Workstation Security

1
Workstation Security Privacy and Protection
from Hackers

• ISECON2002
• Nov 2, 2002
• Bruce P. Tis, Ph.D.
• Simmons College
• Boston, MA

2
Outline

• Goals
• Introduction
• Attacks/Threats
• Malware viruses, worms, Trojan horses and
  others
• Privacy - Cookies/Spyware
• Firewalls
• Steps for protecting yourself
• Interesting Web Sites
• What Havent We Covered

3
Goals

• Raise your consciousness regarding the need for
  information security at the workstation level
• Review basic terminology and concepts
• Discuss threats and how to resist them
• Verifying workstations ability to resist an
  attack

4
Introduction
5
What is security?

• Computer Security deals with
• the prevention and
• detection of,
• and the reaction to,
• unauthorized actions by users of a computer
  system or network.

6
Topics Include

• Cryptology
• Forensics
• Standards
• Management of security/policies
• Authentication
• Intrusion Detection
• Hacking

• Privacy
• Legal and Ethical issues
• IP Security
• WEB Security
• Network Management
• Malware
• Firewalls

7
Why do we need to be concerned about security

• Economic loss
• Intellectual Property loss
• Privacy and Identity Theft
• National Security

8
Economic Loss

• Kevin Mitnicks hacking spree allegedly cost
  companies 291 million
• Economic impact of recent malware
• LoveLetter and CodeRed 2.6 billion each
• Sircam 1.3 billion
• Computer Economics estimates that companies spent
  10.7 billion to recover from virus attacks in
  2001

9
Radicati Group Inc study of economic impact of
malware
10
CERT

• Computer Emergency Response Team Coordination
  Center (CERT) reports security incidents
• An incident may involve one site or hundreds (or
  even thousands) of sites. Also, some incidents
  may involve ongoing activity for long periods of
  time.

11
(No Transcript)
12
Intellectual Property

• Music piracy
• Software piracy
• Research data piracy
• Industrial espionage

13
Privacy and Identity Theft

• 300,00 credit cards stolen at CD Universe
• Identity theft has reached epidemic proportions
  and is the top consumer fraud complaint in
  America
• Losses to consumers and institutions due to
  identity theft totaled 745 million in 1997,
  according to the U.S. Secret Service.
• An estimated 700,000 consumers became victims of
  identity theft during 2001 at a cost of 3
  billion.
• Estimate of 900,000 for 2002.

14
National Security

• Los Alamos loses top-secret hard drive
• January 1990 ATT long-distance telephone
  switching system was crashed for nine hours and
  approx 70 million calls went uncompleted
• Distributed attack on the 13 root DNS servers two
  weeks ago
• September 11 !!!!!!!!!!!!!!!!!!!!!!!

15

• The National Strategy to Secure Cyberspace draft
  issued in September 2002 clearly puts
  responsibility on the end user to protect his/her
  personal computer from hackers
• Consumer education Web site
• http//www.ftc.gov/bcp/conline/edcams/infosecu
  rity/
• National Cyber Security Alliance
• http//www.staysafeonline.info

16
Attacks and Threats
17
Attacks/Threats

• Physical
• Access
• Modification
• Denial of Service
• Repudiation
• Invasions of Privacy

18
Physical Attacks

• Hardware theft
• File/Information Theft
• Information modification
• Software installation

19
Access Attacks

• Attempt to gain information that the attacker is
  unauthorized to see
• Password pilfering
• An attack against confidentiality
• Snooping
• Eavesdropping
• Interception

20
Modification Attacks

• An attempt to modify information an attacker is
  not authorized to modify
• An attack against information integrity
• Changes
• Insertion
• Deletion

21
Denial-Of-Service Attacks

• Deny the use of resources to legitimate users of
  a system
• Denial of access to information
• Denial of access to applications
• Denial of access to systems
• Denial of access to communications

22
Repudiation Attacks

• Attack against the accountability of information
  i.e. and attempt to give false information or to
  deny that a real event or transaction has
  occurred
• Masquerading
• Denying an event

23
Privacy Attacks

• Collection of information about
• you
• your computer configuration
• your computer use
• your surfing habits

