Cit 380 securing computer systems
Download
1 / 57

CIT 380: Securing Computer Systems - PowerPoint PPT Presentation


CIT 380: Securing Computer Systems. PC Security. Topics. MS Windows Web Browsing Spyware Viruses Personal Firewalls Being a Regular User Physical Protection Home Wireless Disk Security Using Public PCs. MS Windows. Single-user OS heritage causes problems.

Related searches for CIT 380: Securing Computer Systems

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

CIT 380: Securing Computer Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


CIT 380: Securing Computer Systems

PC Security

CIT 380: Securing Computer Systems


Topics

  • MS Windows

  • Web Browsing

  • Spyware

  • Viruses

  • Personal Firewalls

  • Being a Regular User

  • Physical Protection

  • Home Wireless

  • Disk Security

  • Using Public PCs

CIT 380: Securing Computer Systems


MS Windows

Single-user OS heritage causes problems.

  • Original design had no security, networking.

  • Later versions added increasing security.

    • NT: multiple users, file ACLs.

    • XP: NT+95 with many insecure services.

    • XP SP2: firewalls off many insecure services.

    • Vista: tries to separate user/admin like UNIX.

CIT 380: Securing Computer Systems


MS Windows

  • Software still designed for single user no security.

    • Must run software as admin.

    • Sometimes can reconfigure OS to run w/o admin.

CIT 380: Securing Computer Systems


MS Windows

Tight integration of OS with applications.

  • IE and Outlook tied deeply to OS.

  • Complexity leads to more security issues.

  • Compromises of IE typically compromises OS.

CIT 380: Securing Computer Systems


MS Windows

Patch Tuesday

  • Day Microsoft releases security patches.

  • Second Tuesday of each month.

  • Important patches rarely made available earlier.

CIT 380: Securing Computer Systems


Web Browsing

  • No safe browser.

  • Complexity

    • ActiveX

    • Javascript

    • Flash

    • Java

    • HTML

    • Images

CIT 380: Securing Computer Systems


Securing your Browser

  • Keep it updated

    • Firefox auto-updates.

    • Windows update for IE.

  • Firefox security extensions

    • Tools | Add-ons | Get Extensions

    • Flashblock

    • NoScript

    • Netcraft

    • PasswordMaker

  • Sandboxing

    • VMWare Virtual Browser Appliance

    • Protected Mode IE (Windows Vista)

CIT 380: Securing Computer Systems


3. Adware and Spyware

  • Annoying?

  • Harmful?

  • Legal?

  • Removal Tools

  • Recommendations

  • Resources

CIT 380: Securing Computer Systems


Annoyance Factors

Tracking surfing habits

  • Uses resources on your computer

  • Uses internet bandwidth

  • Collects data about you, possibly without your permission

    Can interfere with computer operations

  • Can reset your home page

  • Can cause popup ads to appear randomly and regularly

    May actually install with “desirable” software –and permission hidden in a license agreement.

CIT 380: Securing Computer Systems


Is Spyware Legal?Beware of the license agreement.

  • To most users, a phrase such as "may include software that will occasionally notify you of important news" is NOT equivalent to "will place a stealthy Trojan Horse on your system that you can't get rid of, which will collect information about you and send it to us, and allow us to bother you with targeted advertisements all day".

  • Once the user has "agreed" with the License Agreement, Spyware provider is much more immune from potential lawsuits.

  • Some Spyware companies do not mention the Spyware at all, laying blame on the company that provided you the freeware with the Spyware attached.

CIT 380: Securing Computer Systems


Is Spyware Legal?

The FTC alleges the stealthy downloads violate federal law and asked the court to order a permanent halt to one vendor:

  • On October 5, 2005, the Federal Trade Commission asked a U.S. District Court judge to halt an operation by Odysseus Marketing and its principal, Walter Rines.

  • The advertised “free” software supposedly allowed consumers to engage in peer-to-peer file sharing anonymously. The FTC maintains that it does not.

  • The software could not be uninstalled by the consumers whose computers it infected.

CIT 380: Securing Computer Systems


Anti-Spyware Tools

Free tools

  • AdAware

  • Hijack This

  • Spybot Search & Destroy

  • Windows Defender

    Caveat emptor

  • Some anti-spyware tools are spyware themselves.

