Compusecuraphobiathe fear of HOPING your computer is secure

Syllabus Objectives

• Describe the broad spectrum of cyber threats and how they affect you and your students.

• Define essential terminology used in discussing cyber security.

• Through discussion, participants will share their experiences concerning data security.

• Identify to students using lecture, lab or discussion, three or more data security risks they may encounter.

• Describe 3 “best practices” you can use to limit risk from a cyber threat.

• Create anti-matter (no… not really).

Upon completing this presentation, you shall be able to:

Spectrum of threat

Personal Global

Virus on my PCTracking peopleMy data stolen

Work National

Ineffective/slow computer

Resource usage Corporate data Intellectual

Property

Infra-structure Privacy (Personal

& Corporate) Economic

impact, piracy, intelligence

Cyberwarfare Hacktivisim Financial

Purpose of Cyberwarefare attacks

• Disable websites and networks• Disrupt or disable essential services• Steal or alter classified data• Cripple financial systems

(source: searchsecurity.techtarget.com)

Cyberwarfare is Internet-based conflict involving politically motivated attacks on information and information systems.

Global Cyberwarefare Examples

• Iranian nuclear espionageStuxnet (June 2010) – ruined appox. 1/5 of their centrifuge systems. (Wikipedia, n.d.); (globalresearch)

• "GhostNet“, a spy network, accessed confidential information belonging to both governmental and private organizations in over 100 countries around the world.

• In 2007, in Estonia, a botnet of over a million computers brought down government, business and media websites. (searchsecurity.techtarget.com)

Hacktivism – “hack” & “activism”

• Defacing websites who oppose their ideology.

• Development of PGP was in response to bill permitting government to obtain plain text content.(Wikipedia, n.d.)

… the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.

(source)

Hacktivism examples• During the

2009 Iranian election protests, Anonymous played a role in disseminating information to and from Iran by setting up the website Anonymous Iran; they also released a video manifesto to the Iranian government.

• Anonymous - Message to the American People https://www.youtube.com/watch?v=HrXyLrTRXso

• Google helped SayNow and Twitter to provide communications for the Egyptian people in response to the government sanctioned internet blackout during the 2011 protests. The result, Speak To Tweet, was a service in which voicemail left by phone was then tweeted via Twitter with a link to the voice message on Google's SayNow.

Domestic Cyber threats• Intellectual Property theft

from both government and businesses.(Source: The Dragon and the Computer: Why Intellectual Property Theft is Compatible with Chinese Cyber-Warfare Doctrine)

• Infra-structure – electrical grid, water systems, communications, transportation.

Malware stories• Target cyber attack– "memory-parsing" software known as

a "RAM scraper," -- it steals the transaction data from a credit or debit card's magnetic strip during a brief unencrypted moment in the transaction process .

(AP Photo/Steven Senne)

Data Security – Surveillance? Privacy?• NSA wireless transmitter

NSA’s malware program, codenamed QUANTUM. Uses a secretly installed radio transmitter. Affected computers do not need to be connected to the Internet.

Data Security Examples• FBI could remotely and secretly activate video

cameras on devices. (From a web article that cites a Washington Post report.)

• Students at John Hopkins discovered how to disable the LED on a Mac so that the camera could take pictures without indicating it was on.

• Student doctoral research details how he accessed network through a CISCO VoIP phone.

Business attacks

• Taking over web sites– To harm reputation– To redirect customers– To capture login credentials or financial information

• Stealing Intellectual Property or Trade Secrets• Disruption operations both internally and externally,

such as with a Distributed Denial of Service (DDoS)

Schools & Colleges Data Security

• Grade and transcripts modificationsBlackboard - Dutch company Online24 reports vulnerability that student could alter grades.(http://www.utwente.nl/onderwijssystemen/nieuwsarchief/nieuwsberichten/blackboard_veiligheid_eng/)

• Changes to financial records

Unauthorized access to student records

Targeting your Devices & Information

Motivation for creating malware

Outcome Computer action“bragging rights” / name recognition

System access or proliferation of malware

Obtaining personal data Identity theft / social engineering attacks / account access

Using / Controlling computer E-mail SPAM campaigns; DDoS attacks; bot-netsFinancial benefit Directs user to buy software to repair / recoverSpying / Voyeurism Secretly listen or watch people

DescriptionPurposes to create another copy of itself as part of its function.

It must be run or executed as code by exploiting a weakness in the OS, a program or trick the user.

Analogy

As implied by the name, a molecular virus attaches to a healthy cell and injects its viral nucleic acids so that the healthy cell regenerates the virus cell.

Malware explained - Viruses

DescriptionAppearing as a legitimate program, a Trojan infection installs unwanted, often harmful additional program. Trojans are not self-replicating like viruses.

Trojans drop a ‘payload’ – keyloggers, Remote Access Trojans (RATs), back-doors, Internet Relay Chats (IRC). Can be used to create bot-nets.

Analogy

The threat from the classical “Trojan Horse” was not the horse, but the armies that were inside and released.

