How You Can Protect Yourself from Cyber-Attacks

1. How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA harris@ics.uci.edu

2. About the Class • Schedule: Mondays, 10:00 - 10:50 in DBH 1420 • Website: Look at http://www.ics.uci.edu/~harris • Readings: The Symantec Guide to Home Internet Security, Andrew Conry-Murray and Vincent Weafer, Addison- Wesley, 2006 • Topics: Computer security risks (i.e. phishing, spam, malware, etc) and how to protect against them (i.e. firewalls, anti-virus, patching software, etc.) • This course is meant to be practical, not too technical. • I can give pointers to more technical information.

3. Social Engineering • Exploiting vulnerabilities in the user, not the network or device • Traditional scams using the computer (and/or the phone) as a vehicle • People trust official looking emails and websites • Not primarily technical attacks • Often used to gain information for larger attacks

4. Social Engineering Examples • Examples: • “Dear Honorable Sir, I need to transfer $10,000,000,000 to your account” • Required to pay a “small” transfer fee • “You need to update your Paypal account …” • Directed to send personal information • Call computer support and masquerade as a technician • “Where is that TFTP server located again?”

5. Spoofing • Making a fake version of something in order to trick a user • Often used as part of a social engineering scam • Example: • You get an email saying something is wrong with your ebay account. • It provides a link to a website www.ebayaccounts.com • The website is fake but can look completely real • Can be done with email addresses and calling trees

6. Preventing Social Engineering • Don’t trust anyone or any information that you can’t verify • Don’t give critical info to unverified websites/phone numbers 2. Don’t accept anything (i.e. programs) from unverified sources • This may be inconvenient • If Citibank calls, you should call them back at a known Number 2. Can’t purchase online from unknown vendors 3. Be careful about freeware/shareware

7. “Technical” Threats • Exploiting vulnerabilities in the computational device or in the network • Require some technical ability • Understand network protocols and components • Write code (at least execute scripts) • Deeply understand networked applications • May be directed at your machine • You can defend against these • May impact you but be directed against other machines • You can’t really stop these

8. Typical Technical Threats • Denial of Service - A service provided by the device is caused to fail • Cellphone cannot receive calls, desktop reboots • Quality of Service - Quality is degraded, not destroyed • Noise added to a phone call, anti-lock brakes slow • Data Theft - Important data is taken from the device • Passwords, name, usage patterns, location • Botnet Zombie - Complete ownership of the device to use in the future for other attacks.

9. Threats Against Other Machines • Your machine’s operations are impacted by an attack on another machine • Usually part of the network infrastructure • Examples: • Your Domain Name Server (DNS) is attacked so you can no longer resolve domain names • Your university’s computers are attacked and your personal data is stolen • You can’t do much about these attacks, except complain/sue

10. Threats Against Your Machine • Most such threats require executing malicious code on • your machine • Malware - General term for “Malicious code” • Common types of malware: • Spyware - Record information inside your device • Browsing habits, keystrokes, etc. • Also change behavior (web page redirects …) • Adware - Record information and display ads catered to you

11. How Does Malware Work? • Need to know this in order to defend against it • Gets into the memory of your computer • Tricks your computer into executing it • Hides itself • Spreads itself to other machines

12. Getting Into Your Computer • User-driven - User allows the malware in • Read your email • Click on an attachment • Click on a website link • File transfer (ftp) • Background traffic - Many programs communicate on the network in the background • IM, skype, automatic updates, etc.

13. Executing on Your Machine How can foreign programs run on my computer? • User Gives Permission • “Do you want to enable this macro?” • Bad default settings, (ex. Automatically enable all macros) • These vulnerabilities can be fixed fairly easily • Software Vulnerability • A networked application has a coding flaw which allows unauthorized code execution

14. Rootkits • A rootkit is a program that uses stealth • - Sneaks onto your machine without you knowing • - Hides itself on your machine so that is can’t be removed • Rootkits change components of the operating system to hide their • presence • Example of stealth • - A rootkit may attach itself to a good executable • - Detected by examining properties of the executable (i.e. size) • - Checking properties is a call to an OS program • - Rootkit may change the “check properties” program to print the • original size • Most malware is fundamentally a specialized rootkit

15. Malware Propagation/Spread • Trojan Horse - Malware which is part of another program which the user believes is safe • Spread occurs when the user installs the “safe” program • Social engineering may be involved • Virus - Malware which is part of a larger program or file • Ex. Macro in an .xls spreadsheet • Self-replicates by inserting itself into new programs/files • Worm - Malware which is not attached to another program/file • Self-replicates over the network