  • Use more than one tool to find all problems.

CIT 380: Securing Computer Systems


Anti-Spyware Resources

Ben Edelman

  • http://www.benedelman.org/spyware/

  • Legal, EULA issues.

    Gibson Research

  • http://www.grc.com/

    Spyware Guide

  • http://www.spywareguide.com/

    Spyware Info

  • http://www.spywareinfo.com/

CIT 380: Securing Computer Systems


Anti-virus Software

  • What should an AV tool do that it didn’t do last year?

    • Scan instant message attachments explicitly

  • What are the current “best” tools?

  • Is a bundle better?

  • Tips to maximize protection from your AV software suite

CIT 380: Securing Computer Systems


Current Tools

AVG Anti-Virus

  • Good, free anti-virus tool for personal use.

  • Sells commercial version with support.

    Norton AntiVirus

  • www.symantec.com

    Kaspersky AV Personal

  • www.kaspersky.com

    McAfee VirusScan

  • http://www.mcafee.com/us/

    Trend Micro PC-Cillin

  • http://us.trendmicro.com/us/products/personal/trend-micro-internet-security-2007/

CIT 380: Securing Computer Systems


Tips to maximize AV software

  • Important to update virus signatures regularly

    • Live Updates

    • Manual updates

    • Should update signature database on daily basis.

  • Set AV to scan attachments, including IM attachments

  • Set email to NOT display any portion of messages until you open them.

CIT 380: Securing Computer Systems


Tips to maximize AV software

  • Don’t open suspicious emails

    • A security hole in MS Outlook and IE5 allowed the Bubble Boy virus to infect when the email was opened

      • If the security hole had not been patched, VBS.BubbleBoy inserted the Update.hta file as soon as the email was opened

      • http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html

  • Don’t open any links sent via IM

CIT 380: Securing Computer Systems


Install a Firewall

  • Why use a firewall?

  • How do firewalls work?

  • Windows Firewall Tools

  • Tips to get the best protection from a firewall

CIT 380: Securing Computer Systems


What is a Firewall?

A software or hardware component that restricts network communication between two computers or networks.

In buildings, a firewall is a fireproof wall that restricts the spread of a fire.

Network firewall prevents threats from spreading from one network to another.

CIT 380: Securing Computer Systems


Why Use a firewall?

  • Protects PC from network attacks.

  • Open ports

    • Windows RPC, NetBIOS services.

    • Your services: web, file/print sharing, remote access.

  • Prevent outgoing packets from

    • Spyware phoning home.

    • Botnet/worm attacks against other PCs.

CIT 380: Securing Computer Systems


Types of Firewalls

Personal firewall

  • Software tool runs on PC.

  • Protects a single machine.

  • Fine-grained protection.

    External firewall

  • Typically integrated with router.

  • Protects all machines on subnet behind it.

  • Coarse-grained protection.

CIT 380: Securing Computer Systems


How does a firewall work?

Methods used by a firewall

  • Packet filtering

    • Examines every incoming packet header and selectively filters packets based on

    • address, packet type, port request, and other factors

    • The restrictions most commonly implemented are based on:

      • IP source and destination address

      • Direction (inbound or outbound)

      • TCP or UDP source and destination port-requests

  • Access control list

    • A user must train a firewall, hence they are more complex to implement than AV software

CIT 380: Securing Computer Systems


Better packet filtering:Stateful Inspection

  • Keeps track of

    • Each packet and its network connection in a state table

    • Access Control List determines whether to allow the packet to pass

    • connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic

  • The primary disadvantage

    • the additional processing requirements of managing and verifying packets against the state table

    • Increases potential for a denial of service attack

CIT 380: Securing Computer Systems


Training a personal firewall

  • User sets up rules for access by watching pop up alerts from the firewall and allowing or denying traffic

  • This creates an access control list for specific IP addresses and applications

    • You will probably allow your browser access automatically when you open it

    • You may not want MS word to access the internet automatically

  • Takes time to train your firewall

  • Home network routers often include hardware firewall protection; look for one with stateful inspection

CIT 380: Securing Computer Systems


Windows Firewall Tools

  • ZoneAlarm is free and available at Zonelabs.com

    • Has received many awards

    • Worth a try if you haven’t used one.

