Practical Computer Security

1
Practical Computer Security

• Mark Ciampa
• Western Kentucky University
• mark.ciampa_at_wku.edu

2
Practical Security

• Current Status

3
Internet Security Threat Report

• 10,866 new Windows viruses and worms (142)
• 1,862 new software vulnerabilities
• Average vulnerability to exploit is 6 days but
  vulnerability to patch is 54 days
• 200,000th threat definition added to malware
  detection database (doubled in less than 2
  years)
• Unprotected PC infected in 20 minutes

4
Identity Theft

• 1 in 4 Americans (88 million) had digital data
  exposed in last 18 months for losses exceed 48
  billion
• Victims spent average 330 hours to recover
• 5.7 million phishing e-mail attacks per day (1 of
  125 e-mails is phishing)
• 14,191 phishing Web sites July 2006 (3,326 May
  2006)
• 2,683 Web sites pushed key-logging software

5
Trends

• Attacks for financial gain
• Attacks on confidential information
• Shift away from recognizable threats to
  customizable malware
• Cell phones and iPods target
• Increase number zero-day attacks

6
Why Increase In Attacks

• Speed of attacks
• More sophisticated attacks
• Faster detection weaknesses
• Distributed attacks
• User confusion

7
User Confusion

• Confusion over different attacks worm or virus?
  adware or spyware?
• Confusion over different defenses antivirus,
  firewall, patches
• Asked perform technical procedures and make
  technical decisions

8
User Confusion

• Permission to open port?
• Safe quarantine attachment?
• Approval your bank install add-in?
• Education and awareness are key defenses

9
Teaching Security

• Brief coverage of security in Introduction to
  Computers courses where teach definitions
• Teach network security to computer majors
• Leave out practical security for non-computer
  majors

10
Teaching Security

• Need educate all students about practical
  computer security
• Security Literacy Why and how to make
  personal systems secure
• Users should be as fluent with security literacy
  as with Office or e-mail

11
Practical Security

• What every user should know
• Attacks and defenses
• Where included in curriculum

12
Practical Security

• Attacks

13
Attacks

• Viruses
• Worms
• Denial of Service
• Backdoors
• Phishing
• Spyware adware
• Rootkits
• Hidden data

14
Virus

• Must be attached to e-mail, file, etc.
• Malicious intent
• Virus evolution

15
Worm

• Not attached but spreads by itself
• Exploit system vulnerability like buffer overflow
  or flawed protocol

16
Worm

• Consume system resources
• Modify system configurations
• Install backdoor program
• Create zombie to launch Denial of Service (DoS)

17
Denial of Service

• Overwhelms system resources
• Prevents legitimate users from accessing system
• Distributed DoS attacks

18
Denial of Service
19
Backdoor

• Virus and DoS disrupts but backdoor provides
  avenue to steal
• Allows attacker to secretly access system
• Listen for commands on open ports

20
Phishing

• Online scam
• Tricks user into disclosing personal info like
  credit cards
• Uses spoofed e-mails or popups to direct users to
  fraudulent Web sites

21
Phishing
22
Phishing
23
Phishing Examples.

• survey.mailfrontier.com/survey/quiztest.cgi
• www.antiphishing.org/phishing_archive.html
• http//www.millersmiles.co.uk/archives/current

24
Spyware.

• Collects personal information
• Monitors activity without knowledge
• Keystroke logger

25
Adware

• Installs a service or program
• Spawns popups or launches Web browser to specific
  site
• Can track surfing habits

26
Rootkit

• Software to obtain special operating system
  privileges to perform unauthorized functions and
  hide all traces of existence
• Causes no direct damage to the computer but hides
  presence of other types of malicious software
• Remove traces of log-in records, log entries, and
  related processes
• User can no longer trust operating system

27
Hidden Data.

• Metadata - data about data
• Hidden deletions and comments in documents
• Test for vulnerabilities
• Remove hidden data

28
Practical Security

• Defenses

29
Practical Defenses

• Passwords
• Patch management
• Antivirus Antispyware
• Firewall
• Browser security
• Backups
• Rootkits
• Wireless LANs

