1 / 35

UNDERSTANDING INFORMATION SECURITY

UNDERSTANDING INFORMATION SECURITY Lee Ratzan, MCP, Ph.D. School of Communication, Information & Library Studies at Rutgers University Lratzan@scils.rutgers.edu VIRUSES, WORMS, HOAXES, And TROJAN HORSES IT’S A JUNGLE OUT THERE Network Worms Computer Viruses Trojan Horses

Mercy
Télécharger la présentation

UNDERSTANDING INFORMATION SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. UNDERSTANDING INFORMATION SECURITY Lee Ratzan, MCP, Ph.D. School of Communication, Information & Library Studies at Rutgers University Lratzan@scils.rutgers.edu VIRUSES, WORMS, HOAXES, And TROJAN HORSES

  2. IT’S A JUNGLE OUT THERE Network Worms Computer Viruses Trojan Horses Logic Bombs Address Book theft Hijacked Home Pages DNS Poisoning Denial of Service Attacks Zombies, IP Spoofing Buffer Overruns Password Grabbers Password Crackers

  3. AND THE EVER POPULAR: Hoaxes Ploys Pop-Ups Scams Spam

  4. DID YOU KNOW? In 1980 a computer cracked a 3-character password within one minute. In 1999 a team of computers cracked a 56-character password within one day. In 2004 a computer virus infected 1 million computers within one hour.

  5. DEFINITIONS A computer program Tells a computer what to do and how to do it. Computer viruses, network worms, Trojan Horse These are computer programs.

  6. SALIENT DIFFERENCES 1) Computer Virus: • Needs a host file • Copies itself • Executable 2) Network Worm: • No host (self-contained) • Copies itself • Executable 3) Trojan Horse: • No host (self-contained) • Does not copy itself • Imposter Program

  7. TYPICAL SYMPTOMS • File deletion • File corruption • Visual effects • Pop-Ups • Erratic (and unwanted) behavior • Computer crashes

  8. BIOLOGICAL METAPHORS 1. Bacterial Infection Model: • Single bacterium • Replication • Dispersal 2. Virus Infected Model: • Viral DNA Fragment • Infected Cells • Replication • Dispersal A computer virus spreads similarly, hence the name

  9. WHY DO WE HAVE THIS PROBLEM? • Software companies rush products to the consumer market (“No program should go online before its time…”) • Recycling old code reduces development time, but perpetuates old flaws.

  10. AND A FEW MORE REASONS • Market share is more important than security • Interface design is more important than security • New feature designs are more important than security • Ease of use is more important than security

  11. HACKER MOTIVATIONS Attack the Evil Empire (Microsoft) Display of dominance Showing off, revenge Misdirected creativity Embezzlement, greed “Who knows what evil lurks in the hearts of men?”

  12. NETWORKED SYSTEMS VS SECURED SYSTEMS Some platforms are more secure than others NETWORKS SECURITY Open Communication Closed Communication Full Access Full Lockdown Managers must strike a balance

  13. POPULAR FALLACIES • If I never log off then my computer can never get a virus • If I lock my office door then my computer can never get a virus • Companies create viruses so they can sell anti-virus software • Microsoft will protect me My ISP will protect me?

  14. AND A FEW MORE…. • I got this disc from my (mother, boss, friend) so it must be okay • You cannot get a virus by opening an attachment from someone you know • But I only downloaded one file • I am too smart to fall for a scam • You can catch a cold from a computer virus • My friend who knows a lot about computers showed me this really cool site…

  15. THINGS THE LIBRARY CAN DO ACTION PLAN: • Designate security support staff (and fund them) • Make security awareness a corporate priority (and educate your staff) • Enable real-time protection • Update all vendor security patches • Subscribe to several security alert bulletins

  16. Periodically reboot or re-load all computers • Control, limit or block all downloads and installs • Install anti-virus software on computers (keep it current) “It takes a carpenter to build a house but one jackass can knock it down” (Variously attributed to Mark Twain, Harry Truman, Senator Sam Rayburn)

  17. WHAT CAN THE LIBRARIAN DO? Set bookmarks to authoritative: • anti-virus Web pages • virus hoax Web pages • public free anti-virus removal tools Provide patrons with: up-to-date information about viruses, etc. Confirm: that desktops have the latest anti-virus updates