Malware explained - Trojans

DescriptionWorms, similar to viruses, make copies of themselves. However, worm infections do not attach to other programs, requiring you to “run” them.

Often Worms will replicate through networks using e-mails.

Analogy

Tapeworm eggs eaten by flea larvae, in turn create a cyst in flea, ingested by dog during grooming, eggs excreted by dog and cycles again.

Malware explained - Worms

SpoofingImpersonating another person or web site in an effort to trick someone into giving up information or install some form of malware.

Entire web sites have been duplicated and their domain redirected to the false site.

Spoofing

PhishingHere the sender is targeting a person to give up sensitive information.

An e-mail that asks the user to click on a link and verify their login information, but the link is to a spoofed web site.

A phone call where the support agent reports that he is with Microsoft and they have detected a problem with the computer and want you to allow them a remote support session to fix it.

Phishing

Aurora Botnet

Fake Malware Alerts

Virus repair utility is actually a dropper that creates a bot-net.

Description of how the “Aurora Botnet” infected and used other systems.

https://blog.damballa.com/archives/tag/aurora-botnet

Literacy – learn about the threats; how to minimize exposure; and how to fix if infected.

Protect three areas of vulnerabilities

1. Access to your devices – both physically and electronically.2. Use of security software – Firewall, AV, encryption, backup,

system updates, etc.3. Realize the YOU can be the “weakest link”

Register devices; use location apps like “find iPhone”

Protection & Solutions

Access to your devices• Keep device(s) with you; in a

locked/secure area when you are not using them.

• Know about the networks you are using – wired, wireless, or both.

• Follow “good practices” with regard to passwords. And for sensitive/confidential data, consider multi-factor authentication.

Security Software• Anti-Virus – Free ones are

good; consider one for mobile devices; Mac and iPhone have low risk, but viruses are possible.

• Anti-Spyware – spyware can slow down a computer; threats are not usually as severe.

What is a Firewall and why do I need it?Simplify the function of your firewall to be that of a security guard at the entrance to a community.

Your cars get a sticker which tells the guard it is OK to let you by. And perhaps there is the local pizza guy or a friend can come in, but you need to let the guard know and provide him a name or number.

The security would not work if you agreed to mail out access stickers to someone who sent you an email saying they wanted to drop off a package.

Data traffic uses TCP/IP communication protocols with port numbers to communicate with software services. The firewall uses rules and, at times, behaviors to determine which

connections should be allowed.

Backup (Most ignored advice)• Malware attacks quite often result in a loss of data.

Either the files are deleted or infected or the drive needs to be erased to fully clean the system.

• Backup strategies that work best involve:– Automated scheduled backups… local or in the cloud.– Periodic full backups to an alternate location (to protect

against corrupt backups being unusable).– Password protect and for sensitive data; encrypt.

Encrypting Data• Making data unreadable except by the encryptor• Used for data “in transit” (being transferred) or “at rest”

(stored)• cryptographic algorithms (you may see these along the

way – only a sampling)– AES (Advanced Encryption Standard)– SHA (Secure Hash Algorithm)– DSS (Digital Signature Standard)

Encryption basics• A cipher is used in an

algorithm to code the message. As a simple example, shift three letters down the alphabet.

• “Hello” becomes “Khoor”

• The cipher is the key.

Using encryption keys• Send your lock to me open; I put

my stuff in, lock it, and send it back to you. You use your key to open and access.

• The process:– Two “keys” are made, one public; one

private.– Files can be encrypted with the public

one.– Only the holder of the private key can

decrypt.

Public Key - aka Asymmetric cryptography It is "impossible"

(computationally unfeasible) for a properly generated private key to be determined from its corresponding public key.

Keys are used to encrypt files or validate digital signatures.

Digital signatures• Validates the originator or the

sender – ensures three aspects of data security:– Authentication

Verifies the identity of the sender.

– Non-repudiationOne cannot claim the data has changed.

– IntegrityMessage was not altered in transit.

Internet Protocol Security (IPSec )• IPSec is a general-purpose security technology

(protocol) that can be used to help secure network traffic in many scenarios.

• Operates below the “application” layer in the protocol stack at the Internet Layer. Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH) operate in the “Application” layer.

• Handles authenticating and encryptingeach IP packet of a communication session.

• Establishes mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.

• IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1]

• Applications do not need to be specifically designed to use Ipsec because they sit “a top”.

(Source: Wikipedia.org)

System Updates• Windows Updates.

• Virus Database updates.

• Application updates and patches.

Protecting you from… you

• Getting tricked by phishing scams.

• Opening malware in e-mails.

• Downloading & installing “free” software or utilities.

• Poor passwords management.

• Securely disposing of old equipment.

• Not aware of or ensuring use of secure protocols (e.g. https, SSL, SSH)

• Backup strategy missing or weak.

Social Engineering• social engineering hacker—

someone who tries to gain unauthorized access to your computer systems

• Tailgates past security door.• Distracts user away from

computer so that malware can be installed.

