Download
workstation security privacy and protection from hackers n.
Skip this Video
Loading SlideShow in 5 Seconds..
Workstation Security – Privacy and Protection from Hackers PowerPoint Presentation
Download Presentation
Workstation Security – Privacy and Protection from Hackers

Workstation Security – Privacy and Protection from Hackers

132 Views Download Presentation
Download Presentation

Workstation Security – Privacy and Protection from Hackers

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Workstation Security – Privacy and Protection from Hackers ISECON2002 Nov 2, 2002 Bruce P. Tis, Ph.D. Simmons College Boston, MA

  2. Outline • Goals • Introduction • Attacks/Threats • Malware – viruses, worms, Trojan horses and others • Privacy - Cookies/Spyware • Firewalls • Steps for protecting yourself • Interesting Web Sites • What Haven’t We Covered

  3. Goals • Raise your consciousness regarding the need for information security at the workstation level • Review basic terminology and concepts • Discuss threats and how to resist them • Verifying workstation’s ability to resist an attack

  4. Introduction

  5. What is security? • Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer system or network.

  6. Cryptology Forensics Standards Management of security/policies Authentication Intrusion Detection Hacking Privacy Legal and Ethical issues IP Security WEB Security Network Management Malware Firewalls Topics Include

  7. Why do we need to be concerned about security • Economic loss • Intellectual Property loss • Privacy and Identity Theft • National Security

  8. Economic Loss • Kevin Mitnick’s hacking spree allegedly cost companies $291 million • Economic impact of recent malware • LoveLetter and CodeRed $2.6 billion each • Sircam $1.3 billion • Computer Economics estimates that companies spent $10.7 billion to recover from virus attacks in 2001

  9. Radicati Group Inc study of economic impact of malware

  10. CERT • Computer Emergency Response Team Coordination Center (CERT) reports security incidents • An incident may involve one site or hundreds (or even thousands) of sites. Also, some incidents may involve ongoing activity for long periods of time.

  11. Intellectual Property • Music piracy • Software piracy • Research data piracy • Industrial espionage

  12. Privacy and Identity Theft • 300,00 credit cards stolen at CD Universe • Identity theft has reached epidemic proportions and is the top consumer fraud complaint in America • Losses to consumers and institutions due to identity theft totaled $745 million in 1997, according to the U.S. Secret Service. • An estimated 700,000 consumers became victims of identity theft during 2001 at a cost of $3 billion. • Estimate of 900,000 for 2002.

  13. National Security • Los Alamos loses top-secret hard drive • January 1990 AT&T long-distance telephone switching system was crashed for nine hours and approx 70 million calls went uncompleted • Distributed attack on the 13 root DNS servers two weeks ago • September 11 !!!!!!!!!!!!!!!!!!!!!!!

  14. The National Strategy to Secure Cyberspace draft issued in September 2002 clearly puts responsibility on the end user to protect his/her personal computer from hackers • Consumer education Web site http://www.ftc.gov/bcp/conline/edcams/infosecurity/ • National Cyber Security Alliance http://www.staysafeonline.info

  15. Attacks and Threats

  16. Attacks/Threats • Physical • Access • Modification • Denial of Service • Repudiation • Invasions of Privacy

  17. Physical Attacks • Hardware theft • File/Information Theft • Information modification • Software installation

  18. Access Attacks • Attempt to gain information that the attacker is unauthorized to see • Password pilfering • An attack against confidentiality • Snooping • Eavesdropping • Interception

  19. Modification Attacks • An attempt to modify information an attacker is not authorized to modify • An attack against information integrity • Changes • Insertion • Deletion

  20. Denial-Of-Service Attacks • Deny the use of resources to legitimate users of a system • Denial of access to information • Denial of access to applications • Denial of access to systems • Denial of access to communications

  21. Repudiation Attacks • Attack against the accountability of information i.e. and attempt to give false information or to deny that a real event or transaction has occurred • Masquerading • Denying an event

  22. Privacy Attacks • Collection of information about • you • your computer configuration • your computer use • your surfing habits

  23. Security Services • Security services are used to combat attacks • Confidentiality (access) • Integrity (modification, repudiation) • Availability (denial of service) • Accountability ( access, modification, repudiation) • Security mechanisms implement services i.e. cryptography

  24. Malware Trap Door Logic Bombs Trojan Horses Worms Bacteria Viruses Mobile Code

  25. Malware – collection of techniques/programs that produce undesirable effects on a computer system or network • Differentiate based on • Needs host program • Independent • Replicate • Don’t replicate

