1 / 53

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems. PC Security. Topics. MS Windows Web Browsing Spyware Viruses Personal Firewalls Being a Regular User Physical Protection Home Wireless Disk Security Using Public PCs. MS Windows. Single-user OS heritage causes problems.

Download Presentation

CIT 380: Securing Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CIT 380: Securing Computer Systems PC Security CIT 380: Securing Computer Systems

  2. Topics • MS Windows • Web Browsing • Spyware • Viruses • Personal Firewalls • Being a Regular User • Physical Protection • Home Wireless • Disk Security • Using Public PCs CIT 380: Securing Computer Systems

  3. MS Windows Single-user OS heritage causes problems. • Original design had no security, networking. • Later versions added increasing security. • NT: multiple users, file ACLs. • XP: NT+95 with many insecure services. • XP SP2: firewalls off many insecure services. • Vista: tries to separate user/admin like UNIX. • Software still designed for single user no security. • Must run software as admin. • Sometimes can reconfigure OS to run w/o admin. CIT 380: Securing Computer Systems

  4. MS Windows Tight integration of OS with applications. • IE and Outlook tied deeply to OS. • Complexity leads to more security issues. • Compromises of IE typicallys compromises OS. Patch Tuesday • Day Microsoft releases security patches. • Second Tuesday of each month. • Important patches rarely made available earlier . CIT 380: Securing Computer Systems

  5. Web Browsing • No safe browser. • Complexity • ActiveX • Javascript • Flash • Java • HTML • XML • Images CIT 380: Securing Computer Systems

  6. Securing your Browser • Keep it updated • Firefox auto-updates. • Windows update for IE. • Firefox security extensions • Flashblock • NoScript • SiteAdvisor • Netcraft • PasswordMaker • Sandboxing • VMWare Virtual Browser Appliance • Protected Mode IE (Windows Vista) CIT 380: Securing Computer Systems

  7. 3. Adware and Spyware • Annoying? • Harmful? • Legal? • Removal Tools • Recommendations • Resources CIT 380: Securing Computer Systems

  8. Annoyance Factors Tracking surfing habits • Uses resources on your computer • Uses internet bandwidth • Collects data about you, possibly without your permission Can interfere with computer operations • Can reset your home page • Can cause popup ads to appear randomly and regularly May actually install with “desirable” software –and permission hidden in a license agreement. CIT 380: Securing Computer Systems

  9. Is Spyware Legal?Beware of the license agreement. • To most users, a phrase such as "may include software that will occasionally notify you of important news" is NOT equivalent to "will place a stealthy Trojan Horse on your system that you can't get rid of, which will collect information about you and send it to us, and allow us to bother you with targeted advertisements all day". • Once the user has "agreed" with the License Agreement, Spyware provider is much more immune from potential lawsuits. • Some Spyware companies do not mention the Spyware at all, laying blame on the company that provided you the freeware with the Spyware attached. CIT 380: Securing Computer Systems

  10. Is Spyware Legal? The FTC alleges the stealthy downloads violate federal law and asked the court to order a permanent halt to one vendor: • On October 5, 2005, the Federal Trade Commission asked a U.S. District Court judge to halt an operation by Odysseus Marketing and its principal, Walter Rines. • The advertised “free” software supposedly allowed consumers to engage in peer-to-peer file sharing anonymously. The FTC maintains that it does not. • The software could not be uninstalled by the consumers whose computers it infected. CIT 380: Securing Computer Systems

  11. Anti-Spyware Tools Free tools • AdAware • Hijack This • Spybot Search & Destroy • Windows Defender Caveat emptor • Some anti-spyware tools are spyware themselves. • Use more than one tool to find all problems. CIT 380: Securing Computer Systems

  12. Anti-Spyware Resources Ben Edelman • http://www.benedelman.org/spyware/ • Legal, EULA issues. Gibson Research • http://www.grc.com/ Spyware Guide • http://www.spywareguide.com/ Spyware Info • http://www.spywareinfo.com/ CIT 380: Securing Computer Systems

  13. Anti-virus Software • What should an AV tool do that it didn’t do last year? • Scan instant message attachments explicitly • What are the current “best” tools? • Is a bundle better? • Tips to maximize protection from your AV software suite CIT 380: Securing Computer Systems

  14. Current Tools AVG Anti-Virus • Good, free anti-virus tool for personal use. • Sells commercial version with support. Norton AntiVirus • www.symantec.com Kaspersky AV Personal • www.kaspersky.com McAfee VirusScan • http://www.mcafee.com/us/ Trend Micro PC-Cillin • http://us.trendmicro.com/us/products/personal/trend-micro-internet-security-2007/ CIT 380: Securing Computer Systems

  15. Tips to maximize AV software • Important to update virus signatures regularly • Live Updates • Manual updates • Should update signature database on daily basis. • Set AV to scan attachments, including IM attachments • Set email to NOT display any portion of messages until you open them. CIT 380: Securing Computer Systems

