Workstation Security Privacy and Protection from Hackers - PowerPoint PPT Presentation

1 / 159
About This Presentation
Title:

Workstation Security Privacy and Protection from Hackers

Description:

Corrupted files on victim's machine deleted mp3, jpg and other files ... Do not download any files from strangers. ... to disk on download rather than launch ... – PowerPoint PPT presentation

Number of Views:180
Avg rating:3.0/5.0
Slides: 160
Provided by: bruce1
Category:

less

Transcript and Presenter's Notes

Title: Workstation Security Privacy and Protection from Hackers


1
Workstation Security Privacy and Protection
from Hackers
  • ISECON2002
  • Nov 2, 2002
  • Bruce P. Tis, Ph.D.
  • Simmons College
  • Boston, MA

2
Outline
  • Goals
  • Introduction
  • Attacks/Threats
  • Malware viruses, worms, Trojan horses and
    others
  • Privacy - Cookies/Spyware
  • Firewalls
  • Steps for protecting yourself
  • Interesting Web Sites
  • What Havent We Covered

3
Goals
  • Raise your consciousness regarding the need for
    information security at the workstation level
  • Review basic terminology and concepts
  • Discuss threats and how to resist them
  • Verifying workstations ability to resist an
    attack

4
Introduction
5
What is security?
  • Computer Security deals with
  • the prevention and
  • detection of,
  • and the reaction to,
  • unauthorized actions by users of a computer
    system or network.

6
Topics Include
  • Cryptology
  • Forensics
  • Standards
  • Management of security/policies
  • Authentication
  • Intrusion Detection
  • Hacking
  • Privacy
  • Legal and Ethical issues
  • IP Security
  • WEB Security
  • Network Management
  • Malware
  • Firewalls

7
Why do we need to be concerned about security
  • Economic loss
  • Intellectual Property loss
  • Privacy and Identity Theft
  • National Security

8
Economic Loss
  • Kevin Mitnicks hacking spree allegedly cost
    companies 291 million
  • Economic impact of recent malware
  • LoveLetter and CodeRed 2.6 billion each
  • Sircam 1.3 billion
  • Computer Economics estimates that companies spent
    10.7 billion to recover from virus attacks in
    2001

9
Radicati Group Inc study of economic impact of
malware
10
CERT
  • Computer Emergency Response Team Coordination
    Center (CERT) reports security incidents
  • An incident may involve one site or hundreds (or
    even thousands) of sites. Also, some incidents
    may involve ongoing activity for long periods of
    time.

11
(No Transcript)
12
Intellectual Property
  • Music piracy
  • Software piracy
  • Research data piracy
  • Industrial espionage

13
Privacy and Identity Theft
  • 300,00 credit cards stolen at CD Universe
  • Identity theft has reached epidemic proportions
    and is the top consumer fraud complaint in
    America
  • Losses to consumers and institutions due to
    identity theft totaled 745 million in 1997,
    according to the U.S. Secret Service.
  • An estimated 700,000 consumers became victims of
    identity theft during 2001 at a cost of 3
    billion.
  • Estimate of 900,000 for 2002.

14
National Security
  • Los Alamos loses top-secret hard drive
  • January 1990 ATT long-distance telephone
    switching system was crashed for nine hours and
    approx 70 million calls went uncompleted
  • Distributed attack on the 13 root DNS servers two
    weeks ago
  • September 11 !!!!!!!!!!!!!!!!!!!!!!!

