cit 380 securing computer systems
Download
Skip this Video
Download Presentation
CIT 380: Securing Computer Systems

Loading in 2 Seconds...

play fullscreen
1 / 57

CIT 380: Securing Computer Systems - PowerPoint PPT Presentation


  • 245 Views
  • Uploaded on

CIT 380: Securing Computer Systems. PC Security. Topics. MS Windows Web Browsing Spyware Viruses Personal Firewalls Being a Regular User Physical Protection Home Wireless Disk Security Using Public PCs. MS Windows. Single-user OS heritage causes problems.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CIT 380: Securing Computer Systems' - arleen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cit 380 securing computer systems

CIT 380: Securing Computer Systems

PC Security

CIT 380: Securing Computer Systems

topics
Topics
  • MS Windows
  • Web Browsing
  • Spyware
  • Viruses
  • Personal Firewalls
  • Being a Regular User
  • Physical Protection
  • Home Wireless
  • Disk Security
  • Using Public PCs

CIT 380: Securing Computer Systems

ms windows
MS Windows

Single-user OS heritage causes problems.

  • Original design had no security, networking.
  • Later versions added increasing security.
    • NT: multiple users, file ACLs.
    • XP: NT+95 with many insecure services.
    • XP SP2: firewalls off many insecure services.
    • Vista: tries to separate user/admin like UNIX.

CIT 380: Securing Computer Systems

ms windows4
MS Windows
  • Software still designed for single user no security.
    • Must run software as admin.
    • Sometimes can reconfigure OS to run w/o admin.

CIT 380: Securing Computer Systems

ms windows5
MS Windows

Tight integration of OS with applications.

  • IE and Outlook tied deeply to OS.
  • Complexity leads to more security issues.
  • Compromises of IE typically compromises OS.

CIT 380: Securing Computer Systems

ms windows6
MS Windows

Patch Tuesday

  • Day Microsoft releases security patches.
  • Second Tuesday of each month.
  • Important patches rarely made available earlier.

CIT 380: Securing Computer Systems

web browsing
Web Browsing
  • No safe browser.
  • Complexity
    • ActiveX
    • Javascript
    • Flash
    • Java
    • HTML
    • Images

CIT 380: Securing Computer Systems

securing your browser
Securing your Browser
  • Keep it updated
    • Firefox auto-updates.
    • Windows update for IE.
  • Firefox security extensions
    • Tools | Add-ons | Get Extensions
    • Flashblock
    • NoScript
    • Netcraft
    • PasswordMaker
  • Sandboxing
    • VMWare Virtual Browser Appliance
    • Protected Mode IE (Windows Vista)

CIT 380: Securing Computer Systems

3 adware and spyware
3. Adware and Spyware
  • Annoying?
  • Harmful?
  • Legal?
  • Removal Tools
  • Recommendations
  • Resources

CIT 380: Securing Computer Systems

annoyance factors
Annoyance Factors

Tracking surfing habits

  • Uses resources on your computer
  • Uses internet bandwidth
  • Collects data about you, possibly without your permission

Can interfere with computer operations

  • Can reset your home page
  • Can cause popup ads to appear randomly and regularly

May actually install with “desirable” software –and permission hidden in a license agreement.

CIT 380: Securing Computer Systems

is spyware legal beware of the license agreement
Is Spyware Legal?Beware of the license agreement.
  • To most users, a phrase such as "may include software that will occasionally notify you of important news" is NOT equivalent to "will place a stealthy Trojan Horse on your system that you can't get rid of, which will collect information about you and send it to us, and allow us to bother you with targeted advertisements all day".
  • Once the user has "agreed" with the License Agreement, Spyware provider is much more immune from potential lawsuits.
  • Some Spyware companies do not mention the Spyware at all, laying blame on the company that provided you the freeware with the Spyware attached.

CIT 380: Securing Computer Systems

is spyware legal
Is Spyware Legal?

The FTC alleges the stealthy downloads violate federal law and asked the court to order a permanent halt to one vendor:

  • On October 5, 2005, the Federal Trade Commission asked a U.S. District Court judge to halt an operation by Odysseus Marketing and its principal, Walter Rines.
  • The advertised “free” software supposedly allowed consumers to engage in peer-to-peer file sharing anonymously. The FTC maintains that it does not.
  • The software could not be uninstalled by the consumers whose computers it infected.

