Title: CSI 1306
1CSI 1306
2CONTENTS
- 1 - What is computer security?
- 2 - Destruction by viruses
- 3 - Stealing information and loss of privacy
- 4 - Protection by passwords
- 5 - Other data protection techniques (privacy)
- 6 - e-mail security
- 7 - Risks with on-line transactions
- 8 - Internet security or vulnerability ?
- 9 - Network security (local area networks)
31 - WHAT IS COMPUTER SECURITY?
41 - WHAT IS COMPUTER SECURITY?
- Computer Security is the protection of data from
unauthorized or accidental access, modification
or destruction. - 1 The system operates as it is supposed to
(downtime is minimal) - ? this refers to "Operating Reliability"
- 2 The data processed by the system can always
be accessed - ? this refers to "Data Availability"
- 3 The information stored in the system or
travelling through networks cannot be read or
modified except by people who are entitled to do
so - ? this refers to Privacy
51 - WHAT IS COMPUTER SECURITY?
- ? In all cases, the guidelines for computer
systems safety are - DANGERS SOLUTIONS
- Operating reliability Mirrored Hardware
- Availability of data Backups, Mirrored Disks,
Antivirus - Information Privacy Access Control, Encryption
- ? We will address those aspects of computer
systems safety that are threatened by criminal
behaviour (i.e. unauthorized). - ? So, let's explore the two main types of attacks
encountered by computer systems, including
personal computers - - Viral Destruction
- - Stealing Information using Spyware
62 - DESTRUCTION BY VIRUSES
72 - DESTRUCTION BY VIRUSES
- Definitions Viruses and Trojans
- ? A VIRUS is an autonomous program that modifies
the normal operation of a computer system (normal
is what it was before the insertion of the
virus). - ? To be effective, a virus should
- 1 Propagate itself
- 2 Replicate itself before it reveals its
presence - by its destructive effects
- 3 Be able to affect the normal operation of
the - computer system
- ? A TROJAN virus is one that is hidden inside
another program
82 - DESTRUCTION BY VIRUSES
- Who creates viruses ? . !!!!
- Origin of virus contamination Contact with
another infected computer program. - How ? The contaminated file is copied to another
computer that then also becomes contaminated ! - WHERE CAN THE VIRUS RESIDE?
- - Every portion of an executable program
- (e.g. .com, .exe, .sys, .bin, .ovr, .ovl,
.dll) - - Boot sector of a hard drive or a floppy disk
- - Macros in Microsoft's tools (Excel, Word, etc.)
- - Data files No
92 - DESTRUCTION BY VIRUSES
- PROTECTION IS BASED ON DETECTION OF
- A VIRAL PORTION OF CODE OR
- TAMPERING WITH A FILE
- AND THE REMOVAL OF THE VIRAL CODE WHEN FEASIBLE
OR RELOADING OF A PREVIOUS, CLEAN BACKUP COPY OF
THE FILE - Three Types of Detection
- 1 - Scanning a file for known viral code
- 2 - Comparing the mathematical characteristics of
a file with a previous, clean version (a simple
comparison criteria is the length of the file in
bytes) - 3 - Heuristic scanning of a file which involves
intelligent analysis of the code (looking for
suspicious instructions such as those which
modify disk partitions or the file allocation
table)
103 STEALING INFORMATION / LOSS OF PRIVACY
113 STEALING INFORMATION / LOSS OF PRIVACY
- The information stored on a personal computer can
be stolen - - Through direct physical access
- - Through a network connection
- Through a network connection there are
currently 2 types of spyware Passive and
Active Spyware - - Passive Spyware "listens" to what the spied
user does - - Active Spyware is designed to gain control of
the victimized computer
123 STEALING INFORMATION / LOSS OF PRIVACY
- Characteristics of Spyware
- It is installed on the user's PC in the "shadow"
of installation of a legitimate software product
or during access to a web site - Once installed on the user's PC, the spy records
all of the user's keystrokes (in the same way as
the Macro Recorder records all the user's
actions), and transmits the collected information
to the Internet IP address of the spy - Remote control of the computer allows the spy to
not only listen, but also to modify programs and
data. Incidentally, this is a legitimate
activity for system administrators to detect and
fix problems on remote computers. They use
software such as Carbon Copy, SMS or PC-Anywhere.
133 STEALING INFORMATION / LOSS OF PRIVACY
- Examples of spyware include
- BackOrifice (which was identified in November
1998 as being used for criminal purposes) takes
control of users' PCs over the Internet without
the user noticing it. The user may notice
degraded performance however. - ? BackOrifice is active spyware
- Aureate Products detect the users activity and
report it to the IP address of the company who
installed the software. These are commercial
software products sold to Internet Web providers
to help them identify a users Internet habits.
