self-learning materials for information technology competence … · 2012-09-24 · hackers •...
TRANSCRIPT
Self-learning materials for Information Technology Competence (ITC) Test
1
• Fundamental Concepts
• IS Issues in Daily Computer and Internet Usage
• Public Key Infrastructure, SSL, and Digital Certificates
• Information Security Software Demo
• Information Security Policies and Practices
• Useful Links on Information Security
Outline
2
Security (Information Security) Services:
What does information security (IS) provide?
• Authentication
• Confidentiality
• Integrity
• Non-repudiation
• Availability
Security Services
3
• Authentication – refers to the validation of the identity of
an entity, before it is being authorized to access further information and services
• Confidentiality – refers to the protection of information
from being disclosed to unauthorized parties
• Integrity – refers to the protection of information from
being altered by unauthorized parties
• Non-repudiation – refers to the prevention of message
senders or digital signature signers to deny having sent or signed the corresponding digital message
• Availability – refers to the assurance that information is
available to authorized parties when requested
Security Services
4
Hackers
• Hackers are those who attack computer systems and networks for unauthorized accesses
• Some of them do so for malicious purposes such as stealing or corrupting data
• Some of them are just for fun
• Some of them hack with the goal of testing the security of systems and networks
Threats to Information Security
5
Backdoors
• Backdoors are mechanisms that originally established by system administrators and software manufacturers for system maintenance and software status checking
• Allow one to bypass normal authentication and gain access to computer systems
• Backdoor accesses remain hidden from casual inspection. One may not even know their existence on the computer
• However, hackers always have their ways to find them out and uses backdoor as a springboard to hack
Threats to Information Security
6
Security Loopholes
• Security loopholes are bugs in software that can be exploited for security attacks and intrusions
• Even popular software such as Microsoft Windows cannot totally eliminate loopholes
• Sometimes, backdoors which are originally benign in nature are exploited by hackers to launch intrusions, and they eventually become security loopholes
Threats to Information Security
7
To defense against various security threats, we should:
• Install protection software such as anti-virus programs and personal firewalls
• Perform regular software updates to block the security loopholes
• Software manufacturers announce security bugs and release security patches from time to time • Pay attention to newly available patches and perform
software updates often e.g. Microsoft Safety & Security Center (http://www.microsoft.com/security/)
Information Security Measures
8
Let’s have a brief introduction of
IS Issues in Daily Computer and Internet Usage
9
Computer Viruses Worms
Trojans
Spyware
Network Security for Computer Users
Spam
Adware
Phishing
• Computer viruses are executable codes that hide inside a program and then infect other programs
• Computer viruses damage our computers in many different ways, such as • Deleting files
• Erasing programs, and
• Prompting annoying messages
• They can also replicate themselves without user intervention
Computer Viruses
10
Symptoms of computer virus infection include (but not limited to)
• Display of unusual messages or images
• Reduction of available memory
• Appearance of unknown programs or files
• Corrupted files
• Malfunction of programs and files
Computer Viruses
11
• First, the virus hides inside a program or file and remains inactive until the infected program is run
• Once the infected program or file is executed, the virus is run as well
• It then infects other programs on the computer hard disk by duplicating itself
• The computer is then inflected
How Computer Viruses Work?
12
• How we get the infected files?
• We can receive files and programs that are infected by computer viruses in many ways, including • Email attachments
• Newsgroup message attachments
• Internet downloads, and
• File transfer through instant messaging
How Computer Viruses Work?
13
• Is a special kind of computer virus
• The name Trojans come from the story of Trojan horse, in which the Greek solders hid inside a hollow wooden structure and thus sneaked through the city walls of Troy
• In computer security, a Trojan is a program that performs other than what it is expected • e.g. A program claims to be a game but instead it creates
backdoors for the hackers to gain unauthorized accesses to a computer
• Unlike general computer viruses, Trojans do not replicate themselves normally
Trojans
14
• Worms are another kind of computer viruses
• Spread directly from computer to computer without any action taken part by the computer users • e.g. The Sasser worms that widespread in 2004
automatically scans computers on a network that have a particular Windows security loophole
Worms
15
In case we suspect a computer being infected by viruses …
• We should disconnect the computer from the network immediately!
