1 / 53

CSCD 303 Essential Computer Security Winter 2014

CSCD 303 Essential Computer Security Winter 2014. Lecture 15 Internet Security Always Wear Protection Reading: See links in Notes. Overview. Browser Protection Badsite identification Phishing and Malware Sites Built-in Protection Browser Add-ons Third Party Programs

tucker-bender
Download Presentation

CSCD 303 Essential Computer Security Winter 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCD 303Essential ComputerSecurity Winter 2014 Lecture 15 Internet Security Always Wear Protection Reading: See links in Notes

  2. Overview Browser Protection Badsite identification Phishing and Malware Sites Built-in Protection Browser Add-ons Third Party Programs Virtual Environment

  3. Browser Filters for Phishing Sites and Malware

  4. Browsers That Beefed up Security It did not go unnoticed that the Web had some vulnerability problems … so, browsers began to have their own built-in security This type of security feature I have called filters Lists of sites known to be bad … and screening of content for potential problems. Following browsers use this type of filter: Internet Explorer 8 and up, Firefox 3 and up, Google Chrome 4 and up, Apple's Safari 4, and Opera 10 Include features that block sites known to host malware and malicious downloads

  5. Smartscreen in IE SmartScreen technology in Internet Explorer 8 blocks known-malicious downloads as well as bad URLs How are they doing this? SmartScreen Filter Checks websites against a dynamically updated list of reported phishing and malware sites. Checks software downloads against a dynamically updated list of reported malicious software sites Helps prevent you from visiting phishing websites and other websites that contain malware

  6. IE 7 - Phishing Filter IE 8 - Smartscreen When you visit a Web site, IE7 first checks local 'safe list' If URL is there or it appears in the local cache, things will go no further If Phishing Filter enabled, IE transmits details of URL being visited for checking ... From that time on, IE7 will maintain a dynamic cache of sites that have already been checked by Phishing Filter for period of time Phishing Filter evolved in IE 8 into SmartScreen

  7. More Details SmartScreen Other features Can check a site manually with Smartscreen Can report that a site is not malicious Can report a site that is malicious … phishing or other

  8. IE 7

  9. IE 8 and Up Smartscreen With SmartScreen Filter, attempt to visit website that has been reported, the screen below appears and advises you not to continue to the unsafe website http://www.microsoft.com/security/filters/smartscreen.aspx http://windows.microsoft.com/en-us/internet-explorer/use-smartscreen-filter#ie=ie-10

  10. IE 8 and Beyond Other new security features in IE 8 ... Include automatic blocking of click-jacking and cross-site scripting attacks, Automatic crash recovery, and highlighting of the actual domain name in the address bar Look more closely at XSS attack blocking ...

  11. IE 8 XSS Filter, a feature new to Internet Explorer 8, detects JScript in URL and HTTP POST requests If JScript is detected, XSS Filter searches evidence of reflection, Information that would be returned to the attacking Web site if attacking request were submitted unchanged If reflection is detected, XSS Filter sanitizes original request so that additional JScript cannot be executed

  12. IE 8 Continued Page is modified and XSS attack is blocked Users are NOT presented with a question about what they would like to do in this case (a question most users would be unable to answer)‏ Internet Explorer simply blocks the malicious script from executing http://msdn.microsoft.com/en-s/library/dd565647%28VS.85%29.aspx IE 8 Demo Site shows how this works http://www.ie8demos.com/tryit/

  13. XSS May have some Problems However, some users, mostly developers appear to have questions about how the XSS scripts are being detected and how the filter works. There is inconsistent behavior reported Read about it here: http://stackoverflow.com/questions/2051632/ie8-xss-filter-what-does-it-really-do

  14. Safari and Opera Apple's Safari browser added phishing and malware blocking in version 3.2, released in late 2008 http://www.apple.com/safari/features.html#security Opera's Fraud Protection predates phishing and malware filters in IE and Firefox and is enhanced in the latest Version 10 Fraud and Malware Protection, warns you about suspicious webpages by checking the page you request against a database of known “phishing” and “malware” websites http://www.opera.com/security/

