How You Can Protect Yourself from Cyber-Attacks

1
How You Can Protect Yourself from Cyber-Attacks
Ian G. Harris Department of Computer
Science University of California Irvine Irvine,
CA 92697 USA harris_at_ics.uci.edu
2
About the Class

• Schedule Mondays, 1000 - 1050 in DBH 1420
• Website Look at http//www.ics.uci.edu/harris
• Readings The Symantec Guide to Home Internet
  Security, Andrew Conry-Murray and Vincent
  Weafer, Addison- Wesley, 2006
• Topics Computer security risks (i.e. phishing,
  spam, malware, etc) and how to protect against
  them (i.e. firewalls, anti-virus, patching
  software, etc.)
• This course is meant to be practical, not too
  technical.
• I can give pointers to more technical
  information.

3
Social Engineering

• Exploiting vulnerabilities in the user, not the
  network or device
• Traditional scams using the computer (and/or the
  phone) as a vehicle
• People trust official looking emails and websites
• Not primarily technical attacks
• Often used to gain information for larger attacks

4
Social Engineering Examples

• Examples
• Dear Honorable Sir, I need to transfer
  10,000,000,000 to your account
• Required to pay a small transfer fee
• You need to update your Paypal account
• Directed to send personal information
• Call computer support and masquerade as a
  technician
• Where is that TFTP server located again?

5
Spoofing

• Making a fake version of something in order to
  trick a user
• Often used as part of a social engineering scam
• Example
• You get an email saying something is wrong with
  your ebay account.
• It provides a link to a website
  www.ebayaccounts.com
• The website is fake but can look completely real
• Can be done with email addresses and calling
  trees

6
Preventing Social Engineering

• Dont trust anyone or any information that you
  cant verify
• Dont give critical info to unverified
  websites/phone
• numbers
• 2. Dont accept anything (i.e. programs) from
  unverified
• sources

• This may be inconvenient
• If Citibank calls, you should call them back at a
  known
• Number
• 2. Cant purchase online from unknown vendors
• 3. Be careful about freeware/shareware

7
Technical Threats

• Exploiting vulnerabilities in the computational
  device or in the network
• Require some technical ability
• Understand network protocols and components
• Write code (at least execute scripts)
• Deeply understand networked applications
• May be directed at your machine
• You can defend against these
• May impact you but be directed against other
  machines
• You cant really stop these

8
Typical Technical Threats

• Denial of Service - A service provided by the
  device is caused to fail
• Cellphone cannot receive calls, desktop reboots
• Quality of Service - Quality is degraded, not
  destroyed
• Noise added to a phone call, anti-lock brakes
  slow
• Data Theft - Important data is taken from the
  device
• Passwords, name, usage patterns, location
• Botnet Zombie - Complete ownership of the device
  to use in the future for other attacks.

9
Threats Against Other Machines

• Your machines operations are impacted by an
  attack on another machine
• Usually part of the network infrastructure
• Examples
• Your Domain Name Server (DNS) is attacked so you
  can no longer resolve domain names
• Your universitys computers are attacked and your
  personal data is stolen
• You cant do much about these attacks, except
  complain/sue

10
Threats Against Your Machine

• Most such threats require executing malicious
  code on
• your machine
• Malware - General term for Malicious code
• Common types of malware
• Spyware - Record information inside your device
• Browsing habits, keystrokes, etc.
• Also change behavior (web page redirects )
• Adware - Record information and display ads
  catered to you

11
How Does Malware Work?

• Need to know this in order to defend against it
• Gets into the memory of your computer
• Tricks your computer into executing it
• Hides itself
• Spreads itself to other machines

12
Getting Into Your Computer

• User-driven - User allows the malware in
• Read your email
• Click on an attachment
• Click on a website link
• File transfer (ftp)
• Background traffic - Many programs communicate on
  the network in the background
• IM, skype, automatic updates, etc.

13
Executing on Your Machine
How can foreign programs run on my computer?

• User Gives Permission
• Do you want to enable this macro?
• Bad default settings, (ex. Automatically enable
  all macros)
• These vulnerabilities can be fixed fairly easily
• Software Vulnerability
• A networked application has a coding flaw which
  allows unauthorized code execution

14
Rootkits

• A rootkit is a program that uses stealth
• - Sneaks onto your machine without you knowing
• - Hides itself on your machine so that is cant
  be removed
• Rootkits change components of the operating
  system to hide their
• presence
• Example of stealth
• - A rootkit may attach itself to a good
  executable
• - Detected by examining properties of the
  executable (i.e. size)
• - Checking properties is a call to an OS program
• - Rootkit may change the check properties
  program to print the
• original size
• Most malware is fundamentally a specialized
  rootkit

15
Malware Propagation/Spread

• Trojan Horse - Malware which is part of another
  program which the user believes is safe
• Spread occurs when the user installs the safe
  program
• Social engineering may be involved
• Virus - Malware which is part of a larger program
  or file
• Ex. Macro in an .xls spreadsheet
• Self-replicates by inserting itself into new
  programs/files
• Worm - Malware which is not attached to another
  program/file
• Self-replicates over the network