1 computer security threats, detection, and prevention
TRANSCRIPT
1
Computer SecurityComputer Security
Threats, Detection, and Threats, Detection, and PreventionPrevention
22
Why Worry About security?Why Worry About security?
33
Reported IncidentsReported Incidents
0
10000
20000
30000
40000
50000
60000
70000
80000
1995 1996 1997 1998 1999 2000 2001 2002*
44
Reported VulnerabilitiesReported Vulnerabilities
0
500
1000
1500
2000
2500
3000
3500
1995 1996 1997 1998 1999 2000 2001 2002*
55
SecuritySecurity
ComputerComputer• PhysicalPhysical• SoftwareSoftware
PeoplePeople NetworkNetwork
• WiredWired• WirelessWireless
66
MotivesMotives
PersonalPersonal• Joy or thrillJoy or thrill• Net credNet cred• Revenge – spouse, employeeRevenge – spouse, employee
ProfitProfit• BlackmailBlackmail• Competition/Business secretsCompetition/Business secrets
IdeologicalIdeological• PoliticalPolitical• SocialSocial• ReligiousReligious
77
Criminal ProfileCriminal Profile
HackerHacker CrackerCracker White-collar crimeWhite-collar crime Con artistCon artist Psychological Psychological
problemsproblems• StalkerStalker• TerroristTerrorist• FanaticsFanatics
ScriptkiddyScriptkiddy
88
Threat PyramidThreat Pyramid
ScriptScriptKidsKids
ModerateModerate
AggressiveAggressive
GovernmentsGovernments
1M’s1M’s
10K’s10K’s
1K’s1K’s
100’s100’s
Source: Source: Tom Perrine, SDSCTom Perrine, SDSCSecurity as InfrastructureSecurity as Infrastructure
99
Physical SecurityPhysical Security
TrashTrash• OfficeOffice• Dumpster divingDumpster diving
Computer accessComputer access• Not logged off computer or lockedNot logged off computer or locked• BIOS and Boot not secureBIOS and Boot not secure
Passwords written downPasswords written down Unsecured laptopsUnsecured laptops Documents not secure in cabinets Documents not secure in cabinets
1010
Physical SecurityPhysical Security
1111
VulnerabilitiesVulnerabilities Programming errorsProgramming errors
• Buffer overrunsBuffer overruns• Integer overflowsInteger overflows• Poor access controlPoor access control• Stack errorsStack errors
Poor designPoor design• Poor access controlPoor access control• Monolithic vs modular Monolithic vs modular • Unexpected behaviorUnexpected behavior
Quality controlQuality control• CorporationsCorporations• Small BusinessesSmall Businesses• IndividualsIndividuals
1212
Software ThreatsSoftware Threats
VirusesViruses WormsWorms TrojansTrojans Logic bombsLogic bombs RootkitsRootkits
1313
DeliveryDelivery
SoftwareSoftware• SpywareSpyware• AdwareAdware• MalwareMalware
MediaMedia EmailEmail SpamSpam WebsitesWebsites
1414
CrackingCracking
DictionaryDictionary Brute forceBrute force HybridHybrid
Cracking is time Cracking is time consuming and consuming and requires great requires great computing powercomputing power
1515
Social EngineeringSocial Engineering
FriendshipFriendship AuthorityAuthority SnoopingSnooping GuiltGuilt TrustTrust TimeTime PolitenessPoliteness PhishingPhishing HoaxesHoaxes Shoulder SurfingShoulder Surfing
1616
DefensesDefenses Anti-virus softwareAnti-virus software
• SymantecSymantec• McAfeeMcAfee• F-SecureF-Secure• PandaPanda
Popup blockersPopup blockers• BrowsersBrowsers• Stand aloneStand alone
Software FirewallsSoftware Firewalls• SymantecSymantec• WindowsWindows• ComodoComodo• Zone AlarmZone Alarm
Anti-spywareAnti-spyware• Windows DefenderWindows Defender• Ad-AwareAd-Aware
Anti-spamAnti-spam• Built in to email clientBuilt in to email client• Stand aloneStand alone
1717
How much security?How much security?
SecuritySecurity Ease of UseEase of Use
Beware of Security through Beware of Security through Obscurity!!!Obscurity!!!
