1 / 159

Workstation Security – Privacy and Protection from Hackers

Workstation Security – Privacy and Protection from Hackers. ISECON2002 Nov 2, 2002 Bruce P. Tis, Ph.D. Simmons College Boston, MA. Outline . Goals Introduction Attacks/Threats Malware – viruses, worms, Trojan horses and others Privacy - Cookies/Spyware Firewalls

chip
Download Presentation

Workstation Security – Privacy and Protection from Hackers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Workstation Security – Privacy and Protection from Hackers ISECON2002 Nov 2, 2002 Bruce P. Tis, Ph.D. Simmons College Boston, MA

  2. Outline • Goals • Introduction • Attacks/Threats • Malware – viruses, worms, Trojan horses and others • Privacy - Cookies/Spyware • Firewalls • Steps for protecting yourself • Interesting Web Sites • What Haven’t We Covered

  3. Goals • Raise your consciousness regarding the need for information security at the workstation level • Review basic terminology and concepts • Discuss threats and how to resist them • Verifying workstation’s ability to resist an attack

  4. Introduction

  5. What is security? • Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer system or network.

  6. Cryptology Forensics Standards Management of security/policies Authentication Intrusion Detection Hacking Privacy Legal and Ethical issues IP Security WEB Security Network Management Malware Firewalls Topics Include

  7. Why do we need to be concerned about security • Economic loss • Intellectual Property loss • Privacy and Identity Theft • National Security

  8. Economic Loss • Kevin Mitnick’s hacking spree allegedly cost companies $291 million • Economic impact of recent malware • LoveLetter and CodeRed $2.6 billion each • Sircam $1.3 billion • Computer Economics estimates that companies spent $10.7 billion to recover from virus attacks in 2001

  9. Radicati Group Inc study of economic impact of malware

  10. CERT • Computer Emergency Response Team Coordination Center (CERT) reports security incidents • An incident may involve one site or hundreds (or even thousands) of sites. Also, some incidents may involve ongoing activity for long periods of time.

  11. Intellectual Property • Music piracy • Software piracy • Research data piracy • Industrial espionage

  12. Privacy and Identity Theft • 300,00 credit cards stolen at CD Universe • Identity theft has reached epidemic proportions and is the top consumer fraud complaint in America • Losses to consumers and institutions due to identity theft totaled $745 million in 1997, according to the U.S. Secret Service. • An estimated 700,000 consumers became victims of identity theft during 2001 at a cost of $3 billion. • Estimate of 900,000 for 2002.

  13. National Security • Los Alamos loses top-secret hard drive • January 1990 AT&T long-distance telephone switching system was crashed for nine hours and approx 70 million calls went uncompleted • Distributed attack on the 13 root DNS servers two weeks ago • September 11 !!!!!!!!!!!!!!!!!!!!!!!

  14. The National Strategy to Secure Cyberspace draft issued in September 2002 clearly puts responsibility on the end user to protect his/her personal computer from hackers • Consumer education Web site http://www.ftc.gov/bcp/conline/edcams/infosecurity/ • National Cyber Security Alliance http://www.staysafeonline.info

  15. Attacks and Threats

  16. Attacks/Threats • Physical • Access • Modification • Denial of Service • Repudiation • Invasions of Privacy

  17. Physical Attacks • Hardware theft • File/Information Theft • Information modification • Software installation

  18. Access Attacks • Attempt to gain information that the attacker is unauthorized to see • Password pilfering • An attack against confidentiality • Snooping • Eavesdropping • Interception

  19. Modification Attacks • An attempt to modify information an attacker is not authorized to modify • An attack against information integrity • Changes • Insertion • Deletion

  20. Denial-Of-Service Attacks • Deny the use of resources to legitimate users of a system • Denial of access to information • Denial of access to applications • Denial of access to systems • Denial of access to communications

  21. Repudiation Attacks • Attack against the accountability of information i.e. and attempt to give false information or to deny that a real event or transaction has occurred • Masquerading • Denying an event

  22. Privacy Attacks • Collection of information about • you • your computer configuration • your computer use • your surfing habits

  23. Security Services • Security services are used to combat attacks • Confidentiality (access) • Integrity (modification, repudiation) • Availability (denial of service) • Accountability ( access, modification, repudiation) • Security mechanisms implement services i.e. cryptography

  24. Malware Trap Door Logic Bombs Trojan Horses Worms Bacteria Viruses Mobile Code

  25. Malware – collection of techniques/programs that produce undesirable effects on a computer system or network • Differentiate based on • Needs host program • Independent • Replicate • Don’t replicate

