Mechanisms such as encryption, firewalls, and vulnerability

Download Report

Transcript Mechanisms such as encryption, firewalls, and vulnerability

Coursework in Cybersecurity
Goal: Learn concepts and tools for hardening computer
devices and systems against attack.
• Topics include:
1.
2.
•
Security services, such as authentication, authorization,
and accounting, required for security goals, such as
confidentiality, integrity, and availability (NIST).
Mechanisms such as encryption, firewalls, and
vulnerability assessment.
Hands-on assignments include:
1.
2.
Utilizing network and operating system mechanisms that
support security.
Testing and analyzing open-source software tools on
different platforms, such as Windows and Linux virtual
machines hosted on a VMware hypervisor.
The Need for Vigilance
• At home
– There have been increases in attacks on wireless
devices and home computers.
• At work
– There have been increases in Internet attacks and
extortions.
• In our country
– Cyber-warfare tools have been utilized and are of
increasing danger to our infrastructure.
Symantec threat report 2015
Highlights from Symantec Corporation Internet Security
Threat Report 2015
http://www.symantec.com/security_response/publications/threatreport.jsp
“Last
year, 60 percent of all targeted attacks struck small- and medium-sized
organizations. These organizations often have fewer resources to invest in
security, and many are still not adopting basic best practices like blocking
executable files and screensaver email attachments. This puts not only the
businesses, but also their business partners, at higher risk.”
“Attackers also perfected watering hole attacks, making each attack
more selective by infecting legitimate websites, monitoring site visitors and
targeting only the companies they wanted to attack.” {A watering hole attack
seeks to penetrate associates of the targeted company and to use the trusted
associates to attack the targeted companies.}
Symantec threat report 2015
“Digital Extortion on the Rise: 45 Times More People Had Their
Devices Held Hostage in 2014”
While most people associate “extortion” with Hollywood films and mafia bosses,
cybercriminals have used ransomware to turn extortion into a profitable enterprise,
attacking big and small targets alike.
Ransomware attacks grew 113 percent in 2014, driven by more than a 4,000
percent increase in crypto-ransomware attacks. Instead of pretending to be law
enforcement seeking a fine for stolen content, as we’ve seen with traditional
ransomware, crypto-ransomware holds a victim’s files, photos and other digital media
hostage without masking the attacker’s intention. The victim will be offered a key to
decrypt … files, but only after paying a ransom that can range from $300-$500—and
there’s no guarantee their files will be freed.
In 2013, crypto-ransomware accounted for a negligible percentage of all
ransomware attacks (0.2 percent, or 1 in 500 instances). However, in 2014, cryptoransomware was seen 45 times more frequently. While crypto-ransomware
predominately attacks devices running Windows, Symantec has seen an increase in
versions developed for other operating systems. Notably, the first piece of cryptoransomware on mobile devices was observed on Android last year.”
‘
Symantec threat report 2015
“Cybercriminals Are Leveraging Social Networks and Apps to
Do Their Dirty Work”
“Email remains a significant attack vector for cybercriminals, but
there is a clear movement toward social media platforms. In 2014, Symantec
observed that 70 percent of social media scams were manually shared. These
scams spread rapidly and are lucrative for cybercriminals because people are
more likely to click something posted by a friend.
Mobile devices were also ripe for attack, as many people only
associate cyber threats with their PCs and neglect even basic security
precautions on their smartphones. In 2014, Symantec found that 17 percent of
all Android apps (nearly one million total) were actually malware in disguise.
Additionally, grayware apps, which aren’t malicious by design but do
annoying and inadvertently harmful things like track user behavior, accounted
for 36 percent of all mobile apps.”
Symantec threat report 2015
“The Internet of Things is not a new problem, but an
ongoing one.”
“Symantec continued to see attacks against Point of Sales systems, ATMs,
and home routers in 2014. These are all network-connected devices with an embedded
operating system, though they’re not often considered part of the Internet of Things
(IoT). Whether officially part of the IoT or not, attacks on these devices further
demonstrate that it’s no longer only our PCs at risk. And the potential for cyberattacks
against cars and medical equipment should be a concern to all of us.
Risks to many IoT devices are exacerbated by the use of smartphones as a
point of control. Symantec discovered that 52 percent of health apps—many of which
connect to wearable devices—did not have so much as a privacy policy in place, and 20
percent sent personal information, logins, and passwords over the wire in clear text.
Some of this may reflect the attitudes of end users. In a Norton survey, one in
four admitted they did not know what they agreed to give access to on their phone
when downloading an application and 68 percent were willing to trade their privacy for
nothing more than a free app.”
Kaspersky Labs http://usa.kaspersky.com
• Key requirement: to survive the age of cyber-warfare.
• Kaspersky Lab cites the need to protect vulnerable industrial systems.
• “In the long run, cyber-warfare is where all parties lose: attackers,
victims and even uninvolved observers. Unlike traditional weapons, tools
used in cyber-warfare are very easy to clone and reprogram by
adversaries. The most important move to survive in this environment is
the development and deployment of a new, advanced security paradigm
for critical infrastructure.” Eugene Kaspersky
• “The ongoing escalation of the cyber-arms race increases threats to
critical infrastructure.
• Cyber-warfare is a universal threat with no respect for borders. Its impact
on critical industrial systems and infrastructure can be disastrous.”
Interview with Eugene Kaspersky
