Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton.

Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton

Richard’s Law of Computer Security Don't buy a computer. If you do buy a computer, don't turn it on. Source: http://virusbusters.itcs.umich.edu/um-resources/vb- interview.html Clever, but false. The [social engineer] will talk someone into … turning that computer on. Source: Mitnick, p. 7

Truths about computer security EVERY home computer and every operating system is vulnerable to attack. In the early days of home computing, solitary equaled safe [except from floppy viruses.] But the internet is a dark force multiplier. When you connect your home computer to the internet, the internet connects to your home computer.

Tick tock Once online, your computer is vulnerable to attack from viruses, worms, and even criminals. How long do you have between connection and attack? –On average, 20 minutes. –And if you have a cable or DSL connection, you have less time than that. Source: http://isc.sans.org/survivalhistory.php

How long do I have, doc? Source: http://isc.sans.org/survivalhistory.php

Why me? Why is your home computer attacked? –It is specifically targeted [HIGHLY unlikely.] –It is a “target of opportunity” using a known exploit.

Common types of home computer security breaches Viruses, worms, and Trojan horses Zombieing Code exploits Malware [adware and spyware] “Man in the middle” Combination attacks

Impact of home computer security breaches Loss or compromise of your data Identity theft Loss of income Legal consequences Gloom, despair, and agony on me Deep dark depression, excessive misery

Scared yet? The internet can be a dangerous place for both computers and users. Fortunately, there are some simple ways to protect both your computer and yourself. Protection = Prevention + [Detection + Response]

Prevention is the mother of safety This workshop is about the first part of that equation: Prevention. We could spend weeks talking about detection and response. –In fact, your local college has semester-long courses on that very topic. For home computer users, intrusion detection and response are just WAY too much work. But prevention is a [relative] snap.

Our goals Demonstrate why you need a firewall Show you how to deal with computer exploits Do all of this in ENGLISH!

Coming soon to a theatre near you In part two of this workshop [coming soon], we –Show you why an updated antivirus program is a necessity. –Talk about how to kill spyware and other malware. –Find out how to block pop-up ads. –Learn how to protect your privacy online.

Short attention span summary To protect against worms and exploits [which is what we’re going to spend this entire presentation talking about], –Use both a hardware and a software firewall. –Run Windows Update/Apple Software Update at least weekly. –Patch all of your software frequently.

Short attention span summary To protect against viruses, worms, and Trojan Horses [which we’ll talk about in part two]: –Install the latest antivirus software. –Update your virus definitions several times a week. –Never double-click on files attached to email messages. –Turn off Windows file sharing. –GET RID OF YOUR FILE SHARING PROGRAM!

Short attention span summary To protect against malware [which we’ll also talk about in in part two]: –Use a good anti-spyware program regularly. –Think about ditching Internet Explorer. To protect your privacy [also in part two]: –Disguise your data. –Encrypt your data and communications. –Erase your tracks. –Watch out for social engineering attacks.

Part One: Firewalls What they are and why you absolutely need one [well, actually, two] before you even THINK about connecting your computer to the internet.

Mmm … worms and crackers. Connect to the internet and two things will quickly target and attack your computer: Worms and crackers. Worms are a type of computer virus that, using automatic file sending and receiving features built into most computers, tries to infect other computers [including yours] over a network. Many worms include backdoors that give crackers a way to easily break into your computer at a later date. And if the worms don’t get you, the crackers will.

The cracker shibboleth People who know nothing about computers use the word “hacker” as a pejorative to describe a person who uses his skill with computers to try to gain unauthorized access to computer files or networks. [Source: Oxford English Dictionary] Cute, but wrong. Inside the computing world, however, the term hacker is highly complimentary, respectfully used to describe a person with an enthusiasm for programming or using computers as an end in itself. [Source: Oxford English Dictionary]

Hackers v. crackers In the computer world –A "hacker" is a brilliant and respected computer programmer or technical expert. –A "cracker" is someone who tries to break into your computer or files without your knowledge and/or permission. A large portion of the cracker community is made up of “script kiddies,” people who –Use security-breaking scripts and programs developed by others. –In general do not have the ability to these scripts and programs on their own. [Source: Wikipedia]

How crackers find you How do worms and crackers find your computer in the first place? Worms automatically/randomly search the internet looking for every unprotected computer they can find. Every semi-competent cracker and script kiddie has software that –Scans thousands of internet connections looking for Windows file and printer shares. –Scans for known vulnerabilities, holes, and unsecured services in Windows, Mac OS, Linux, Apache, VM-CMS, etc. –Exploits those known vulnerabilities. –Cracks Windows passwords. –And so on.