  26. Malware Needs Host Program Independent Trapdoor Virus Bacteria Worms Logic Bomb Trojan Horse

  27. Trap Doors • Secret entry point to a program that bypasses normal security access procedures • Legitimate for testing/debugging • Recognizes some special input, user ID or unlikely sequence of events • Difficult to detect at use • Must detect during software development and software update

  28. Logic Bombs • Code embedded in legitimate program that is set to explode when certain conditions met • Presence/absence certain files • Date • Particular user • Bomb may • Alter/delete files • Halt machine • Other damage

  29. Trojan Horses • Apparently useful program or command procedure containing hidden code which performs harmful function • Trick users into running by disguise as useful program • Doesn’t replicate itself • Used to accomplish functions indirectly that an unauthorized user not permitted • Used for destructive purposes

  30. Backdoor Trojans • Opens backdoor on your computer that enables attackers to remotely access and control your machine • Also called remote access Trojans • Attackers find your machine by scanning ports used by Trojan • Common backdoor Trojans • Back Orifice • NetBus

  31. Most anti-virus tools detect Trojans • Can also check open TCP ports against list of known Trojan ports • Type netstat –an command • Look at listening ports • Lists of known Trojan port numbers available via Google search

  32. Worms • Programs that use network connections to spread from system to system • Once active on a system can behave as another form of malware • Propagates • Search for other systems to infect • Establish connection with remote system • Copy itself to remote system and executes

  33. The Great Worm • Robert Morris released the most famous worm in 1988 • Crashed 6000 machines on the Internet (10%) • Exploited bug in fingerd program • Bug in worm crashed machines which prevented the worm from spreading • Estimated damage $100 million • Three years probation, 400 hrs community service , $10,500 fine

  34. Worm – Code Red • Scans Internet for Windows NT or 2000 servers running IIS minus patch • Copies itself to server • Replicate itself for the first 20 days of each month • Replace WEB pages on infected servers with a page that declares Hacked by Chinese • Launch concerted attack on White House Web server to overwhelm it

  35. Bacteria • Programs that do not explicitly damage files • Sole purpose is to replicate themselves within a system • Reproduce exponentially taking up • Processor capacity • Memory • Disk space

  36. Viruses • Infect other programs by modifying them • First one written in 1983 by USC student Fred Cohen to demonstrate the concept • Approximately 53,000 exist • Modification includes copy of virus

  37. Virus Structure • Usually pre-pended or postpended to executable program • When program invoked virus executes first, then original program • First seeks out uninfected executable files and infects them • Then performs some action

  38. How Virus are spread • Peer to peer networks • Via email attachments • Via media • FTP sites • Chat and instant messaging • Commercial software • Web surfing • Illegal software

  39. Types of Viruses • Parasitic • Traditional virus and most common • Attaches itself to executable files and replicates • Memory resident • Lodges in memory are part of OS • Infects every program that executes

  40. Boot sector • Infects mast boot record or boot record • Spreads when system boots • Seldom seen anymore • Stealth • Designed to hide itself from detection by antivirus software

  41. Polymorphic • Mutates with every infection • Functionally equivalent but distinctly different bit patterns • Inserts superfluous instructions or interchange order of independent instructions • Makes detection of signature of virus difficult • Mutation engine creates random key and encrypts virus • Upon execution the encrypted virus is decrypted and then run

  42. Metamorphic • Structure of virus body changed • Decryption engine changed • Suspect file run in emulator and behavior analyzed

  43. Mobile Code • Programming that specifies how applications exchange information on the WEB • Browsers automatically download and execute applications • Applications may be viruses

  44. Common forms • Java Applets – Java code embedded in WEB pages that run automatically when page downloaded • ActiveX Controls – similar to Java applets but based on Microsoft technology, have total access to Windows OS

  45. New threat (potential) of including mobile code in MP3 files • Macros – languages embedded in files that can automatically execute commands without users knowledge • JavaScript • VBScript • Word/Excel

  46. Macro Viruses • Make up two thirds of all viruses • Platform independent • Word documents are the common vehicle rather than executable code • “Concept” 1995 first Word macro virus • Easily spread

  47. Technique for spreading macro virus • Automacro / command macro is attached to Word document • Introduced into system by email or disk transfer • Document opened and macro executes • Macro copies itself to global macro file • When Word started next global macro active

  48. Melissa Virus March 1999 • Spread in Word documents via email • Once opened virus would send itself to the first 50 people in Outlook address book • Infected normal.dot so any file opened latter would be infected • Used Visual Basic for applications • Fastest spreading virus ever seen

More Related