Internet Security

M.Jayakumar CT230 Internet Technology Individual Assignment 1

Part 1 The Threats

The threats many of us are aware of.

The threats most people are not aware of.

The Global Scope of the Problem

Estonia, a tiny but highly wired country on the Baltic Sea, was essentially shut down for 3 weeks during April and May of 2007 by organized cyber attacks.

The Global Scope of the Problem

2 dozen South Korean & U.S. Government agencies & others were attacked in July 2009. Targets included the DoD, FAA, Homeland Security, NYSE, NASDAQ, etc.

The National Scope of the Problem

A few of the many major security breaches that became public in the 2nd Quarter of 2009. Sensitive information on 65,000 current and former employees stolen. 530,000 medical records stolen including social security numbers. Database breach by hackers personal information on 160,00 current and former students and alumni stolen.

The Personal Scope of the Problem

E-mail scams Identity theft Damage, repairs & replacements Productivity loss

Malware Headlines You Might Have Missed

10-11-09 - Spam dominates e-mail traffic (86%) 10-11-09 - Malware threats in search engine results 10-08-09 - FBI nets 100 people in phishing ring 10-07-09 - Fox Sports site hacked to serve malware 10-06-09 - Malware flea market pays hackers to hijack PC 10-06-09 - Weak passwords dominate Hotmail phishing leak

Malware Headlines You Might Have Missed

10-05-09 - Phony Facebook profiles spreading malware 09-30-09 - Malware re-writes online bank statements cover fraud 09-30-09 Earthquake / tsunami searchers targeted by malware 09-15-09 - Malware ads hit NY Times 09-15-09 - Operating systems not the key security risk anymore 08-20-09 - Malware designed to steal IDs increased 600%

Malware malicious software

Intent is to damage, disrupt, steal, or otherwise inflict problems on data, hosts, or networks.

The Scope of the Problem

The number of NEW malware threats is increasing
2008

2007

New malicious code signatures - Symantec

What are the Threats?

Not malware Malware

Tracking Cookies Flash Cookies Adware Hoaxes Scams Phishing Vishing

Backdoor Keyloggers Viruses & Worms Worms Trojans Spyware Rootkits Bots

Tracking Cookies
Not malware Tag containing info, sometimes useful to you No personal info unless offered Cookie storage can be limited May expire Easy to remove

Flash Cookies
Largely unknown, widely used Installed by a Flash plugin Never expire More cumbersome to remove Can send info w/o user permission

Adobe Flash logo

Flash Cookies
Widely used including in Extension

Adware
Free software that plays, displays or downloads advertising May be toolbars, search boxes, games, utilities Mostly safe but some is spyware Read privacy policies

Social Engineering
Means: Manipulating people to do things or to divulge confidential information

Phishing
Aim is to steal valuable information such as credit cards, social security numbers, user IDs and passwords Usually done by email Social engineering

Phishing
Often masquerades as legitimate person or business, even government Often contains a threat or consequence E-mail may look genuine, trustworthy Always points to different website than it appears to come from. Legitimate organizations never ask for sensitive information through e-mail

Pharming
Intent is to redirect a legitimate website's traffic to another, nearly identical but bogus website for the purpose of stealing sensitive information.

Scams
Based on social engineering Often appeal to compassion or greed Disasters typically generate large numbers of scams Appear legitimate

Scams
Dont click on links in these e-mails Typically offer something of value, ask for money in advance Nearly impossible to track the monetary transactions Scammers are accomplished social engineers

Scams
Nigerian money fraud scams began in 1997 or before by fax! These scams have spread to 80 countries or more. U.S. and U.K. are major targets

Scam Targets
Dating sites - exploit the victims desire for a companionship Religious sites - seek donations from their victims for worthy cause Social websites exploit personal info

Scams
Estimated annual losses
US - $1-$2 billion UK 150 million pounds Australia - $36 million AUD

Trojans
Programs that masquerade as good programs Can spy, steal information, log keystrokes, download other malware Open backdoors, over write data

Trojans
Cannot reproduce Must be spread by user interaction Many different types of trojans

