1 / 43

CSCD 303 Essential Computer Security Spring 2013

CSCD 303 Essential Computer Security Spring 2013. Lecture 16 Internet Security Always Wear Protection Reading: See links in Notes. Overview. Browser Protection Badsite identification Phishing and Malware Sites Built-in Protection Browser Add-ons Third Party Programs

calais
Download Presentation

CSCD 303 Essential Computer Security Spring 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCD 303Essential ComputerSecuritySpring 2013 Lecture 16 Internet Security Always Wear Protection Reading: See links in Notes

  2. Overview Browser Protection Badsite identification Phishing and Malware Sites Built-in Protection Browser Add-ons Third Party Programs Virtual Environment

  3. On-Line Phishing Resources The Anti-Phishing Working Group(APWG)‏ An industry association focused on eliminating identity theft and fraud that result from the growing problem of phishing and email spoofing http://www.antiphishing.org An updated chart of examples of phishing attacks submitted to antiphishing.org are available here http://www.antiphishing.org/phishing_archive.htm Phishing Game to Test Your IQ Anti-phishing Phil http://cups.cs.cmu.edu/antiphishing_phil/

  4. On-Line Phishing Resources Other anti-phishing sites PhishTank – Database of sites http://www.phishtank.com/

  5. Browser Protection Against Phishing and Other Malware

  6. Safety Features Browsers Internet Explorer 8 and up, Firefox 3 and up, Google Chrome 4 and up, Apple's Safari 4, and Opera 10 Include features that block sites known to host malware and malicious downloads

  7. IE8 and Up Smartscreen SmartScreen technology in Internet Explorer 8 blocks known-malicious downloads as well as bad URLs How are they doing this? SmartScreen Filter Checks websites against a dynamically updated list of reported phishing and malware sites. Checks software downloads against a dynamically updated list of reported malicious software sites Helps prevent you from visiting phishing websites and other websites that contain malware

  8. IE 8 and Up Smartscreen With SmartScreen Filter, attempt to visit website that has been reported, the screen below appears and advises you not to continue to the unsafe website http://www.microsoft.com/security/filters/smartscreen.aspx http://windows.microsoft.com/en-us/internet-explorer/use-smartscreen-filter#ie=ie-10

  9. IE 8 and Beyond Other new security features in IE 8 Include automatic blocking of click-jacking and cross-site scripting attacks, Automatic crash recovery, and highlighting of the actual domain name in the address bar Look more closely at XSS attack blocking ...

  10. IE 8 XSS Filter, a feature new to Internet Explorer 8, detects JScript in URL and HTTP POST requests If JScript is detected, XSS Filter searches evidence of reflection, Information that would be returned to the attacking Web site if the attacking request were submitted unchanged If reflection is detected, XSS Filter sanitizes original request so that additional JScript cannot be executed

  11. IE 8 Page modified and XSS attack is blocked Users are NOT presented with a question about what they would like to do in this case (a question most users would be unable to answer)‏ Internet Explorer simply blocks the malicious script from executing http://msdn.microsoft.com/en-s/library/dd565647%28VS.85%29.aspx IE 8 Demo Site shows how this works http://www.ie8demos.com/tryit/

  12. Safari and Opera Apple's Safari browser added phishing and malware blocking in version 3.2, released in late 2008 http://www.apple.com/safari/features.html#security Opera's Fraud Protection predates phishing and malware filters in IE and Firefox and is enhanced in the latest Version 10 Fraud and Malware Protection, warns you about suspicious webpages by checking the page you request against a database of known “phishing” and “malware” websites http://www.opera.com/security/

  13. Private Browsing IE 8 also lets you control information about your browsing habits that's shared with Web tracking services Firefox also has private browsing feature Tools > Start Private Browsing, or simply You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy Check "Automatically start Firefox in a private browsing session” Firefox will not save any data about which sites and pages you have visited. You can open an incognito window in Google Chrome Opera as of 10.6 does have this private capability Overview of all these Browsers Below http://browsers.about.com/od/faq/tp/Private-Browsing.htm

  14. Private Browsing Does Private browsing keep you anonymous on the Internet? NO!! Private Browsing prevents information from being recorded on your computer. It does not make you anonymous on the Internet.

