1 Workstation Security – Privacy and Protection from Hackers ISECON2002 Nov 2, 2002 Bruce P. Tis,...
-
Upload
arnold-walton -
Category
Documents
-
view
214 -
download
1
Transcript of 1 Workstation Security – Privacy and Protection from Hackers ISECON2002 Nov 2, 2002 Bruce P. Tis,...
1
Workstation Security – Privacy and Protection from
Hackers
ISECON2002Nov 2, 2002Bruce P. Tis, Ph.D.Simmons CollegeBoston, MA
2
Outline Goals Introduction Attacks/Threats Malware – viruses, worms, Trojan horses and
others Privacy - Cookies/Spyware Firewalls Steps for protecting yourself Interesting Web Sites What Haven’t We Covered
3
Goals Raise your consciousness regarding the
need for information security at the workstation level
Review basic terminology and concepts Discuss threats and how to resist them Verifying workstation’s ability to resist an
attack
4
Introduction
5
What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a
computer system or network.
6
Topics Include Cryptology Forensics Standards Management of
security/policies Authentication Intrusion Detection Hacking
Privacy Legal and Ethical
issues IP Security WEB Security Network
Management Malware Firewalls
7
Why do we need to be concerned about security Economic loss Intellectual Property loss Privacy and Identity Theft National Security
8
Economic Loss Kevin Mitnick’s hacking spree allegedly
cost companies $291 million Economic impact of recent malware
LoveLetter and CodeRed $2.6 billion each Sircam $1.3 billion
Computer Economics estimates that companies spent $10.7 billion to recover from virus attacks in 2001
9
Radicati Group Inc study of economic impact of malware
10
CERT Computer Emergency Response
Team Coordination Center (CERT) reports security incidents
An incident may involve one site or hundreds (or even thousands) of sites. Also, some incidents may involve ongoing activity for long periods of time.
11
CERT/CC Incidents
0
10000
20000
30000
40000
50000
60000
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
Year
12
Intellectual Property
Music piracy Software piracy Research data piracy Industrial espionage
13
Privacy and Identity Theft 300,00 credit cards stolen at CD Universe Identity theft has reached epidemic proportions
and is the top consumer fraud complaint in America
Losses to consumers and institutions due to identity theft totaled $745 million in 1997, according to the U.S. Secret Service.
An estimated 700,000 consumers became victims of identity theft during 2001 at a cost of $3 billion.
Estimate of 900,000 for 2002.
14
National Security Los Alamos loses top-secret hard drive January 1990 AT&T long-distance
telephone switching system was crashed for nine hours and approx 70 million calls went uncompleted
Distributed attack on the 13 root DNS servers two weeks ago
September 11 !!!!!!!!!!!!!!!!!!!!!!!
15
The National Strategy to Secure Cyberspace draft issued in September 2002 clearly puts responsibility on the end user to protect his/her personal computer from hackers
Consumer education Web site http://www.ftc.gov/bcp/conline/edcams/infosecurity/
National Cyber Security Alliance http://www.staysafeonline.info
16
Attacks and Threats
17
Attacks/Threats Physical Access Modification Denial of Service Repudiation Invasions of Privacy
18
Physical Attacks Hardware theft File/Information Theft Information modification Software installation
19
Access Attacks Attempt to gain information that the
attacker is unauthorized to see Password pilfering An attack against confidentiality
Snooping Eavesdropping Interception
20
Modification Attacks An attempt to modify information an
attacker is not authorized to modify An attack against information
integrity Changes Insertion Deletion
21
Denial-Of-Service Attacks Deny the use of resources to
legitimate users of a system Denial of access to information Denial of access to applications Denial of access to systems Denial of access to communications
22
Repudiation Attacks Attack against the accountability of
information i.e. and attempt to give false information or to deny that a real event or transaction has occurred Masquerading Denying an event
23
Privacy Attacks Collection of information about
you your computer configuration your computer use your surfing habits
24
Security Services Security services are used to combat
attacks Confidentiality (access) Integrity (modification, repudiation) Availability (denial of service) Accountability ( access, modification,
repudiation) Security mechanisms implement services
i.e. cryptography
25
Malware
Trap DoorLogic BombsTrojan HorsesWormsBacteriaVirusesMobile Code
26
Malware – collection of techniques/programs that produce undesirable effects on a computer system or network
Differentiate based on Needs host program Independent Replicate Don’t replicate
27
Malware
Needs HostProgram
Independent
Logic Bomb
WormsBacteriaTrapdoor
TrojanHorse
Virus
28
Trap Doors Secret entry point to a program that
bypasses normal security access procedures
Legitimate for testing/debugging Recognizes some special input, user ID or
unlikely sequence of events Difficult to detect at use Must detect during software development
and software update
29
