Internet

Security
M.Jayakumar
CT230 Internet Technology
Individual Assignment 1

Virus

Part 1 The Threats

Malw
ar

s
n
a
j
o
r
T

Worms

r
o
o
d
k
c
a
B

t
i
k
t
o
o
R

g
n
i
h
s
i
Ph

Bots

Hackers

e
r
a
w
y
p
S

Scams

The threats
many of us are
aware of.

The threats
most people
are not aware
of.

The Global Scope of the Problem

Estonia, a tiny but
highly wired country
on the Baltic Sea,
was essentially shut
down for 3 weeks
during April and May
of 2007 by organized
cyber attacks.

The Global Scope of the Problem

2 dozen South
Korean & U.S.
Government
agencies & others
were attacked in
July 2009. Targets
included the DoD,
FAA, Homeland
Security, NYSE,
NASDAQ, etc.

The National Scope of the Problem

A few of the many major security breaches
that became public in the 2nd Quarter of 2009.
Sensitive information on 65,000 current
and former employees stolen.
530,000 medical records stolen including
social security numbers.
Database breach by hackers personal
information on 160,00 current and former
students and alumni stolen.

The Personal Scope of the Problem

E-mail scams
Identity theft
Damage, repairs & replacements
Productivity loss

Malware Headlines You

Might Have Missed

10-11-09 - Spam dominates e-mail traffic (86%)

10-11-09 - Malware threats in search engine results
10-08-09 - FBI nets 100 people in phishing ring
10-07-09 - Fox Sports site hacked to
serve malware
10-06-09 - Malware flea market pays hackers
to hijack PC
10-06-09 - Weak passwords dominate
Hotmail phishing leak

Malware Headlines You

Might Have Missed
10-05-09 - Phony Facebook profiles
spreading malware
09-30-09 - Malware re-writes online bank
statements cover fraud
09-30-09 Earthquake / tsunami searchers
targeted by malware
09-15-09 - Malware ads hit NY Times
09-15-09 - Operating systems not the
key security risk anymore
08-20-09 - Malware designed to steal
IDs increased 600%

Malware malicious software

Intent is to
damage, disrupt,
steal, or
otherwise inflict
problems on
data, hosts, or
networks.

The Scope of the Problem

The number of NEW malware threats is increasing
2008

2007

New malicious code

signatures - Symantec

What are the Threats?

Not malware

Tracking Cookies
Flash Cookies
Adware
Hoaxes
Scams
Phishing
Vishing

Malware

Backdoor
Keyloggers
Viruses & Worms
Worms
Trojans
Spyware
Rootkits
Bots

Tracking Cookies
Not malware
Tag containing info,
sometimes useful
to you
No personal info
unless offered
Cookie storage can
be limited
May expire
Easy to remove

Flash Cookies
Largely unknown,
widely used
Installed by a
Flash plugin
Never expire
More cumbersome
to remove
Can send info w/o
user permission

Adobe
Flash
logo

Flash Cookies
Widely
used
including
in Extension

Adware
Free software that
plays, displays or
downloads advertising
May be toolbars,
search boxes, games,
utilities
Mostly safe but some is
spyware
Read privacy policies

Social Engineering
Means:
Manipulating
people to do
things or to
divulge
confidential
information

Phishing
Aim is to steal
valuable information
such as credit cards,
social security
numbers, user IDs
and passwords
Usually done by email
Social engineering

Phishing
Often masquerades as legitimate
person or business, even government
Often contains a threat or consequence
E-mail may look genuine, trustworthy
Always points to different website than
it appears to come from.
Legitimate organizations never ask for
sensitive information through e-mail

Pharming
Intent is to redirect a
legitimate website's
traffic to another,
nearly identical but
bogus website for
the purpose of
stealing sensitive
information.

Scams
Based on social
engineering
Often appeal to
compassion or
greed
Disasters typically
generate large
numbers of scams
Appear legitimate

Scams
Dont click on links
in these e-mails
Typically offer
something of value,
ask for money in advance
Nearly impossible to track the
monetary transactions
Scammers are accomplished social
engineers

Scams
Nigerian money fraud scams began in
1997 or before by fax!
These scams have spread
to 80 countries or more.
U.S. and U.K. are major
targets

Scam Targets
Dating sites - exploit
the victims desire for
a companionship
Religious sites - seek
donations from their
victims for worthy
cause
Social websites exploit personal info

Scams
Estimated annual losses
US - $1-$2 billion
UK 150 million
pounds
Australia - $36
million AUD

Trojans
Programs that
masquerade as
good programs
Can spy, steal
information, log
keystrokes,
download other
malware
Open backdoors,
over write data

Trojans
Cannot
reproduce
Must be spread
by user
interaction
Many different
types of trojans

Virus
Can create files,
move files, erase files
Can consume
memory and cause
computer problems
Can replicate
Can attach to other
programs
Can travel across
networks

