DSD 101

1
digital self defense
Presented by Ben Woelk RIT Information
Security 585.475.4122 infosec_at_rit.edu
2

How Bad is it?

• Between January 1 and June 30, 2007
• 6,784 new Windows viruses found
• 196,860 unique phishing messages sent, an
  increase of 81
• Home computers were most widely targeted,
  accounting for 95 of all targeted attacks
• 52,771 active bot-infected computers per day in
  the first half of 2007

2007 Symantec Internet Threat Report
3

Profits

• "Last year was the first year that proceeds
  from cybercrime were greater than proceeds from
  the sale of illegal drugs, and that was, I
  believe, over 105 billion."
• - Valerie McNiven,
• US Treasury - Cybercrime Advisor, 2005

4
Why am I a Target?

• You are vulnerable
• You have access to financial resources
• Lines of Credit
• Bank Accounts
• You have access to information resources
• Personal confidential information
• Employer confidential information
• You have access to network resources
• High-bandwidth connections
• Botnets

5
How Could I Become a Victim?

• Attacks are becoming increasingly complexrelying
  on a combination of techniques
• Exploitation of Software Vulnerabilities
  Improper Configuration
• Malicious Software/Malware
• Social Engineering Attacks

6
Payloads

• Keyloggers
• Rootkits Bot Software
• Allow attackers to control your computer remotely
• Use your computer for illicit purposes
• Spyware Adware

7
How Do I Protect Myself?

• Complex attacks require a combination of
  technical defenses and commonsense
• No one strategy can defend against all threats
• A layered approach to information security is
  necessaryand easy to do

8
A Layered Defense

• Strong Passwords
• Firewall
• Patching
• Anti-Virus Protection
• Anti-Spyware Protection
• Paranoia Commonsense

9
The RIT Standards

• Password Standard
• Minimum Complexity
• Password Change Cycle
• Desktop Portable Computer Security Standard
• Anti-Virus
• Patching
• Firewall
• Anti-Spyware

10
Passwords
11
Strong Passwords

• Critical to securing your data
• Password crackers can guess a weak password in
  a few hours or less
• People often use the same password for many
  accounts
• How many of your accounts could an attacker gain
  access to with one password?

12
What Is A Strong Password?

• According to the RIT Password Standard, your
  password must
• Be at least 8 characters long
• Contain both UPPER and lower case letters and at
  least one number or symbol
• Placed in the middle not at the beginning or
  end of the password)
• No symbols at RIT/DCE
• Be changed at least every 120 days
• Not contain your username
• Not be reused (repeated) for at least 6 changes
  of password

13
A Strong Password
14
Creating a Strong Password

• Generally, the longer the password the better
• Alternate between a random consonant and vowel to
  produce a nonsense word that can be pronounced.
  Then add a number in the middle.
• Choose two shorter words and put them together
  with a number in between.
• Construct a passphrase for better protection.

15
How Strong Is Your Password?

• Online password checkerhttp//www.securitystats.c
  om/tools/password.php

16
Anti-Virus
17
What Anti-Virus Protects Against

• Viruses
• Self-replicating software that attaches itself to
  other programs and files
• Moves from program to program, replacing each one
  with an infected version
• Worms
• Self-replicating software that does not need to
  attach itself to other programs and files
• Moves from computer to computer over a network,
  searching for vulnerable hosts
• Trojans
• Software that appears to be something harmless
  (like a game or screen saver), but actually
  contains malicious code

18
Anti-Virus Software

• McAfee AntiVirus 8.5i (Win) Virex (Mac)
• Provided for free by RIT (http//www.rit.edu/wwwi
  ts/services/security/software.html)
• Can be used for personally-owned computers on or
  off campus
• No subscription fees for definition updates
• Other Anti-Virus software is freely available and
  compliant with the standard

19
Updating Scanning

• Update your virus definitions daily!
• Virus definitions allow your scanner to detect
  and remove the most current malware threats
• Updates are available every business day for new
  malware and variants
• It only takes 30 seconds, and should be done
  automatically
• Perform a full system scan once per week!
• Can be set up to run automatically

20
Patching
21
Patching

• There were 2,461 new vulnerabilities discovered
  in the first six months of 2007
• 72 were easily exploitable
• Patches close these vulnerabilities, preventing
  attackers from using them to gain control of or
  damage your computer
• They may also add new features, and fix other
  irritating problems and bugs

2007 Symantec Internet Threat Report
22
Automatic UpdatesOS

• Most current operating systems have a feature
  that will automatically check for and install
  patches
• Make sure you have these features
  enabledalthough they are often enabled by
  default
• On the 2nd Wednesday of every month, Windows
  users should make sure theyve received patches

23
Automatic UpdatesApplications

• Unfortunately, not all applications have
  automatic update features
• If an application asks to be updated, you should
  allow it to do so
• Every month check to see if your application has
  updates available

24
Firewalls
25
Firewalls

• Think of your computer like an office
• Programs are like employees, with their own
  phone numbers called ports
• Programs on one computer can call out to programs
  on another computer through the Internet
• Firewalls block certain ports and programs from
  sending or receiving information from the Internet

26
What Can A Firewall Protect Against?

• Worms that rely on vulnerabilities in a specific
  program
• Attackers that are looking for vulnerable
  programs to gain control over your computer
• Information being sent to third parties on the
  Internet (depending on your firewall)

27
What a Firewall Will NOT Do

• A firewall cannot
• Prevent you from downloading malicious software
• Prevent you from connecting to malicious web
  pages
• Stop Spam and Phishing attempts
• Prevent people from physically accessing your
  computer