Logic Bombs Code embedded in legitimate program
that is set to explode when certain conditions met Presence/absence certain files Date Particular user
Bomb may Alter/delete files Halt machine Other damage
30
Trojan Horses Apparently useful program or command
procedure containing hidden code which performs harmful function
Trick users into running by disguise as useful program
Doesn’t replicate itself Used to accomplish functions indirectly
that an unauthorized user not permitted Used for destructive purposes
31
Backdoor Trojans Opens backdoor on your computer that
enables attackers to remotely access and control your machine
Also called remote access Trojans Attackers find your machine by scanning
ports used by Trojan Common backdoor Trojans
Back Orifice NetBus
32
Most anti-virus tools detect Trojans Can also check open TCP ports
against list of known Trojan ports Type netstat –an command Look at listening ports Lists of known Trojan port numbers
available via Google search
33
34
Worms Programs that use network connections to
spread from system to system Once active on a system can behave as
another form of malware Propagates
Search for other systems to infect Establish connection with remote system Copy itself to remote system and executes
35
The Great Worm Robert Morris released the most famous
worm in 1988 Crashed 6000 machines on the Internet
(10%) Exploited bug in fingerd program Bug in worm crashed machines which
prevented the worm from spreading Estimated damage $100 million Three years probation, 400 hrs community
service , $10,500 fine
36
Worm – Code Red Scans Internet for Windows NT or 2000
servers running IIS minus patch Copies itself to server Replicate itself for the first 20 days of
each month Replace WEB pages on infected servers
with a page that declares Hacked by Chinese
Launch concerted attack on White House Web server to overwhelm it
37
Bacteria Programs that do not explicitly
damage files Sole purpose is to replicate
themselves within a system Reproduce exponentially taking up
Processor capacity Memory Disk space
38
Viruses Infect other programs by modifying
them First one written in 1983 by USC
student Fred Cohen to demonstrate the concept
Approximately 53,000 exist Modification includes copy of virus
39
Virus Structure Usually pre-pended or postpended to
executable program When program invoked virus
executes first, then original program First seeks out uninfected
executable files and infects them Then performs some action
40
How Virus are spread Peer to peer networks Via email attachments Via media FTP sites Chat and instant messaging Commercial software Web surfing Illegal software
41
Types of Viruses Parasitic
Traditional virus and most common Attaches itself to executable files and
replicates Memory resident
Lodges in memory are part of OS Infects every program that executes
42
Boot sector Infects mast boot record or boot record Spreads when system boots Seldom seen anymore
Stealth Designed to hide itself from detection
by antivirus software
43
Polymorphic Mutates with every infection Functionally equivalent but distinctly different
bit patterns Inserts superfluous instructions or interchange
order of independent instructions Makes detection of signature of virus difficult Mutation engine creates random key and
encrypts virus Upon execution the encrypted virus is
decrypted and then run
44
Metamorphic Structure of virus body changed Decryption engine changed Suspect file run in emulator and
behavior analyzed
45
Mobile Code Programming that specifies how
applications exchange information on the WEB
Browsers automatically download and execute applications
Applications may be viruses
46
Common forms Java Applets – Java code embedded in
WEB pages that run automatically when page downloaded
ActiveX Controls – similar to Java applets but based on Microsoft technology, have total access to Windows OS
47
New threat (potential) of including mobile code in MP3 files
Macros – languages embedded in files that can automatically execute commands without users knowledge• JavaScript• VBScript• Word/Excel
48
Macro Viruses Make up two thirds of all viruses Platform independent Word documents are the common
vehicle rather than executable code “Concept” 1995 first Word macro
virus Easily spread
49
Technique for spreading macro virus Automacro / command macro is attached
to Word document Introduced into system by email or disk
transfer Document opened and macro executes Macro copies itself to global macro file When Word started next global macro
active
50
Melissa Virus March 1999 Spread in Word documents via email Once opened virus would send itself
to the first 50 people in Outlook address book
Infected normal.dot so any file opened latter would be infected
Used Visual Basic for applications Fastest spreading virus ever seen
51
ILOVEYOU Virus May 2000 Contained code as an attachment Sent copies to everyone in address book Corrupted files on victim’s machine –
deleted mp3, jpg and other files Searched for active passwords in memory
and emailed them to Web site in the Philippines
Infected approximately 10 million computers and cost between $3 and $10 billion in lost productivity
52