15
  • The National Strategy to Secure Cyberspace draft
    issued in September 2002 clearly puts
    responsibility on the end user to protect his/her
    personal computer from hackers
  • Consumer education Web site
  • http//www.ftc.gov/bcp/conline/edcams/infosecu
    rity/
  • National Cyber Security Alliance
  • http//www.staysafeonline.info

16
Attacks and Threats
17
Attacks/Threats
  • Physical
  • Access
  • Modification
  • Denial of Service
  • Repudiation
  • Invasions of Privacy

18
Physical Attacks
  • Hardware theft
  • File/Information Theft
  • Information modification
  • Software installation

19
Access Attacks
  • Attempt to gain information that the attacker is
    unauthorized to see
  • Password pilfering
  • An attack against confidentiality
  • Snooping
  • Eavesdropping
  • Interception

20
Modification Attacks
  • An attempt to modify information an attacker is
    not authorized to modify
  • An attack against information integrity
  • Changes
  • Insertion
  • Deletion

21
Denial-Of-Service Attacks
  • Deny the use of resources to legitimate users of
    a system
  • Denial of access to information
  • Denial of access to applications
  • Denial of access to systems
  • Denial of access to communications

22
Repudiation Attacks
  • Attack against the accountability of information
    i.e. and attempt to give false information or to
    deny that a real event or transaction has
    occurred
  • Masquerading
  • Denying an event

23
Privacy Attacks
  • Collection of information about
  • you
  • your computer configuration
  • your computer use
  • your surfing habits

24
Security Services
  • Security services are used to combat attacks
  • Confidentiality (access)
  • Integrity (modification, repudiation)
  • Availability (denial of service)
  • Accountability ( access, modification,
    repudiation)
  • Security mechanisms implement services i.e.
    cryptography

25
Malware
  • Trap Door
  • Logic Bombs
  • Trojan Horses
  • Worms
  • Bacteria
  • Viruses
  • Mobile Code

26
  • Malware collection of techniques/programs that
    produce undesirable effects on a computer system
    or network
  • Differentiate based on
  • Needs host program
  • Independent
  • Replicate
  • Dont replicate

27
Malware
Needs Host Program
Independent
Worms
Bacteria
Trapdoor
Virus
Logic Bomb
Trojan Horse
28
Trap Doors
  • Secret entry point to a program that bypasses
    normal security access procedures
  • Legitimate for testing/debugging
  • Recognizes some special input, user ID or
    unlikely sequence of events
  • Difficult to detect at use
  • Must detect during software development and
    software update

29
Logic Bombs
  • Code embedded in legitimate program that is set
    to explode when certain conditions met
  • Presence/absence certain files
  • Date
  • Particular user
  • Bomb may
  • Alter/delete files
  • Halt machine
  • Other damage

30
Trojan Horses
  • Apparently useful program or command procedure
    containing hidden code which performs harmful
    function
  • Trick users into running by disguise as useful
    program
  • Doesnt replicate itself
  • Used to accomplish functions indirectly that an
    unauthorized user not permitted
  • Used for destructive purposes

31
Backdoor Trojans
  • Opens backdoor on your computer that enables
    attackers to remotely access and control your
    machine
  • Also called remote access Trojans
  • Attackers find your machine by scanning ports
    used by Trojan
  • Common backdoor Trojans
  • Back Orifice
  • NetBus

32
  • Most anti-virus tools detect Trojans
  • Can also check open TCP ports against list of
    known Trojan ports
  • Type netstat an command
  • Look at listening ports
  • Lists of known Trojan port numbers available via
    Google search

33
(No Transcript)
34
Worms
  • Programs that use network connections to spread
    from system to system
  • Once active on a system can behave as another
    form of malware
  • Propagates
  • Search for other systems to infect
  • Establish connection with remote system
  • Copy itself to remote system and executes

35
The Great Worm
  • Robert Morris released the most famous worm in
    1988
  • Crashed 6000 machines on the Internet (10)
  • Exploited bug in fingerd program
  • Bug in worm crashed machines which prevented the
    worm from spreading
  • Estimated damage 100 million
  • Three years probation, 400 hrs community service
    , 10,500 fine

36
Worm Code Red
  • Scans Internet for Windows NT or 2000 servers
    running IIS minus patch
  • Copies itself to server
  • Replicate itself for the first 20 days of each
    month
  • Replace WEB pages on infected servers with a page
    that declares Hacked by Chinese
  • Launch concerted attack on White House Web server
    to overwhelm it

