Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public...
-
Upload
jeremiah-guthrie -
Category
Documents
-
view
221 -
download
0
Transcript of Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public...
![Page 1: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/1.jpg)
Introduction to Computer SecurityIntroduction to Computer Security
![Page 2: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/2.jpg)
Common Security TerminologyCommon Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies Denial of Service Attack Key Logging Software Firewalls Security Exploit
![Page 3: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/3.jpg)
TerminologyTerminology Password Cracking
• Password Cracker– An application that tries to obtain a password by
repeatedly generating and comparing encrypted passwords or by authenticating multiple times to an authentication source.
– Repeatedly trying to access your accounts
• Common methods of Password cracking– Brute Force– Dictionary
![Page 4: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/4.jpg)
TerminologyTerminology Password Cracking (cont’d)
• Passwords are usually stored in an encrypted form with a one way encryption algorithm
– If this data is compromised, password cracking can be moved to a standalone system for easier control and speed of cracking.
![Page 5: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/5.jpg)
TerminologyTerminology Biometrics
• Science and technology of measuring and statistically analyzing biological data
• When used in Information Technology it usually refers to the use of human traits for authentication
• This method can include fingerprints, eye retinas and irises, voice patterns, and a host of other consistent biological data
![Page 6: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/6.jpg)
TerminologyTerminology Public Key Cryptography
• Two Keys, “certificates”, are available for each resource, one public and one private
• As the names imply, the public key can be shared freely while the private key is kept secret
• Items encrypted using the public key are decrypted using the private key and conversely anything encrypted with the private key can be decrypted with the public key
• This method of encryption is used to ensure secure communication is only between a valid, “known”, sender and recipient
![Page 7: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/7.jpg)
TerminologyTerminology SSL
• “Secure Sockets Layer”• Uses Public Key Cryptography• Negotiates a method to encrypt communication
between a client and server• Allows other network protocols to connect “over
top” of it, such as web browsing and e-mail protocols
• “Transport Layer Security” (TLS) is a variant of SSL used to negotiate encryption within the network protocol being used
![Page 8: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/8.jpg)
TerminologyTerminology Man-in-the-Middle Attack
• A system between two hosts that either passively watches traffic to gain information used to “replay” a session or actively interferes with the connection, potentially imitating the remote system
![Page 9: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/9.jpg)
TerminologyTerminology Zombies
• Computer system infected by a virus or Trojan horse that allows the system to be remotely controlled for future exploits
• These systems may be used to send large amounts of spam e-mail or take part in Distributed Denial of Service (DDoS) attacks
![Page 10: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/10.jpg)
TerminologyTerminology Denial of Service Attack (DoS)
• Sending large amounts of data and requests to a remote system in order to inundate the remote computer or network
• A Distributed DoS is a coordinated effort by a number of systems to perform a DoS on a single host
![Page 11: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/11.jpg)
TerminologyTerminology Key Logging Software / Hardware
• Software installed on a system to capture and log all keystrokes
• Hardware installed between the keyboard and computer used to capture and log all keystrokes
Security Exploit• A software bug, or feature, that allows access to
a computer system beyond what was originally intended by the operator or programmer
![Page 12: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/12.jpg)
TerminologyTerminology Firewall
• Network hardware device or software used to filter traffic to and from the connected resources
• Ranges from simple filters, blocking certain services and protocols, to more complex systems that plot network traffic patterns
• Local operating system firewalls are referred to as “personal firewall software”
![Page 13: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/13.jpg)
Firewall
![Page 14: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/14.jpg)
Password SecurityPassword Security Password limitations
Reasons for complex passwords
Helpful suggestions for creating complex passwords
Future password requirements
![Page 15: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/15.jpg)
Password SecurityPassword Security According to CERT/CC (Computer
Emergency Response Team / Coordination Center) approximately 80% of all network security issues are caused by bad passwords
Computer to Computer authentication can use large keysets and complex encryption while Human to Computer authentication relies on much easier methods
![Page 16: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/16.jpg)
Password SecurityPassword Security Password Limitations and why they are in
place• Password Expiration
– Decreases the chances of your password being cracked
• Complex Passwords– Requiring complexity actually increases the possible
character combinations required by brute-force cracking
• Password Length Requirements– The longer your password the more possible
character combinations are present and the harder it is to crack
![Page 17: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/17.jpg)
Password SecurityPassword Security Dealing with Password Limitations
• Password lockouts– If a certain number of login attempts fail within a
given timeframe the account is automatically locked out for a preset amount of time
– Using this limitation stops brute force authentication attempts
• Dictionary Checks– Simple checks against common dictionaries are used
to increase password complexity
![Page 18: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/18.jpg)
Password SecurityPassword Security Are Password rules too complex?
• With the increase of computer hardware speed and the decrease of computer prices, we can use more advanced methods to keep security high
• Post-it Notes– Is your computer in a locked room?– Who has physical access to your system?– A majority of system attacks originate through the
network.
