Discovering Computers CHAPTER 11 CYBER SECURITY

Chapt 11 Objectives: Security & Privacy Describe the types of computer security risks Discuss the types of devices (UPS, surge protectors)available that protect from system failure Identify ways to safeguard against computer viruses, worms, and Trojan horses Explain the options available for backing up computer resources Discuss techniques to prevent unauthorized computer access and use Identify safeguards that protect against Internet security risks Identify safeguards against hardware theft and vandalism Recognize issues related to information accuracy, rights, and conduct Explain the ways software manufacturers protect against software piracy Discuss issues surrounding information privacy Define encryption (public key/private key) and explain why it is necessary Discuss ways to prevent health-related disorders and injuries due to computer use

Protect Yourself Online ! Delete suspicious emails Don’t click on links from strangers Don’t download software from pop-ups or random advertisements Use complex passwords & don’t share them !

Hacking & Firewalls Cartoon

Computer Viruses are on the increase TRUE FACT: 5,600,000 is the number of antivirus signatures Symantec wrote in the last 18 months, which is equal to the number it created during the preceding 18 years !!! Flu virus Network World Page 10, January 4, 2010

Question about Viruses Which organism is 2 parts pig, 1 part human, and 1 part bird ? Answer on the next slide:  

Virus Answer Answer: the H1N1 swine flu virus Oink!

StuxNet Computer Worm/Virus http://www.nydailynews.com/news/world/2010/09/27/2010-09-27_stuxnet_worm_assault_on_iranian_nuclear_facilities_computers_may_be_western_cybe.html The Stuxnet worm assault on Iranian nuclear facilities' computers may have been a Western cyber attack, experts say.

Predator Drone Virus (Oct 2011) Computer Virus Infects Predator Drone Ground Stations For more info, click here The control systems are based at Creech Air Force Base in Nevada. The famous Predators used by the CIA to kill terrorists are controlled from a different location with their own ground stations. The attack is just the latest sign that modern warfare has gone online. "This should not come as a surprise to anybody. As long as remotely piloted aircraft rely on command controlled configurations, interference with the control mechanisms will be an issue.

SCADA Network Attacks SCADA (Supervisory Control And Data Acquistion) networks are set up to gather telemetry data from automated devices on networks and issue commands to them. http://www.wired.com/threatlevel/2011/03/scada-vulnerabilities/ The security of critical infrastructure continues to be in danger after a researcher recently released attack code that can exploit several vulnerabilities found in systems used at oil-, gas- and water-management facilities, as well as factories, around the world.

SCADA Attacks Computer security experts who examined the code say the vulnerabilities are not highly dangerous on their own, because they would mostly just allow an attacker to crash a system or siphon sensitive data, and are targeted at operator viewing platforms, not the backend systems that directly control critical processes. But experts caution that the vulnerabilities could still allow an attacker to gain a foothold on a system to find additional security holes that could affect core processes. http://www.inl.gov/technicalpublications/Documents/3310860.pdf

SCADA Nodes in Network Diagram

Reporting Cyber Threats & Attacks You may report Cyber Attacks to: http://www.ic3.gov http://www.secretservice.gov

Symantec Security For the latest computer virus info, visit: http://www.sarc.com CERT Coordination Center Home Network Security (Good information) http://www.cert.org/tech_tips/home_networks.html

Online Fraud is on the Rise ! U.S. consumers reported losing $239 million in 2010, up from $198 million in 2009 according to the FBI Internet auction fraud (35.7 %) and undelivered merchandise (24.9 %) were the most frquently reported types of cyber-fraud. In nearly 74% of the cases, the perpetrators contacted the victims by email.

Information Privacy: Computer Forensics What is computer forensics? Also called digital forensics, network forensics, or cyberforensics Discovery, collection, and analysis of evidence found on computers and networks Computer forensic analysts must have knowledge of the law, technical experience, communication skills, and willingness to learn CyberWatch Center & University of Maryland Digital Forensics Lab www.CyberWatchCenter.org p. 587 Next

Digital Forensic Science “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.” - Digital Forensic Research Workshop “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.”

Forensics: Sources of Digital Evidence Open Computer Systems Hard drives in PC’s, Servers, etc Communication Systems Telecommunications Systems Transient Network (content) Data Non-transient (log) Data Embedded Computer Systems Cell Phones, iPods, iPads, USB flash drives, DVDs

Digital Deception: CAPTCHA CAPTCHA: "Completely Automated Public Turing Test to Tell Computers and Humans Apart." Are you a human or a computer? Over the Internet, it's getting harder and harder to tell. Some of the common tests used by Web sites to distinguish between legitimate flesh-and-blood visitors and malicious human-mimicking computers recently appear to have been outwitted. In May 2008, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer. The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking. See: http://www.washingtonpost.com/wp-dyn/content/article/2008/04/30/AR2008043003704_pf.html

Stop the Malware at the Server ! Stop the malware at the server before it gets to the client computer !

Computer Security Risks What is a computer security risk? An action that causes loss of or damage to a computer system p. 11.02 Fig. 11-1 Next

Lost Devices (Laptops, USB Flash drives) Lost or stolen laptops and other digital media are estimated to cause more than 40% of data breaches. Business travelers lose more than 10,000 laptops per week in U.S. airports. An estimated 11,300 laptop computers, 31,400 handheld computers and 200,000 mobile telephones were left in taxis around the world during a recent six month period.   According to one survey, over 9000 USB sticks per year are left in clothing pockets when people take their clothes to local dry cleaners.    If your mobile device is lost or stolen you should immediately report the loss or theft to the appropriate authorities (law enforcement, hotel, restaurant, conference staff, etc.).  If the device contained sensitive corporate or customer information, immediately report the loss or theft to your organization so appropriate actions are taken to meet legal and regulatory requirements. 

Computer Security: Viruses What is a computer virus? A potentially damaging computer program that affects, or infects, your computer negatively by altering the way the computer works without your knowledge or permission A segment of program code from some outside source that implants itself in a computer Once in the computer it can spread throughout and may damage your files and operating system Click to view video Next p.12.2

The SMART ENGINE virus (2011) It masquerades as a piece of legitimate antivirus software, but it actually is a dangerous malware application itself. It floods your computer with false alarms and alerts and claims your computer is infected with any number of malicious programs.

The SMART ENGINE virus (2011) No matter how realisitic or professional the Smart Engine’s menus and alerts seem, it is a harmful application that must be removed quickly. It slows down your computer and puts personal data at risk.

DNSChanger is a Trojan (2012) DNSChanger is a trojan that will change the infected system's Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites. (It came from Estonia in Eastern Europe) The trojan is usually a small file (about 1.5 kilobytes) that is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim's computer will contact the newly assigned DNS server to resolve names of different webservers. YouTube http://www.youtube.com/watch?v=tzDbbEWXVEk

DNSChanger is a Trojan (2012) If you see the sign below when visiting http://dns-ok.de, you may be a victim of the DNSChanger trojan. ACHTUNG: Ihre DNS Konfiguration ist manipuliert

The First Internet Worm Around 6:00pm on November 2, 1988, MIT student Robert T. Morris launched the first Internet worm and disabled approximately 10 % of all Internet-connected systems which was estimated to be more than 60,000 computers. The fast-spreading worm kept copying itself and infected computers multiple times causing many systems to fail. The Morris worm filled up memory of the infected computers and prevented legitimate programs from loading. http://en.wikipedia.org/wiki/Robert_Tappan_Morris (Now, he is an MIT computer science professor)

Computer Viruses, Worms, and Trojan Horses What is an antivirus program? Identifies and removes computer viruses Most also protect against worms and Trojan horses p. 560 - 561 Fig. 11-4 Next

Computer Viruses, Worms, and Trojan Horses What is a virus signature? Specific pattern of virus code Also called virus definition Antivirus programs look for virus signatures p. 561 Fig. 11-5 Next

Computer Security: Cyber Attacks How many cyber attacks occurred last year ? In 1995, the number of hacking or computer cyber attacks report to the CERT (Computer Emergency Response Team) [Carnegie Mellon University, Pa]Coordination Center for cybersecurity was 2,412 In 2010, there were over 37,000 cyber attacks costing business about $225 billion.

