1 internet threats lasse erkkilä, dap01s. 2 topics identifying threats evolvement of malware...
Post on 20-Dec-2015
213 views
TRANSCRIPT
2
TOPICS
• IDENTIFYING THREATS• EVOLVEMENT OF MALWARE (History)• METHODS AGAINST THREATS• COMING NEXT (Future of Internet)• CONCLUSIONS
3
Identifying Threats
• Viruses• Network Worms• Trojans• Spyware / Adware• Other Malware• Intrusions• Other Threats
4
Viruses
• Main purpose is to spread and infect files• Attach to a file and replicate when file is
executed • More than 100 000 known viruses exists
in the world today*
• Several hundred new viruses are discovered every month
*McAfee, 2004
IDENTIFYING THREATS
7
Network Worms
• Self-replicating Viruses that reside in the active memory of a computer.
• Worms Send themselves out to the Internet from infected systems.
• Either include tiny e-mail server or search for unprotected shared network drives to unload.
IDENTIFYING THREATS
9
Trojan Programs
• Programs that installs themselves stealthly via Internet & provide access for malicious use
• Threats enabled by (/through) Trojans– DDos attacks – Data stealing– Distributed spam eMails
• Do not replicate
IDENTIFYING THREATS
10
Spyware / Adware
• Cookies – Track you online• Browser Hijackers – Changes default home page • Tracking Cookies – Gathers info of web usage• Trickles – Reinstalls spyware when deleted• Keyloggers – Records anything you type!• Data-Mining • Aggressive Advertising• Parasites • Scumware • Dialers• List goes on...
IDENTIFYING THREATS
11
Other malware
• Dos & DDos attacks• Flooders• FileCryptors & PolyCryptors• Nukers• List goes on...
IDENTIFYING THREATS
12
Intrusions
• Attempts to break into information system & damage or restrict it's operability
• Method is to find open ports in the target by ”bombing” packets
IDENTIFYING THREATS
13
Other Threats
• Phishing– Confidential information stealing by fraud
emails & web sites (author falsified)– Several millions of Phishing messages have
been sent world wide– Fastest growing threat today
• SPIM– Instant Messaging SPAM– Estimated: 4 billion SPIM's during 2004
IDENTIFYING THREATS
14
Evolvement of Malware
• 1940 -1960's– 1940 – 1950's: Roots of viruses created: Self-
Reproducing (mathematical) methods• Common roots with AI and Robotics
– 1962: Game called 'Darwin' created by American Bell Telephone Labs. -engineers
• Point of the game was to delete opponent's programs by own programs which could also multiply
15
Evolvement of Malware
• 1970's– Early 70's a virus called Creeper was
detected on ARPANET• Infected systems displayed the message:
I'M THE CREEPER: CATCH ME IF YOU CAN!
– Another virus called Reaper was made to delete Creeper
– In the end of 70's first Trojans were discovered
16
Evolvement of Malware
• 1980's– Trojans appeared in large quantities– 1986: First Global IBM-compatible virus
epidemic was detected• Virus called Brain spread world wide within a few
months
– In the end of the 80's:• Several other viruses discovered• Many AntiVirus companies were founded
17
Evolvement of Malware
• 1990's – Rapid growth of viruses– Several operating systems targeted– Polymorphic viruses appeared
• Changed with every infection• Encrypted
18
Evolvement of Malware
• 2000-– Microsoft software more often targeted
• Especially Windows
– 2001: Share of virus attacks via e-mail 90%– 2003: Two of the biggest Internet attacks
ever• Slammer -worm infected nearly a million
computers world wide within just few minutes• LoveSan -Worm attacked almost every Internet
user• Both worms exploited a vulnerability in WINDOWS
19
Methods Against Threats
• Updating!• AntiVirus Tools• AntiSpyware Tools• Firewalls• Content Filtering• Intrusion Detection
20
Updating!
• Most important factor in security
• Modern Software is too complex to make without any security holes, updates are needed to fix them when discovered.– Windows XP includes 40 million lines of code!
• “Old” code is still running below new to provide compatibility with older software– Security threats were “internal” before Internet
METHODS AGAINST THREATS
21
Updating!
• Most used software is usually most targeted for threats – Need for updates more critical with Microsoft
products at the moment.
• Updates (fixes) are not instantly available– Microsofts average fix time is 25 days. *– IFRAME -vulnerability in IE discovered 25th
November
->Microsoft released fix at 7th December
*Forrester research
METHODS AGAINST THREATS
22
AntiVirus Tools
• AV-programs are most common tool• Hardware tools are made for large
enterprises– Gateway routers
METHODS AGAINST THREATS
24
AntiSpyware Tools
• Only Software tools exist at the moment• Programs are trying to detect distinctive signs
that spyware places on system• Popular software (FREE)
– Lavasoft: Ad-Aware SE – Spybot: Search & Destroy 1.3
METHODS AGAINST THREATS
25
Firewalls
• Monitor network traffic and Block access by configured rules
• Software Vs. Hardware• Stateful inspection
– Examine the headers & content of each passing network packet
METHODS AGAINST THREATS
26
Content Filtering
• Means to filter out unwanted data– URL Filtering List– User Identification– Content Inspection
METHODS AGAINST THREATS
27
Intrusion Detection
• Tools to detect Inappropriate, Incorrect or anomalous activity.– Host-based ID Systems
• Operate on host
– Network-based ID Systems• Operate on network data flows
• Intrusion = External network attack• Misuse = Internal network attack
METHODS AGAINST THREATS
28
Intrusion Detection
• Most common approaches to ID– Statistical-Based Anomaly Detection
• Seek to identify abusive behaviour by comparing it to legitimate use
– Rule-Based Intrusion Detection• Matching known data with audit patterns of
intrusive behaviour
METHODS AGAINST THREATS
30
New Threats
• More Blended threats (Viruses & worms)
• ”Zero-day” attacks are coming– Attacks before patches(fixes) are released
• More severe threats coming
COMING NEXT
31
New Methods
• Multi-layered defence– Security measures are installed on all
vulnerable points (desktop, server)
COMING NEXT
32
Collapse of Internet?
• Hannu H. Kari, HUT:– “Internet will become unusable by the end
of 2006 because of Malware”
• BBC:– “If Key hubs of Internet were targeted for
attacks it would quickly begin to unravel and collapse”
COMING NEXT
34
Companies often lack...
• 1. Effective protection– ”Costs are too high”– ”We have already AV installed”– ”We don't need them”
• 2. Knowledge of own environment– ”Yes, we already have one of those” (FALSE)
Corporate view
CONCLUSIONS
36
• Keep your system updated– Windows (or other OS), internet browsers,
Java etc. Network related programs
• Use a personal firewall, AV -software & AntiSpyware -software– Various free products available, examples:
• ZoneAlarm (Fw)• Anti-vir (AV)• AdAware SE (AS)
Tools for normal user
CONCLUSIONS
37
• Close your Internet connection when not using it– From the second you connect to the Internet
your computer becomes a target
• Make sure connection is secure when inputting for example credit card number– Https:// -addresses can be trusted as secure
Cautions
CONCLUSIONS