CSI 1306

1
CSI 1306

• SECURITY

2
CONTENTS

• 1 - What is computer security?
• 2 - Destruction by viruses
• 3 - Stealing information and loss of privacy
• 4 - Protection by passwords
• 5 - Other data protection techniques (privacy)
• 6 - e-mail security
• 7 - Risks with on-line transactions
• 8 - Internet security or vulnerability ?
• 9 - Network security (local area networks)

3
1 - WHAT IS COMPUTER SECURITY?
4
1 - WHAT IS COMPUTER SECURITY?

• Computer Security is the protection of data from
  unauthorized or accidental access, modification
  or destruction.
• 1 The system operates as it is supposed to
  (downtime is minimal)
• ? this refers to "Operating Reliability"
• 2 The data processed by the system can always
  be accessed
• ? this refers to "Data Availability"
• 3 The information stored in the system or
  travelling through networks cannot be read or
  modified except by people who are entitled to do
  so
• ? this refers to Privacy

5
1 - WHAT IS COMPUTER SECURITY?

• ? In all cases, the guidelines for computer
  systems safety are
• DANGERS SOLUTIONS
• Operating reliability Mirrored Hardware
• Availability of data Backups, Mirrored Disks,
  Antivirus
• Information Privacy Access Control, Encryption
• ? We will address those aspects of computer
  systems safety that are threatened by criminal
  behaviour (i.e. unauthorized).
• ? So, let's explore the two main types of attacks
  encountered by computer systems, including
  personal computers
• - Viral Destruction
• - Stealing Information using Spyware

6
2 - DESTRUCTION BY VIRUSES
7
2 - DESTRUCTION BY VIRUSES

• Definitions Viruses and Trojans
• ? A VIRUS is an autonomous program that modifies
  the normal operation of a computer system (normal
  is what it was before the insertion of the
  virus).
• ? To be effective, a virus should
• 1 Propagate itself
• 2 Replicate itself before it reveals its
  presence
• by its destructive effects
• 3 Be able to affect the normal operation of
  the
• computer system
• ? A TROJAN virus is one that is hidden inside
  another program

8
2 - DESTRUCTION BY VIRUSES

• Who creates viruses ? . !!!!
• Origin of virus contamination Contact with
  another infected computer program.
• How ? The contaminated file is copied to another
  computer that then also becomes contaminated !
• WHERE CAN THE VIRUS RESIDE?
• - Every portion of an executable program
• (e.g. .com, .exe, .sys, .bin, .ovr, .ovl,
  .dll)
• - Boot sector of a hard drive or a floppy disk
• - Macros in Microsoft's tools (Excel, Word, etc.)
• - Data files No

9
2 - DESTRUCTION BY VIRUSES

• PROTECTION IS BASED ON DETECTION OF
• A VIRAL PORTION OF CODE OR
• TAMPERING WITH A FILE
• AND THE REMOVAL OF THE VIRAL CODE WHEN FEASIBLE
  OR RELOADING OF A PREVIOUS, CLEAN BACKUP COPY OF
  THE FILE
• Three Types of Detection
• 1 - Scanning a file for known viral code
• 2 - Comparing the mathematical characteristics of
  a file with a previous, clean version (a simple
  comparison criteria is the length of the file in
  bytes)
• 3 - Heuristic scanning of a file which involves
  intelligent analysis of the code (looking for
  suspicious instructions such as those which
  modify disk partitions or the file allocation
  table)

10
3 STEALING INFORMATION / LOSS OF PRIVACY
11
3 STEALING INFORMATION / LOSS OF PRIVACY

• The information stored on a personal computer can
  be stolen
• - Through direct physical access
• - Through a network connection
• Through a network connection there are
  currently 2 types of spyware Passive and
  Active Spyware
• - Passive Spyware "listens" to what the spied
  user does
• - Active Spyware is designed to gain control of
  the victimized computer

12
3 STEALING INFORMATION / LOSS OF PRIVACY

• Characteristics of Spyware
• It is installed on the user's PC in the "shadow"
  of installation of a legitimate software product
  or during access to a web site
• Once installed on the user's PC, the spy records
  all of the user's keystrokes (in the same way as
  the Macro Recorder records all the user's
  actions), and transmits the collected information
  to the Internet IP address of the spy
• Remote control of the computer allows the spy to
  not only listen, but also to modify programs and
  data. Incidentally, this is a legitimate
  activity for system administrators to detect and
  fix problems on remote computers. They use
  software such as Carbon Copy, SMS or PC-Anywhere.
  