Cybersecurity (DHS) Department of Homeland Security (DHS) In 2011, CERT responded to more than 100,000 breach of security reports, and more than 5,000 actionable cybersecurity alerts. The nation’s largest computer antivirus software companies reported $3 billion in malware events in the year 2010, and a 93-percent in Web-based intrusion compared to the year 2009.

Cyber Extortion (May 2009) http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html Hackers broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents. Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

Cyber Extortion (May 2009) Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records: "I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password." The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI.

Cyber Extortion (the coming wave ?) The Cyber Crime Threat: From an actual email: “Your site is under attack. You can send us $40K by Western Union and your site will be protected not just for this weekend but for the next 12 months or if you choose not to pay, you will be attacked each weekend for the next 20 weeks or until you close your doors.”

Cyber Extortion (the coming wave ?) Why does Cyber Extortion Work ? Cyber extortionists work on the Problem of Commons principle which states: “People will comply in their own self-interest if it profits them in the short term, even if that act will hurt everyone, including themselves in the long run.”

Cyber Extortion (the coming wave ?) Cyber extortionists generally demand between $10,000 and $100,000. This seems to be the proper balance between profitability and the willingness of the victim to pay. Cyber Extortion provides advantages over criminal gangs: Relative anonymous (Hard to find these people!) Low probability of prosecution Many easy targets; Little chance of physical violence; Very cost effective way to get money.

DNS Servers (non-root servers) http://www.walltechnet.com/dnsserverlist_site/dnsserverlist.htm The Domain Name System makes it possible to assign domain names to groups of Internet users in a meaningful way, independent of each user's physical location. Because of this, World-Wide Web (WWW) hyperlinks and Internet contact information can remain consistent and constant even if the current Internet routing arrangements change or the participant uses a mobile device. Internet domain names are easier to remember than IP addresses such as 208.77.188.166 (IPv4) or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). People take advantage of this when they recite meaningful URLs and e-mail addresses without having to know how the machine will actually locate them.

DNS Root Servers (19) on the Internet 13 US. DNS Servers; 6 Foreign DNS servers In the United States (West Coast) 4 in California On the East Coast 2 in Maryland 3 in Virginia (2 –Herndon, 1 – Vienna) Some of those outside the United States: London, England Stockholm, Sweden

DNS Root Servers on the Internet There are 13 Root Level DNS servers in the U.S. They are controlled by U.S. Government They run different versions (flavors) of UNIX They use real-time data mirroring. They have redundant power supplies. ARMED GUARDS ARE PRESENT 24/7 !

DNS Cache Poisoning Attacks With DNS cache poisoning, an attacker attempts to insert a fake address record for an Internet domain into the DNS cache. If the DNS server accepts the fake record, the cache is poisoned and subsequent requests for the address of the domain are answered with the address of a server controlled by the attacker. As long as the fake entry is cached by the server, subscribers’ browsers or email servers will go automatically to the address provided by the compromised DNS server.

DNS Cache Poisoning Attacks Slide Show on DNS Cache Poisoning: http://www.networkworld.com/slideshows/2008/102008-dns-and-cache-poisoning.html?docid=7151

Computer Viruses, Worms, and Trojan Horses What is spoofing? Makes a network or Internet Transmission appear legitimate IP spoofing occurs when an intruder computer fools a network into believing its IP address is from a trusted source Perpetrators of IP spoofing trick their victims into interacting with a phony Web site p. 563 Next

Types of Network Attacks Spoofing Man in the middle DoS Distributed DoS Brute force Dictionary Back door Buffer overflow Trojan horse Social engineering To avoid network attacks: Install stable updates Use encryption Be suspicious of information requests Remain informed

Network Attacks: Intrusion Routes

Overview of Network Attack Types Spoofing: (Masquerade attack: involves altering or generating malformed network packets) Man in The Middle: The network attacker is physically in the middle of a network connection to exploit SSL connections during a bank transaction http://www.securityfocus.com/brief/910 DoS (Denial of Service): Crashing a system or occupying system resources such as RAM or CPU DDoS (Distributed DoS): Involves the use of multiple applications found on several network resources to crash one or more systems. In the year 2009, a one-million node DDoS network occurred… (Conficker)

Overview of Network Attack Types Brute Force: Repeated guessing of passwords, usually at random, Dictionary: Same as Brute Force except the attacker uses a long list of usernames and passwords instead of random values. Back Door: Entering a system thru code secretly inserted in an application or operating system. Buffer Overflow: A legitimate application exceeds the memory allocated to it by the operating system. Social Engineering: Tricking an employee to reveal a username and password.

Social Engineering: A True Story A real-world story provides an excellent example of social engineering and how taking advantage of people's curiosity can lead to stolen sensitive information within a very short timeframe. This story involved 20 USB thumb drives filled with images and a trojan virus that would collect sensitive information and e-mail it back to the attackers.  Early one morning, the USB thumb drives were planted around entrances to an organization where employees were known to congregate. In very short time, 15 of the 20 USB drives were plugged into the organization's PCs by curious individuals and immediately the trojan started e-mailing user names, passwords, etc. back to the attackers.  The ironic part of this story is the "attackers" were actually security auditors.

Viruses and Worms Virus — program code that causes damage to systems Virus types Macro/script File infecting Boot sector Stealth (Hides from Anti-virus software and temporarily removes itself from infected file) Polymorphic (Constantly changes; has mutator engine software) Worm — similar to virus but automatically replicates to other computers

SQL Injection Attacks (May 2008) SQL  Structured Query Language (database) Web site attacked: www.AutoWeb.co.uk The attack exploited a single line of code in the Web application to pierce thru to the company’s Microsoft SQL database and injected 30 characters to overwrite content, defaced Web pages, and knocked the Web site offline. About half a million Web pages were infected. http://en.wikipedia.org/wiki/SQL_injection

What is a “Hacker”, a “ Cracker” ? “A good hack is a covered hack !” (because nobody should know you have been there) A hacker is someone who has achieved some level of expertise with computers. A cracker is someone who breaks into computer systems without permission. A script kiddie is someone, usually a teenager, who uses scripts or programs from someone else to do his/her cracking.

Hacker Software Tool Starter Kits Reconnaissance: www.SamSpade.org Scanning/Sniffing Nmap port scanner www.insecure.org/nmap Advanced Port Scanner http://www.radmin.com/radmin/utility/pscanner.php Gaining Access: NetCat www.atstake.com John the Ripper www.openwall.com (Cracking user passwords to gain entry)

Hacker Software Tool Starter Kits Electronic Eavesdropping on Wireless networks: (as called “War Driving” ) http://www.netstumbler.com Apple iMacs: http://www.istumbler.com

Automobile Viruses CAR VIRUSES ??? A report by IBM Security Intelligence Services predicts that viruses spreading to mobile phones, PDAs and wireless networks could infect the embedded computers that increasingly are used to run basic automobile functions. The average new car runs at least 20 microprocessors and about 60 megabytes of software code, raising more opportunities for malfunctions. In addition to the threat facing vehicles, the report noted the fastest growing threat last year was phishing -- a method of deceiving computer users into revealing personal information -- and predicted that activity would grow more serious in 2005. (Reuters/CNet.com 8 Feb 2005)

A few Automobile Microprocessors Engine control unit (ECU) Transmission control module Airbag module Power distribution box module Anti-lock braking system (ABS) Climate control module Instrument panel microprocessor Body controller Driver’s door module

