Presentation on theme: "Malicious Attacks Nicole Hamilton, Dennis Meng, Alex Shie, Lio Sigerson."— Presentation transcript:
Malicious Attacks Nicole Hamilton, Dennis Meng, Alex Shie, Lio Sigerson
In terms of computing, a malicious attack can be any physical or electronic action taken with the intent of acquiring, destroying, modifying, or accessing a users data without permission. Physical attacks typically mean either the theft of hardware storing personal/confidential information or the destruction of said hardware. Electronic attacks (the focus of this presentation) involve unauthorized access or unauthorized modification of the users computer. What is a malicious attack?
Unauthorized Access The attacker accesses the victims data by acquiring the victims password People sometimes pick easy to guess passwords (unless they take C@CM) People sometimes write down their passwords on paper or tell their friends Attackers can write a password generator The password may be acquired through spoofing or phishing (defined in later slides)
Types of malicious attacks VirusesWorms Trojan horses Logic bombs (a.k.a. Time bombs) TrapdoorsPhishing/Spoofing
Virus – a program capable of copying itself to another. Viruses usually steal/destroy data, but a very small majority are simply pranks. Worm – a type of virus that does not need human aid to proliferate. Usually worms will spread via networks or the Internet. Trojan – a type of virus that disguises itself as a legitimate program.
Logic bombs (Time Bombs) pieces of code that remain inactive until a certain event specified by the attacker occurs; then the bomb renders the system inoperable.
Trapdoors – a code placed within the system that allows a third party to bypass system security at any convenient time.
Phishing – using a fake website to steal personal information Spoofing – similar to phishing, except the dummy object is now a log-on screen that asks for a user name and password that gets passed on to the attacker.
History of malicious attacks First viruses distributed through infected floppy disks, originally caused by programming errors 1982 – Logic bomb used in the Trans-Siberian Pipeline incident 1984 – Fred Cohen first uses the term computer virus 1986 – First Trojan Horse appears (PC-Write Trojan, disguised as PC-Write v. 2.72) 1999 – First e-mail virus appears (Melissa) 2001 – Worms first appear
Why are malicious attacks worth the worry? Billions of dollars of damage are caused each year by malicious attacks. Countless people have lost important data and even their identities due to a malicious attack. Malicious attacks can also make their way into computers at the workplace, possibly jeopardizing businesses.
Challenges with combating malicious attacks - the complexity and time needed for sufficient software to combat the different types of viruses and attacks - the rapid changes in viruses - New hackers and evolving methods for hacking and guessing at passwords
How to prevent becoming a victim Education Adequate software Computing habits
Education subscribe or read monthly a website or newsletter that tells about new threats (Ex. Yahoo! Newshttp://news.yahoo.com/fc/tech/computer_viruses http://news.yahoo.com/fc/tech/computer_viruses Yahoo news gives a run down of on issues relevant to malicious attacks and provides info as to how handle issues that may arise. Educate family members or others that may use your computer or network There is lots of help out there. Just look!!
Software - install a personal firewall to prevent unauthorized access - install spyware and Trojan Horse/anti- virus protection - Install more then one type of protection
Safe Computing habits Always update: Updates fix problems that may exist within programs. Use Windows Update to find updates on a regular basis. Computer basics and beyond.com suggest more explicitly the following : -> Keep your hard drive clean with Disk Cleanup and run Disk Defragmenter periodically (once a month) to consolidate your files. -> Backup important files often to protect data loss. Read Windows XP Backup Made Easy and Back Up Basics. If a file is important, save it in multiple places (off your pc). -> Make sure to disconnect your computer from the Internet when you aren't using it. -> Use strong passwords (Password Generator), change them often and always change passwords after infection cleanup
Passwords Use this website to check and see if your password is strong enough. A strong password is one more line of defense you have to use against attackers. http://www.microsoft.com/protect/fraud/passwords/checker.aspx 6 steps to build a strong password: 1)The strongest passwords look like a random string of characters to attackers. But random strings of characters are hard to remember. 2) Make a random string of characters based on a sentence that is memorable to you but is difficult for others to guess. Think of a sentence that you will remember, Example: "My son Aiden is three years old Turn your sentence into a password Use the first letter of each word of your memorable sentence to create a string, in this case: "msaityo".
3) Add complexity to your password or pass phrase Mix uppercase and lowercase letters and numbers. Introduce intentional misspellings. For example, in the sentence above, you might substitute the number 3 for the word "three", so a password might be "MsAi3yo". 4) Substitute some special characters Use symbols that look like letters, combine words, or replace letters with numbers to make the password complex. Using these strategies, you might end up with the password "M$8ni3y0. 5) Test your new password with Password Checker Password Checker evaluates your password's strength as you type. Password Checker 6) Keep your password a secret Treat your passwords with as much care as the information that they protect.
More Safety Tips - Use multiple virus scanners (just in case one particular scanner misses certain viruses). - Do not open junk mail, or e-mail from unknown sources. -Check file extensions of attachments. The most dangerous attachments include executable files (.exe,.bat,.com) and script files (.vbs). Also, be wary of files with macro capabilities (like.doc and.xls). Generally, picture files (.jpg,.gif,.bmp,.png) and plain text (.txt) are safe, but be careful nonetheless. - Scan e-mail attachments and downloaded files for viruses - For those who still use floppy disks, viruses cannot copy itself onto a write-protected floppy disk. Therefore, keep them write-protected if possible
Sources Bhaskar, Krish. Threats. Computer Security: Threats and Countermeasures. Oxford: NCC Blackwell Ltd, 1993. 1-13. Print. Bocij, Paul. The Dark Side of the Internet: Protecting Yourself and Your Family from Online Criminals. Westport: Praeger, 2006. DeFrancesco, Angela. Network Attack Modeling and Simulation. Carnegie Mellon Information Networking Institute 2005-20 (2005): 1-104. Tales of Trojan Horses. SmartComputing.com. Smart Computing, February 2003. . 27 September 2009. Logic Bomb. Wikipedia.com, 11 August 2009. . 27 September 2009. http://www.microsoft.com/protect/fraud/passwords/create.aspxhttp://www.microsoft.com/protect/fraud/passwords/create.aspx (Microsoft online safety) http://www.microsoft.com/protect/fraud/passwords/create.aspx http://www.computerbasicsandbeyond.com/tutorials/prevent_attacks.htmlhttp://www.computerbasicsandbeyond.com/tutorials/prevent_attacks.html (Computer Basics & Beyond: Preventing malicious attacks) http://www.computerbasicsandbeyond.com/tutorials/prevent_attacks.htmlNews.yahoo.com