24
Security Services

• Security services are used to combat attacks
• Confidentiality (access)
• Integrity (modification, repudiation)
• Availability (denial of service)
• Accountability ( access, modification,
  repudiation)
• Security mechanisms implement services i.e.
  cryptography

25
Malware

• Trap Door
• Logic Bombs
• Trojan Horses
• Worms
• Bacteria
• Viruses
• Mobile Code

26

• Malware collection of techniques/programs that
  produce undesirable effects on a computer system
  or network
• Differentiate based on
• Needs host program
• Independent
• Replicate
• Dont replicate

27
Malware
Needs Host Program
Independent
Worms
Bacteria
Trapdoor
Virus
Logic Bomb
Trojan Horse
28
Trap Doors

• Secret entry point to a program that bypasses
  normal security access procedures
• Legitimate for testing/debugging
• Recognizes some special input, user ID or
  unlikely sequence of events
• Difficult to detect at use
• Must detect during software development and
  software update

29
Logic Bombs

• Code embedded in legitimate program that is set
  to explode when certain conditions met
• Presence/absence certain files
• Date
• Particular user
• Bomb may
• Alter/delete files
• Halt machine
• Other damage

30
Trojan Horses

• Apparently useful program or command procedure
  containing hidden code which performs harmful
  function
• Trick users into running by disguise as useful
  program
• Doesnt replicate itself
• Used to accomplish functions indirectly that an
  unauthorized user not permitted
• Used for destructive purposes

31
Backdoor Trojans

• Opens backdoor on your computer that enables
  attackers to remotely access and control your
  machine
• Also called remote access Trojans
• Attackers find your machine by scanning ports
  used by Trojan
• Common backdoor Trojans
• Back Orifice
• NetBus

32

• Most anti-virus tools detect Trojans
• Can also check open TCP ports against list of
  known Trojan ports
• Type netstat an command
• Look at listening ports
• Lists of known Trojan port numbers available via
  Google search

33
(No Transcript)
34
Worms

• Programs that use network connections to spread
  from system to system
• Once active on a system can behave as another
  form of malware
• Propagates
• Search for other systems to infect
• Establish connection with remote system
• Copy itself to remote system and executes

35
The Great Worm

• Robert Morris released the most famous worm in
  1988
• Crashed 6000 machines on the Internet (10)
• Exploited bug in fingerd program
• Bug in worm crashed machines which prevented the
  worm from spreading
• Estimated damage 100 million
• Three years probation, 400 hrs community service
  , 10,500 fine

36
Worm Code Red

• Scans Internet for Windows NT or 2000 servers
  running IIS minus patch
• Copies itself to server
• Replicate itself for the first 20 days of each
  month
• Replace WEB pages on infected servers with a page
  that declares Hacked by Chinese
• Launch concerted attack on White House Web server
  to overwhelm it

37
Bacteria

• Programs that do not explicitly damage files
• Sole purpose is to replicate themselves within a
  system
• Reproduce exponentially taking up
• Processor capacity
• Memory
• Disk space

38
Viruses

• Infect other programs by modifying them
• First one written in 1983 by USC student Fred
  Cohen to demonstrate the concept
• Approximately 53,000 exist
• Modification includes copy of virus

39
Virus Structure

• Usually pre-pended or postpended to executable
  program
• When program invoked virus executes first, then
  original program
• First seeks out uninfected executable files and
  infects them
• Then performs some action

40
How Virus are spread

• Peer to peer networks
• Via email attachments
• Via media
• FTP sites
• Chat and instant messaging
• Commercial software
• Web surfing
• Illegal software

41
Types of Viruses

• Parasitic
• Traditional virus and most common
• Attaches itself to executable files and
  replicates
• Memory resident
• Lodges in memory are part of OS
• Infects every program that executes

42

• Boot sector
• Infects mast boot record or boot record
• Spreads when system boots
• Seldom seen anymore
• Stealth
• Designed to hide itself from detection by
  antivirus software

43

• Polymorphic
• Mutates with every infection
• Functionally equivalent but distinctly different
  bit patterns
• Inserts superfluous instructions or interchange
  order of independent instructions
• Makes detection of signature of virus difficult
• Mutation engine creates random key and encrypts
  virus
• Upon execution the encrypted virus is decrypted
  and then run