Mobile Phone (Cell Phone) Viruses MOBILE PHONE VIRUS INFILTRATES U.S. The world's first mobile phone virus "in the wild," dubbed Cabir, has migrated to the U.S. from its point of origin in the Philippines eight months ago, infecting phones in a dozen countries along the way. Experts say the mobile-phone virus threat will increase as virus-writers become more sophisticated and phones standardize technologies that will make it easier to for viruses to spread not just across devices, but the whole industry. Up until now, disparate technical standards have worked against fast-moving virus infiltration, but Cabir has now been found in countries ranging from the China to the U.K., spread via Bluetooth wireless technology. The biggest impact of the relatively innocuous virus is that it's designed to drain mobile phone batteries, says Finnish computer security expert Mikko Hypponnen. Last November, another virus known as "Skulls" was distributed to security firms as a so-called "proof-of-concept alert, but was not targeted at consumers. (Reuters/New York Times 21 Feb 2005) <http://www.nytimes.com/reuters/technology/tech-tech-security.html>

iPods: Pod Slurping & BlueSnarfing You should also be aware of new mobile device risks like Pod slurping, the act of someone using a portable device, such as an iPod, to download large quantities of data by directly plugging it into a computer or server where data resides, which can be a serious risk to an organization Another new related risk is Bluesnarfing, which is the unauthorized access to information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops & PDAs

Mobile Devices: Protecting Data Below are some best practices to follow when traveling with a mobile device: Keep device with you at all times Use passwords correctly Consider storing important data separately (floppy disk, zip disks, CDs, DVDs or removable flash drives) Encrypt files Install and maintain anti-virus software Install and maintain a firewall Back up your data

Computer Security: Viruses Some computer viruses/worms & malware … Michaelangelo virus (1991) Melissa (worm: shut down email) Love Bug virus (I Love You) Nimda (virus & worm) Sasser (worm) Slammer ( worm) Blaster (worm) MyDoom ( worm) Nachi ( worm) Netsky (worm March 2004) Bagle (email virus w/backdoor) Phatbot (DDoS worm) Conficker (Jan 2009) Worm www.sarc.com Click to view video Next p.12.2

Computer Viruses, Worms, and Trojan Horses What are viruses, worms, and Trojan horses? Virus is a potentially damaging computer program Worm copies itself repeatedly, using up memory resources and possibly shutting down the computer or network Trojan horse hides within or looks like legitimate program until triggered Payload (destructive event) that is delivered when you open file, run infected program, or boot computer with infected disk in disk drive Can spread and damage files and destroy the entire system Trojans do not replicate themselves on other computers First worm was unleashed in Nov 1989 onto Internet host computers p. 11.03 Next

Computer Virus A virus is a piece of self-replicating software that infects a computer without the owner’s knowledge or consent. Viruses attach themselves to a host, which can be a file, email, or media such as a flash drive, and then infect any other computer or storage media with which it comes in contact. The worst viruses can wipe out entire hard drives. Resident viruses hang around only long enough to perform the mal-deed and then leave. Metamorphic viruses can alter themselves and their copies.

Trojan Horse Like the legendary wooden horse that the Greeks used to sack Troy, a Trojan horse is a program that appears harmless (such as an email attachment) but delivers destructive code, known as the payload, once ther user downloads it. A Trojan horse is not a virus because it cannot self-replicate. It can, however, deliver a virus or spyware, or worm, a bot, or backdoor as a payload.

Worm Worms and viruses are not the same thing but they are closely related. Worms hitch rides on network traffic such as emails and dig their way throughout a network. Worms can spread faster and more widely than a virus and infect more computers. Worm payloads include file deletion or encryption as well as backdoor installations so the worm’s creator can gain control of a system.

Keystroke Logger http://www.spectorsoft.com/keylogger.asp?refer=27044 A keystroke logger is a program that records a user’s keystrokes, Web sites visited, and chat room conversations. Often deposited by a Trojan horse, a keystroke logger can record all private information from your computer and transmit it to a third party. http://www.spectorsoft.com/keylogger.asp?refer=27044

KeyKatcher: Hardware Keylogger http://www.keykatcher.com/ Plugs in between the keyboard and the system unit to capture all keyboard activity

Backdoor Backdoors are entrances through which a third party can gain access to your system, even it is password-protected. They exist either from an unintentional code error or from an intentional loophole written by a programmer. Worms and Trojan horses can also create backdoors and your computer can be used by a third party to send spam emails.

Rootkits A rootkit is software or a collection of software that takes control of a computer without the owner’s knowledge. A rootkit allows a hacker to become the infected computer’s administrator and can change the PC’s settings or use the computer as an administrator. Rootkits are tricky because the hide the hacker’s tracks. Hijacked computers are often used as zombies which means someone else can run the computer remotely.

Bots & Botnets Bots (short for robots) are simple programs that run automatically and autonomously over the Internet. They can be useful for non-malware applications such as reporting weather, sports scores or instant messaging. Search engines such as Google and Yahoo frequently use bots or Web crawlers to gather information about Web sites on the Internet. Bots go bad when they are used to gather email address for spammers, steal Web content, and reuse it without permission.

Botnets Botnets are a collection of software bots that run on groups of zombie computers and carry out malicious tasks.

The Conficker Botnet (January 26, 2009) Infections as a result of the infamous Conficker (Downadup) worm have peaked at around 10 million PCs. Variants of Conficker use a variety of methods to spread, including exploiting the Microsoft Security BulletinMS08-067 vulnerability in the Microsoft Windows server service patched by Redmond in October. Once it gets a foothold within corporate networks, Conficker is programmed to spread across local area networks. The worm also spreads between infected USB sticks and Windows PCs. Compromised Windows PCs are turned into drones in a botnet, programmed to phone home through a changing series of servers. http://www.theregister.co.uk/2009/01/26/conficker_botnet/

Computer Viruses, Worms, and Trojan Horses How can a virus spread through an e-mail message? Do NOT open (double-click) on that suspicious attachment ! Step 1. Unscrupulous programmers create a virus program. They hide the virus in a Word document and attach the Word document to an e-mail message. Step 2. They use the Internet to send the e-mail message to thousands of users around the world. Step 3b. Other users do not recognize the name of the sender of the e-mail message. These users do not open the e-mail message. Instead they delete the e-mail message. These users’ computers are not infected with the virus. Step 3a. Some users open the attachment and their computers become infected with the virus. p. 11.04 Fig. 11-2 Next

Computer Viruses, Worms, and Trojan Horses How can you protect your system from a macro virus? Set macro security level in applications such as MS-Word and MS-Excel that allow you to write macros. At the medium security level, warning displays that document contains a macro Macros are instructions saved in an application, such as word processing or spreadsheet program In MS-Word, click on Tools, Macro, Security p. 11.05 Fig. 11-3 Next

Creating Macros in Microsoft Word… Macros can be created in Microsoft Word by doing the following: Start MS-Word 2003 or MS-Word 2007… Hold down [Alt] key, press function key [F11] This invokes Microsoft Visual Basic programming window. Then create/record a macro …

Antivirus Software Free from Microsoft: Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. http://www.microsoft.com/Security_Essentials/ From ALWIL Software: Avast! Anti-Virus www.avast.com Grisoft’s AVG Anti-Virus: www.grisoft.com http://www.avg.com/download-trial

Computer Viruses, Worms, and Trojan Horses What is a virus signature? Specific pattern of virus code Also called virus definition Antivirus programs look for virus signatures, a unique pattern of bytes that identifies the virus. http://www.symantec.com/norton/antivirus p. 11.06 Fig. 11-5

Computer Viruses, Worms, and Trojan Horses How does an antivirus program innoculate a program file? Records information about program such as file size and creation date Uses information to detect if virus tampers with file Attempts to remove any detected virus Quarantines infected files that it cannot remove Keeps file in separate area of hard disk p. 11.06

Quarantine (Definition) [Italian quarantina, from quaranta (giorni), forty (days), from Latin quadrāgintā.] A period of time during which a vehicle, person, or material suspected of carrying a contagious disease is detained at a port of entry under enforced isolation to prevent disease from entering a country. A place for such detention. Enforced isolation or restriction of free movement imposed to prevent the spread of contagious disease. A condition of enforced isolation. A period of 40 days. To move an undesired file such as a virus-infected file or spyware to a folder that is not easily accessible by regular file management utilities. The quarantine option is available in antivirus software so that companies can keep a record of which users have been infected, where the file came from and to possibly send the virus to the antivirus vendor for inspection. Spyware blockers quarantine files so that they can be restored if required.