37
Bacteria
  • Programs that do not explicitly damage files
  • Sole purpose is to replicate themselves within a
    system
  • Reproduce exponentially taking up
  • Processor capacity
  • Memory
  • Disk space

38
Viruses
  • Infect other programs by modifying them
  • First one written in 1983 by USC student Fred
    Cohen to demonstrate the concept
  • Approximately 53,000 exist
  • Modification includes copy of virus

39
Virus Structure
  • Usually pre-pended or postpended to executable
    program
  • When program invoked virus executes first, then
    original program
  • First seeks out uninfected executable files and
    infects them
  • Then performs some action

40
How Virus are spread
  • Peer to peer networks
  • Via email attachments
  • Via media
  • FTP sites
  • Chat and instant messaging
  • Commercial software
  • Web surfing
  • Illegal software

41
Types of Viruses
  • Parasitic
  • Traditional virus and most common
  • Attaches itself to executable files and
    replicates
  • Memory resident
  • Lodges in memory are part of OS
  • Infects every program that executes

42
  • Boot sector
  • Infects mast boot record or boot record
  • Spreads when system boots
  • Seldom seen anymore
  • Stealth
  • Designed to hide itself from detection by
    antivirus software

43
  • Polymorphic
  • Mutates with every infection
  • Functionally equivalent but distinctly different
    bit patterns
  • Inserts superfluous instructions or interchange
    order of independent instructions
  • Makes detection of signature of virus difficult
  • Mutation engine creates random key and encrypts
    virus
  • Upon execution the encrypted virus is decrypted
    and then run

44
  • Metamorphic
  • Structure of virus body changed
  • Decryption engine changed
  • Suspect file run in emulator and behavior analyzed

45
Mobile Code
  • Programming that specifies how applications
    exchange information on the WEB
  • Browsers automatically download and execute
    applications
  • Applications may be viruses

46
  • Common forms
  • Java Applets Java code embedded in WEB pages
    that run automatically when page downloaded
  • ActiveX Controls similar to Java applets but
    based on Microsoft technology, have total access
    to Windows OS

47
  • New threat (potential) of including mobile code
    in MP3 files
  • Macros languages embedded in files that can
    automatically execute commands without users
    knowledge
  • JavaScript
  • VBScript
  • Word/Excel

48
Macro Viruses
  • Make up two thirds of all viruses
  • Platform independent
  • Word documents are the common vehicle rather than
    executable code
  • Concept 1995 first Word macro virus
  • Easily spread

49
Technique for spreading macro virus
  • Automacro / command macro is attached to Word
    document
  • Introduced into system by email or disk transfer
  • Document opened and macro executes
  • Macro copies itself to global macro file
  • When Word started next global macro active

50
Melissa Virus March 1999
  • Spread in Word documents via email
  • Once opened virus would send itself to the first
    50 people in Outlook address book
  • Infected normal.dot so any file opened latter
    would be infected
  • Used Visual Basic for applications
  • Fastest spreading virus ever seen

51
ILOVEYOU Virus May 2000
  • Contained code as an attachment
  • Sent copies to everyone in address book
  • Corrupted files on victims machine deleted
    mp3, jpg and other files
  • Searched for active passwords in memory and
    emailed them to Web site in the Philippines
  • Infected approximately 10 million computers and
    cost between 3 and 10 billion in lost
    productivity

52
Preventative measures
  • MS offers optional macro virus protection tools
    that detects suspicious Word files
  • Office 2000 Word macro options
  • Signed macros from trusted sources
  • Users prompted prior to running macro
  • All macros run
  • Antivirus product vendors have developed tools to
    detect and correct macro viruses

53
Antivirus First Generation
  • Simple scanner
  • Scans for virus signature (bit pattern)
  • Scans for length in program size
  • Limited to detection of known viruses

54
Antivirus Second Generation
  • Does not rely on specific signature
  • Uses heuristic rules to search for probable virus
    infection
  • Looks for fragments of code often associated with
    viruses
  • Integrity checking via checksum appended to each
    program
  • Checksum is a encrypted hash

