720 likes | 906 Views
Lesson 1-Introduction and Security Trends. Background. Terrorists have targeted people and physical structures. The average citizens are more likely to be the target of an attack on their computers than they are to be the direct victim of a terrorist attack. Background.
E N D
Background • Terrorists have targeted people and physical structures. • The average citizens are more likely to be the target of an attack on their computers than they are to be the direct victim of a terrorist attack.
Background • This presentation addresses the issues surrounding why people should be concerned about computer and network security. • It also introduces a number of issues involved in securing computers and networks from a variety of threats utilizing different attacks.
Objectives Upon completion of this lesson, the students will be able to: • List and discuss the recent trends in computer security. • Describe simple steps to minimize the possibility of an attack on a system. • Describe the various types of threats that exist for computers and networks. • Discuss recent computer crimes that have been committed.
Yesterday and Today • Fifty years ago: • Few people had access to a computer system or a network • Securing these systems was easier. • Companies did not conduct business over the Internet. • Today, companies rely on the Internet to operate and conduct business.
The Security Problem • Networks are used to transfer vast amounts of money in the form of bank transactions or credit card purchases. • When money is transferred via networks, people try to take advantage of the environment to conduct fraud or theft.
Comparisons • Comparisons indicate that: • Average bank robbery amounts to $2,500. • Average bank fraud amounts to $25,000. • Average computer crime amounts to $500,000. • Computer crime loss amounts to $5 - $10 billion annually.
The Security Problem • There are various ways to attack computers and networks to take advantage of what has made shopping, banking, investment, and leisure pursuits a matter of “dragging and clicking” for many people. • Identity theft is common today.
Security Incidents • By examining some of the crimes that have been committed over the last dozen or so years, we can: • Understand the threats and the security issues that surround the computer systems and networks.
F.B.I. Statistics • Of all the computer crimes, only 1% are detected, and 7% of the detected crimes are reported. • Jail sentences, which are usually short-term, amount to only 3%. • A 75% increase per year has been reported in computer intrusions. • Computer crime has increased to 36%.
Security Incidents • Electronic crime can take different forms. • The two categories of electronic crimes are: • Crimes in which the computer is the target of the attack. • Incidents in which the computer is a means of perpetrating a criminal act.
The Morris Worm (November 1988) • Robert Morris, a graduate of Cornell University, released The Internet Worm (or the Morris Worm). • The worm infected 10 percent of the machines (approximately 6,000) connected to the Internet at that time. • The virus caused an estimated $100 million in damage, though this number has been the subject of wide debate.
Citibank and Vladamir Levin (June – October 1994) • From June 1994 through October, Vladimir Levin, of St. Petersburg, made a number of bank transfers. • When he and his accomplices were caught, they had transferred an estimated $10 million. • Eventually all but about $400,000 was recovered. • Levin reportedly accomplished the break-ins by dialing into Citibank’s cash management system.
Kevin Mitnick (February 1995) • Kevin Mitnick’s computer activities occurred over a number of years from the 1980’s through 1990’s. • Mitnick admitted to having gained unauthorized access to a number of computer systems belonging to companies such as Motorola, Novell, Fujitsu, and Sun Microsystems.
Omega Engineering Timothy Lloyd (July 1996) • On July 30, 1996, a software “time bomb” at Omega Engineering deleted all design and production programs of the company. This severely damaged the small company forcing the layoff of 80 employees. • The program was traced back to Timothy Lloyd who had left it in retaliation for his dismissal.
Jester and the Worcester Airport (March 1997) • In March 1997, airport services to the FAA control tower as well as emergency services at the Worcester Airport and the community of Rutland, Massachusetts, were cut off for six hours. • This disruption occurred as a result of a series of commands sent by a teenage computer “hacker” who went by the name of “jester.” • The individual gained unauthorized access to the “loop carrier system” operated by NYNEX.
