1.23k likes | 1.37k Vues
Computer Security. Jim Crowley C3 – Crowley Computer Consulting. Apologies. This is long haired, geeky stuff. This is long and boring. This is version 1. The analogies between safe sex and safe computing cannot be ignored. It is getting very difficult to protect older systems.
E N D
Computer Security Jim Crowley C3 – Crowley Computer Consulting
Apologies • This is long haired, geeky stuff. • This is long and boring. • This is version 1. • The analogies between safe sex and safe computing cannot be ignored. • It is getting very difficult to protect older systems. • Too slow and not enough memory for security programs. • No new patches older than Windows 2000. • This is meant to scare the *#$^ out of you.
Various services run over the Internet • World Wide Web • Email • Instant Messaging • Peer to Peer sharing • Voice over IP phones • Gaming • Gopher • Audio streaming • Video streaming • The Internet was designed for enhancement. • It was not designed for this level of complexity. • IE. The easiest way to prevent spam is to authenticate the sender. Email has no method to do this.
IE. World Wide Web HTML XML Java JavaScript Flash Perl ColdFusion VBScript` .Net ActiveX SHTML And more!!! Services have multiple methods of encoding and delivery
IE. Instant Messaging AOL Google ICQ Microsoft Yahoo And more!!! Services have multiple methods of encoding and delivery
You invite these services in… Gaming Peer to Peer Sharing Email Instant Messaging Voice over IP phones Audio streaming Gopher World Wide Web Video streaming
…it was hard and relatively expensive to “get online.” …it was slow. Do you remember 300Bps and 1200Bps modems? …the web didn’t exist! Do you remember CompuServe and Prodigy and AOL? …it was geeky! Users were hobbyists and it was all very 60s. Exploits were confined to bugging your buddy and showing off! The good old days…
Now.. • Everyone is online! • Over 50% of users in the USA are on broadband. • Exploits are • Dirty rotten @#*!!! • Money making schemes and ripping off grandma • Organized crime
Virus Worms Trojan horse Spyware Spam Phishing Common attacks
All of these types of attacks are man-made and intentional. There is no “natural” or “random” virus. All of these ride the Internet services you invite in! Different companies and organizations Will group attacks differently. Will name attacks differently. Did you know…
Software designed to infiltrate or damage a computer system without the owner's informed consent. Originally harmless pranks or political messages, now have evolved into profit makers. Include viruses, worms and Trojan horses. Malware
a program or piece of code that is loaded onto your computer (without your knowledge and against your wishes), that (generally) replicates itself and (generally) delivers a payload. 1972 Malware: Virus
Virus • In the days of yore… • Who: typical author is young, smart and male • Why: looking to fight the status quo, promote anarchy, make noise or simply show off to their peers. There is no financial gain to writing viruses. • Now… • Who: professional coders or programmers using “kits” • Why: financial gain by email delivery payments, renting of botnets, extortion… • Often supported by mafia and black marketers.
Virus structure • Replication: viruses must propagate themselves • Payload: the malicious activity a virus performs when triggered. • Payload trigger: the date or counter or circumstances present when a virus payload goes off.
Payload examples • Nothing - just being annoying • Displaying messages • Launching DDoS attack • Erasing files randomly, by type or usage • Formatting hard drive • Overwrite mainboard BIOS • Sending email • Expose private information
Trigger examples • Date • Internet access • # emails sent
Boot sector virus • infects the first sector of a hard drive or disk. The first sector contains the MBR or master boot record.
File infector virus • attaches itself to a file on the computer and is executed when that application is opened.
Multipartite • combines properties of boot sector and file infector viruses.
Macro virus • virus written using script or macro languages such as Microsoft Office’s VBA, executes when a document containing the virus is opened.
Memory resident • virus that sits continuously in memory to do its work, often making it more difficult to clean. Most viruses now are memory resident.
Stealth virus • a virus that actively hides from anti-virus programs by altering it’s state or hiding copies of itself or replacing needed files.
Polymorphic virus • a virus that alters its signature or footprint, to avoid detection.