  • Norton Internet Security

    • Includes firewall and AV software

    • Requires annual subscription

  • Panda

  • Use shields UP! From Gibson research to test your firewall before and after http://www.grc.com

CIT 380: Securing Computer Systems


Use a non-Administrator Account

  • Must have administrator privileges to install software

  • Start | Control Panel | User Accounts | Add User Account | Create a new account

  • Pick Type of Account: Limited (Restricted User)

CIT 380: Securing Computer Systems


Don’t allow your computer to boot from a floppy or CD-ROM

  • Restart your computer

  • F2 during reboot to enter setup

  • Boot Sequence menu

  • Set PC to boot only from hard disk

CIT 380: Securing Computer Systems


Boot Sequence

  • Diskette Drive

  • IDE CD-ROM Device

  • Hard-Disk Drive C:

  • Integrated NIC

  • Space to enable/disable

  • +/- move down/up

CIT 380: Securing Computer Systems


Prevent Changes to BIOS

  • Restart your computer

  • F2 during reboot to enter setup

  • System Security menu

  • Enable System Security menu item

  • Enter a password and confirm it

CIT 380: Securing Computer Systems


Use Strong Passwords

  • Want a long password with upper & lower case letter, digits, and special characters.

  • Avoid words, dates, other guessable items.

  • Avoid password re-use.

  • Use a password manager tool.

  • Techniques

    • Use first letter of each word of a phrase.

    • Use a line of code

      • Java: Sum+=5*B;

      • HTML: <li>Item#1</li>

CIT 380: Securing Computer Systems


Secure Your Wireless Home Network

  • Newest Cisco routers use Secure Easy Setup (SES)

  • Follow all the procedures that you would for a desktop

  • Use www.grc.com tools to test regularly

  • Use WPA- Wi-Fi Protected Access and WEP encryption

CIT 380: Securing Computer Systems


Security Threats Facing Wireless Networks

Wireless networks are easy to find.

  • Hackers know that in order to join a wireless network, wireless networking products first listen for "beacon messages".

  • These messages are unencrypted and contain much of the network’s information, such as the network’s SSID (Service Set Identifier) and the IP Address of the network PC or access point.

  • Hackers use the beacon messages to access free bandwidth and free Internet access through your wireless network. This is called “Warchalking”.

CIT 380: Securing Computer Systems


Steps to Wireless Setup

  • Change the default network name

  • Disable broadcast

  • Change the default password needed to access the wireless device

  • Enable MAC address filtering

  • Enable WEP 128-bit Encryption.

CIT 380: Securing Computer Systems


Change default passwords and names needed to access the wireless device

  • Change the default network name

    • Linksys default network name is “linksys”

  • Change administrator password regularly

    • Default is often “administrator”

  • Network settings can only be changed by the administrator

  • Hackers know default passwords and weak passwords to try and access your network

  • Changing names and passwords regularly is good policy

CIT 380: Securing Computer Systems


Enable WEP 128-bit Encryption

  • Not a panacea, but can thwart hackers

  • Can reduce network performance

  • Use multiple keys

  • Change the WEP encryption keys periodically.

  • Can be broken: use a secure, encrypted protocol like ssh or SSL at application level for defense in depth.

CIT 380: Securing Computer Systems


Enable MAC Address filtering

  • Allows you to provide access to only those wireless nodes with certain MAC Addresses.

  • Hacker can’t access your network with a random MAC address.

  • But more knowledgeable hackers can change their MAC address to match an allowed one.

