Objectives Provide an overview of the most common threats and how to build layered protection. Spam Security Tools Anti-Virus Software Security Policies Passwords Firewalls Encryption Summary Importance Of Security Threats to Data Viruses Trojan Horse Programs Vandals Attacks Data Interception Scams
Good News – Bad News Internet transforms and greatly improves our lives Opened the door to an increasing number of security threats from which individuals, families and business must protect themselves Consequences of attacks can range from the mildly inconvenient to the completely debilitating –Important data can be lost –Privacy can be violated –Computer can even used by an outside attacker to attack other computers on the Internet.
Threats to Data Come from a very small minority A car thief can steal only one car at a time Single hacker working from a single computer can generate damage to a large number of computer networks A general knowledge of security threats and how to protect yourself is essential
Viruses Most widely known security threat due to extensive press coverage. What is a virus? –Computer programs that are written by devious programmers and are designed to replicate themselves and infect computers when triggered by a specific event. Example - Macro viruses attach themselves to files that contain macro instructions (routines that can be repeated automatically, such as sending email) and are then activated every time the macro runs.
Effects Benign - cause annoying interruptions such as displaying a comical message when striking a certain letter on the keyboard More destructive - cause such problems as deleting files from a hard drive or slowing down a system
How to “catch” it A computer can be infected with a virus only if the virus enters through an outside source –an attachment to an email –a file downloaded from the Internet. When one computer on a network becomes infected, the other computers on the network – or for that matter other computers on the Internet – are highly susceptible to contracting the virus.
Trojan Horse Programs Delivery vehicles for destructive computer code Appear to be harmless or useful software programs, such as computer games, but are actually enemies in disguise
Trojan Horse Programs Can delete data, mail copies of themselves to e-mail address lists and open up computers to additional attacks Can be contracted only by –copying the Trojan horse program to a computer –downloading from the internet or –opening an email attachment
Vandals Web sites have come alive through the development of such software applications as ActiveX and Java Applets –enable animation and other special effects to run, making web sites more attractive and interactive
Caution However, the ease with which these applications can be downloaded and run has provided a new vehicle for inflicting damage Vandals can take on the form of a software application or applet that causes destruction of various degrees A vandal can destroy a single file or a major portion of a computer system
Attacks Innumerable types of network attacks have been documented, and they are commonly classified in three general categories: –reconnaissance attacks –access attacks, and –denial of service (DoS) attacks.
Reconnaissance Attacks Reconnaissance - information gathering activities by which hackers collect data that is used to later compromise networks Software tools, such as sniffers and scanners, are used to map out and exploit potential weaknesses in home computers, web servers and applications –Example – password cracking software
Access Attacks Access attacks are conducted to gain entry to e-mail accounts, databases and other confidential information
Dos Attacks DoS attacks prevent access to all or part of a computer system. Usually achieved by sending large amounts of jumbled or other unmanageable data to a machine that is connected to the Internet, blocking legitimate traffic from getting through. Even more malicious is a Distributed Denial of Service attack (DdoS) in which the attacker compromises multiple machines or hosts.