Two types of attacks Most home computer attacks/intrusions are either –Coordinated: Your computer is specifically targeted by a skilled cracker. –Opportunistic: A worm or cracker finds your computer during a random scan of thousands of other computers. Unless someone is after you, you don’t have to worry about coordinated attacks. –For home computer users, they’re few and far between. –Besides, you can’t really stop a coordinated attack. You can only delay it.

Protecting your computer To protect your computer from opportunistic attacks—besides being vigilant with patch management—“hide” your computer from the internet. If the worms and crackers can’t see your computer, they [hopefully] won’t attack you. How do you hide your computer? Use a firewall.

What is a firewall? A firewall is either hardware or software that stands between your computer [or home network] and its internet connection and provides “access control”—it determines what can and cannot pass. It’s just like the firewall in your car. –Your car’s firewall keeps the bad stuff from your engine [like heat and exhaust] out of your passenger cabin. –But it isn’t impervious. It has holes in it to let the good stuff [like the steering column and the brakes] through.

What is a firewall? A good firewall, like your car’s firewall, keeps the bad stuff out and lets the good stuff through. How? Well most consumer firewalls—the hardware firewalls [well, actually they’re routers] you can buy at Wal-Mart or Target or the software firewalls you can download—offer a combination of –Computer stealth—they hide your computer from the worms’ and crackers’ scans. –Intrusion blocking—they make it harder [but not impossible] for worms and crackers to break in.

IP addresses When you connect your home computer to the internet, the internet connects to your computer. –Every computer connected to the internet has its own, unique internet address [like 137.151.128.96 or 130.160.4.4] –Your ISP automatically assigns the internet address to your computer from a pool of addresses the ISP maintains. –When you disconnect [or at some regular interval with cable modem and DSL connections], that address goes back into the ISP’s pool of addresses and is given to someone else.

If a cracker knows your internet address, he can probe your computer for vulnerabilities.

NAT Hardware firewalls use something called “Network Address Translation” or “NAT” to hide your computer from the worms and crackers. You physically connect your home computer[s] to the firewall and connect the firewall to the internet. The firewall—not your home computer— connects to the internet and is assigned a publicly-visible internet address by your ISP.

Hiding behind a wall of fire Your firewall automatically assigns your computer a private internet addresses. –Only your firewall knows what your computer’s private address is. –The private address is not visible to anyone on the Internet nor is it [directly] accessible from the internet. –Since the worms and crackers can’t see your computer’s address, it is harder for the worms and crackers to scan your computer for vulnerabilities. –So, hopefully, the worms and crackers move on to someone else’s computer.

Communicating with the Internet Your firewall becomes your computer’s intermediary on the internet. All traffic must go through it. When you request something from the internet, the firewall pretends that it made the request, not your computer.

Keeping worms and crackers out Since the internet never even sees your computer, there’s nothing for the worms or crackers to probe or attack other than your firewall. And your firewall is just a dumb box.

Stateful packet inspection In addition to using NAT to hide your computer, a firewall also uses “stateful packet inspection” or “SPI” to block intruders. –It only allows connections that you originate. –All other connections are automatically blocked at the firewall.

Why firewalls ROCK! IF YOU DON’T HAVE A FIREWALL, YOUR COMPUTER WILL BE ATTACKED AND/OR COMPROMISED… USUALLY WITHIN 20 MINUTES OF YOUR CONNECTING TO THE INTERNET. Firewalls protect your home computer from worms and crackers through a combination of –Computer stealth using NAT. –Intrusion blocking using stateful packet inspection. Gosh, is there anything firewalls can’t do?

