1 / 102

Crispen on Security: Home Computer Security Basics

This work is licensed by Patrick Crispen to the public under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license. Crispen on Security: Home Computer Security Basics. a presentation by Patrick Douglas Crispen. Richard’s Law of Computer Security. Don't buy a computer.

corine
Download Presentation

Crispen on Security: Home Computer Security Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This work is licensed by Patrick Crispen to the public under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

  2. Crispen on Security: Home Computer Security Basics a presentation byPatrick Douglas Crispen

  3. Richard’s Law of Computer Security • Don't buy a computer. • If you do buy a computer, don't turn it on. Source: http://virusbusters.itcs.umich.edu/um-resources/vb-interview.html • Clever, but false. The [social engineer] will talk someone into … turning that computer on. Source: Mitnick, p. 7

  4. Truths about computer security • EVERY computer is vulnerable to attack. • Solitary used to equal safe. • But the internet is a dark force multiplier. • When you connect your home computer to the internet, the internet connects to your home computer.

  5. Tick tock • Online your computer is vulnerable to attack from viruses, worms, and even criminals. • How long do you have? • 20 minutes. [Not enough time to download all of the updates you need.] • If you have a broadband connection, you have less time than that. Source: http://isc.sans.org/survivalhistory.php

  6. Why me? • Why is your computer attacked? • It is either specifically targeted [HIGHLY unlikely]; or • It is a “target of opportunity” using a known exploit. • 999 times out of 1000, it’s not personal.

  7. Common types of home computer security breaches • Viruses, worms, and Trojan horses • Code exploits • Malware [adware and spyware] • “Man in the middle” • Combination attacks

  8. Impact of home computer security breaches • Loss or compromise of your data • Identity theft • Loss of income • Legal consequences • Interruption of your illegal MP3 and porn downloading • Gloom, despair, and agony on me • Deep dark depression, excessive misery

  9. Scared yet? • The internet can be a dangerous place for both computers and users. • There are some simple ways to protect your computer. • Protection = Prevention + [Detection + Response]

  10. Prevention is the mother of safety • This workshop is about Prevention. • We could spend weeks talking about detection and response. • In fact, your local college has semester-long courses on that very topic. • Intrusion detection and response are just WAY too much work. • But prevention is a [relative] snap.

  11. Our goals • Demonstrate why you need a firewall • Show you how to deal with computer exploits • Introduce you to the Microsoft Baseline Security Analyzer • Teach you how to detect, delete, and block spyware and malware • Do all of this in ENGLISH!

  12. Part One: Firewalls What they are and why you absolutely need one [well, actually, two] before you even THINK about connecting your computer to the internet.

  13. Mmm … worms and crackers. • Two things target and attack your computer online: Worms and crackers. • Worms are a type of computer virus that infects other computers over a network. • Many worms include backdoors. • If the worms don’t get you, the crackers will.

  14. Hackers v. crackers • A "cracker" is someone who tries to break into your computer or files without your knowledge and/or permission. • A large portion of the cracker community is made up of “script kiddies,” people who • Use security-breaking scripts and programs developed by others. • In general do not have the ability to write these scripts and programs on their own. Source: Wikipedia

  15. How crackers find you • Worms automatically/randomly search the internet looking for every unprotected computer they can find. • Every semi-competent cracker and script kiddie has software that • Scans thousands of internet connections looking for Windows file and printer shares. • Scans for known vulnerabilities, holes, and unsecured services in Windows, Mac OS, Linux, VM-CMS, etc. • Exploits those known vulnerabilities. • Cracks Windows passwords.

  16. Two types of attacks • Most home computer attacks/intrusions are either • Coordinated: Your computer is specifically targeted by a skilled cracker. • Opportunistic: A worm or cracker finds your computer during a random scan of thousands of other computers. • Unless someone is after you, you don’t have to worry about coordinated attacks. • For home computer users, they’re few and far between. • Besides, you can’t really stop a coordinated attack. You can only delay it.

  17. Protecting your computer • To protect your computer from opportunistic attacks—besides being vigilant with patch management—you must “hide” your computer from the internet. • If the worms and crackers can’t see your computer, they [hopefully] won’t attack you. • How do you hide your computer? Use a firewall.

