Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classroom Activities Guide

Similar presentations


Presentation on theme: "Classroom Activities Guide"— Presentation transcript:

1 Classroom Activities Guide
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Classroom Activities Guide

2 What is a computer virus?
A computer virus is a malicious program that spreads from computer to computer. Consider allowing students to answer this question before presenting the definition.

3 Viruses, Worms, Trojan Horses
Have you heard other names for malicious computer programs? Viruses, Worms, Trojan Horses There are technical differences between each of these, but all of them attempt to run on your computer without your knowledge. Optional activity: Have students surf the web for definitions of and distinctions between Viruses, worms, Trojan horses, malware For example:

4 Malware The most general name for a malicious computer program is malware. You may have heard computer programs called software. The word malware comes from MALicious softWARE.

5 How does malware invade your computer?
You have probably heard of some ways that malware can invade your computer. What are they? Through attachments By clicking on a web link when surfing the web By downloading a program that claims to be a game or cool picture Others? Consider allowing students to attempt to answer the question before revealing the answer.

6 Front Door Attacks What do many of these attacks (through , web browsing or downloads) have in common? They all require the actions of a legitimate user. They can be considered “front door” attacks because a user is tricked into opening the door for the attack through their action.

7 Understanding Front Door Attacks
The key to understanding front door attacks is that when you run a program it runs with *all* your rights and privileges. If you can delete one file, any program you run can delete all your files. If you can send one , any program you run could send thousands of spam s. This includes any program you run even accidentally by opening an attachment or clicking on web link.

8 Back Door Attacks Not all attacks require action by a legitimate user.
“Back door” attacks target vulnerabilities in server software that is running on your computer. Server software is software that listens for requests that arrive over the network and attempts to satisfy these requests. A web server is an example of server software.

9 Are you running any servers?
Most home computer users think they are not running any server software. However you would be surprised. For example, most default installations of Windows run a number of network services by default.

10 How can you check? At a Windows command prompt, type the command “netstat –an”. It will display a list of server software that is listening for requests over the network.

11

12 Things to Notice In the List
The server listening on port 135 was attacked by the Blaster worm. The server listening on port 435 was attacked by the Sasser and Korgo worms. Optional activity: Investigate on the web how the Sasser and Korgo worms worked.

13 Server Software Server software is designed to provide useful features. For example, server software allows you to mount files from other computers or share printers between computers etc. So how then can server software be used to attack a computer?

14 Legitimate vs Illegitimate Requests
Basically server software receives a request over the network, examines the request and decides if it can satisfy the request Legitimate requests do not cause an attack. Most illegitimate requests do not cause attacks either because the server simply answers that it does not understand or cannot satisfy a request.

15 Carefully crafted, devious requests
To attack server software, authors of malware do not just send any old illegitimate request. They send very carefully crafted illegitimate requests that exploit a weakness or flaw in the server software.

16 What is an example of such a weakness? (part 1)
When programmers write server software, they write it to listen for requests that come in over the network. They might assume that no request will ever be longer than 1000 letters long. This might be a perfectly valid assumption for all reasonable requests, but an attacker might send a request that is 100,000 letters long.

17 What is an example of such a weakness? (part 2)
If the server only left room for 1000 letters, then the rest of the letters may get copied over the legitimate program instructions. Thus, the request sent by the attacker takes the place of the legitimate program instructions and the server starts to execute the attackers code instead.

18 Buffer Overflow Attacks
This type of attack is called a “buffer overflow attack” because it overflows the buffer of space left for a request with too many characters. Such an attack could be prevented if the server always checked for requests that are too long. Sometimes programmers neglect to do that and this is what produces the weakness or flaw that is exploited by the attacker. If you are learning to program, you should know that you can prevent many viruses by following good programming practices.

19 Buffer Overflow Attacks Aren’t Easy
The attacker must Know how long of a request to send Send precisely the right data that can be interpreted as instructions by the server Find a machine running a server with that weakness. If the attacker sends the wrong data, the server might crash instead of running the attackers instructions.

20 Exploiting a weakness If an attacker crafts an attack that works on their local machine then chances are that it will work on many other machines. Attackers tend to target the most common computing platform – Windows – so that their attacks will impact the most machines.

21 What do viruses do? Once an attacker manages to exploit a weakness, they can run any code they want on the victim’s machine. Attack codes vary in what they try to do. Have you ever suffered a computer attack? What happened to your machine? How hard was it to recover?

