1 / 35

Data Security and Exploits: A Comprehensive Overview

This article delves into the realm of data security, exploring the significance of protecting user data, the evolution of Windows Defender, and various types of malware that can compromise data integrity. Learn about Worms, Adware, Spyware, Trojans, Viruses, Bots, Rootkits, and Crime-Ware.

carlosc
Download Presentation

Data Security and Exploits: A Comprehensive Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Data Security and Exploits By: Michael Sabbaghm, Jonathan Charlton, Leon Antony

  2. What is Data? • Computer data is information processed or stored by a computer • So theoretically data can be considered anything, from text documents, images, audio clips, software programs and even our clicks • Because computer data is at it’s most basic form a bunch of ones and zeros (also known as binary), data can be created processed, saved and stored digitally.

  3. What protects user data? • Well for basic everyday users we have a program called Windows Defender • Windows Defender is Microsoft’s very own anti-virus program • Windows Defender blocks a lot of virus’s however it isn’t perfect • It’s primary service is to block spyware and common viruses such as and malware

  4. History of Windows Defender • Windows defender was known as Giant Anti-Spyware and it wasn’t originally free and or owned by Microsoft • It was also only made to support Windows 95, 98 and ME • After Windows acquired it they revamped it calling it Windows Defender (Beta 2) which used C++

  5. Cont. • Windows Defender was groundbreaking for it’s time, it sparked startup programs that the user could manage and it required Windows Genuine Advantage validation to run • What this meant is Windows had a way to check if someone was running a validated paid for version of Windows and could take action against users who didn’t • Users had limited view access such as System Inoculation, Secure Shredder, System Explorer and Track eraser

  6. Cont. • October 24th, 2006 was the full release of Windows Defender which supported Windows XP and Windows Server 2003 • A common misconception is “paid for is better” anti-virus software such as Norton and McAfee releases patches that are extremely similar almost exact copies of existing Windows Defender patches

  7. How to acquire user Data • Malware is one of many ways to acquire and “taint” data • Malware is software designed to attack, disable, or disrupt computers, computer systems or networks • Malware’s original purpose was to only test networks and security before penetration testers existed

  8. Types of Malware

  9. Worms • Most common type of malware spread over computer networks by exploiting operating system vulnerabilities • Worms have the ability to self replicate and spread independently • They cause harm to their host networks by consuming bandwidth and overloading web servers. • Worms may also have “Payloads” • Payloads: are pieces of code written to perform actions on affected computers beyond spreading the worm. • Designed to steal data, delete files, or create botnets.

  10. Adware • Adware also known as Advertising-supported software automatically delivers advertisements such as pop-up ads to a users computer • Some adware is solely designed to deliver advertisements • It is not uncommon for adware to come bundled with spyware that is capable of tracking user activity as it’s happening and stealing that information

  11. Spyware • Functions by spying on user activity without their knowledge • Spying capabilities can include activity monitoring, collecting keystrokes (key logger) and data harvesting (account information, logins, financial data) • Spyware spreads by exploiting vulnerabilities, packing itself with legitimate software or in Trojans

  12. Trojans • (Trojan Horse) is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. • It can give a malicious party remote access to the infected computer • Allowing more malware or attackers into a “backdoor” in the computer

  13. Virus • A form of malware that is capable of copying itself and spreading to other computers. • Spreads to other computers by attaching themselves to various programs and executing code when user launches the infected program. • Can be used to: Harm computers and networks Steal info Create botnets Steal money

  14. Bots • Programs that are created to automatically perform specific operations • Not all bots are harmful (video games, internet auctions, online contests) • Can be used in botnets for DDoS attacks as spambots, scrape server data and distribute disguised Malware • Botnets: A collection of computers controlled by third parties • Websites use CAPTCHA tests that verify authentic user

  15. Rootkit • Designed to remotely access or control a computer without detected • Once installed it’s possible for the malicious party to remotely execute files • Access information • Modify system settings • Alter software (Rootkit detectors) • Hides it presence from normal security programs such as Windows Defender

  16. Crime-Ware • Designed to commit crimes on the Internet • Restricts access to the computer by encrypting files on the hard drive or by locking down the system • Spreads by a downloaded file or through some other vulnerability • Ransomware: (a type of crime-ware) holds a computer system captive while demanding a payment

  17. Bug • A flaw produced by an undesired outcome • Usually human error found in source code • Minor bugs barely affect program’s behavior • Due to this it can take awhile before it’s discovered • More powerful bugs such as Security bugs can cause crashing or freezing • Bugs allow attackers to bypass user authentication, override access privileges, and even steal data

  18. What Is Encryption and Why Is It Important? • Encryption is: The act of securing data by encoding information. • To retrieve this information one must have a “key” • This “key” comes in many shapes and sizes like real keys, but it can be shared and used digitally to decrypt information. • NIST SP 800-57 is a special publication by Elaine Barker (and company of NIST) that recommends how you properly handle these keys. • Over nineteen types of “keys” are recognized and more combinations of these “keys” are being created every day. • A few examples of “keys” would include: A Data Encryption key, authentication key, digital signature key, a master key, root key, etc.

