670 likes | 831 Views
Secure Web Surfing and Hardening the Windows Operating System. ECE – 4112 Group 3 Varun Shah Nikunj Nemani. Common Infection Methods. Web Exploits Browser Exploits. Email Attachments. Downloading files from the internet. Operating System Exploits.
E N D
Secure Web Surfing and Hardening the Windows Operating System ECE – 4112 Group 3 Varun Shah Nikunj Nemani
Common Infection Methods • Web Exploits • Browser Exploits. • Email Attachments. • Downloading files from the internet. • Operating System Exploits.
Security Measures used earlier for Browser Security • Secure Socket Layer 1. Encrypts the data between the client and Server. 2. However does not make the websites secure.
Browser Exploits • Phishing • IFrames (Inline Frames) as an exploit • Typosquatters • Some Javascripts with DOM access
Phishing • Theft of identity and or sensitive financial information. • Can cause a lots of $$$$$. • Are usually spread through Social Engineering. • Also by sending emails and in IM chats, etc.
Phishing continued…. • Can also be spread by performing URL obfuscation e.g. www.bank.com.ch instead of www.bank.com • How do you prevent against such attacks? 1. Install antiphishing filters. 2. Do not open links on email by clicking them, instead paste them on the browser bar and then search.
Paypal Phishing site http://dl2nym.dyndns.org/update/index.html
Phishing filter - Opera http://dl2nym.dyndns.org/update/index.html
Phishing filter – IE 7 http://dl2nym.dyndns.org/update/index.html
IFrames as an exploit • What are IFrames ? Ans: Allows one to embed another HTML document in a HTML document. • Can be used by hackers to put in their links by hacking legitimate websites. • Thus if a hacker inserts a link for online transfer on some site with advertisements the consumer can be duped to access his account by clicking that link.
IFrames as an exploit ….continued • Prevention against IFrames. Instead of clicking on the link paste them on the browser bar and then search. e.g. 1. Iran Art News – www.iranartnews.com 2. Le Bowling en France – www.bowling-france.fr
Typosquatting. • What are typosquatters? Ans: It basically relies on typing mistakes done by the user. • Hackers may own the website with the typo error. • Can be a threat if hackers own such websites for different banks.
Prevention from Typosquatting • Strider Typo Patrol being developed by Microsoft. • It aims to scan and show third party domains that are allegedly typosquatting. • Some examples: www.myspacce.com instead of www.myspace.com
JAVA script DOM Access • Javascript has complete access to the DOM and is capable of modifying anything. • It can present the following threats: 1. Direct echo – It requires the victim to click on the link and once the user does it the Javascript code executes and hacker can steal the cookies.
JAVA script DOM Access …. continued 2. HTML Injection • It does not require a user to even click a link. • Thus if a user just visits the page or opens the email the javascript code executes • And the attacker retrieves the cookies from the user’s web browser and can hijack its session or simulate this session elsewhere.
Prevention from Javascripts • Use “HTTP only” cookie flag It makes the cookie inaccessible using script. • Use “secure” cookie flag It means the browser should only make secure SSL URL requests when sending the cookie.
Email Attachments • Links to sites that actually phish for data. • Attachments that have malwares.
Downloading files from the internet. • The files can be masqueraded as a software but may include a virus/trojan. • Also now there are fake security softwares available that are actually viruses/trojans. e.g. www.antivirusfiable.comwww.antivirusmagique.com • Prevention: 1. Download softwares only from known legitimate sites.
Windows Registry • It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc.
Working with Windows Registry • The Registry is split into a number of logical sections called hives. • Registry is divided into two parts • Keys • The keys all begin with HKEY and they are on left of the window • Values • They are the actual values inside the registry folders, and they are on the right side of the window.
Keys of Registry Editor • There are 5 main keys • HKEY_CLASSES_ROOT • HKEY_CURRENT_USER • HKEY_LOCAL_MACHINE • HKEY_USERS • HKEY_CURRENT_CONFIG
HKEY_CLASS_ROOT • Stores information about registered applications, such as Associations from File Extensions and OLE Object Class IDs • Software configuration information from the HKEY_LOCAL MACHINE\SOFTWARE\Classes key
HKEY_CURRENT_USER • Currently logged on user profile information • The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both location
HKEY_LOCAL MACHINE • Local system hardware, device drivers, services, and machine-specific application data information. • Information about system hardware drivers and services are located under the SYSTEM subkey, whilst the SOFTWARE subkey contains software and windows settings.
HKEY_USERS • Pre-logon default user profile information and HKEY_CURRENT_USER key • The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both location
HKEY_CURRENT _CONFIG • Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time. • Hardware information from the HKEY_LOCAL MACHINE\SOFTWARE and HKEY_LOCAL MACHINE\ SYSTEM keys
Regkey Backup • It is a very useful tool to back up important data in the registry. • If we happen to delete an application, we can restore it, so as to make sure that the system is not infected.
Registry Fix • The scanner allows to scan for invalid entries that might be affecting the PC. • Registryfix will scan for errors related to ActiveX controls, DLL issues, Windows explorer errors, Windows installer issues, Internet Explorer errors, Iexpore and System32 errors, Runtime errors, Outlook and Outlook Express Errors, EXE errors, Svchost errors and a wide variety of other system issues.
RegCure • PC freezing is a result of bad operating system RegCure seeks out the remnants left behind on your registry. • registry from failed installations, incomplete un-installations, disabled drivers, and spyware applications. • You can enable and disable applications in the Manage Startup list with a few simple clicks
Anti Spyware bot • Delaying the removal of trojans, cookies etc may cause a number of problems, such as slow performance, loss of data or leakage of private information to websites. • This software runs a scan to detect and remove any spyware on our PC.