  16. Tips to maximize AV software • Don’t open suspicious emails • A security hole in MS Outlook and IE5 allowed the Bubble Boy virus to infect when the email was opened • If the security hole had not been patched, VBS.BubbleBoy inserted the Update.hta file as soon as the email was opened • http://www.symantec.com/avcenter/venc/data/vbs.bubbleboy.html • Don’t open any links sent via IM CIT 380: Securing Computer Systems

  17. Install a Firewall • Why use a firewall? • How do firewalls work? • Windows Firewall Tools • Tips to get the best protection from a firewall CIT 380: Securing Computer Systems

  18. What is a Firewall? A software or hardware component that restricts network communication between two computers or networks. In buildings, a firewall is a fireproof wall that restricts the spread of a fire. Network firewall prevents threats from spreading from one network to another. CIT 380: Securing Computer Systems

  19. Why Use a firewall? • Protects PC from network attacks. • Open ports • Windows RPC, NetBIOS services. • Your services: web, file/print sharing, remote access. • Prevent outgoing packets from • Spyware phoning home. • Botnet/worm attacks against other PCs. CIT 380: Securing Computer Systems

  20. Types of Firewalls Personal firewall • Software tool runs on PC. • Protects a single machine. • Fine-grained protection. External firewall • Typically integrated with router. • Protects all machines on subnet behind it. • Coarse-grained protection. CIT 380: Securing Computer Systems

  21. How does a firewall work? Methods used by a firewall • Packet filtering • Examines every incoming packet header and selectively filters packets based on • address, packet type, port request, and other factors • The restrictions most commonly implemented are based on: • IP source and destination address • Direction (inbound or outbound) • TCP or UDP source and destination port-requests • Access control list • A user must train a firewall, hence they are more complex to implement than AV software CIT 380: Securing Computer Systems

  22. Better packet filtering:Stateful Inspection • Keeps track of • Each packet and its network connection in a state table • Access Control List determines whether to allow the packet to pass • connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic • The primary disadvantage • the additional processing requirements of managing and verifying packets against the state table • Increases potential for a denial of service attack CIT 380: Securing Computer Systems

  23. Training a personal firewall • User sets up rules for access by watching pop up alerts from the firewall and allowing or denying traffic • This creates an access control list for specific IP addresses and applications • You will probably allow your browser access automatically when you open it • You may not want MS word to access the internet automatically • Takes time to train your firewall • Home network routers often include hardware firewall protection; look for one with stateful inspection CIT 380: Securing Computer Systems

  24. Windows Firewall Tools • ZoneAlarm is free and available at Zonelabs.com • Has received many awards • Worth a try if you haven’t used one. • Norton Internet Security • Includes firewall and AV software • Requires annual subscription • Panda • Use shields UP! From Gibson research to test your firewall before and after http://www.grc.com CIT 380: Securing Computer Systems

  25. Use a non-Administrator Account • Must have administrator privileges to install software • Start | Control Panel | User Accounts | Add User Account | Create a new account • Pick Type of Account: Limited (Restricted User) CIT 380: Securing Computer Systems

  26. Don’t allow your computer to boot from a floppy or CD-ROM • Restart your computer • F2 during reboot to enter setup • Boot Sequence menu • Set PC to boot only from hard disk CIT 380: Securing Computer Systems

  27. Boot Sequence • Diskette Drive • IDE CD-ROM Device • Hard-Disk Drive C: • Integrated NIC • Space to enable/disable • +/- move down/up CIT 380: Securing Computer Systems

  28. Prevent Changes to BIOS • Restart your computer • F2 during reboot to enter setup • System Security menu • Enable System Security menu item • Enter a password and confirm it CIT 380: Securing Computer Systems

  29. Use Strong Passwords • Want a long password with upper & lower case letter, digits, and special characters. • Avoid words, dates, other guessable items. • Avoid password re-use. • Use a password manager tool. • Techniques • Use first letter of each word of a phrase. • Use a line of code • Java: Sum+=5*B; • HTML: <li>Item#1</li> CIT 380: Securing Computer Systems

  30. Secure Your Wireless Home Network • Newest Cisco routers use Secure Easy Setup (SES) • Follow all the procedures that you would for a desktop • Use www.grc.com tools to test regularly • Use WPA- Wi-Fi Protected Access and WEP encryption CIT 380: Securing Computer Systems

  31. Security Threats Facing Wireless Networks Wireless networks are easy to find. • Hackers know that in order to join a wireless network, wireless networking products first listen for "beacon messages". • These messages are unencrypted and contain much of the network’s information, such as the network’s SSID (Service Set Identifier) and the IP Address of the network PC or access point. • Hackers use the beacon messages to access free bandwidth and free Internet access through your wireless network. This is called “Warchalking”. CIT 380: Securing Computer Systems