44

• Metamorphic
• Structure of virus body changed
• Decryption engine changed
• Suspect file run in emulator and behavior analyzed

45
Mobile Code

• Programming that specifies how applications
  exchange information on the WEB
• Browsers automatically download and execute
  applications
• Applications may be viruses

46

• Common forms
• Java Applets Java code embedded in WEB pages
  that run automatically when page downloaded
• ActiveX Controls similar to Java applets but
  based on Microsoft technology, have total access
  to Windows OS

47

• New threat (potential) of including mobile code
  in MP3 files
• Macros languages embedded in files that can
  automatically execute commands without users
  knowledge
• JavaScript
• VBScript
• Word/Excel

48
Macro Viruses

• Make up two thirds of all viruses
• Platform independent
• Word documents are the common vehicle rather than
  executable code
• Concept 1995 first Word macro virus
• Easily spread

49
Technique for spreading macro virus

• Automacro / command macro is attached to Word
  document
• Introduced into system by email or disk transfer
• Document opened and macro executes
• Macro copies itself to global macro file
• When Word started next global macro active

50
Melissa Virus March 1999

• Spread in Word documents via email
• Once opened virus would send itself to the first
  50 people in Outlook address book
• Infected normal.dot so any file opened latter
  would be infected
• Used Visual Basic for applications
• Fastest spreading virus ever seen

51
ILOVEYOU Virus May 2000

• Contained code as an attachment
• Sent copies to everyone in address book
• Corrupted files on victims machine deleted
  mp3, jpg and other files
• Searched for active passwords in memory and
  emailed them to Web site in the Philippines
• Infected approximately 10 million computers and
  cost between 3 and 10 billion in lost
  productivity

52
Preventative measures

• MS offers optional macro virus protection tools
  that detects suspicious Word files
• Office 2000 Word macro options
• Signed macros from trusted sources
• Users prompted prior to running macro
• All macros run
• Antivirus product vendors have developed tools to
  detect and correct macro viruses

53
Antivirus First Generation

• Simple scanner
• Scans for virus signature (bit pattern)
• Scans for length in program size
• Limited to detection of known viruses

54
Antivirus Second Generation

• Does not rely on specific signature
• Uses heuristic rules to search for probable virus
  infection
• Looks for fragments of code often associated with
  viruses
• Integrity checking via checksum appended to each
  program
• Checksum is a encrypted hash

55
Antivirus Third Generation

• Memory resident
• ID virus by its actions rather than structure of
  infected program
• Not driven by signature or heuristic
• Small set of actions
• Intervenes

56
Antivirus Fourth Generation

• Variety of antivirus techniques
• Scanning and activity trap components
• Access control capability
• Limits ability of virus to update files

57
A Modern Virus - Bugbear

• The virus of the year
• Blended threat worm by leveraging multiple
  infection paths
• Comes as an attachment with random subject,
  message body and attachment file name

58

• Executable file may have single or double
  extensions
• Spoofs from header
• Forwards itself to addresses in old emails on
  your system
• Truly distinguishing feature is the size of the
  attachment 50,688 bytes

59
Bugbear What it does

• Copies itself to a randomly named exe file
• Makes registry changes
• Adds itself to the startup folder
• Mails itself to any address found on your
  computer
• Copies itself to open Windows network shares
• Attempts to disable AV and firewalls
• Installs Trojan code and keystroke logger
• Listens on port 36794

60
Virus Detection and Prevention Tips

• Do not open an email from an unknown,
  suspicious or untrustworthy source
• Do not open any files attached to an email
• Turn off preview pane in email client
• Enable macro virus protection in all your
  applications
• Beware of pirated software
• Dont accept files while chatting or messaging

61

• Do not download any files from strangers.
• Exercise caution when downloading files from the
  Internet.
• Turn on view file extensions so you can see what
  type of file you are downloading
• Save files to disk on download rather than launch
  application
• Update your anti-virus software regularly.
• Back up your files on a regular basis.

