The University of Arizona

1
The University of Arizona
Beginners Guide to Computer Security
Security Awareness Brown Bag Series Sponsored by
the Information Security Office
2
Objectives

• Provide an overview of the most common
• threats and how to build a layered protection.
• Includes

Spam Security Tools Anti-Virus Software
Security Policies Passwords Firewalls
Encryption Laptop Security Summary
Importance Of Security Threats to Data Viruses
Trojan Horse Programs Vandals Attacks Data
Interception Scams
3
Good News Bad News

• Internet transforms and greatly improves our
  lives
• Opened the door to an increasing number of
  security threats from which individuals, families
  and business must protect themselves
• Consequences of attacks can range from the mildly
  inconvenient to the completely debilitating
• Important data can be lost
• Privacy can be violated
• Computer can even used by an outside attacker to
  attack other computers on
• the Internet

4
Threats to Data

• Come from a very small minority
• A car thief can steal only one car at a time
• Single hacker working from a single computer can
  generate damage to a large number of computer
  networks
• A general knowledge of security threats and how
  to protect yourself is essential

5
Viruses

• Most widely known security threat due to
  extensive press coverage
• What is a virus?
• Computer programs that are written by malicious
  programmers and are designed to replicate
  themselves and infect computers when triggered by
  a specific event
• Example - Macro viruses attach themselves to
  files that contain macro instructions (routines
  that can be repeated automatically, such as
  sending email) and are then activated every time
  the macro runs

6
Effects

• Benign - cause annoying interruptions such as
  displaying a comical message when striking a
  certain letter on the keyboard
• More destructive - cause such problems as
  deleting files from a hard drive or slowing down
  a system

7
How to catch it

• A computer can be infected with a virus only if
  the virus enters through an outside source
• an attachment to an email
• a file downloaded from the Internet

When one computer on a network becomes infected,
the other computers on the network or for that
matter other computers on the Internet are
highly susceptible to contracting the virus
8
Trojan Horse Programs

• Delivery vehicles for destructive computer code,
  like a virus
• Appear to be harmless or useful software
  programs, such as computer games, but are
  actually enemies in disguise

9
Trojan Horse Programs

• Can delete data, mail copies of themselves to
  e-mail address lists and open up computers to
  additional attacks
• Can be contracted by
• copying the Trojan horse program to a computer
• downloading from the internet or
• opening an email attachment

10
Vandals

• Web sites have come alive through the development
  of such software applications as ActiveX and Java
  Applets
• enable animation and other special effects to
  run, making web sites more attractive and
  interactive

11
Caution

• However, the ease with which these applications
  can be downloaded and run has provided a new
  vehicle for inflicting damage
• Vandals can embed malicious software in active X
  Apps and Java applets that cause destruction
• A vandal can destroy a single file or a major
  portion of a computer system

12
Attacks

• Innumerable types of network attacks have been
  documented, and they are commonly classified in
  three general categories
• reconnaissance attacks
• access attacks, and
• denial of service (DoS) attacks

13
Reconnaissance Attacks

• Reconnaissance - information gathering activities
  by which hackers collect data that is used to
  later compromise networks
• Software tools, such as sniffers and scanners,
  are used to map out and exploit potential
  weaknesses in home computers, web servers and
  applications

14
Access Attacks

• Access attacks are conducted to gain entry to
  e-mail accounts, databases and other confidential
  information
• Typically performed after a recon attack -
  attacker goes back to exploit the services
  discovered in a reconnaissance attack - one
  reason an attack should make you take notice

15
Dos Attacks

• DoS attacks prevent access to all or part of a
  computer system
• Usually achieved by sending large amounts of
  malicious connection requests or other
  unmanageable data to a machine that is connected
  to the Internet, blocking legitimate traffic from
  getting through
• Even more malicious is a Distributed Denial of
  Service attack (DdoS) in which the attacker
  utilizes multiple compromised machines to focus
  them onto a particular host/network

16
Data Interception

• The intercepting perpetrators might eavesdrop on
  communications or even alter the data packets
  being transmitted
• Various methods to intercept data
• IP spoofing, for example, entails posing as an
  authorized party in the data transmission by
  using the internet protocol (IP) address of one
  of the data recipients

17
Scams

• Stakes are higher as they've got easy access to
  millions of people on the internet
• Email
• May contain a hyperlink to a web site that asks
  you for personal information, including your
  password
• May contain a solicitation for your credit card
  information in the guise of a billing request

18
Protect Yourself

• Never give out your password, billing information
  or other personal information to strangers online
• Be mindful of who you're talking with before you
  give out personal information

19
Protect Yourself

• Don't click on hyperlinks or download attachments
  from people/web sites you don't know
• Be skeptical of any company that doesn't clearly
  state its name, physical address and telephone
  number

20
(No Transcript)
21
Spam

• Unsolicited e-mail or the action of broadcasting
  unsolicited advertising messages via e-mail
• Takes up time and storage space on your computer
• Report it to your local postmaster or
  postmaster_at_email.arizona.edu