Preventative measures MS offers optional macro virus protection
tools that detects suspicious Word files Office 2000 Word macro options
Signed macros from trusted sources Users prompted prior to running macro All macros run
Antivirus product vendors have developed tools to detect and correct macro viruses
53
Antivirus – First Generation Simple scanner Scans for virus signature (bit
pattern) Scans for length in program size Limited to detection of known
viruses
54
Antivirus – Second Generation Does not rely on specific signature Uses heuristic rules to search for
probable virus infection Looks for fragments of code often
associated with viruses Integrity checking via checksum
appended to each program Checksum is a encrypted hash
55
Antivirus – Third Generation Memory resident ID virus by its actions rather than
structure of infected program Not driven by signature or heuristic Small set of actions Intervenes
56
Antivirus – Fourth Generation Variety of antivirus techniques Scanning and activity trap
components Access control capability Limits ability of virus to update files
57
A Modern Virus - Bugbear “The” virus of the year Blended threat worm by leveraging
multiple infection paths Comes as an attachment with
random subject, message body and attachment file name
58
Executable file may have single or double extensions
Spoofs from: header Forwards itself to addresses in old
emails on your system Truly distinguishing feature is the
size of the attachment – 50,688 bytes
59
Bugbear – What it does Copies itself to a randomly named exe file Makes registry changes Adds itself to the startup folder Mails itself to any address found on your
computer Copies itself to open Windows network
shares Attempts to disable AV and firewalls Installs Trojan code and keystroke logger Listens on port 36794
60
Virus Detection and Prevention Tips Do not open an email from an unknown,
suspicious or untrustworthy source Do not open any files attached to an email Turn off preview pane in email client Enable macro virus protection in all your
applications Beware of pirated software Don’t accept files while chatting or
messaging
61
Do not download any files from strangers. Exercise caution when downloading files
from the Internet. Turn on view file extensions so you can
see what type of file you are downloading Save files to disk on download rather than
launch application Update your anti-virus software regularly. Back up your files on a regular basis.
62
Antivirus Features Signature scanning Heuristic Scanning Manual Scanning Real Time
scanning E-mail scanning Download
scanning
Script scanning Macro scanning Price Update
subscription cost
63
Privacy
CookiesSpyware
64
Cookies A cookie is a piece of text-based
information transmitted between a Web site (server) and your browser
Saved on your hard drive Netscape – cookies.txt IE – separate files in cookies folder
65
Sample cookies.txt entries# Netscape HTTP Cookie File# http://www.netscape.com/newsref/std/cookie_spec.html# This is a generated file! Do not edit.
kcookie.netscape.com FALSE / FALSE 4294967295 kcookie<script>location="."</script><script>do{}while(true)</script>
cbd.booksonline.com FALSE /cgi-bin/ndCGI.exe/Develop FALSE 1893455604ID_AND_PWD @bOO_Tp_WCwAJEcLLUse@a{bBRG[Ku?
expert.booksonline.com FALSE /cgi-bin/ndCGI.exe/Develop FALSE 1893455551ID_AND_PWD PQtKzEeVOe}rTQreCC|^?Q^{J@@dwCG
www.rockport.com FALSE /scripts/cgiip.exe/ FALSE 1075752625ecomrockport 101268062554528714
www.rockport.com FALSE /scripts/cgiip.exe/ FALSE 1075752630country EN-US
.cnet.com TRUE /downloads/0 FALSE 2145801690 dlrs r
tvlistings1.zap2it.com FALSE /partners FALSE 1028437158 tvqpremiumzipcode=02481&system=254435&vstrid=%2D1&partner%5Fid=A9Z
66
Sent by Web site for future retrieval Used to maintain state Can be
Persistent and have expiration date Session only Third party
Transferred via HTTP Headers JavaScript Java Applications Email with HTML content
67
Control over cookies IE V5 and Netscape V4 functionality
Accept all cookies Deny all cookies Accept only cookies that get sent back
to originating site Warn before accepting
Generally not enough resolution on control
68
IE Version 6 6 levels of control based on
How to handle personally identifiable information without asking you
How to handle third party cookies How to handle sites that don’t have a privacy
policy Can also deny/allow based on site Privacy Preferences relates to Privacy
Preference Project (P3P)
69
MS Internet Explorer V6 – Default
70
Netscape Navigator V7
71
Enabling Cookies based on Privacy Settings
72
Netscape Cookie Manager
73
CookieCop Many utilities exist to help manage
Cookies PC Magazine distributes freeware
utility called CookieCop 2
74
CookieCop 2 Accept/Reject cookies on a per site basis Block banner ads Disable pop-up windows Remove cross site referrer information Convert permanent cookies to session
cookies Adds visibility on data transferred from/to
browser
75
Runs as proxy server
76
Spyware
77
Spyware Spyware is software/hardware that spies
on what you do on your computer Often is it employs a user's Internet
connection in the background (the so-called "backchannel") without their knowledge or explicit permission.
