CIT 380 Securing Computer Systems
-
Upload
camden-patterson -
Category
Documents
-
view
47 -
download
0
description
Transcript of CIT 380 Securing Computer Systems
![Page 1: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/1.jpg)
CIT 380: Securing Computer Systems Slide #1
CIT 380 Securing Computer Systems
Threats
![Page 2: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/2.jpg)
Vocabulary
• CIA Triad– Confidentiality– Integrity– Availability
• States of Information– Storage– Processing– Transmission
CIT 380: Securing Computer Systems Slide #2
![Page 3: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/3.jpg)
Vocabulary
• Security Measures– Technology– Policies and practices– Education, Training, and awareness
• Threats, Attacks, Assets
• Prevention, Detection, Recovery, Survivability
CIT 380: Securing Computer Systems Slide #3
![Page 4: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/4.jpg)
Vocabulary
• Risk
• Security trade-offs
• Cost-Benefit Analysis
• Script Kiddies
• Security Researchers
• Hacker , Cracker, Attacker
• Black Hat, White Hat
CIT 380: Securing Computer Systems Slide #4
![Page 5: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/5.jpg)
CIT 380: Securing Computer Systems Slide #5
What are threats?
• What threats can you think of to your home?
• To your money (including bank accounts, checks, credit and debit cards)?
• To your home computer?
![Page 6: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/6.jpg)
CIT 380: Securing Computer Systems Slide #6
Digital Threats: More of the Same
• Theft
• Vandalism
• Extortion
• Con Games
• Fraud
• Stalking
![Page 7: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/7.jpg)
CIT 380: Securing Computer Systems Slide #7
Digital Threats: What’s Different
Automation– Salami Attack from Office Space.
Action at a Distance– Volodya Levin, from St. Petersburg, Russia, stole
over $10million from US Citibank. Arrested in London.
– Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA.
![Page 8: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/8.jpg)
Digital Threats: What’s Different
Technique Propagation– Criminals share techniques rapidly and globally.
CIT 380: Securing Computer Systems Slide #8
![Page 9: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/9.jpg)
Next Slide
• The percentage of respondents answering that their organization experienced unauthorized use of computer systems in the last 12 months
CIT 380: Securing Computer Systems Slide #9
![Page 10: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/10.jpg)
CIT 380: Securing Computer Systems Slide #10
![Page 11: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/11.jpg)
CIT 380: Securing Computer Systems Slide #11
Survival Time
![Page 12: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/12.jpg)
Survival Time
• The main issue here is of course that the time to download critical patches will exceed this survival time.
CIT 380: Securing Computer Systems Slide #12
![Page 13: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/13.jpg)
CIT 380: Securing Computer Systems Slide #13
Current Threat Information
• SANS Internet Storm Center– http://isc.sans.edu/index.html
• Bugtraq– http://www.securityfocus.com/– http://www.securityfocus.com/archive/1
• CERT– http://www.cert.org/
![Page 14: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/14.jpg)
Current Threat Information
• Packet Storm– http://packetstormsecurity.org/
CIT 380: Securing Computer Systems Slide #14
![Page 15: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/15.jpg)
CIT 380: Securing Computer Systems Slide #15
Who are the Attackers?
• Hackers vs Crackers
• Levels of attackers– Developer
• Finds new security vulnerabilities
• Writes tools and exploits
– User• Understands tools; modifies tools/exploits
– Script Kiddie
![Page 16: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/16.jpg)
CIT 380: Securing Computer Systems Slide #16
Who are the Attackers?Criminals.
– 1993: Thieves installed bogus ATM at Manchester Mall. Saved account#s + PINs.
Organized crime.– 2000: Mafia-led organization members arrested for
attempt to steal $680million from Bank of Sicily.
Malicious insiders.– 2001: Mike Ventimiglia deletes files of his employer,
GTE. $200,000 damage.
Industrial espionage.– 2001: Verdicts in Cadence Design Systems vs. Avant
against 7 employees incl CEO. 5 sentenced to jail.
![Page 17: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/17.jpg)
CIT 380: Securing Computer Systems Slide #17
Who are the Attackers?Press.
– 1998: Cincinnati Enquirer reporter Michael Gallagher breaks into Chiquita Fruits voicemail to expose illegal activities.
Police.– 1997: LAPD illegal wiretapping scandal.
Terrorists.– 1999: DOS attacks and web defacements against NATO
country computers during Kosovo bombings.National Intelligence.
– 2000: Former CIA Directory Woolsey admitted to using ECHELON information to help US companies win foreign contracts.