AntiVirus Programs can Innoculate a File This is going to hurt me more than it hurts you ! Please help me !!! He’s going to give me a virus ! BAD BOYS, LLC

Computer Viruses, Worms, and Trojan Horses What are some tips for preventing virus, worm, and Trojan horse infections? Set the macro security in programs so you can enable or disable macros Install an antivirus program on all of your computers Never open an e-mail attachment unless you are expecting it and it is from a trusted source If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately Check all downloaded programs for viruses, worms, or Trojan horses First, run a virus scan and back up your files regularly p. 11.07 Next

About Anti-Virus Programs… Be sure to run ONLY ONE anti-virus program on your computer. Running 2 anti-virus programs is a sure recipe for disaster on a Windows computer. Two anti-virus programs will constantly interfere with each other and poison your entire system. You may have to reinstall everything from scratch. You may be prompted to uninstall the first AV program before installing the second AV software package.

Cryptography Cryptography (or cryptology) from Greek "hidden, secret“; is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. German Lorenz cipher machine, used in World War II to encrypt high-level general staff messages

Cryptogram Example Cryptogram example; you know the message in encoded.

Cryptogram Decoded STYLE AND STRUCTURE ARE THE ESSENCE OF A BOOK; GREAT IDEAS ARE HOGWASH Part of the Key: F = A S = H P = R

Another Cryptogram D G C C Q D Z T R D Q O P C FP L Z D E Q F Z B L G O S T D L S H R F P S E D E S E G F P B Q G N H Q T P B S N N E L P O T P S T H P F-E S N N O P T ? Key: S = A, B = C, H = D, P = E, R = G, L = H, Z = I, N = L, O = M, T =N, Q = O, C = P, F = R, D = S, E = T, G = U

Another Cryptogram Cryptogram decoded: SUPPOSING SOME PREHISTORIC HUMANS HAD GREAT STATURE, COULD ONE CALL THEM NEANDER-TALL MEN ?

Steganography: Hiding Secret Messages Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured. The word "Steganography" is of Greek origin and means "covered, or hidden writing". Its ancient origins can be traced back to 440 BC. Herodotus mentions two examples of Steganography in The Histories of Herodotus [1].

Steganography: Hiding Secret Messages Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surface, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. Later, Johannes Trithemius's book Steganographia is a treatise on cryptography and steganography disguised as a book on black magic.

Steganography Text Example Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank overwhelming anyday. This is an example of null cipher. By taking the third letter of each word, a new message is formed and reads: Send Lawyers, Guns, and Money.

Steganography Examples Example: 256-color palette: http://www.jjtc.com/stegdoc/sec304.html Example: Russian Air Field with embedded message: http://www.jjtc.com/stegdoc/sec306.html Files often used for steganography are text "message" files and "container" files. The text "message" files are those to be hidden in the innocent looking "container" files.

Steganography Examples

Steganography: Hiding Secret Messages Definition: http://en.wikipedia.org/wiki/Steganography Available Software: http://www.steganography.com/ http://www.steganos.com/en/steganos-home/ http://www.steganos.com/ Example: Password protect an MS-Word file containing a message in plaintext. Then use steganos software to encrypt the Word document with a photograph. Next, you must use steganos software to decrypt the photograph to get to the Word document underneath.

Concealar Software Encryption Software: Free download Cover a text file with a picture and assign a password http://www.brothersoft.com/concealar-65823.html http://concealar.googlepages.com/download2

How is Steganography used today ? Steganography methods today have expanded greatly with the rise of computer technology. It is being used by employees of large corporations to leak vital resource data out of company networks undetected. Employees embed secured documents, containing the company’s data, within the least significant bits (LSB) of an image, sound or video file. The file can then be attached to an outgoing email, past the company’s firewalls, and out of the internal local area network.

How is Steganography used today ? British parliament and other governments have been known to program word processors to encode the identity of the writer within the word spacing of documents. This was done to trace the disloyal who were leaking cabinet information. Methods like this were practiced throughout the Cold War (1945-1989) between the Soviet Union (Russia) and the United States.

Possible Use by Terrorist Groups Al-Qaeda and other terrorist groups have been thought to use steganographic methods of communicating by embedding messages in pornographic image and sound files. Osama Bin Laden has also been suspected of using steganographic methods during broadcasted speeches and video recorded interviews. Possibilities were messages hidden within symbols in the background of the videos or in the audio. These suspections , though very likely and possible, have still not yet been proven.

Unauthorized Access and Use: Firewalls What is a firewall? Security system consisting of hardware and/or software that prevents unauthorized network access p. 11.08 Fig. 11-7 Next

Unauthorized Access and Use: Firewalls What is a firewall? A firewall is similar to window locks in your home. On a computer, these windows are TCP/IP “ports” which are optional channels of communication that can be exploited by hackers. (There are 65,536 TCP/IP on a personal computer) A firewall will lock up these ports and force Internet data to enter and exit thru the “front door”. p. 11.08 Fig. 11-7 Next

Unauthorized Access: Firewalls: Windows Windows comes with a built-in firewall, and it is turned ON by default. The Windows firewall software works only “one way” which means it blocks only suspicious activity aimed at your computer and not coming from your computer.

Unauthorized Access: ZoneAlarm Firewall Firewall packages such as Zone Labs’ ZoneAlarm ( free version available from www.zonelabs.com) are “two-way” firewalls. They block suspicious activity going both ways: (coming in and going out of your computer)

Unauthorized Access and Use What are other ways to protect your personal computer? Disable file and printer sharing on Internet connection Use an online security service—Web site that evaluates a computer to check for Web and e-mail vulnerabilities Use the Network Connection Wizard in the Control Panel (right click on) File and printer sharing turned off p. 11.09 Fig. 11-9 Next

Unauthorized Access and Use How can companies protect against hackers? Intrusion detection software analyzes network traffic, assesses system vulnerabilities, and identifies intrusions and suspicious behavior Access control defines who can access computer and what actions they can take Audit trail records access attempts p. 11.10 Next

Intrusion Detection Software Automatically analyzes all network traffic Assesses system vulnerabilities Identifies unauthorized access (intrusions) Notifies network administrators of suspicious behavior patterns or system breaches Usually 3 login attempts & access is denied.