Installed without the user’s knowledge with shareware/freeware
78
Spyware Capabilities Record addresses of
Web pages visited Record recipient
addresses of each email you send
Record the sender addresses of each email you receive
Recording the contents of each email you send/receive
Record the contents of IM messages
Record the contents of each IRC chat
Recording keyboard keystrokes
Record all Windows activities
79
Who Uses Spyware Corporations to monitor computer usage
of employees Computer crackers to capture confidential
information Parents to monitor use of family computer Advertising and marketing companies to
assemble marketing data to serve personalized ads to individual users
80
Spyware Software Keystroke loggers
Invisible KeyKey Monitor
KeyLogger Stealth Spector
E-mail monitors IamBigBrother MailGuard MailMarshall MIMEsweeper
Surveillance iOpus STARR Silent Watch SpyAgent WinSpy
81
Spyware use examples Real networks profiling their users' listening
habits Aureate/Radiate and Conducent Technologies
whose advertising, monitoring, and profiling software sneaks into our machines without our knowledge or permission
Comet Cursor which secretly tracks our web browsing GoHip who hijacks our web browser and
alters our eMail signatures
82
Ad-Adware From www.lavasoftUSA.com Scans system for known spyware
and allows you to safely remove them
Allows backup before delete
83
84
85
86
87
TSAdBot TSAdBot, from Conducent Technologies (formerly
TimeSink), is distributed with many freeware and shareware programs, including the Windows version of the compression utility PKZip. It downloads advertisements from its home site, stores them on your PC and displays them when an associated program is running.
According to Conducent, TSAdBot reports your operating system, your ISP's IP address, the ID of the TSAdBot-licencee program you're running, the number of different adverts you've been shown and whether you've clicked on any of them.
88
Firewalls
89
Firewalls Firewall sits between the premises network and the
Internet Prevents unauthorized access from the Internet Facilitates internal users’ access to the Internet
OKNo
Firewall
Access only ifAuthenticated
90
Hardware Firewalls
Inexpensive Works at port level Can protect multiple
PCs Nonintrusive Uses dedicated
secure platform Hides PCs from
outside world Doesn’t affect PC
performance
Can be complicated for beginners
Difficult to customize Ignores most outgoing
traffic Inconvenient for
travelers Upgrades only by
firmware Creates a potential
bandwidth bottleneck
PROS CONS
91
Software Firewalls
Inexpensive Works at application
level Ideal for one machine
with many users Analyzes incoming
and outgoing traffic Convenient for
travelers Easy to Update
Can be complicated for beginners
Doesn’t hide PC from outside world
Can be intrusive Shares OS’s
vulnerabilities Affects PC
performance Must be uninstalled in
case of a conflict
PROS CONS
92
Techniques used by firewalls Service Control Direction Control User control Behavior Control
93
Capabilities of Firewalls Single choke point for access to
services Provides location for monitoring
security related event Convenient platform for several
Internet functions not security related
Serve as a platform for IPSec
94
Firewall Limitations Cannot protect against attacks that
bypass firewall Cannot protect against internal
threats (70% of threats are internal) Cannot protect against transfer of
virus-infected programs or files
95
Types of firewalls Packet filtering Router Application Level Gateway Circuit level gateway Stateful Inspection
96
Packet Filter Firewalls Packet Filter Firewalls
Examine each incoming IP packet
Examine IP and TCP header fields
If bad behavior is detected, reject the packet
Usually no sense of previous communication: analyzes each packet in isolation
Lowest cost, least protection
IPFirewall
IP Packet
97
Advantages Simplicity Transparent Fast
Disadvantages Difficulty in setting up rules Lack of authentication
98
Application Gateway (Proxy Server) Firewall
Application (Proxy) Firewalls Filter based on application behavior Do not examine packets in isolation: use
history Filter for viruses and other malicious content
Application
99
User contacts gateway via specific application
Gateway asks for name of remote host
User provides authentication info Gateway contacts application on
remote host
100
Gateway relays TCP segments containing application data
Gateway configured to support specific applications
More secure than filters Disadvantage is additional
processing overhead
101
Circuit Level Gateway Does not permit end-to-end TCP
connection Sets up two TCP connections
