Cit 380 securing computer systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 35

CIT 380 Securing Computer Systems PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on
  • Presentation posted in: General

CIT 380 Securing Computer Systems. Threats. Vocabulary. CIA Triad Confidentiality Integrity Availability States of Information Storage Processing Transmission. Vocabulary. Security Measures Technology Policies and practices Education, Training, and awareness

Download Presentation

CIT 380 Securing Computer Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cit 380 securing computer systems

CIT 380 Securing Computer Systems

Threats

CIT 380: Securing Computer Systems


Vocabulary

Vocabulary

  • CIA Triad

    • Confidentiality

    • Integrity

    • Availability

  • States of Information

    • Storage

    • Processing

    • Transmission

CIT 380: Securing Computer Systems


Vocabulary1

Vocabulary

  • Security Measures

    • Technology

    • Policies and practices

    • Education, Training, and awareness

  • Threats, Attacks, Assets

  • Prevention, Detection, Recovery, Survivability

CIT 380: Securing Computer Systems


Vocabulary2

Vocabulary

  • Risk

  • Security trade-offs

  • Cost-Benefit Analysis

  • Script Kiddies

  • Security Researchers

  • Hacker , Cracker, Attacker

  • Black Hat, White Hat

CIT 380: Securing Computer Systems


What are threats

What are threats?

  • What threats can you think of to your home?

  • To your money (including bank accounts, checks, credit and debit cards)?

  • To your home computer?

CIT 380: Securing Computer Systems


Digital threats more of the same

Digital Threats: More of the Same

  • Theft

  • Vandalism

  • Extortion

  • Con Games

  • Fraud

  • Stalking

CIT 380: Securing Computer Systems


Digital threats what s different

Digital Threats: What’s Different

Automation

  • Salami Attack from Office Space.

    Action at a Distance

  • Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London.

  • Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA.

CIT 380: Securing Computer Systems


Digital threats what s different1

Digital Threats: What’s Different

Technique Propagation

  • Criminals share techniques rapidly and globally.

CIT 380: Securing Computer Systems


Next slide

Next Slide

  • The percentage of respondents answering that their organization experienced unauthorized use of computer systems in the last 12 months

CIT 380: Securing Computer Systems


Cit 380 securing computer systems

CIT 380: Securing Computer Systems


Survival time

Survival Time

CIT 380: Securing Computer Systems


Survival time1

Survival Time

  • The main issue here is of course that the time to download critical patches will exceed this survival time.

CIT 380: Securing Computer Systems


Current threat information

Current Threat Information

  • SANS Internet Storm Center

    • http://isc.sans.edu/index.html

  • Bugtraq

    • http://www.securityfocus.com/

    • http://www.securityfocus.com/archive/1

  • CERT

    • http://www.cert.org/

CIT 380: Securing Computer Systems


Current threat information1

Current Threat Information

  • Packet Storm

    • http://packetstormsecurity.org/

CIT 380: Securing Computer Systems


Who are the attackers

Who are the Attackers?

  • Hackers vs Crackers

  • Levels of attackers

    • Developer

      • Finds new security vulnerabilities

      • Writes tools and exploits

    • User

      • Understands tools; modifies tools/exploits

    • Script Kiddie

CIT 380: Securing Computer Systems


Who are the attackers1

Who are the Attackers?

Criminals.

  • 1993: Thieves installed bogus ATM at Manchester Mall. Saved account#s + PINs.

    Organized crime.

  • 2000: Mafia-led organization members arrested for attempt to steal $680million from Bank of Sicily.

    Malicious insiders.

  • 2001: Mike Ventimiglia deletes files of his employer, GTE. $200,000 damage.

    Industrial espionage.

  • 2001: Verdicts in Cadence Design Systems vs. Avant against 7 employees incl CEO. 5 sentenced to jail.

CIT 380: Securing Computer Systems


Who are the attackers2

Who are the Attackers?

Press.

  • 1998: Cincinnati Enquirer reporter Michael Gallagher breaks into Chiquita Fruits voicemail to expose illegal activities.

    Police.

  • 1997: LAPD illegal wiretapping scandal.

    Terrorists.