They can be installed on the users computer when
he/she visits the web site. - ? Aureate is passive spyware
144 PROTECTION BY PASSWORDS
154 PROTECTION BY PASSWORDS
- A password is a string of approximately 5-10
characters which is used to gain access to a
computer resource - - The greater the number of characters in a
password AND - - The greater the number of different characters
in a password - ? the more difficult it is to crack
- Passwords protect/grant access to
- 1 The computer, i.e. BIOS password
- 2 Files and directories
- 3 Resources on remote computers (telnet, ftp,
etc.) - 4 Various privileges or rights (read, write,
create/delete files/dirs, execute)
164 PROTECTION BY PASSWORDS
- SO WHAT IS THE PROBLEM WITH PASSWORDS ?
- They can easily be cracked because
- 1 They are easy to guess (ID myname, pwd
my pet's name) - 2 They are written somewhere (Post-It, File)
- 3 They are transmitted on the Internet when
used for protocols - such as telnet, ftp,
- 4 They are stolen by spyware the key strokes
are sent over the Internet to the "spy" who
installed the software - 5 They can easily be cracked by dedicated
software - Conclusion Password protection is VERY WEAK
PROTECTION ! - Other techniques such as finger, palm, retina and
voice identification are being perfected
175 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)
185 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)
- Data that you do not want people to see ...
According to what you mean by Data Protection",
there are 3 different techniques for protecting
that data - 1 DESTRUCTION of data
- ? FILE SHREDDING (dont just delete a
file first, replace the file contents with 0s
or any other characters) - 2 If you want to be the ONLY person that can
read your data ? ENCRYPT your data with - - A password (very weak encryption)
- - DES (Data Encryption System) each 64 bit
block is encrypted by your own secret 56-bit key.
DES software for Windows is available as
freeware.
195 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)
- 3 If you want to exchange secret information
with another person, use - ? ENCRYPTION based on the RSA algorithm
- (The name RSA is derived from the names of the
three MIT researchers who devised this algorithm
Rivest, Shamir Adleman) - ? RSA uses one Public Encrypting Key and
- a second Secret Decrypting Key
- RSA uses calculations with high prime numbers
- PGP (Pretty Good Privacy) software encrypts data
using the RSA algorithm - - PGP is freeware and runs on a wide variety of
platforms
20- "How-to" with PGP/RSA
- a - Asterix, your Friend, plans to send you the
following ultra-secret message - MSG "Let's attack Julius Caesar
to-morrow at dawn" - b - Asterix is the sender, you are the receiver.
- c - Asterix encrypts the message with YOUR PUBLIC
KEY (PubKey) which you have distributed widely,
publicly, and possibly uploaded to a dedicated
server that is accessible to many people. - d - The result of the Encryption is an encrypted
message (CRYPT_MSG) - PGP_using_PubKey(MSG) CRYTP_MSG
- e - CRYPT_MSG is sent over the Internet.
- f - You receive CRYPT_MSG and start decrypting
it using your Private Secret Key (PrivKey) - g You decrypt the message by applying
- PGP_using_PrivKey(CRYPT_MSG) MSG
215 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)
- In summary, we have two types of encryption
strong and weak - ?? 1 Strong Encryption
- Definition An encryption that is
- neither the open publication of its algorithm,
- nor the availability of the public key
- and enormous computer expertise bandwidth
- can compromise the security of the encrypted
message - ?? 2 Weak Encryption
- Definition Encryption that is not strong !
226 - E-MAIL SECURITY
236 - E-MAIL SECURITY
- VULNERABILTY OF E-MAIL MESSAGES
- Where ?
- 1 On the user's computer a hacker can access
the user's computer - 2 On the e-mail server
- - by the e-mail server administrator
- - by a hacker who manages to gain supervisor
status on - this server
- this person can look at anything
- 3 On one of the computers that relay the e-mail
traffic
246 - E-MAIL SECURITY
- SOLUTIONS for PROTECTING E-MAIL MESSAGES
- 1 ENCRYPT THE MESSAGE CONTENT
- 2 USE FAKE MAIL and ANONYMOUS REMAILER
- Nobody will know who sent the message
- FAKE MAIL is the capability to send e-mail over
the Internet using an altered return mail address
(can also alter the reply to field in your
e-mail software). - ANONYMOUS REMAILERS you send your message to a
server that transforms all the technical header
and control data in your message, so that it is
impossible to know where the message came from.
