Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Threats to the E-Learner Steven Furnell Steven Furnell Network Research Group University of Plymouth United Kingdom.

Similar presentations


Presentation on theme: "Network Security Threats to the E-Learner Steven Furnell Steven Furnell Network Research Group University of Plymouth United Kingdom."— Presentation transcript:

1 Network Security Threats to the E-Learner Steven Furnell Steven Furnell Network Research Group University of Plymouth United Kingdom

2 Overview Introduction Threats facing e-learners What e-learners need to know Addressing the problems Conclusions

3 Introduction The Internet has always had a reputation for being unsafe Increasing range of threats and scams that specifically target the end-user community affects both domestic and workplace contexts affects both domestic and workplace contexts Users can represent attractive targets lack of technical knowledge, and occasional gullibility, can make them vulnerable lack of technical knowledge, and occasional gullibility, can make them vulnerable attackers hunt the easy prey! attackers hunt the easy prey!

4 Introduction Many threats not only affect online users, but specifically target them Represents a clear concern for users themselves, who do not wish to become victims for users themselves, who do not wish to become victims for institutions, if their users should unwittingly cause or facilitate a security breach for institutions, if their users should unwittingly cause or facilitate a security breach Important to ensure that users do not undermine the attempts to protect them

5 Threats facing e-learners

6 yoursystem@risk Virus Spam Hacking Denial of Service Phishing Identity Theft Worms Spyware Trojan Horses

7 Spam Junk email that is, at the least, an annoyance Can also lead to other problems: can cause embarrassment and offence as a result of their frequently dubious subject matter can cause embarrassment and offence as a result of their frequently dubious subject matter users can waste time looking at it or be tricked into scams users can waste time looking at it or be tricked into scams Can easy receive several hundred kilobytes of spam per day costly if downloading on a slow link and/or paying by the byte costly if downloading on a slow link and/or paying by the byte

8 Spam Over 66% of email traffic in the last month (MessageLabs)

9 Spam examples Many messages give themselves away as being unlikely to be legitimate simply from the titles: Don't Buy Vi-gra Don't Buy Vi-gra you can't beat our RX you can't beat our RX She wants a better sex? All you need's here! She wants a better sex? All you need's here! Put your property on the front page Put your property on the front page St0ck Market Standout? St0ck Market Standout? Horny pills - low price Horny pills - low price I am really happy I got this nice thing on-line! I am really happy I got this nice thing on-line! The Ultimate pharmacy The Ultimate pharmacy

10 Spam examples Others, however, could be mistaken for something legitimate... FYI FYI You computer are INFECTED You computer are INFECTED Urgent and confidential Urgent and confidential Dear Sir Dear Sir Re [5]: Re [5]: Some users may still get suspicious because of unknown sender, but others may be fooled

11 Bogus Qualifications Trust in the e-learning provider is vital for both e-learners and prospective employers Bogus qualifications can already be obtained via the Internet may lead to suspicion and adverse publicity may lead to suspicion and adverse publicity undermine the credibility of legitimate e-learning courses / providers undermine the credibility of legitimate e-learning courses / providers Consider the following, received via email...

12 Bogus Qualifications

13 Phishing Another threat typically initiated via email Attempts to dupe users into divulging sensitive information Current attacks have tended to target personal data relating to the user e.g. bank account and credit card details e.g. bank account and credit card details However, similar techniques could target information to compromise an institution e.g. passwords and institutional details e.g. passwords and institutional details

14 Going phishing A bogus email message...

15 Going phishing... and a bogus website 55,643 new sites in April 2007 11,121 in April 2006 (Anti-Phishing Working Group)

16 Spyware Parasitic software that invades users privacy Can divulge details of browsing habits and other sensitive details from target system captured information can be transmitted to a 3 rd party captured information can be transmitted to a 3 rd party puts both personal and corporate data at risk of abuse puts both personal and corporate data at risk of abuse One of the most prominent threats in recent years 6 out of 10 home PCs are infected 6 out of 10 home PCs are infected (AOL/NCSA 2005)

