1 / 92

Home Computer Security and Privacy: Verification and Prevention

Home Computer Security and Privacy: Verification and Prevention. a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton. A quick review: Worms and crackers.

tonya
Download Presentation

Home Computer Security and Privacy: Verification and Prevention

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Home Computer Security and Privacy: Verification and Prevention a presentation byPatrick Douglas Crispen Faculty Development CenterCalifornia State University, Fullerton

  2. A quick review: Worms and crackers • Connect to the internet and two things will target and attack your computer: Worms and crackers. • To protect your computer, you need to “hide” it. • If worms and crackers can’t see your computer, they [hopefully] won’t attack you. • How do you hide your computer? Use a firewall.

  3. A quick review: What is a firewall? • Either hardware or software that stands between your computer and the Internet and provides “access control”—it determines what can and cannot pass. • Broadband users need both a hardware firewall/router and a software firewall. • Dial-up users only need a software firewall.

  4. Uh… WHAT!? If all of this is Greek to you, check out the free “Home Computer Security and Privacy: Firewalls and Exploit Management” presentation at http://fdc.fullerton.edu/crispen/

  5. Our goals • Double-check your firewall’s effectiveness at preventing attacks. • Verify that your computer really does have all of the critical security patches from Microsoft or Apple. • Learn why up-to-date antivirus software is an absolute necessity. • Protect your computer from spyware and malware. • Do all of this in ENGLISH!

  6. Part One: Test your Firewall[s] How can you tell if your firewall is keeping the bad stuff out?

  7. Testing your firewall • The best way is to have a trusted entity attack it. • There are people called “white hat hackers” or “sneakers” who can do this for you…for a price. • That price is usually the same as the price of a mortgage payment in Beverly Hills. • Or you can do it yourself for free with both “Sygate Online Services” and Steve Gibson’s “Shields Up.”

  8. Sygate Online Services • Sygate is one of the biggest players in the corporate security market, and they also make one of the better software firewalls: Sygate Personal Firewall [http://smb.sygate.com/] • They also offer a free web tool called “Sygate Online Services” that probes your firewall[s] looking for vulnerabilities. • And since the scan is done online, it works with PCs, Macs, and *nix boxes.

  9. http://scan.sygate.com/ • scan.sygate.com • Click on the black “Scan Now” button. • This starts something called the “Prescan.”

  10. Sygate prescan The first three bits of information—your IP address, your operating system, and the name of your web browser—are [more or less] “public” information.

  11. IP and OS and browser, oh my! • If you have a router with NAT, that isn’t your IP address anyway. It’s your router’s. • Your operating system and browser information came from the HTTP GET packet your browser sent when it requested the Sygate web page. • See http://www.rexswain.com/httpview.html or http://www.ipchicken.com/ if you don’t believe me. • “There’s nothing to see here. Move along.”

  12. The important stuff • Don’t worry if Sygate can see your computer’s IP address, operating system, or the name of your web browser. • BUT, if Sygate’s can see your computer name or the services running on your computer, your computer could potentially have a serious security problem.

  13. Windows file and printer sharing Windows comes with a built-in service called “File and Printer Sharing for Microsoft Networks.” • File sharing lets you make files and folders in a shared folder accessible to others on your home network to view, copy, or modify. • Printer sharing lets you share a printer with all the other computers on your home network. • Check out http://tinyurl.com/ywh8q for more information

  14. Your files, now available online • Unless you are really careful, your computer may be sharing your files with everyone on the Internet. • How can you tell? • Scan “port 139” on your computer to see: • If file and printer sharing turned on; and • If those shares are accessible from the Internet.

  15. Grandma, what big pipes you have! • You connect to the Internet through a single wire—a telephone line, a coaxial cable, etc. • That one wire carries everything: Web pages, instant messages, emails, spam, etc. • How does your computer sort through the wire’s incoming data and forward that data to the appropriate software applications? • Well, your computer uses something called “ports.”

  16. Ports • Ports don’t exist in the physical world. • They’re “pretend” addresses inside of your computer that your computer uses to route incoming data to the appropriate software application. • Port 80 forwards to your web browser. • Port 110 forwards your email program. • Port 5190 forwards to AIM. • How many of these pretend addresses [or ports] are there? Officially, up to 69,536. Source: http://www.iana.org/assignments/port-numbers

  17. The potential danger of port 139 • Crackers and script kiddies LOVE port 139, the port used by Windows file and printer sharing. • Cracker and script kiddies have software that scans thousands of Internet connections looking for Windows file and printer shares accessible through port 139. • If the cracker or script kiddie maps to that share, he’s in. It’s as if he was sitting in front of your computer [although, in reality, he can only access the stuff that is being shared.]