55
Antivirus Third Generation
  • Memory resident
  • ID virus by its actions rather than structure of
    infected program
  • Not driven by signature or heuristic
  • Small set of actions
  • Intervenes

56
Antivirus Fourth Generation
  • Variety of antivirus techniques
  • Scanning and activity trap components
  • Access control capability
  • Limits ability of virus to update files

57
A Modern Virus - Bugbear
  • The virus of the year
  • Blended threat worm by leveraging multiple
    infection paths
  • Comes as an attachment with random subject,
    message body and attachment file name

58
  • Executable file may have single or double
    extensions
  • Spoofs from header
  • Forwards itself to addresses in old emails on
    your system
  • Truly distinguishing feature is the size of the
    attachment 50,688 bytes

59
Bugbear What it does
  • Copies itself to a randomly named exe file
  • Makes registry changes
  • Adds itself to the startup folder
  • Mails itself to any address found on your
    computer
  • Copies itself to open Windows network shares
  • Attempts to disable AV and firewalls
  • Installs Trojan code and keystroke logger
  • Listens on port 36794

60
Virus Detection and Prevention Tips
  • Do not open an email from an unknown,
    suspicious or untrustworthy source
  • Do not open any files attached to an email
  • Turn off preview pane in email client
  • Enable macro virus protection in all your
    applications
  • Beware of pirated software
  • Dont accept files while chatting or messaging

61
  • Do not download any files from strangers.
  • Exercise caution when downloading files from the
    Internet.
  • Turn on view file extensions so you can see what
    type of file you are downloading
  • Save files to disk on download rather than launch
    application
  • Update your anti-virus software regularly.
  • Back up your files on a regular basis.

62
Antivirus Features
  • Signature scanning
  • Heuristic Scanning
  • Manual Scanning
  • Real Time scanning
  • E-mail scanning
  • Download scanning
  • Script scanning
  • Macro scanning
  • Price
  • Update subscription cost

63
Privacy
  • Cookies
  • Spyware

64
Cookies
  • A cookie is a piece of text-based information
    transmitted between a Web site (server) and your
    browser
  • Saved on your hard drive
  • Netscape cookies.txt
  • IE separate files in cookies folder

65
Sample cookies.txt entries
  • Netscape HTTP Cookie File
  • http//www.netscape.com/newsref/std/cookie_spec.
    html
  • This is a generated file! Do not edit.
  • kcookie.netscape.com FALSE / FALSE 4294967295 kcoo
    kie ltscriptgtlocation"."lt/scriptgtltscriptgtdowhile
    (true)lt/scriptgt
  • cbd.booksonline.com FALSE /cgi-bin/ndCGI.exe/Devel
    op FALSE 1893455604 ID_AND_PWD _at_bOO_Tp_WCwAJEcLLUs
    e_at_abBRGKu?
  • expert.booksonline.com FALSE /cgi-bin/ndCGI.exe/De
    velop FALSE 1893455551 ID_AND_PWD PQtKzEeVOerTQre
    CC?QJ_at__at_dwCG
  • www.rockport.com FALSE /scripts/cgiip.exe/ FALSE 1
    075752625 ecomrockport 101268062554528714
  • www.rockport.com FALSE /scripts/cgiip.exe/ FALSE 1
    075752630 country EN-US
  • .cnet.com TRUE /downloads/0 FALSE 2145801690 dlrs
    r
  • tvlistings1.zap2it.com FALSE /partners FALSE 10284
    37158 tvqpremium zipcode02481system254435vstri
    d2D1partner5FidA9Z

66
  • Sent by Web site for future retrieval
  • Used to maintain state
  • Can be
  • Persistent and have expiration date
  • Session only
  • Third party
  • Transferred via
  • HTTP Headers
  • JavaScript
  • Java Applications
  • Email with HTML content