  18. What is a firewall? • A firewall is either hardware or software that stands between your computer [or home network] and its internet connection and provides “access control”—it determines what can and cannot pass. • It’s just like the firewall in your car. • Your car’s firewall keeps the bad stuff from your engine [like heat and exhaust] out of your passenger cabin. • But it isn’t impervious. It has holes in it to let the good stuff [like the steering column and the brakes] through.

  19. What is a firewall? • A good firewall, like your car’s firewall, keeps the bad stuff out and lets the good stuff through. • How? Well most consumer firewalls—the hardware firewalls/routers you can buy at Wal-Mart or Target or the software firewalls you can download—offer a combination of • Computer stealth—they hide your computer from the worms’ and crackers’ scans. • Intrusion blocking—they make it harder [but not impossible] for worms and crackers to break in.

  20. NAT • Hardware firewalls use something called “Network Address Translation” or “NAT” which, among other things, hides your computer from the worms and crackers. • You physically connect your home computer[s] to the firewall and connect the firewall to the internet. • The firewall—not your home computer—connects to the internet and is assigned a publicly-visible internet address by your ISP.

  21. Communicating with the Internet • Your firewall becomes your computer’s intermediary on the internet. All traffic must go through it. • When you request something from the internet, the firewall pretends that it made the request, not your computer.

  22. Keeping worms and crackers out • Since the internet never even sees your computer, there’s nothing for the worms or crackers to probe or attack other than your firewall. • And your firewall is just a dumb box.

  23. Stateful packet inspection In addition to using NAT to hide your computer, a firewall also uses “stateful packet inspection” or “SPI” to block intruders. • It only allows connections that you originate. • All other connections are automatically blocked at the firewall.

  24. Why firewalls ROCK! • IF YOU DON’T HAVE A FIREWALL, YOUR COMPUTER WILL BE ATTACKED AND/OR COMPROMISED… USUALLY WITHIN 20 MINUTES OF YOUR CONNECTING TO THE INTERNET. • Firewalls protect your home computer from worms and crackers through a combination of • Computer stealth using NAT. • Intrusion blocking using stateful packet inspection. • Gosh, is there anything firewalls can’t do?

  25. What a firewall can’t do Well, actually, a consumer firewall can’t • Fix operating system or software vulnerabilities • A firewall may block some exploits coming in from the internet, but the vulnerabilities will still be there • That’s why patch management is so important • Protect your computer from viruses • A firewall may block internet worms, but it won’t block viruses attached to emails, hidden in files you download from the internet or Kazaa, etc. • Virus protection is a job for your antivirus program, not a firewall.

  26. There’s more A consumer firewall also can’t • Protect your computer from spyware. • Block pop-up ads. • Block spam. • Completely keep crackers out. • Protect you from doing stupid stuff to your computer.

  27. But, if you are looking for simple computer stealth and basic intrusion blocking—and trust me, you are—you need a firewall.

  28. Which one? • Should you get a hardware firewall or a software firewall? • Yes. • If you have a cable modem, satellite, or DSL connection, you need both a hardware firewall and a software firewall. • If you have a dial-up connection or an internal broadband modem [a modem physically built into your computer], you only need a software firewall • But that’s only because I don’t know of any reasonably-priced external hardware firewalls that work with internal modems.

  29. Why both? • Hardware firewalls have an Achilles’ heel: they [for the most part] assume that ALL internet traffic originating from your computer is safe. • But, if you “accidentally” double-click on a virus-infected file, • Your computer will be infected with that virus. [Remember, hardware firewalls can’t protect you from either viruses or doing stupid stuff.] • That virus is more than likely going to try to use your computer and your internet connection to infect other computers.

  30. “With their tanks, and their bombs,and their bombs, and their guns…” • So your computer is now a virus-spewing zombie. • BUT, remember, your hardware firewall still trusts your computer. • Your computer is flooding the internet with thousands of viruses, worms, or spams, and your hardware firewall doesn’t notice, care, or even bother to tell you.

  31. How software firewalls work Software firewalls [actually, “personal software firewalls”] • Constantly run in the background. • Block bad stuff from the internet [the stuff that somehow magically makes it past the hardware firewall.] • Warn you when a program on your computer tries to access the internet. • You decide whether or not that program will be allowed to access the internet.