Solar Sunrise (February 1998) • During a period of increased tensions between the United States and Iraq and subsequent military preparations, a series of computer intrusions occurred at a number of military installations in the United States. • Over 500 domain name servers were compromised during the attacks.
Solar Sunrise (February 1998) • It was difficult to track the actual origin of the attacks. This was because the attackers made a number of “hops” between different systems, averaging eight systems before reaching the target. • The attackers eventually turned out to be two teenagers from California and their mentor in Israel.
Melissa Virus (March 1999) • Melissa is the best known of the early macro type of virus that attaches itself to documents, which contain programs with a limited macro programming capability. • The virus was written and released by David Smith. • This virus infected about a million computers and caused an estimated $80 million in damages.
Melissa Virus (March 1999) • This virus clogged networks with the traffic and caused problems for e-mail servers worldwide. • It attached itself to Microsoft Word 97 and Word 2000 documents. • Whenever a file was opened, a macro caused it to infect the current host and also sent itself to the first fifty addresses in the individual’s address book. • To avoid infection by Melissa, users should not open the attached file.
Love Letter Worm (May 2000) • The worm spread via e-mail with the subject line “ILOVEYOU.” • The number of infected machines worldwide may have been as high as 45 million. • Similar to the Melissa virus, the Love Letter Worm spread via attachment to e-mails. In this case, instead of utilizing macros, the attachments were VBScript programs.
Code-Red Worm (2001) • On July 19, 2001, over 350,000 computers connected to the Internet were infected by the Code-Red worm. The incident took only 14 hours to occur. • Damages caused by the worm (including variations of the worm released on later dates) exceeded $2.5 billion. • The vulnerability exploited by the Code-Red worm had been known for a month.
Adil Yahya Zakaria Shakour (Aug 2001-May 2002) • Shakour accessed several computers without authorization, including: • Eglin Air Force Base (where he defaced the web site) • Accenture (a Chicago-based management consulting and technology services company) • Sandia National Laboratories (a Department of Energy facility) • Cheaptaxforms.com • At Cheaptaxforms.com, Shakour obtained credit card and personal information, which he used to purchase items worth over $7,000 for his own use.
Slammer Worm (2003) • The Slammer virus was released on Saturday, January 25, 2003. • It exploited a buffer-overflow vulnerability in computers running Microsoft's SQL Server or Microsoft SQL Server Desktop Engine. • This vulnerability was not new. • It had been discovered in July 2002. • Microsoft had released a patch for the vulnerability even before it was announced.
Slammer Worm (2003) • By the next day, the worm had infected at least 120,000 hosts and caused network outages and disruption of airline flights, elections, and ATMs.
Slammer Worm (2003) • Slammer-infected hosts generated 1TB of worm-related traffic every second. • The worm doubled in the number of infected hosts every 8 seconds. • It took less than ten minutes to reach global proportions and infect 90 percent of the possible hosts it could infect.
Threats to Security • In a highly networked world, new threats have developed. • There are a number of ways to break down the various threats.
Breaking Down Threats • To break down threats, users need to: • Categorize external threats versus internal threats. • Examine the various levels of sophistication of the attacks from “script kiddies” to “elite hackers.” • Examine the level of organization for the various threats from unstructured to highly structured threats.
Viruses and Worms • Employees in an organization may not follow certain practices or procedures because of which an organization may be exposed to viruses and worms. • However, organizations generally do not have to worry about their employees writing or releasing viruses and worms.
Viruses and Worms Viruses and worms: • Are expected to be the most common problem that an organization will face as thousands of them have been created. • Are also generally non-discriminating threats that are released on the Internet and are not targeted at a specific organization.
Hacking • The act of deliberately accessing computer systems and networks without authorization is called “hacking”. • The term may also be used to refer to the act of exceeding one’s authority in a system. • Intruders are very patient as it takes persistence and determination to gain access to a system.