Worms
A special type of virus
Can replicate itself and use
memory
Reproduce so fast they
overload and shut down
entire systems
Cannot attach itself to other
programs.
Spreads mostly by e-mail

Backdoor
Malware that
allows access to a
computer without
knowledge of the
users password
and user name.
Allows attackers
easy remote
access

Spyware
Purpose is to
capture information
Email, usernames,
passwords, credit
card info, etc.
Can transmit this
information

Rootkit
Help intruders gain
access to systems
Avoid detection
Subversion &
evasion
May avoid antivirus or antispyware scan

Bots or Zombies
A computer infected with
malware, controlled
remotely without the
knowledge of the user
Combined into networks
called botnets
Rented or sold to
criminal interests

Bots or Zombies
Can be used to propagate malware or
for cyber attacks
Botnets may consist of thousands of
machines worldwide
Used to send about 80% of all spam
and to attack commercial websites
and other systems

Bot Network

Intermission
When we return
how do we protect our
computers and our data?

Part 2 The Protection

Weve covered the threats, but how

do we protect ourselves?

Backup

Router w/
hardware firewall

Data

ZoneAlarm
software firewall

Data

Spybot w/ tea
timer
Super Anti
Spyware

Use
Best
Practices

Anti virus
software

Best Practices

Physical computer security

Legal agreements - read the fine print
Use good passwords
Keep passwords safe
Use a flash drive capable of readonly
Update your operating system (OS)
Update your applications

Best Practices
Use a hardware firewall
Use a software firewall
Use and update security products ie: antispyware, anti-virus, etc.
Clean the system regularly
Backup system regularly (after cleaning)
Suggest using FireFox w/ security
plugins

Physical Computer Security

Limit physical
access to
computers
especially laptops

Physical Computer Security

All users should
be required to log
in, even at home
A PC with no login password is like
a car with the keys
in the ignition.

Legal Agreements
A software license
agreement is a legal
contract between a
producer and a
purchaser of computer
software.
Called End User
Licensing Agreements
(EULA) or Terms of Use
(TOU)
Privacy Agreements

Read the Fine Print

Agreeing to these
electronic documents
means you are signing
a legal contract.
Read them before
agreeing
Suggest you keep a
copy (paper or digital)

Use Good Passwords

Great Internet
security means
nothing if the
bad guys can
guess your
passwords

Keep Passwords Safe

Need a system of
choosing and using
good passwords or
Password
management
software
Examples: Roboform,
KeePass, others

RoboForm

KeePass

Password Management Software

Password generator
Master password
Encrypted database of passwords
Desktop, portable, Web-based

USB Malware
Flash drives
banned by US
Army in 2008 due
to malware and
security concerns.
An estimated 10%
of malware was
written to move on
a flash drive.

USB Flash Drive w/ Read-Only

May be difficult to
find
Have a physical
switch that prevents
writing (and
spreading malware)
to the flash drive
useful on unknown /
unfamiliar computers

Upgrade vs Update
An upgrade from v2.5
to v2.6 for example is
simply a major update
Upgrading is taking
your vitamins; fixing a
hack is open-heart
surgery. Matt
Mullenweg, founding
developer of WordPress

Update Your Operating System

Install all
security
patches
Go to
Windows
Update
website

Update
Your
Operating
System
Set auto
updates to
download
but not
install
unless you
approve

Update/ Upgrade Your

Applications
Hackers are finding ways
to embed malware in
everyday programs
In July 2009 it happened to Adobe PDF
files. Adobe issued a patch.
Unless you install the patch, youre
vulnerable when viewing PDFs

Update Your Applications

Average computer holds 80+ programs

How to keep them all updated?
If offered, turn the auto-update on
Update often-used programs manually
Helper programs for the rest - Secunia
Free, checks your programs, notifies
you when updates are needed

Update Your Applications

Backup

Router w/
hardware firewall

Data

ZoneAlarm
software firewall

Data

Spybot w/ tea
timer
Super Anti
Spyware

Use
Best
Practices

Anti virus
software

Firewall Technology

Hardware or software designed and implemented to

control the flow of network traffic.
A firewall is simply a program or hardware device
that filters the information coming through the
Internet connection into your private network or
computer system.
If an incoming packet of information is flagged by
the filters, it is not allowed through.