  32. So in our zombie example, the software firewall—NOT the hardware firewall—would catch the flood of viruses before they even left your computer.

  33. In the simplest [grossly oversimplified] terms… • Hardware firewalls protect your computer from the internet. • Software firewalls • Are a second layer of defense behind your hardware firewall. • Protect both your computer from the internet AND the internet from your computer. • Warn you when something fishy is happening on your computer. • So now can you see why I recommend running both a hardware AND a software firewall?

  34. Over the router and through the woods My suggestion? • Before you connect your computer to the Internet, go to your nearest technology store or big box retailer. • Buy a cable/DSL router from Linksys [my favorite], D-Link, Netgear, Belkin, or SMC for US$50-$75. Image courtesy Linksys.com

  35. u:admin p:admin? • Read the instructions that come with your router and CHANGE YOUR ROUTER’S DEFAULT ADMIN USERID AND PASSWORD! • Crackers know the default administrator’s userid and password for every router [and firewall and server and operating system and...] ever made. • Check out http://www.phenoelit.de/dpl/dpl.html if you don’t believe me. • Also, using the instructions, make sure to disable remote administration in your router’s settings.

  36. Software firewalls • Now that I spent US$50 of your hard-earned money on a router, let me save you some money. • The three best software firewalls [in my humble opinion] are absolutely free. • Sunbelt Kerio Personal Firewall [at sunbelt-software.com] • Windows XP Service Pack 2 Internet Connection Firewall: built into Windows XP SP2 but NOT into previous versions of XP • Mac OS X Firewall: built into Mac OS X [but disabled by default]

  37. Part Two: Exploits What they are, where they come from, and how to manage them

  38. What is an exploit? • Until machines start taking over for humans, software bugs and glitches caused by simple human error and non-defensive programming will be the norm. • Windows XP contains over 40 million lines of source code. Source: Wikipedia • Could YOU write that many lines of code and not make a mistake? • An exploit is a program or technique used by a cracker to take advantage of software bugs or glitches in order to circumvent your computer’s security, often without your knowledge.

  39. Signs your computer MAY have been exploited • Spontaneous reboots • Failed services, virus scanner disabled • Sluggish GUI behavior, poor performance, slow logins • Excessive disk or network activity (HD LED, Switch LED) • You can’t install protective software. • Unknown user accounts • Application and service errors • Low disk space • Subpoenas and search warrants • Your computer insists on playing “global thermonuclear war.” Sources: Alex Keller, Bob Klepfer

  40. Call my attorney! I’ve been EXPLOITED! If computer has been exploited, you need to • Stop cussing. • Immediately disconnect your computer from the internet. • Identify the exploit. • Close the hole. • Fix the damage.

  41. I feel so dirty. • To identify the exploit: • Reconnect to the internet, update your antivirus definitions, disconnect, and scan your entire hard drive. • Reconnect to the internet, update your antispyware definitions, disconnect, and scan your entire hard drive. • Write down the symptoms; reconnect to the internet; search Google, Symantec, or the Microsoft Knowledge Base; disconnect. • To close the hole, download and apply the appropriate patch from the manufacturer’s web site.

  42. Repairing the damage • Repairing the damage from an exploit could be as simple as deleting or replacing corrupt data or as complicated as a deep-level format of your hard drive. • The repair path depends on the exploit. • This may be a job for a professional repair technician. • The BEST way to repair the damage caused by an exploit is to close the holes before they are exploited.

  43. Closing the holes • When a vulnerability is found, operating system and software manufacturers [eventually/hopefully] release something called a “patch.” • A patch is simply a software update meant to fix problems, bugs, or the usability of a previous version of an application. Source: Wikipedia • Download and install the patch and your computer is [hopefully] no longer susceptible to that particular vulnerability.

  44. Why are patches so important? • When a new patch is released, an unintended consequence is that the bulletin announcing the patch also announces the vulnerability to crackers. • Crackers count on the fact that you won’t get the patch—your computer will continue to be vulnerable. • And the time between bulletin and exploit is shrinking.

  45. MS02-039

  46. MS02-039

  47. MS03-026

  48. MS03-026

  49. MS04-011

  50. MS04-011

More Related