Intrusion Detection Software: Honeypots Some companies install honeypots A honeypot is software designed to entice an intruder to hack into a computer The computer system appears real to the intruder, but the system is safely separated from the company’s network. Honeypot software allows the company to determine how hackers are exploiting the network http://www.honeypots.net/honeypots/products

Unauthorized Access and Use: Passwords What is a user name? A unique combination of characters that identifies user Password is private combination of characters associated with the user name that allows access to computer resources p. 11.10 Fig. 11-10 Next

Unauthorized Access and Use: Passwords How can you make your password more secure? Longer passwords provide greater security PASSWORD PROTECTION p. 11.11 Fig. 11-11 Next

Unauthorized Access and Use: Passwords Example of making up a new password : Password must contain a minimum of unrepeated 8 characters Password must contain at least one uppercase Capital letter Password must contain one special character ( % # ^ } ? ) Password must contain at least two numbers Password should not be an ordinary or common word such as “college2010” Password must NOT be the same as one used in the past 24 passwords p. 11.11 Fig. 11-11 Next

More about Passwords… Strong passwords are NOT as easily guessed and can include the following characteristics: Use 8 or more characters in your password. Use special characters such as #, $, %, ^ (if allowed by your system or network) Use one or more spaces (if allowed by your system) Use a mix of UPPERcase and lowercase letters  Use a mix of both numbers and letters A strong password: H#leNofTr0y2@P9 (HelenOfTroy@P9)

Passwords: More information Creating strong passwords is easier to do if you create your own codes and schemes or by being creative like personalized license plates.  Using a code will also make remembering multiple passwords for multiple systems and applications much simpler For example, you may take a weak password such as – MyWorld – and turn it into a strong password such as – My W0R7d.   Another example: WoCampUs could be stronger as W0c@MpU3

Check your Password Strength Check your password strength with Microsoft’s online password checker: Visit: www.tinyurl.com/lyxv33

PINs: Unauthorized Access and Use What is a possessed object? Item that you must carry to gain access to computer or facility Often used with numeric password called personal identification number (PIN) p. 11.12 Fig. 11-12 Next

Biometrics: Unauthorized Access and Use What is a biometric device? Authenticates person’s identity using personal characteristic Fingerprint, hand geometry, voice, signature, and iris, retinal blood vessel patterns Facial recognition (skull bone structure geometry) p. 11.12 Fig. 11-13 Next

FBI Biometrics Database: Privacy Concerns Known Biometric Identification Technologies: Iris scans, retinal scans Facial recognition (bone structure of skull) Fingerprints (truly unique ! According to the FBI) Hand geometry Speech Verification Vascular (blood vessels) Recognition Purpose: Analyze unique human characteristics In the future: Access to our homes, cars, and perform retail transactions or renew driver’s licenses

Hardware Theft and Vandalism What are hardware theft and hardware vandalism? Hardware theft is act of stealing computer equipment Cables sometimes used to lock equipment Some notebook computers use passwords, possessed objects, and biometrics as security methods For PDAs, you can password-protect the device Hardware vandalism is act of defacing or destroying computer equipment p. 11.13 Fig. 11-14 Next

Software Theft What is software theft? Act of stealing or illegally copying software or intentionally erasing programs Software piracy is illegal duplication of copyrighted software p. 11.14 Next

Software Theft What is a end user license agreement (EULA) ? It is a right to use software Single-user license agreement allows user to install software on one computer, make backup copy, and sell software after removing the software from the computer p. 11.14 Fig. 11-15 Next

Safeguards against Software Theft Report software piracy to Business Software Alliance: www.bsa.org (35 % of all software is pirated software) Other safeguards against software theft: Product activation allows user to input product identification number online or by phone and receive unique installation identification number. Example: Windows 7 operating system Business Software Alliance (BSA) promotes better understanding of software piracy problems p. 11.16 Next

Windows 7 Product Key

Software Piracy and Software Theft Software Crime Statistics across the Globe: http://www.nationmaster.com/graph/cri_sof_pir_rat-crime-software-piracy-rate Six years ago, Microsoft estimated that more than 192,000 copies of pirated Microsoft software valued at $134 million were seized in the United States. Source: PC World Magazine, February 2006 p. 11.16 Next

Software Piracy On average, the software industry loses about $12 billion to software piracy annually. Of the billions of dollars lost to piracy, a little less than half comes from Asia, where China and Indonesia are the biggest offenders. Piracy is also a big problem in Western Europe, where piracy losses annually range from $2.5 and $3 billion dollars. Piracy rates are quite high in Latin America and in Central Europe, but their software markets are so much smaller that the dollar losses are considerably lower.

Information Theft What is encryption? Safeguards against information theft Process of converting plaintext (readable data) into ciphertext (unreadable characters) Encryption key (formula) often uses more than one method To read the data, the recipient must decrypt, or decipher, the data SAMPLE ENCRYPTION METHODS p. 11.16 Fig. 11-16 Next

Information Theft What does an encrypted file look like? p. 11.17 Fig. 11-17 Next

Asymmetric Encryption (Public Key/Private Key) Asymmetric encryption, also known as Public-Key encryption, uses two different keys - a public key to encrypt the message, and a private key to decrypt it. The public key can only be used to encrypt the message and the private key can only be used to decrypt it. This allows a user to freely distribute his or her public key to people who are likely to want to communicate with him or her without worry of compromise because only someone with the private key can decrypt a message. To secure information between two users, the sender encrypts the message using the public key of the receiver. The receiver then uses the private key to decrypt the message. Unlike with single or shared keys, in the asymmetric key system only the recipient can decrypt a message; once the sender has encrypted the message he or she cannot decrypt it. The private key is never distributed, therefore an attacker cannot intercept a key that decrypts the message.

Symmetric Encryption (Same Keys) Symmetric encryption uses a single key to encrypt and decrypt the message. This means the person encrypting the message must give that key to the recipient before they can decrypt it. To use symmetric encryption, the sender encrypts the message and, if the recipient does not already have a key, sends the key and ciphertext separately to the recipient. The recipient then uses the key to decrypt the message. This method is easy and fast to implement but has weaknesses; for instance, if an attacker intercepts the key, they can also decrypt the messages. Furthermore, single key encryptions tend to be easier for people to crack, which means that the algorithm that is used to encode the message is easier for attackers to understand, enabling them to more easily decode the message.

Asymmetric Key Encryption

Symmetric Key Encryption The security of this encryption model relies on the end users to protect the secret key properly. If an unauthorized user were able to intercept the key, they would be able to read any encrypted messages sent by other users. It’s extremely important that the users protect both the keys themselves, as well as any communications in which they transmit the key to another person.

Data Encryption How can I encrypt the contents of files and folders in the Windows operating system ? (Right click on the folder, Click Properties, Click Advanced tab, Click “Encrypt contents to secure data” …etc) p. 573 Fig. 11-17 Next

Data Encryption Software Windows & Linux operating systems: Free, open-source disk encryption software TrueCrypt http://www.truecrypt.org Mac OS X (Panther or Tiger) Use the built-in File Vault feature To activate it, open System Preferences and select the Security category

Software to Erase Data Files To securely erase selected files from a Windows computer, use: Eraser www.heidi.ie/eraser) It can delete temporary files as well as those that have been moved to the Recycle Bin It can erase the entire hard drive !

Causes of System Failures What is a system failure? Prolonged malfunction of computer Can cause loss of hardware, software, or data Caused by aging hardware, natural disasters, or electrical power disturbances Noise—unwanted electrical signal Overvoltage or power surge— significant increase in electrical power Undervoltage—drop in electrical supply p. 11.18 Next

System Failure: UPS & Surge Protectors What is a surge protector? Protects computer and equipment from electrical power disturbances ( >= 2200 Joules) Uninterruptible power supply (UPS) is surge protector that provides power during power loss p. 11.18 Figs. 11-18–11-19 Next

System Failure: Surge Protectors What is a Joule ? The amount of electrical energy of one ampere of current passing thru one ohm of resistance. Named after James Prescott Joule (1819-1899) p. 11.18 Figs. 11-18–11-19 Next

Backing Up — The Ultimate Safeguard What is a backup? (4 types: see next slide)  Duplicate of file, program, or disk Full backup all files in computer Selective backup select which files to back up Three-generation backup preserves three copies of important files In case of system failure or corrupted files, restore files by copying to original location p. 11.20 Next

Types of Backup Procedures What are the four types of backups? Offsite backups of data (not OS) for $59.00 per year Carbonite.com

Incremental Backups Incremental backups copy ONLY the data that has been changed since a file was last backed up. Advantage: Usually a quick procedure that does not require much storage space. Disadvantage: A lengthy process to restore the data because the backup software has to stitch multiple backups together to create the whole file.

