html5-img
1 / 47

Outcomes

Outcomes . Why are computer networks vulnerable? Methods used by hacker to gain unauthorised access Viruses Different type of viruses How do viruses infect computers Methods used by anti-virus software Symptoms of virus infection Steps to take to protect your computer from viruses.

balin
Télécharger la présentation

Outcomes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Outcomes • Why are computer networks vulnerable? • Methods used by hacker to gain unauthorised access • Viruses • Different type of viruses • How do viruses infect computers • Methods used by anti-virus software • Symptoms of virus infection • Steps to take to protect your computer from viruses

  2. Brief History of ComputerSecurity With the explosive growth of the Internet, there has been a rise in importance of computer security

  3. Why are networked systems vulnerable. • Internet is 37 years old • Was designed without security provisions • Communication protocols (TCP/IP) were designed when the security was not an issue. • Security features had to be layered at the top of the design • Old operating systems were design for a single user • No security was need • Explosive growth of desktops started in ’80s • Also no emphasis on security • Explosive growth started in mid-’90s • Security not a priority until much later

  4. Computer security was ignored • Interest in computer security very old • But largely confined to the military • Other communities did not care • Internet - it’s only a research network, who would attack it? • Desktops - who needs military security, I just want to run my spreadsheet!

  5. Important event • Morris worm - 1988 • Brought down a large fraction of the Internet • Academic interest in network security • E-commerce - mid ‘90s • Industrial interest in network security protocols • Resurgence of worms - early ‘00s • Made computer security a household term

  6. Modern operating systems • Improved security in modern operating systems • Challenge for hackers • Hackers did not give up • more sophisticated virus were born. • Security is still a major issue in networked systems

  7. Unauthorised logins and password stealing • Intruders use various ways to access someone’s account • Brute force: • Program making successive login attempts • Domain knowledge: • Users tend to use passwords easy to remember • Partner’s name, … • Mock login: • If a hacker has physical access, they might install a program simulate the screen image of the login prompt and store userid/password. • Human factors: • Call the computer help desk claiming you forgot your password. • Reformed hackers, the best way to get information is to ask for it. • Spyware: • malicious code that gains access to a computer via a Trojan Horse • can monitor the user’s keystrokes and report passwords, credit card numbers • etc to the hacker via a TCP/IP connection

  8. Viruses

  9. Virus Statistics • 1988: Less than 10 known viruses • 1990: New virus found every day • 1993: 10-30 new viruses per week • 1999: 45,000 viruses and variants

  10. A Couple of Definitions: • A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. • “a program that replicates by “infecting” other programs, so that they contain a copy of the virus”

  11. How • Viral code is attached or “inserted” into the order of execution so that when the legitimate code is run the viral code is also run or run instead of the legitimate code. • May be “tacked” on to the end of an executable file or inserted into unused program space. • Cavity viruses: • Overwrite part of a legitimate program • Hard to detect as file size is not modified • Overwrite boot records: • Viruses starts executing when the computer starts up

  12. The Normal Virus works like this: • User call for a legitimate program • The virus code, having inserted itself in the order of execution, executes instead or in addition to the legitimate program. • The virus code terminates and returns control to the legitimate program

  13. How they work: • Basic structure: • { • look for one or more infectable objects • if (none found) • exit • else • infect object • } • Doesn’t remain in memory, but executes all of the viral code at once then returns control to the infected program

  14. Worms • A computer WORM: • is a self-contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems via network connections.  • worms do not need to attach themselves to a host program. • 2 types of worms • host computer worms • network worms. 

  15. NETWORK- Computer Worms • Network worms consist of multiple parts, called segments. • The segments run on different machines on the network • and may even perform different actions • Moving a segment from one machine to another is only one of their purposes.

  16. HOST- Computer Worms • Host computer worms: • are entirely contained in the computer they run on. • use network connections only to copy themselves to other computers. • the original terminates after it launches a copy on to another host. • Only one copy of the worm running somewhere on the network at a time

  17. How Viruses are born • Unlike biological viruses, computer viruses do not simply evolve by themselves • deliberately created by programmers, or by people who use virus creation software

  18. How Viruses are born • Viruses are written as • research projects • to attack the products of specific companies, • to distribute political messages, • and financial gain from identity theft, • Some virus writers • consider their creations to be works of art • See virus writing as a creative hobby Releasing computer viruses is a crime in most jurisdictions

  19. Viruses can avoid detection • To avoid detection by users, viruses employ different deception methods • They do not make themselves to • change the date of last modified • increase file sizes • damage the files • They kill the tasks associated with antivirus software before it can detect them

  20. Logic Bomb: • Logic Bomb: A logic bomb executes when specific conditions occur. • Triggers for logic bombs can include change in a file, by a particular series of keystrokes, or at a specific time or date.

  21. Trapdoor • Trapdoors allow access to a system by skipping the usual login routine. • Overall goal of rootkits: install trapdoors

  22. Macro Viruses • Macro virus: • Encoded as macro and embedded in a document. • Many applications allows you to embed a macro in a document. • Microsoft Word, Excel, Access • The macro executes each time the document is open. • Infect programming environments rather than files • Once a macro virus gets onto your machine, it embedded itself in all future documents you create with the application • 75% of all viruses today are macro viruses

  23. Why are they so dangerous? • Can infect multiple types of operating systems • People don’t normally think of viruses in documents • Easy to learn how to write a macro virus • Because office programs are usually integrated, email programs can be used to further spread the virus

  24. Famous Macro Viruses • Concept: - Distributed by Microsoft • Considered to be the first macro virus • Simply showed the potential for macro viruses

  25. Famous Macro Viruses • Melissa Virus – Word97 Virus • Melissa was really successful macro virus • Spread via Outlook • Overwrites first macro in open documents and in the normal.dot template • Turns off macro detection

  26. The Original Trojan Horse • Trojan horses are named after Homer’s Iliad story of Greeks gifting a huge wooden horse to Troy that housed soldiers who emerged in the night and attacked the city.

