Anti Hacker Poetry in the Mac OS X • Your karma check for today: There once was a user that whined/ his existing OS was so blind/ he'd do better to pirate/ an OS that ran great/ but found his hardware declined./ Please don't steal Mac OS!/ Really, that's way uncool./ (C) Apple Computer, Inc."
Automated Attack VectorsViruses • A computer program file capable of attaching to disks or other files • Necessary characteristics of a virus: • It is able to replicate • It requires a host program as a carrier • It is activated by external action
Automated Attack VectorsViruses: Polymorphic viruses • Creates copies during replication that are functionally equivalent but have distinctly different byte streams • Randomly insert superfluous instructions • Interchange order of independent instructions • Use encryption schemes • This variable quality makes difficult to locate, identify, or remove
Automated Attack VectorsWorms • A self-replicating computer program, similar to a virus • A virus attaches itself to, and becomes part of, another executable program • A worm is self-contained and does not need to be part of another program to propagate itself • The Robert Morris Worm • Written at Cornell • Released at MIT • Fixed at Harvard
Automated Attack VectorsWorms • Necessary characteristics of a worm: • It is able to replicate without user intervention • It is self-contained and does not require a host • It is activated by creating process • If it is a network worm, it can replicate across communication links • Some customers like to distinguish between worms that use buffer overruns to propagate and those that use e-mail
Automated Attack VectorsWorms: Examples • SQL Slammer • Blaster • MyDoom • Sasser
Automated Attack VectorsBots • Derived from the word Robot • Program designed to search for information Internet with little human intervention • Search engines, such as Yahoo and Altavista, typically use bots to gather information for their databases
Automated Attack VectorsBots • Bots analogous to agent • Typically an exe • Bots are not exploits themselves • They are payloads delivered by worms, viruses and hackers • Installed after compromise • Infect system and maintain access for attackers to control them • Botnets – thousands of system controlled
Automated Attack VectorsBots • Thousands of highly configurable bot packages available on Internet • Usually between 10,000-100,000 machines • Some at 350,000 • Some in the millions
Automated Attack VectorsBots: uses • DDoS attacks • Information theft • keyboard logging, network monitoring, etc • Warez i.e. host illegal data • Pirated software, movies, games, etc.
Automated Attack VectorsTrojans • Term borrowed from Greek history • Malicious program disguised as something benign • Screen saver, game, etc. • exe, com, vbs, bat, pif, scr, lnk, js, etc. • It seems to function as user expects
Automated Attack VectorsTrojans • May or may not appear in process list • May install a backdoor • Generally spread through e-mail and exchange of disks and files • Worms also spread Trojan horses, IRC channels, P2P applications, porn sites, etc.
Vulnerability Reported • Is the reported problem really a vulnerability? A security vulnerability is a flaw in a product that makes it infeasible – even when using the product properly – to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asp
How To Protect Your PC • Three primary ways to exploit you: • Weak passwords • Unpatched vulnerabilities • Social Engineering
How To Protect Your PCUse Complex Passwords • At least eight characters long • Does not contain all or part of user's account name • Contain characters from three of following four categories: • English uppercase characters (A through Z) • English lowercase characters (a through z) • Base-10 digits (0 through 9) • Non-alphanumeric (for example, !, $, #, %) extended ASCII, symbolic, or linguistic characters
How To Protect Your PCOther Options • Use a pass phrase instead of password • Use non-English words in password • Rename accounts including Administrator account
How To Protect Your PCSocial Engineering • Do not open e-mail from people you don’t know • Do not open e-mail attachments • Do not follow URLs sent in e-mail • Do not go to web sites that you cannot trust
Biometrics 101 (cont) Required System Components • A biometric authentication device is made up of three components: • A database of biometric data. • Input procedures and devices. • Output and graphical interfaces.
Identification Vs. Verification • In identification, the system then attempts to find out who the sample belongs to, by comparing the sample with a database of samples in the hope of finding a match (this is known as a one-to-many comparison). "Who is this?" • Verification is a one-to-one comparison in which the biometric system attempts to verify an individual's identity. "Is this person who he/she claims to be?"
Human trait examples used in Biometrics • FingerprintsA fingerprint looks at the patterns found on a fingertip. There are a variety of approaches to fingerprint verification. Ex. traditional police method of matching minutiae; others use straight pattern-matching devices; verification approaches can detect when a live finger is presented; some cannot. • Hand GeometryHand geometry involves analyzing and measuring the shape of the hand. This biometric offers a good balance of performance characteristics and is relatively easy to use. It might be suitable where there are more users or where users access the system infrequently and are perhaps less disciplined in their approach to the system.
Encryption Plaintext Ciphertext Plaintext Encryption Decryption • Cryptography: art and science of keeping messages secure • Cryptanalysis: art and science of breaking ciphertext • Cryptology: area of mathematics that covers both
Encryption continued • If • M=the plaintext message • C=the encrypted ciphertext • E=encryption algorithm • D=decryption algorithm • Then • E(M)=C • D(C)=M • D(E(M))=M
Algorithms and Keyspaces • The cryptographic algorithm (cipher) is a mathematical function used for encryption and decryption • Security based on restriction to internals of algorithm • But • If someone leaves group • Someone buys algorithm • Problems of restricted algos solved with using keys
Keys • Any one of a large number of values • The total possible set of keys is called the keyspace • The encryption and decryption is dependent on key • So • EK(M)=C • DK(C)=M • DK(EK(M))=M • What does this mean? • DK2(EK1(M))=M
Private vs. Public Key Encryption symmetric asymmetric
Symmetric vs. Asymmetric algorithms • Symmetric • Typically use the same key for encryption and decryption • Sender and receiver must agree to secret key before sending message • Asymmetric • Key for encryption is different from one for decryption • Encryption key can be made public • Decryption key is private • Sometimes called public key encryption
Cryptanalysis • Recovering the plaintext without the key (an attack) • All secrecy resides in the key • Types of attack • Ciphertext-only attack • Known-plaintext attack • Chosen-plaintext attack • Adaptive-chosen-plaintext attack • Rubber-hose attack • Purchase-key attack
Public Key Infrastructure • Involves hardware, software, data transport mechanism, smart cards, governing policies and protocols • Requires services of • Registration Authority • Certificate Authority • Data Repositories
Digital Signatures • Consists of two pieces of information • the data being transmitted • The private key of the individual or organization sending the data • The private key acts as a digital signature to verify that the data is from the stated source
Transaction Security • Secure Socket Layer (SSL) • Uses the SSL in the TCP/IP model • Creates a secure negotiated session between client and server • Secure Negotiated Session • All communication between client and server is encrypted • URL, credit card number, cookies, attached documents • Agree upon a symmetric session key • Used for only one session and then destroyed
Multi-layered Network Security Technology Solutions DATA Technology Solutions Organizational Policies Industry and Legal Standards