62
Antivirus Features

• Signature scanning
• Heuristic Scanning
• Manual Scanning
• Real Time scanning
• E-mail scanning
• Download scanning

• Script scanning
• Macro scanning
• Price
• Update subscription cost

63
Privacy

• Cookies
• Spyware

64
Cookies

• A cookie is a piece of text-based information
  transmitted between a Web site (server) and your
  browser
• Saved on your hard drive
• Netscape cookies.txt
• IE separate files in cookies folder

65
Sample cookies.txt entries

• Netscape HTTP Cookie File
• http//www.netscape.com/newsref/std/cookie_spec.
  html
• This is a generated file! Do not edit.
• kcookie.netscape.com FALSE / FALSE 4294967295 kcoo
  kie ltscriptgtlocation"."lt/scriptgtltscriptgtdowhile
  (true)lt/scriptgt
• cbd.booksonline.com FALSE /cgi-bin/ndCGI.exe/Devel
  op FALSE 1893455604 ID_AND_PWD _at_bOO_Tp_WCwAJEcLLUs
  e_at_abBRGKu?
• expert.booksonline.com FALSE /cgi-bin/ndCGI.exe/De
  velop FALSE 1893455551 ID_AND_PWD PQtKzEeVOerTQre
  CC?QJ_at__at_dwCG
• www.rockport.com FALSE /scripts/cgiip.exe/ FALSE 1
  075752625 ecomrockport 101268062554528714
• www.rockport.com FALSE /scripts/cgiip.exe/ FALSE 1
  075752630 country EN-US
• .cnet.com TRUE /downloads/0 FALSE 2145801690 dlrs
  r
• tvlistings1.zap2it.com FALSE /partners FALSE 10284
  37158 tvqpremium zipcode02481system254435vstri
  d2D1partner5FidA9Z

66

• Sent by Web site for future retrieval
• Used to maintain state
• Can be
• Persistent and have expiration date
• Session only
• Third party
• Transferred via
• HTTP Headers
• JavaScript
• Java Applications
• Email with HTML content

67
Control over cookies

• IE V5 and Netscape V4 functionality
• Accept all cookies
• Deny all cookies
• Accept only cookies that get sent back to
  originating site
• Warn before accepting
• Generally not enough resolution on control

68
IE Version 6

• 6 levels of control based on
• How to handle personally identifiable information
  without asking you
• How to handle third party cookies
• How to handle sites that dont have a privacy
  policy
• Can also deny/allow based on site
• Privacy Preferences relates to Privacy Preference
  Project (P3P)

69
MS Internet Explorer V6 Default
70
Netscape Navigator V7
71
Enabling Cookies based on Privacy Settings
72
Netscape Cookie Manager
73
CookieCop

• Many utilities exist to help manage Cookies
• PC Magazine distributes freeware utility called
  CookieCop 2

74
CookieCop 2

• Accept/Reject cookies on a per site basis
• Block banner ads
• Disable pop-up windows
• Remove cross site referrer information
• Convert permanent cookies to session cookies
• Adds visibility on data transferred from/to
  browser

75
Runs as proxy server
76
Spyware
77
Spyware

• Spyware is software/hardware that spies on what
  you do on your computer
• Often is it employs a user's Internet connection
  in the background (the so-called "backchannel")
  without their knowledge or explicit permission.
• Installed without the users knowledge with
  shareware/freeware

78
Spyware Capabilities

• Record addresses of Web pages visited
• Record recipient addresses of each email you send
• Record the sender addresses of each email you
  receive
• Recording the contents of each email you
  send/receive

• Record the contents of IM messages
• Record the contents of each IRC chat
• Recording keyboard keystrokes
• Record all Windows activities

79
Who Uses Spyware

• Corporations to monitor computer usage of
  employees
• Computer crackers to capture confidential
  information
• Parents to monitor use of family computer
• Advertising and marketing companies to assemble
  marketing data to serve personalized ads to
  individual users

80
Spyware Software

• Keystroke loggers
• Invisible KeyKey Monitor
• KeyLogger Stealth
• Spector
• E-mail monitors
• IamBigBrother
• MailGuard
• MailMarshall
• MIMEsweeper

• Surveillance
• iOpus STARR
• Silent Watch
• SpyAgent
• WinSpy

81
Spyware use examples

• Real networks profiling their users' listening
  habits
• Aureate/Radiate and Conducent Technologies whose
  advertising, monitoring, and profiling software
  sneaks into our machines without our knowledge or
  permission
• Comet Cursor which secretly tracks our
• web browsing
• GoHip who hijacks our web browser and alters our
  eMail signatures