13
3 STEALING INFORMATION / LOSS OF PRIVACY

• Examples of spyware include
• BackOrifice (which was identified in November
  1998 as being used for criminal purposes) takes
  control of users' PCs over the Internet without
  the user noticing it. The user may notice
  degraded performance however.
• ? BackOrifice is active spyware
• Aureate Products detect the users activity and
  report it to the IP address of the company who
  installed the software. These are commercial
  software products sold to Internet Web providers
  to help them identify a users Internet habits.
  They can be installed on the users computer when
  he/she visits the web site.
• ? Aureate is passive spyware

14
4 PROTECTION BY PASSWORDS
15
4 PROTECTION BY PASSWORDS

• A password is a string of approximately 5-10
  characters which is used to gain access to a
  computer resource
• - The greater the number of characters in a
  password AND
• - The greater the number of different characters
  in a password
• ? the more difficult it is to crack
• Passwords protect/grant access to
• 1 The computer, i.e. BIOS password
• 2 Files and directories
• 3 Resources on remote computers (telnet, ftp,
  etc.)
• 4 Various privileges or rights (read, write,
  create/delete files/dirs, execute)

16
4 PROTECTION BY PASSWORDS

• SO WHAT IS THE PROBLEM WITH PASSWORDS ?
• They can easily be cracked because
• 1 They are easy to guess (ID myname, pwd
  my pet's name)
• 2 They are written somewhere (Post-It, File)
• 3 They are transmitted on the Internet when
  used for protocols
• such as telnet, ftp,
• 4 They are stolen by spyware the key strokes
  are sent over the Internet to the "spy" who
  installed the software
• 5 They can easily be cracked by dedicated
  software
• Conclusion Password protection is VERY WEAK
  PROTECTION !
• Other techniques such as finger, palm, retina and
  voice identification are being perfected

17
5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)
18
5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)

• Data that you do not want people to see ...
  According to what you mean by Data Protection",
  there are 3 different techniques for protecting
  that data
• 1 DESTRUCTION of data
• ? FILE SHREDDING (dont just delete a
  file first, replace the file contents with 0s
  or any other characters)
• 2 If you want to be the ONLY person that can
  read your data ? ENCRYPT your data with
• - A password (very weak encryption)
• - DES (Data Encryption System) each 64 bit
  block is encrypted by your own secret 56-bit key.
  DES software for Windows is available as
  freeware.

19
5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)

• 3 If you want to exchange secret information
  with another person, use
• ? ENCRYPTION based on the RSA algorithm
• (The name RSA is derived from the names of the
  three MIT researchers who devised this algorithm
  Rivest, Shamir Adleman)
• ? RSA uses one Public Encrypting Key and
• a second Secret Decrypting Key
• RSA uses calculations with high prime numbers
• PGP (Pretty Good Privacy) software encrypts data
  using the RSA algorithm
• - PGP is freeware and runs on a wide variety of
  platforms

20

• "How-to" with PGP/RSA
• a - Asterix, your Friend, plans to send you the
  following ultra-secret message
• MSG "Let's attack Julius Caesar
  to-morrow at dawn"
• b - Asterix is the sender, you are the receiver.
• c - Asterix encrypts the message with YOUR PUBLIC
  KEY (PubKey) which you have distributed widely,
  publicly, and possibly uploaded to a dedicated
  server that is accessible to many people.
• d - The result of the Encryption is an encrypted
  message (CRYPT_MSG)
• PGP_using_PubKey(MSG) CRYTP_MSG
• e - CRYPT_MSG is sent over the Internet.
• f - You receive CRYPT_MSG and start decrypting
  it using your Private Secret Key (PrivKey)
• g You decrypt the message by applying
• PGP_using_PrivKey(CRYPT_MSG) MSG

21
5 - OTHER DATA PROTECTION TECHNIQUES (PRIVACY)

• In summary, we have two types of encryption
  strong and weak
• ?? 1 Strong Encryption
• Definition An encryption that is
• neither the open publication of its algorithm,
• nor the availability of the public key
• and enormous computer expertise bandwidth
• can compromise the security of the encrypted
  message
• ?? 2 Weak Encryption
• Definition Encryption that is not strong !

22
6 - E-MAIL SECURITY
23
6 - E-MAIL SECURITY

• VULNERABILTY OF E-MAIL MESSAGES
• Where ?
• 1 On the user's computer a hacker can access
  the user's computer
• 2 On the e-mail server
• - by the e-mail server administrator
• - by a hacker who manages to gain supervisor
  status on
• this server
• this person can look at anything
• 3 On one of the computers that relay the e-mail
  traffic

24
6 - E-MAIL SECURITY

• SOLUTIONS for PROTECTING E-MAIL MESSAGES
• 1 ENCRYPT THE MESSAGE CONTENT
• 2 USE FAKE MAIL and ANONYMOUS REMAILER
• Nobody will know who sent the message
• FAKE MAIL is the capability to send e-mail over
  the Internet using an altered return mail address
  (can also alter the reply to field in your
  e-mail software).
• ANONYMOUS REMAILERS you send your message to a
  server that transforms all the technical header
  and control data in your message, so that it is
  impossible to know where the message came from.