  15. Firefox and Chrome Firefox's built-in antiphishing tool Claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page Firefox uses Google's Safe Browsing service to automatically block sites that are known to host malware We can check out how they do this ... http://www.google.com/tools/firefox/safebrowsing/faq.html

  16. Firefox and Chrome If you use Chrome browser and you have Safe browsing mode enabled … we will review the steps Google Chrome contacts servers at Google, approximately every half hour, to download updated lists of suspected phishing and malware websites Lists are being stored on your PC !!!! When you surf, each site you browse is being checked against these black lists locally This is designed to offer performance If requested site is in black list Warning message appears stating that requested site is suspected phishing site or malicious site and user can choose to go back to safety Safe?

  17. Chrome and Firefox Safe Browsing See any problems with this? Raises questions about privacy Bloggers have noticed ... every few hours when update of black lists pushed out Two parameters are being sent to Google servers – “machineid” and “userid” Computed information based on machine/user information Information is sent along with other browser information to ask Google if they should download an update Information can be used for tracking. Google states it will not use any of personal information being collected!

  18. Browser Add-ons and Extensions Now, look at browser extensions which are added features you can download that incorporate into the browsers themselves Or, add-on programs developed from third party people that help keep you safe ...

  19. Google Chrome Based Browsers Browsers these days are developed in “families” Chromium browsers are all based on the open-source Chromium browser project Anyone can take Chromium’s source code modify it to build their own browser Several browsers claim superior privacy capabilities over Google Chrome Comodo Dragon and SRWare Iron So, what do these browsers offer ?

  20. Google Chrome Based Browsers Comodo Dragon, http://www.comodo.com/home/browsers-toolbars/browser.php and SRWare Iron, http://www.srware.net/en/software_srware_iron_download.php Don't have privacy concerns of Google Chrome This page discusses these at length, http://geeky.info/iron-browser-a-google-chrome-alternative/ All code has been screened by developers of these products to make sure that these privacy concerns have been removed Also, Comodo Dragon comes with option to enable Comodo Secure DNS, which will automatically stop you from connecting with most malicious sites

  21. Google Chrome Based Browsers Settings Go to settings and, at bottom of page, select the option to "Show advanced settings" Then select option to "Check for server certificate revocation" SRWare Iron is the same also select option to "Enable phishing and malware protection" No changes are required for Comodo Dragon

  22. Google Based Browsers Extensions Also is available to some other browser families ... HTTPS Everywhere, https://www.eff.org/https-everywhere Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure … from EFF Do Not Track Me, https://chrome.google.com/webstore/detail/donottrackme-online-priva/epanfjkfahimkgomnigadpkobaefekcd?hl=en#detail/donottrackme-online-priva/epanfjkfahimkgomnigadpkobaefekcd?hl=en This will help to stop third-parties, ad agencies, and search engines from tracking the webpages you visit Claim to stop over 600 tracking companies from tracing you

  23. Google Chrome Add-ons Following add-ons are recommended Web of Trust, http://www.mywot.com/ Covers the screen with a warning and waits for you to decide whether to stay or leave. If you combine this with your own good sense then you will be protected from many online dangers BitDefender TrafficLight, http://trafficlight.bitdefender.com/extensions.html With this installed if you happen upon a dangerous site, which is blacklisted by BitDefender, it will block the page from loading Adblock Plus for Google Chrome, https://chrome.google.com/webstore/detail/cfhdojbkjhnklbpkdaibdccddilifddb After installing this it will load a page. Near the bottom you can select which additional lists you would want to use

  24. Google Chrome Add-ons ScriptSafe, https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en This add-on will block nearly all scripts, and other possibly dangerous content, from executing This means that even if you stumble onto a dangerous site you cannot be attacked unless you manually add scripts on that site to your whitelist

  25. Firefox Family of Add-ons Browsers built on Firefox codebase Firefox, Comodo IceDragon, Pale Moon, and Waterfox BitDefender TrafficLight http://trafficlight.bitdefender.com/extensions.html With this installed if you happen upon a dangerous site, which is blacklisted by BitDefender, it will block the page from loading. These include malicious pages, phishing sites, and fraudulent sites.

