Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basic Computer Security Sankardas Roy Department of Computing and Information Sciences Kansas State University.

Published byHomer Short Modified over 8 years ago

Similar presentations

Presentation on theme: "Basic Computer Security Sankardas Roy Department of Computing and Information Sciences Kansas State University."— Presentation transcript:

1 Basic Computer Security Sankardas Roy Department of Computing and Information Sciences Kansas State University

2 Acknowledgement Most of the slides and demonstration were prepared by Professor Xinming (Simon) Ou Department of Computing and Information Sciences Kansas State University 2

3 We all hear of computer malware Viruses, Worms, Bots, Rootkits, Spyware, … –Malware is a computer program with malicious intent (Malicious-softWare) But how do they get onto your computer? 3

4 First path: You installed them! Common-sense Test 1: –You got an email with the subject line: “You received a greeting card from Hallmark!”, and an attachment file “Card.jpg.exe”. –Should you open the attachment? 4

5 First path: You installed them! Common-sense Test 2: –You browsed to the website of company A and wanted to watch a video posted there. When you clicked the link, a window popped up which said : “In order to view this movie, you need to install the Wonderful video player provided by company A.”, and there were two buttons bellow: “Install” and “Cancel”. –Which button would you click? 5

6 First path: You installed them! Common-sense Test 3: –You wanted to install a free PDF printer driver found on the Web. At the beginning of the installation, a license agreement dialog popped up and there is this sentence in the agreement: “In installing this software, you agree that a browser toolbar will be installed which will collect certain usage information…”. –Do you want to agree to the EUL? 6

7 Key Points When you run a program, you are essentially giving out everything you can do on your computer to the program –It is like giving someone the key to your house, and wait for him to return the key to you when he is done! 7

8 Second Path: You are hacked! Common-sense Test 4: –You got an email with the subject line: “You received a greeting card from Hallmark!”, and an attachment file “Card.jpg”. –Should you open the attachment? 8

9 Second Path: You are hacked! Common-sense Test 5: –In light of the death of Michael Jackson, you searched the Web for his songs. You found one at a website with a link to a music file which can be opened by your music player. –Shall you open the music file? 9

10 Second Path: You are hacked! Common-sense Test 6: –You went to a website, on which there is a link to something you are interested in. –Shall you click on that link? 10

11 Key Points You can get malware even without invoking a malicious executable file –There may be vulnerabilities in your computer’s software—operating system or applications –Software vulnerabilities can be exploited when exposed to malicious input If a vulnerable but otherwise benign program receives a malicious input, it can cause malicious code to be executed with your privilege 11

12 Explanation with an Example Browser (e.g. IE from Microsoft) is a program –runs on your computer when you open a page –browser may not have any malicious intent The webpage (e.g. CIS 490 home page) which you browse works as an input to IE –this is typically a.html/.htm file –this may contain the attacker’s script If your browser tries to open the above page –your computer can be compromised –the attacker can control your computer now 12

13 Attack Demo: A Sketch Diagram 13 Attacker’s machineVictim’s machine webserver browser listening agent bot webpage

14 Demonstration

15 Drive-by Download What you have just seen is called “drive-by download” –Your computer gets compromised while browsing the Web through a vulnerability in the browser, one of its plugins, or some other program that is invoked automatically on downloaded files A successful exploit gives an attacker full privilege on a computer, which can enable him to –change your computer’s settings –install other malicious programs –steal your personal information –use your computer to attack other computers –and many more… 15

16 Perhaps we shall stay at “good” websites? Provos, et al., 2008 1.3% of the incoming search queries to Google’s search engine returned at least one malicious URL in the result page. 16

17 How about anti-malware software? Provos, et al., 2008 17

18 The difficulty of detecting malware Theoretical concern: –There can be no general mechanized process for determining what a piece of code may do Implication for us: –There is a bound on how well we can detect malicious content 18

19 Total #vulnerabilities reported in NVD 19

20 What we can do to reduce the risk Keep your firewall on Keep your software up-to-date –do not browse the web until you have updated your system Having some anti-malware system could help reduce the attack surface –but do not think you are safe and can do whatever you want Every end user needs to take part! 20

21 Firewall 21 What is a firewall? –a tool which can control the incoming and outgoing network connections of a computer What does it protect the computer from? –mainly remote attackers How to make the firewall ON? –this may depend on the OS –we will briefly discuss it for Windows –will briefly discuss it for Mac too

22 Configuring the Firewall on Windows: Part I 22

23 Configuring the Firewall on Windows: Part II 23

24 Configuring the Firewall on Mac: Part I 24

25 Configuring the Firewall on Mac: Part II 25

26 Configuring Firewall on Mac: Part III 26

27 Configuring Firewall on Mac: Help Center 27

28 Updating Software Types of software –Operating System (Windows, Mac) –Other software (e.g. Adobe Flash, Java, etc.) Why update –vendors fix recent bugs and release update How to get the update –nowadays OS updates itself (requires reboot) –other software shows the user “update request” and may require reboot –you should not delay the update 28

29 Windows: Managing Updates 29

30 Mac: Managing Updates 30

31 Mac: Checking the Available Updates 31

32 Get an Anti-virus Running You may get Trend Micro anti-virus free –from the KSU ITS website Install an antispyware tool –Windows Defender/MSE is free from Microsoft –Defender is installed by default in Windows 7 The anti-virus should regularly update itself –to get the new attack signatures from the vendor –this requires your computer to have an Internet connection It should always run in the background –also should periodically scan the whole computer 32

33 An Anti-virus for Windows: MSE 33

34 Checking the Update Status of MSE 34

35 Another Anti-virus: Windows Defender 35

36 Windows General Security Options 36

37 Windows: Changing the Account Password 37

38 Windows: User Account Control Settings 38

39 Mac General Security Options: Part I 39

40 Mac General Security Options: Part II 40

41 The Autorun Problem of Windows OS Another common-sense test: Say you have got a USB flash drive (a.k.a. jump/pen/thumb drive) from someone. –You are told that the media has some valuable information, music, video, e-book, etc. –Shall you hook the drive into your computer to see what the content is? Caution: Just hooking the drive can install a malware in your computer without your notice 41

42 How to disable the Autorun Feature You should disable Autorun in Windows XP –It can be done by updating the registry (regedit4) Microsoft has disabled Autorun in Windows 7 Mac does not have Autorun feature Reference for more information: http://blogs.computerworld.com/the_best_way_to_disable_autorun_to_b e_protected_from_infected_usb_flash_drives 42

43 Summary We discussed a few computer security problems Also discussed the common countermeasures Reminder: Homework 1 is due –before the next week’s class (1 pm on Jan 31) –You can submit electronically at k-state online Next class (Jan 31) will be held in Room 127 43

Download ppt "Basic Computer Security Sankardas Roy Department of Computing and Information Sciences Kansas State University."

Similar presentations

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Warren Toomey North Coast TAFE Port Macquarie campus

Warren Toomey North Coast TAFE Port Macquarie campus
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Online PC Safety and Security Workshop LBCC Library Gabriel Beeler, LBCC Librarian.

Online PC Safety and Security Workshop LBCC Library Gabriel Beeler, LBCC Librarian.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
How to maintain your computer

How to maintain your computer
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk
P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.

P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.
Cyber Patriot Training

Cyber Patriot Training
© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.

© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information

Similar presentations

Ads by Google