Virus
Can create files, move files, erase files Can consume memory and cause computer problems Can replicate Can attach to other programs Can travel across networks

Worms
A special type of virus Can replicate itself and use memory Reproduce so fast they overload and shut down entire systems Cannot attach itself to other programs. Spreads mostly by e-mail

Backdoor
Malware that allows access to a computer without knowledge of the users password and user name. Allows attackers easy remote access

Spyware
Purpose is to capture information Email, usernames, passwords, credit card info, etc. Can transmit this information

Rootkit
Help intruders gain access to systems Avoid detection Subversion & evasion May avoid antivirus or antispyware scan

Bots or Zombies
A computer infected with malware, controlled remotely without the knowledge of the user Combined into networks called botnets Rented or sold to criminal interests

Bots or Zombies
Can be used to propagate malware or for cyber attacks Botnets may consist of thousands of machines worldwide Used to send about 80% of all spam and to attack commercial websites and other systems

Bot Network

Intermission
When we return how do we protect our computers and our data?

Part 2 The Protection

Weve covered the threats, but how do we protect ourselves?

Backup Data

Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware

Data

Use Best Practices

Anti virus software

Best Practices
Physical computer security Legal agreements - read the fine print Use good passwords Keep passwords safe Use a flash drive capable of read-only Update your operating system (OS) Update your applications

Best Practices
Use a hardware firewall Use a software firewall Use and update security products ie: antispyware, anti-virus, etc. Clean the system regularly Backup system regularly (after cleaning) Suggest using FireFox w/ security plugins

Physical Computer Security

Limit physical access to computers especially laptops

Physical Computer Security

All users should be required to log in, even at home A PC with no login password is like a car with the keys in the ignition.

Legal Agreements
A software license agreement is a legal contract between a producer and a purchaser of computer software. Called End User Licensing Agreements (EULA) or Terms of Use (TOU) Privacy Agreements

Read the Fine Print

Agreeing to these electronic documents means you are signing a legal contract. Read them before agreeing Suggest you keep a copy (paper or digital)

Use Good Passwords

Great Internet security means nothing if the bad guys can guess your passwords

Keep Passwords Safe

Need a system of choosing and using good passwords or Password management software Examples: Roboform, KeePass, others

RoboForm

KeePass

Password Management Software

Password generator Master password Encrypted database of passwords Desktop, portable, Web-based

USB Malware
Flash drives banned by US Army in 2008 due to malware and security concerns. An estimated 10% of malware was written to move on a flash drive.

USB Flash Drive w/ Read-Only

May be difficult to find Have a physical switch that prevents writing (and spreading malware) to the flash drive useful on unknown / unfamiliar computers

Upgrade vs Update
An upgrade from v2.5 to v2.6 for example is simply a major update Upgrading is taking your vitamins; fixing a hack is open-heart surgery. Matt Mullenweg, founding developer of WordPress

Update Your Operating System

Install all security patches Go to Windows Update website

Update Your Operating System

Set auto updates to download but not install unless you approve

Update/ Upgrade Your Applications

Hackers are finding ways to embed malware in everyday programs In July 2009 it happened to Adobe PDF files. Adobe issued a patch. Unless you install the patch, youre vulnerable when viewing PDFs

Update Your Applications

Average computer holds 80+ programs How to keep them all updated? If offered, turn the auto-update on Update often-used programs manually Helper programs for the rest - Secunia Free, checks your programs, notifies you when updates are needed

Update Your Applications

Backup Data

Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware Anti virus software

Data

Use Best Practices

Firewall Technology

Hardware or software designed and implemented to control the flow of network traffic. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

Firewall Technology
A company will have hundreds of computers that all have network cards connecting them together. One or more computer will have connections to the Internet. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. Company can control how employees connect to Web sites, whether files are allowed to leave the company over the network

Firewall Technology
Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering Proxy service Stateful inspection

Hardware Router w/Firewall

First line of defense Available in wired or wireless versions Wired is more secure Protects against incoming attacks $100 - $150

Software Firewall
Protects against intrusion scanning or attacks Protects against outbound communication by malware

Outbound Communication

Software Firewall
Use the pre-installed Windows firewall only if you have no other options. Turn it off before installing a better product. If you have the XP operating system you MUST obtain a software firewall DO NOT use XPs firewall.

