How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA

About the Class Schedule: Mondays, 10: :50 in DBH 1420 Website: Look at Readings: The Symantec Guide to Home Internet Security, Andrew Conry-Murray and Vincent Weafer, Addison-Wesley, 2006 Topics: Computer security risks (i.e. phishing, spam, malware, etc) and how to protect against them (i.e. firewalls, anti-virus, patching software, etc.) This course is meant to be practical, not too technical. I can give pointers to more technical information.

Social Engineering Exploiting vulnerabilities in the user, not the network or device  Traditional scams using the computer (and/or the phone) as a vehicle  People trust official looking s and websites  Not primarily technical attacks  Often used to gain information for larger attacks

Social Engineering Examples Examples: “Dear Honorable Sir, I need to transfer $10,000,000,000 to your account”  Required to pay a “small” transfer fee “You need to update your Paypal account …”  Directed to send personal information Call computer support and masquerade as a technician  “Where is that TFTP server located again?”

Spoofing Making a fake version of something in order to trick a user Often used as part of a social engineering scam Example: 1.You get an saying something is wrong with your ebay account. 2.It provides a link to a website The website is fake but can look completely real Can be done with addresses and calling trees

Preventing Social Engineering  Don’t trust anyone or any information that you can’t verify 1.Don’t give critical info to unverified websites/phone numbers 2. Don’t accept anything (i.e. programs) from unverified sources  This may be inconvenient 1.If Citibank calls, you should call them back at a known Number 2. Can’t purchase online from unknown vendors 3. Be careful about freeware/shareware

“Technical” Threats Exploiting vulnerabilities in the computational device or in the network Require some technical ability  Understand network protocols and components  Write code (at least execute scripts)  Deeply understand networked applications May be directed at your machine  You can defend against these May impact you but be directed against other machines  You can’t really stop these

Typical Technical Threats Denial of Service - A service provided by the device is caused to fail Cellphone cannot receive calls, desktop reboots Quality of Service - Quality is degraded, not destroyed Noise added to a phone call, anti-lock brakes slow Data Theft - Important data is taken from the device Passwords, name, usage patterns, location Botnet Zombie - Complete ownership of the device to use in the future for other attacks.

Threats Against Other Machines Your machine’s operations are impacted by an attack on another machine  Usually part of the network infrastructure Examples:  Your Domain Name Server (DNS) is attacked so you can no longer resolve domain names  Your university’s computers are attacked and your personal data is stolen You can’t do much about these attacks, except complain/sue

Threats Against Your Machine Most such threats require executing malicious code on your machine Malware - General term for “Malicious code” Common types of malware: Spyware - Record information inside your device  Browsing habits, keystrokes, etc.  Also change behavior (web page redirects …) Adware - Record information and display ads catered to you

How Does Malware Work? Need to know this in order to defend against it 1.Gets into the memory of your computer 2.Tricks your computer into executing it 3.Hides itself 4.Spreads itself to other machines

Getting Into Your Computer User-driven - User allows the malware in Read your Click on an attachment Click on a website link File transfer (ftp) Background traffic - Many programs communicate on the network in the background IM, skype, automatic updates, etc.

Executing on Your Machine How can foreign programs run on my computer? User Gives Permission “Do you want to enable this macro?” Bad default settings, (ex. Automatically enable all macros) These vulnerabilities can be fixed fairly easily Software Vulnerability A networked application has a coding flaw which allows unauthorized code execution

Rootkits A rootkit is a program that uses stealth - Sneaks onto your machine without you knowing - Hides itself on your machine so that is can’t be removed Rootkits change components of the operating system to hide their presence Example of stealth - A rootkit may attach itself to a good executable - Detected by examining properties of the executable (i.e. size) - Checking properties is a call to an OS program - Rootkit may change the “check properties” program to print the original size Most malware is fundamentally a specialized rootkit

Malware Propagation/Spread Trojan Horse - Malware which is part of another program which the user believes is safe Spread occurs when the user installs the “safe” program Social engineering may be involved Virus - Malware which is part of a larger program or file Ex. Macro in an.xls spreadsheet Self-replicates by inserting itself into new programs/files Worm - Malware which is not attached to another program/file Self-replicates over the network