25 7 - THE RISKS OF ON-LINE TRANSACTIONS
26 7 - THE RISKS OF ON-LINE TRANSACTIONS
- Modern e-commerce Customers shop from home and
pay using their credit cards. - Regularly companies claim that their techniques
are safe but .. at times, credit cards numbers
are reported as having been stolen. - The issues
- - Identify definitively the author of the
transaction Is the person really authorized to
use this credit card? - - Ensure that the information concerning the
credit card will not be stolen during the
transfer over the Internet (or from the companys
files) - ? Are definitely not solved ? will they
be one day ?? - SO, IS IT SAFE TO TYPE A CREDIT CARD NUMBER ON
YOUR KEYBOARD AND SEND IT OVER THE INTERNET?
27 7 - THE RISKS OF ON-LINE TRANSACTIONS
- On one hand, the risks are minimal, according to
- - Companies who conduct E-commerce over the web
- - Providers of E-commerce software who embed
secure encryption techniques - - They will also highlight the fact that paying
with a credit card in a shop is not secure, since
we cannot be sure that the merchant will not make
a duplicate impression - On the other hand,
- - What if the encryption techniques are not as
safe as their promoters claim? Historically,
every time a security feature is implemented,
someone has circumvented it. - - What if spyware is installed on the computer ?
- - There are experts who say that they would never
type their credit card number on a keyboard - ?So, we recommend caution!
288 - INTERNET SECURITY or VULNERABILITY ?
298 - INTERNET SECURITY or VULNERABILITY ?
- Are Personal Computers Hacked?
- ? Yes, sometimes. There is software
specifically designed for this task (Back
Orifice, for instance) - ? But less often than servers !!!!
- The VULNERABILITY OF A PERSONAL COMPUTER RESULTS
FROM UNAUTHORIZED ACCESS (Back Orifice, Aureate
products) - WHO HAS ACCESS TO THE USER'S COMPUTER ?
- The answer is potentially ALL the other
computers connected to the internet!? THE RESULT
IS UNAUTHORIZED ACCESS TO DATA (AND POSSIBLE
MODIFICATION OR DESTRUCTION OF IT), AS WELL AS
POSSIBLE ALTERED OPERATION OF THE COMPUTER
308 - INTERNET SECURITY or VULNERABILITY ?
- SOLUTION 1 Use access filtering of
communications with other computers by installing
a Firewall - What is a Firewall ?
- A system that enforces an access control policy
between 2 systems (i.e. Internet and the user's
computer). It blocks traffic that is supposed to
be dangerous and permits normal traffic. For
example, configure the firewall to permit only
e-mail traffic and block services that are known
to be potential problems
318 - INTERNET SECURITY or VULNERABILITY ?
- - a Hardware Firewall is a frontal computer, also
sometimes called a portal, that is connected
directly to the Internet and filters all the
communications between the Internet and the
user's personal computer. The frontal computer
can simply be another PC with an operating system
and filtering software an old 386 could act as
a hardware firewall for a newer Pentium
computer. - - a Software Firewall simply filters the
communications between the Internet and the
user's computer. There are now several versions
for PCs running under Windows or Linux (Atguard
or TimeZone-Freeware)
328 - INTERNET SECURITY or VULNERABILITY ?
- SOLUTION 2
- Since there is a never ending race between new
protections and attacks on them, you should
always use the most recent Internet protection.
(e.g. keep your virus detection software updated)
338 - INTERNET SECURITY or VULNERABILITY ?
- THE VULNERABILITY OF SERVERS HACKING A
PROVIDERS SERVER - DOS Denial of Service attacks
- The hacker sends repeated requests to access the
server with a high priority rank, so the server
has no opportunity to serve its clients. - The server being attacked is not available to its
clients. - Many DOS attacks are reported regularly.
- Data Alteration Webpage Missing
- One regularly reads that this situation might be
the result of poorly maintained servers but
recently, in the year 2000, the servers of well
known companies have been hacked (Microsoft,
Yahoo, Amazon)
348 - INTERNET SECURITY or VULNERABILITY ?
- - AT TIMES THE USER INADVERTENTLY MAKES ALL THE
FILES ON HIS WEB SITE ACCESSIBLE TO ALL INTERNET
USERS - ? No index.html
- - SO WHAT ABOUT KEEPING TRACK (LOGGING) OF ALL
CONNECTIONS TO A SERVER IN ORDER TO DETECT
HACKING ATTEMPTS ? - ? An enormous burden
359 - NETWORK SECURITY
369 - NETWORK SECURITY
- Network security requires experts. So a position
called Network Security Administrator has been
created. - The required expertise varies according to the
software used for operating the network Novell,
IBM SNA, MS-NTservers, etc. - The main tasks of a Network Security expert are
- - Assignment of rights to users
- - Providing hardware and software protection for
data privacy - - Creating backups for restoring data in case of
destruction - - Establishing and managing a disaster recovery
plan
379 - NETWORK SECURITY
- First Rule of Security on a Network
- If you want your data to be absolutely protected,
never make it accessible to anybody. - e.g. Do not connect your companys payroll system
to the network.