Introduction

Download Report

Transcript Introduction

CIT 380: Securing Computer Systems
PC Security
CIT 380: Securing Computer Systems
Slide #1
Topics
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
MS Windows
Web Browsing
Spyware
Viruses
Personal Firewalls
Being a Regular User
Physical Protection
Home Wireless
Disk Security
Using Public PCs
CIT 380: Securing Computer Systems
Slide #2
MS Windows
Single-user OS heritage causes problems.
– Original design had no security, networking.
– Later versions added increasing security.
•
•
•
•
NT: multiple users, file ACLs.
XP: NT+95 with many insecure services.
XP SP2: firewalls off many insecure services.
Vista: tries to separate user/admin like UNIX.
– Software still designed for single user no security.
• Must run software as admin.
• Sometimes can reconfigure OS to run w/o admin.
CIT 380: Securing Computer Systems
Slide #3
MS Windows
Tight integration of OS with applications.
– IE and Outlook tied deeply to OS.
– Complexity leads to more security issues.
– Compromises of IE typicallys compromises OS.
Patch Tuesday
– Day Microsoft releases security patches.
– Second Tuesday of each month.
– Important patches rarely made available earlier .
CIT 380: Securing Computer Systems
Slide #4
Web Browsing
• No safe browser.
• Complexity
–
–
–
–
–
–
–
ActiveX
Javascript
Flash
Java
HTML
XML
Images
CIT 380: Securing Computer Systems
Slide #5
Securing your Browser
• Keep it updated
– Firefox auto-updates.
– Windows update for IE.
• Firefox security extensions
–
–
–
–
–
Flashblock
NoScript
SiteAdvisor
Netcraft
PasswordMaker
• Sandboxing
– VMWare Virtual Browser Appliance
– Protected Mode IE (Windows Vista)
CIT 380: Securing Computer Systems
Slide #6
3. Adware and Spyware
•
•
•
•
•
•
Annoying?
Harmful?
Legal?
Removal Tools
Recommendations
Resources
CIT 380: Securing Computer Systems
Slide #7
Annoyance Factors
Tracking surfing habits
• Uses resources on your computer
• Uses internet bandwidth
• Collects data about you, possibly without your
permission
Can interfere with computer operations
• Can reset your home page
• Can cause popup ads to appear randomly and regularly
May actually install with “desirable” software –and
permission hidden in a license agreement.
CIT 380: Securing Computer Systems
Slide #8
Is Spyware Legal?
Beware of the license agreement.
• To most users, a phrase such as "may include software that will
occasionally notify you of important news" is NOT equivalent
to "will place a stealthy Trojan Horse on your system that you
can't get rid of, which will collect information about you and
send it to us, and allow us to bother you with targeted
advertisements all day".
• Once the user has "agreed" with the License Agreement,
Spyware provider is much more immune from potential
lawsuits.
• Some Spyware companies do not mention the Spyware at all,
laying blame on the company that provided you the freeware
with the Spyware attached.
CIT 380: Securing Computer Systems
Slide #9
Is Spyware Legal?
The FTC alleges the stealthy downloads violate
federal law and asked the court to order a
permanent halt to one vendor:
– On October 5, 2005, the Federal Trade Commission
asked a U.S. District Court judge to halt an operation by
Odysseus Marketing and its principal, Walter Rines.
– The advertised “free” software supposedly allowed
consumers to engage in peer-to-peer file sharing
anonymously. The FTC maintains that it does not.
– The software could not be uninstalled by the consumers
whose computers it infected.
CIT 380: Securing Computer Systems
Slide #10
Anti-Spyware Tools
Free tools
–
–
–
–
AdAware
Hijack This
Spybot Search & Destroy
Windows Defender
Caveat emptor
– Some anti-spyware tools are spyware themselves.
– Use more than one tool to find all problems.
CIT 380: Securing Computer Systems
Slide #11
Anti-Spyware Resources
Ben Edelman
– http://www.benedelman.org/spyware/
– Legal, EULA issues.
Gibson Research
– http://www.grc.com/
Spyware Guide
– http://www.spywareguide.com/
Spyware Info
– http://www.spywareinfo.com/
CIT 380: Securing Computer Systems
Slide #12
Anti-virus Software
• What should an AV tool do that it didn’t do
last year?