22
Security Tools

• First, understand the threats
• Second, put proper safeguards in place
• Extensive choice of technologies
• Anti-virus software packages
• Firewalls for providing protection
• Implement proper computer security without
  compromising the need for quick and easy access
  to information
• Encryption
• Password protected screen saver
• Laptop locking devices

23
Anti-virus Software

• Relies on early warnings of new viruses, so that
  antidotes can be developed and distributed
  quickly
• 1,000s of new viruses being generated every
  month
• Essential virus database be kept up to date
• Record held by the anti-virus package that helps
  identify known viruses when they attempt to
  strike
• Can prompt users to periodically collect new data

• Sophos Anti Virus
• https//sitelicense.arizona.edu/sophos/sophos.html

24
Security Policies

• Rules and written or verbal regulations by which
  all staff, students and faculty operate
• Often preempt security breaches
• Customers or suppliers with access to certain
  parts of the network need to be adequately
  regulated

25
Passwords

• Simplest and most common way to ensure that only
  those that have permission can enter your
  computer or certain parts of your computer
  network
• Virtually ineffective if people do not protect
  their passwords

26
Passwords

• The golden rules, or policies for passwords are
• Make passwords as meaningless and as memorable as
  possible (h0t ala!)
• Change passwords regularly
• Never divulge passwords to anyone -
• Dont write your password down. First place the
  attacker looks?
• Sticky notes on monitor or under keyboard or desk
  

27
Firewall Basics
What They Do and How They Work
28
Firewalls

• A hardware or software solution to enforce
  security policies
• Built-in filters that can disallow unauthorized
  or potentially dangerous material from entering
  the system
• Logs attempted intrusions

29
What Does a Firewall Do?

• In general, firewalls try to keep people from
  remotely accessing your computer in bad ways when
  you are connected to the internet

30
How Do Firewalls Work?

• Most firewalls are designed to allow or block
  specific types of data going to and from your
  computer to the internet
• Allow "good" data traffic

and block all "bad" data traffic
31
How Do Firewalls Work?

• "Good" traffic is the kind you need to do things
  like surf the web, download files, chat, share
  files, etc
• "Bad" traffic is what hackers might do like
  steal files on your computer, use a Trojan to
  control your computer, disrupt your connection or
  network, etc

32
Computer a House With Many Doors

• Doors (ports) are points where a person (hacker)
  can get in
• Think of a firewall as a security guard who is
  watching each door and who is going in and out of
  the doors

33
Computer a House With Many Doors

• The firewall makes sure only the right doors get
  opened and that only the right people (data) have
  access to your house
• Some firewalls can also hide your house
  (computer) so casual hackers can't see it (also
  called "stealth mode)

34
What Traffic Is Good/What's Bad?

• Experience
• Reading
• Learning
• The easiest way is to start with a simple
  firewall program, see how it works and then
  graduate to more sophisticated solutions as you
  gain knowledge
• Helpful Home Computer Security Webpage
• http//www.cert.org/homeusers/HomeComputerSecurity
  /

35
Do Firewalls Prevent Viruses and Trojans?

• NO!! A firewall can only prevent a virus or
  Trojan from accessing the internet while on your
  machine
• 95 of all viruses and Trojans are received via
  e-mail, through file sharing (like KaZaA or
  Gnucleus) or through direct download of a
  malicious program
• Some file sharing programs, such as KaZaA, now
  come with spyware installed.

36
Do Firewalls Prevent Viruses and Trojans?

• Firewalls can't prevent this -- only a good
  anti-virus software program can
• Install Kerio Firewall
• https//sitelicense.arizona.edu/kerio/kerio.shtml
  

37

• However, once installed on your PC, many viruses
  and Trojans "call home" using the internet to the
  hacker that designed it
• This lets the hacker activate the Trojan and
  he/she can now use your PC for his/her own
  purposes
• A firewall can block the call home and can alert
  you if there is suspicious behavior taking place
  on your system

38
What Is "Stealth" Mode?

• In theory, stealth mode hides all the ports on
  your computer from being visible to others on the
  internet.
• Some think this makes them less vulnerable to a
  malicious attack and consider it the "holy grail"
  of firewall configurations.
• While true that your ports are "invisible", a
  "stealthed" computer really looks like a black
  hole to a hacker.
• Data goes in but it never comes out.