• Next, run antivirus program to scan the computer for viruses
• If the computer is infected, the antivirus program will report the found viruses and the corresponding infected files after the virus scanning • Usually, antivirus programs try cleaning the found viruses
• In case the viruses cannot be cleaned, the infected files will be quarantined
• It is too late to install antivirus programs at time you suspect your computer having been infected by viruses • Therefore, antivirus programs should always be installed at the very
first beginning
What If My Computer Get Infected?!
16
• Not being regarded as computer viruses • Yet can be very annoying and dangerous
• Sometimes being referred to as malware
Malware = software that has malicious purposes
• Computer users often install them unknowingly
Spyware and Adware
17
• Spyware monitors computer users and collect their information • e.g. a keyboard monitor
spyware program can log every keystroke you type
• Adware’s mission is to show advertisements • Usually via pop-up
windows or embedded in a Web page
Spyware and Adware
18
• How do we get them? • They install themselves onto a computer by exploiting
Web browser security loopholes
• Sometimes come with the freeware that can be freely downloaded from the Web
• We may get them also when we click unknown hyperlinks out of curiosity
• We should take precautions similar to those dealing with computer viruses
Spyware and Adware
19
• Internet connection is essential to almost every computer
• Security risk also increases
Network Security for Users
20
• Data being transmitted over the network can be read by computer software called “Packet Analyzers”
• Wireless networks are vulnerable because users are sharing the same network in open air
Packet Sniffing
21
0010101… Network Segment …00110101… Client computer Server (e.g. Gmail.com)
010101…
010101…
Network Analyzed installed
Email Viruses
• Are computer viruses that spread by means of emails
• Can spread by duplicating and sending themselves to email addresses in the address book of the email application
• Usually exist in form of email file attachments
• Sometimes can spoof sender addresses
• In March 1999, the Melissa email virus forced a number of global companies, including Microsoft, to turn off their e-mail systems completely!
Electronic Communication Security
22
• Email Spam • Unsolicited junk emails from
unknown sender
• Can arrive in a huge volume and can be annoying
• Why it is bad? • Spam occupies Internet and email
server resources
• Uses up email disk quota
• Takes extra time from us to wade through a large number of spam emails to locate the legitimate ones
Electronic Communication Security
23
Dealing with Spam (at Server Side)
• Most Internet Service Providers have installed Anti-spam programs in their email servers • e.g. the IronPort Anti-Spam Service of ITS
http://its.web.ied.edu.hk/antispam/
• Emails that are suspected to be spam are put to the quarantine server and are not directly delivered to users’ email boxes
Electronic Communication Security
24
Dealing with Spam (at Client Side)
• Server side anti-spam measures cannot totally remove spam • We should take client-side precautions, for example:
• Do not response to the spam
• Do not post your and your friends’ email addresses on the Web
• Avoid including HTML email links in your personal homepage
• Create filter rules in our own email applications to filter out unwanted spam emails
Electronic Communication Security
25
Phishing • Is a technique to steal ones’ important personal
information • Is usually conducted by emails • Phishers pretend as organizations such as a bank,
send emails and ask the recipients to enter personal information, account numbers and passwords to a counterfeit Web site that looks like that of the “real” organization
• Beware! Legitimate organization do not seek clients’ information in such way. When in doubt, you should call the genuine organization’s customer service hotline to verify.