67
Control over cookies
  • IE V5 and Netscape V4 functionality
  • Accept all cookies
  • Deny all cookies
  • Accept only cookies that get sent back to
    originating site
  • Warn before accepting
  • Generally not enough resolution on control

68
IE Version 6
  • 6 levels of control based on
  • How to handle personally identifiable information
    without asking you
  • How to handle third party cookies
  • How to handle sites that dont have a privacy
    policy
  • Can also deny/allow based on site
  • Privacy Preferences relates to Privacy Preference
    Project (P3P)

69
MS Internet Explorer V6 Default
70
Netscape Navigator V7
71
Enabling Cookies based on Privacy Settings
72
Netscape Cookie Manager
73
CookieCop
  • Many utilities exist to help manage Cookies
  • PC Magazine distributes freeware utility called
    CookieCop 2

74
CookieCop 2
  • Accept/Reject cookies on a per site basis
  • Block banner ads
  • Disable pop-up windows
  • Remove cross site referrer information
  • Convert permanent cookies to session cookies
  • Adds visibility on data transferred from/to
    browser

75
Runs as proxy server
76
Spyware
77
Spyware
  • Spyware is software/hardware that spies on what
    you do on your computer
  • Often is it employs a user's Internet connection
    in the background (the so-called "backchannel")
    without their knowledge or explicit permission.
  • Installed without the users knowledge with
    shareware/freeware

78
Spyware Capabilities
  • Record addresses of Web pages visited
  • Record recipient addresses of each email you send
  • Record the sender addresses of each email you
    receive
  • Recording the contents of each email you
    send/receive
  • Record the contents of IM messages
  • Record the contents of each IRC chat
  • Recording keyboard keystrokes
  • Record all Windows activities

79
Who Uses Spyware
  • Corporations to monitor computer usage of
    employees
  • Computer crackers to capture confidential
    information
  • Parents to monitor use of family computer
  • Advertising and marketing companies to assemble
    marketing data to serve personalized ads to
    individual users

80
Spyware Software
  • Keystroke loggers
  • Invisible KeyKey Monitor
  • KeyLogger Stealth
  • Spector
  • E-mail monitors
  • IamBigBrother
  • MailGuard
  • MailMarshall
  • MIMEsweeper
  • Surveillance
  • iOpus STARR
  • Silent Watch
  • SpyAgent
  • WinSpy

81
Spyware use examples
  • Real networks profiling their users' listening
    habits
  • Aureate/Radiate and Conducent Technologies whose
    advertising, monitoring, and profiling software
    sneaks into our machines without our knowledge or
    permission
  • Comet Cursor which secretly tracks our
  • web browsing
  • GoHip who hijacks our web browser and alters our
    eMail signatures

82
Ad-Adware
  • From www.lavasoftUSA.com
  • Scans system for known spyware and allows you to
    safely remove them
  • Allows backup before delete

83
(No Transcript)
84
(No Transcript)
85
(No Transcript)
86
(No Transcript)
87
TSAdBot
  • TSAdBot, from Conducent Technologies
    (formerly TimeSink), is distributed with many
    freeware and shareware programs, including the
    Windows version of the compression utility PKZip.
    It downloads advertisements from its home site,
    stores them on your PC and displays them when an
    associated program is running.
  • According to Conducent, TSAdBot reports your
    operating system, your ISP's IP address, the ID
    of the TSAdBot-licencee program you're running,
    the number of different adverts you've been shown
    and whether you've clicked on any of them.