http://usa.kaspersky.com/about-us/press-center/eugene-kaspersky-social-media-chat
• Eugene Kaspersky: ‘I wish I could say “the world is getting much safer”,
but, unfortunately, there are definitely more threats to come. One of the
reasons is the constant growth in the number of computers, and now
smartphones. There are more than 1.3 billion mobile devices with access to
the Internet right now. And each and every one of them (well, almost), is
connected to social networks with very confidential personal data such as
ID info, paid online accounts data (such as Skype, World of Warcraft,
PayPal etc.), bank account information. And cybercriminals see that growth
and try to use this growing infrastructure for evil purposes.
• Plus, there’s a number of really huge cyber-weapons we’ve discovered this
year (on our own and together with our partners).The governments are
starting to bring espionage and warfare tools to the online world. And I’m
afraid it would take a lot of guts, time and efforts to fight them.’
Kaspersky Labs http://usa.kaspersky.com/
• “In Q2 2015, botnet-assisted DDoS attacks targeted
•
•
•
•
victims in 79 countries across the world.
77% of botnet-assisted attacks targeted resources located
in 10 countries.
The largest numbers of DDoS attacks targeted victims in
China and the USA. South Korea has risen to the third
place.
The longest DDoS attack in Q2 2015 lasted for 205 hours
(or 8.5 days).
SYN DDoS and TCP DDoS were the most common
scenarios of DDoS attacks. HTTP DDoS was displaced to
the third position.”
Digital Attack Map
http://www.digitalattackmap.com
• Arbor Networks together with Google has created a data visualization map
to show how serious DDoS attacks have become.
• Arbor Networks Reports the Most Volumetric DDoS Attacks Ever in
the First Half of 2014
•
1H 2014 saw 100+ attacks larger than 100GB/sec
•
NTP reflection attacks responsible for nearly 50% of attacks over
100GB/sec
• BURLINGTON, MA., July 15, 2014 – Arbor Networks Inc., “a leading
provider of DDoS and advanced threat protection solutions for enterprise
and service provider networks, today released global DDoS attack data
derived from its ATLAS® threat monitoring infrastructure. The data shows
an unparalleled number of volumetric attacks in the first half of 2014 with
over 100 attacks larger than 100GB/sec reported.”
• Data includes: traffic volume; ports; countries attacking and being attacked
DDoS Attacks
• Anonymous Attacked PayPal, Visa, MasterCard 2010-2011
• PayPal suspended payments to Wikileaks fundraising account.
• Estimated cost to PayPal 3.5 million pounds
•
Oct. 2014. “An unclassified portion of the White House network has been hit
with what appears to be an ongoing cyber attack. Efforts to mitigate the threat
have resulted in temporary system outages and loss of network connectivity for
some users.” http://www.ddosattacks.net
•
March 30, 2015 — “As Rutgers University works to recover from a weekend
cyber attack, Fairleigh Dickinson University officials confirm that a similar
attack shut down the university's own computer network Saturday. Dina
Schipper, director of university public relations, confirmed that the university
was hit with a denial of service attack on Saturday. Both the Teaneck and
Florham Park campuses were affected, Schipper said”
http://www.nj.com/middlesex/index.ssf/2015/03/cyber_attacks_hit_fairleigh_dickinson_rutgers_work.html
Confidentiality Attacks
“The hackers who stole personal data on 4 million
government employees from the U.S. Office of Personnel
Management sneaked past a sophisticated counter-hacking
system called Einstein 3, a highly-touted, multimilliondollar and mostly secret technology that’s been years in the
making.”
http://www.bloomberg.com/news/articles/2015-06-06/china-hackers-got-past-costly-u-s-computer-securitywith-ease from Bloomberg Business
Michael Riley June 5, 2015
What can we do?
Learn the fundamentals of cybersecurity
• Network Security
• Information Security
• Cryptography
Aims include:
• Understand the threats and vulnerabilities
• Learn how to harden your systems
To understand Network Security, first
study the Internet and the Web
• Investigate network functions
Routing, addressing, protocol layers
• Investigate network and Internet
vulnerabilities
– Open ports, fragmentation, spoofing
– Turn off Obsolete services
• Investigate web vulnerabilities
– Corrupted DNS servers, hosts file
– Corrupted web sites
Sample Projects on Virtual Machines
• Network commands include:
– ipconfig, ifconfig, netstat, arp, ping, nslookup,
route , traceroute
• Reconnaissance tools include:
– wireshark, nmap, etherape, snort, nessus
Windows command prompt
execution of ipconfig
Three virtual machines obtain their and their gateway IP and MAC addresses
All execute netstat to find open ports on their own machines
Netstat in Windows
•
netstat –a displays current Internet connections as well as listening and closing
ports
Linux environment
execution of command “top” to see system performance in response to nmap
scan
EtherApe,
a graphical network monitor
Our client XP virtual machine, hosted on a VMware hypervisor (virtual machine
manager), is accessing www.google.com (green ray). The client XP machine, a
Windows server machine, and a Linux machine ping each other (red rays). There is
continual communication between all three virtual machines and the gateway using
protocols such as ICMP, HTTP, TCP, SMB (Server Message Block), DNS, etc.
Wireshark (www.wireshark.org)
Network protocol analyzer
Display of TCP protocol and network traffic
•
Wireshark
network traffic; protocols used; data sent
Wireshark
Traffic Analysis: request and response
Nmap (nmap.org)
Security scanner
Finds open ports, host operating system, services offered.
Effectively used on your own machine as well as others.
SNORT
Intrusion detection using events, a database, and A.I.
Monitoring of the nmap Xmas tree scan by SNORT is shown.
What do you gain from a computer
security course?
• Protect your machine.
– Learn about system vulnerabilities.
– Learn how to harden your system
– Learn how to use security tools
• Understand network interactions
– Monitor network traffic
– Understand Internet and host vulnerabilities
• Be familiar with leading security organizations
and the information that they provide.