  15. Browser Anti-phishing Features Firefox's built-in antiphishing tool Claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page Firefox uses Google's Safe Browsing service to automatically block sites that are known to host malware We can check out how they do this ... http://code.google.com/apis/safebrowsing/firefox3_privacy_faq.html

  16. Chrome and Firefox Safe Browsing If you use Chrome browser and you have safe browsing mode enabled Google Chrome contacts servers at Google, approximately every half hour, to download updated lists of suspected phishing and malware websites Lists are being stored on your PC !!!! When you surf, each site you browse is being checked against these black lists locally This is designed to offer performance If requested site is in black list a warning message will appear stating that requested site is a suspected phishing site or malicious site and user can choose to go back to safety

  17. Chrome and Firefox Safe Browsing See any problems with this? Raises questions about privacy Bloggers have noticed ... every few hours when update of black lists pushed out Two parameters are being sent to Google servers – “machineid” and “userid” Computed information based on machine/user information Information is sent along with other browser information to ask Google if they should download an update Information can be used for tracking. Google states it will not use any of personal information being collected!

  18. IE 7

  19. IE 7 and IE 8 When you visit a Web site, IE7 first checks local 'safe list' If URL is there or it appears in the local cache, things will go no further If Phishing Filter enabled, IE transmits details of URL being visited for checking From that time on, IE7 will maintain a dynamic cache of sites that have already been checking by the Phishing Filter for period of time IE 8 called SmartScreen

  20. Google Chrome Sandbox Sandbox leverages OS-provided security to allow code execution that cannot make persistent changes to the computer or access information that is confidential Sandbox architecture is dependent on the operating system http://www.chromium.org/developers/design-documents/sandbox

  21. Google Chrome Sandbox Chrome Sandbox The sandbox uses the security features of Windows extensively ... does not reinvent any security model All processes have access token Access token is like an ID card, contains information about owner of the process, the list of groups that it belongs to and a list of privileges Each process has its own token, and the system uses it to deny or grant access to resources.

  22. Google Chrome Sandbox Furthermore ... Before launching renderer process we modify its token to remove all privileges and disable all groups We then convert token to a restricted token A restricted token is like a normal token, but access checks are performed twice Google Chrome sets secondary list of groups to contain only one item, NULL user Since this user is never given permissions to any objects, all access checks performed with access token of renderer process fail, making this process useless to an attacker

  23. Google Chrome and HTML5 http://blog.chromium.org/2010/05/security-in-depth-html5s-sandbox.html Chrome is first browser to include support for new HTML5 feature that lets web developers reduce privileges of parts of their web pages by including a "sandbox" attribute in iframes: <iframe sandbox src="http://attacker.com/untrusted.html"></iframe> When displaying untrusted.html in a sandboxed iframe, browser renders untrusted.html with reduced privileges (e.g., disabling JavaScript and popups), similar in spirit to how Google Chrome sandboxes its rendering engine

  24. However, Google Chrome SandboxEasily Defeated in Pwn2Own "We wanted to show that Chrome was not unbreakable. Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year," he said During the hack, Bekrar created a web page booby-trapped with his exploit Once the target machine visited the page, the exploit ran and opened the Calculator (calc.exe) app outside of the sandbox." "There was no user interaction, no extra clicks. Visit site, popped box." VUPEN will sell rights to one of zero-day vulnerabilities but company says it won't give up the sandbox escape. "We are keeping that private, keeping it for our customers." http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588

  25. Change Browser Environment Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer Like a virtual machine For Windows 32 bit OS up through Windows 7 http://www.sandboxie.com/

  26. Other Browser Addon Programs Netcraft toolbar Add-in to IE and Firefox on Windows, Linux, Mac Uses community identification of bad sites to block access to phishing sites http://toolbar.netcraft.com/ Rated at about 75% for finding phishing sites http://www.securiteam.com/securityreviews/6H00W00HFK.html

  27. Other Browser Add-ons Noscript http://noscript.net/ NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers Free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities

  28. Spyware Prevention Spyware Don't allow it to get on your computer in the first place Much like other Malware anti-programs, spyware prevention programs are necessary Spyware programs are specific to spyware

  29. Spyware Solution • Spybot - Search and Destroy • Excellent utility • Like virus checker • Search your computer for known Spyware and Hijackers and remove them from your system • Scans registry, files, cookies, and other storage places against a large database of known offenders • http://www.safer-networking.org/index.php?page=spybotsd