  18. Peek-a-boo! We ALL see you! • Your goal is to have Sygate Online Services to tell you that it was both • Unable to determine your computer name; and • Unable to detect any running services. • If Sygate can’t see your computer, neither can the crackers.

  19. Uh-oh! • But if Sygate can see you, it means that • You don’t have a firewall. • If you do have a firewall, it either isn’t working or isn’t properly configured. • File and Printer Sharing for Microsoft Networks may be sharing your personal files with the entire planet. • To fix your firewall • Check your firewall’s setup instructions. • Visit the support section of your firewall manufacturer’s web site.

  20. Fixing file and printer sharing To fix the File and Printer Sharing for Microsoft Networks problem, • Call both your Internet Service Provider’s and your school’s/employer’s helpdesks and ask them: “Can you think of any reason why I shouldn’t disable NetBIOS over TCP/IP on my home computer?” • If the answer is yes, ask for a handout showing you how to secure your NetBIOS over TCP/IP connection. • If the answer is no, disable NetBIOS over TCP/IP. You don’t need it.

  21. Disabling NetBIOS over TCP/IP See http://comp.bio.uci.edu/security/netbios.htm for instructions on how to disable NetBIOS over TCP/IP.

  22. Wait. There’s more. Once Sygate Online Services’ prescan gives you a clean bill of health, there are four more scans you need to run. • Stealth Scan • Trojan Scan • TCP Scan • UDP Scan

  23. Stealth Scan • This re-runs the prescan using common cracker stealthing techniques to try to sneak past your firewall. • Takes about 30 seconds.

  24. What you’re looking for • Your goal is to have the Stealth Scan tell you that all of the ports it scanned are "blocked." • However, if Sygate tells you that a particular port is "Closed" instead of blocked, you could have a problem. • Sygate is telling you that while it couldn't break into that particular port it could still see it. • Remember: If a port can been seen it can be attacked. • You need to IMMEDIATELY check your firewall's setup instructions or the manufacturer's web site to find out how to "stealth" that particular port.

  25. Beware of G[r]eeks bearing gifts • After the Stealth Scan run a Trojan Scan. • A Trojan Horse is a type of virus that masquerades as a legitimate program but contains a payload that can damage your computer. • Many Trojan Horses have backdoors—they attach themselves to a particular port to listen for an activate command from the internet. • See http://scan.sygate.com:443/cgi-bin/probe/trojans.cgi for more information

  26. Trojan Scan • Sygate's Trojan Scan searches through over 65,000 ports looking for Trojan Horses hiding on your computer. • Takes about 20 minutes

  27. What you’re looking for • If your firewall is working properly, there won't be anything for Sygate to scan so it will angrily give up. • BUT, if Sygate finds a Trojan Horse on your computer • Write the name of the Trojan Horse on a piece of paper • Go to http://www.symantec.com/avcenter/vinfodb.html and search for that Trojan's removal instructions.

  28. TCP Scan • Sygate’s TCP Scan checks if any of the first 1,024 ports on your computer are both open for attack and visible to crackers. • Can take up to 45 minutes.

  29. What you’re looking for • If your firewall is working properly, Sygate will [eventually] tell you that all of your first 1,024 TCP ports are closed to outside attack. • BUT, If Sygate tells you that a particular port is "Open," immediately check your firewall's setup instructions or the manufacturer's web site to find out how to both close and stealth that particular port.

  30. UDP Scan • Besides TCP ports your computer also has UDP ports. • Sygate’s UDP Scan tells you if any UDP ports on your computer are both open for attack and visible to crackers. • Can take up to 20 minutes.

  31. What you’re looking for • Like with the previous scans, you’re hoping that Sygate tells you your firewall blocked all of its probes. • BUT, if Sygate tells you your firewall isn't blocking UDP ports, check your firewall's setup instructions or the manufacturer's web site.

  32. Done? • Once you've run all the firewall tests at Sygate Online Services you're done, right? • Not exactly. • To be COMPLETELY sure your firewall is protecting your computer, you really need to test your firewall one more time using a different tool: Steve Gibson's “Shields Up.”