Firewall Technology
A company will have hundreds of computers that all have
network cards connecting them together. One or more
computer will have connections to the Internet. Without a
firewall in place, all of those hundreds of computers are
directly accessible to anyone on the Internet.
Out of the 500 computers inside this company, only one
of them is permitted to receive public FTP traffic. Allow
FTP connections only to that one computer and prevent
them on all others.
Company can control how employees connect to Web
sites, whether files are allowed to leave the company
over the network

Firewall Technology
Firewalls use one or more of three methods to control
traffic flowing in and out of the network:
Packet filtering
Proxy service
Stateful inspection

Hardware Router w/Firewall

First line of defense
Available in wired or
wireless versions
Wired is more secure
Protects against
incoming attacks
$100 - $150

Software Firewall
Protects against
intrusion
scanning or
attacks
Protects against
outbound
communication
by malware

Outbound
Communication

Software Firewall
Use the pre-installed Windows
firewall only if you have no other
options.
Turn it off before installing a better
product.
If you have the XP operating system
you MUST obtain a software firewall
DO NOT use XPs firewall.

Software Firewall
Install firewall first,
then install other
security software
antivirus, antispy
Do not install multiple
software firewalls
ZoneAlarm Pro is
adequate - $40
Does require system
resources

Backup

Wireless Router w/
hardware firewall

Data

ZoneAlarm
software firewall

Data

Spybot w/ tea
timer
Super Anti
Spyware

Use
Best
Practices

Anti virus
software

Antivirus Software
Many software
options
Many are free,
or free trial

Antivirus Software
Worries for all computer users is the threat of viruses entering their systems
Fight against all kinds of malicious attacks and prevent adware, spyware,
Trojans and worms from entering into the computer
System for analyzing information and then, if it finds that something is infected,
it disinfects it
Antivirus software acts basically in two ways
- Scanning files
- Heuristic Approach.

Counter most virus threats if the software is regularly updated and correctly
maintained

Antivirus Software
Scanning Files
Employs a database of familiar virus code and
applies it to compare the files with the known
malicious code
Database of the antivirus updated so that it can
prevent the malicious attacks which are being
crafted each and every day.
After the match have been detected, Antivirus will
take action in three different forms:
- Quarantine the file
- Repair the infected files
- Remove the file

Antivirus Software
The Heuristic Approach
Keeps track of the type of the programs that are
executable on a computer
Doubtful behavior is identified then a prescheduled
range of responses are activated
The response can start from asking the owner of the
PC how execute the process of deleting the
malicious code automatically
Protects against latest malware threats that are yet
to be identified or registered in the
antivirus database.

Security Policy
Security policies are rules that are electronically
programmed and stored within security equipment
to control such areas as access privileges
The policies that are implemented should control
who has access to which areas of the network and
how unauthorized users are going to be prevented
from entering restricted areas
The security policy management function should be
assigned to people who are extremely trustworthy
and have the technical competence required.

In the future, some passwords may be replaced by biometrics, which is technology that identifies users based on physical characteristics, such as fing

Security Policy
Implementation

Identity methods and technologies must be

employed to help positively authenticate and verify
users and their access privileges.
Making sure that certain areas of the network are
password protectedonly accessible by those
with particular passwords
The golden rules, or policies, for passwords are:
- Change passwords regularly
- Make passwords as meaningless as possible
- Never divulge passwords to anyone until
leaving the company

Security Policy

Security policy
Digital Certificate

E-commerce has flourished because of the ability to perform

secure transactions online using the proper tools. These tools
are public key encryption and digital certificates.
Public key encryption uses SSL (Secure Sockets Layer) to
encrypt all data between the customer's computer and the ecommerce website
Anyone can create a website and key pair using a name that
doesn't belong to them. This is where digital certificates come
in.
Digital certificates are trusted ID cards in electronic form that
bind a website's public encryption key to their identity for
purposes of public trust

Security Policy
Digital Certificate
Digital certificates are issued by an independent,
recognized and mutually trusted third party that
guarantees that the website operating is who it claims
to be. This third party is known as a Certification
Authority (CA).
Digital certificate contains an entity's name, address,
serial number, public key, expiration date and digital
signature, among other information.
When a Web browser like Firefox, Netscape or Internet
Explorer makes a secure connection, the digital
certificate is automatically turned over for review..

Security Policy
Digital Certificate
The browser checks it for anomalies or problems,
and pops up an alert if any are found.
When digital certificates are in order, the browser
completes secure connections without interruption
Digital certificates play an integral role in keeping
online commerce safe. If your browser alerts you to
a problem with a digital certificate, you are welladvised not to click through. Instead, call the
business using a telephone number from your
statements or phone book, and inquire as to the
problem.

Security Policy
Digital Certificate

Access Control

Access control systems are electronic systems which are

designed to control who has access to a network
Door which can be locked, limiting people to one side of the
door or the other.
Access control servers validate the users identity and
determine which areas or information the user can access
based on stored user profiles
Access control systems which span over computer networks
are typically administered in a central location, with each user
being given a unique identity.
An administrator grants access privileges to personnel on a
case by case basis, using settings within the administration
software.

