information systems security: an overview

Information Systems Security: AnOverview

Sotirios Kontogiannis1 and Apostolos Syropoulos2

1Western MacedoniaUniversity of Applied Sciences

Grevena, [email protected] scholar

Xanthi, [email protected]

January 13, 2016Xanthi

Introduction System Protection Malware Cyber-security Finale

Presentation Overview

1 Introduction

2 System Protection

3 Malware

4 Cyber-security

5 Finale

What is IS Security?

Information system security is the software and hardwaremechanisms that prevent access to certain system resources:

Access Control and restrictions per user per role;

System policy and restrictions; and

Access Control and restriction per network/machine per role.

What IS security does include?

Prevention of

System level security (e.g., OS attacks, application overflow,etc.);

Network level security (e.g., network data evesdroping,machine impersonization, etc.);

Physical attacks (e.g., boot computer with OS DVD);

IS attacks via modified hardware [e.g., Mifare attacks (RFIDsystems), etc.] and

IS malfunction via Hardware I/O attacks (e.g., USB deviceplugged into a system).

Prevention of

What does System Security protects?

The system hardware, which must be protected physically.Maxim: Protect thy console before thy self!

The system’s OS and software resources. Also, users’ filesand per user OS restrictions.

The system’s local services (e.g., shared service resources).

What does Network Security protects?

System services available to end users via the Internet orLocal network.

The data that traverses through the network.

The machine network information and the levels of permachine (pc) access on network resources (provided fromother machines).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.

Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.

Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).

Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).

David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).

Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).

Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.

Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.

Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Hackers…

A person who secretly gets access to a computer system inorder to get information, cause damage, etc.Robert Tapan Morris: He released a worm that took downone-tenth of the Internet, crippling 6,000 plus computersystems.Vladimir Levin: Citybank hacker (1994).Michael Calce: Yahoo hack (2000).David Smith: Melisa e-mail clone virus (2000).Adrian Lamo: The homeless hacker of Microsoft, New YorkTimes and Yahoo! (2000).Jonathan James: US department of defence hacker-spy.Gary Mckinnon: US Air Force, US Navy, and NASA systemshacker.Kevin Mitnick: switching system (PBX) phreacker (one whogains illegal access to the telephone system).

Vocabulary PART I

noob Someone who knows little and has no will to learn anymore.

script kiddie Someone who relies on premade exploitprograms and files (”scripts”) to conduct his hacking, andrefuses to bother to learn how they work.

lamer A person who knows little and uses nukes to do hiswork

cracker Someone who uses software cracking to modify aprogram.

Warez Copyrighted works distributed without fees orroyalties, and may be traded, in general violation ofcopyright law.

Vocabulary PART I

Vocabulary Part II

warez d00dz Are part of the darkest internet subculture.They usually copy the warez from their own software,breaking copy protection if need be.

Guru An authority on computers and computing.

Poser One who tries to fit in but with exaggeration; pretendsto be someone whose not.

Leecher In the context of to peer to peer file sharingprotocols, or networks (e.g., Bittorrent), someone whoconsumes bandwidth by downloading, yet has no will toupload or give back to a community.

Vocabulary Part II

Hackers…

The population pyramid of potential

Information System attackers

AVERAGE NONSKILLED USER

KIDDIE SCRIPTER

CRACKER

PHREAKS/WAREZ D00DZ

HACKER

>25,000

>50,000

<8,000

<3,000

POSER/WANNABEE

LEECHER

Population/1

0,000,000

Hackers…

The population pyramid of potential

Information System attackers

AVERAGE NONSKILLED USER

KIDDIE SCRIPTER

CRACKER

PHREAKS/WAREZ D00DZ

HACKER

>25,000

>50,000

<8,000

<3,000

POSER/WANNABEE

LEECHER

Population/1

0,000,000

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).

The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).

Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).

Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.

Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)

They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.

They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.

Maintain low profile and utilize social engineeringtechniques.

Hacker Manners

They use Jargon(http://www.catb.org/jargon/html/go01.html).The use nicknames from irc channesl (#hack or #linux).Always two there are a master and an apprentice (Yodasyntax!).Exchange knowledge with knowledge or zero date exploitswith remote access.Follow strategy and protection measures (e.g., connect fromowned IP)They do not portscan or sniff or expose themselves todanger. They have lamers for this.They never delete systems, only deface and install rootkits orbackdoors.Maintain low profile and utilize social engineeringtechniques.

Malware or more …ware!

Computer Virus A binary patch set to a system’s executablefile “accidentally” by an administrator role.

Worm Something similar to a virus by design and isconsidered to be a sub-class of a virus. Also, a worm has thecapability to travel without any human “intervention.”

Spyware Software that aims to gather information about aperson or force a person visit specific web, view ads usingpopup windows sites or metasearch engines.

Trojans A type of malware that is often disguised aslegitimate software. Users are typically tricked by some formof social engineering into loading and executing Trojans ontheir systems.

Exploit A small program (source code) that uses a system’svulnerability in order to gain unauthorized access to ISresources

Types of Exploits

Local exploits Applicable when the program requires localsystem user access.

Remote exploits Applicable when the program requires onlyservice connection or service user access.

Zero dateWhen the code is published in the Internet is lessthat 3 months time.

Types of Exploits

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.

Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.

Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.

Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.

Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.

OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Types of Trojans

Root kit A collection of programs that enableadministrator-level access to a computer or computernetwork.Backdoor A method, often secret, of bypassing normalauthentication in a product, computer system, cryptosystemor algorithm etc.Fake Antivirus It masquerades as legitimate software, but isactually a malicious program that extorts money from you to“fix” your computer.Spy Trojans Usaually a standalone program that allows ahacker to monitor user’s activities on an infected computer.Typically, they capture screen, keyboard, I/O operations.Trojans to hide Trojans Malicious software that hides itself,so its activity doesn’t appear in the list of processes.OS kernel module Trojans A kind of Trojan horse whichcombines with kernel Rootkit technologies.

Network Security Malware

Port scanners (which posts are open?) and TCPFingerprinters (Detecting remote OS and its version).

Magic Packet Activated Backdoor The backdoor opens aport, executes a signle command, initiates a session orperform some other action when it received a single magicpacket.

IP Address Spoofing A hijacking technique in which acracker masquerades as a trusted host to conceal his identity(e.g., sending e-mail from…NASA!).

Synchronize Packet Flood A cracker sends many connectionrequests in a rapid pace without responding. This activityleaves the first packet in the buffer so that other legitimateconnection requests cannot be completed

Sniffer A network sniffers monitors data flowing overcomputer network links.

Network Security Malware II

Man-in-the-middle Attacks � type of cyberattack where amalicious actor inserts him/herself into a conversationbetween two parties, impersonates both parties and gainsaccess to information that the two parties were trying to sendto each other.Remote �xploits Exploits done remotely by a cracker acrossthe Internet or by a user’s having privileges on the system.Example: Fred Durst’s home computer was remotelyattacked and someone made a copy of a 2003 three-minuteprivate video in Durst’s possession.Denial of Service (DoS) An attacker attempts to preventlegitimate users from accessing information or services. Bytargeting your computer and its network connection, or thecomputers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing websitesor other services that rely on the affected computer.

Man-in-the-middle Attacks � type of cyberattack where amalicious actor inserts him/herself into a conversationbetween two parties, impersonates both parties and gainsaccess to information that the two parties were trying to sendto each other.

Remote �xploits Exploits done remotely by a cracker acrossthe Internet or by a user’s having privileges on the system.Example: Fred Durst’s home computer was remotelyattacked and someone made a copy of a 2003 three-minuteprivate video in Durst’s possession.Denial of Service (DoS) An attacker attempts to preventlegitimate users from accessing information or services. Bytargeting your computer and its network connection, or thecomputers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing websitesor other services that rely on the affected computer.

Man-in-the-middle Attacks � type of cyberattack where amalicious actor inserts him/herself into a conversationbetween two parties, impersonates both parties and gainsaccess to information that the two parties were trying to sendto each other.Remote �xploits Exploits done remotely by a cracker acrossthe Internet or by a user’s having privileges on the system.Example: Fred Durst’s home computer was remotelyattacked and someone made a copy of a 2003 three-minuteprivate video in Durst’s possession.

Denial of Service (DoS) An attacker attempts to preventlegitimate users from accessing information or services. Bytargeting your computer and its network connection, or thecomputers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing websitesor other services that rely on the affected computer.

Man-in-the-middle Attacks � type of cyberattack where amalicious actor inserts him/herself into a conversationbetween two parties, impersonates both parties and gainsaccess to information that the two parties were trying to sendto each other.Remote �xploits Exploits done remotely by a cracker acrossthe Internet or by a user’s having privileges on the system.Example: Fred Durst’s home computer was remotelyattacked and someone made a copy of a 2003 three-minuteprivate video in Durst’s possession.Denial of Service (DoS) An attacker attempts to preventlegitimate users from accessing information or services. Bytargeting your computer and its network connection, or thecomputers and network of the sites you are trying to use, anattacker may be able to prevent you from accessing websitesor other services that rely on the affected computer.

What is Cryptography?

Cryptography is the art and science of keeping informationsecure from unintended audiences.

It is achieved by making information unintelligible.

Here is how it works:

plaintextencryption

ciphertextdecryption

plaintext

Example: Caesar’s cipher is a type of substitution cipher inwhich each letter in the plaintext is “shifted” a certainnumber of places down the alphabet. For instance the word“Lillija” is ecrypted as “Uruursj” if we shift 9 places.

Post-quantum cryptography.

plaintextencryption

plaintext

plaintextencryption

plaintext

plaintextencryption

plaintext

plaintextencryption

plaintext

System Security Countermeasures

Keep The Operating System up to date.

Depending on your OS install antivirus software.Gather Information about zero day threats:

http://www.symantec.com/security_response/http://www.esecurityplanet.com/http://www.securityfocus.com/

Periodically use vulnerability scanner software:http://sectools.org/tag/vuln-scanners/

Depending on your OS install antivirus software.

Gather Information about zero day threats:http://www.symantec.com/security_response/http://www.esecurityplanet.com/http://www.securityfocus.com/

http://www.symantec.com/security_response/

http://www.esecurityplanet.com/http://www.securityfocus.com/

http://www.symantec.com/security_response/http://www.esecurityplanet.com/

http://www.securityfocus.com/

Periodically use vulnerability scanner software:

http://sectools.org/tag/vuln-scanners/

Network Security Countermeasures

Use custom configured firewall that filters traffic.

Use port sensitive sniffers (port sentry) to detect scanners.

Check thoroughly network services configuration. Updateservices and check shared service resources permissions

Use Network Intrusion Detection System to catch threatstargeting your vulnerable systems.

Check thoroughly network services configuration.

Updateservices and check shared service resources permissions

Finale!

We presented

general information about IS;

what system protection means;

the various forms of malware;

advice on cyber-security.

Thank you very much for your attension!

Finale!

We presented

Finale!

We presented

Finale!

We presented

Finale!

We presented

Finale!

We presented

Finale!

We presented