1 / 35

CIT 380 Securing Computer Systems

CIT 380 Securing Computer Systems. Threats . Vocabulary. CIA Triad Confidentiality Integrity Availability States of Information Storage Processing Transmission. Vocabulary. Security Measures Technology Policies and practices Education, Training, and awareness

mahala
Download Presentation

CIT 380 Securing Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CIT 380 Securing Computer Systems Threats CIT 380: Securing Computer Systems

  2. Vocabulary • CIA Triad • Confidentiality • Integrity • Availability • States of Information • Storage • Processing • Transmission CIT 380: Securing Computer Systems

  3. Vocabulary • Security Measures • Technology • Policies and practices • Education, Training, and awareness • Threats, Attacks, Assets • Prevention, Detection, Recovery, Survivability CIT 380: Securing Computer Systems

  4. Vocabulary • Risk • Security trade-offs • Cost-Benefit Analysis • Script Kiddies • Security Researchers • Hacker , Cracker, Attacker • Black Hat, White Hat CIT 380: Securing Computer Systems

  5. What are threats? • What threats can you think of to your home? • To your money (including bank accounts, checks, credit and debit cards)? • To your home computer? CIT 380: Securing Computer Systems

  6. Digital Threats: More of the Same • Theft • Vandalism • Extortion • Con Games • Fraud • Stalking CIT 380: Securing Computer Systems

  7. Digital Threats: What’s Different Automation • Salami Attack from Office Space. Action at a Distance • Volodya Levin, from St. Petersburg, Russia, stole over $10million from US Citibank. Arrested in London. • Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA. CIT 380: Securing Computer Systems

  8. Digital Threats: What’s Different Technique Propagation • Criminals share techniques rapidly and globally. CIT 380: Securing Computer Systems

  9. Next Slide • The percentage of respondents answering that their organization experienced unauthorized use of computer systems in the last 12 months CIT 380: Securing Computer Systems

  10. CIT 380: Securing Computer Systems

  11. Survival Time CIT 380: Securing Computer Systems

  12. Survival Time • The main issue here is of course that the time to download critical patches will exceed this survival time. CIT 380: Securing Computer Systems

  13. Current Threat Information • SANS Internet Storm Center • http://isc.sans.edu/index.html • Bugtraq • http://www.securityfocus.com/ • http://www.securityfocus.com/archive/1 • CERT • http://www.cert.org/ CIT 380: Securing Computer Systems

  14. Current Threat Information • Packet Storm • http://packetstormsecurity.org/ CIT 380: Securing Computer Systems

  15. Who are the Attackers? • Hackers vs Crackers • Levels of attackers • Developer • Finds new security vulnerabilities • Writes tools and exploits • User • Understands tools; modifies tools/exploits • Script Kiddie CIT 380: Securing Computer Systems

  16. Who are the Attackers? Criminals. • 1993: Thieves installed bogus ATM at Manchester Mall. Saved account#s + PINs. Organized crime. • 2000: Mafia-led organization members arrested for attempt to steal $680million from Bank of Sicily. Malicious insiders. • 2001: Mike Ventimiglia deletes files of his employer, GTE. $200,000 damage. Industrial espionage. • 2001: Verdicts in Cadence Design Systems vs. Avant against 7 employees incl CEO. 5 sentenced to jail. CIT 380: Securing Computer Systems

  17. Who are the Attackers? Press. • 1998: Cincinnati Enquirer reporter Michael Gallagher breaks into Chiquita Fruits voicemail to expose illegal activities. Police. • 1997: LAPD illegal wiretapping scandal. Terrorists. • 1999: DOS attacks and web defacements against NATO country computers during Kosovo bombings. National Intelligence. • 2000: Former CIA Directory Woolsey admitted to using ECHELON information to help US companies win foreign contracts. CIT 380: Securing Computer Systems

  18. Scary Internet Stuff: Underground • http://www.youtube.com/watch?v=AYWYvJ__Dxk&feature=related CIT 380: Securing Computer Systems

  19. Firewalls Virus Scanners Spyware Scanners Intrusion Detection Systems (IDS/IPS) Patches Backups What Are Our Defenses? Prevent Detect Recover Respond CIT 380: Securing Computer Systems

  20. What Are The Attacks? • Phishing • Malware • Ransomware • Spyware • Botnets CIT 380: Securing Computer Systems

  21. Phishing E-mail CIT 380: Securing Computer Systems

  22. Phishing Site CIT 380: Securing Computer Systems

  23. Scary Internet Stuff: Phishing • http://www.youtube.com/watch?v=Ao20tAS3x3I&feature=related CIT 380: Securing Computer Systems

  24. Amazon.com - Your Cancellation (516-203578-8141423) order-update@amazon.com Dear Customer,Your order has been successfully canceled. For your reference, here`s a summary of your order:You just canceled order #991-86824-273919Status: CANCELED_____________________________________________________________________ORDER DETAILSSold by: Amazon.com, LLC_____________________________________________________________________Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.Thank you for visiting Amazon.com!---------------------------------------------------------------------Amazon.comEarth`s Biggest Selectionhttp://www.amazon.com--------------------------------------------------------------------- CIT 380: Securing Computer Systems

  25. Malware • Trojan Horses • Viruses • Worms CIT 380: Securing Computer Systems

  26. Ransomware CIT 380: Securing Computer Systems

  27. Spyware and Adware Most Trojan Horses, some infect directly. • Browser hijacking • Pop-up advertisements • Keystroke and network logging • Steal confidential data from email and files CIT 380: Securing Computer Systems

  28. Spyware and Adware 89% of PCs are infected with spyware (2006Q2 Webroot .) • http://www.webroot.com/resources/stateofspyware/excerpt.html CIT 380: Securing Computer Systems

  29. Rootkits • Execution Redirection • File Hiding • Process Hiding • Network Hiding User Program Rootkit OS CIT 380: Securing Computer Systems

  30. Rootkits Video • http://www.youtube.com/watch?v=PcqnG4-NkZ4 CIT 380: Securing Computer Systems

  31. Botnets Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include: • Attempt to infect other PCs • Send spam message • Launch DOS attack • Upgrade attack and control software • Virus writers sell botnets to spammers for $0.10/compromised PC CIT 380: Securing Computer Systems

  32. Scary Internet Stuff: Botnets • http://www.youtube.com/watch?v=BRhauoXpNSs CIT 380: Securing Computer Systems

  33. Wikipedia: Botnet • http://en.wikipedia.org/wiki/Botnet • Historical list of botnets • Kraken botnet • http://en.wikipedia.org/wiki/Kraken_botnet CIT 380: Securing Computer Systems

  34. Key Points • Computer crimes same as pre-computer crimes. • Differences in digital threats • Automation • Action at a distance • Technique propagation • Digital threats • Phishing • Malware • Ransomware • Spyware • Botnets CIT 380: Securing Computer Systems

  35. References • Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List, http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006. • The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. • John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004. • Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition, McGraw-Hill, 2005. • Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005. • SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php • Schneier, Bruce, Beyond Fear, Copernicus Books, 2003. • Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006 • Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002. • Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26 2005. • Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/) CIT 380: Securing Computer Systems

More Related