1 / 67

Secure Web Surfing and Hardening the Windows Operating System

Secure Web Surfing and Hardening the Windows Operating System. ECE – 4112 Group 3 Varun Shah Nikunj Nemani. Common Infection Methods. Web Exploits Browser Exploits. Email Attachments. Downloading files from the internet. Operating System Exploits.

nitesh
Download Presentation

Secure Web Surfing and Hardening the Windows Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Web Surfing and Hardening the Windows Operating System ECE – 4112 Group 3 Varun Shah Nikunj Nemani

  2. Common Infection Methods • Web Exploits • Browser Exploits. • Email Attachments. • Downloading files from the internet. • Operating System Exploits.

  3. Security Measures used earlier for Browser Security • Secure Socket Layer 1. Encrypts the data between the client and Server. 2. However does not make the websites secure.

  4. Browser Exploits • Phishing • IFrames (Inline Frames) as an exploit • Typosquatters • Some Javascripts with DOM access

  5. Phishing • Theft of identity and or sensitive financial information. • Can cause a lots of $$$$$. • Are usually spread through Social Engineering. • Also by sending emails and in IM chats, etc.

  6. Phishing continued…. • Can also be spread by performing URL obfuscation e.g. www.bank.com.ch instead of www.bank.com • How do you prevent against such attacks? 1. Install antiphishing filters. 2. Do not open links on email by clicking them, instead paste them on the browser bar and then search.

  7. Phishing Filter - Mozilla

  8. Paypal Phishing site http://dl2nym.dyndns.org/update/index.html

  9. Phishing filter - Opera http://dl2nym.dyndns.org/update/index.html

  10. Phishing filter – IE 7 http://dl2nym.dyndns.org/update/index.html

  11. Comparison

  12. IFrames as an exploit • What are IFrames ? Ans: Allows one to embed another HTML document in a HTML document. • Can be used by hackers to put in their links by hacking legitimate websites. • Thus if a hacker inserts a link for online transfer on some site with advertisements the consumer can be duped to access his account by clicking that link.

  13. IFrames as an exploit ….continued • Prevention against IFrames. Instead of clicking on the link paste them on the browser bar and then search. e.g. 1. Iran Art News – www.iranartnews.com 2. Le Bowling en France – www.bowling-france.fr

  14. Typosquatting. • What are typosquatters? Ans: It basically relies on typing mistakes done by the user. • Hackers may own the website with the typo error. • Can be a threat if hackers own such websites for different banks.

  15. Prevention from Typosquatting • Strider Typo Patrol being developed by Microsoft. • It aims to scan and show third party domains that are allegedly typosquatting. • Some examples: www.myspacce.com instead of www.myspace.com

  16. JAVA script DOM Access • Javascript has complete access to the DOM and is capable of modifying anything. • It can present the following threats: 1. Direct echo – It requires the victim to click on the link and once the user does it the Javascript code executes and hacker can steal the cookies.

  17. JAVA script DOM Access …. continued 2. HTML Injection • It does not require a user to even click a link. • Thus if a user just visits the page or opens the email the javascript code executes • And the attacker retrieves the cookies from the user’s web browser and can hijack its session or simulate this session elsewhere.

  18. Prevention from Javascripts • Use “HTTP only” cookie flag It makes the cookie inaccessible using script. • Use “secure” cookie flag It means the browser should only make secure SSL URL requests when sending the cookie.

  19. Email Attachments • Links to sites that actually phish for data. • Attachments that have malwares.

  20. Email sent with link of a phishing site

  21. Genuine Email sent by a bank

  22. Downloading files from the internet. • The files can be masqueraded as a software but may include a virus/trojan. • Also now there are fake security softwares available that are actually viruses/trojans. e.g. www.antivirusfiable.comwww.antivirusmagique.com • Prevention: 1. Download softwares only from known legitimate sites.

  23. Windows Registry • It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc.

  24. Working with Windows Registry • The Registry is split into a number of logical sections called hives. • Registry is divided into two parts • Keys • The keys all begin with HKEY and they are on left of the window • Values • They are the actual values inside the registry folders, and they are on the right side of the window.

  25. Keys of Registry Editor • There are 5 main keys • HKEY_CLASSES_ROOT • HKEY_CURRENT_USER • HKEY_LOCAL_MACHINE • HKEY_USERS • HKEY_CURRENT_CONFIG

  26. HKEY_CLASS_ROOT • Stores information about registered applications, such as Associations from File Extensions and OLE Object Class IDs • Software configuration information from the HKEY_LOCAL MACHINE\SOFTWARE\Classes key

  27. HKEY_CURRENT_USER • Currently logged on user profile information • The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both location

  28. HKEY_LOCAL MACHINE • Local system hardware, device drivers, services, and machine-specific application data information. • Information about system hardware drivers and services are located under the SYSTEM subkey, whilst the SOFTWARE subkey contains software and windows settings.

  29. HKEY_USERS • Pre-logon default user profile information and HKEY_CURRENT_USER key • The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both location

  30. HKEY_CURRENT _CONFIG • Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time. • Hardware information from the HKEY_LOCAL MACHINE\SOFTWARE and HKEY_LOCAL MACHINE\ SYSTEM keys

  31. Regkey Backup • It is a very useful tool to back up important data in the registry. • If we happen to delete an application, we can restore it, so as to make sure that the system is not infected.

  32. Registry Fix • The scanner allows to scan for invalid entries that might be affecting the PC. • Registryfix will scan for errors related to ActiveX controls, DLL issues, Windows explorer errors, Windows installer issues, Internet Explorer errors, Iexpore and System32 errors, Runtime errors, Outlook and Outlook Express Errors, EXE errors, Svchost errors and a wide variety of other system issues.

  33. RegCure • PC freezing is a result of bad operating system RegCure seeks out the remnants left behind on your registry. • registry from failed installations, incomplete un-installations, disabled drivers, and spyware applications. • You can enable and disable applications in the Manage Startup list with a few simple clicks

  34. Anti Spyware bot • Delaying the removal of trojans, cookies etc may cause a number of problems, such as slow performance, loss of data or leakage of private information to websites. • This software runs a scan to detect and remove any spyware on our PC.

More Related