What a firewall can’t do Well, actually, a consumer firewall can’t –Fix operating system or software vulnerabilities A firewall may block some exploits coming in from the internet, but the vulnerabilities will still be there That’s why patch management is so important –Protect your computer from viruses A firewall may block internet worms, but it won’t block viruses attached to emails, hidden in files you download from the internet or Kazaa, etc. Virus protection is a job for your antivirus program, not a firewall.

There’s more A consumer firewall also can’t –Protect your computer from spyware. –Block pop-up ads. –Block spam. –Completely keep crackers out. –Protect you from doing stupid stuff to your computer.

But, if you are looking for simple computer stealth and basic intrusion blocking—and trust me, you are—you need a firewall.

Don’t I already have a firewall? How can you tell if you have a firewall and/or if it is working properly? Go to grc.com and run “Shields Up.” –This is a free, online tool from security guru Steve Gibson. –Shields Up checks file sharing, common ports, all service ports, messenger spam, and browser headers. If Shields Up can see you, so can the crackers. –You either don’t have a firewall or it isn’t configured properly.

Which one? Should you get a hardware firewall or a software firewall? Yes. If you have a cable modem, satellite, or DSL connection, you need both a hardware firewall and a software firewall. If you have a dial-up connection, you only need a software firewall.

Why both? Hardware firewalls have an Achilles’ heel: they [for the most part] assume that ALL internet traffic originating from your computer is safe. But, if you “accidentally” double-click on a virus- infected file, –Your computer will be infected with that virus. [Remember, hardware firewalls can’t protect you from either viruses or doing stupid stuff.] –That virus is more than likely going to try to use your computer and your internet connection to infect other computers.

“With their tanks, and their bombs, and their bombs, and their guns…” So your computer is now a virus-spewing zombie. BUT, remember, your hardware firewall still trusts your computer. Your computer is flooding the internet with thousands of viruses, worms, or spams, and your hardware firewall doesn’t notice, care, or even bother to tell you.

How software firewalls work Software firewalls [actually, “personal software firewalls”] –Constantly run in the background. –Block bad stuff from the internet [the stuff that somehow magically makes it past the hardware firewall.] –Warn you when a program on your computer tries to access the internet. You decide whether or not that program will be allowed to access the internet.

So in our zombie example, the software firewall—NOT the hardware firewall—would catch the flood of viruses before they even left your computer.

In the simplest [grossly oversimplified] terms… Hardware firewalls protect your computer from the internet. Software firewalls –Are a second layer of defense behind your hardware firewall. –Protect both your computer from the internet AND the internet from your computer. –Warn you when something fishy is happening on your computer. So now can you see why I recommend running both a hardware AND a software firewall?

Hardware firewalls Now for the bad news: Hardware firewalls— stand-alone boxes that do nothing but block intruders—are both complicated and expensive. –Cisco’s cheapest firewall [the PIX 501] is approximately US$400 Source: pricewatch.com But two important features of hardware firewalls—NAT and SPI—are built into most hardware routers which are a LOT cheaper. –Linksys’ Instant Broadband™ EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint [BEFSX41] is approximately US$70 Source: pricewatch.com

Over the router and through the woods My suggestion? –Before you connect your computer to the Internet, go to your nearest technology store or big box retailer. –Buy a cable/DSL router from Linksys [my favorite], D-Link, Netgear, Belkin, or SMC for US$50-$75. Image courtesy Linksys.com

u:admin p:admin? Read the instructions that come with your router and CHANGE YOUR ROUTER’S DEFAULT ADMIN USERID AND PASSWORD! Crackers know the default administrator’s userid and password for every router [and firewall and server and operating system and...] ever made. –Check out http://www.phenoelit.de/dpl/dpl.html if you don’t believe me.http://www.phenoelit.de/dpl/dpl.html

Software firewalls Now that I spent US$50 of your hard-earned money on a router, let me save you some money. The four best software firewalls [in my humble opinion] are absolutely free. –ZoneAlarm: http://www.zonelabs.com/http://www.zonelabs.com/ –Sygate Personal Firewall: http://smb.sygate.com/products/spf_standard.htm http://smb.sygate.com/products/spf_standard.htm –Windows XP Service Pack 2 Internet Connection Firewall: built into Windows XP SP2 but NOT into previous versions of XP –Mac OS X Firewall: built into Mac OS X