Differential Backups Differential backups create a completely NEW COPY of any file that has been changed since the last backup of any type. It takes longer to perform a differential backup because more data is copied as opposed to an incremental backup. Restoring data is faster than an incremental backup because complete copies of backed-up files are instantly available.

Internet Security Risks What is a denial of service (DoS) attack? Also called DoS attack Hacker uses unsuspecting computer, called zombie, to execute attack on other systems Distributed DoS (DDoS) attack is more devastating DoS attack in which multiple computers attack multiple networks Computer Emergency Response Team Coordination Center (CERT/CC) assists with DDoS attacks p. 11.21 Next

DDoS Constellation Architecture Attacker (Console) Masters (normally Red Hat Linux 6.0) Masters Daemons (Zombies or Agents) Daemons (normally Solaris 2.5.1 and Red Hat Linux 6.0) Target

Internet Security Risks How do Web browsers provide secure data transmission? Many Web browsers use encryption Secure site is Web site that uses encryption to secure data Digital certificate is notice that guarantees Web site is legitimate p. 11.21 Next

Internet Security Risks What is a certificate authority (CA)? Authorized person or company that issues and verifies digital certificates Users apply for digital certificate from the CA such as Verisign www.verisign.com Also: www.entrust.net p. 11.22 Fig. 11-20 Next

Other Certificate Authorities DigiCert, Inc. GeoTrust 355 South 520 West www.GeoTrust.com Canopy II, Suite 200 Lindon, UT 84042 Phone: (800) 896-7973 Thawte Fax: (801) 705-0481 www.Thawte.com www.digicert.com Entrust, Inc. One Lincoln Center 5400 LBJ Freeway, Suite 1340 Dallas, Texas 75240 Phone: (888) 690-2424 www.entrust.net

Certificate Authority Definition In cryptography, a certificate authority, or certification authority, (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.

Internet Security Risks What is Secure Sockets Layer (SSL)? Provides encryption of all data that passes between client and Internet server Web addresses beginning with “https” to indicate secure connections Only the client computer must have a digital certificate Indicates secure Web page p. 11.22 Fig. 11-21 Next

Secure Electronics Transactions (SET™) SET™ uses encryption for secure financial transactions on the Internet such as payment by credit card. SET was developed by SETco, led by VISA and MasterCard (and involving other companies such as GTE, IBM, Microsoft, Netscape, RSA, Safelayer --formerly SET Projects-- and VeriSign) starting in 1996. SET was based on X.509 certificates with several extensions.

Secure HTTP (S-HTTP) Secure HTTP allows users to choose an encryption scheme for data that passes between a client computer and the server computer. Both the client and server computers must have digital certificates to verify authenticity. Used in online banking. Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.

Internet Security Risks What are methods for securing e-mail messages? Pretty Good Privacy (PGP) is a popular e-mail encryption program Digital signature is encrypted code attached to e-mail message to verify identity of sender Freeware for personal, non-commercial use p. 11.23 Next

PGP Email Encryption Software

Internet Security Risks: Secure Email What are methods for securing e-mail messages? (Email that is encrypted) Digital Signatures: An encrypted code that the sender of an email message uses to verify the identity of the message sender. The code contains the user’s name and a hash of all or part of the message. Hash: a mathematical formula that generates a code from the contents of the message. p. 11.23 Next

Email Out-of-Office Auto Replies Do you configure your e-mail to automatically reply to incoming e-mails with a message explaining that you are away?  "Out-Of-Office" and "Vacation" replies may seem like a good way to let customers and friends know that you have received their message and will not be able to reply immediately. However, when configuring your automatic e-mail replies you should consider: § Auto-replies can validate your e-mail address to Spammers Replying to Spam e-mails lets the Spammer know that your e-mail address is valid and active and can lead to an increase in the amount of Spam you receive.   § Auto-replies can let thieves know that you are away from home or out of the office "Vacation" replies sent from your personal or business e-mail should not be too specific. Your auto-replies may inadvertently let thieves know exactly when and how long your home will be vacant. § Unnecessary auto-replies can waste bandwidth and clutter inboxes You can set up criteria designating who gets your auto reply e-mails and make sure that each recipient only receives one reply. You can ensure that replies are only sent to specific addresses such as those listed in your personal address book or you can make sure that replies are not sent to messages that were diverted to your "Spam" or “junk” folder.    

Hashing Software and Uses (Security) A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself and is generated by a formula in such a way thatbit is extremely unlikely that some other text will produce the same hash value. It is used in the Computer Forensics field to uniquely identify a specific file. (See next slide for an example) Md5sum hashing software downloads: http://www.etree.org/md5com.html

Hashing Software and Uses (Security)

Wireless Security How can I ensure my wireless communication is secure? Secure your wireless access point (WAP) WAP should not broadcast your network name Enable Wired Equivalent Privacy or Wi-Fi Protected Access (WPA); now: WPA2 p. 576 - 577 Fig. 11-22 Next

Ethics and Society What are computer ethics? Moral guidelines that govern use of computers and information systems Unauthorized use of computers and networks Software theft Information accuracy Intellectual property rights—rights to which creators are entitled for their work Codes of conduct Information privacy p. 11.23 Next

Legal for employers to use monitoring software programs Information Privacy What is information privacy? Right of individuals and companies to restrict collection and use of information about them Difficult to maintain today because data is stored online Employee Work Monitoring (EWM) is using computers to observe employee computer use Legal for employers to use monitoring software programs p. 11.25 and 11.31 Next

Information Privacy What are some ways to safeguard personal information? Fill in necessary information on rebate, warranty, and registration forms Install a cookie manager to filter cookies Sign up for e-mail filtering through your Internet service provider or use an antispam program, such as Brightmail Clear your history file when you are finished browsing Avoid shopping club and buyers cards Set up a free e-mail account; use this e-mail address for merchant forms Do not reply to spam for any reason Inform merchants that you do not want them to distribute your personal information Turn off file and print sharing on your Internet connection Surf the Web anonymously with a program such as Freedom Web Secure or through an anonymous Web site such as Anonymizer.com Limit the amount of information you provide to Web sites; fill in only required information Install a personal firewall p. 11.26 Next

Information Privacy What is an electronic profile? Data collected when you fill out form on Web Merchants sell your electronic profile Often you can specify whether you want personal information distributed Leaving these options blank indicates you do not want to be contacted p. 11.26 Fig. 11-26 Next

Information Privacy: Cookies What is a cookie? Small file on your computer that contains data about you Some Web sites sell or trade information stored in your cookies Set browser to accept cookies, prompt you to accept cookies, or disable cookies User preferences How regularly you visit Web sites Interests and browsing habits p. 11.27 Next

Session & Temporary Cookies Are used to store information during a session or visit to a Web site. A session cookie stores data such as a list of items in your shopping cart or graphic elements that repeat from page to page. Session cookies usually expire after a certain period of time such as a week or month. Temporary cookies or session cookies pose little privacy risk.

Persistent Cookies Are stored on the hard drive of your computer even after you close your Web browser. The next time you visit the Web site, your Web browser accesses the cookie from your hard drive to customize your Web page or automatically log you in. A Web site can read data only from its own cookie file. It cannot access or view any other data on your hard drive, including another cookie.

First Party Cookies A type of persistent cookie placed on your hard drive by the Web site you are currently viewing. First-party cookies allow the Web site to customize your browsing experience to fit your preferences. These cookies can also record any personal information that you provide on a Web site. For example, if you create a profile for yourself with a Username & Password, your Email address, or your name and address, that information can be stored in a cookie or in the Web site’s database.