CIT 380: Securing Computer Systems


Encrypt Sensitive Files

  • Windows XP Encrypting File System (EFS) for encrypting files

  • GnuPG for encrypting files and email messages

CIT 380: Securing Computer Systems


Windows XP Encrypting File System (EFS)

  • EFS is not available with XP Home Edition

  • Reference: Microsoft Windows XP Inside Out – Chapter 14

  • Right Click in Windows Explorer on the folder

  • Choose Properties | General Tab | Advanced Button | Encrypt contents to secure data

CIT 380: Securing Computer Systems


Windows XP Encrypting File System (EFS)

  • File names are green in Window Explorer

CIT 380: Securing Computer Systems


CIT 380: Securing Computer Systems


CIT 380: Securing Computer Systems


truecrypt

  • Encase, computer forensic tool, can break EFS

  • Free open source - http://www.truecrypt.org/

  • http://www.truecrypt.org/docs/

    • Beginner’s tutorial

    • Plausible Deniability – Hidden Volume

CIT 380: Securing Computer Systems


GnuPG

  • GnuPG is an open-source encryption tool for Windows and Linux

  • Complete and free replacement for PGP (www.gnupg.org)

  • http://wolfram.org/writing/howto/gpg.html

    • (CD: gpg.html)

  • Install Windows Privacy Tray (WinPT)

CIT 380: Securing Computer Systems


Enigmail

  • Install Thunderbird mail client from www.mozilla.org

  • Download Enigmail extension from www.mozilla.org

  • Add a menu item to encrypt and decrypt email using GnuPG

CIT 380: Securing Computer Systems


Erase your hard drive when decommissioning your computer

  • Simson Garfinkel, “Hard-Disk Risk” (CD: 20003.CS0.04.Hard_disk_risk.htm)

    • Found a lot of sensitive information on recycle hard disks

    • “Running FDisk on a 10GB drive overwrites only 0.01 percent of the drive’s sectors.”

CIT 380: Securing Computer Systems


Darik’s Boot and Nuke

  • Hard disk sterilization on bootable floppy

  • Put floppy into the computer which has the drive you want to erase and reboot.

  • Download from http://dban.sourceforge.net/

    • Free.

    • Fast. Rapid deployment in emergency situations.

    • Easy. Start the computer with DBAN and press ENTER.

    • Safe. Irrecoverable data destruction. Prevents most forensic data recovery techniques.

CIT 380: Securing Computer Systems


Backup your system regularly

  • “Hard Disk Quality and Reliability”, http://www.pcguide.com/ref/hdd/perf/qual/index.htm (see quotes from the article)

    • “While the technology that hard disks use is very advanced, and reliability today is much better than it has ever been before, the nature of hard drives is that every one will, some day, fail.”

CIT 380: Securing Computer Systems


Backup your system regularly

  • “full recovery usually starts at a few hundred dollars and proceeds from there.”

CIT 380: Securing Computer Systems


Ntbackup utility

  • Find ntbackup.exe

    • Start | Programs | Accessories | System Tools Or

    • C:\dell\Tech Tools\System Tools\ Backup Or

    • Run C:\WINDOWS\system32\ntbackup.exe

  • Run the Backup/Restore Wizard

  • Choose a place to save your backup

    • C:\temp\Backup

  • Creates a file Backup.bkf

CIT 380: Securing Computer Systems


Create Backup CD

  • Run your CD creator

  • Make a data CD

  • Add Backup.bkf to the CD

CIT 380: Securing Computer Systems


Simple Quick Backup

Copy My Documents folder to a CD or USB

CIT 380: Securing Computer Systems


Safe use of public PCs

  • Kinko's Case Highlights Internet Risks

    • (CD: Kinko.htm)

  • “For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online. ”

CIT 380: Securing Computer Systems


Keyloggers

  • Capture keystrokes

  • Can steal passwords and credit card numbers

  • Can email or ftp the file containing the keystrokes

  • Keyghost (http://www.keyghost.com )

  • Keyloggers are difficult to detect

  • Look at an ordinary system process

CIT 380: Securing Computer Systems


Public PCs

  • Kinko’s

  • Cyber cafes

  • Public Libraries

  • Hotels

CIT 380: Securing Computer Systems


Using Public PCs

  • Avoid using important accounts (bank, etc.)

  • Remove web browser data

    • Cache, history, cookies, form data.

  • Remove temporary files

    • Start | Search | All files and folders | when it was modified? | today

    • Empty recycle bin

CIT 380: Securing Computer Systems


References

  • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005.

  • Thomas C. Greene, Computer Security for the Home and Small Office, Apress

  • Andrew Conry-Murray & Vincent Weafer, The Symantec Guide to Home Internet Security, Addison Wesley

CIT 380: Securing Computer Systems


ad
  • Login