Training your firewall You need to train the free version of ZoneAlarm [and other software firewalls.] By default, ZoneAlarm blocks everything on your computer from accessing the internet. You have to manually tell ZoneAlarm which programs to let through. Fortunately, this is really simple to do: Just check out http://www.tinyurl.com/27wcz for instructions on how to install and train ZoneAlarm.http://www.tinyurl.com/27wcz

XP Firewall Windows XP comes with its own firewall, so we XP users can breathe easy, right? WRONG! If you have Windows XP Home or Professional, your built-in software firewall is both horrible and [most likely] disabled.

XP Firewall BUT, if you download and install Windows XP service pack 2 from Windows Update, your new built-in software firewall is both good and ON! Oh, and Windows 95, 98, 98SE, ME, 2000 do NOT come with a built-in software firewall. –You need to download ZoneAlarm or Sygate Personal Firewall.

To turn on XP’s built-in firewall Go to Start > Control Panel Click on Network and Internet Connections or double-click on Network Connections. Right-click on your local area network and choose Properties. Click on the Advanced tab. Check Protect my computer and network by limiting or preventing access to this computer from the Internet. Click on OK.

To turn on OS-X’s built-in firewall Go to Apple menu > System Preferences. In Internet & Network, click on the Sharing folder icon. Click on the Firewall tab. Uncheck any of the services you don’t understand or want to run all the time. Then click on the Start button.

Remember If you have a cable modem, DSL, or satellite connection, you need both a hardware firewall [in the form of a router] and a software firewall. If you have a dial-up connection, you only need a software firewall.

Done? Once you’ve installed a hardware and/or software firewall you’re in the clear, right? Not exactly. You’re SIGNIFICANTLY better protected from exploits and network intrusions than most people, but there’s still more you need to do.

Part Two: Exploits What they are, where they come from, and how to manage them

What is an exploit? Until machines start taking over for humans, software bugs and glitches caused by simple human error will be the norm. –Windows XP contains over 40 million lines of source code. Source: Wikipedia –Could YOU write that many lines of code and not make a mistake? An exploit is a program or technique used by a cracker to take advantage of software bugs or glitches in order to circumvent your computer’s security, often without your knowledge.

Mmm… freedom bread. A firewalled computer is a little like a loaf of French bread: crunchy on the outside and chewy on the inside. Firewalls protect your computer from worms and crackers, but not from [all] exploits. And EVERY operating system is vulnerable to exploits.

Some questionable stats from Secunia XP Professional –46 security advisories issued in 2003-2004 –48% involved some sort of remote [online] attack. –46% involved granting system access to a cracker. Mac OS X –36 security advisories issued in 2003-2004 –61% involved some sort of remote attack. –32% involved granting system access to a cracker. Source: Secunia [as posted in http://slashdot.org/comments.pl?sid=113493&cid=9613964]

XP v. Mac OS X So Windows is safer, and Mac OS X is less safe, than most people imagined, right? Not exactly. This is kind of like trying to scientifically measure which parent loves you more.

Why you should question Secunia’s [and everyone else’s] numbers Different suppliers report vulnerabilities differently. A system which includes more software may have more advisories, even though most advisories do not affect most computers running that system. Unpatched vulnerabilities may go for months without the release of an official advisory. Source: http://slashdot.org/comments.pl?sid=113493&cid=9613823

Why you should question Secunia’s [and everyone else’s] numbers Systems which have better default system-wide security settings (e.g. packet filtering, services turned off by default) may have all kinds of "vulnerabilities" that can't actually be exploited. Leaving it up to the supplier to decide if something is a "vulnerability" or a "feature" leads to underreporting. Some of the most common attacks—such as viruses—rely on social engineering, and on "features" that are not classed as "vulnerabilities". Source: http://slashdot.org/comments.pl?sid=113493&cid=9613823

The truth of the matter Computer security isn’t just a PC- or Mac-only problem. EVERY operating system and EVERY software application has vulnerabilities, especially online. Crackers can use these vulnerabilities to –Read or even delete every file on your computer; –Infect your computer with a virus; –Use your computer to attack another computer; or –Do a whole bunch of other nasty things.