• Collects organizational information to engage in credible discussions about getting access.

How to remove threats

• Turn-off or disconnect to prevent further loss(consider backing up data before repairs)

• Using another device, “Google” symptoms• Boot off a Rescue CD or USB (free downloads)• Safest is to recover, restore image or reinstall.

Approaches to secure environments• Use of UAC on a PC and other

security settings.• Browser security settings.• Use of a “sandbox” and/or virtual

machines.• Programs that reboot to stored

image – Deep Freeze. (Mac & PC)• Boot from IDP or utility CD/DVD,

Linux OS; does not mount C: drive; support Internet.

• Monitor updates of virus protection and system.

• Periodically scan from rescue CD.

• Regularly create a System Images along with any needed support files.

• Test your “Restore” process – many backup programs create proprietary files and incremental files.

Security Essentials for Students• Cloud apps and storage

– Their data is outside their control, on another device– Typically not encrypted

• Being connected is a MUST - trying to get Internet access often leads one to compromise good practices.

• Using public wi-fi. It can be easily monitored, “sniffed”.

• Use trusted software and utilities. Avoid temptation to download “free” – programs, utilities, movies, music, etc.

Students continued• College security and use policies can be restrictive – students

may get frustrated or inadvertently violate.• Class requirements, downloads. Are the class downloads virus

free?

• Practice safe sex computing – a practical comparison.• USB passed around or left in the classroom – was it left on

purpose for someone to think they got a free USB?• Phones can make an unsecured ‘hotspot’.

Can a Mac get a Virus?

• Good article on Macs and viruses. (Jan 5, 2013)http://www.speedupmypcfree.com/blog/should-you-install-antivirus-on-your-mac/

• Do I need virus protection on a Mac?Most users do not need antivirus software on their Mac.

Past Apple Troubles• Apple admits to infections

http://www.speedupmypcfree.com/blog/apple-finally-admits-defeat-acknowledges-that-pc-viruses-can-infect-macs/

• Flashback virus – The Flashback virus was able to steal the personal data of many of these Mac users by redirecting them to malicious websites on search engine results pages.

Smartphone malware• The malware targeting mobile devices mirrors the malware commonly found on infected desktops and laptops – backdoors, Trojans and Trojan-Spies.

The one exception is SMS-Trojan programs – a category exclusive to smartphones.• The threat isn’t just growing in volume. We’re seeing increased complexity too. In June we analyzed the most sophisticated mobile malware Trojan

we’ve seen to-date, a Trojan named Obad. This threat is multi-functional: it sends messages to premium rate numbers, downloads and installs other malware, uses Bluetooth to send itself to other devices and remotely performs commands at the console. This Trojan is also very complex. The code is heavily obfuscated and it exploits three previously unpublished vulnerabilities. Not least among these is one that enables the Trojan to gain extended Device Administrator privileges – but without it being listed on the device as one of the programs that has these rights. This makes it impossible for the victim to simply remove the malware from the device. It also allows the Trojan to block the screen. It does this for no more than 10 seconds, but that’s enough for the Trojan to send itself (and other malware) to nearby devices – a trick designed to prevent the victim from seeing the Trojan’s activities.

• Obad also uses multiple methods to spread. We’ve already mentioned the use of Bluetooth. In addition, it spreads through a fake Google Play store, by means of spam text messages and through redirection from cracked sites. On top of this, it’s also dropped by another mobile Trojan – Opfake.

• The cybercriminals behind Obad are able to control the Trojan using pre-defined strings in text messages. The Trojan can perform several actions. including sending text messages, pinging a specified resource, operating as a proxy server, connecting to a specified address, downloading and installing a specified file, sending a list of apps installed on the device, sending information on a specific app, sending the victim’s contacts to the server and performing commands specified by the server.

• The Trojan harvests data from the device and sends it to the command-and-control server – including the MAC address of the device, the operating name, the IMEI number, the account balance, local time and whether or not the Trojan has been able to successfully obtain Device Administrator rights. All of this data is uploaded to the Obad control-and-command server: the Trojan first tries to use the active Internet connection and, if no connection is available, searches for a nearby Wi-Fi connection that doesn’t require authentication.

Smartphone & Tablets

• Android – 98.05% of mobile malware found this year targets this platform. (Source)

• Only download from a trusted store.

Protecting windows 8• Microsoft link to protecting your PC

• PCWorld article on anti-virus for Windows 8

• Bitdefender Antivirus comparison listhttp://share.inpwrd.com/r9jo

Generally much of the same topics already presented. (I wanted to include the links in the presentation stack.)

Did we meet the objectives?

Survey of cyber threats.Essential terminology.Discussion of experiences.Advice to give students for data security. “best practices” to reduce risk and resolve issues.

Contact Information for Andrew PondCOLLEGE:PALM BEACH STATE COLLEGEPONDA@PALMBEACHSTATE.EDU

BUSINESS:PRECEPTS EDUCATION CORP. & PRECEPTS COMPUTINGAPOND@PRECEPTSCOMPUTING.COM