  26. Firefox Family of Add-ons More Add-ons Secret Agent, https://www.dephormation.org.uk/index.php?page=81 Will impede most of the fingerprinting-based tracking that is used to track users After installed it will continually randomize your browser profile. Thus it is not possible to fingerprint your actual browser

  27. Other Browser Addon Programs Netcraft toolbar Add-in to IE and Firefox on Windows, Linux, Mac Uses community identification of bad sites to block access to phishing sites http://toolbar.netcraft.com/ Rated at about 75% for finding phishing sites http://www.securiteam.com/securityreviews/6H00W00HFK.html

  28. Other Browser Add-ons Noscript http://noscript.net/ NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers Free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities

  29. Spyware Prevention Spyware Don't allow it to get on your computer in the first place Much like other Malware anti-programs, spyware prevention programs are necessary Spyware programs are specific to spyware

  30. Spyware Solution • Spybot - Search and Destroy • Excellent utility • Like virus checker • Search your computer for known Spyware and Hijackers and remove them from your system • Scans registry, files, cookies, and other storage places against a large database of known offenders • http://www.safer-networking.org/index.php?page=spybotsd

  31. Adware Solution • Ad-Aware • Another excellent piece of software for removal of Spyware and Hijackers • Same features as Spybot, was one of the first programs to be created for removal of these types of programs and is recommended to use this software as well as Spybot http://www.lavasoftusa.com/support/download/

  32. Prevent Getting Infected • Browser Protectors IE • SpywareBlaster from Javacool Software allows you to protect your browser from risks of future infection by immunizing your system • Program contains a huge list of known malicious cookies, ActiveX controls, and web sites which it enters into your registry and browser settings • You can not run these programs in the future, download programs from certain sites, or accept cookies from known ad servers without notification http://www.bleepingcomputer.com/tutorials/tutorial49.html

  33. Private Browsing Next few slides cover private browsing to keep you safe from everyone … except maybe Google !!!

  34. Private Browsing IE 8 also lets you control information about your browsing habits that's shared with Web tracking services Firefox also has private browsing feature Tools > Start Private Browsing, or simply You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy Check "Automatically start Firefox in a private browsing session” Firefox will not save any data about which sites and pages you have visited. You can open an incognito window in Google Chrome Opera as of 10.6 also has this private capability Overview of all these Browsers Below http://browsers.about.com/od/faq/tp/Private-Browsing.htm

  35. Private Browsing Does Private browsing keep you anonymous on the Internet? NO!! Private Browsing prevents information from being recorded on your computer. It does not make you anonymous on the Internet.

  36. Private Browsing Privacy with Browsers However, Google’s search engine records your searches and aggressively tracks you. So do many of the other top search engines. For this reason, suggest that you might want alternative search engine Some of the following use Google's search engine but prevent Google from tracking you

  37. Private BrowsingSearch Engines One of the best anonymous search engines is called StartPage This search engine allows you to search using Google's search engine, but it blocks Google's ability to track you. Its not quite as powerful as using Google alone, but it's a good search engine https://startpage.com/eng/protect-privacy.html

  38. Private BrowsingSearch Engines The same company that makes StartPage also makes a search engine called Ixquick This gathers its results from many different sources and thus may be even more useful than StartPage Link to Ixquick is here: https://www.ixquick.com/eng/aboutixquick/