Third Party Cookies A third-party cookie is a temporary or persistent cookie that originates on a Web site different from the one you are currently viewing. Many online advertising firms such as DoubleClick, SpecificClick, and Advertising.com use third-party cookies to track your Web page use so they can target their advertisements. www.DoubleClick.com www.SpecificClick.com www.Advertising.com

Tracking Cookies A tracking cookie is a cookie that tracks your browsing behaviors. Marketers use this data to understand how users use their partner websites and optimize their networks for the average user that visits their networks.

Web server for www.company.com Information Privacy How do cookies work? Step 2. If browser finds a cookie, it sends information in cookie file to Web site. Step 1. When you type Web address of Web site in your browser window, browser program searches your hard disk for a cookie associated with Web site. Unique ID Cookies Unique ID Step 3. If Web site does not receive cookie information, and is expecting it, Web site creates an identification number for you in its database and sends that number to your browser. Browser in turn creates a cookie file based on that number and stores cookie file on your hard disk. Web site now can update information in cookie files whenever you access the site. Request Home Page Web server for www.company.com p. 11.28 Fig. 11-27 Next

Information Privacy What are spyware and spam? Spyware is program placed on computer without user’s knowledge Secretly collects information about user Spam is unsolicited e-mail message sent to many recipients p. 11.29 Fig. 11-29 Next

Spyware Spyware continues to be a very serious threat.  Spyware is being utilized by cyber criminals to collect personal information from your PC, such as stored passwords, stored account numbers, stored credit card numbers or other personal information stored on your PC.  Keyloggers are spyware and are very dangerous because the keylogger spyware can log your keystrokes and can send your keystrokes (such as login IDs, passwords, account numbers, etc.) directly to the cyber criminals.

Social Networking (Facebook)Risks Social networking sites can often become a playground for hackers and other criminals. It is critical to only connect with authorized users and people you know.  One valuable lesson learned in 2010 occurred when hundreds of people in the information security, military and intelligence field shared personal information with a fictitious Navy cyberthreat analyst named "Robin Sage".  A security analyst used online photos to portray the fictitious analyst on Facebook, LinkedIn and Twitter as an attractive, flirty cybergeek with degrees from MIT and a prestigious prep school in New Hampshire.  He established connections with over 300 men and women from the U.S. military, intelligence agencies, information security companies and government contractors to prove how effective social networking sites can be in conducting intelligence gathering activities. Many of the users shared personal information and photos with the fictitious analyst, invited the analyst to conferences and asked her to review documents. 

Microsoft targets Spyware Windows Defender Antispyware software also will protect users against rootkits and keystroke loggers. Rootkits are programs that hide potentially malicious files from security software. Keystroke loggers are programs that record keystrokes so that a hacker can discover a user’s password and other sensitive information.

Trojan Horse & Key Loggers Fredericksburg,Virginia, April 2, 2009 Teenagers in the home downloaded MP3 music files containing a Trojan horse program with embedded keystroke logger software. When the mother went online to check the status of her checking account, the key logger picked up the username, password, and bank account number of the mom. This data was passed back to a hacker with another IP address. The hacker was able to view the account data. The bank discovered that the IP addresses of the hacker and customer were different and suspected a hacking incident. The anti-virus software was out-dated and not working.

Keystroke Logger Report

Information Privacy How can you control spam? E-mail filtering Service that blocks e-mail messages from designated sources Collects spam in central location that you can view any time Anti-spam program Attempts to remove spam Sometimes removes valid e-mail messages p. 11.29 Next

What is “Phishing” ? (Fishing) “Phishing” scams are phony email messages demanding that the recipients verify their financial data by clicking a link to log into a fake version of their bank or credit card issuer’s Web site . Credit card data can be harvested then converted into cash, a process known as “carding”. “Phishing” takes place on obscure Web sites and Internet chat rooms.

Phishing Example

Phishing from Fake PayPal Web site The below email email is an example of a phishing attempt that appears to come from Paypal that is being sent to NVCC email addresses.  As with many phishing emails, it threatens to delete or ‘suspend’ your Paypal account if you do not respond.  These emails are attempting to steal your information by appearing to be legitimate requests.  If you receive one of these phishing emails delete it immediately. From: Paypal [mailto:service@service.com] Sent: Thursday, October 02, 2008 4:57 PM Subject: [BULK] Limited Account Access Importance: Low In the last fews weeks, our Security team has observed multiple logon attempts on your internet banking account from different blacklisted IP`s. For your safety we have decided to suspend you access. You will need to verify your identity. We have attached a form to this email, please download and follow the steps to restore your account. To download the attachment right click on the download link and choose'save link as' or 'save target as' according to your browser. Thank You. PayPal(R) Security Team If you are a Paypal member and are concerned about your account, you should access their official site by typing the company’s qenuine web address into the address bar of your browser.  Never click on any links or download any information that is contained within a suspicious email.  If you have any questions pertaining to a suspicious email, or other security issue, please contact the IT Help Desk. IT Helpdesk 703-426-4141 ithelpdesk@nvcc.edu http://www.nvcc.edu/ithd View current, scheduled and archived Outage Information at: http://www.nvcc.edu/ithd/

What is “Phishing” ? (Fishing) One “Phishing” Web site proudly advertised “spam hosting” from $20.00 per month and “fraud hosting” from $30.00 per month. One 22-year college student recently lost $600.00 after being lured to a fake PayPal.com Web site. The $600.00 was charged to her credit card.

Phishing: Financial Impact It is important to note that phishing scams are increasing and are targeting users both at work and at home.  U.S. businesses lose an estimated $2 billion per year as their clients and employees become victims. According to Gartner, 3.6 million U.S. adults lost $3.2 billion to phishing attacks in the 12 months ending in August 2007.   Spear phishing: http://www.microsoft.com/protect/yourself/phishing/spear.mspx

Phishing and Criminals Organized crime and professional criminals are using phishing as a way to make money and their methods have become much more sophisticated and successful at dodging spam filters. As criminals continue to find ways to defeat technology, individuals need to be more aware of prevention best practices and their organization's policies for e-mail and Internet usage.

Pharming Pharming is an Internet attack that threatens much larger groups of victims and continues to be a concern for organizations.  Pharming is simply redirecting as many users as possible from legitimate commercial web sites that the users intended to visit and leading them to fake web sites that are designed to steal sensitive information.

Pharming: Phony Web Sites Some security reports show cyber thieves are creating over 57,000 new/bogus sites every week to exploit popular brands like Amazon, eBay, PayPal, Visa, Bank of America and others.  In a recent example, the Office of the Comptroller of the Currency issued a warning about HelpWithMyBank.com, an illegitimate website offering consumer information about bank accounts and loans. Once visited, the HelpWithMyBank.com URL directed users to the legitimate consumer information site, HelpWithMyBank.gov, attempting to convince users they were connecting to a legitimate site. But connecting to the fake site before the redirect is believed to have exposed consumers to malware.   Drive-By Pharming is when a hacker changes the DNS (Domain Naming System) settings on an individual's or organization's router or wireless access point and redirects them to a fraudulent web site. The drive-by attack can sometimes be associated with an e-mail pretending to be from a legitimate company that under the right circumstances would change the DNS settings so whenever a user would try to visit the targeted web site, the user would be directed to the attacker's fake site. Drive-by pharming attacks can also target home router equipment which may still be configured with default log-in and password information. The best defense to secure routers is to make sure the default password has been changed to a strong password. Typosquatting, also called URL hijacking, is yet another attack that preys on typographical errors made by Internet users. Criminals basically set up web sites that look like the original web sites, but the web site address is actually a commonly misspelled version or the fake web site is a .net or .tv or .biz instead of the original web site that is a .com. Have your routers, wireless routers and firewalls (home and business) been installed with a new password to replace the default password?

Identity Theft Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim theft can suffer adverse consequences if they are held accountable for the perpetrator's actions. www.LifeLock.com

Controlling Spam (Junk Email) Do NOT post your email address online Spammers use automated Web crawler software which examines Web pages and looks for the @ symbol which indicates an email address. Email marketing lists are then built from the email addresses which are found.