  19. So What Do These “keys” Actually Do?

  20. So What Do These “keys” Actually Do? (cont)

  21. Protocols That Rely on Asymmetric Cryptography

  22. While We as an Educated Party May Know about Encryption, What about the End-user? • To make Encryption more standard in the common home the Windows Operating System made drive encryption a standard with certain versions of Windows Vista, 7, 8, 8.1 and 10. • Windows “BitLocker Drive Encryption” has been a part of the Windows Operating System since Windows Vista, if you purchased the Enterprise or Ultimate edition. • It uses AES 128 or 256 bit encryption to fully encrypt one of your hard-drives and requires a password and recovery key to access the files any point after encryption.

  23. Windows Encrypted File System • Prior to BitLocker inclusion, Windows made use of its “Encrypted File System” for all file encryption. It was far less secure than encrypting an entire hard drive but it was a step in the right direction.

  24. Trusted Platform Module • The TPM or Trusted Platform Module is responsible for creating and holding RSA keys used mainly in BitLocker during and after the encryption process.

  25. Bypass Drive Encryption With a “Cold-Boot” Attack • A “Cold-Boot” Attack is capable of scraping the information during the boot sequence when the BitLocker encryption keys make their way through the volatile memory of your RAM. • If you are able to cool the RAM of a machine enough you can dump all of the memory contents and then you can sift through the information until you find what you are looking for.

  26. Privacy Operating Systems on Linux • As you would expect with the many distributions of Linux being available for free, some privacy-focused enthusiast may have created an OS meant to protect their data. • While these distributions are not very user-friendly at all, they are the best operating systems to protect your data from any prying eyes. • One of the most secure Linux operating systems to date is known as TAILS. • TAILS routes all connection through an anonymous network known as TOR and can be run from any computer that hosts a USB or CD slot.

  27. “The Amnesic Incognito Live System” • TAILS is a Debian-based distro whose purpose is to constantly run all connections through “The Onion Router” network. • While running all data remains as “volatile” memory, meaning once the system is powered down, all traces of the data will be erased. • “volatile” memory works by using the RAM of the computer you are using to complete all operations and searches, leaving nothing to be cached or saved unless it is committed to the CD or USB you are using to run TAILS. • If anyone does manage to compromise your CD or USB then there is no way of remotely destroying the data and no way to recover it unless you have made a backup.

  28. Things TAILS OS Cannot Defend Against • If your Linux machine has been tampered with in any way the system cannot defend against an attack on its hardware. • In light of the relatively new security flaws Meltdown and Spectre, those still handling sensitive data may want to switch to a Linux distribution that works off of something besides the CPU • These two security flaws are able to force the CPU to bypass security checks and offload any data that is being held in the CPU’s cache through two similar but varied means. • Unencrypted data and emails are a quick way to let everyone that may be using a man-in-the-middle attack against your system know exactly what you are doing and how you are doing it. • The OS comes with some tools to help encrypt your private messages thankfully.

  29. The Tools Available To You With Tails • While a Security-Based OS may seem like it would severely limit your options for sending data between other computers, it actually has quite a range of features that are designed around security, including: • LibreOffice – Free Open-Source Office Suite • Gimp – Free Paint program • Audacity – Music tool • Brasero / Sound Juicer – CD and DVD burning / ripping utilities • OnionShare – File sharing • NoScript / uBlock Origin – Removes scripts and page advertisements • LUKS / GNOME Disks – Allows you to encrypt storage devices • And many more utilities that are also available for other Operating Systems besides TAILS.

  30. This Operating System Will Never be Foolproof • If you are ever looking for the best OS for privacy needs then TAILS is by far the best up to this point, but it will never be an eternal safe-haven. • You may have noticed the possible illegal implications of the TAILS Operating System. While I do not condone any of these actions and the information I provide here is for use at your own risk, there are those that would use this OS for some very bad deeds. • Because of this there are constant attempts to find workarounds in the “The Onion Router” as well as TAILS that would reveal the identities of its users so that they may find the users that are using it for illegal activities. • The safest course of action is to not follow in their footsteps, if you are going to use this OS as a tool of your own, don’t do anything illegal even out of curiosity. • Or you could end up with one of these images across your monitor.

  31. The Qubes OS • The Qubes Operating System is a self-proclaimed, “Reasonably Secure Operating System” and it is just that, reasonably secure. • While not as barebones as TAILS, Qubes does not rely on The Onion Router network to complete its operations. Qubes works by isolating various tasks and requiring permissions that are asked for from the end-user by the OS before any action is taken. • It is easier to install than TAILS but only marginally thanks to its graphical installer, it still works with the CPU so information can be found in the cache, but it is available on most operating systems barring Mac.

  32. One of Qubes Most Important Security Features.

  33. Qubes Hypervisor • Qubes does something that other Operating Systems do not, in Linux most applications are run from the same single operating system. • Qubes throws this structure out the window and instead runs its distribution within a Virtual environment, the distro relies on a single hypervisor that creates and runs the Virtual Machine. • Qubes makes uses of the Xen hypervisor that runs on its hardware, it compartmentalizes and isolates the Virtual Machine while managing itself as one Operating System. • This is not the only OS to make use of the Xen Hypervisor but it is the only one to makes use of it in such a unique, privacy-driven way.

  34. The Real Answer to Privacy and Security • No combination of tools and systems will be able to stop you from releasing your own data if you make the effort to tell the world about it. • Keeping your systems updated is critical, every day malicious individuals are seeking out new ways to infect your system and larger corporations that have data on you. • This list alone lists some of the data breaches in the month of April of 2018. https://www.idtheftcenter.org/images/breach/2018/ITRCBreachReport2018.pdf

More Related