CIT 380: Securing Computer Systems

anti spyware tools
Anti-Spyware Tools

Free tools

  • AdAware
  • Hijack This
  • Spybot Search & Destroy
  • Windows Defender

Caveat emptor

  • Some anti-spyware tools are spyware themselves.
  • Use more than one tool to find all problems.

CIT 380: Securing Computer Systems

anti spyware resources
Anti-Spyware Resources

Ben Edelman

  • http://www.benedelman.org/spyware/
  • Legal, EULA issues.

Gibson Research

  • http://www.grc.com/

Spyware Guide

  • http://www.spywareguide.com/

Spyware Info

  • http://www.spywareinfo.com/

CIT 380: Securing Computer Systems

anti virus software
Anti-virus Software
  • What should an AV tool do that it didn’t do last year?
    • Scan instant message attachments explicitly
  • What are the current “best” tools?
  • Is a bundle better?
  • Tips to maximize protection from your AV software suite

CIT 380: Securing Computer Systems

current tools
Current Tools

AVG Anti-Virus

  • Good, free anti-virus tool for personal use.
  • Sells commercial version with support.

Norton AntiVirus

  • www.symantec.com

Kaspersky AV Personal

  • www.kaspersky.com

McAfee VirusScan

  • http://www.mcafee.com/us/

Trend Micro PC-Cillin

  • http://us.trendmicro.com/us/products/personal/trend-micro-internet-security-2007/

CIT 380: Securing Computer Systems

tips to maximize av software
Tips to maximize AV software
  • Important to update virus signatures regularly
    • Live Updates
    • Manual updates
    • Should update signature database on daily basis.
  • Set AV to scan attachments, including IM attachments
  • Set email to NOT display any portion of messages until you open them.

CIT 380: Securing Computer Systems

tips to maximize av software18
Tips to maximize AV software
  • Don’t open suspicious emails
    • A security hole in MS Outlook and IE5 allowed the Bubble Boy virus to infect when the email was opened
      • If the security hole had not been patched, VBS.BubbleBoy inserted the Update.hta file as soon as the email was opened
      • http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html
  • Don’t open any links sent via IM

CIT 380: Securing Computer Systems

install a firewall
Install a Firewall
  • Why use a firewall?
  • How do firewalls work?
  • Windows Firewall Tools
  • Tips to get the best protection from a firewall

CIT 380: Securing Computer Systems

what is a firewall
What is a Firewall?

A software or hardware component that restricts network communication between two computers or networks.

In buildings, a firewall is a fireproof wall that restricts the spread of a fire.

Network firewall prevents threats from spreading from one network to another.

CIT 380: Securing Computer Systems

why use a firewall
Why Use a firewall?
  • Protects PC from network attacks.
  • Open ports
    • Windows RPC, NetBIOS services.
    • Your services: web, file/print sharing, remote access.
  • Prevent outgoing packets from
    • Spyware phoning home.
    • Botnet/worm attacks against other PCs.

CIT 380: Securing Computer Systems

types of firewalls
Types of Firewalls

Personal firewall

  • Software tool runs on PC.
  • Protects a single machine.
  • Fine-grained protection.

External firewall

  • Typically integrated with router.
  • Protects all machines on subnet behind it.
  • Coarse-grained protection.

CIT 380: Securing Computer Systems

how does a firewall work
How does a firewall work?

Methods used by a firewall

  • Packet filtering
    • Examines every incoming packet header and selectively filters packets based on
    • address, packet type, port request, and other factors
    • The restrictions most commonly implemented are based on:
      • IP source and destination address
      • Direction (inbound or outbound)
      • TCP or UDP source and destination port-requests
  • Access control list
    • A user must train a firewall, hence they are more complex to implement than AV software

CIT 380: Securing Computer Systems

better packet filtering stateful inspection
Better packet filtering:Stateful Inspection
  • Keeps track of
    • Each packet and its network connection in a state table
    • Access Control List determines whether to allow the packet to pass
    • connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic
  • The primary disadvantage
    • the additional processing requirements of managing and verifying packets against the state table
    • Increases potential for a denial of service attack

CIT 380: Securing Computer Systems

training a personal firewall
Training a personal firewall
  • User sets up rules for access by watching pop up alerts from the firewall and allowing or denying traffic
  • This creates an access control list for specific IP addresses and applications
    • You will probably allow your browser access automatically when you open it
    • You may not want MS word to access the internet automatically
  • Takes time to train your firewall
  • Home network routers often include hardware firewall protection; look for one with stateful inspection