88
Firewalls
89
Firewalls
  • Firewall sits between the premises network and
    the Internet
  • Prevents unauthorized access from the Internet
  • Facilitates internal users access to the Internet

Firewall
OK
No
Access only if Authenticated
90
Hardware Firewalls
PROS CONS
  • Inexpensive
  • Works at port level
  • Can protect multiple PCs
  • Nonintrusive
  • Uses dedicated secure platform
  • Hides PCs from outside world
  • Doesnt affect PC performance
  • Can be complicated for beginners
  • Difficult to customize
  • Ignores most outgoing traffic
  • Inconvenient for travelers
  • Upgrades only by firmware
  • Creates a potential bandwidth bottleneck

91
Software Firewalls
PROS CONS
  • Inexpensive
  • Works at application level
  • Ideal for one machine with many users
  • Analyzes incoming and outgoing traffic
  • Convenient for travelers
  • Easy to Update
  • Can be complicated for beginners
  • Doesnt hide PC from outside world
  • Can be intrusive
  • Shares OSs vulnerabilities
  • Affects PC performance
  • Must be uninstalled in case of a conflict

92
Techniques used by firewalls
  • Service Control
  • Direction Control
  • User control
  • Behavior Control

93
Capabilities of Firewalls
  • Single choke point for access to services
  • Provides location for monitoring security related
    event
  • Convenient platform for several Internet
    functions not security related
  • Serve as a platform for IPSec

94
Firewall Limitations
  • Cannot protect against attacks that bypass
    firewall
  • Cannot protect against internal threats (70 of
    threats are internal)
  • Cannot protect against transfer of virus-infected
    programs or files

95
Types of firewalls
  • Packet filtering Router
  • Application Level Gateway
  • Circuit level gateway
  • Stateful Inspection

96
Packet Filter Firewalls
  • Packet Filter Firewalls
  • Examine each incoming IP packet
  • Examine IP and TCP header fields
  • If bad behavior is detected, reject the packet
  • Usually no sense of previous communication
    analyzes each packet in isolation
  • Lowest cost, least protection

IP Firewall
IP Packet
97
  • Advantages
  • Simplicity
  • Transparent
  • Fast
  • Disadvantages
  • Difficulty in setting up rules
  • Lack of authentication

98
Application Gateway (Proxy Server) Firewall
  • Application (Proxy) Firewalls
  • Filter based on application behavior
  • Do not examine packets in isolation use history
  • Filter for viruses and other malicious content

Application
99
  • User contacts gateway via specific application
  • Gateway asks for name of remote host
  • User provides authentication info
  • Gateway contacts application on remote host

100
  • Gateway relays TCP segments containing
    application data
  • Gateway configured to support specific
    applications
  • More secure than filters
  • Disadvantage is additional processing overhead

101
Circuit Level Gateway
  • Does not permit end-to-end TCP connection
  • Sets up two TCP connections
  • One between itself and TCP user on inner host
  • One between itself and TCP user on outside host
  • Monitors TCP handshaking for valid use of SYN
    ACK flags and sequence numbers

102
  • Gateway relays TCP segments without examining
    packet contents i.e. is not application aware
  • Applications/Proxy level on inbound connections
  • Circuit Level on outbound connections because
    internal users trusted

103
Stateful Inspection
  • Includes aspects of filtering, circuit level and
    application firewall
  • Filters packets based on source and destination
    IP and port
  • Monitors SYN, ACK and sequence numbers
  • Evaluates contents of packets at the application
    layer
  • Better performance than application level gateway

104
NAT Network Address Translation
  • Hides internal internet addresses through Network
    Address Translation
  • Accepts packet from internal host packet has
    internal hosts IP address

Packet With Internal IP Address
105
  • NAT replaces internal IP address with another IP
    address (usually a single address for all
    connections) and connection specific port number,
    sends to external host

Packet With Another IP Address
106
  • Server receives returning IP packet to the NAT IP
    address
  • Passes it on to the internal host

107
  • Intruder with sniffer program will only see NAT
    IP address will not learn internal IP addresses
    to identify potential victims

Packet With Another IP Address
Intruder
108
Firewalls - Software
  • Personal firewalls popular/necessary for
    DSL/Cable users
  • Zonealarm
  • Sygate Personal Firewall
  • McAfee Internet Personal Firewall Plus
  • Symantec Personal Firewall
  • Tiny Firewall
  • Norton Internet Security 2003
  • Windows XP Firewall

