1 / 37

CSI 1306

CSI 1306. SECURITY. CONTENTS. 1 - What is computer security? 2 - Destruction by viruses 3 - Stealing information and loss of privacy 4 - Protection by passwords 5 - Other data protection techniques (privacy) 6 - e-mail security 7 - Risks with on-line transactions

tate
Download Presentation

CSI 1306

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CSI 1306 SECURITY

  2. CONTENTS 1 - What is computer security? 2 - Destruction by viruses 3 - Stealing information and loss of privacy 4 - Protection by passwords 5 - Other data protection techniques (privacy) 6 - e-mail security 7 - Risks with on-line transactions 8 - Internet security or vulnerability ? 9 - Network security (local area networks)

  3. 1 - WHAT IS COMPUTER SECURITY?

  4. 1 - WHAT IS COMPUTER SECURITY? • Computer Security is the protection of data from unauthorized or accidental access, modification or destruction. • 1 – The system operates as it is supposed to (downtime is minimal)  this refers to "Operating Reliability" • 2 – The data processed by the system can always be accessed  this refers to "Data Availability" • 3 – The information stored in the system or travelling through networks cannot be read or modified except by people who are entitled to do so  this refers to “Privacy”

  5. 1 - WHAT IS COMPUTER SECURITY? In all cases, the guidelines for computer systems safety are : DANGERSSOLUTIONS Operating reliabilityMirrored Hardware Availability of dataBackups, Mirrored Disks, Antivirus Information Privacy Access Control, Encryption  We will address those aspects of computer systems safety that are threatened by criminal behaviour (i.e. unauthorized).  So, let's explore the two main types of attacks encountered by computer systems, including personal computers: • - Viral Destruction • - Stealing Information using Spyware

  6. 2 - DESTRUCTION BY VIRUSES

  7. 2 - DESTRUCTION BY VIRUSES • Definitions : Viruses and Trojans  A VIRUSis an autonomous program that modifies the normal operation of a computer system (normal is what it was before the insertion of the virus).  To be effective, a virus should : 1 – Propagate itself 2 – Replicate itself before it reveals its presence by its destructive effects 3 – Be able to affect the normal operation of the computer system  A TROJAN virus is one that is hidden inside another program

  8. 2 - DESTRUCTION BY VIRUSES • Who creates viruses ? …. !!!! • Origin of virus contamination : Contact with another infected computer program. • How ? The contaminated file is copied to another computer that then also becomes contaminated ! • WHERE CAN THE VIRUS RESIDE? - Every portion of an executable program : (e.g. *.com, *.exe, *.sys, *.bin, *.ovr, *.ovl, *.dll) - Boot sector of a hard drive or a floppy disk - Macros in Microsoft's tools (Excel, Word, etc.) - Data files : No

  9. 2 - DESTRUCTION BY VIRUSES PROTECTION IS BASED ON DETECTION OF • A VIRAL PORTION OF CODE OR • TAMPERING WITH A FILE AND THE REMOVAL OF THE VIRAL CODE WHEN FEASIBLE OR RELOADING OF A PREVIOUS, CLEAN BACKUP COPY OF THE FILE Three Types of Detection : 1 - Scanning a file for known viral code 2 - Comparing the mathematical characteristics of a file with a previous, clean version (a simple comparison criteria is the length of the file in bytes) 3 - Heuristic scanning of a file which involves intelligent analysis of the code (looking for suspicious instructions such as those which modify disk partitions or the file allocation table)

  10. 3 – STEALING INFORMATION / LOSS OF PRIVACY

  11. 3 – STEALING INFORMATION / LOSS OF PRIVACY • The information stored on a personal computer can be stolen : - Through direct physical access - Through a network connection • Through a network connection : there are currently 2 types of spyware : Passive and Active Spyware - Passive Spyware "listens" to what the spied user does - Active Spyware is designed to gain control of the victimized computer

  12. 3 – STEALING INFORMATION / LOSS OF PRIVACY • Characteristics of Spyware • It is installed on the user's PC in the "shadow" of installation of a legitimate software product or during access to a web site • Once installed on the user's PC, the spy records all of the user's keystrokes (in the same way as the Macro Recorder records all the user's actions), and transmits the collected information to the Internet IP address of the spy • Remote control of the computer allows the spy to not only listen, but also to modify programs and data. Incidentally, this is a legitimate activity for system administrators to detect and fix problems on remote computers. They use software such as Carbon Copy, SMS or PC-Anywhere.