CIT 380: Securing Computer Systems

windows firewall tools
Windows Firewall Tools
  • ZoneAlarm is free and available at Zonelabs.com
    • Has received many awards
    • Worth a try if you haven’t used one.
  • Norton Internet Security
    • Includes firewall and AV software
    • Requires annual subscription
  • Panda
  • Use shields UP! From Gibson research to test your firewall before and after http://www.grc.com

CIT 380: Securing Computer Systems

use a non administrator account
Use a non-Administrator Account
  • Must have administrator privileges to install software
  • Start | Control Panel | User Accounts | Add User Account | Create a new account
  • Pick Type of Account: Limited (Restricted User)

CIT 380: Securing Computer Systems

don t allow your computer to boot from a floppy or cd rom
Don’t allow your computer to boot from a floppy or CD-ROM
  • Restart your computer
  • F2 during reboot to enter setup
  • Boot Sequence menu
  • Set PC to boot only from hard disk

CIT 380: Securing Computer Systems

boot sequence
Boot Sequence
  • Diskette Drive
  • IDE CD-ROM Device
  • Hard-Disk Drive C:
  • Integrated NIC
  • Space to enable/disable
  • +/- move down/up

CIT 380: Securing Computer Systems

prevent changes to bios
Prevent Changes to BIOS
  • Restart your computer
  • F2 during reboot to enter setup
  • System Security menu
  • Enable System Security menu item
  • Enter a password and confirm it

CIT 380: Securing Computer Systems

use strong passwords
Use Strong Passwords
  • Want a long password with upper & lower case letter, digits, and special characters.
  • Avoid words, dates, other guessable items.
  • Avoid password re-use.
  • Use a password manager tool.
  • Techniques
    • Use first letter of each word of a phrase.
    • Use a line of code
      • Java: Sum+=5*B;
      • HTML:
      • Item#1

CIT 380: Securing Computer Systems

secure your wireless home network
Secure Your Wireless Home Network
  • Newest Cisco routers use Secure Easy Setup (SES)
  • Follow all the procedures that you would for a desktop
  • Use www.grc.com tools to test regularly
  • Use WPA- Wi-Fi Protected Access and WEP encryption

CIT 380: Securing Computer Systems

security threats facing wireless networks
Security Threats Facing Wireless Networks

Wireless networks are easy to find.

  • Hackers know that in order to join a wireless network, wireless networking products first listen for "beacon messages".
  • These messages are unencrypted and contain much of the network’s information, such as the network’s SSID (Service Set Identifier) and the IP Address of the network PC or access point.
  • Hackers use the beacon messages to access free bandwidth and free Internet access through your wireless network. This is called “Warchalking”.

CIT 380: Securing Computer Systems

steps to wireless setup
Steps to Wireless Setup
  • Change the default network name
  • Disable broadcast
  • Change the default password needed to access the wireless device
  • Enable MAC address filtering
  • Enable WEP 128-bit Encryption.

CIT 380: Securing Computer Systems

change default passwords and names needed to access the wireless device
Change default passwords and names needed to access the wireless device
  • Change the default network name
    • Linksys default network name is “linksys”
  • Change administrator password regularly
    • Default is often “administrator”
  • Network settings can only be changed by the administrator
  • Hackers know default passwords and weak passwords to try and access your network
  • Changing names and passwords regularly is good policy

CIT 380: Securing Computer Systems

enable wep 128 bit encryption
Enable WEP 128-bit Encryption
  • Not a panacea, but can thwart hackers
  • Can reduce network performance
  • Use multiple keys
  • Change the WEP encryption keys periodically.
  • Can be broken: use a secure, encrypted protocol like ssh or SSL at application level for defense in depth.

CIT 380: Securing Computer Systems

enable mac address filtering
Enable MAC Address filtering
  • Allows you to provide access to only those wireless nodes with certain MAC Addresses.
  • Hacker can’t access your network with a random MAC address.
  • But more knowledgeable hackers can change their MAC address to match an allowed one.