  27. Trojan Horses • Trojan horses are programs that appear to have one function but actually perform another function. • Modern-day Trojan horses resemble a program that the user wishes to run - a game, a spreadsheet, or an editor. While the program appears to be doing what the user wants, it is also doing something else unrelated to its advertised purpose, and without the user's knowledge.

  28. Denial-of-Service (DoS) Attacks • DoS attack • Prevent a system from servicing legitimate requests • In many DoS attacks, unauthorized traffic saturates a network’s resources, restricting access for legitimate users • Typically, attack is performed by flooding servers with data packets • Usually require a network of computers to work simultaneously, although some skillful attacks can be achieved with a single machine • Can cause networked computers to crash or disconnect, disrupting service on a Web site or even disabling critical systems such as telecommunications or flight-control centers

  29. Distributed DoS attacks • Programs of this type • Spread to as many hosts as possible • Wait for predefined commands or fixed date and time to lunch denials of Service

  30. Remote Administration Trojans (RATs) • Once installed on PC. • Give hackers complete control • They can record keystrokes, web access, copy/delete files • RATs consists of client and server: • The server somehow installed on the victim’s computer • Attempt to contact the hacker’s system (client)

  31. Software Exploitation • Buffer overflow attacks • Occurs when an application sends more data to a buffer than it can hold • Can push the additional data into adjacent buffers, corrupting or overwriting existing data • A well-designed buffer overflow attack can replace executable code in an application’s stack to alter its behavior • May contain malicious code that will then be able to execute with the same access rights as the application it attacked • Depending on the user and application, the attacker may gain access to the entire system

  32. Buffer Overflow Injection • Overflow the Stack • Overflow the Heap • Goal: Must control the value of the instruction pointer (processor specific) • Goal: Get the Instruction Pointer to point to a user-controlled buffer.

  33. Types of Propagation • Parasitic • Propagates by being a parasite on other files. • Attaching itself in some manner that still leaves the original file usable. • .com and .exe files of MS-DOS • Macro virus • Boot sector infectors • Copy themselves to the bootable portion of the hard (or floppy) disk. • The virus gains control when the system is booted.

  34. How Antivirus software works? • Detect using a list of virus signature definitions • comparing the files stored on fixed or removable drives (hard drives, floppy drives), against a database of known virus "signatures".

  35. How Antivirus software works? • Heuristic detection: • Use a heuristic algorithm to find viruses based on common behaviors • Looks for code which is similar to known viruses • Or monitor suspicious activities • Attemting to write to system files or boot records.

  36. How Antivirus software works? • File size changes: • Are monitored • Difficult to detect cavity viruses as the file size will not necessarily change.

  37. How Antivirus software works? • Some anti-virus programs gives you a real time protection • Examin files as they are being opened, downloaded, copied, accessed, and transmitted etc

  38. How Antivirus software works? • They need regular updates • in order to gain knowledge about the latest threats

  39. Damage prevention & data recovering • Take regular backups (including OS) on different media, unconnected to the system (most of the time) How to prevent damages caused by viruses?

  40. Keep your computer Virus free • Install reliable anti-virus software • the most important step you can take towards keeping your computer clean of viruses • Update your anti-virus software regularly • variations of viruses and new ones can be slipped if your software is not current

  41. Keep your computer Virus free • Get immediate protection • Configure your anti-virus software to boot automatically on start-up and run at all times

  42. Keep your computer Virus free • Don't automatically open attachments • ensure that you examine and scan email and other attachments before they run as they might contain viruses • Activate macro virus protection in your word processor • Check security setting in your web browser. • Scan all incoming email attachments • Do not open any email attached files if the subject line is questionable, unexpected or the source (address) is unknown, suspicious or untrustworthy

  43. Keep your computer Virus free • Delete chain emails and junk email • Do not forward or reply to any of them, they clogs up the network • Some viruses can replicate themselves and spread through email as a chain

  44. Symptoms of virus infections • Delay in start up, loading files and programs • Increase in program size files • Shortage of disk space or memory • New file names or file dates/times • Files deleted unexpectedly • Computer crashes • Message or images appearing on the screen • Ms-word macro protection warns that a file contains macros. • Anti-virus software reports a virus

  45. Summary • Computer network are vulnerable • Methods used by hacker to gain unauthorised access • Viruses • Different type of viruses • How do viruses infect computers • Methods used by anti-virus software • Symptoms of virus infection • Steps to take to protect your computer from viruses

  46. Resources • Symantec Anti-virus centre • http://www.symantec.com/avcentre • Centre for computing and social Responsibility (CCSR) • http://www.ccsr.cse.dmu.ac.uk • CERT: Centre at Carnegie-Mellon University USA • http://www.cert.org • Risks forum: online discussion about security issues • http://catless.ncl.ac.uk/Risks • CIAC: site hosted by US Dept of Energy • Dealing with hoax virus alerts • http://hoaxbusters.ciac.org • Microsoft: • http://www.microsoft.com/technet

  47. Next week • We will talk about how to prepare for your exam. • What you need to know from each chapter • With some exercises • And possibly some old exam questions • Give you a list of things you need to revise on the holiday period

More Related