Threats.ppt 1358KB Jun 23 2011 10:20:44 AM

(1)

CIT 380: Securing Computer Systems Slide #1

CIT 380

Securing Computer Systems

(2)

Vocabulary

• CIA Triad

– Confidentiality

– Integrity

– Availability

• States of Information

– Storage

– Processing

– Transmission

(3)

Vocabulary

• Security Measures

– Technology

– Policies and practices

– Education, Training, and awareness

• Threats, Attacks, Assets

• Prevention, Detection, Recovery,

Survivability

(4)

Vocabulary

• Risk

• Security trade-offs

• Cost-Benefit Analysis

• Script Kiddies

• Security Researchers

• Hacker , Cracker, Attacker

• Black Hat, White Hat

(5)

What are threats?

• What threats can you think of to your home?

• To your money (including bank accounts,

checks, credit and debit cards)?

(6)

Digital Threats:

More of the Same

• Theft

• Vandalism

• Extortion

• Con Games

• Fraud

(7)

Digital Threats:

What’s Different

Automation

– Salami Attack from

Office Space.

Action at a Distance

– Volodya Levin, from St. Petersburg, Russia, stole

over $10million from US Citibank. Arrested in

London.

(8)

Digital Threats:

What’s Different

Technique Propagation

– Criminals share techniques rapidly and globally.

(9)

Next Slide

• The percentage of respondents answering

that their organization experienced

unauthorized use of computer systems in the

last 12 months

(10)

(11)

(12)

Survival Time

• The main issue here is of course that the time

to download critical patches will exceed this

survival time.

(13)

Current Threat Information

• SANS Internet Storm Center

–

http://isc.sans.edu/index.html

• Bugtraq

–

http://www.securityfocus.com/

–

http://www.securityfocus.com/archive/1

• CERT

(14)

Current Threat Information

• Packet Storm

–

http://packetstormsecurity.org/

(15)

Who are the Attackers?

• Hackers vs Crackers

• Levels of attackers

– Developer

• Finds new security vulnerabilities

• Writes tools and exploits

– User

• Understands tools; modifies tools/exploits

(16)

Who are the Attackers?

Criminals.

– 1993: Thieves installed bogus ATM at Manchester Mall.

Saved account#s + PINs.

Organized crime.

– 2000: Mafia-led organization members arrested for

attempt to steal $680million from Bank of Sicily.

Malicious insiders.

– 2001: Mike Ventimiglia deletes files of his employer,

GTE. $200,000 damage.

Industrial espionage.

(17)

Who are the Attackers?

Press.

– 1998:

Cincinnati Enquirer

reporter Michael Gallagher

breaks into Chiquita Fruits voicemail to expose illegal

activities.

Police.

– 1997: LAPD illegal wiretapping scandal.

Terrorists.

– 1999: DOS attacks and web defacements against NATO

country computers during Kosovo bombings.

National Intelligence.

– 2000: Former CIA Directory Woolsey admitted to using

ECHELON information to help US companies win

(18)

Scary Internet Stuff: Underground

•

http://www.youtube.com/watch?v=AYWYvJ

__Dxk&feature=related

(19)

What Are Our Defenses?

• Firewalls

• Virus Scanners

• Spyware Scanners

• Intrusion Detection

(20)

What Are The Attacks?

• Phishing

• Malware

• Ransomware

• Spyware

(21)

(22)

(23)

Scary Internet Stuff: Phishing

• http://www.youtube.com/watch?

v=Ao20tAS3x3I&feature=related

(24)

Amazon.com - Your Cancellation (516-203578-8141423) [email protected]

Dear Customer,

Your order has been successfully canceled. For your reference, here`s a summary of your order: You just canceled order #991-86824-273919

Status: CANCELED

_____________________________________________________________________ ORDER DETAILS

Sold by: Amazon.com, LLC

_____________________________________________________________________

Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel. Thank you for visiting Amazon.com!

---Amazon.com

Earth`s Biggest Selection http://www.amazon.com

(25)

Malware

• Trojan Horses

• Viruses

(26)

(27)

Spyware and Adware

Most Trojan Horses, some infect directly.

– Browser hijacking

– Pop-up advertisements

– Keystroke and network logging

(28)

Spyware and Adware

89% of PCs are infected with spyware

(2006Q2 Webroot .)

– http://www.webroot.com/resources/stateofspywa

re/excerpt.html

(29)

Rootkits

• Execution Redirection

• File Hiding

• Process Hiding

• Network Hiding

User Program

Rootkit

(30)

Rootkits Video

•

http://www.youtube.com/watch?v=PcqnG4-NkZ4

(31)

Botnets

Worm or direct attack usurps control of PC, then

installs control software to listen for instructions.

Instructions can include:

• Attempt to infect other PCs

• Send spam message

• Launch DOS attack

• Upgrade attack and control software

(32)

Scary Internet Stuff: Botnets

• http://www.youtube.com/watch?

v=BRhauoXpNSs

(33)

Wikipedia: Botnet

• http://en.wikipedia.org/wiki/Botnet

–

Historical list of botnets

• Kraken botnet

– http://en.wikipedia.org/wiki/Kraken_botnet

(34)

Key Points

• Computer crimes same as pre-computer crimes.

• Differences in digital threats

– Automation

– Action at a distance

– Technique propagation

• Digital threats

– Phishing

– Malware

– Ransomware

– Spyware

(35)

References

1.

Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List,

http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.

2.

The Honeynet Project,

Know Your Enemy, 2nd edition

, Addison-Wesley, 2004.

3.

John Leyden, "The illicit trade in compromised PCs,"

The Register

, Apr 30 2004.

4.

Stuart McClure, Joel Scambray, and George Kurtz,

Hacking Exposed, 5th edition

,

McGraw-Hill, 2005.

5.

Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security

Skins,"

Proceedings of the Symposium on Usable Privacy and Security (SOUPS)

, July

2005.

6.

SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php

7.

Schneier, Bruce,

Beyond Fear

, Copernicus Books, 2003.

8.

Ed Skoudis,

Counter Hack Reloaded

, Prentice Hall, 2006

9.

Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your

Spare Time,"

Proceedings of the 11th USENIX Security Symposium

, 2002.

10.

Richard Stiennon, "Spyware: 2004 Was Only the Beginning,"

CIO Update

, Jan 26

2005.