Data Interception The intercepting perpetrators might eavesdrop on communications or even alter the data packets being transmitted Various methods to intercept data –IP spoofing, for example, entails posing as an unauthorized party in the data transmission by using the internet protocol (IP) address of one of the data recipients
Scams Stakes are higher as they've got easy access to millions of people on the internet Email –May contain a hyperlink to a web site that asks you for personal information, including your password –May contain a solicitation for your credit card information in the guise of a billing request
Protect Yourself Never give out your password, billing information or other personal information to strangers online Be mindful of who you're talking with before you give out personal information
Protect Yourself Don't click on hyperlinks or download attachments from people/web sites you don't know Be skeptical of any company that doesn't clearly state its name, physical address and telephone numbe Great Home Computer Security Webpage http://www.cert.org/homeusers/HomeCompu terSecurity/
Spam Unsolicited e-mail or the action of broadcasting unsolicited advertising messages via e-mail Takes up time and storage space on their computer Report it to ISP. Check your ISP help areas to find out how to report spam
Security Tools First, understand the threats Second, put proper safeguards in place Extensive choice of technologies –Anti-virus software packages –Firewalls for providing protection –Implement proper computer security without compromising the need for quick and easy access to information
Anti-virus Software Relies on early warnings of new viruses, so that antidotes can be developed and distributed quickly 1,000’s of new viruses being generated every month –Essential virus database be kept up to date –Record held by the anti-virus package that helps identify known viruses when they attempt to strike –Can prompt users to periodically collect new data
Security Policies Rules and written or verbal regulations by which all staff, students and faculty operate Often preempt security breaches Customers or suppliers with access to certain parts of the network need to be adequately regulated
Passwords Simplest and most common way to ensure that only those that have permission can enter your computer or certain parts of your computer network Virtually ineffective if people do not protect their passwords. The golden rules, or policies for passwords are: Make passwords as meaningless as possible Change passwords regularly Never divulge passwords to anyone
Firewalls A hardware or software solution to enforce security policies Built-in filters that can disallow unauthorized or potentially dangerous material from entering the system Logs attempted intrusions
What Does a Firewall Do? In general, firewalls try to keep people from remotely accessing your computer in bad ways when you are connected to the internet
How Do Firewalls Work? Most firewalls are designed to allow or block specific types of data going to and from your computer to the internet Allow "good" data traffic and block all "bad" data traffic
How Do Firewalls Work? "Good" traffic is the kind you need to do things like: surf the web, download files, chat, share files, etc "Bad" traffic is what hackers might do like: steal files on your computer, use a Trojan to control your computer, disrupt your connection or network, etc
Doors (ports) are points where a person (hacker) can get in Think of a firewall as a security guard who is watching each door and who is going in and out of the doors Computer – a House With Many Doors
The firewall makes sure only the right doors get opened and that only the right people (data) have access to your house Some firewalls can also hide your house (computer) so casual hackers can't see it (also called "stealth mode“) Computer – a House With Many Doors
What Traffic Is Good/What's Bad? Experience Reading Learning The easiest way is to start with a simple firewall program, see how it works and then graduate to more sophisticated solutions as you gain knowledge
Do Firewalls Prevent Viruses and Trojans? NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine 95% of all viruses and trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program Firewalls can't prevent this -- only a good anti-virus software program can
However, once installed on your PC, many viruses and trojans "call home" using the internet to the hacker that designed it This lets the hacker activate the trojan and he/she can now use your PC for his/her own purposes A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system Do Firewalls Prevent Viruses and Trojans?
What Is "Stealth" Mode? In theory, stealth mode hides all the ports on your computer from being visible to others on the internet. –Some think this makes them less vulnerable to a malicious attack and consider it the "holy grail" of firewall configurations. While true that your ports are "invisible", a "stealthed" computer really looks like a black hole to a hacker. –Data goes in but it never comes out.
Stealth Mode A good hacker can spot this behavior - may actually consider it a challenge to try to break in as he/she wonders what's there – Sometimes, staying in plain sight makes you less attractive as a target Achieving "stealth" mode with some network configurations (such as Microsoft internet connection sharing or ICS) can be very difficult Stealth mode can make it difficult for the networked computers to "see" and interact with the gateway computer
Computers don't stay "stealthed". The moment you do something that accesses the internet from your end, you're "unstealthed" because data is coming out Any hacker with a packet sniffer who knows where to look can tell that something's there
Encryption Ensures that messages cannot be intercepted/read by anyone other than the authorized recipient Deployed to protect data transported over a public network (internet) Uses advance mathematical algorithms to ‘scramble’ messages and their attachments
Encryption Provides the security necessary to sustain the increasingly popular virtual private network (VPN) technology –VPNs are private connections, or tunnels, over public networks –Deployed to protect telecommuters, mobile workers, branch offices and business partners to corporate networks or each other
Summary Common sense, some simple rules and a few pieces of technology can help protect your computer systems from unauthorized use Important to remember that by protecting your own computer system, you're also doing your part to protect computers throughout the university
Resources at Cal Poly Pomona University Foundation MIS http://www.foundation.csupomona.edu/financial Policies, procedures and guidelines http://foundation.csupomona.edu/hr/hrpolicies.aspx University I&IT http://www.csupomona.edu/~ehelp