  13. 3 – STEALING INFORMATION / LOSS OF PRIVACY Examples of spyware include: • BackOrifice (which was identified in November 1998 as being used for criminal purposes) takes control of users' PCs over the Internet without the user noticing it. The user may notice degraded performance however.  BackOrifice is active spyware • Aureate Products detect the user’s activity and report it to the IP address of the company who installed the software. These are commercial software products sold to Internet Web providers to help them identify a user’s Internet habits. They can be installed on the user’s computer when he/she visits the web site.  Aureate is passive spyware

  14. 4 – PROTECTION BY PASSWORDS

  15. 4 – PROTECTION BY PASSWORDS • A password is a string of approximately 5-10 characters which is used to gain access to a computer resource - The greater the number of characters in a password : AND - The greater the number of different characters in a password :  the more difficult it is to crack • Passwords protect/grant access to : 1 – The computer, i.e. BIOS password 2 – Files and directories 3 – Resources on remote computers (telnet, ftp, etc.) 4 – Various privileges or rights (read, write, create/delete files/dirs, execute)

  16. 4 – PROTECTION BY PASSWORDS SO WHAT IS THE PROBLEM WITH PASSWORDS ? They can easily be cracked because: 1 – They are easy to guess (ID : myname, pwd : my pet's name) 2 – They are written somewhere (Post-It, File) 3 – They are transmitted on the Internet when used for protocols such as telnet, ftp, … 4 – They are stolen by spyware: the key strokes are sent over the Internet to the "spy" who installed the software 5 – They can easily be cracked by dedicated software Conclusion : Password protection is VERY WEAK PROTECTION ! Other techniques such as finger, palm, retina and voice identification are being perfected

  17. 5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)

  18. 5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY) “Data that you do not want people to see” ... According to what you mean by ”Data Protection", there are 3 different techniques for protecting that data 1 – DESTRUCTION of data  FILE SHREDDING (don’t just delete a file; first, replace the file contents with 0’s or any other characters) 2 – If you want to be the ONLY person that can read your data :  ENCRYPT your data with : - A password (very weak encryption) - DES (Data Encryption System) : each 64 bit block is encrypted by your own secret 56-bit key. DES software for Windows is available as freeware.

  19. 5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY) 3 – If you want to exchange secret information with another person, use  ENCRYPTION based on the RSA algorithm (The name RSA is derived from the names of the three MIT researchers who devised this algorithm : Rivest, Shamir & Adleman)  RSA uses one Public Encrypting Key and a second Secret Decrypting Key RSA uses calculations with high prime numbers PGP (Pretty Good Privacy) software encrypts data using the RSA algorithm - PGP is freeware and runs on a wide variety of platforms

  20. "How-to" with PGP/RSA a - Asterix, your Friend, plans to send you the following ultra-secret message : MSG = "Let's attack Julius Caesar to-morrow at dawn" b - Asterix is the sender, you are the receiver. c - Asterix encrypts the message with YOUR PUBLIC KEY (=PubKey) which you have distributed widely, publicly, and possibly uploaded to a dedicated server that is accessible to many people. d - The result of the Encryption is an encrypted message (CRYPT_MSG) : PGP_using_PubKey(MSG) = CRYTP_MSG e - CRYPT_MSG is sent over the Internet. f - You receive CRYPT_MSG and start decrypting it using your Private Secret Key (PrivKey) g – You decrypt the message by applying : PGP_using_PrivKey(CRYPT_MSG) = MSG

  21. 5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY) In summary, we have two types of encryption : strong and weak  1 – Strong Encryption Definition : An encryption that is: neither the open publication of its algorithm, nor the availability of the public key and enormous computer expertise bandwidth can compromise the security of the encrypted message  2 – Weak Encryption Definition : Encryption that is not strong !

  22. 6 - E-MAIL SECURITY

  23. 6 - E-MAIL SECURITY VULNERABILTY OF E-MAIL MESSAGES Where ? • 1 – On the user's computer: a hacker can access the user's computer • 2 – On the e-mail server - by the e-mail server administrator - by a hacker who manages to gain supervisor status on this server : … this person can look at anything • 3 – On one of the computers that relay the e-mail traffic

  24. 6 - E-MAIL SECURITY SOLUTIONS for PROTECTING E-MAIL MESSAGES 1 – ENCRYPT THE MESSAGE CONTENT 2 – USE FAKE MAIL and ANONYMOUS REMAILER Nobody will know who sent the message FAKE MAIL is the capability to send e-mail over the Internet using an altered return mail address (can also alter the “reply to” field in your e-mail software). ANONYMOUS REMAILERS : you send your message to a server that transforms all the technical header and control data in your message, so that it is impossible to know where the message came from.