But there are some simple ways to keep the crackers [especially the script kiddies] at bay.

Signs your computer MAY have been exploited Spontaneous reboots Failed services, virus scanner disabled Sluggish behavior, poor performance, slow logins Excessive disk or network activity (HD LED, Switch LED) Unknown user accounts Application and service errors Low disk space Subpoenas and search warrants Your computer insists on playing “global thermonuclear war.” Source: Alex Keller, SFSU

Symptoms v. the disease Just because your computer has one or more of these symptoms doesn’t necessarily mean it has been exploited, though. Examples: –Your computer suddenly reboots during a thunderstorm. –Your network activity light goes supernova while you are illegally downloading the latest DiVX movie. –Your computer becomes sentient after you spill a Pepsi on the keyboard.

Call my attorney! I’ve been EXPLOITED! But if computer has been exploited, you need to –Stop cussing. –Immediately disconnect your computer from the internet. –Identify the exploit. –Close the hole. –Fix the damage.

I feel so dirty. To identify the exploit: –Reconnect to the internet, update your antivirus definitions, disconnect, and scan your entire hard drive. –Reconnect to the internet, update your antispyware definitions, disconnect, and scan your entire hard drive. –Write down the symptoms; reconnect to the internet; search Google, Symantec, or the Microsoft Knowledge Base; disconnect. To close the hole, download and apply the appropriate patch from the manufacturer’s web site.

Repairing the damage Repairing the damage from an exploit could be as simple as deleting or replacing corrupt data or as complicated as a deep-level format of your hard drive. –The repair path depends on the exploit. –This may be a job for a professional repair technician. The BEST way to repair the damage caused by an exploit is to close the holes before they are exploited.

Closing the holes When a vulnerability is found, operating system and software manufacturers [eventually/hopefully] release something called a “patch.” A patch is simply a software update meant to fix problems, bugs, or the usability of a previous version of an application. Source: Wikipedia Download and install the patch and your computer is [hopefully] no longer susceptible to that particular vulnerability.

Why are patches so important? When a new patch is released, an unintended consequence is that the bulletin announcing the patch also announces the vulnerability to crackers. Crackers count on the fact that you won’t get the patch—your computer will continue to be vulnerable. And the time between bulletin and exploit is shrinking.

MS02-039 MS Security Bulletin:MS02-039 Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) Originally Posted:July 24, 2002 Exploit:W32.SQLExp.Worm [a.k.a., SQL Slammer Worm] Exploit Discovered by Symantec on: January 24, 2003 Elapsed Time from Bulletin to Exploit: 184 days

MS04-011 MS Security Bulletin:MS04-011 Security Update for Microsoft Windows (835732) Originally Posted:April 13, 2004 Exploit:W32.Sasser.Worm Exploit Discovered by Symantec on: April 30, 2004 Elapsed Time from Bulletin to Exploit: 17 days

Patch or DIE! Notice a trend? Can you see why patch management is so important? The time between bulletin and exploit is shrinking!

She watch, she watch, she watch… channel ZERO! In fact, zero-day exploits—exploits that take advantage of unknown operating system or software application vulnerabilities—already exist and more are coming. –Crackers keep these zero-day exploits to themselves, using them to gain access or escalate privileges on a small number of target systems. No one has released a Blaster- or Sasser-like zero-day exploit into the wild…yet.

You can’t completely protect your computer from every exploit, but you can keep the exploits at bay by practicing simple patch management.

Patch management Where do you start? Make a simple, estimated time sheet showing the programs you use each week and how much time you use each program. List EVERYTHING! –Email client(s) –Web browsers –Word processors –Chat programs –Media players –Games –…

Patch management Don’t forget to include your operating system and antivirus which [hopefully] are always running. –Add those to the top of your list Sort your list by hours of use That’s your patch list, in order.