Software Firewall
Install firewall first, then install other security software antivirus, antispy Do not install multiple software firewalls ZoneAlarm Pro is adequate - $40 Does require system resources

Backup Data

Wireless Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware Anti virus software

Data

Use Best Practices

Antivirus Software
Many software options Many are free, or free trial

Antivirus Software
Worries for all computer users is the threat of viruses entering their systems Fight against all kinds of malicious attacks and prevent adware, spyware, Trojans and worms from entering into the computer System for analyzing information and then, if it finds that something is infected, it disinfects it Antivirus software acts basically in two ways - Scanning files - Heuristic Approach.

Antivirus Software
Scanning Files
Employs a database of familiar virus code and applies it to compare the files with the known malicious code Database of the antivirus updated so that it can prevent the malicious attacks which are being crafted each and every day. After the match have been detected, Antivirus will take action in three different forms: - Quarantine the file - Repair the infected files - Remove the file

Antivirus Software
The Heuristic Approach
Keeps track of the type of the programs that are executable on a computer Doubtful behavior is identified then a prescheduled range of responses are activated The response can start from asking the owner of the PC how execute the process of deleting the malicious code automatically Protects against latest malware threats that are yet to be identified or registered in the antivirus database.

Security Policy
Security policies are rules that are electronically programmed and stored within security equipment to control such areas as access privileges The policies that are implemented should control who has access to which areas of the network and how unauthorized users are going to be prevented from entering restricted areas The security policy management function should be assigned to people who are extremely trustworthy and have the technical competence required.

In the future, some passwords may be replaced by biometrics, which is technology that identifies users based on physical characteristics, such as finge

Security Policy
Implementation
Identity methods and technologies must be employed to help positively authenticate and verify users and their access privileges. Making sure that certain areas of the network are password protectedonly accessible by those with particular passwords The golden rules, or policies, for passwords are: - Change passwords regularly - Make passwords as meaningless as possible - Never divulge passwords to anyone until leaving the company

Security Policy

Security policy
Digital Certificate
E-commerce has flourished because of the ability to perform secure transactions online using the proper tools. These tools are public key encryption and digital certificates. Public key encryption uses SSL (Secure Sockets Layer) to encrypt all data between the customer's computer and the ecommerce website Anyone can create a website and key pair using a name that doesn't belong to them. This is where digital certificates come in. Digital certificates are trusted ID cards in electronic form that bind a website's public encryption key to their identity for purposes of public trust

Security Policy
Digital Certificate
Digital certificates are issued by an independent, recognized and mutually trusted third party that guarantees that the website operating is who it claims to be. This third party is known as a Certification Authority (CA). Digital certificate contains an entity's name, address, serial number, public key, expiration date and digital signature, among other information. When a Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review..

Security Policy
Digital Certificate
The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interruption Digital certificates play an integral role in keeping online commerce safe. If your browser alerts you to a problem with a digital certificate, you are welladvised not to click through. Instead, call the business using a telephone number from your statements or phone book, and inquire as to the problem.

Security Policy
Digital Certificate

Access Control
Access control systems are electronic systems which are designed to control who has access to a network Door which can be locked, limiting people to one side of the door or the other. Access control servers validate the users identity and determine which areas or information the user can access based on stored user profiles Access control systems which span over computer networks are typically administered in a central location, with each user being given a unique identity. An administrator grants access privileges to personnel on a case by case basis, using settings within the administration software.

Encryption
Encryption technology ensures that messages cannot be intercepted or read by anyone other than the authorized recipient Encryption is usually deployed to protect data that is transported over a public network and uses advanced mathematical algorithms to scramble messages and their attachments. All VPN hardware and software devices support advanced encryption technology to provide the utmost protection for the data that they transport.