28
Choosing a Firewall

• Windows XP Firewall
• Default with SP2
• Does not block outgoing connections
• ZoneAlarm Personal Firewall
• A little more sophisticated
• Free license for personal use only
• Router/Wireless Router
• Does not block outgoing connections
• Must change wireless router settings to make it
  secure

29
Anti-Spyware
30
What are Spyware and Adware?

• Spyware
• Any software that collects user data and sends it
  to a third party without the consent of the user
• Adware
• Any software that displays unwanted advertising
  content without the consent of the user
• Currently, 8 of the top 10 most common security
  risks have been categorized as adware/spyware

31
How Did Spyware Get On My Computer?

• Browser Vulnerabilities
• Most commonly Internet Explorer flaws
• May be received by following
• Search results
• E-mail Links
• IM Links
• Social Networking Links
• Bundling with other software
• Weatherbug, Kazaa
• Viruses Worms
• Spyware Adware becoming common payloads

32
Finding Removing Spyware

• Spyware is extremely difficult to removeno one
  anti-spyware program will clean everything
• Good free products
• Spybot Search Destroy
• Ad-aware PE (personal use only)
• Update, then run a full anti-spyware scan weekly!

33
Preventing Spyware Installation

• Alternative Browsers
• Firefox
• Opera
• Fewer vulnerabilities, shorter windows
• Limited User Accounts
• Stop working as administrator
• Browser exploits gain user privileges
• Carefully read pop-up warnings
• Some pop-ups look like errors, but could be
  asking you to install spyware

34
Paranoia and Commonsense
35
Guard your personal information!

• Even less sensitive information can be used by
  an attacker!
• Dont post it in public places.
• Make sure you know to whom youre giving it.

36
Privacy and Social Networking Sites

• Use them carefully
• Guard your private information
• Carelessness can lead to cyberstalking
• Student Judicial and Campus Safety monitor blogs
• Potential employers will check you out
• The information NEVER goes away
• Even when you delete the blog, it is cached
  elsewhere on the Internet.

37
Social Engineering

• Not all threats to your information security rely
  on technical vulnerabilities
• No matter how well you secure your computer, the
  human vulnerabilities will remain
• Social Engineering takes advantage of human
  vulnerabilities to perform an attack

38
Who are You Talking to?

• Attempts to gain access to your information and
  resources may come in many forms
• E-mail
• Instant Messenger
• Telephone
• In person
• Be sure you can verify someones identity before
  you provide them with sensitive information

39
Phishing

• Typical attacker uses e-mail to gain access to
  sensitive personal and account information by
  posing as a legitimate and trustworthy source
• This form of attack is extremely common, with
  phishing attempts numbering in the millions every
  month

40
RIT and Spam/Phishing

• Brightmail Anti-Spam

41
Phishing Targets

• Targets
• Primary target has been the financial sector
• Secondary targets include ISPs, online retailers,
  etc.

42
Phishing Tricks

• Use of very similar names
• www.eday.com, www.ebay-secure.com,
  www.paipall.com, www.yafoo.com
• Use of _at_ in URLs
• www.ebay.com/upd_at_aw-confirm.us/upd
• Masked URLs
• http//www.myspace.com/
• Appeals to greed and urgency

43
Before you click!

• If you are sent a link via e-mail (or IM)
• Hover over the link with your mouse to see where
  it goes to
• Type the link into your browser
• Navigate to the web site manually
• Contact the sender directly to determine if the
  e-mail is legitimate

44
Phishing Samples (APWG)

• Dont be rushed

Appeal to urgency
45
Phishing Samples (APWG)

• Check out the URL

46
Phishing Samples (APWG)

• Phishers often use the lure of better security

47
Phishing Samples (APWG)

• Check the page properties

48
Software Solutions

• Firefox 2 and IE 7
• Built-in Phishing Protection
• Mixed results
• Netcraft Toolbar
• www.netcraft.com

49
Other Phishing-like Scams

• Disaster Relief
• There were more than 170 tsunami-related phishing
  sites
• More than 4000 Katrina-related domain names were
  registered. The FBI estimated 60 were fraudulent
• There were reports of fraudulent sites related to
  the Va. Tech shootings
• Nigerian 419 Schemes (Advance Fee Fraud)
• Mutually beneficial business transactions
• Unclaimed funds from plane crash victims

50
If You Think Youre a Victim

• Reporting Identity Theft
• Your financial institutions
• Public Safety
• FTC Web site
• http//www.consumer.gov/idtheft/
• Credit bureaus (fraud reports)
• Equifax
• Trans Union
• Experian

51
The First Line of Defense

• Stay alertyou will be the first to know if
  something goes wrong
• Are you receiving odd communications from
  someone?
• Is your computer sounding strange or slower than
  normal?
• Has there been some kind of incident or warning
  from the ISO lately?
• Do something about it!
• Run a scan
• Ask for help

52
Physical Security

• Lock or Log Off when you leave your computereven
  for a short time
• Keep your devices secure
• Use a laptop lock
• Secure your PDA
• Remember your thumb drive
• Dont allow other people to use your devices
  without supervision

53
DSD 102 Desktop Security Software

• For hands-on experience with installing and
  configuring the software listed here come to DSD
  102!
• Simulations Demonstrations
• McAfee Anti-Virus
• Anti-Spyware
• Patching

54
DSD 103 Information Handling

• Discover how to protect important information
  belonging to you or RIT.
• Find out how youre affected by the NYS
  Information Security Breach and Notification Act.
  
• Learn how to identify RIT Confidential
  information and choose the best ways to store it,
  share it, and destroy it.
• Make easy changes to MS Outlook that may make
  your job easier and help ensure youre sending
  information to the correct people.

55
Questions Comments

• infosec_at_rit.edu
• http//security.rit.edu