– Scan instant message attachments explicitly
• What are the current “best” tools?
• Is a bundle better?
• Tips to maximize protection from your AV
software suite
CIT 380: Securing Computer Systems
Slide #13
Current Tools
AVG Anti-Virus
– Good, free anti-virus tool for personal use.
– Sells commercial version with support.
Norton AntiVirus
– www.symantec.com
Kaspersky AV Personal
– www.kaspersky.com
McAfee VirusScan
– http://www.mcafee.com/us/
Trend Micro PC-Cillin
– http://us.trendmicro.com/us/products/personal/trend-micro-internet-security2007/
CIT 380: Securing Computer Systems
Slide #14
Tips to maximize AV software
• Important to update virus signatures regularly
– Live Updates
– Manual updates
– Should update signature database on daily basis.
• Set AV to scan attachments, including IM
attachments
• Set email to NOT display any portion of messages
until you open them.
CIT 380: Securing Computer Systems
Slide #15
Tips to maximize AV software
• Don’t open suspicious emails
– A security hole in MS Outlook and IE5 allowed the
Bubble Boy virus to infect when the email was opened
• If the security hole had not been patched,
VBS.BubbleBoy inserted the Update.hta file as soon
as the email was opened
• http://www.symantec.com/avcenter/venc/data/vbs.bu
bbleboy.html
• Don’t open any links sent via IM
CIT 380: Securing Computer Systems
Slide #16
Install a Firewall
•
•
•
•
Why use a firewall?
How do firewalls work?
Windows Firewall Tools
Tips to get the best protection from a firewall
CIT 380: Securing Computer Systems
Slide #17
What is a Firewall?
A software or hardware component that
restricts network communication between
two computers or networks.
In buildings, a firewall is a fireproof wall
that restricts the spread of a fire.
Network firewall prevents threats from
spreading from one network to another.
CIT 380: Securing Computer Systems
Slide #18
Why Use a firewall?
• Protects PC from network attacks.
• Open ports
– Windows RPC, NetBIOS services.
– Your services: web, file/print sharing, remote
access.
• Prevent outgoing packets from
– Spyware phoning home.
– Botnet/worm attacks against other PCs.
CIT 380: Securing Computer Systems
Slide #19
Types of Firewalls
Personal firewall
– Software tool runs on PC.
– Protects a single machine.
– Fine-grained protection.
External firewall
– Typically integrated with router.
– Protects all machines on subnet behind it.
– Coarse-grained protection.
CIT 380: Securing Computer Systems
Slide #20
How does a firewall work?
Methods used by a firewall
– Packet filtering
• Examines every incoming packet header and selectively filters
packets based on
• address, packet type, port request, and other factors
• The restrictions most commonly implemented are based on:
– IP source and destination address
– Direction (inbound or outbound)
– TCP or UDP source and destination port-requests
– Access control list
• A user must train a firewall, hence they are more complex to
implement than AV software
CIT 380: Securing Computer Systems
Slide #21
Better packet filtering:
Stateful Inspection
• Keeps track of
– Each packet and its network connection in a state table
– Access Control List determines whether to allow the
packet to pass
– connectionless packet traffic such as UDP and remote
procedure calls (RPC) traffic
• The primary disadvantage
– the additional processing requirements of managing and
verifying packets against the state table
– Increases potential for a denial of service attack
CIT 380: Securing Computer Systems
Slide #22
Training a personal firewall
• User sets up rules for access by watching pop up
alerts from the firewall and allowing or denying
traffic
• This creates an access control list for specific IP
addresses and applications
– You will probably allow your browser access
automatically when you open it
– You may not want MS word to access the internet
automatically
• Takes time to train your firewall
• Home network routers often include hardware
firewall protection; look for one with stateful
inspection
CIT 380: Securing Computer Systems
Slide #23
Windows Firewall Tools
• ZoneAlarm is free and available at Zonelabs.com
– Has received many awards
– Worth a try if you haven’t used one.