Unstructured Threats • Attacks by individuals or even small groups of attackers fall into the unstructured threat category. • Attacks at this level are generally conducted over short periods of time (lasting at most a few months). • They do not involve a large number of individuals, and have little financial backing. • They do not include collusion with insiders.
Intruders • Intruders, or those who are attempting to conduct an intrusion, are of various types and have varying degrees of sophistication.
Script Kiddies • At the low end technically are script kiddies. • They do not have the technical expertise to develop scripts or discover new vulnerabilities in software. • They have just enough understanding of computer systems to be able to download and run scripts that others have developed.
Script Kiddies • Script kiddies are generally not as interested in attacking specific targets. • Script kiddies look for any organization that may not have patched a newly discovered vulnerability for which they have located a script to exploit. • At least 85 to 90% of the individuals conducting “unfriendly” activities on the Internet are probably accomplished by these individuals.
Sophisticated Intruders • These individuals are capable of writing scripts to exploit known vulnerabilities. • They are more technically competent than script kiddies. • They account for an estimated 8 to 12% of the individuals conducting intrusive activity on the Internet.
Elite Hackers • Elite hackers are highly technical individuals and are able to: • Write scripts that exploit vulnerabilities. • Discover new vulnerabilities. • This group is the smallest accounting for only 1 to 2% of the individuals conducting intrusive activity.
Insider Threats Insiders: • Are more dangerous than outside intruders. • Have the access and knowledge necessary to cause immediate damage to an organization.
Insider Threats • Most security is designed to protect against outside intruders and thus lies at the boundary between the organization and the rest of the world. • Besides employees, insiders also include a number of other individuals who have physical access to facilities.
Criminal Organizations • Criminal activity on the Internet at its most basic is not different than criminal activity in the physical world. • A difference between criminal groups and the “average” hacker is the level of organization that criminal elements may employ in their attack.
Structured Threats Attacks by criminal organizations can fall into the structured threat category, which is characterized by: • Planning. • Long period of time to conduct the activity. • More financial backing. • Corruption of or collusion with insiders.
Terrorists and Information Warfare • As nations become dependent on computer systems and networks, essential elements of the society might become a target. • They might be attacked by organizations or nations determined to adversely affect another nation.
Terrorists and Information Warfare • Many nations today have developed to some extent the capability to conduct information warfare. • Information warfare is warfare conducted against information and the information-processing equipment used by an adversary.
Highly Structured Threats • Highly structured threats are characterized by: • A long period of preparation (years is not uncommon). • Tremendous financial backing. • A large and organized group of attackers. • These threats may not only include attempts to subvert insiders, but also include attempts to plant individuals inside potential targets before an attack.
Highly Structured Threats • In information warfare, military forces are certainly still a key target • Other likely targets can be the various infrastructures that a nation relies on for its daily existence.
Critical Infrastructure • Critical infrastructures are those infrastructures whose loss would have a severe detrimental impact on a nation. • Examples: • Water. • Electricity. • Oil and gas refineries and distribution. • Banking and finance. • Telecommunications.
Information Warfare • Many countries have already developed a capability to conduct information warfare. • Terrorist organizations can also accomplish information warfare. • Terrorist organizations are highly structured threats that: • Are willing to conduct long-term operations. • Have tremendous financial support. • Have a large and organized group of attackers.
Security Trends • The biggest change in security over the last 30 years has been the change in the computing environment. • Large mainframes are replaced by highly interconnected networks of much smaller systems. • Security has switched from a closed environment to one in which computer can be accessed from almost anywhere.
Profile of Individuals • The type of individual who attacks a computer system or a network has also evolved over the last 30 years. • The rise of non-affiliated intruders, including “script-kiddies,” has greatly increased the number of individuals who probe organizations looking for vulnerabilities to exploit.
Important Trend • Another trend that has occurred is: as the level of sophistication of attacks has increased, the level of knowledge necessary to exploit vulnerabilities has decreased.