  32. Steps to Wireless Setup • Change the default network name • Disable broadcast • Change the default password needed to access the wireless device • Enable MAC address filtering • Enable WEP 128-bit Encryption. CIT 380: Securing Computer Systems

  33. Change default passwords and names needed to access the wireless device • Change the default network name • Linksys default network name is “linksys” • Change administrator password regularly • Default is often “administrator” • Network settings can only be changed by the administrator • Hackers know default passwords and weak passwords to try and access your network • Changing names and passwords regularly is good policy CIT 380: Securing Computer Systems

  34. Enable WEP 128-bit Encryption • Not a panacea, but can thwart hackers • Can reduce network performance • Use multiple keys • Change the WEP encryption keys periodically. • Can be broken: use a secure, encrypted protocol like ssh or SSL at application level for defense in depth. CIT 380: Securing Computer Systems

  35. Enable MAC Address filtering • Allows you to provide access to only those wireless nodes with certain MAC Addresses. • Hacker can’t access your network with a random MAC address. • But more knowledgeable hackers can change their MAC address to match an allowed one. CIT 380: Securing Computer Systems

  36. Encrypt Sensitive Files • Windows XP Encrypting File System (EFS) for encrypting files • GnuPG for encrypting files and email messages CIT 380: Securing Computer Systems

  37. Windows XP Encrypting File System (EFS) • EFS is not available with XP Home Edition • Reference: Microsoft Windows XP Inside Out – Chapter 14 • Right Click in Windows Explorer on the folder • Choose Properties | General Tab | Advanced Button | Encrypt contents to secure data • File names are green in Window Explorer CIT 380: Securing Computer Systems

  38. CIT 380: Securing Computer Systems

  39. CIT 380: Securing Computer Systems

  40. truecrypt • Encase, computer forensic tool, can break EFS • Free open source - http://www.truecrypt.org/ • http://www.truecrypt.org/docs/ • Beginner’s tutorial • Plausible Deniability – Hidden Volume CIT 380: Securing Computer Systems

  41. GnuPG • GnuPG is an open-source encryption tool for Windows and Linux • Complete and free replacement for PGP (www.gnupg.org) • http://wolfram.org/writing/howto/gpg.html • (CD: gpg.html) • Install Windows Privacy Tray (WinPT) CIT 380: Securing Computer Systems

  42. Enigmail • Install Thunderbird mail client from www.mozilla.org • Download Enigmail extension from www.mozilla.org • Add a menu item to encrypt and decrypt email using GnuPG CIT 380: Securing Computer Systems

  43. Erase your hard drive when decommissioning your computer • Simson Garfinkel, “Hard-Disk Risk” (CD: 20003.CS0.04.Hard_disk_risk.htm) • Found a lot of sensitive information on recycle hard disks • “Running FDisk on a 10GB drive overwrites only 0.01 percent of the drive’s sectors.” CIT 380: Securing Computer Systems

  44. Darik’s Boot and Nuke • Hard disk sterilization on bootable floppy • Put floppy into the computer which has the drive you want to erase and reboot. • Download from http://dban.sourceforge.net/ • Free. • Fast. Rapid deployment in emergency situations. • Easy. Start the computer with DBAN and press ENTER. • Safe. Irrecoverable data destruction. Prevents most forensic data recovery techniques. CIT 380: Securing Computer Systems

  45. Backup your system regularly • “Hard Disk Quality and Reliability”, http://www.pcguide.com/ref/hdd/perf/qual/index.htm (see quotes from the article) • “While the technology that hard disks use is very advanced, and reliability today is much better than it has ever been before, the nature of hard drives is that every one will, some day, fail.” • “full recovery usually starts at a few hundred dollars and proceeds from there.” CIT 380: Securing Computer Systems

  46. Ntbackup utility • Find ntbackup.exe • Start | Programs | Accessories | System Tools Or • C:\dell\Tech Tools\System Tools\ Backup Or • Run C:\WINDOWS\system32\ntbackup.exe • Run the Backup/Restore Wizard • Choose a place to save your backup • C:\temp\Backup • Creates a file Backup.bkf CIT 380: Securing Computer Systems

  47. Create Backup CD • Run your CD creator • Make a data CD • Add Backup.bkf to the CD CIT 380: Securing Computer Systems

  48. Simple Quick Backup Copy My Documents folder to a CD or USB CIT 380: Securing Computer Systems

  49. Safe use of public PCs • Kinko's Case Highlights Internet Risks • (CD: Kinko.htm) • “For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online. ” CIT 380: Securing Computer Systems

  50. Keyloggers • Capture keystrokes • Can steal passwords and credit card numbers • Can email or ftp the file containing the keystrokes • Keyghost (http://www.keyghost.com ) • Keyloggers are difficult to detect • Look at an ordinary system process CIT 380: Securing Computer Systems

More Related