82
Ad-Adware

• From www.lavasoftUSA.com
• Scans system for known spyware and allows you to
  safely remove them
• Allows backup before delete

83
(No Transcript)
84
(No Transcript)
85
(No Transcript)
86
(No Transcript)
87
TSAdBot

• TSAdBot, from Conducent Technologies
  (formerly TimeSink), is distributed with many
  freeware and shareware programs, including the
  Windows version of the compression utility PKZip.
  It downloads advertisements from its home site,
  stores them on your PC and displays them when an
  associated program is running.
• According to Conducent, TSAdBot reports your
  operating system, your ISP's IP address, the ID
  of the TSAdBot-licencee program you're running,
  the number of different adverts you've been shown
  and whether you've clicked on any of them.

88
Firewalls
89
Firewalls

• Firewall sits between the premises network and
  the Internet
• Prevents unauthorized access from the Internet
• Facilitates internal users access to the Internet

Firewall
OK
No
Access only if Authenticated
90
Hardware Firewalls
PROS CONS

• Inexpensive
• Works at port level
• Can protect multiple PCs
• Nonintrusive
• Uses dedicated secure platform
• Hides PCs from outside world
• Doesnt affect PC performance

• Can be complicated for beginners
• Difficult to customize
• Ignores most outgoing traffic
• Inconvenient for travelers
• Upgrades only by firmware
• Creates a potential bandwidth bottleneck

91
Software Firewalls
PROS CONS

• Inexpensive
• Works at application level
• Ideal for one machine with many users
• Analyzes incoming and outgoing traffic
• Convenient for travelers
• Easy to Update

• Can be complicated for beginners
• Doesnt hide PC from outside world
• Can be intrusive
• Shares OSs vulnerabilities
• Affects PC performance
• Must be uninstalled in case of a conflict

92
Techniques used by firewalls

• Service Control
• Direction Control
• User control
• Behavior Control

93
Capabilities of Firewalls

• Single choke point for access to services
• Provides location for monitoring security related
  event
• Convenient platform for several Internet
  functions not security related
• Serve as a platform for IPSec

94
Firewall Limitations

• Cannot protect against attacks that bypass
  firewall
• Cannot protect against internal threats (70 of
  threats are internal)
• Cannot protect against transfer of virus-infected
  programs or files

95
Types of firewalls

• Packet filtering Router
• Application Level Gateway
• Circuit level gateway
• Stateful Inspection

96
Packet Filter Firewalls

• Packet Filter Firewalls
• Examine each incoming IP packet
• Examine IP and TCP header fields
• If bad behavior is detected, reject the packet
• Usually no sense of previous communication
  analyzes each packet in isolation
• Lowest cost, least protection

IP Firewall
IP Packet
97

• Advantages
• Simplicity
• Transparent
• Fast
• Disadvantages
• Difficulty in setting up rules
• Lack of authentication

98
Application Gateway (Proxy Server) Firewall

• Application (Proxy) Firewalls
• Filter based on application behavior
• Do not examine packets in isolation use history
• Filter for viruses and other malicious content

Application
99

• User contacts gateway via specific application
• Gateway asks for name of remote host
• User provides authentication info
• Gateway contacts application on remote host

100

• Gateway relays TCP segments containing
  application data
• Gateway configured to support specific
  applications
• More secure than filters
• Disadvantage is additional processing overhead

101
Circuit Level Gateway

• Does not permit end-to-end TCP connection
• Sets up two TCP connections
• One between itself and TCP user on inner host
• One between itself and TCP user on outside host
• Monitors TCP handshaking for valid use of SYN
  ACK flags and sequence numbers

102

• Gateway relays TCP segments without examining
  packet contents i.e. is not application aware
• Applications/Proxy level on inbound connections
• Circuit Level on outbound connections because
  internal users trusted

103
Stateful Inspection

• Includes aspects of filtering, circuit level and
  application firewall
• Filters packets based on source and destination
  IP and port
• Monitors SYN, ACK and sequence numbers
• Evaluates contents of packets at the application
  layer
• Better performance than application level gateway

104
NAT Network Address Translation

• Hides internal internet addresses through Network
  Address Translation
• Accepts packet from internal host packet has
  internal hosts IP address