  • 1999: DOS attacks and web defacements against NATO country computers during Kosovo bombings.

    National Intelligence.

  • 2000: Former CIA Directory Woolsey admitted to using ECHELON information to help US companies win foreign contracts.

CIT 380: Securing Computer Systems


Scary internet stuff underground

Scary Internet Stuff: Underground

  • http://www.youtube.com/watch?v=AYWYvJ__Dxk&feature=related

CIT 380: Securing Computer Systems


What are our defenses

Firewalls

Virus Scanners

Spyware Scanners

Intrusion Detection Systems (IDS/IPS)

Patches

Backups

What Are Our Defenses?

Prevent

Detect

Recover

Respond

CIT 380: Securing Computer Systems


What are the attacks

What Are The Attacks?

  • Phishing

  • Malware

  • Ransomware

  • Spyware

  • Botnets

CIT 380: Securing Computer Systems


Phishing e mail

Phishing E-mail

CIT 380: Securing Computer Systems


Phishing site

Phishing Site

CIT 380: Securing Computer Systems


Scary internet stuff phishing

Scary Internet Stuff: Phishing

  • http://www.youtube.com/watch?v=Ao20tAS3x3I&feature=related

CIT 380: Securing Computer Systems


Cit 380 securing computer systems

Amazon.com - Your Cancellation (516-203578-8141423)

[email protected]

Dear Customer,Your order has been successfully canceled. For your reference, here`s a summary of your order:You just canceled order #991-86824-273919Status: CANCELED_____________________________________________________________________ORDER DETAILSSold by: Amazon.com, LLC_____________________________________________________________________Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.Thank you for visiting Amazon.com!---------------------------------------------------------------------Amazon.comEarth`s Biggest Selectionhttp://www.amazon.com---------------------------------------------------------------------

CIT 380: Securing Computer Systems


Malware

Malware

  • Trojan Horses

  • Viruses

  • Worms

CIT 380: Securing Computer Systems


Ransomware

Ransomware

CIT 380: Securing Computer Systems


Spyware and adware

Spyware and Adware

Most Trojan Horses, some infect directly.

  • Browser hijacking

  • Pop-up advertisements

  • Keystroke and network logging

  • Steal confidential data from email and files

CIT 380: Securing Computer Systems


Spyware and adware1

Spyware and Adware

89% of PCs are infected with spyware

(2006Q2 Webroot .)

  • http://www.webroot.com/resources/stateofspyware/excerpt.html

CIT 380: Securing Computer Systems


Rootkits

Rootkits

  • Execution Redirection

  • File Hiding

  • Process Hiding

  • Network Hiding

User Program

Rootkit

OS

CIT 380: Securing Computer Systems


Rootkits video

Rootkits Video

  • http://www.youtube.com/watch?v=PcqnG4-NkZ4

CIT 380: Securing Computer Systems


Botnets

Botnets

Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include:

  • Attempt to infect other PCs

  • Send spam message

  • Launch DOS attack

  • Upgrade attack and control software

  • Virus writers sell botnets to spammers for $0.10/compromised PC

CIT 380: Securing Computer Systems


Scary internet stuff botnets

Scary Internet Stuff: Botnets

  • http://www.youtube.com/watch?v=BRhauoXpNSs

CIT 380: Securing Computer Systems


Wikipedia botnet

Wikipedia: Botnet

  • http://en.wikipedia.org/wiki/Botnet

    • Historical list of botnets

  • Kraken botnet

    • http://en.wikipedia.org/wiki/Kraken_botnet

CIT 380: Securing Computer Systems


Key points

Key Points

  • Computer crimes same as pre-computer crimes.

  • Differences in digital threats

    • Automation

    • Action at a distance

    • Technique propagation

  • Digital threats

    • Phishing

    • Malware

    • Ransomware

    • Spyware

    • Botnets

CIT 380: Securing Computer Systems


References

References

  • Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List, http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.

  • The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004.

  • John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004.

  • Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, 2005.

  • Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005.

  • SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php

  • Schneier, Bruce, Beyond Fear, Copernicus Books, 2003.

  • Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006

  • Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002.

  • Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26 2005.

  • Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)

CIT 380: Securing Computer Systems


  • Login