  33. Shields Up! • grc.com or search for “Shields Up” • Click on the file sharing, common ports, all service ports, and messenger spam buttons to test those particular vulnerabilities.

  34. DONE! • Once you've tested your firewall[s] with both Sygate Online services and Shields Up—and once you've received a clean bill of health from both—you can pretty much forget about your firewall[s]. • It's as squared away as it's going to get. • The next step is to double-check Windows Update / Apple Software Update.

  35. Part Two: Run Windows Update, Apple Software Update, and MBSA Close the known operating system vulnerabilities

  36. How to patch Windows • When Microsoft finds a security hole in Windows or Internet Explorer, they [usually/eventually] release a patch called a “Critical Update.” • In Internet Explorer, go to Tools > Windows Update. • Click on Scan for updates.

  37. How to patch the Apple OS • Apple menu > Software Update • To get updates immediately: • Choose System Preferences from the Apple menu. • Choose Software Update from the View menu. • Click Update Now. • In the Software Update window, select the items you want to install, then click Install. Image courtesy Apple.com

  38. Manually run Windows Update or Apple Software Update at least once a week. Your computer should, by default, automatically check for updates. That’s cool, but also run the update manually just to be safe.

  39. A dirty Microsoft secret • Windows Update lies. • It frequently thinks you’ve installed a critical update you haven’t, leaving your computer vulnerable. • That’s where Microsoft’s Baseline Security Analyzer [MBSA] comes in.

  40. MBSA 1.2.1 MBSA is a free program from Microsoft that scans for over 60 common system misconfigurations and almost any Microsoft security update your computer may be missing.

  41. What MBSA does • MBSA double-checks the security of • Windows (*) • Microsoft Office 2000 and later • Internet Explorer 5.01 and later • Windows Media Player 6.4 and later • A bunch of other Microsoft applications and services • MBSA analyzes, you fix. • MBSA tells you what’s wrong and points you to the solution. • You have to apply the solution.

  42. Bad news/good news • (*) MBSA only works on Windows XP, 2000, and Server 2003. • It was designed for corporate tech support, but there is no reason why you can’t use it at home. • Oh, and it’s free. • To get the latest version of Microsoft’s MBSA, • Search for “microsoft mbsa” at Google. • The first hit—Microsoft Baseline Security Analyzer V1.2.1—takes you to the download page.

  43. Running MBSA • Once you’ve downloaded and installed MBSASetup-EN.msi, double-click on the MBSA “watering can” [padlock and checkmark] icon • This opens the MBSA welcome screen. • Click Scan a computer.

  44. Running MBSA • On the next screen, don’t change anything. • Make sure you are connected to the Internet and then click Start scan. • MBSA calls home to Microsoft and downloads something called “MSSecure.cab” • This file contains information about practically every patch Microsoft has released.

  45. How MBSA really works • MBSA scans your computer’s operating system, operating system components, and Microsoft applications. • MBSA then compares the version numbers of the stuff on your computer with the latest version numbers in the MSSecure.cab file. • Finally, MBSA shows you which updates your computer is missing.

  46. Translating the security report

  47. Failures • Critical failures [red Xs] require you to immediately install a patch or update to ensure the strongest security of your computer. • Non-critical failures [yellow Xs] happen when there is a newer version of something available, but you don’t really have to upgrade…yet. • Best practices [blue asterisks] could signify a problem—MBSA can’t confirm that those particular security updates have been installed.

  48. What’s important and what isn’t • MBSA’s security report has seven sections, and you only have to worry about two: • Security Update Scan Results [at the top of the report] • Desktop Application Scan Results [at the very bottom] • The five sections in the middle don’t really apply to home users. • Problems here are important but rarely critical. • You can fix the problems in the middle five sections if you want, but you don’t have to.

  49. Fixing the critical failures • Remember, MBSA analyzes, you fix. • To find a fix for a critical failure in Security Update Scan Results or Desktop Application Scan Results, click on the Result Details link next to that critical failure.

  50. Result details • This shows you exactly what’s missing or is misconfigured. • Click on each link and it opens a page in Internet Explorer telling you how to download the appropriate patch. • REMEMBER TO INSTALL THE PATCHES AFTER YOU DOWNLOAD THEM! • MBSA won’t do it for you.

More Related