Presentation is loading. Please wait.

Presentation is loading. Please wait.

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA"— Presentation transcript:

1 How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA harris@ics.uci.edu

2 About the Class Schedule: Mondays, 10:00 - 10:50 in DBH 1420 Website: Look at http://www.ics.uci.edu/~harrishttp://www.ics.uci.edu/~harris Readings: The Symantec Guide to Home Internet Security, Andrew Conry-Murray and Vincent Weafer, Addison-Wesley, 2006 Topics: Computer security risks (i.e. phishing, spam, malware, etc) and how to protect against them (i.e. firewalls, anti-virus, patching software, etc.) This course is meant to be practical, not too technical. I can give pointers to more technical information.

3 Social Engineering Exploiting vulnerabilities in the user, not the network or device  Traditional scams using the computer (and/or the phone) as a vehicle  People trust official looking emails and websites  Not primarily technical attacks  Often used to gain information for larger attacks

4 Social Engineering Examples Examples: “Dear Honorable Sir, I need to transfer $10,000,000,000 to your account”  Required to pay a “small” transfer fee “You need to update your Paypal account …”  Directed to send personal information Call computer support and masquerade as a technician  “Where is that TFTP server located again?”

5 Spoofing Making a fake version of something in order to trick a user Often used as part of a social engineering scam Example: 1.You get an email saying something is wrong with your ebay account. 2.It provides a link to a website www.ebayaccounts.com www.ebayaccounts.com 3.The website is fake but can look completely real Can be done with email addresses and calling trees

6 Preventing Social Engineering  Don’t trust anyone or any information that you can’t verify 1.Don’t give critical info to unverified websites/phone numbers 2. Don’t accept anything (i.e. programs) from unverified sources  This may be inconvenient 1.If Citibank calls, you should call them back at a known Number 2. Can’t purchase online from unknown vendors 3. Be careful about freeware/shareware

7 “Technical” Threats Exploiting vulnerabilities in the computational device or in the network Require some technical ability  Understand network protocols and components  Write code (at least execute scripts)  Deeply understand networked applications May be directed at your machine  You can defend against these May impact you but be directed against other machines  You can’t really stop these

8 Typical Technical Threats Denial of Service - A service provided by the device is caused to fail Cellphone cannot receive calls, desktop reboots Quality of Service - Quality is degraded, not destroyed Noise added to a phone call, anti-lock brakes slow Data Theft - Important data is taken from the device Passwords, name, usage patterns, location Botnet Zombie - Complete ownership of the device to use in the future for other attacks.

9 Threats Against Other Machines Your machine’s operations are impacted by an attack on another machine  Usually part of the network infrastructure Examples:  Your Domain Name Server (DNS) is attacked so you can no longer resolve domain names  Your university’s computers are attacked and your personal data is stolen You can’t do much about these attacks, except complain/sue

10 Threats Against Your Machine Most such threats require executing malicious code on your machine Malware - General term for “Malicious code” Common types of malware: Spyware - Record information inside your device  Browsing habits, keystrokes, etc.  Also change behavior (web page redirects …) Adware - Record information and display ads catered to you

11 How Does Malware Work? Need to know this in order to defend against it 1.Gets into the memory of your computer 2.Tricks your computer into executing it 3.Hides itself 4.Spreads itself to other machines

12 Getting Into Your Computer User-driven - User allows the malware in Read your email Click on an attachment Click on a website link File transfer (ftp) Background traffic - Many programs communicate on the network in the background IM, skype, automatic updates, etc.

13 Executing on Your Machine How can foreign programs run on my computer? User Gives Permission “Do you want to enable this macro?” Bad default settings, (ex. Automatically enable all macros) These vulnerabilities can be fixed fairly easily Software Vulnerability A networked application has a coding flaw which allows unauthorized code execution

14 Rootkits A rootkit is a program that uses stealth - Sneaks onto your machine without you knowing - Hides itself on your machine so that is can’t be removed Rootkits change components of the operating system to hide their presence Example of stealth - A rootkit may attach itself to a good executable - Detected by examining properties of the executable (i.e. size) - Checking properties is a call to an OS program - Rootkit may change the “check properties” program to print the original size Most malware is fundamentally a specialized rootkit

15 Malware Propagation/Spread Trojan Horse - Malware which is part of another program which the user believes is safe Spread occurs when the user installs the “safe” program Social engineering may be involved Virus - Malware which is part of a larger program or file Ex. Macro in an.xls spreadsheet Self-replicates by inserting itself into new programs/files Worm - Malware which is not attached to another program/file Self-replicates over the network

Download ppt "How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA"

Similar presentations

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” emails to counterfeit sites Users “give up” personal financial.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.

Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.
Threats To A Computer Network

Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Similar presentations

Ads by Google