![Page 18: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/18.jpg)
Scary Internet Stuff: Underground
• http://www.youtube.com/watch?v=AYWYvJ__Dxk&feature=related
CIT 380: Securing Computer Systems Slide #18
![Page 19: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/19.jpg)
CIT 380: Securing Computer Systems Slide #19
What Are Our Defenses?
• Firewalls • Virus Scanners • Spyware Scanners• Intrusion Detection
Systems (IDS/IPS) • Patches • Backups
Prevent
Detect
Respond
Recover
![Page 20: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/20.jpg)
CIT 380: Securing Computer Systems Slide #20
What Are The Attacks?
• Phishing
• Malware
• Ransomware
• Spyware
• Botnets
![Page 21: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/21.jpg)
CIT 380: Securing Computer Systems Slide #21
Phishing E-mail
![Page 22: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/22.jpg)
CIT 380: Securing Computer Systems Slide #22
Phishing Site
![Page 23: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/23.jpg)
Scary Internet Stuff: Phishing
• http://www.youtube.com/watch?v=Ao20tAS3x3I&feature=related
CIT 380: Securing Computer Systems Slide #23
![Page 24: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/24.jpg)
Amazon.com - Your Cancellation (516-203578-8141423)
Dear Customer,
Your order has been successfully canceled. For your reference, here`s a summary of your order:
You just canceled order #991-86824-273919
Status: CANCELED
_____________________________________________________________________
ORDER DETAILSSold by: Amazon.com, LLC
_____________________________________________________________________
Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.
Thank you for visiting Amazon.com!
---------------------------------------------------------------------Amazon.comEarth`s Biggest Selectionhttp://www.amazon.com---------------------------------------------------------------------
CIT 380: Securing Computer Systems Slide #24
![Page 25: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/25.jpg)
CIT 380: Securing Computer Systems Slide #25
Malware
• Trojan Horses • Viruses • Worms
![Page 26: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/26.jpg)
CIT 380: Securing Computer Systems Slide #26
Ransomware
![Page 27: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/27.jpg)
CIT 380: Securing Computer Systems Slide #27
Spyware and Adware
Most Trojan Horses, some infect directly.
– Browser hijacking – Pop-up advertisements – Keystroke and network logging – Steal confidential data from email and files
![Page 28: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/28.jpg)
Spyware and Adware
89% of PCs are infected with spyware
(2006Q2 Webroot .) – http://www.webroot.com/resources/
stateofspyware/excerpt.html
CIT 380: Securing Computer Systems Slide #28
![Page 29: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/29.jpg)
CIT 380: Securing Computer Systems Slide #29
Rootkits
• Execution Redirection• File Hiding• Process Hiding• Network Hiding
User Program
Rootkit
OS
![Page 30: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/30.jpg)
Rootkits Video
• http://www.youtube.com/watch?v=PcqnG4-NkZ4
CIT 380: Securing Computer Systems Slide #30
![Page 31: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/31.jpg)
CIT 380: Securing Computer Systems Slide #31
Botnets
Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include:
• Attempt to infect other PCs • Send spam message • Launch DOS attack • Upgrade attack and control software • Virus writers sell botnets to spammers for
$0.10/compromised PC
![Page 32: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/32.jpg)
Scary Internet Stuff: Botnets
• http://www.youtube.com/watch?v=BRhauoXpNSs
CIT 380: Securing Computer Systems Slide #32
![Page 33: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/33.jpg)
Wikipedia: Botnet
• http://en.wikipedia.org/wiki/Botnet – Historical list of botnets
• Kraken botnet– http://en.wikipedia.org/wiki/Kraken_botnet
CIT 380: Securing Computer Systems Slide #33
![Page 34: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/34.jpg)
CIT 380: Securing Computer Systems Slide #34
Key Points• Computer crimes same as pre-computer crimes.• Differences in digital threats
– Automation– Action at a distance– Technique propagation
• Digital threats– Phishing – Malware – Ransomware – Spyware
– Botnets
![Page 35: CIT 380 Securing Computer Systems](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813524550346895d9c8bd8/html5/thumbnails/35.jpg)
CIT 380: Securing Computer Systems Slide #35
References1. Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List,
http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.2. The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. 3. John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004. 4. Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition,
McGraw-Hill, 2005. 5. Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security
Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005.
6. SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php7. Schneier, Bruce, Beyond Fear, Copernicus Books, 2003.8. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006 9. Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your
Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002. 10. Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26
2005. 11. Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol.
27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)