1818
Best PracticesBest Practices
Physical securityPhysical security• Lock your office doorLock your office door• Lock your PCLock your PC• Lock your documentsLock your documents• Use a shredderUse a shredder• Secure your laptopSecure your laptop• Check PC for suspicious Check PC for suspicious
devicesdevices• BIOS and Boot orderBIOS and Boot order• Use common senseUse common sense
1919
Best PracticesBest Practices
Update softwareUpdate software• OSOS• Anti’sAnti’s• ApplicationsApplications
Update FirmwareUpdate Firmware• BIOSBIOS• Network devicesNetwork devices
Microsoft Baseline Microsoft Baseline Security AnalyzerSecurity Analyzer
2020
Best PracticesBest Practices
User discretionUser discretion• Scan email Scan email
attachments and attachments and downloads before downloads before opening or startingopening or starting
• Be wary of Be wary of unsolicited helpunsolicited help
• Avoid seedy Avoid seedy websites and websites and servicesservices
ContinuedContinued• Be cautious of Be cautious of
unsolicited email unsolicited email even from trusted even from trusted sourcessources
• Don’t advertise Don’t advertise personal personal informationinformation
• Control accessControl access
2121
Create Strong Pass PhrasesCreate Strong Pass Phrases• msd10171965msd10171965
PoorPoor• ardl79BEf76357ardl79BEf76357
14 spaces14 spaces Hard to rememberHard to remember GoodGood
• MydogSkiplovestoplayfetcheverydayMydogSkiplovestoplayfetcheveryday 33 spaces33 spaces Easier to rememberEasier to remember BetterBetter
• Myd0gSkipluvs2playfetchev3rydayMyd0gSkipluvs2playfetchev3ryday 31 spaces31 spaces Easier to rememberEasier to remember Limit Duplicate letters –substitute with numbers, Limit Duplicate letters –substitute with numbers,
punctuation, or special characterspunctuation, or special characters BestBest
2222
Best PracticesBest Practices
Understand system Understand system behaviorbehavior• Know what is Know what is
normal to establish normal to establish a baselinea baseline
• Monitor system Monitor system resourcesresources
• Be proactiveBe proactive
2323
Best practicesBest practices
Secure your dataSecure your data• Back up your dataBack up your data• Store backup in Store backup in
secure locationsecure location• Back up oftenBack up often• Separate system Separate system
from datafrom data
2424
Protect Your PrivacyProtect Your Privacy
EncryptionEncryption• PGP emailPGP email• Folders and filesFolders and files• PasswordsPasswords
CertificatesCertificates• Certificate authorityCertificate authority• Trusted third partyTrusted third party
2525
2626
Hacker HuntingHacker Hunting
White hatsWhite hats SneakersSneakers SamuraiSamurai Honey potsHoney pots SandboxesSandboxes Hacker ChallengesHacker Challenges
2727
Captain, We've Been Boarded!Captain, We've Been Boarded!
System InventorySystem Inventory• Data added or missingData added or missing• New processesNew processes• New softwareNew software• Settings are changedSettings are changed
ForensicsForensics• Who?Who?• What?What?• Where?Where?• When?When?• How?How?
2828
Forensic Tools and InformationForensic Tools and Information
Command Prompt and Dos Command Prompt and Dos commandscommands
Intrusion Detection SystemsIntrusion Detection Systems• PassivePassive• Re-activeRe-active
http://http://www.sans.orgwww.sans.org// http://http://www.sysinternals.comwww.sysinternals.com//
2929
Lab AssignmentLab Assignment You are a CEO of a international publicly traded You are a CEO of a international publicly traded
corporation. You just found out from your CIO that corporation. You just found out from your CIO that your database containing your customer’s private your database containing your customer’s private information has been compromised.information has been compromised.
Your CIO suggests we report this to the FBI and Your CIO suggests we report this to the FBI and have a press conference to warn our customers have a press conference to warn our customers so they can protect themselves.so they can protect themselves.
Your CFO disagrees. Your CFO states that by Your CFO disagrees. Your CFO states that by going public, even to the FBI, will hurt the going public, even to the FBI, will hurt the company by reducing the share price 5-20% company by reducing the share price 5-20% losing up to a billion dollars, lose existing losing up to a billion dollars, lose existing customers, and will affect the company’s ability customers, and will affect the company’s ability to get new customers. The CFO suggests we hire to get new customers. The CFO suggests we hire a private security firm to find out what happened a private security firm to find out what happened and to quietly retrieve our data.and to quietly retrieve our data.
3030
Lab AssignmentLab Assignment
As CEO you have an obligation to your As CEO you have an obligation to your customers, your shareholders, and the customers, your shareholders, and the company.company.
Write a 2-4 page essay about what your Write a 2-4 page essay about what your decision is and why you choose to do what decision is and why you choose to do what you did. Explain how you will address the you did. Explain how you will address the concerns of the shareholders, customers, concerns of the shareholders, customers, and company employees about your and company employees about your decision.decision.
3131
Lab AssignmentLab Assignment
Create a backup file and download Create a backup file and download the backup file to the drop boxthe backup file to the drop box• Create a folder and name it after Create a folder and name it after
yourself.yourself.• Place your essay in the folder.Place your essay in the folder.• Use the MS Backup Utility to create a Use the MS Backup Utility to create a
back up of the folder you created.back up of the folder you created.• Upload the backup file you created to Upload the backup file you created to
the dropbox.the dropbox.