
Passwords
Internal
controls
Auditor
checks
5
Routinely
run the Microsoft
System Update Service or
selecting the option to have the
update service run automatically.
6
Microsoft Operating System Auto Update
To enable Microsoft Auto Update
(Windows NT, 2000, XP):
On the taskbar at the bottom of your
screen, click Start, Settings, and then
click Control Panel.
Open Automatic Updates.
(Vista = Windows Update)
Select the auto update solution that
works best for you. **Your computer
must be on and connected to the
internet to use Microsoft’s automatic
update feature
7
 Protect
System and User accounts
• Disable GUEST
• Disable or delete unused accounts
• Rename Administrator account
• Use strong passwords on all accounts
• NEVER use blank passwords
• Disable auto-login setup on your system
8

To manage accounts: Right Click “My Computer”, choose “Manage”
9
 Turn
On Auditing
• Control Panel>Performance and
Maintenance>Administrative Tools>Local Security
Policy
10
11

Turn off Simple File Sharing
• XP - Click Start>My Computer>Tools>Folder
Options>View
• Vista – Organize/Folder and Search Options/View
12
13

Finding a way into the network
• Firewalls
• (fīr´wâl) (n.) A system designed to prevent
unauthorized access to or from a private network.
Firewalls can be implemented in both hardware and
software, or a combination of both. Firewalls are
frequently used to prevent unauthorized Internet
users from accessing private networks connected to
the Internet, especially intranets. All messages
entering or leaving the intranet pass through the
firewall, which examines each message and blocks
those that do not meet the specified security criteria.
Want to know more?
http://www.webopedia.com/TERM/f/firewall.html
14

TCP hijacking
• IPSec Internet Protocol security (IPsec) is a framework of
open standards for protecting communications over
Internet Protocol (IP) networks through the use of
cryptographic security services.
• IPsec supports network-level peer authentication, data
origin authentication, data integrity, data confidentiality
(encryption), and replay protection.
Want to know more? http://technet.microsoft.com/en-us/network/bb531150.aspx




Packet sniffing
• Encryption (HTTPS)
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of
the Hyper Text Transfer Protocol (http). HTTPS allows secure
ecommerce transactions, such as online banking.
Web browsers such as Internet Explorer and Firefox display a
padlock icon to indicate that the website is secure, as it also
displays https:// in the address bar.
When a user connects to a website via HTTPS, the website
encrypts the session with a digital certificate. A user can tell if they
are connected to a secure website if the website URL begins with
https:// instead of http://.
Want to know more?

http://en.wikipedia.org/wiki/Secure_Sockets_Layer
A
firewall is like a castle with a
drawbridge
• Only one point of access into the network
• This can be good or bad
 Can
be hardware or software
• Ex. Some routers come with firewall functionality
• Unix systems, Windows XP and Mac OS X have
built in firewalls
17
Internet
DMZ*
Firewall
Firewall
Web server, email
server, dbms server
etc
Intranet
*In military terms, a demilitarized zone (DMZ) is an area, usually the frontier or
boundary between two or more military powers (or alliances), where military activity
is not permitted, usually by peace treaty, armistice, or other bilateral or multilateral
agreement. Often the demilitarized zone lies upon a line of control and forms a defacto international border.
18
A
firewall examines all traffic routed
between the two networks to see if it
meets certain criteria
19
 Anyone
who is responsible for a private
network that is connected to a public
network needs firewall protection
20