Encryption

Intrusion Detection
A network-based intrusion detection system (IDS) provides around-the-clock network surveillance An IDS analyzes packet data streams within a network, searching for unauthorized activity, such as attacks by hackers, and enabling users to respond to security breaches before systems are compromised When unauthorized activity is detected, the IDS can send alarms to a management console with details of the activity and can often order other systems, such as routers, to cut off the unauthorized sessions.

Intrusion Detection

Network Scanning
Network scanners conduct detailed analyses of networked systems to compile an electronic inventory of the assets and detect vulnerabilities that could result in a security compromise Allows network managers to identify and fix security weaknesses before intruders can exploit them

Spybot Search & Destroy

Eliminates adware, spyware, Trojans, keyloggers, dialers

- Free - Real-time protection

Spybot Search & Destroy

Malware often changes the registry Spybot warns of potential registry changes with Tea-timer Legitimate software installations also change the registry and may cause false alarms

Spybot Search and Destroy

Will immunize the system Like a Do Not Call list of websites for your browser

Super AntiSpyware
Removes spyware, Adware Trojans, Dialers, Worms, HiJackers, KeyLoggers, Parasites, Rootkits

- Free - Real-time protection - Can be scheduled

MalwareBytes
Free version Full version (one time fee of $24.95) includes real-time protection.

Backup Data

Wireless Router w/ hardware firewall ZoneAlarm software firewall Spybot w/ tea timer Super Anti Spyware Anti virus software

Data

Use Best Practices

How to Use These Tools Effectively

Pick one day of the week (Sunday AM?) Use the tools in this order: Spybot, SuperAntispyware, Antivirus Start one tool, go read the paper When one tool has finished, start the next, go read the paper When all tools are done, do a complete backup and label it w/ date & clean

Backup Your Data

Why backup? Data loss or corruption Human error, fire, flood, malware Backing up is cheaper, easier than re-creating the data

Backup Your Data

Many ways to backup Data only, whole system, online, local Compressed, uncompressed, automated

Data-Only Backup
Dozens of software choices for every budget & free Backs up selected files Typically uses proprietary compression SyncToy Free MS program no compression

Back2Zip free software

Whole-System Backup
Takes an image of the whole system not each file individually Several choices including Acronis, Norton Ghost, others Backup in 15-20 min, restore - 30 min to 1 hr

Online Backup Service

Advantages Inexpensive Some operate in the background Disadvantages Monthly fee Depends on Internet access

Local External Backup

Advantages Low one-time cost Multi-purpose Easily accessible Disadvantage Risks similar to original data Note keep unit unplugged unless in use

External Hard Drive

FireFox with Security Plugins

A plugin is an additional component or feature that can be added to a larger program NoScript to stop web scripts from running Better Privacy to control Flash cookies

Virtual PC Products
These programs create a virtual PC within your real PC. When programs run in the virtual PC, they cant make changes to the real PC Requires some technical knowledge Requires extra processing power Extremely safe if the Virtual PC gets infected, simply delete it and create a new one.

Virtual PC Software
Microsoft Windows Virtual PC VMware Connectix Virtual PC Sun VirtualBox

Sandboxie
Creates a small virtual space inside your computer called a sandbox. Can run a program or browser inside the sandbox. Smaller learning curve than a Virtual PC Less processing power needed than a Virtual PC

Commercial Repair CompUSA Geek Squad Local repair shop Etc. You

When you need help

Local PC Users Groups

Friends & family

When You Need Help

You are a key component Become knowledgeable about basic computer problems whats serious, whats not Understand who your resources are, who can deal with which problems Ask around about commercial repair options whos recommended?

PC Users Groups
50+ organized groups around the state. Dues avg $25-$35/yr FACUG Fla Assn of Computer User Groups is the umbrella organization - list is at http://www.facug.org/ Members help members w/ problems Attend meetings occasionally build relationships

Disclaimers
Information presented here is based on currently available information. This information changes frequently. No guarantee of accuracy is possible. Hardware, software, companies and techniques discussed are options, not recommendations. You alone are responsible for software and /or hardware choices and use of any techniques. Please read all legal agreements, instructions, user agreements and privacy terms associated with any hardware, software or websites.

Thanks You