290 likes | 448 Views
Securing your computer GADGET GURUS. Dr. Wayne Summers TSYS Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers. SQL Slammer.
E N D
Securing your computerGADGET GURUS Dr. Wayne Summers TSYS Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers
SQL Slammer • “It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet.” • “The worm, shut down some U.S. bank teller machines, doubled the number of computers it infected every 8.5 seconds.”
BLASTER • At least 500,000 computers worldwide infected • In eight days, the estimated cost of damages neared $2 billion.
SOBIG.F • One of every 17 e-mails scanned was infected (AOL detected 23.2 million attachments infected with SoBig.F) • Worldwide, 15% of large companies and 30% of small companies were affected by SoBig - estimated damage of $2 billion.
Goals • confidentiality (privacy) - limiting who can access assets of a computer system. • integrity - limiting who can modify assets of a computer system. • availability - allowing authorized users access to assets.
Definitions • vulnerability - weakness in the security system that might be exploited to cause a loss or harm. • threats - circumstances that have the potential to cause loss or harm. Threats typically exploit vulnerabilities. • control - protective measure that reduces a vulnerability or minimize the threat.
Vulnerabilities • “Today’s complex Internet networks cannot be made watertight…. A system administrator has to get everything right all the time; a hacker only has to find one small hole.” • Robert Graham, lead architect of Internet Security Systems
Recent News • “New Trojan horses threaten cell phones” • Keyloggers Jump 65% As Info Theft Goes Mainstream • Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes.
Recent News • IM Worms could spread in seconds – “Symantec has done some simulations … and has found that half a million systems could be infected in as little as 30 to 40 seconds.” • Fraudulent e-mails designed to dupe Internet users out of their credit card details or bank information topped the three billion mark last month.
E-mail from “Microsoft” security@microsoft.com {Virus?} Use this patch immediately ! Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected!
Malware and other Threats • Viruses / Worms (over 180,000 viruses – 4/2007) • 1987-1995: boot & program infectors • 1995-1999: Macro viruses (Concept) • 1999-2003: self/mass-mailing worms (Melissa-Klez) • 2001-???: Megaworms [blended attacks] (Code Red, Nimda, SQL Slammer, Slapper) • Trojan Horses
Solutions • Apply “defense in-depth” • Don't open email from strangers or attachments you weren't expecting—especially attachments with .exe extensions • Use good passwords • Back up important files • Run and maintain an antivirus product • Do not run programs of unknown origin • Deploy a firewall • Keep your patches up-to-date
Password Management • Passwords should be at least 6-8 characters • Passwords should be alphanumeric with special characters like punctuation marks • Never use common words from the dictionary • Never tell anyone your password, not even to security personnel or to your best friend • Never send passwords through e-mails, as passwords are sensitive items • Never write a password down on scratch paper where someone might discover it • Never throw a password in the trash. A Dumpster Diver may discover it
Password Management • Potential passwords – which are good? • 11042007 • abc • Fido • Wayne • WayneSummers • Password • Password1996 • QuePasa? • W@yn3Summ3r$
“The most potent tool in any security arsenal isn’t a powerful firewall or a sophisticated intrusion detection system. When it comes to security, knowledge is the most effective tool…” Douglas Schweizer – The State of Network Security, Processor.com, August 22, 2003.
Caesar cipher (key = 3) • The message “caesar is a roman” • becomes FDHVD ULVDU RPDQ
Caesar cipher (key = DOG) • The message “caesar is a roman” • becomes FOKVO XLGGU CSDB
Popular Cryptography • Jules Verne's - decipherment of a parchment filled with runic characters in the Journey to the Center of the Earth. • Sir Arthur Conan Doyle's detective, Sherlock Holmes, was an expert in cryptography. The Adventure of the Dancing Men, involves a cipher consisting of stick men, each representing a distinct letter. • Edgar Allan Poe issued a challenge to the readers of Philadelphia's Alexander Weekly Messenger, claiming that he could decipher any mono-alphabetic substitution cipher. He successfully deciphered all of the hundreds of submissions. In 1843, he wrote a short story, "The Gold Bug”
COMPUTER SECURITY AWARENESS WEEK(http://cins.colstate.edu/awareness/)April 16-20, 2007 ACCENTUATE THE POSITIVE