1 / 26

Right Now, At this Very M oment, Your Computer is Infected

Right Now, At this Very M oment, Your Computer is Infected. November 8 | Froms Bits to RSA Dongles: An Introduction to IT Security. s tart with bits and bytes. bit: ( b inary dig it ) bit

king
Télécharger la présentation

Right Now, At this Very M oment, Your Computer is Infected

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Right Now, At this Very Moment, Your Computer is Infected November 8 | Froms Bits to RSA Dongles: An Introduction to IT Security

  2. start with bits and bytes • bit: (binary digit) bit • The basic unit of information in computing, the amount of information stored by a digital device in one of two possible distinct states, not 1 and 2, off/on • digital value of 1 = positive voltage, up to 5 volts • digital value of 0 = 0 volts • 8 bits = 1 byte, usually, but depends on hardware • byte: the number of bits needed to encode a single character of text in a computer

  3. from binary # to letters

  4. 01110000 = p 01101001 = i 01111010 = z 01111010 = z 01100001 = a

  5. data and packets • data: binary files, 01010010010010010 … etc. • packet: a unit of data • from binary to text or image • packet: control information and payload • control information: data the network needs to deliver the payload, ex. address, error control • payload: the content of your “digital letter” • From files to programs and applications

  6. OSI model

  7. OSI model

  8. computer virus A Windows-based, backdoor Trojan horse • A program that can replicate itself and spread • With reproductive ability • Must attach itself to an existing program • Will typically corrupt or modify files on targeted computer • Malware, a more general term to include: viruses, computer worms (causing network harm), Trojan horses (appear benign), rootkits, spyware, adware, etc.

  9. virus transmission • Viruses have targeted various types of transmission media or hosts. This list is not exhaustive: • Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, the Mach-O format in OSX, and ELF files inLinux) • Volume Boot Records of floppy disks and hard disk partitions • The master boot record (MBR) of a hard disk • General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms). • Application-specific script files (such as Telix-scripts) • System specific autorun script files (such as Autorun.inf file needed by Windows to automatically run software stored on USB Memory Storage Devices). • Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files) • Cross-site scripting vulnerabilities in web applications (see XSS Worm) • Arbitrary computer files. An exploitable buffer overflow, format string, race condition or other exploitable bug in a program which reads the file could be used to trigger the execution of code hidden within it. Most bugs of this type can be made more difficult to exploit in computer architectures with protection features such as an execute disable bit and/or address space layout randomization.

  10. from binary to decimal 216

  11. 0 65535

  12. ports • A port is an application–specific or process-specific software construct serving as a communications endpoint in a computer’s host operating system, part of the Internet Protocol suite system • Example: HTTP:80 | SMTP:25 | DHCP:68 (client) • Ports are numbered from 0 to 65535 • Equivalent to 65536 ways into your computer • Introducing netstatwhat your computer is doing with ports • netstat –a active connections • netstat–help switches and [interval]

  13. common ports • 21: File Transfer Protocol (FTP) • 22: Secure Shell (SSH) • 23: Telnet remote login service • 25: Simple Mail Transfer Protocol (SMTP) • 53: Domain Name System (DNS) service • 80: Hypertext Transfer Protocol (HTTP) World Wide Web • 110: Post Office Protocol (POP) • 119: Network News Transfer Protocol (NNTP) • 143: Internet Message Access Protocol (IMAP) • 161: Simple Network Management Protocol (SNMP) • 443: HTTP Secure (HTTPS)

  14. the “brangelina” of ports • internet: network of networks, millions of networks • web: systemof interlinked hypertext documents • port: 80 • Try it:http://www.techcomfort.com:81 • Try it:http://www.techcomfort.com:80

  15. Port scan your computer using an on-line tool. • http://viewdns.info/portscan • Port scan your computer using an on-line tool. • http://viewdns.info

  16. ports • Dean Brady has just instructed us via secure e-mail? to construct a device to combat the “port” menace and make GSPP computers safe for policy analysis. What can we do?

  17. firewalls • A device or set of devices designed to permit or deny network transmissions • Based on a set of rules • Allowing legitimate communications • Blocking unauthorized access • Network address translation, (NAT) to hide real IP address • Datacenter rules

  18. private networks • Private addresses are commonly used in corporate networks, which for security reasons, are not connected directly to the Internet • Private addresses are seen as enhancing network security for the internal network, since it is difficult for an Internet host to connect directly to an internal system.

  19. anti-virus software • A program used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worms, trojan horses, spyware and adware • Many viruses have a signature; detection of a virus involves searching for known patterns • But what about viruses for which no signature currently exists? • Current anti-virus software is not good enough to stop the bad guys 

  20. malware • Viruses have gone into stealth-mode • Malwarebytes’ Anti-Malware • Download, install and run • What do you find? • Not enough…

  21. ex. RSA attacked • The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read “2011 Recruitment Plan.” • The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls. • The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). • The next step in a typical Advanced Persistent Threat (APT) is to install some sort of a remote administration tool that allows the attacker to control the machine.  In our case the weapon of choice was a Poison Ivy variant set in a reverse-connect mode that makes it more difficult to detect, as the PC reaches out to the command and control rather than the other way around.