17 Spyware One of the most prominent threats in recent years Market for anti-spyware products predicted to grow from $12M in 2003 to $305M by 2008 (source: IDC)

18 Malware Viruses, worms and Trojan horses Over 231,540 known strains over 8,830 in Mar 2007 over 8,830 in Mar 2007 Commonly targets end-users bogus email attachments bogus email attachments infected web pages infected web pages peer-to-peer file sharing peer-to-peer file sharing Once run, the malware may then target the user in other ways e.g. stealing their data or hijacking their system e.g. stealing their data or hijacking their system

19 Malware Evolution Many early viruses were more of a nuisance than actually harmful The Ambulance virus (1990)

20 Less reliance upon users Early 1990sRelied upon people to exchange disks between systems, to spread boot sector and file viruses Mid 1990s A move towards macro viruses, which enabled the malware to be embedded in files that users were more likely to exchange with each other Late 1990sThe appearance of automated mass mailing functionality, removing the reliance upon users to manually send infected files TodayAvoiding the need to dupe the user into opening an infected email attachment, by exploiting vulnerabilities that enable infection without user intervention

21 Chances of avoiding malware 1 in 790 messages infected 1 in 68 messages infected

22 Slammer / Sapphire Worm Fastest spreading worm Exploited a known vulnerability in the software (patch already released by Microsoft in July 2002) Not destructive – its only aim was to spread Infected systems doubled every 8.5 seconds 90% of vulnerable systems got infected in just 10 minutes

23 The Spread of a Worm Sapphire / Slammer 2003 25 Jan 2003 - 05:29:00 / 0 victims

24 The Spread of a Worm 31 Minutes Later 25 Jan 2003 - 06:00:00 / 74,855 victims

25 Slammer: The end result Ultimately infected over 120,000 systems Volume of Slammer traffic affected many people: Brought down the entire telecommunications service in South Korea Disrupted over 13,000 Bank of America cash machines degraded performance by up to 30% in the Asia-Pacific region and by 10% in the US Disruptive effects estimated to have cost up to $1.2bn

26 Hacking Hackers may target an end-user system for various reasons: a soft option for some mischief a soft option for some mischief a convenient file repository a convenient file repository a platform for attacking other systems a platform for attacking other systems Users can also be targeted as sources of sensitive information social engineering social engineering

27 Hacking Hackers may enter by many means may use one of the other threats as an entry mechanism may use one of the other threats as an entry mechanism e.g. phishing for a password, using malware to open a backdoor e.g. phishing for a password, using malware to open a backdoor May achieve unlimited control over the compromised system exposing the user to a full range of confidentiality, integrity and availability impacts exposing the user to a full range of confidentiality, integrity and availability impacts

28 Examples of what hackers do Website Defacement – December 1996 One of 20 defacements recorded that year

29 Examples of what hackers do Website Defacement – June 2003 One of 1000s of defacements recorded that month

30 Impacts and ease of avoidance The threats are not of equal magnitude differing potential to trouble end-users differing potential to trouble end-users Likelihood of avoiding the impact is often different to avoiding the threat e.g. Spam e.g. Spam extremely prevalent but generally easy to prevent it becoming a real problem to users avoiding the impact will be related to security safeguards and user awareness

31 Impacts and ease of avoidance Spam Phishing Spyware Malware Hacking Potential impact Impact avoidance + Hard - Med Easy

32 Impacts and ease of avoidance Spyware Easier to avoid than malware Easier to avoid than malware often installed from an explicit user action (e.g. installing free software of dubious origin) Often harder to eradicate once installed Often harder to eradicate once installedMalware Harder to avoid – more attack vectors Harder to avoid – more attack vectors Greater range of potential impacts Greater range of potential impacts

33 What e-learners need to know

34 Why the threats might affect them, and what the impacts could be Possible contexts in which each threat can be encountered Capabilities of any technological safeguards in use (i.e. the level of protection provided)