Encryption
Encryption technology ensures that messages
cannot be intercepted or read by anyone other than
the authorized recipient
Encryption is usually deployed to protect data that is
transported over a public network and uses
advanced mathematical algorithms to scramble
messages and their attachments.
All VPN hardware and software devices support
advanced encryption technology to provide the
utmost protection for the data that they transport.

Encryption

Intrusion Detection
A network-based intrusion detection system (IDS)
provides around-the-clock network surveillance
An IDS analyzes packet data streams within a
network, searching for unauthorized activity, such as
attacks by hackers, and enabling users to respond to
security breaches before systems are compromised
When unauthorized activity is detected, the IDS can
send alarms to a management console with details
of the activity and can often order other systems,
such as routers, to cut off the unauthorized
sessions.

Intrusion Detection

Network Scanning
Network scanners conduct detailed analyses of
networked systems to compile an electronic
inventory of the assets and detect vulnerabilities
that could result in a security compromise
Allows network managers to identify and fix security
weaknesses before intruders can exploit them

Spybot Search & Destroy

- Free
- Real-time protection

Eliminates
adware,
spyware,
Trojans,
keyloggers,
dialers

Spybot Search & Destroy

Malware often changes
the registry
Spybot warns of potential
registry changes with
Tea-timer
Legitimate software
installations also change
the registry and may
cause false alarms

Spybot Search and Destroy

Will immunize
the system
Like a Do Not
Call list of
websites for your
browser

Super AntiSpyware

- Free
- Real-time protection
- Can be scheduled

Removes
spyware,
Adware
Trojans,
Dialers,
Worms,
HiJackers,
KeyLoggers,
Parasites,
Rootkits

MalwareBytes
Free version
Full version (one
time fee of $24.95)
includes real-time
protection.

Backup

Wireless Router w/
hardware firewall

Data

ZoneAlarm
software firewall

Data

Spybot w/ tea
timer
Super Anti
Spyware

Use
Best
Practices

Anti virus
software

How to Use These

Tools Effectively
Pick one day of the week (Sunday AM?)
Use the tools in this order: Spybot,
SuperAntispyware, Antivirus
Start one tool, go read the paper
When one tool has finished, start the
next, go read the paper
When all tools are done, do a complete
backup and label it w/ date & clean

Backup Your Data

Why backup?
Data loss or
corruption
Human error, fire,
flood, malware
Backing up is
cheaper, easier than
re-creating the data

Backup Your Data

Many ways to
backup
Data only, whole
system, online,
local
Compressed,
uncompressed,
automated

Data-Only Backup

Back2Zip
free software

Dozens of software
choices for every
budget & free
Backs up selected files
Typically uses
proprietary
compression
SyncToy Free MS
program no
compression

Whole-System Backup
Takes an image of
the whole system not
each file individually
Several choices
including Acronis,
Norton Ghost, others
Backup in 15-20 min,
restore - 30 min to 1 hr

Online Backup Service

Advantages
Inexpensive
Some operate in
the background
Disadvantages
Monthly fee
Depends on
Internet access

Local External Backup

Advantages
Low one-time cost
Multi-purpose
Easily accessible
Disadvantage
Risks similar to
original data
Note keep unit
unplugged unless in use

External
Hard Drive

FireFox with Security Plugins

A plugin is an additional
component or feature
that can be added to a
larger program
NoScript to stop web
scripts from running
Better Privacy to
control Flash cookies

Virtual PC Products
These programs create a virtual PC
within your real PC.
When programs run in the virtual PC,
they cant make changes to the real PC
Requires some technical knowledge
Requires extra processing power
Extremely safe if the Virtual PC gets
infected, simply delete it and create a
new one.

Virtual PC Software

Microsoft Windows Virtual PC

VMware
Connectix Virtual PC
Sun VirtualBox

Sandboxie
Creates a small virtual space inside
your computer called a sandbox.
Can run a program or browser inside
the sandbox.
Smaller learning
curve than a
Virtual PC
Less processing power needed
than a Virtual PC

When you need help

Commercial
Repair
CompUSA
Geek
Squad
Local
repair
shop

You

Local PC
Users Groups

Etc.
Friends & family

When You Need Help

You are a key component
Become knowledgeable about basic
computer problems whats serious,
whats not
Understand who your resources are,
who can deal with which problems
Ask around about commercial repair
options whos recommended?

PC Users Groups
50+ organized groups around the
state. Dues avg $25-$35/yr
FACUG Fla Assn of Computer
User Groups is the umbrella
organization - list is at
http://www.facug.org/
Members help members w/
problems
Attend meetings occasionally
build relationships

Disclaimers
Information presented here is based on
currently available information.
This information changes frequently. No
guarantee of accuracy is possible.
Hardware, software, companies and techniques
discussed are options, not recommendations.
You alone are responsible for software and /or
hardware choices and use of any techniques.
Please read all legal agreements, instructions,
user agreements and privacy terms associated
with any hardware, software or websites.

Thanks You