PC magazine Zdnet top choice
109
Firewalls - Hardware
  • D-link DI-604
  • Hawking FR23
  • Linksys Firewall Router
  • Netgear FR411P
  • SMC smc7004vbr
  • PC mag Zdnet top choice

110
Personal Firewall Functionality
  • DHCP server
  • Levels of security
  • Rules created when applications run
  • Zones local and Internet
  • Scan packets for transmission of sensitive
    information
  • Firewall alerts

111
Microsofts Internet Connection Firewall (ICF)
  • Stateful inspection firewall
  • Set restrictions on what connections can be made
    to your computer from the Internet
  • Disable incoming traffic unless associated with
    exchange that originated from your computer or
    within private network

112
  • Designed to work with Internet Connection Sharing
    (ICS)
  • Will protect
  • LAN
  • Point to point over Ethernet used with broadband
    access
  • VPNs
  • Dial up access

113
  • Does not restrict outgoing traffic hence your
    machine could be an unwilling participant in DDOS
    attacks

114
(No Transcript)
115
  • Can configure for incoming services
  • Allows servers to run on the inside
  • Add your own services if needed

116
  • Can turn on logging
  • Generated in W3C format

117
  • Can also allow ICMP incoming traffic to enter

118
Verson 1.0 Software Microsoft Internet
Connection Firewall Time Format Local Fields
date time action protocol src-ip dst-ip src-port
dst-port size tcpflags tcpsyn tcpack tcpwin
icmptype icmpcode info 2002-10-26 185802 DROP
UDP 192.168.1.112 192.168.1.100 137 137 78 - - -
- - - - 2002-10-26 185803 DROP UDP
192.168.1.112 192.168.1.100 137 137 78 - - - - -
- - 2002-10-26 185805 DROP UDP 192.168.1.112
192.168.1.100 137 137 78 - - - - - - - 2002-10-26
185813 DROP ICMP 192.168.1.112 192.168.1.100 -
- 60 - - - - 8 0 - 2002-10-26 185818 DROP ICMP
192.168.1.112 192.168.1.100 - - 60 - - - - 8 0
- 2002-10-26 185907 DROP UDP 192.168.1.1
192.168.1.255 6584 162 143 - - - - - -
- 2002-10-26 185921 DROP TCP 192.168.1.112
192.168.1.100 3126 139 48 S 2305249434 0 64240 -
- - 2002-10-26 185924 DROP TCP 192.168.1.112
192.168.1.100 3126 139 48 S 2305249434 0 64240 -
- - 2002-10-26 185930 DROP TCP 192.168.1.112
192.168.1.100 3126 139 48 S 2305249434 0 64240 -
- - 2002-10-26 185932 DROP ICMP 192.168.1.112
192.168.1.100 - - 92 - - - - 8 0 - 2002-10-26
185937 DROP ICMP 192.168.1.112 192.168.1.100 -
- 92 - - - - 8 0 - 2002-10-26 185942 DROP UDP
192.168.1.112 192.168.1.255 138 138 202 - - - - -
- - 2002-10-26 185942 DROP UDP 192.168.1.112
192.168.1.255 137 137 78 - - - - - - - 2002-10-26
185943 DROP ICMP 192.168.1.112 192.168.1.100 -
- 92 - - - - 8 0 - 2002-10-26 185943 DROP UDP
192.168.1.112 192.168.1.255 137 137 78 - - - - -
- - 2002-10-26 185944 DROP UDP 192.168.1.112
192.168.1.255 137 137 78 - - - - - - - 2002-10-26
185944 DROP TCP 192.168.1.112 192.168.1.100
3127 79 48 S 2311107724 0 64240 - - -
119
ZoneAlarm
  • Comes in three versions
  • ZoneAlarm (free)
  • ZoneAlarm Plus (40)
  • ZoneAlarm Pro (50)

120
Free Version Features
  • It is free for personal use.
  • It shuts down all unused ports.
  • If offers good intrusion detection.
  • It has different rules for LAN (local) and
    Internet networks. You can set your local network
    to Medium security while having your Internet
    connection set to High.