![Page 19: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/19.jpg)
Password SecurityPassword Security Suggestions for Complex Passwords
• Think of a phrase and use the first characters of each word, mixing case and adding numbers and special characters
– It is good to change your password every 6 months = Iig2cyPe6m
– UI vandals are number one = UiVdlsR#1
• Using a favorite word or phrase and breaking it up with numbers and special characters
– Happy = Hap3py1– Motorcycle = M0tor6cyc!e
![Page 20: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/20.jpg)
Password SecurityPassword Security Possible Future Password Requirements
• Decreasing password expiration time
• Certificate authentication
• Use of Biometrics
• Two part identification, where you use a password and another physical item
![Page 21: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/21.jpg)
Password SecurityPassword Security Passwords are like Underwear!
• Don’t leave yours lying around
• Don’t Share them with friends
• The longer the better (cold weather)
• Change yours often
• Be mysterious
![Page 22: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/22.jpg)
E-mail SecurityE-mail Security Some common E-mail protocols
Secure E-mail protocols at the UI
![Page 23: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/23.jpg)
E-mail SecurityE-mail Security Common E-mail protocols
• POP– Post Office Protocol
Older protocol for downloading messages from an INBOX
• IMAP– Internet Message Access Protocol
Full featured mail folder access
• SMTP– Simple Mail Transfer Protocol
Standard for sending and receiving e-mail between clients and servers, and from server to server
• MAPI– Mail Application Programming Interface
A set of communication methods and standards used predominately between Microsoft e-mail clients and servers
![Page 24: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/24.jpg)
E-mail SecurityE-mail Security Secure protocols in place at the University of
Idaho• POPS
– Pop mail over an SSL connection
• IMAPS– IMAP over an SSL connection
• SMTP+TLS– Negotiation of a TLS/SSL connection after connecting
• All popular e-mail clients support the use of these protocols
![Page 25: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/25.jpg)
Web SecurityWeb Security Web specific definitions
• HTTP• URL• SSL• Spyware / Adware• Web browser updates
Some common methods of Web Security
![Page 26: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/26.jpg)
Web SecurityWeb Security HTTP (Hyper Text Transfer Protocol)
• Modern web browsers are capable of using multiple protocols to download content although most data transfers use HTTP
URL (Uniform Resource Locator)• “Web Address”• protocol://server/resource• http://www.uidaho.edu/registrar
![Page 27: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/27.jpg)
Web SecurityWeb Security SSL (Secure Sockets Layer)
• Very important on insecure networks such as wireless
• How to verify SSL in a browser– https: -- the web address begins with https meaning
the connection is using HTTP over SSL– Look for a lock icon – Internet Explorer may display a Security Alert that
states “you are about to view pages over a secure connection”
![Page 28: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/28.jpg)
Web SecurityWeb Security SSL (cont’d)
• Certificate Authorities– A “CA” is an entity that issues certificates
– If you “trust” a CA you will trust the certificates issued by that CA
– Web browsers come with a standard collection of common certificate authorities including Verisign, Geotrust, Thawte, and a number of others
– Be wary of untrusted certificates as it has the potential of being a man-in-the-middle attack
![Page 29: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/29.jpg)
Web SecurityWeb Security SSL (cont’d)
![Page 30: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/30.jpg)
Web SecurityWeb Security Spyware / Adware
• Spyware is software designed to intercept or take partial control of a computer with out the express consent of the operator
• Adware is similar to spyware except it is used primarily for advertising purposes and may have provided the user with information about its operation
• Regardless of the network level security, when browsing, spyware will have access to your data
![Page 31: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/31.jpg)
Web SecurityWeb Security Web Browser Software Updates
• Update, Update, Update
• Security exploits can use your web browser to access your system, install software, delete data, spread viruses, and much, much more.
![Page 32: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/32.jpg)
Peer-to-Peer File sharingPeer-to-Peer File sharing What is Peer-to-Peer File sharing
Common applications
Common issues to consider when using P2P
How to protect yourself when using P2P
![Page 33: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/33.jpg)
Peer-to-Peer File sharingPeer-to-Peer File sharing Peer-to-Peer File sharing, or P2P, is using
software to facilitate the transfer of data between two systems without the need for a central file server
Common P2P applications are:• Kazaa• eDonkey• Morpheus• Gnutella Clients (Limewire, Bearshare)
![Page 34: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/34.jpg)
Peer-to-Peer File sharingPeer-to-Peer File sharing Common issues with P2P file sharing
• Copyright issues
• Spyware / Adware
• Zombies– Remote control
• Key logging
• Security exploits
• Sharing unexpected information
![Page 35: Introduction to Computer Security. Common Security Terminology Password Cracking Biometrics Public Key Cryptography SSL Man-in-the-Middle Attack Zombies.](https://reader033.fdocuments.us/reader033/viewer/2022061305/55142074550346d8488b57bb/html5/thumbnails/35.jpg)
Peer-to-Peer File sharingPeer-to-Peer File sharing How to protect yourself when using P2P
• Install Antivirus– Symantec Antivirus
• Check for operating system and software updates regularly
• Install Spyware Detection Software– Microsoft Defender Beta 2– Spybot– Adaware