35 Understanding the threat Need to appreciate how a threat could harm them what could spyware determine from their activities? what could spyware determine from their activities? what could malware damage or steal? what could malware damage or steal? Also need to appreciate why they would be targeted may otherwise assume that there is no reason for it to happen (e.g. little to offer compared to bigger targets) may otherwise assume that there is no reason for it to happen (e.g. little to offer compared to bigger targets) Choice of target depends upon the attackers motives a vulnerable end-user system may be much more convenient than a hardened corporate server a vulnerable end-user system may be much more convenient than a hardened corporate server e.g. many botnet participants are compromised user systems e.g. many botnet participants are compromised user systems

36 Understanding the attack vectors Email is still the main (visible) route BUT other avenues are also vulnerable and getting used e.g. Instant Messaging is now a viable option for both malware infection and phishing attempts e.g. Instant Messaging is now a viable option for both malware infection and phishing attempts however, without advice to contrary, users may feel they are safe as long as they are not using email however, without advice to contrary, users may feel they are safe as long as they are not using email Threats are becoming more complex in terms of the tricks they use to dupe users heightens the need for awareness amongst the possible victims heightens the need for awareness amongst the possible victims

37 Understanding the protection Users are presented with a potentially confusing array of technologies anti-virus, anti-spyware, anti-spam, personal firewall, etc. anti-virus, anti-spyware, anti-spam, personal firewall, etc. Need to understand how they relate to the threats In some cases, aspects are clear from the names, but not always...

38 Understanding the protection Malware protection is provided by software conventionally referred to as anti-virus Some users may wonder if additional software is needed for worms and Trojan horses Some users may wonder if additional software is needed for worms and Trojan horses Others may over-estimate protection and assume that AV will handle all malicious code, such as spyware Others may over-estimate protection and assume that AV will handle all malicious code, such as spyware

39 Understanding the protection The name of the technology does not always indicate the threats it deals with Users own perception may be inaccurate A firewall blocks suspicious Internet traffic A firewall blocks suspicious Internet traffic But it doesnt block spam or phishing messages, which most users would consider suspicious But it doesnt block spam or phishing messages, which most users would consider suspicious

40 Addressing the problems

41 What we need to protect us... Anti-virus Anti- Spam Passwords Intrusion Detection Anti- Phishing Anti- Spyware Personal Firewall Backup Auto Updates

42 Use security technologies Essential to deploy and maintain appropriate protection on end-user systems Potentially troublesome for domestic users knowing what it is supposed to do knowing what it is supposed to do problems configuring and using it problems configuring and using it Users must feel like the beneficiaries of the technologies rather than the victims explain and train explain and train

43 Increase awareness Problems relating to users understanding can be addressed via awareness-raising Potential unwillingness to devote resources e.g. impacts of phishing affect the individual rather than the institution e.g. impacts of phishing affect the individual rather than the institution However, any security awareness is good making users more threat-aware could increase their caution in other contexts making users more threat-aware could increase their caution in other contexts Some threats are harder to educate against malware cannot be defeated by awareness alone... malware cannot be defeated by awareness alone...... but a clear understanding of infection vectors can still help... but a clear understanding of infection vectors can still help

44 Evidencing the problem Presenting specific evidence can help to persuade and convince Security administrators could assess users reactions to the threats: would they freely reply to an email that requests sensitive information? would they freely reply to an email that requests sensitive information? would they open unsolicited email attachments from an unknown source? would they open unsolicited email attachments from an unknown source? Preferable to find out under controlled conditions than via a genuine breach Findings could be presented back to the users

45 Conclusions

46 Conclusions E-learners can clearly find themselves on the receiving end of a number of targeted threats New threats are likely to emerge in the future, alongside new end-user Internet services No single solution appropriate technologies and suitable awareness initiatives are required appropriate technologies and suitable awareness initiatives are required combined approaches will help to prevent users from being such easy prey combined approaches will help to prevent users from being such easy prey

47 Related books...

48 Prof. Steven Furnell sfurnell@plymouth.ac.uk Network Research Group www.network-research-group.org


Download ppt "Network Security Threats to the E-Learner Steven Furnell Steven Furnell Network Research Group University of Plymouth United Kingdom."

Similar presentations


Ads by Google