22 What does malware do? Some attackers just want to see if they can make an attack succeed. The malware they write may simply displaying something to the user or announce its presence in another way. Other attackers want to do damage to others without trying to benefit directly. The malware they write might delete files or otherwise corrupt the system.

23 What does malware do? (continued)
Still others try to write malware that steals information from the victim. The malware they write might search for credit card numbers or other personal information and send it back to the attacker. Spyware might watch for victim’s passwords or otherwise spy on their online activity.

24 What does malware do? (continued)
Still others write malware that uses the victim’s computer for their own purposes. Use it to store files (often illegal) and make them available to others – shifting liability away from the attackers. Use it to attack other computers – making it harder to trace the attack to its real source.

25 Self-replicating Regardless of its other goals, a large percentage of malware tries to spread itself automatically. Malware programs may try to spread by Sending out with infected attachments. Send out carefully-requests back door attack packets.

26 Consequences of Attacks
If you have ever been attacked by a computer virus, you know the damage it can cause Your computer can begin to run very slowly and constantly pop-up annoying messages that make it difficult to do anything productive. Having the virus removed by a technician can be expensive and time-consuming. The virus itself may destroy irreplaceable files like family pictures or videos. Even if the virus itself does not cause data loss, often the process of removing the virus can require reinstalling the operating system and all the programs. Your credit card or other private information can be stolen.

27 World-wide damage estimates
Computer viruses cause a huge amount of damage worldwide. Damages from just one virus (The I Love You Virus) are estimated at $10 billion dollars. It is also estimated that 45 million people worldwide were affected. Costs come from restoring damaged systems, replacing lost information, steps taken to prevent attacks and steps taken to prepare to recover from attacks.

28 Case Jason, a 16 year old honor student, wrote a computer virus that causes 4 billion dollars of damage and impacted countless home and business computers. The authorities traced the virus to him. Jason says that he is very sorry and didn’t mean for it to get so out of hand. He said he was just fooling around to see if he could do it.

29 Discussion How would you feel if you were a friend of Jason’s?
How would you feel if you had lost your entire MP3 collection or a book report you had worked on for 3 weeks? What type of punishment would recommend in this case?

30 Blackhat vs Whitehat Blackhat computer hackers look for flaws in software to exploit them or break into computer for malicious purposes. Whitehat computer hackers look for flaws in software to fix them or attempt to break into computers to audit their security. Optional activity: Have a class discussion about what is ethical hacking? Can you identify some grey areas? How do you feel about those?

31 What do whitehat hackers do?
Analyze server software for flaws that could be exploited and recommend fixes. Analyze new viruses or malware to characterize what they are doing and to build patches. Audit the overall security of computer systems.

32 Defenses Even if you are not whitehat hacker there is a lot you can do to defend your computer against attack Defending against front door attacks means being careful about what programs you run and what attachments and links you open Defending against back door attacks means knowing what services are running on your machine and keeping them patched

33 Defending against front door attacks
1) Be careful opening attachments even from friends. 2) Be careful clicking on web links found on less reputable web sites. 3) Beware of free downloads that seem too good to be true. 4) Use a good virus scanner and keep your virus signatures up-to-date. 5) Consider using less popular readers and web browser software.( Attackers target the most popular software.) There are excellent and free open source options. Optional activity

34 Defending against back door attacks
1) Use netstat to see what services are running. 2) Periodically check to see if any new services have been started. 3) Keep your server software patched and up-to-date. 4) Consider shutting down any services you do not need. Optional activity

35 Prepare to recover from an attack
No matter how careful you are it is still wise to prepare to recover from an attack if one does occur. 1) Back up your personal data such as digital pictures, letter and papers you’ve written, your address book, etc. 2) Keep track of the software you’ve installed on your computer including where you got it and any activation keys you paid for.

36 Review Questions What is a front door attack? What are some examples?
What is a back door attack? What are some examples? Give some examples of what malware tries to accomplish. Describe ways that whitehat hackers try to make systems more secure. Describe things you can do to secure your computer against attack.

37 Conclusion Knowing the different kinds of attacks and the goals of attackers can help you understand how better to defend yourself.


Download ppt "Classroom Activities Guide"

Similar presentations


Ads by Google