25
7 - THE RISKS OF ON-LINE TRANSACTIONS
26
7 - THE RISKS OF ON-LINE TRANSACTIONS

• Modern e-commerce Customers shop from home and
  pay using their credit cards.
• Regularly companies claim that their techniques
  are safe but .. at times, credit cards numbers
  are reported as having been stolen.
• The issues
• - Identify definitively the author of the
  transaction Is the person really authorized to
  use this credit card?
• - Ensure that the information concerning the
  credit card will not be stolen during the
  transfer over the Internet (or from the companys
  files)
• ? Are definitely not solved ? will they
  be one day ??
• SO, IS IT SAFE TO TYPE A CREDIT CARD NUMBER ON
  YOUR KEYBOARD AND SEND IT OVER THE INTERNET?

27
7 - THE RISKS OF ON-LINE TRANSACTIONS

• On one hand, the risks are minimal, according to
• - Companies who conduct E-commerce over the web
• - Providers of E-commerce software who embed
  secure encryption techniques
• - They will also highlight the fact that paying
  with a credit card in a shop is not secure, since
  we cannot be sure that the merchant will not make
  a duplicate impression
• On the other hand,
• - What if the encryption techniques are not as
  safe as their promoters claim? Historically,
  every time a security feature is implemented,
  someone has circumvented it.
• - What if spyware is installed on the computer ?
• - There are experts who say that they would never
  type their credit card number on a keyboard
• ?So, we recommend caution!

28
8 - INTERNET SECURITY or VULNERABILITY ?
29
8 - INTERNET SECURITY or VULNERABILITY ?

• Are Personal Computers Hacked?
• ? Yes, sometimes. There is software
  specifically designed for this task (Back
  Orifice, for instance)
• ? But less often than servers !!!!
• The VULNERABILITY OF A PERSONAL COMPUTER RESULTS
  FROM UNAUTHORIZED ACCESS (Back Orifice, Aureate
  products)
• WHO HAS ACCESS TO THE USER'S COMPUTER ?
• The answer is potentially ALL the other
  computers connected to the internet!? THE RESULT
  IS UNAUTHORIZED ACCESS TO DATA (AND POSSIBLE
  MODIFICATION OR DESTRUCTION OF IT), AS WELL AS
  POSSIBLE ALTERED OPERATION OF THE COMPUTER

30
8 - INTERNET SECURITY or VULNERABILITY ?

• SOLUTION 1 Use access filtering of
  communications with other computers by installing
  a Firewall
• What is a Firewall ?
• A system that enforces an access control policy
  between 2 systems (i.e. Internet and the user's
  computer). It blocks traffic that is supposed to
  be dangerous and permits normal traffic. For
  example, configure the firewall to permit only
  e-mail traffic and block services that are known
  to be potential problems

31
8 - INTERNET SECURITY or VULNERABILITY ?

• - a Hardware Firewall is a frontal computer, also
  sometimes called a portal, that is connected
  directly to the Internet and filters all the
  communications between the Internet and the
  user's personal computer. The frontal computer
  can simply be another PC with an operating system
  and filtering software an old 386 could act as
  a hardware firewall for a newer Pentium
  computer.
• - a Software Firewall simply filters the
  communications between the Internet and the
  user's computer. There are now several versions
  for PCs running under Windows or Linux (Atguard
  or TimeZone-Freeware)

32
8 - INTERNET SECURITY or VULNERABILITY ?

• SOLUTION 2
• Since there is a never ending race between new
  protections and attacks on them, you should
  always use the most recent Internet protection.
  (e.g. keep your virus detection software updated)

33
8 - INTERNET SECURITY or VULNERABILITY ?

• THE VULNERABILITY OF SERVERS HACKING A
  PROVIDERS SERVER
• DOS Denial of Service attacks
• The hacker sends repeated requests to access the
  server with a high priority rank, so the server
  has no opportunity to serve its clients.
• The server being attacked is not available to its
  clients.
• Many DOS attacks are reported regularly.
• Data Alteration Webpage Missing
• One regularly reads that this situation might be
  the result of poorly maintained servers but
  recently, in the year 2000, the servers of well
  known companies have been hacked (Microsoft,
  Yahoo, Amazon)

34
8 - INTERNET SECURITY or VULNERABILITY ?

• - AT TIMES THE USER INADVERTENTLY MAKES ALL THE
  FILES ON HIS WEB SITE ACCESSIBLE TO ALL INTERNET
  USERS
• ? No index.html
• - SO WHAT ABOUT KEEPING TRACK (LOGGING) OF ALL
  CONNECTIONS TO A SERVER IN ORDER TO DETECT
  HACKING ATTEMPTS ?
• ? An enormous burden

35
9 - NETWORK SECURITY
36
9 - NETWORK SECURITY

• Network security requires experts. So a position
  called Network Security Administrator has been
  created.
• The required expertise varies according to the
  software used for operating the network Novell,
  IBM SNA, MS-NTservers, etc.
• The main tasks of a Network Security expert are
• - Assignment of rights to users
• - Providing hardware and software protection for
  data privacy
• - Creating backups for restoring data in case of
  destruction
• - Establishing and managing a disaster recovery
  plan

37
9 - NETWORK SECURITY

• First Rule of Security on a Network
• If you want your data to be absolutely protected,
  never make it accessible to anybody.
• e.g. Do not connect your companys payroll system
  to the network.