CIT 380: Securing Computer Systems

encrypt sensitive files
Encrypt Sensitive Files
  • Windows XP Encrypting File System (EFS) for encrypting files
  • GnuPG for encrypting files and email messages

CIT 380: Securing Computer Systems

windows xp encrypting file system efs
Windows XP Encrypting File System (EFS)
  • EFS is not available with XP Home Edition
  • Reference: Microsoft Windows XP Inside Out – Chapter 14
  • Right Click in Windows Explorer on the folder
  • Choose Properties | General Tab | Advanced Button | Encrypt contents to secure data

CIT 380: Securing Computer Systems

windows xp encrypting file system efs40
Windows XP Encrypting File System (EFS)
  • File names are green in Window Explorer

CIT 380: Securing Computer Systems

truecrypt
truecrypt
  • Encase, computer forensic tool, can break EFS
  • Free open source - http://www.truecrypt.org/
  • http://www.truecrypt.org/docs/
    • Beginner’s tutorial
    • Plausible Deniability – Hidden Volume

CIT 380: Securing Computer Systems

gnupg
GnuPG
  • GnuPG is an open-source encryption tool for Windows and Linux
  • Complete and free replacement for PGP (www.gnupg.org)
  • http://wolfram.org/writing/howto/gpg.html
    • (CD: gpg.html)
  • Install Windows Privacy Tray (WinPT)

CIT 380: Securing Computer Systems

enigmail
Enigmail
  • Install Thunderbird mail client from www.mozilla.org
  • Download Enigmail extension from www.mozilla.org
  • Add a menu item to encrypt and decrypt email using GnuPG

CIT 380: Securing Computer Systems

erase your hard drive when decommissioning your computer
Erase your hard drive when decommissioning your computer
  • Simson Garfinkel, “Hard-Disk Risk” (CD: 20003.CS0.04.Hard_disk_risk.htm)
      • Found a lot of sensitive information on recycle hard disks
      • “Running FDisk on a 10GB drive overwrites only 0.01 percent of the drive’s sectors.”

CIT 380: Securing Computer Systems

darik s boot and nuke
Darik’s Boot and Nuke
  • Hard disk sterilization on bootable floppy
  • Put floppy into the computer which has the drive you want to erase and reboot.
  • Download from http://dban.sourceforge.net/
    • Free.
    • Fast. Rapid deployment in emergency situations.
    • Easy. Start the computer with DBAN and press ENTER.
    • Safe. Irrecoverable data destruction. Prevents most forensic data recovery techniques.

CIT 380: Securing Computer Systems

backup your system regularly
Backup your system regularly
  • “Hard Disk Quality and Reliability”, http://www.pcguide.com/ref/hdd/perf/qual/index.htm (see quotes from the article)
    • “While the technology that hard disks use is very advanced, and reliability today is much better than it has ever been before, the nature of hard drives is that every one will, some day, fail.”

CIT 380: Securing Computer Systems

backup your system regularly49
Backup your system regularly
  • “full recovery usually starts at a few hundred dollars and proceeds from there.”

CIT 380: Securing Computer Systems

ntbackup utility
Ntbackup utility
  • Find ntbackup.exe
    • Start | Programs | Accessories | System Tools Or
    • C:\dell\Tech Tools\System Tools\ Backup Or
    • Run C:\WINDOWS\system32\ntbackup.exe
  • Run the Backup/Restore Wizard
  • Choose a place to save your backup
    • C:\temp\Backup
  • Creates a file Backup.bkf

CIT 380: Securing Computer Systems

create backup cd
Create Backup CD
  • Run your CD creator
  • Make a data CD
  • Add Backup.bkf to the CD

CIT 380: Securing Computer Systems

simple quick backup
Simple Quick Backup

Copy My Documents folder to a CD or USB

CIT 380: Securing Computer Systems

safe use of public pcs
Safe use of public PCs
  • Kinko's Case Highlights Internet Risks
    • (CD: Kinko.htm)
  • “For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online. ”

CIT 380: Securing Computer Systems

keyloggers
Keyloggers
  • Capture keystrokes
  • Can steal passwords and credit card numbers
  • Can email or ftp the file containing the keystrokes
  • Keyghost (http://www.keyghost.com )
  • Keyloggers are difficult to detect
  • Look at an ordinary system process

CIT 380: Securing Computer Systems

public pcs
Public PCs
  • Kinko’s
  • Cyber cafes
  • Public Libraries
  • Hotels

CIT 380: Securing Computer Systems

using public pcs
Using Public PCs
  • Avoid using important accounts (bank, etc.)
  • Remove web browser data
    • Cache, history, cookies, form data.
  • Remove temporary files
    • Start | Search | All files and folders | when it was modified? | today
    • Empty recycle bin

CIT 380: Securing Computer Systems

references
References
  • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005.
  • Thomas C. Greene, Computer Security for the Home and Small Office, Apress
  • Andrew Conry-Murray & Vincent Weafer, The Symantec Guide to Home Internet Security, Addison Wesley

CIT 380: Securing Computer Systems

ad