  39. Private BrowsingSearch Engines Another very good option is called DuckDuckGo. This search engine will also not record any information about your searches DuckDuckGo gathers its search results from a compilation of many sources It also displays possible answers to the question you asked right at the top of the results page. It can be a very useful search engine Link here: http://duckduckgo.com/about.html

  40. Containing Browsers in a Sandbox Similar to Java Language, browsers can be contained to run with restricted priviledges

  41. Google Chrome Sandbox Google Chrome Sandbox leverages OS-provided security to allow code execution that cannot make persistent changes to the computer or access information that is confidential Sandbox architecture is dependent on the operating system All the following Google Chrome, Comodo Dragon, and SRWare Iron use the sandbox http://www.chromium.org/developers/design-documents/sandbox

  42. Google Chrome Sandbox Chrome Sandbox The sandbox uses the security features of Windows extensively ... does not reinvent any security model All processes have access token Access token is like an ID card, contains information about owner of the process, the list of groups that it belongs to and a list of privileges Each process has its own token, and the system uses it to deny or grant access to resources.

  43. Google Chrome and HTML5 http://blog.chromium.org/2010/05/security-in-depth-html5s-sandbox.html Chrome is first browser to include support for new HTML5 feature that lets web developers reduce privileges of parts of their web pages by including a "sandbox" attribute in iframes: <iframe sandbox src="http://attacker.com/untrusted.html"></iframe> When displaying untrusted.html in a sandboxed iframe, browser renders untrusted.html with reduced privileges (e.g., disabling JavaScript and popups), similar in spirit to how Google Chrome sandboxes its rendering engine

  44. However, Google Chrome SandboxEasily Defeated in Pwn2Own "We wanted to show that Chrome was not unbreakable. Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year," he said During the hack, Bekrar created a web page booby-trapped with his exploit Once the target machine visited the page, the exploit ran and opened the Calculator (calc.exe) app outside of the sandbox." "There was no user interaction, no extra clicks. Visit site, popped box." VUPEN will sell rights to one of zero-day vulnerabilities but company says it won't give up the sandbox escape. "We are keeping that private, keeping it for our customers." http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588

  45. Restrict Browser Environment Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer Like a virtual machine For Windows 32 bit OS up through Windows 7 http://www.sandboxie.com/

  46. Change Browser Environment Download free Vmware Player http://www.vmware.com/products/player Creates a virtual environment Download a free file, Browser Appliance Runs a version of Ubuntu Linux running Firefox http://www.lucidtips.com/2008/03/29/secure-browsing-using-vmware-browser-appliance/ Why do this? You isolate any Internet dangers, that could infect your computer – all is contained within memory of VmWare Player No spyware, no malware

  47. Change the BrowserEnvironment Can also do this with Virtual Box They have browser appliances that can be automatically installed in a Virtual box VM Following list are mostly linux based desktop OS's with firefox installed http://virtualboximages.com/Firefox+Pre-Installed+VirtualBox+Images

  48. Commercial Security Products

  49. ZoneAlarm Extreme Security 2010 Web browsing, ZoneAlarm Extreme Security 2010 provides multiple layers of download protection User downloaded files are first subject to traditional signature scanning If nothing is found, an additional layer of protection is available which sequesters the download in a virtual sandbox until the user releases it Properly used, this additional layer of protection can protect against both hostile drive-by downloads and malware downloads that occur as a result of a lapse in judgement (perhaps as the result of a social engineering scam) http://www.zonealarm.com/security/en-us/zonealarm-extreme-security-hde.htm

  50. Avira Antivirus Premium Avira AntiVirus Premium not only combats viruses, worms, Trojans, rootkits, phishing, adware and spyware, but also protects you while surfing, thanks to the Web Guard, Anti Drive-by and Mail Guard AntiRootkit against hidden rootkit threats AntiDrive-by prevents against downloading viruses when surfing MailGuard enhanced email protection WebGuard protection against malicious websites RescueSystem create a bootable rescue CD http://www.avira.com/en/for-home

More Related