  26. Malware Needs Host Program Independent Trapdoor Virus Bacteria Worms Logic Bomb Trojan Horse

  27. Trap Doors • Secret entry point to a program that bypasses normal security access procedures • Legitimate for testing/debugging • Recognizes some special input, user ID or unlikely sequence of events • Difficult to detect at use • Must detect during software development and software update

  28. Logic Bombs • Code embedded in legitimate program that is set to explode when certain conditions met • Presence/absence certain files • Date • Particular user • Bomb may • Alter/delete files • Halt machine • Other damage

  29. Trojan Horses • Apparently useful program or command procedure containing hidden code which performs harmful function • Trick users into running by disguise as useful program • Doesn’t replicate itself • Used to accomplish functions indirectly that an unauthorized user not permitted • Used for destructive purposes

  30. Backdoor Trojans • Opens backdoor on your computer that enables attackers to remotely access and control your machine • Also called remote access Trojans • Attackers find your machine by scanning ports used by Trojan • Common backdoor Trojans • Back Orifice • NetBus

  31. Most anti-virus tools detect Trojans • Can also check open TCP ports against list of known Trojan ports • Type netstat –an command • Look at listening ports • Lists of known Trojan port numbers available via Google search

  32. Worms • Programs that use network connections to spread from system to system • Once active on a system can behave as another form of malware • Propagates • Search for other systems to infect • Establish connection with remote system • Copy itself to remote system and executes

  33. The Great Worm • Robert Morris released the most famous worm in 1988 • Crashed 6000 machines on the Internet (10%) • Exploited bug in fingerd program • Bug in worm crashed machines which prevented the worm from spreading • Estimated damage $100 million • Three years probation, 400 hrs community service , $10,500 fine

  34. Worm – Code Red • Scans Internet for Windows NT or 2000 servers running IIS minus patch • Copies itself to server • Replicate itself for the first 20 days of each month • Replace WEB pages on infected servers with a page that declares Hacked by Chinese • Launch concerted attack on White House Web server to overwhelm it

  35. Bacteria • Programs that do not explicitly damage files • Sole purpose is to replicate themselves within a system • Reproduce exponentially taking up • Processor capacity • Memory • Disk space

  36. Viruses • Infect other programs by modifying them • First one written in 1983 by USC student Fred Cohen to demonstrate the concept • Approximately 53,000 exist • Modification includes copy of virus

  37. Virus Structure • Usually pre-pended or postpended to executable program • When program invoked virus executes first, then original program • First seeks out uninfected executable files and infects them • Then performs some action

  38. How Virus are spread • Peer to peer networks • Via email attachments • Via media • FTP sites • Chat and instant messaging • Commercial software • Web surfing • Illegal software

  39. Types of Viruses • Parasitic • Traditional virus and most common • Attaches itself to executable files and replicates • Memory resident • Lodges in memory are part of OS • Infects every program that executes

  40. Boot sector • Infects mast boot record or boot record • Spreads when system boots • Seldom seen anymore • Stealth • Designed to hide itself from detection by antivirus software

  41. Polymorphic • Mutates with every infection • Functionally equivalent but distinctly different bit patterns • Inserts superfluous instructions or interchange order of independent instructions • Makes detection of signature of virus difficult • Mutation engine creates random key and encrypts virus • Upon execution the encrypted virus is decrypted and then run

  42. Metamorphic • Structure of virus body changed • Decryption engine changed • Suspect file run in emulator and behavior analyzed

  43. Mobile Code • Programming that specifies how applications exchange information on the WEB • Browsers automatically download and execute applications • Applications may be viruses

  44. Common forms • Java Applets – Java code embedded in WEB pages that run automatically when page downloaded • ActiveX Controls – similar to Java applets but based on Microsoft technology, have total access to Windows OS

  45. New threat (potential) of including mobile code in MP3 files • Macros – languages embedded in files that can automatically execute commands without users knowledge • JavaScript • VBScript • Word/Excel

  46. Macro Viruses • Make up two thirds of all viruses • Platform independent • Word documents are the common vehicle rather than executable code • “Concept” 1995 first Word macro virus • Easily spread

  47. Technique for spreading macro virus • Automacro / command macro is attached to Word document • Introduced into system by email or disk transfer • Document opened and macro executes • Macro copies itself to global macro file • When Word started next global macro active

  48. Melissa Virus March 1999 • Spread in Word documents via email • Once opened virus would send itself to the first 50 people in Outlook address book • Infected normal.dot so any file opened latter would be infected • Used Visual Basic for applications • Fastest spreading virus ever seen