39
Stealth Mode

• A good hacker can spot this behavior - may
  actually consider it a challenge to try to break
  in as he/she wonders what's there
• Sometimes, staying in plain sight makes you less
  attractive as a target
• Achieving "stealth" mode with some network
  configurations (such as Microsoft internet
  connection sharing or ICS) can be very difficult
• Stealth mode can make it difficult for the
  networked computers to "see" and interact with
  the gateway computer

40

• Computers don't stay "stealthed". The moment you
  do something that accesses the internet from your
  end, you're "unstealthed" because data is coming
  out
• Any hacker with a packet sniffer who knows where
  to look can tell that something's there

41
Encryption

• Ensures that messages cannot be intercepted/read
  by anyone other than the authorized recipient
• Deployed to protect data transported over a
  public network (internet)
• Uses advance mathematical algorithms to
  scramble messages and their attachments

42
Encryption

• Provides the security necessary to sustain the
  increasingly popular virtual private network
  (VPN) technology
• VPNs are private connections, or tunnels, over
  public networks
• Deployed to protect telecommuters, mobile
  workers, branch offices and business partners to
  corporate networks or each other

43
Virtual Private Network (VPN)

• Allows connection to the UA from an off-campus
  computer anywhere on the Internet
• Recognized as a UA affiliate when your data
  reaches the campus network
• Provides extra security by encrypting data to and
  from your computer
• creating a private tunnel through the Internet
  for your communication
• Data unencrypted by the software once it reaches
  the campus

44
System Requirements

• Internet connection through an Internet service
  provider
• Must have a valid UA NetID
• https//netid.arizona.edu
• Off-campus computer must have a Windows, Linux,
  Macintosh, or Sun Solaris operating system
• Additional minimum system requirements listed at
• https//sitelicense.arizona.edu/vpn/system_require
  ments.shtml

45
File Sharing Piracy

• What You Dont Know Can Hurt You

46
File Sharing Piracy

• The RIAA has announced as of June 25, 2003 they
  will be on a rampage to stop illegal file sharing
  at whatever costs are necessary

47
File Sharing Piracy

• Plan to file lawsuits against anyone that is
  sharing files illegally on the Net and that could
  be big, medium or small file share users. This
  weeks tip could literally save you thousands of
  dollars in the end.
• For all you pirates at sea, who don't want to go
  afloat, the time has come to make one of the
  following decisions

48
Options

• Turn off your file sharing for a bit.
• How to disable the file sharing option
• http//www.upb.pitt.edu/offices_services/technolog
  y_services/resnet/filesharing.pdf.
• 2. Take the chance of getting caught paying
  thousands of dollars by doing nothing.

49
Laptop Security

• Laptops are a valuable resource, especially to
  individuals who must travel while remaining in
  continual communication with their office.
• They also allow connectivity that provides users
  the ability to take their workplace with them.

Unfortunately, the mobility, technology and
information that makes laptops so useful to
employees and organizations also make them
valuable prizes for thieves.
50
Laptop Security

• Laptop computers with confidential information
  are stolen regularly. In fact, over 400,000 were
  stolen in 2002! (CSI 2003)
• 40 of laptop theft happens in private offices,
  temporary work stations, meeting rooms
• A surprising number of laptop computers are
  stolen at airport metal detectors by teams
  working in concert
• Another theft method is a variation of the old
  pickpocket game of bump and run

51
Security Checkpoint Method

• If you are approaching the metal detector with
  your laptop, do not put it on the belt until you
  have a clear path through the metal detector.
  Even then, keep your eye on the laptop as it
  comes through the other side. Do not allow
  yourself to be distracted by anyone.
• Remember to
• Love your laptop. Cherish it. Hold on to it.
  Keep it in your hand or on your shoulder whenever
  possible.
• Always be aware of others around you. You can
  also hand your laptop to security and ask them to
  check it by hand.
• Carry your laptop in a briefcase or other bag
  that doesnt look like a laptop bag and is
  heavier.

52
Bump and Run Method

• Youre susceptible to this technique when your
  laptop is riding on top of your.
• luggage cart.
• Someone either stops in front of you or runs into
  you.
• While they are apologizing and you are brushing
  yourself off, an accomplice picks up your laptop
  case and is gone in a split second.
• Anytime you loose immediate control of your
  laptop, its susceptible to theft. Three things
  to remember.

Hold on
Heavy case
Hand over
53
Additional Tips

• Secure unattended laptop (laptop locking devices)
• Adhere a Return to Owner notice on your laptop
• Prevent shoulder-surfing on trains and busses
• Emergency list make, model, serial number,
  internal inventory number, security phone numbers
• Consider technical solutions
• encryption software
• Attach a security cable (choose one with a
  tubular cylinder lock vs. tumbler lock)
• Laptop safe
• Motion sensors and alarms
• Be aware of increased vulnerability on the Road
• Cabs, shuttle busses, rental cars, parking
  facilities

54
Summary

• Common sense, some simple rules and a few pieces
  of technology can help protect your computer
  systems from unauthorized use
• Important to remember that by protecting your own
  computer system, you're also doing your part to
  protect computers throughout the university

55
UA Resources

• Kerio Firewall (free to all UA affiliates)
• https//sitelicense.arizona.edu/kerio/kerio.shtml
• Sophos Anti Virus (free to all UA affiliates)
• https//sitelicense.arizona.edu/sophos/sophos.html
  
• VPN client software
• https//sitelicense.arizona.edu/vpn/vpn.shtml
• Policies, Procedures and Guidelines
• http//w3.arizona.edu/policy/
• Security Awareness
• http//w3.arizona.edu/security/awareness.htm