computer systems security
TRANSCRIPT
![Page 1: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/1.jpg)
Computer Systems Security
![Page 2: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/2.jpg)
Outline• Computer Systems Security Introduction• Examples of Information Security • Identity Theft• Hackers• Types of threats• Botnets/Zombies• Securing your network
– Encryption– Firewalls– VPN– Email– Web– Wireless– Applications– Computers
![Page 3: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/3.jpg)
Computer Security / Information Security
• Protection of digital information from theft, corruption or natural disaster
What is being protected?– Personal or Company Data– Credit card numbers– Bank Account Information- Company from sabotage
- Delete data- Alter websites- Denial of Service
– Use Computer Resources to attack others• Hard disk space• Fast Processor• Internet Connection
![Page 4: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/4.jpg)
Where Hackers Attack?What Hackers Do?
• Email • Web• Firewall • Network• Operating System / Application Vulnerabilities• Mobile• Telephone
• Phishing• Spoofing• Keystroke logging
– Malware • Virus - replicates through applications• Trojan horse – can create backdoor through application • Worms – doesn’t need to attach to any application (makes backdoor zombies)• Adware – Pop up advertising• Spyware - Monitors users surfing habits and degrades system performance• Rootkit – Hidden. Replaces system executables • Crimeware – Financial or Political crime. 2005: $30M in theft
![Page 5: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/5.jpg)
Identity theft • Fraud crime that involves someone pretending to be someone else
in order to steal money or to get other benefits.• 3.7 % of American adults are victims to identity theft.
– Stealing mail through dumpster diving– Retrieving info from disposed computers– Research internet about victim through internet searches or public
records– Steals payment or id cards by skimming a compromised card reader or
pick pocketing– Eavesdropping on public transactions (shoulder surfing)– Trojan horses, hacking– Data breach (post of personal info on web or mail)– Changing your address– Phishing
![Page 6: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/6.jpg)
Types of Hackers
• White Hat- breaks security for non-malicious reasons. Enjoys learning about computer security
• Black Hat – Someone who is hacking for credit card fraud, identity theft, intellectual property theft. Crackers.
• Script kiddie – non-expert who uses pre-packaged automated tools written by others.
• Hacktivist – Uses technology to announce a social, ideological, religious, or political message. Defaces websites, DOS attacks. Cyberterrorism.
![Page 7: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/7.jpg)
How the Hacker Attacks?1. Network enumeration – discover info about intended target (Port Scanner)2. Vulnerability analysis – identifying potential ways of attack (Packet Sniffer)3. Exploitation – attempting to compromise the system by vulnerabilities found
in the analysis (Spoof, Virus, Spyware, Trojan Horse)
• He makes himself a master• Covers his tracks by modifying log entries• Finds passwords by running a “dictionary attack” • Use of Trojan horses to find passwords through “login”, “telnet”, or “ftp”• Gives himself “root” privileges / system administrator • Install Sniffer programs to collect all passwords that come through system• Searches trusts on the network by searching the systems /etc/host.equiv
and the users .rhosts files. • Once in, the intruder can install software, read, copy or erase data.
![Page 8: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/8.jpg)
Botnets and Zombies
• Software Robots, or bots, that run autonomously and automaically.
• Zombie computers are computers that were attacked to run software via worms, trojan horses or backdoors
• Most zombie computer users are unaware their systems are being used this way.– Zombies have been used to extensively send e-mail spam (50 –
80%)– Click fraud against sites displaying pay per click ads– Phishing or money mule recruiting websites– Distributed denial-of-service attacks
![Page 9: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/9.jpg)
Securing your Network
![Page 10: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/10.jpg)
Encryption
• Uses an algorithm (cipher) to make data unreadable unless the receiver has a key
• Diffusion and confusion principles
• Over 70 % of companies use encryption for some of their data in transit
• Network encryption – Encryption with router – Encryption with safenet device
![Page 11: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/11.jpg)
Symmetric-key cryptography
• Single key encrypt/decrypt data
• Keys are small
• Algorithm are fast
• Different keys are needed for each pair of users
• DES, AES, Blowfish, CAST5
• Face-to-Face exchange of keys
![Page 12: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/12.jpg)
Asymmetric Key Encryption /Public-Key cryptography
• Uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message.