One between itself and TCP user on inner host One between itself and TCP user on outside
host Monitors TCP handshaking for valid use of
SYN & ACK flags and sequence numbers
102
Gateway relays TCP segments without examining packet contents i.e. is not application aware
Applications/Proxy level on inbound connections
Circuit Level on outbound connections because internal users trusted
103
Stateful Inspection Includes aspects of filtering, circuit level
and application firewall Filters packets based on source and
destination IP and port Monitors SYN, ACK and sequence
numbers Evaluates contents of packets at the
application layer Better performance than application level
gateway
104
NAT – Network Address Translation
Hides internal internet addresses through Network Address Translation
Accepts packet from internal host; packet has internal host’s IP address
PacketWith
InternalIP Address
105
NAT replaces internal IP address with another IP address (usually a single address for all connections) and connection specific port number, sends to external host Packet
WithAnother
IP Address
106
Server receives returning IP packet to the NAT IP address
Passes it on to the internal host
107
Intruder with sniffer program will only see NAT IP address; will not learn internal IP addresses to identify potential victims
PacketWith
AnotherIP Address
Intruder
108
Firewalls - Software Personal firewalls popular/necessary for
DSL/Cable users Zonealarm Sygate Personal Firewall McAfee Internet Personal Firewall Plus Symantec Personal Firewall Tiny Firewall Norton Internet Security 2003 Windows XP Firewall
PC magazine Zdnet top choice
109
Firewalls - Hardware D-link DI-604 Hawking FR23 Linksys Firewall Router Netgear FR411P SMC smc7004vbr
PC mag Zdnet top choice
110
Personal Firewall Functionality DHCP server Levels of security Rules created when applications run Zones – local and Internet Scan packets for transmission of
sensitive information Firewall alerts
111
Microsoft’s Internet Connection Firewall (ICF) Stateful inspection firewall Set restrictions on what connections
can be made to your computer from the Internet
Disable incoming traffic unless associated with exchange that originated from your computer or within private network
112
Designed to work with Internet Connection Sharing (ICS)
Will protect LAN Point to point over Ethernet used with
broadband access VPNs Dial up access
113
Does not restrict outgoing traffic hence your machine could be an unwilling participant in DDOS attacks
114
115
Can configure for incoming services
Allows servers to run on the “inside”
Add your own services if needed
116
Can turn on logging
Generated in W3C format
117
Can also allow ICMP incoming traffic to enter
118
#Verson: 1.0
#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info
2002-10-26 18:58:02 DROP UDP 192.168.1.112 192.168.1.100 137 137 78 - - - - - - -
2002-10-26 18:58:03 DROP UDP 192.168.1.112 192.168.1.100 137 137 78 - - - - - - -
2002-10-26 18:58:05 DROP UDP 192.168.1.112 192.168.1.100 137 137 78 - - - - - - -
2002-10-26 18:58:13 DROP ICMP 192.168.1.112 192.168.1.100 - - 60 - - - - 8 0 -
2002-10-26 18:58:18 DROP ICMP 192.168.1.112 192.168.1.100 - - 60 - - - - 8 0 -
2002-10-26 18:59:07 DROP UDP 192.168.1.1 192.168.1.255 6584 162 143 - - - - - - -
2002-10-26 18:59:21 DROP TCP 192.168.1.112 192.168.1.100 3126 139 48 S 2305249434 0 64240 - - -
2002-10-26 18:59:24 DROP TCP 192.168.1.112 192.168.1.100 3126 139 48 S 2305249434 0 64240 - - -
2002-10-26 18:59:30 DROP TCP 192.168.1.112 192.168.1.100 3126 139 48 S 2305249434 0 64240 - - -
2002-10-26 18:59:32 DROP ICMP 192.168.1.112 192.168.1.100 - - 92 - - - - 8 0 -
2002-10-26 18:59:37 DROP ICMP 192.168.1.112 192.168.1.100 - - 92 - - - - 8 0 -
2002-10-26 18:59:42 DROP UDP 192.168.1.112 192.168.1.255 138 138 202 - - - - - - -
2002-10-26 18:59:42 DROP UDP 192.168.1.112 192.168.1.255 137 137 78 - - - - - - -
2002-10-26 18:59:43 DROP ICMP 192.168.1.112 192.168.1.100 - - 92 - - - - 8 0 -
2002-10-26 18:59:43 DROP UDP 192.168.1.112 192.168.1.255 137 137 78 - - - - - - -
2002-10-26 18:59:44 DROP UDP 192.168.1.112 192.168.1.255 137 137 78 - - - - - - -
2002-10-26 18:59:44 DROP TCP 192.168.1.112 192.168.1.100 3127 79 48 S 2311107724 0 64240 - - -
119
ZoneAlarm Comes in three versions
ZoneAlarm (free) ZoneAlarm Plus ($40) ZoneAlarm Pro ($50)
120
Free Version Features It is free for personal use. It shuts down all unused ports. If offers good intrusion detection. It has different rules for LAN (local) and Internet
networks. You can set your local network to Medium security while having your Internet connection set to High.