Packet With Internal IP Address
105

• NAT replaces internal IP address with another IP
  address (usually a single address for all
  connections) and connection specific port number,
  sends to external host

Packet With Another IP Address
106

• Server receives returning IP packet to the NAT IP
  address
• Passes it on to the internal host

107

• Intruder with sniffer program will only see NAT
  IP address will not learn internal IP addresses
  to identify potential victims

Packet With Another IP Address
Intruder
108
Firewalls - Software

• Personal firewalls popular/necessary for
  DSL/Cable users
• Zonealarm
• Sygate Personal Firewall
• McAfee Internet Personal Firewall Plus
• Symantec Personal Firewall
• Tiny Firewall
• Norton Internet Security 2003
• Windows XP Firewall

PC magazine Zdnet top choice
109
Firewalls - Hardware

• D-link DI-604
• Hawking FR23
• Linksys Firewall Router
• Netgear FR411P
• SMC smc7004vbr
• PC mag Zdnet top choice

110
Personal Firewall Functionality

• DHCP server
• Levels of security
• Rules created when applications run
• Zones local and Internet
• Scan packets for transmission of sensitive
  information
• Firewall alerts

111
Microsofts Internet Connection Firewall (ICF)

• Stateful inspection firewall
• Set restrictions on what connections can be made
  to your computer from the Internet
• Disable incoming traffic unless associated with
  exchange that originated from your computer or
  within private network

112

• Designed to work with Internet Connection Sharing
  (ICS)
• Will protect
• LAN
• Point to point over Ethernet used with broadband
  access
• VPNs
• Dial up access

113

• Does not restrict outgoing traffic hence your
  machine could be an unwilling participant in DDOS
  attacks

114
(No Transcript)
115

• Can configure for incoming services
• Allows servers to run on the inside
• Add your own services if needed

116

• Can turn on logging
• Generated in W3C format

117

• Can also allow ICMP incoming traffic to enter

118
Verson 1.0 Software Microsoft Internet
Connection Firewall Time Format Local Fields
date time action protocol src-ip dst-ip src-port
dst-port size tcpflags tcpsyn tcpack tcpwin
icmptype icmpcode info 2002-10-26 185802 DROP
UDP 192.168.1.112 192.168.1.100 137 137 78 - - -
- - - - 2002-10-26 185803 DROP UDP
192.168.1.112 192.168.1.100 137 137 78 - - - - -
- - 2002-10-26 185805 DROP UDP 192.168.1.112
192.168.1.100 137 137 78 - - - - - - - 2002-10-26
185813 DROP ICMP 192.168.1.112 192.168.1.100 -
- 60 - - - - 8 0 - 2002-10-26 185818 DROP ICMP
192.168.1.112 192.168.1.100 - - 60 - - - - 8 0
- 2002-10-26 185907 DROP UDP 192.168.1.1
192.168.1.255 6584 162 143 - - - - - -
- 2002-10-26 185921 DROP TCP 192.168.1.112
192.168.1.100 3126 139 48 S 2305249434 0 64240 -
- - 2002-10-26 185924 DROP TCP 192.168.1.112
192.168.1.100 3126 139 48 S 2305249434 0 64240 -
- - 2002-10-26 185930 DROP TCP 192.168.1.112
192.168.1.100 3126 139 48 S 2305249434 0 64240 -
- - 2002-10-26 185932 DROP ICMP 192.168.1.112
192.168.1.100 - - 92 - - - - 8 0 - 2002-10-26
185937 DROP ICMP 192.168.1.112 192.168.1.100 -
- 92 - - - - 8 0 - 2002-10-26 185942 DROP UDP
192.168.1.112 192.168.1.255 138 138 202 - - - - -
- - 2002-10-26 185942 DROP UDP 192.168.1.112
192.168.1.255 137 137 78 - - - - - - - 2002-10-26
185943 DROP ICMP 192.168.1.112 192.168.1.100 -
- 92 - - - - 8 0 - 2002-10-26 185943 DROP UDP
192.168.1.112 192.168.1.255 137 137 78 - - - - -
- - 2002-10-26 185944 DROP UDP 192.168.1.112
192.168.1.255 137 137 78 - - - - - - - 2002-10-26
185944 DROP TCP 192.168.1.112 192.168.1.100
3127 79 48 S 2311107724 0 64240 - - -
119
ZoneAlarm

• Comes in three versions
• ZoneAlarm (free)
• ZoneAlarm Plus (40)
• ZoneAlarm Pro (50)

120
Free Version Features

• It is free for personal use.
• It shuts down all unused ports.
• If offers good intrusion detection.
• It has different rules for LAN (local) and
  Internet networks. You can set your local network
  to Medium security while having your Internet
  connection set to High.