Metamorphic virus • A virus that rewrites its code each time a new executable is created. • Usually very large.
Malware: Worm • A self-replicating computer program that uses networks to copy itself to other computers without user intervention. • They often lack a payload of their own but drop in backdoor programs. • 1978
Malware: Trojan • A destructive program that masquerades as a benign application, it requires a user to execute it. • A variety of payloads are possible, but often they are used to install backdoor programs. • Generally, trojans do not replicate. • 1983
Spyware • Application installed, usually without the user’s knowledge, intercepting or taking partial control for the author’s personal gain • Estimates as high as 90% of Internet connected computers are infected with spyware. • Unlike a virus does not self-replicate.
Spyware: symptoms • Sluggish PC performance • An increase in pop-up ads • Mysterious new toolbars you can’t delete • Unexplained changes to homepage settings • Puzzling search results • Frequent computer crashes
Spyware: rogue help • Antivirus Gold Family • Adware Delete • SpyAxe • Antivirus Gold • SpywareStrike • PS Guard Family • Security Iguard • Winhound • PSGuard • SpywareNO! • SpyDemmolisher • SpySheriff • SpyTrooper • SpywareNO! • Raze Spyware • RegFreeze • WinAntiSpyware 2005 • WorldAntiSpy
Spyware: rogue help • This morning…
Spyware: Adware • Any software package which automatically plays, displays or downloads advertising material to a computer • Not necessarily “spyware” depending on your definitions • Many “free” applications install adware, creating a source of income. • Is it spyware? • http://www.symantec.com/enterprise/security_response/threatexplorer/risks/index.jsp
Spyware: Backdoors • Backdoor = Remote Access • A method of bypassing normal authentication or securing remote access while remaining hidden from casual inspection. • May be an installed program (IE. Back Orifice) or a modification to an existing application (IE. Windows’ Remote Desktop).
Spyware: Browser hijacker • Alters your home page and may redirect other requested pages, often away from helpful sites. • Generally add advertising, porn, bookmarks or pay-per-surf web sites.
Spyware: Dialers • Program that uses a computer’s modem to dial out to a toll number or Internet site • 900 numbers • Phone system flood attack • Can rack up huge phone bills! Often running to international numbers in the Caribbean.
Spyware: Downloaders • Application designed to download and possibly install another application. Sometimes, they may receive instructions from a web site or another trigger. • Also a typical form of Trojans.
Spyware: Rootkits • A type of Trojan that gives an attacker access to the lowest level of the computer, the root level. • Removing rootkits can be very difficult to impossible. • Microsoft’s recommendation to remove rootkits from Windows Xp was to reformat the hard drive and start over! Sometimes this is the only option. • Have been used for “legitimate” purposes, • Sony used for digital rights management licensing on music CDs, system was shown to have security holes, possibly giving up root access to an attacker.
Spyware: Scrapers • Extracting data from output to the screen or printer rather than from files or databases that may be secure. • Legitimate and illegitimate applications. • Temp files are often a great source of information!
Spyware: Tracking cookies • A small amount of data sent back to the requesting website by your browser. They may be temporary or persistent, first or third party. • Cookies are not bad and make browsing life better! • Third party cookies are used to track surfing habits and you may want to disable them. weather.com TRUE / FALSE 1218399413 LocID 13669
Keylogger • A software application or hardware device that captures a user’s keystrokes for legitimate or illegitimate use. • Bad keyloggers will store information for later retrieval or spit the captured information to an email address or web page for later analysis.
Social Engineering • Tricking a user into giving or giving access to sensitive information in order to bypass protection.
Social Engineering: pretexting • Creating a scenario to persuade a target to release information done over the phone. • Often use commonly available information like social security numbers or family names to gain access to further information.
Social engineering: phishing • Creating a scenario to persuade a target to release information done via email. • Often use commonly available information like social security numbers or family names to gain access to further information.
Social engineering: more • Road apple: using an infected floppy, CD or USB memory key in a location where someone is bound to find and check it through simple curiosity. • Quid pro quo: targeting corporate employees as “tech support” until some actually has a problem and “allows them to help.”