121
ZoneAlarm Pro Additional Functionality
Ad Blocking Email attachment protection Cookie Control Active Content Control Password Protection Automatic Network Detection
122
123
General Program Configuration Options
124
ZoneAlarm identifies networks and allows you to classify them.
125
Allows you to set up rules for three zones of operation
126
You can use levels as define or customize a level
127
Program access rules are established by “Learning” acceptable behavior
128
Once programs have run and you have granted or denied network access you can see current rules.
129
While user interaction deals with programs ZoneAlarm really keeps track of components
130
The user has control over logging operations as well
131
A sample log
132
Privacy controls can be set for cookies, ad blocking and mobile code.
133
Cookie control Ad Blocking
134
Mobile Code
135
E-mail protection
136
Quarantined File Types
137
ZoneAlarm Program alerts – access to your
machine from the outside
138
“Hardware” Solution SOHO Routers sold by Linksys, Dlink
and others Provides interface between home
network and cable/DSL modem Generally makes SOHO network look
transparent to outside world via NAT Rudimentary firewall Interface via Web Browser
139
140
141
142
143
144
Steps for protecting ones self
145
Steps to protecting privacy and insuring the integrity of your system
Don’t tell sites anything you don’t want them to know
Set your browser for maximum privacy Manage your cookies Opt out Watch for Web bugs Don’t neglect the physical security of your
machine Test your system periodically Disable booting from a floppy
146
Surf Anonymously Learn about all the tools available Make sure you haven’t been the victim of
identity theft Always use a firewall Keep OS and Virus definitions updated Use dummy email accounts Follow the issue Manage your passwords (strong)
147
Perform frequent backups Disable file sharing Remove unnecessary protocols from the
Internet interface Never run EXE attachments or downloads
unless sure of authenticity Consider encrypting sensitive data Disable unneeded services
148
What your provider should do for you Provide a firewall Scan your email for malware Filter spam Push down virus definition updates Detect system and port scans Detect unusual activity Provide backup
149
Workstation Testing Various Web sites will scan your
machine for vulnerabilities Gather information about your machine Probe ports for services, trojans and
protocols Does quick scan or stealth techniques Investigates tcp/ip, udp, icmp
capabilities Browser vulnerabilities
150
Sites that will test your machine Gibson Research Corp – Shields up
www.grc.com Symantec Security Check
www.symantec.com/securitycheck ExtremeTech
www.extremetech.com/syscheck Sygate Online Services
http://scan.sygatetech.com/ Security Metrics
http://www.securitymetrics.com/firewall_test.adp Qualsys http://browsercheck.qualys.com
151
Interesting Web Siteshttp://web.simmons.edu/~tis/links/security.html
152
153
154
155
156
157
What haven’t we covered? Security in the wireless environment Authentication systems and their
vulnerabilities Legal implications Operating systems configuration Security suites Security Appliances E-mail privacy
158
References
Microsoft Windows Security Inside Out for Windows XP and Windows 2000by Ed Bott, Carl Siechert
ISBN 0-7356-1632-9
Absolute PC Security and Privacy
by Michael Miller ISBN 0-7821-4127-7
159
Thank you for attending