• Norton Internet Security
– Includes firewall and AV software
– Requires annual subscription
• Panda
• Use shields UP! From Gibson research to test your
firewall before and after http://www.grc.com
CIT 380: Securing Computer Systems
Slide #24
Use a non-Administrator Account
• Must have administrator privileges to install
software
• Start | Control Panel | User Accounts | Add
User Account | Create a new account
• Pick Type of Account: Limited (Restricted
User)
CIT 380: Securing Computer Systems
Slide #25
Don’t allow your computer to boot
from a floppy or CD-ROM
• Restart your computer
• F2 during reboot to enter setup
• Boot Sequence menu
• Set PC to boot only from hard disk
CIT 380: Securing Computer Systems
Slide #26
Boot Sequence
1.
2.
3.
4.
•
•
Diskette Drive
IDE CD-ROM Device
Hard-Disk Drive C:
Integrated NIC
Space to enable/disable
+/- move down/up
CIT 380: Securing Computer Systems
Slide #27
Prevent Changes to BIOS
•
•
•
•
•
Restart your computer
F2 during reboot to enter setup
System Security menu
Enable System Security menu item
Enter a password and confirm it
CIT 380: Securing Computer Systems
Slide #28
Use Strong Passwords
• Want a long password with upper & lower case
letter, digits, and special characters.
• Avoid words, dates, other guessable items.
• Avoid password re-use.
• Use a password manager tool.
• Techniques
– Use first letter of each word of a phrase.
– Use a line of code
• Java: Sum+=5*B;
• HTML: <li>Item#1</li>
CIT 380: Securing Computer Systems
Slide #29
Secure Your Wireless Home
Network
• Newest Cisco routers use Secure Easy Setup
(SES)
• Follow all the procedures that you would for
a desktop
• Use www.grc.com tools to test regularly
• Use WPA- Wi-Fi Protected Access and WEP
encryption
CIT 380: Securing Computer Systems
Slide #30
Security Threats Facing Wireless
Networks
Wireless networks are easy to find.
–
–
–
Hackers know that in order to join a wireless network,
wireless networking products first listen for "beacon
messages".
These messages are unencrypted and contain much of
the network’s information, such as the network’s SSID
(Service Set Identifier) and the IP Address of the
network PC or access point.
Hackers use the beacon messages to access free
bandwidth and free Internet access through your
wireless network. This is called “Warchalking”.
CIT 380: Securing Computer Systems
Slide #31
Steps to Wireless Setup
• Change the default network name
• Disable broadcast
• Change the default password needed to access
the wireless device
• Enable MAC address filtering
• Enable WEP 128-bit Encryption.
CIT 380: Securing Computer Systems
Slide #32
Change default passwords and names
needed to access the wireless device
• Change the default network name
– Linksys default network name is “linksys”
• Change administrator password regularly
– Default is often “administrator”
• Network settings can only be changed by the
administrator
• Hackers know default passwords and weak
passwords to try and access your network
• Changing names and passwords regularly is good
policy
CIT 380: Securing Computer Systems
Slide #33
Enable WEP 128-bit Encryption
•
•
•
•
Not a panacea, but can thwart hackers
Can reduce network performance
Use multiple keys
Change the WEP encryption keys
periodically.
• Can be broken: use a secure, encrypted
protocol like ssh or SSL at application level
for defense in depth.
CIT 380: Securing Computer Systems
Slide #34
Enable MAC Address filtering
• Allows you to provide access to only
those wireless nodes with certain MAC
Addresses.
• Hacker can’t access your network with
a random MAC address.
• But more knowledgeable hackers can
change their MAC address to match an
allowed one.
CIT 380: Securing Computer Systems
Slide #35
Encrypt Sensitive Files
• Windows XP Encrypting File System (EFS)
for encrypting files
• GnuPG for encrypting files and email
messages
CIT 380: Securing Computer Systems
Slide #36
Windows XP Encrypting File
System (EFS)
• EFS is not available with XP Home Edition
• Reference: Microsoft Windows XP Inside
Out – Chapter 14
• Right Click in Windows Explorer on the
folder
• Choose Properties | General Tab | Advanced
Button | Encrypt contents to secure data
• File names are green in Window Explorer
CIT 380: Securing Computer Systems
Slide #37
CIT 380: Securing Computer Systems
Slide #38
CIT 380: Securing Computer Systems
Slide #39
truecrypt
• Encase, computer forensic tool, can break
EFS
• Free open source - http://www.truecrypt.org/
• http://www.truecrypt.org/docs/
– Beginner’s tutorial
– Plausible Deniability – Hidden Volume
CIT 380: Securing Computer Systems
Slide #40
GnuPG
• GnuPG is an open-source encryption tool for
Windows and Linux
• Complete and free replacement for PGP
(www.gnupg.org)
• http://wolfram.org/writing/howto/gpg.html
– (CD: gpg.html)
• Install Windows Privacy Tray (WinPT)
CIT 380: Securing Computer Systems
Slide #41
Enigmail
• Install Thunderbird mail client from
www.mozilla.org
• Download Enigmail extension from
www.mozilla.org
• Add a menu item to encrypt and decrypt
email using GnuPG
CIT 380: Securing Computer Systems
Slide #42
Erase your hard drive when
decommissioning your computer
• Simson Garfinkel, “Hard-Disk Risk” (CD:
20003.CS0.04.Hard_disk_risk.htm)
• Found a lot of sensitive information on recycle hard
disks
• “Running FDisk on a 10GB drive overwrites only
0.01 percent of the drive’s sectors.”