Electronic Communication Security
26
• Public Key Infrastructure, or PKI in short, is an umbrella term for a set of security technologies based on public key cryptography • Digital Certificates • Digital Signature • Public Key encryption • …
• PKI provides security to the World Wide Web as well as computer systems and networks
WWW Security and PKI
27
• Cryptography enables us to communicate secretly by encrypting messages with keys • Symmetric Cryptography: a same key is used for
encryption and decryption • Asymmetric Cryptography: encryption key and decryption
key are different A pair of keys: private key and public key Therefore also called “Public Key Cryptography”
WWW Security and PKI
28
Public Key Private Key
Suppose Alice wants to send a message to Bob:
“Symmetric Key Cryptography (no PKI)”
Encryption: Symmetric Key Cryptography Case
29
Alice’s Key = Bob’s Key
Encrypt the message with Alice’s key
Decrypt the message with Bob’s key
Suppose Alice wants to send a message to Bob:
“Asymmetric Key Cryptography (PKI)”
Encryption: Symmetric Key Cryptography Case
30
Public Key ≠ Private Key Public key is known to the public, Private key is kept secret
Encrypt the message with Bob’s public key
Decrypt the message with Bob’s private key Bob has a pair of key: private and public
Public Key Private Key
With PKI, suppose Alice wants to sign on the message to Bob so that Bob can be assured it is really from Alice:
Digital Signature with PKI
31
Verify the signature with Alice’s public key For security reason, encryption and signature should use different key pairs
Sign the message with Alice’s private key Public Key
Private Key
• Public keys are published in WWW by means of digital certificates
• A digital certificate is an electronic file containing information about the certificate holder and is authorized by the Certificate Authority (CA)
• Main components on a Digital Certificate • Certificate holder’s Information • Certificate holder’s public key • Certificate Authority’s digital signature • Expiry date
Digital Signature with PKI
32
• SSL is the abbreviation of Secure Socket Layer • Is a communication protocol for providing authentication
and confidentiality to Internet traffic
• Digital certificate is required for communication over SSL
• When we connect to a Web site over SSL • We can see a small lock at the lower right hand corner
• The URL begins with HTTPS instead of HTTP
33
Digital Signature with PKI
• Software that safeguards security and privacy of information and computer systems
• In particular: • Anti-virus programs defend against computer viruses • Anti-spyware and anti-adware programs defend against
spyware and adware • Personal firewalls defend against security threats in
network connections
• Nowadays, popular antivirus software provide the above protections all-in-one
• Outdated security software may not be able to protect your computer
Security Software
34
• Information security depends much on the safe practices of the computer users
• Computer users are often regarded as the weakest link in information security
• Organizations with a large number of computer users often define the Acceptable Use Policy (AUP) • AUP is a set of rules that governs the use of organization
computers, networks, and the Internet by members within an organization
• The HKIEd also has its own AUP for staff and students • http://its.web.ied.edu.hk/policies/regulations.htm • http://its.web.ied.edu.hk/policies/naup.htm
Security Policies and Practices
35
Good Practices for Safe Computing • Install and always enable anti-virus and anti-spyware
programs • Do not open executable files from an email attachment • Read all messages in plain text • Scan all newly downloaded files and email attachments before
you open or install them • Check out and install Windows Updates regularly • Always enable personal firewalls • Set strong and non-trivial passwords (e.g. E12$n5s2), and
change the password from time to time • Backup files and data regularly • Do not share local files or directories by file sharing
36
Security Policies and Practices
Good Practices for Safe Computing • Disconnect from the Internet and wireless connections when
not in use • Keep your desktop and laptop computers physically safe • Update antivirus program regularly to ensure the latest
version of the program has been installed • Always enable real-time antivirus protection • Scan the computer for viruses regularly • Check out and install Windows Updates regularly • Remember your passwords in your own memory. Don’t write
them down or share them with other people • One should promptly log out of other user’s account before
using the computer
37
Security Policies and Practices
The HKIEd
• Information Security Policy • The policy aims to protect the HKIEd’s members
and its reputation through the protection and preservation of Confidentiality, Integrity and Availability (CIA); and to set out the information security management framework for protecting: • Personal, vital and sensitive information; • Infrastructure and information systems; and • Authorized information users and administrators of the
above.
Useful Links
38
The HKIEd • Network Acceptance Usage Policy • This Acceptable Usage Policy applies to all users of
the HKIEd Campus Network and its purpose is to ensure that every network user can enjoy a secure, reliable and productive working environment. This policy covers areas on proper usage, legal aspects, respect for the rights of others and regulation enforcement.
Useful Links (con’t)
39
Hong Kong Computer Emergency Response Team (HKCERT) • HKCERT Coordination Center • HKCERT coordinates computer and network security
incidents for Hong Kong enterprises and Internet users. Its Web site contains articles, news, and useful links of information security.
Useful Links (con’t)
40
Office of the Government Chief Information Officer, HKSAR Government • InfoSec • The Web site aims at promotion and public
education on information security; contains rich resources on information security as well as measures and the best practices for prevention of computer related crimes.
Useful Links (con’t)
41