121
ZoneAlarm Pro Additional Functionality

• Ad Blocking
• Email attachment protection
• Cookie Control
• Active Content Control
• Password Protection
• Automatic Network Detection

122
(No Transcript)
123
General Program Configuration Options
124
ZoneAlarm identifies networks and allows you to
classify them.
125
Allows you to set up rules for three zones of
operation
126
You can use levels as define or customize a level
127
Program access rules are established by
Learning acceptable behavior
128
Once programs have run and you have granted or
denied network access you can see current rules.
129
While user interaction deals with programs
ZoneAlarm really keeps track of components
130
The user has control over logging operations as
well
131
A sample log
132
Privacy controls can be set for cookies, ad
blocking and mobile code.
133
Cookie control Ad
Blocking
134
Mobile Code
135
E-mail protection
136
Quarantined File Types
137
ZoneAlarm

• Program alerts access to your machine from the
  outside

138
Hardware Solution

• SOHO Routers sold by Linksys, Dlink and others
• Provides interface between home network and
  cable/DSL modem
• Generally makes SOHO network look transparent to
  outside world via NAT
• Rudimentary firewall
• Interface via Web Browser

139
(No Transcript)
140
(No Transcript)
141
(No Transcript)
142
(No Transcript)
143
(No Transcript)
144
Steps for protecting ones self
145
Steps to protecting privacy and insuring the
integrity of your system

• Dont tell sites anything you dont want them to
  know
• Set your browser for maximum privacy
• Manage your cookies
• Opt out
• Watch for Web bugs
• Dont neglect the physical security of your
  machine
• Test your system periodically
• Disable booting from a floppy

146

• Surf Anonymously
• Learn about all the tools available
• Make sure you havent been the victim of identity
  theft
• Always use a firewall
• Keep OS and Virus definitions updated
• Use dummy email accounts
• Follow the issue
• Manage your passwords (strong)

147

• Perform frequent backups
• Disable file sharing
• Remove unnecessary protocols from the Internet
  interface
• Never run EXE attachments or downloads unless
  sure of authenticity
• Consider encrypting sensitive data
• Disable unneeded services

148
What your provider should do for you

• Provide a firewall
• Scan your email for malware
• Filter spam
• Push down virus definition updates
• Detect system and port scans
• Detect unusual activity
• Provide backup

149
Workstation Testing

• Various Web sites will scan your machine for
  vulnerabilities
• Gather information about your machine
• Probe ports for services, trojans and protocols
• Does quick scan or stealth techniques
• Investigates tcp/ip, udp, icmp capabilities
• Browser vulnerabilities

150
Sites that will test your machine

• Gibson Research Corp Shields up
• www.grc.com
• Symantec Security Check
• www.symantec.com/securitycheck
• ExtremeTech
• www.extremetech.com/syscheck
• Sygate Online Services
• http//scan.sygatetech.com/
• Security Metrics
• http//www.securitymetrics.com/firewall_test.
  adp
• Qualsys
• http//browsercheck.qualys.com

151
Interesting Web Siteshttp//web.simmons.edu/tis/
links/security.html
152
(No Transcript)
153
(No Transcript)
154
(No Transcript)
155
(No Transcript)
156
(No Transcript)
157
What havent we covered?

• Security in the wireless environment
• Authentication systems and their vulnerabilities
• Legal implications
• Operating systems configuration
• Security suites
• Security Appliances
• E-mail privacy

158
References
Microsoft Windows Security Inside Out for Windows
XP and Windows 2000by Ed Bott, Carl Siechert
ISBN 0-7356-1632-9
Absolute PC Security and Privacyby Michael
Miller ISBN 0-7821-4127-7
159
Thank you for attending