CIT 380: Securing Computer Systems
Slide #43
Darik’s Boot and Nuke
• Hard disk sterilization on bootable floppy
• Put floppy into the computer which has the drive you
want to erase and reboot.
• Download from http://dban.sourceforge.net/
–
–
–
–
Free.
Fast. Rapid deployment in emergency situations.
Easy. Start the computer with DBAN and press ENTER.
Safe. Irrecoverable data destruction. Prevents most forensic
data recovery techniques.
CIT 380: Securing Computer Systems
Slide #44
Backup your system regularly
• “Hard Disk Quality and Reliability”,
http://www.pcguide.com/ref/hdd/perf/qual/in
dex.htm (see quotes from the article)
– “While the technology that hard disks use is very
advanced, and reliability today is much better
than it has ever been before, the nature of hard
drives is that every one will, some day, fail.”
• “full recovery usually starts at a few hundred
dollars and proceeds from there.”
CIT 380: Securing Computer Systems
Slide #45
Ntbackup utility
1. Find ntbackup.exe
–
–
–
Start | Programs | Accessories | System Tools
Or
C:\dell\Tech Tools\System Tools\ Backup Or
Run C:\WINDOWS\system32\ntbackup.exe
2. Run the Backup/Restore Wizard
3. Choose a place to save your backup
–
C:\temp\Backup
4. Creates a file Backup.bkf
CIT 380: Securing Computer Systems
Slide #46
Create Backup CD
1. Run your CD creator
2. Make a data CD
3. Add Backup.bkf to the CD
CIT 380: Securing Computer Systems
Slide #47
Simple Quick Backup
Copy My Documents folder to a CD or USB
CIT 380: Securing Computer Systems
Slide #48
Safe use of public PCs
• Kinko's Case Highlights Internet Risks
– (CD: Kinko.htm)
• “For more than a year, unbeknownst to people who
used Internet terminals at Kinko's stores in New
York, Juju Jiang was recording what they typed,
paying particular attention to their passwords. Jiang
had secretly installed, in at least 14 Kinko's stores,
software that logs individual keystrokes. He
captured more than 450 user names and passwords,
using them to access and even open bank accounts
online. ”
CIT 380: Securing Computer Systems
Slide #49
Keyloggers
• Capture keystrokes
• Can steal passwords and credit card numbers
• Can email or ftp the file containing the
keystrokes
• Keyghost (http://www.keyghost.com )
• Keyloggers are difficult to detect
• Look at an ordinary system process
CIT 380: Securing Computer Systems
Slide #50
Public PCs
•
•
•
•
Kinko’s
Cyber cafes
Public Libraries
Hotels
CIT 380: Securing Computer Systems
Slide #51
Using Public PCs
• Avoid using important accounts (bank, etc.)
• Remove web browser data
– Cache, history, cookies, form data.
• Remove temporary files
– Start | Search | All files and folders | when it was
modified? | today
– Empty recycle bin
CIT 380: Securing Computer Systems
Slide #52
References
1. Matt Bishop, Introduction to Computer
Security, Addison-Wesley, 2005.
2. Thomas C. Greene, Computer Security for
the Home and Small Office, Apress
3. Andrew Conry-Murray & Vincent Weafer,
The Symantec Guide to Home Internet
Security, Addison Wesley
CIT 380: Securing Computer Systems
Slide #53