Controlling Spam (Junk Email) If you must publish your email address, try posting it as something like this: johnDsmithATinternetproviderDOTcom rather than johnDsmith@InternetProvider.com This will fool automated Web crawler software. Or: just give a phony or invalid email address ! Research indicates that over 271 billion email messages are sent a day (about 3 million every second) and at least 70% of them are spam, many contain viruses, malicious links, and other dangerous code.

Control Spam: Set up 2 Gmail Accounts Google’s Gmail email service has an excellent spam filtering system that should catch the majority of spam that you receive. To control spam, create 2 email accounts: One for personal email One for online registrations and other situations where you are required to provide an email address to an untrusted party.

Controlling Spam (Junk Email) www.anti-spam-software.com Filter by sender Filter by recipient Filter by subject Filter by message body Filter by friends (accept emails from friends ??)

Information Privacy Laws What privacy laws have been enacted? p. 11.30 Fig. 11-30 Next

The DMCA of 1998 General Highlights: On October 12, 1998, the U.S. Congress passed the Digital Millennium Copyright Act, ending many months of turbulent negotiations regarding its provisions. Two weeks later, on October 28th, President Clinton signed the Act into law. General Highlights: ·         Makes it a crime to circumvent anti-piracy measures built into most commercial software. ·         Outlaws the manufacture, sale, or distribution of code-cracking devices used to illegally copy software. ·         Does permit the cracking of copyright protection devices, however, to conduct encryption research, assess product interoperability, and test computer security systems. ·         Provides exemptions from anti-circumvention provisions for nonprofit libraries, archives, and educational institutions under certain circumstances. ·         In general, limits Internet service providers from copyright infringement liability for simply transmitting information over the Internet. ·         Service providers, however, are expected to remove material from users' web sites that appears to constitute copyright infringement. ·         Limits liability of nonprofit institutions of higher education -- when they serve as online service providers and under certain circumstances -- for copyright infringement by faculty members or graduate students. ·         Requires that "webcasters" pay licensing fees to record companies. ·         Requires that the Register of Copyrights, after consultation with relevant parties, submit to Congress recommendations regarding how to promote distance education through digital technologies while "maintaining an appropriate balance between the rights of copyright owners and the needs of users." ·         States explicitly that "[n]othing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use..."

Information Privacy: Content Filtering What is content filtering? Process of restricting access to certain material Internet Content Rating Association (ICRA) provides rating system of Web content Web filtering software restricts access to specified sites p. 11.31 Fig. 11-31 Next

Internet Content Rating Assn

Information Privacy (COPA) Child OnLine Protection Act (COPA) 1998 Designed to protect minors from harmful Internet material. A U.S. government law Penalties: $50,000 fine; 6 months in jail. Web site for COPA Commission: www.copacommission.org p. 11.31 Fig. 11-31 Next

Computer Crimes: Child Pornography Each week, about 100,000 sexually explicit images of children arrive on CDs or portable disk drives at Michelle Collins’ office in Northern Virginia. The images are sent by police and presecutors who hope Collins and her 11 analysts at the National Center for Missing and Exploited Children can verify that the pictures are real and not computer-generated. It is now harder to convict child pornographers because they are using Adobe Photoshop to alter the images and construct fake photographs. Prosecutors generally still prevail, but this creates an additional work to prove or disprove. Source: Page C2 Free Lane Star, Fredericksburg,VA Feb 25, 2008

Reporting Online Predators National Center for Missing & Exploited Children http://www.cybertipline.com Find offenders in your neighborhood: http://www.familywatchdog.us/ Virginia State Police List of Offenders http://sex-offender.vsp.virginia.gov/sor/policy.html?original_requestUrl=http%3A%2F%2Fsex-offender.vsp.virginia.gov%3A80%2Fsor%2FzipSearch.html&original_request_method=GET&original_request_parameters=

Internet Security: P vs. NP Problem http://en.wikipedia.org/wiki/P_versus_NP_problem http://en.wikipedia.org/wiki/Boolean_satisfiability_problem “P” refers to polynomial Formulated in 1971, P versus NP deals with the relationship between two classes of problems encountered by computers. P problems are easy for computers to solve such as logistical routing planning. If P = NP, computers may be able to solve very complex problems such as protein folding and factoring of large numbers. If P = NP can be proven to be true by mathematicians, there will be major trouble ahead for mathematical algorithms that we rely on for Internet and network security.

Polynomials

(Optional material follows…)  End of Chapter 11 End of Chapter 11 (Optional material follows…)  Yes, I did it ! Robert T. Morris released the first Internet worm in November 1988

Optional slides on firewalls and related material Firewalls (optional) Optional slides on firewalls and related material

What is a Firewall ? A secure computer system placed between a trusted network and an untrusted one, such as the Internet The most common location for a firewall is between a corporate LAN and the Internet Allows users from a protected network to access a public network while simultaneously making the protected company's products and services available to the public

Internal and Personal Firewalls Internal firewall — resides inside your company's internal network Internal firewalls can: Protect sensitive systems Isolate networks that still need Internet connectivity but that use software that may cause problems with other company resources Personal firewall — offers protection for an individual system

Packet Filtering Packet filter — inspects each packet for predefined content Packet filters filter data based on the following fields in the packet: Source IP address Destination IP address TCP/UDP (User Datagram Protocol) source port TCP/UDP destination port

Proxy Servers Replaces the network IP address with a single IP address Provide the following services: Hiding of network resources Logging Caching Proxies come in two basic forms: Circuit-level gateways Application-level gateways

Proxy Gateways on Networks Circuit-level gateway — acts as a proxy between the Internet and your internal systems Application-level gateway — same as a circuit-level gateway but at the application level Most firewalls are combinations of packet filtering, circuit-level gateways and application-level gateways

Network Address Translation (NAT) The practice of hiding internal IP addresses from the external network (NAT) Three ways to provide NAT: Configure masquerading on a packet-filtering firewall Configure a circuit-level gateway Use a proxy server to conduct requests on behalf of internal hosts

Network Address Translation (NAT) NAT is used in conjunction with network masquerading (or IP masquerading) which is a technique that hides an entire address space, usually consisting of private network addresses (RFC 1918), behind a single IP address in another public address space. This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing Internet Protocol (IP) packets on exit so that they appear to originate from the router. In the reverse communications path, responses are mapped back to the originating IP address using the rules ("state") stored in the translation tables. The translation table rules established in this fashion are flushed after a short period without new traffic refreshing their state.

Accessing Internet Services If Internet access is required and a network is located behind a proxy server or firewall, you may have problems accessing Internet services that use ports other than common ports To avoid these problems: Make sure the network has access to all Internet-related protocols used by the company Make sure that the IP addresses assigned to the computers in your network have permission to access the Internet

Troubleshooting Access Through Firewalls Firewalls can cause a bottleneck Firewalls may not allow home-based account access to the corporate e-mail server To troubleshoot firewall problems: Verify that you are using the correct IP address and subnet mask Check your default gateway and verify that the computer can communicate with systems on the same subnet Verify DNS resolution Try to use multiple protocols on the Internet

Network Security Zones DMZ — a mini-network that resides between a company's internal network and the external network Intranet — a security zone available only to authorized organization employees Extranet — a private network that allows selected access to outsiders only after they provide authentication information VLAN — a logical grouping of hosts, generally not implemented by a firewall

Firewall Topologies Common firewall implementations: Packet filter Dual-homed bastion host Triple-homed bastion host Screened subnet (back-to-back firewalls) Bastion host — a computer that houses various firewall components and services and is connected to a public network

Packet Filtering Topology

Dual-Homed Bastion Host

Triple-Homed Bastion Host

Screened Subnet: End: Optional Material

End Chapter 11: Computer Security That’s All Folks !