• Diffie-Hellman key exchange – Protocol that allows 2 parties connection w/ Shared secret key over insecure communications channel. 1976
• RSA – algorithm for public-key cryptography. Signing and Encryption 1977
• Binds public keys with users with a certificate authority (CA)• Different keys are used to encrypt/decrypt (key pair)• Keys are large, Algorithms are slow• Public Key encryption – message is encrypted with recipient’s public key• Digital signatures – message signed with sender’s private key (need sender’s public key to decrypt)
• PGP – Cryptographic software for secure communication and storage by binding public keys to user name and/or email address.
Common Examples:Email encryption and/or sender authenticationEncryption of documentsAuthentication (Smart cards)Bootstrapping secure communication (IKE and SSL)Mobile SignatureExamples: RSA, TLS, PGP, GPG, and ElGamal
![Page 13: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/13.jpg)
Firewall Security• Software and Hardware Firewalls• Methods of protection:
– Packet filtering– Proxy service– Stateful inspection
• Access Control Lists– IP Addresses– Domain Names– Specific Words and phrases to sniff– Ports – Protocols
• IP, TCP, HTTP, FTP, UDP, ICMP, SMTP, SNMP, Telnet
• Log monitoring• Updating and Patching• Vulnerability Testing• 2 different firewalls for one network• VPN’s
![Page 14: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/14.jpg)
Virtual private network
• VPNs play important role in today’s enterprises by providing the ability to deploy a simple, secure, scalable, robust, cost-effective networking solution.
• Point to Point connection support multiple protocols.• VPN authentication and encrypted/cryptographic
tunneling protocols provide confidentiality and privacy for user or site.
• Router to router • Firewall to router • PC to router • PC to server
![Page 15: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/15.jpg)
VPN Security
• Data Confidentiality
– IPsec VPN – Secures IP: IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload.
– Protocols: IKE (secure), AH (integrity), ESP (confidentiality)
– L2TP – session layer tunneling protocol. (UDP 1701)
– NAT – Masking IP
– Data Integrity – checking if data is whole
– AAA servers (authentication, authorization, and accounting) RADIUS
Software:
– SSTP –VPN tunnel that supports Transport-level security through SSL 3.0 (port 443) – remote access for clients w/ 2008 and Vista.
Hardware:
– Cisco/Netgear/Juniper/Checkpoint etc. – SSL VPN concentrator/client. Can use browser
![Page 16: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/16.jpg)
Email Security
• Email server– S/MIME: public key encryption and signing with CA– TLS: security and data integrity– OpenPGP: web of trust, users sign each other’s
public keys.– Identity based encryption – Uses arbitrary string as a
public key, enabling data to be protected without the need for certificates.
– Mail sessions encryption: no port change• STARTTLS (IMAP and POP3)
![Page 17: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/17.jpg)
Web Security SSL/TLS
• Cryptographic protocols for internet communications
• The SSLv3 protocol was superseded by TLS
• Used for HTTPS, SMTP etc.
• Public Keys are distributed as X.509 certs
• Uses Hierarchical systems (CA’s) for validation
![Page 18: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/18.jpg)
Wireless Security
• Laptop wireless, Bluetooth, barcode readers, PDA’s, wireless printers/copiers.
• Man-in-the-middle attacks – soft AP, 2 NIC’s, hotspots• DoS – bombards AP / EAP failures• Network injection – AP re-configuration• Caffe Latte attack – defeats WEP by floods of ARP
requests
Counteracting risks• MAC ID filtering• Static IP addressing / no DHCP• Wi-Fi Protected Access (WPA/WPA2)
![Page 19: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/19.jpg)
Wireless TKIP and CCMP Encryption Protocols
• TKIP vulnerability to a keystream recovery attack.
• Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
• Mandatory for WPA2
• Replaces TKIP (protocol for WPA/WEP)
• Advanced Encryption Standard (AES algorithm) – 128-bit key and 128-bit block
![Page 20: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/20.jpg)
Advanced Encryption Standard
1. SubBytesRijndael S-box lookup byte replacement
2. ShiftRowsCyclically shift bytes to left (Diffusion)
3. MixColumns
Each column is multiplied with fixed polynomial (Diffusion)
4. AddRoundKeySubkey is combined with the state (XOR)
![Page 21: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/21.jpg)
Securing your computer• Install and use anti-virus programs• User awareness• Keep your system patched• Don’t install software / plug ins from unknown sources • Use care when reading email attachments• Install and use a firewall program• Make backups of important files and folders• Use strong passwords• Use care when downloading and installing programs• Install and use a hardware Firewall• Install and use a file encryption program and access controls.• Social Networking Smarts
![Page 22: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/22.jpg)
Securing Applications• Login security• Use SSL on login/registration pages• Enforce: numbers, letters, punctuation, caps, symbols in password• Minimum number of characters in password• Store encrypted password with md5 or similar hash algorithm• Lockout account after 3 bad attempts• For a forgotten password – send out a password reset request, or a randomly generated
password• • User data• Encrypt any sensitive data such a passwords or credit card numbers• Grant users access to specific data via roles• • Database• Use a specific database login for the website to use, don’t use SA.• Lock down access to tables and stored procedures using logins/roles.• Change default port that database runs on.• • Systems• Possibly secure/encrypt any application configuration files which contain database login
information.• More “physical” separation of layers (UI, Database) allows tighter control of security. • Keep up to date on patches.
• Other• Keep an eye on bots / frequent multiple hits from a block of IP addresses.• Watch for SQL injection attacks.• Lock down ports not being used.• Make sure port 25 is not relaying.
![Page 23: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/23.jpg)
Security Management
• Small homes• A basic firewall like COMODO Internet Security or a
unified threat management system. • For Windows users, basic Antivirus software like
AVG Antivirus, ESET NOD32 Antivirus,KasperSky, McAfee, or Norton AntiVirus. An anti-spyware program such as Windows Defender or Spybot would also be a good idea. There are many other types of antivirus or antispyware programs out there to be considered.
• When using a wireless connection, use a robust password. Also try and use the strongest security supported by your wireless devices, such as WPA or WPA2.
• Use passwords for all accounts. • Have multiple account per family member. Disable the guest
account (Control Panel> Administrative Tools> Computer Management> Users).
• Raise awareness about information security to children.[5]
• Medium businesses• A fairly strong firewall or Unified Threat Management System • Strong Antivirus software and Internet Security Software. • For authentication, use strong passwords and change it on a
bi-weekly/monthly basis. • When using a wireless connection, use a robust password. • Raise awareness about physical security to employees. • Use an optional network analyzer or network monitor. • It's important that company need an enlightened administrator
or manager.
• Large businesses• A strong firewall and proxy to keep unwanted people out. • A strong Antivirus software package and Internet Security
Software package. • For authentication, use strong passwords and change it on a
weekly/bi-weekly basis. • When using a wireless connection, use a robust password. • Exercise physical security precautions to employees. • Prepare a network analyzer or network monitor and use it
when needed.
• Implement physical security management like closed circuit television for entry areas and restricted zones.
• Security fencing to mark the company's perimeter. • Fire extinguishers for fire-sensitive areas like server
rooms and security rooms. • Security guards can help to maximize security.
• School• An adjustable firewall and proxy to allow authorized
users access from the outside and inside. • Strong Antivirus software and Internet Security
Software packages. • Wireless connections that lead to firewalls. • Children's Internet Protection Act compliance. • Supervision of network to guarantee updates and
changes based on popular site usage. • Constant supervision by teachers, librarians, and
administrators to guarantee protection against attacks by both internet and sneakernet sources.
• Large Government• A strong firewall and proxy to keep unwanted people
out. • Strong Antivirus software and Internet Security
Software suites. • Strong encryption, usually with a 256 bit key. • Whitelist authorized wireless connection, block all
else. • All network hardware is in secure zones. • All host should be on a private network that is
invisible from the outside. • Put all servers in a DMZ, or a firewall from the
outside and from the inside. • Security fencing to mark perimeter and set wireless
range to this.
![Page 24: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/24.jpg)
Computer Security Compromise Action
• Unplug Network / Disable wireless / Turn off computer• Research behavior• Block IP on Firewall• Scan Computer and Network• Fix the problem or reformat• Who is it?
– Logs– Application– Firewall– Email header– nslookup– Netstat –an– whois / netsol
![Page 25: Computer Systems Security](https://reader034.vdocuments.us/reader034/viewer/2022052410/554a4990b4c90582328b584c/html5/thumbnails/25.jpg)