How I use my home computer ProgramEstimated Hours Per Week I Use That Program Microsoft Windows XP Pro SP 145 Hours Norton Antivirus 200445 Hours Eudora Pro 6.130 Hours Microsoft Internet Explorer 6 SP 125 Hours Microsoft Word 200315 Hours Microsoft PowerPoint 200310 Hours Trillian 0.7410 Hours Macromedia Dreamweaver MX 2004 10 Hours Mozilla Firebadger 0.95 Hours ……

My patch list So my patch list, in order, would be 1.Microsoft Windows XP SP 1 2.Norton Antivirus 2004 3.Eudora Pro 6.1 4.Microsoft Internet Explorer 6 SP1 5.…

How to patch Windows When Microsoft finds a security hole in Windows or Internet Explorer, they [usually/eventually] release a patch called a “Critical Update.” In Internet Explorer, go to Tools > Windows Update. Click on Scan for updates.

How to patch Windows Download and install only the Critical Updates and Service packs. –Ignore the other updates. Keep running Windows Update until it tells you to go away. To see a complete catalog of all Microsoft Critical Updates for Windows 9X and NT, go to http://v4.windowsupdate.microsoft.com/catalog http://v4.windowsupdate.microsoft.com/catalog

The NEW Windows Update There are now two Windows Updates: –Version 4 for Windows 95, 98, 98SE, ME, and NT –Version 5 for Windows XP and 2000 When you run Windows Update, Microsoft “sniffs” your computer and automatically redirects you to the correct version.

Mambo Number 5 When you run Windows Update v.5 on XP or 2000 for the first time, choose “Express Install.” –This only gives you the critical updates and security updates. By default, Automatic Updates are turned on.

How to patch the Apple OS Apple menu > Software Update To get updates immediately: –Choose System Preferences from the Apple menu. –Choose Software Update from the View menu. –Click Update Now. –In the Software Update window, select the items you want to install, then click Install. Image courtesy Apple.com

Manually run Windows Update or Apple Software Update at least once a week. Your computer should, by default, automatically check for updates. That’s cool, but also run the update manually just to be safe.

To patch Microsoft Office In Windows XP or 2000, just run the new Windows Update. In older versions of Windows, go to officeupdate.microsoft.com and click on “Check for Updates” Mac users need to go to http://www.microsoft.com/mac/ downloads.aspx http://www.microsoft.com/mac/ downloads.aspx Have your Office installation disk nearby in case the update needs to “sniff” the disk.

Patching other programs through “Check for Updates” Open the program you want to patch and, under the Help menu, look for “Check for Updates,” “Updates,” “Check for Upgrade,” or something similar. This will either –Automatically check for and install any software patches you are missing –Take you to a web site where you can download the necessary patches.

Manually patching your software If the Help menu doesn’t have a built-in update feature, choose About [the name of the program] in the Help menu and write down the exact version number of the program. –Usually its an integer and a combination of decimals [like 7.0.1] Go to the software manufacturer’s web site and look for “Downloads,” “Upgrades,” “Support,” or something similar.

Manually patching your software Compare your software’s version number to the version number available online. –If the decimals of the online version number are larger than yours, download and install the appropriate patch. –If the integer is larger, you’ll need to buy a new version of the program.

Done? Once you’ve installed a hardware and/or software firewall and [regularly] patched your operating system and programs you’re in the clear, right? Not exactly. You’re certainly better protected from exploits than most people, but there’s still more you need to do.

Coming soon to a theatre near you In part two of this workshop [coming soon], we –Show you why an updated antivirus program is a necessity. –Talk about how to kill spyware and other malware. –Find out how to block pop-up ads. –Learn how to protect your privacy online.

Our goals Demonstrate why you need a firewall Show you how to deal with computer exploits Do all of this in ENGLISH!

Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen California State University, Fullerton Faculty Development Center

Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton.

Similar presentations

Presentation on theme: "Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton.

Similar presentations

Presentation on theme: "Home Computer Security and Privacy: Part One a presentation by Patrick Douglas Crispen Faculty Development Center California State University, Fullerton."— Presentation transcript:

Similar presentations

About project

Feedback