  18. BACK IT UP • Offline copies: Grandfather/father/son (monthly/weekly/daily) • Online copies: Shared network drive • Changes only: Incremental/differential • Do not back up a file on the same disc as the original! • Assume every disc, CD, etc is suspect, no matter who gave it to you “Doveryay, No Proveryay” (Trust but Verify)

  19. MACHINE INFECTED? ACTION PLAN: • Write down the error or alert message • verbatim • inform your tech support team • quarantine the machine 2) Look up the message in an authoritative anti-virus site (demo) • diagnose the problem • take recommended remedial action

  20. Download, install, run the anti-virus • removal tool (demo) If appropriate: • Apply all missing critical security patches • (demo) 3) Reboot the machine • Run a full system scan before placing the machine back in service

  21. THE HOAX STOPS HERE IF THE MESSAGE: • tells you to do something • tells you to take immediate action • cites a recognizable source to give itself • credibility (“Microsoft has warned that…”) • does not originate from a valid computer vendor

  22. AND: • lacks specific verifiable contact information IF IN DOUBT, CHECK IT OUT Confirm the hoax by checking it against authoritative hoax sites Inform other staff so the hoax does not propagate

  23. POPULAR HOAXES INCLUDE: • JDBGMGR (teddy-bear icon) Tricks users into deleting a file Money scam • NIGERIA Pyramid scheme • $800 FROM MICROSOFT

  24. STOPPING THE TROJAN HORSE The Horse must be “invited in” …. How does it get in? By: Downloading a file Installing a program Opening an attachment Opening bogus Web pages Copying a file from someone else

  25. MORE ON THE HORSE……. A Trojan Horse exploits computer ports letting its “friends” enter, and “once a thief gets into your house he opens a rear window for his partners” Security patches often close computer ports and vulnerabilities

  26. NOTE #1 • Search engines are NOT reliable sources of virus information • Information may be inaccurate, incomplete or out of date • Search engines generate huge numbers of indiscriminate hits • Some anti-virus Web sites are scams (or contain trojan Horses) • Go directly to authoritative anti-virus sites

  27. NOTE #2 • Computer companies are NOT reliable sources of virus information Computer companies: • Usually refer you to an anti-virus vendor • are not in the anti-virus business • themselves are victims!

  28. ONLINE RESOURCES Authoritative Hoax Information • securityresponse.symantec.com/avcenter/hoax.html • vil.mcafeesecurity.com/vil/hoaxes.asp Authoritative Anti-Virus Vendor Information • securityresponse.symantec.com/avcenter/vinf odb.html • www.mcafeesecurity.com/us/security/vil.htm

  29. REFERENCES Authoritative Security Alert Information • securityresponse.symantec.com/ (Symantec) • www.microsoft.com/security (Microsoft) • www.apple.com/support/security/ (Apple)

  30. Authoritative Anti-Virus Organizations • www.cert.org (Computer Emergency Response Team-CMU) • www.ciac.org/ciac (CIAC-Department of Energy) • www.sans.org/aboutsans.php (Server and Network Security) • www.first.org (Forum of Incident Response and Security Teams) • www.cirt.rutgers.edu (Computing Incident Response Team-Rutgers)

  31. Authoritative Free Public Anti-Virus Removal Tool Information • securityresponse.symantec.com/avcenter/tools.list.html • vil.nai.com/vil/averttools.asp • mssg.rutgers.edu/documentation/viruses (Rutgers) • some professional library sites have pointers to reliable anti-virus information

  32. PRINT RESOURCES • Allen, Julia, (2001) The CERT Guide to System and Network Security Practices, Addison-Wesley, New York • Crume, Jeff, (2000) Inside Internet Security, Addison-Wesley, New York • Ratzan, Lee, (January 2005) A new role for libraries, SC Magazine (Secure Computing Magazine), page 26

  33. Ratzan, Lee, (2004) Understanding Information Systems, American Library Association, Chicago

  34. A NEW ROLE FOR LIBRARIES?

  35. THE AUTHOR ACKNOWLEDGES • The cooperation of InfoLink (www.infolink.org) for promoting library professional development programs • The Monroe Public Library for the use of its facilities • SC Magazine for publishing an essay on libraries being at the forefront of information security • Lisa DeBilio for her production of the PowerPoint slides. THANK YOU ALL

More Related