  30. Adware Solution • Ad-Aware • Another excellent piece of software for removal of Spyware and Hijackers • Same features as Spybot, was one of the first programs to be created for removal of these types of programs and is recommended to use this software as well as Spybot http://www.lavasoftusa.com/support/download/

  31. Prevent Getting Infected • Browser Protectors Windows • SpywareBlaster from Javacool Software allows you to protect your browser from risks of future infection by immunizing your system • Program contains a huge list of known malicious cookies, ActiveX controls, and web sites which it enters into your registry and browser settings • You can not run these programs in the future, download programs from certain sites, or accept cookies from known ad servers without notification http://www.bleepingcomputer.com/tutorials/tutorial49.html

  32. Change Browser Environment Download free Vmware Player http://www.vmware.com/products/player Creates a virtual environment Download a free file, Browser Appliance Runs a version of Ubuntu Linux running Firefox Why do this? You isolate any Internet dangers, that could infect your computer – all is contained within memory of VmWare Player No spyware, no malware

  33. BLADE Tool Researchers from Georgia Tech and SRI International will soon release a free tool that has proven 100% effective in stopping convert binary drive-by malware attacks Tested the software, BLADE ("Block All Drive-by Download Exploits) against real-world malicious URLs and zero-day drive-by exploits BLADE can provide cross-browser protection against many real threats; Software is like a security weapon to immunize vulnerable Windows hosts from sneaky drive-by malware downloads http://www.blade-defender.org/eval-lab/

  34. BLADE Tool In nearly 19,000 trials, BLADE prevented all drive-by downloads and all zero-exploit malware from installing It had zero false positives and zero false negatives

  35. Blade Internals How does it work? BLADE is a kernel-based monitor designed to block any malware attempted to be delivered through a browser Tool is based on a simple principle All browser downloads fall into two categories Supported files–files that make Web pages, for instance, HTML, images and Unsupported files, EXE, ZIP and so forth Typically, browsers fetch supported files silently and they’re supposed to alert user if an unsupported file type is being downloaded Nefarious Web sites subvert the unsupported file notification function ...

  36. Blade Internals What BLADE does is introduce capabilities on operating system level that prevents execution of all downloaded unsupported content that has not been directly consented to by user-to-browser interaction Drawbacks?

  37. Blade Internals Drawbacks? It could interfere with legitimate downloads of unsupported files–downloads, Programs updating themselves or patching themselves for security reasons. Tool also focuses on downloads that are written to a hard disk Some malware is never written to disk and lives only in memory Those programs would be able to evade BLADE

  38. Commercial Security Products

  39. ZoneAlarm Extreme Security 2010 Web browsing, ZoneAlarm Extreme Security 2010 provides multiple layers of download protection User downloaded files are first subject to traditional signature scanning If nothing is found, an additional layer of protection is available which sequesters the download in a virtual sandbox until the user releases it Properly used, this additional layer of protection can protect against both hostile drive-by downloads and malware downloads that occur as a result of a lapse in judgement (perhaps as the result of a social engineering scam) http://www.zonealarm.com/security/en-us/zonealarm-extreme-security-hde.htm

  40. Avira Antivirus Premium Avira AntiVirus Premium not only combats viruses, worms, Trojans, rootkits, phishing, adware and spyware, but also protects you while surfing, thanks to the Web Guard, Anti Drive-by and Mail Guard AntiRootkit against hidden rootkit threats AntiDrive-by prevents against downloading viruses when surfing MailGuard enhanced email protection WebGuard protection against malicious websites RescueSystem create a bootable rescue CD http://www.avira.com/en/for-home

  41. Summary Browsers Chrome seems to be going in right direction “Building security in”, sandbox, html5 features, support for black listed sites Add-ons Do work. Can be annoying. But, alerts do help However, not all users are savy enough to install them and use them Virtual Environment Known to work. Must use it when browsing Might be intimidating to novice users

  42. References Phishing Web Sites http://www.antiphishing.org http://www.spamfo.co.uk http://www.millersmiles.co.uk http://www.tecf.org http://www.antifraudalliance.com http://www.phishreport.net

  43. End Keep working on projects There is a lab this week !!!

More Related