Firewalls allow network administrators to offer
access to specific types of Internet services to
selected LAN* users
*Local Area Network
A local area network (LAN) is a group of computers and associated devices that share a
common communications line or wireless link. Typically, connected devices share the
resources of a single processor or server within a small geographic area (for example,
within an office building). Usually, the server has applications and data storage that are
shared in common by multiple computer users. A local area network may serve as few as
two or three users (for example, in a home network) or as many as thousands of users
Want to Know More?
http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212495,00.html
21
22
 Recall how IP works…
• End hosts create IP packets and routers process
them purely based on destination address alone
 Problem: End
hosts may lie about other fields
which do not affect delivery
• Source address – host may trick destination into
believing that the packet is from a trusted source
 Especially applications which use IP addresses as a
simple authentication method
 Solution – use better authentication methods
 Want to know more?
http://www.norman.com/documents/wp_smurf.shtml
23
A
virus stays on your computer and your
computer only.
 Worms crawl through networks.
 Unlike a worm, a virus cannot infect other
computers without assistance. It is spread
via trading programs with others (file
sharing programs, email).
24
 Symptoms: Sluggish
Pc, Increased
pop-ups, homepage changes, strange
search results.
 Both are data miners, meaning they
are looking for information. Both cause
the above symptoms.
25
 Can
lead to identity theft.
 9 out of 10 pc’s are infected.
 Good place to look for info?
http://www.webroot.com/spywareinformation
26




Spyware -- Any software that covertly gathers user
information through the user's Internet connection without
his or her knowledge, usually for advertising purposes.
Spyware applications are typically bundled as a hidden
component of freeware or shareware programs that can be
downloaded from the Internet.
Spyware works like adware but is usually a separate
program that is installed unknowingly when you install
another freeware type program or application.
Once installed, the spyware monitors user activity on the
Internet and transmits that information in the background to
someone else.
Spyware can also gather information about email addresses
and even passwords and credit card numbers.
 adware
(spelled all lower case) is any
software application in which advertising
banners are displayed while the program is
running.
 The authors of these applications include
additional code that delivers the ads, which
can be viewed through pop-up windows or
through a bar that appears on a computer
screen.
 The justification for adware is that it helps
recover programming development cost
and helps to hold down the cost for the user.



You can try to do it manually- but is often very difficult.
Often it can disrupt major computer processes.
You can check out the following free programs:
• AdAware
• SpySweeper (both versions, free&pay)
NOTE: Please be careful when downloading these tools, some
programs claim to remove spyware, but instead, come with
their own spyware embedded.
Want to know more?
http://www.adware.com/
29
 Norton
and McAfee come with many new
computers for trial periods.
 After your “trial period” it will prompt
you to buy the program. What you are
paying for is to stay updated on virus
definitions (meaning the # of viruses your
antivirus is able to detect).
 If you don’t stay up-to-date, then your
ability to ward off viruses and remove
them becomes limited.
30
1.
2.
3.
4.
5.
Back Orifice 2000
NetBus PRO
SUb7
Netcat
Shed.exe
Want to know more? http://www.darknet.org.uk/category/hackingtools/
31
 Every
web page you visit leaves its mark.
Go to Control Panel  Internet Options
Then delete cookies, Temporary
Internet Files, and History.
 This will keep your machine “fresh”.
32
 Fun
Example 1:
• “Hi, I’m your TELSTRA representative, I’m stuck
on a pole. I need you to punch a bunch of
buttons for me”
33
 Fun Example 2:
• Someone calls you in the middle of the night
 “Have you been calling Egypt for the last six
hours?”
 “No”
 “Well, we have a call that’s actually active right now,
it’s on your calling card and it’s to Egypt and as a
matter of fact, you’ve got about $2000 worth of
charges on your card and … read off your AT&T card
number and PIN and then I’ll get rid of the charge
for you”
34

There aren’t always solutions to all of these problems
• Humans will continue to be tricked into giving out information
they shouldn’t
• Educating them may help a little here, but, depending on how
bad you want the information, there are a lot of bad things you
can do to get it

So, the best that can be done is to implement a wide
variety of solutions and more closely monitor who has
access to what network resources and information
• But, this solution is still not perfect
35
 The
Internet works only because we
implicitly trust one another
 It is very easy to exploit this trust
 The same holds true for software
 It is important to stay on top of the latest
CERT* security advisories to know how
to patch any security holes

*Computer Emergency Response Team
Want to know more?
http://www.cert.org/
36

Convenience
Security

There is an inverse
relationship
between
convenience
(ease-of-use) and
security.
As you increase
security, you lose
convenience.
37
 Students
to activate the firewall in their
system
38
 Students
to research ways that
communications can be breached/
intercepted on the internet and discuss
how they would prevent them.
 Do in groups and then report to the class.
39