  22. RSA, not the only ones • The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.

  23. RSA, not the only ones • 302-DIRECT-MEDIA-ASN8e6 Technologies, Inc.AAPT AAPT LimitedABBOTT Abbot LabsABOVENET-CUSTOMER – Abovenet Communications, IncACCNETWORKS – Advanced Computer ConnectionsACEDATACENTERS-AS-1 – Ace Data Centers, Inc.ACSEAST – ACS Inc.ACS-INTERNET – Affiliated Computer ServicesACS-INTERNET – Armstrong Cable ServicesADELPHIA-AS – Road Runner HoldCo LLCAdministracionNacional de TelecomunicacionesAERO-NET – The Aerospace CorporationAHP – WYETH-AYERST/AMERICAN HOME PRODUCTSAIRLOGIC – Digital Magicians, Inc.AIRTELBROADBAND-AS-AP BhartiAirtel Ltd., Telemedia ServicesAIS-WEST – American Internet Services, LLC.AKADO-STOLITSA-AS _AKADO-Stolitsa_ JSCALCANET Corporate ALCANET AccessALCANET-DE-AS Alcanet International Deutschland GmbHALCATEL-NA – Alcanet International NAALCHEMYNET – Alchemy Communications, Inc.Alestra, S. de R.L. de C.V.ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd.,Alliance Gateway AS,Broadband Services Provider,Kolkata,IndiaALMAZAYA Almazaya gateway L.L.CAMAZON-AES – Amazon.com, Inc.AMERITECH-AS – AT&T Services, Inc.AMNET-AU-AP Amnet IT Services Pty LtdANITEX-AS AnitexAutonomus SystemAOL-ATDN – AOL Transit Data NetworkAPI-DIGITAL – API Digital Communications Group, LLCAPOLLO-AS LATTELEKOM-APOLLOAPOLLO-GROUP-INC – University of PhoenixAPT-AP ASARLINGTONVA – Arlington County Government • ARMENTEL Armenia Telephone CompanyAS INFONETAS3215 France Telecom – OrangeAS3602-RTI – Rogers Cable Communications Inc.AS4196 – Wells Fargo & CompanyAS702 Verizon Business EMEA – Commercial IP service provider in EuropeASATTCA AT&T Global Network Services – APASC-NET – Alabama Supercomputer NetworkASDANIS DANIS SRLASGARR GARR Italian academic and research networkASIAINFO-AS-AP ASIA INFONET Co.,Ltd./ TRUE INTERNET Co.,Ltd.ASIANDEVBANK – Asian Development BankASN852 – Telus Advanced CommunicationsAS-NLAYER – nLayer Communications, Inc.ASTOUND-CABLE – Wave Broadband, LLCAT&T Global Network Services – EMEAAT&T USATMAN ATMAN Autonomous SystemATOMNET ATOM SAATOS-AS ATOS Origin Infogerance Autonomous SystemATT-INTERNET4 – AT&T Services, Inc.AUGERE-AS-AP Augere Wireless Broadband Bangladesh LimitedAVAYA AVAYAAVENUE-AS Physical person-businessman Kuprienko Victor VictorovichAXAUTSYS ARAX I.S.P. • 302-DIRECT-MEDIA-ASN8e6 Technologies, Inc.AAPT AAPT LimitedABBOTT Abbot LabsABOVENET-CUSTOMER – Abovenet Communications, IncACCNETWORKS – Advanced Computer ConnectionsACEDATACENTERS-AS-1 – Ace Data Centers, Inc.ACSEAST – ACS Inc.ACS-INTERNET – Affiliated Computer ServicesACS-INTERNET – Armstrong Cable ServicesADELPHIA-AS – Road Runner HoldCo LLCAdministracionNacional de TelecomunicacionesAERO-NET – The Aerospace CorporationAHP – WYETH-AYERST/AMERICAN HOME PRODUCTSAIRLOGIC – Digital Magicians, Inc.AIRTELBROADBAND-AS-AP BhartiAirtel Ltd., Telemedia ServicesAIS-WEST – American Internet Services, LLC.AKADO-STOLITSA-AS _AKADO-Stolitsa_ JSCALCANET Corporate ALCANET AccessALCANET-DE-AS Alcanet International Deutschland GmbHALCATEL-NA – Alcanet International NAALCHEMYNET – Alchemy Communications, Inc.Alestra, S. de R.L. de C.V.ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd.,Alliance Gateway AS,Broadband Services Provider,Kolkata,IndiaALMAZAYA Almazaya gateway L.L.CAMAZON-AES – Amazon.com, Inc.AMERITECH-AS – AT&T Services, Inc.AMNET-AU-AP Amnet IT Services Pty LtdANITEX-AS AnitexAutonomus SystemAOL-ATDN – AOL Transit Data NetworkAPI-DIGITAL – API Digital Communications Group, LLCAPOLLO-AS LATTELEKOM-APOLLOAPOLLO-GROUP-INC – University of PhoenixAPT-AP ASARLINGTONVA – Arlington County Government • ARMENTEL Armenia Telephone CompanyAS INFONETAS3215 France Telecom – OrangeAS3602-RTI – Rogers Cable Communications Inc.AS4196 – Wells Fargo & CompanyAS702 Verizon Business EMEA – Commercial IP service provider in EuropeASATTCA AT&T Global Network Services – APASC-NET – Alabama Supercomputer NetworkASDANIS DANIS SRLASGARR GARR Italian academic and research networkASIAINFO-AS-AP ASIA INFONET Co.,Ltd./ TRUE INTERNET Co.,Ltd.ASIANDEVBANK – Asian Development BankASN852 – Telus Advanced CommunicationsAS-NLAYER – nLayer Communications, Inc.ASTOUND-CABLE – Wave Broadband, LLCAT&T Global Network Services – EMEAAT&T USATMAN ATMAN Autonomous SystemATOMNET ATOM SAATOS-AS ATOS Origin Infogerance Autonomous SystemATT-INTERNET4 – AT&T Services, Inc.AUGERE-AS-AP Augere Wireless Broadband Bangladesh LimitedAVAYA AVAYAAVENUE-AS Physical person-businessman Kuprienko Victor VictorovichAXAUTSYS ARAX I.S.P. BACOM – Bell CanadaBAHNHOF Bahnhof ABBALTKOM-AS SIA _Baltkom TV SIA_BANGLALINK-AS an Orascom Telecom Company, providing GSM service in BangladeshBANGLALION-WIMAX-BD Silver Tower (16 & 18th Floor)BANKINFORM-AS UkraineBASEFARM-ASN Basefarm AS. Oslo – NorwayBBIL-AP BHARTI Airtel Ltd.BBN Bredbaand Nord I/SBC-CLOUD-SERVICESBEAMTELE-AS-AP Beam Telecom Pvt LtdBEE-AS JSC _VimpelCom_BELINFONET Belinfonet Autonomus System, Minsk, BelarusBELLSOUTH-NET-BLK – BellSouth.net Inc.BELPAK-AS BELPAKBELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue)BENCHMARK-ELECTRONICS – Benchmark Electronics Inc.BEND-BROADBAND – Bend Cable Communications, LLCBEZEQ-INTERNATIONAL-AS Bezeqint Internet BackboneBIGNET-AS-ID Elka Prakarsa Utama, PTBLUEWIN-AS Swisscom (Schweiz) AGBM-AS-ID PT. Broadband Multimedia, TbkBN-AS Business network j.v.BNSF-AS – Burlington Northern Sante Fe Railway CorpBNT-NETWORK-ACCESS – Biz Net TechnologiesBORNET Boras Energi Nat ABBREEZE-NETWORK TOV TRK _Briz_BSC-CORP – Boston Scientific CorporationBSKYB-BROADBAND-AS BSkyB BroadbandBSNL-NIB National Internet BackboneBT BT European BackboneBT-ITALIA BT Italia S.p.A.BTN-ASN – Beyond The Network America, Inc.BTTB-AS-AP Telecom Operator & Internet Service Provider as wellBT-UK-AS BTnet UK Regional network CABLECOM Cablecom GmbHCABLE-NET-1 – Cablevision Systems Corp.CABLEONE – CABLE ONE, INC.CABLEVISION S.A.CACHEFLOW-AS – Bluecoat Systems, Inc.CANET-ASN-4 – Bell Aliant Regional Communications, Inc.CANTV Servicios, VenezuelaCAPEQUILOG – CapEquiLogCARAVAN CJSC Caravan-TelecomCARRIER-NET – Carrier NetCATCHCOM VenteloCCCH-3 – Comcast Cable Communications Holdings, IncCDAGOVN – Government Telecommunications and Informatics ServicesCDS-AS Cifrovye Dispetcherskie Sistemy

  24. command and control

  25. conclusions • Google and RSA aren’t safe, and you aren’t either • But there are lots of targets, so minimize your footprint, make yourself a more difficult target • Run anti-virus with real-time protections, whatever the vendor • Run anti-malware • Use a firewall, or multiple firewalls, hardware and software • Use network address translation (NAT) • Make backups, so you can rebuild, if necessary

  26. next time:SQL Quiz, IT Security (continued) and Final Projects Planning • Case Study: Distributed Denial: the Tech of Cyber Attack in the Russo-Georgian Conflict of August 2008

More Related