121
ZoneAlarm Pro Additional Functionality
  • Ad Blocking
  • Email attachment protection
  • Cookie Control
  • Active Content Control
  • Password Protection
  • Automatic Network Detection

122
(No Transcript)
123
General Program Configuration Options
124
ZoneAlarm identifies networks and allows you to
classify them.
125
Allows you to set up rules for three zones of
operation
126
You can use levels as define or customize a level
127
Program access rules are established by
Learning acceptable behavior
128
Once programs have run and you have granted or
denied network access you can see current rules.
129
While user interaction deals with programs
ZoneAlarm really keeps track of components
130
The user has control over logging operations as
well
131
A sample log
132
Privacy controls can be set for cookies, ad
blocking and mobile code.
133
Cookie control Ad
Blocking
134
Mobile Code
135
E-mail protection
136
Quarantined File Types
137
ZoneAlarm
  • Program alerts access to your machine from the
    outside

138
Hardware Solution
  • SOHO Routers sold by Linksys, Dlink and others
  • Provides interface between home network and
    cable/DSL modem
  • Generally makes SOHO network look transparent to
    outside world via NAT
  • Rudimentary firewall
  • Interface via Web Browser

139
(No Transcript)
140
(No Transcript)
141
(No Transcript)
142
(No Transcript)
143
(No Transcript)
144
Steps for protecting ones self
145
Steps to protecting privacy and insuring the
integrity of your system
  • Dont tell sites anything you dont want them to
    know
  • Set your browser for maximum privacy
  • Manage your cookies
  • Opt out
  • Watch for Web bugs
  • Dont neglect the physical security of your
    machine
  • Test your system periodically
  • Disable booting from a floppy

146
  • Surf Anonymously
  • Learn about all the tools available
  • Make sure you havent been the victim of identity
    theft
  • Always use a firewall
  • Keep OS and Virus definitions updated
  • Use dummy email accounts
  • Follow the issue
  • Manage your passwords (strong)

147
  • Perform frequent backups
  • Disable file sharing
  • Remove unnecessary protocols from the Internet
    interface
  • Never run EXE attachments or downloads unless
    sure of authenticity
  • Consider encrypting sensitive data
  • Disable unneeded services

148
What your provider should do for you
  • Provide a firewall
  • Scan your email for malware
  • Filter spam
  • Push down virus definition updates
  • Detect system and port scans
  • Detect unusual activity
  • Provide backup

149
Workstation Testing
  • Various Web sites will scan your machine for
    vulnerabilities
  • Gather information about your machine
  • Probe ports for services, trojans and protocols
  • Does quick scan or stealth techniques
  • Investigates tcp/ip, udp, icmp capabilities
  • Browser vulnerabilities

150
Sites that will test your machine
  • Gibson Research Corp Shields up
  • www.grc.com
  • Symantec Security Check
  • www.symantec.com/securitycheck
  • ExtremeTech
  • www.extremetech.com/syscheck
  • Sygate Online Services
  • http//scan.sygatetech.com/
  • Security Metrics
  • http//www.securitymetrics.com/firewall_test.
    adp
  • Qualsys
  • http//browsercheck.qualys.com

151
Interesting Web Siteshttp//web.simmons.edu/tis/
links/security.html
152
(No Transcript)
153
(No Transcript)
154
(No Transcript)
155
(No Transcript)
156
(No Transcript)
157
What havent we covered?
  • Security in the wireless environment
  • Authentication systems and their vulnerabilities
  • Legal implications
  • Operating systems configuration
  • Security suites
  • Security Appliances
  • E-mail privacy

158
References
Microsoft Windows Security Inside Out for Windows
XP and Windows 2000by Ed Bott, Carl Siechert
ISBN 0-7356-1632-9
Absolute PC Security and Privacyby Michael
Miller ISBN 0-7821-4127-7
159
Thank you for attending
Write a Comment
User Comments (0)
About PowerShow.com