350 likes | 532 Views
CIT 380 Securing Computer Systems. Threats . Vocabulary. CIA Triad Confidentiality Integrity Availability States of Information Storage Processing Transmission. Vocabulary. Security Measures Technology Policies and practices Education, Training, and awareness
E N D
CIT 380 Securing Computer Systems Threats CIT 380: Securing Computer Systems
Vocabulary • CIA Triad • Confidentiality • Integrity • Availability • States of Information • Storage • Processing • Transmission CIT 380: Securing Computer Systems
Vocabulary • Security Measures • Technology • Policies and practices • Education, Training, and awareness • Threats, Attacks, Assets • Prevention, Detection, Recovery, Survivability CIT 380: Securing Computer Systems
Vocabulary • Risk • Security trade-offs • Cost-Benefit Analysis • Script Kiddies • Security Researchers • Hacker , Cracker, Attacker • Black Hat, White Hat CIT 380: Securing Computer Systems
What are threats? • What threats can you think of to your home? • To your money (including bank accounts, checks, credit and debit cards)? • To your home computer? CIT 380: Securing Computer Systems
Digital Threats: More of the Same • Theft • Vandalism • Extortion • Con Games • Fraud • Stalking CIT 380: Securing Computer Systems
Digital Threats: What’s Different Automation • Salami Attack from Office Space. Action at a Distance • Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London. • Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA. CIT 380: Securing Computer Systems
Digital Threats: What’s Different Technique Propagation • Criminals share techniques rapidly and globally. CIT 380: Securing Computer Systems
Next Slide • The percentage of respondents answering that their organization experienced unauthorized use of computer systems in the last 12 months CIT 380: Securing Computer Systems
Survival Time CIT 380: Securing Computer Systems
Survival Time • The main issue here is of course that the time to download critical patches will exceed this survival time. CIT 380: Securing Computer Systems
Current Threat Information • SANS Internet Storm Center • http://isc.sans.edu/index.html • Bugtraq • http://www.securityfocus.com/ • http://www.securityfocus.com/archive/1 • CERT • http://www.cert.org/ CIT 380: Securing Computer Systems
Current Threat Information • Packet Storm • http://packetstormsecurity.org/ CIT 380: Securing Computer Systems
Who are the Attackers? • Hackers vs Crackers • Levels of attackers • Developer • Finds new security vulnerabilities • Writes tools and exploits • User • Understands tools; modifies tools/exploits • Script Kiddie CIT 380: Securing Computer Systems
Who are the Attackers? Criminals. • 1993: Thieves installed bogus ATM at Manchester Mall. Saved account#s + PINs. Organized crime. • 2000: Mafia-led organization members arrested for attempt to steal $680million from Bank of Sicily. Malicious insiders. • 2001: Mike Ventimiglia deletes files of his employer, GTE. $200,000 damage. Industrial espionage. • 2001: Verdicts in Cadence Design Systems vs. Avant against 7 employees incl CEO. 5 sentenced to jail. CIT 380: Securing Computer Systems
Who are the Attackers? Press. • 1998: Cincinnati Enquirer reporter Michael Gallagher breaks into Chiquita Fruits voicemail to expose illegal activities. Police. • 1997: LAPD illegal wiretapping scandal. Terrorists. • 1999: DOS attacks and web defacements against NATO country computers during Kosovo bombings. National Intelligence. • 2000: Former CIA Directory Woolsey admitted to using ECHELON information to help US companies win foreign contracts. CIT 380: Securing Computer Systems
Scary Internet Stuff: Underground • http://www.youtube.com/watch?v=AYWYvJ__Dxk&feature=related CIT 380: Securing Computer Systems
Firewalls Virus Scanners Spyware Scanners Intrusion Detection Systems (IDS/IPS) Patches Backups What Are Our Defenses? Prevent Detect Recover Respond CIT 380: Securing Computer Systems
What Are The Attacks? • Phishing • Malware • Ransomware • Spyware • Botnets CIT 380: Securing Computer Systems
Phishing E-mail CIT 380: Securing Computer Systems
Phishing Site CIT 380: Securing Computer Systems
Scary Internet Stuff: Phishing • http://www.youtube.com/watch?v=Ao20tAS3x3I&feature=related CIT 380: Securing Computer Systems
Amazon.com - Your Cancellation (516-203578-8141423) order-update@amazon.com Dear Customer,Your order has been successfully canceled. For your reference, here`s a summary of your order:You just canceled order #991-86824-273919Status: CANCELED_____________________________________________________________________ORDER DETAILSSold by: Amazon.com, LLC_____________________________________________________________________Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.Thank you for visiting Amazon.com!---------------------------------------------------------------------Amazon.comEarth`s Biggest Selectionhttp://www.amazon.com--------------------------------------------------------------------- CIT 380: Securing Computer Systems
Malware • Trojan Horses • Viruses • Worms CIT 380: Securing Computer Systems
Ransomware CIT 380: Securing Computer Systems
Spyware and Adware Most Trojan Horses, some infect directly. • Browser hijacking • Pop-up advertisements • Keystroke and network logging • Steal confidential data from email and files CIT 380: Securing Computer Systems
Spyware and Adware 89% of PCs are infected with spyware (2006Q2 Webroot .) • http://www.webroot.com/resources/stateofspyware/excerpt.html CIT 380: Securing Computer Systems
Rootkits • Execution Redirection • File Hiding • Process Hiding • Network Hiding User Program Rootkit OS CIT 380: Securing Computer Systems
Rootkits Video • http://www.youtube.com/watch?v=PcqnG4-NkZ4 CIT 380: Securing Computer Systems
Botnets Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include: • Attempt to infect other PCs • Send spam message • Launch DOS attack • Upgrade attack and control software • Virus writers sell botnets to spammers for $0.10/compromised PC CIT 380: Securing Computer Systems
Scary Internet Stuff: Botnets • http://www.youtube.com/watch?v=BRhauoXpNSs CIT 380: Securing Computer Systems
Wikipedia: Botnet • http://en.wikipedia.org/wiki/Botnet • Historical list of botnets • Kraken botnet • http://en.wikipedia.org/wiki/Kraken_botnet CIT 380: Securing Computer Systems
Key Points • Computer crimes same as pre-computer crimes. • Differences in digital threats • Automation • Action at a distance • Technique propagation • Digital threats • Phishing • Malware • Ransomware • Spyware • Botnets CIT 380: Securing Computer Systems
References • Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List, http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006. • The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. • John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004. • Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, 2005. • Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005. • SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php • Schneier, Bruce, Beyond Fear, Copernicus Books, 2003. • Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006 • Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002. • Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26 2005. • Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/) CIT 380: Securing Computer Systems