  25. 7 - THE RISKS OF ON-LINE TRANSACTIONS

  26. 7 - THE RISKS OF ON-LINE TRANSACTIONS Modern e-commerce : Customers shop from home and pay using their credit cards. Regularly companies claim that their techniques are safe … but .. at times, credit cards numbers are reported as having been stolen. The issues: - Identify definitively the author of the transaction : Is the person really authorized to use this credit card? - Ensure that the information concerning the credit card will not be stolen during the transfer over the Internet (or from the company’s files)  Are definitely not solved ? … will they be one day ?? SO, IS IT SAFE TO TYPE A CREDIT CARD NUMBER ON YOUR KEYBOARD AND SEND IT OVER THE INTERNET?

  27. 7 - THE RISKS OF ON-LINE TRANSACTIONS On one hand, the risks are minimal, according to - Companies who conduct E-commerce over the web - Providers of E-commerce software who embed secure encryption techniques - They will also highlight the fact that paying with a credit card in a shop is not secure, since we cannot be sure that the merchant will not make a duplicate impression On the other hand, - What if the encryption techniques are not as safe as their promoters claim? Historically, every time a security feature is implemented, someone has circumvented it. - What if spyware is installed on the computer ? - There are experts who say that they would never type their credit card number on a keyboard So, we recommend caution!

  28. 8 - INTERNET SECURITY or VULNERABILITY ?

  29. 8 - INTERNET SECURITY or VULNERABILITY ? Are Personal Computers Hacked?  Yes, sometimes. There is software specifically designed for this task (Back Orifice, for instance)  But … less often than servers !!!! The VULNERABILITY OF A PERSONAL COMPUTER RESULTS FROM UNAUTHORIZED ACCESS (Back Orifice, Aureate products) WHO HAS ACCESS TO THE USER'S COMPUTER ? The answer is … potentially ALL the other computers connected to the internet! THE RESULT IS UNAUTHORIZED ACCESS TO DATA (AND POSSIBLE MODIFICATION OR DESTRUCTION OF IT), AS WELL AS POSSIBLE ALTERED OPERATION OF THE COMPUTER

  30. 8 - INTERNET SECURITY or VULNERABILITY ? SOLUTION 1 : Use access filtering of communications with other computers by installing a Firewall What is a Firewall ? A system that enforces an access control policy between 2 systems (i.e. Internet and the user's computer). It blocks traffic that is supposed to be dangerous and permits normal traffic. For example, configure the firewall to permit only e-mail traffic and block services that are known to be potential problems

  31. 8 - INTERNET SECURITY or VULNERABILITY ? - a Hardware Firewall is a frontal computer, also sometimes called a portal, that is connected directly to the Internet and filters all the communications between the Internet and the user's personal computer. The frontal computer can simply be another PC with an operating system and filtering software : an old 386 could act as a hardware firewall for a newer Pentium computer. - a Software Firewall simply filters the communications between the Internet and the user's computer. There are now several versions for PC’s running under Windows or Linux (Atguard or TimeZone-Freeware)

  32. 8 - INTERNET SECURITY or VULNERABILITY ? SOLUTION 2 Since there is a never ending race between new protections and attacks on them, you should always use the most recent Internet protection. (e.g. keep your virus detection software updated)

  33. 8 - INTERNET SECURITY or VULNERABILITY ? THE VULNERABILITY OF SERVERS : HACKING A PROVIDERS SERVER DOS : Denial of Service attacks • The hacker sends repeated requests to access the server with a high priority rank, so the server has no opportunity to serve its clients. • The server being attacked is not available to its clients. • Many DOS attacks are reported regularly. Data Alteration : Webpage Missing • One regularly reads that this situation might be the result of poorly maintained servers … but recently, in the year 2000, the servers of well known companies have been hacked (Microsoft, Yahoo, Amazon)

  34. 8 - INTERNET SECURITY or VULNERABILITY ? - AT TIMES THE USER INADVERTENTLY MAKES ALL THE FILES ON HIS WEB SITE ACCESSIBLE TO ALL INTERNET USERS  … No index.html - SO… WHAT ABOUT KEEPING TRACK (LOGGING) OF ALL CONNECTIONS TO A SERVER IN ORDER TO DETECT HACKING ATTEMPTS ?  An enormous burden

  35. 9 - NETWORK SECURITY

  36. 9 - NETWORK SECURITY • Network security requires experts. So a position called Network Security Administrator has been created. • The required expertise varies according to the software used for operating the network : Novell, IBM SNA, MS-NTservers, etc. The main tasks of a Network Security expert are : - Assignment of rights to users - Providing hardware and software protection for data privacy - Creating backups for restoring data in case of destruction - Establishing and managing a disaster recovery plan

  37. 9 - NETWORK SECURITY First Rule of Security on a Network If you want your data to be absolutely protected, never make it accessible to anybody. e.g. Do not connect your company’s payroll system to the network.

More Related