30
Weak Passwords

• Password paradox difficult to memorize complex
  passwords so take shortcuts
• Short (ABCD)Short passwords easier to break
• Common word (Friday)Electronic dictionary match
  the password
• Personal information (Susan) Easy to identify
• Use same password for all accounts Can access
  all accounts
• Write password down Single point attack
• Not changeUnlimited access by attackers

31
Strong Passwords

• Minimum 8 characters
• Use combination letters, numbers, special
  characters
• Use space or nonprintable characters when
  available
• Change every 30 days
• Not reuse for 12 months
• Not use for multiple accounts
• Avoid inexpensive biometric devices

32
Password Tools

• Password crackers
• Online password creators
• Create protect secure password list (Adobe
  Acrobat PDF)
• Use password program (Password Safe)

33
Secure Password List.
34
Patch Management

• Different types of patches
• Install patch
• Auto-update

35
Windows Patch Updates
36
Antivirus

• Update
• Scan a device
• Test antivirus settings
• Disinfect

37
Antivirus.
38
Antispyware

• Install
• Update
• Scan a device
• Disinfect (System Restore)

39
Antispyware
40
Antispyware
41
Comprehensive Products

• Comprehensive, integrated, automatic
  subscription service
• Automatic updated antivirus, antispyware,
  firewall, backup, tuneup
• Microsoft Windows OneCare Live
• Symantec Norton 360
• McAfee Falcon

42
OneCare Live
43
Firewalls

• What firewall does (close ports)
• Network firewalls Refuse transmit inbound
  packets based on source IP or domain
• Personal firewalls Only open ports for
  user-approved applications

44
Firewalls

• Configure Windows Firewall
• Check exceptions
• Test firewall

45
Check Firewall
46
Test Firewall
47
Browser Security

• Clean up
• Delete cookies
• Delete temporary Internet files
• Clear cache
• Clear history
• Clear Autocomplete

48
Browser Security

• Set security zones
• Privacy (cookies)
• Content page restrictions
• Individual settings

49
Browser Tools

• Drop My Rights
• VMWare Player
• Application Sandboxes

50
Browser Tools

• Application sandboxes have small footprint (lt1
  MB)
• Allows HHD read functions
• Intercepts HDD write operations
• Redirects writes to transient storage container
• Run browser in sandbox and isolate any malware

51
Browser Tools.
52
Backups

• What to backup
• What media to use
• Frequency
• Where be stored

53
Backup Media

• CD-R or DVD
• Internet storage
• Network attached storage (NAS)
• Portable USB drive

54
Backups
55
Rootkits.

• Sony BMG Music
• Cannot remove rootkit
• Rootkit detectors

56
Does Wireless Security Matter?

• Get into any folder set with file sharing enabled
• See wireless transmissions
• Access network behind firewall can inject malware
• Download harmful content linked to unsuspecting
  owner
• Security begins at home

57
WLAN Defenses That Dont Work

• Hide my network (Disable SSID beaconing)
• Restrict who can join my network (MAC address
  filtering)
• Encrypt transmissions (WEP)
• Use advanced security (WPA)

58
Steps Protect Personal Wireless

• Install Microsoft Hot Fix (KB893357)
• Update Intel Centrino drivers
• Turn on WPA2
• On older equipment use WPA
• MUST use 20 character WPA passphrase
• Turn on wireless VLAN

59
Set WPA2 on AP
60
Set WPA2 on AP
61
Set WPA2 on Device
62
Show WPA2
63
Turn on VLAN
64
Baseline Security Analyzer
65
Practical Security

• Where Teach Security Literacy

66
Where Teach?

• CIS Curriculum Integrate into all courses
  programming, Web development, applications,
  networking
• Intro to Computers Make Practical Security key
  topic with supplemental text

67
Where Teach?

• Introduction to Business Ethics Practical
  Security 1-hour course required all business
  majors
• Continuing Education Course for community
  patrons

68
Textbooks

• Security Awareness Applying Practical Security
  in Your World, Second Edition by Mark Ciampa
• Course Technology (ISBN 1418809691)
• Publication date - February 2006

69
Practical Computer Security

• Mark Ciampa
• Western Kentucky University
• mark.ciampa_at_wku.edu