1 / 41

Is Your Computer Safe?

Is Your Computer Safe?. Susan Lincke Assoc Prof Computer Science UW-Parkside. History of Cyber-Security. Surveillance State Information Warfare Cyber Crime Hacktivism Vandalism Experimentation. Experimentation. Cracker: Computer-savvy programmer creates attack software.

sandys
Télécharger la présentation

Is Your Computer Safe?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Is Your Computer Safe? Susan Lincke Assoc Prof Computer Science UW-Parkside

  2. History of Cyber-Security • Surveillance State • Information Warfare • Cyber Crime • Hacktivism • Vandalism • Experimentation

  3. Experimentation Cracker: Computer-savvy programmer creates attack software Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Script Kiddies: Unsophisticated computer users execute programs Malware package=$1K-2K

  4. Malware Program A • A virus attaches itself to a program, file, or disk • When executed, the virus activates, replicates • Malware Infection Rates: • Web: 1 in 532 • E-mail: 1 in 291 • 40% of data breaches Extra Code infects Program B

  5. Worm • Independent program sends copies of itself from computer to computer across networks To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu

  6. Social Engineering - Phishing • Social engineering manipulates people into performing actions or divulging confidential information. 29% of Breaches Phone Call: This is John, the System Admin. What is your password?

  7. Pharming = fake web pages The fake web page looks like the real thing Extracts account information

  8. Man in the middle attack • An attacker pretends to be your final destination on the network. • The attacker may look like a strong WLAN access point. • 1% of hacking attacks

  9. Rootkit After penetration, hacker installs a rootkit • Eliminates evidence of break-in • Modifies the operating system • Rate of infection/malware • Rootkit: 39% • Backdoor: 66% • Keystroke logger: 75% Backdoor entry Keystroke Logger Hidden user

  10. History of Cyber-Security • Surveillance State • Information Warfare • Cyber Crime • Hacktivism • Vandalism • Experimentation Anonymous • Political causes, e.g.: • Middle East Democracy • WikiLeaks • Mexican Miner’s rights • Bad ways, e.g.: • Web defacement • DDOS attacks on Visa, MasterCard, MPAA • Computer hacking • 2% of external breaches

  11. Botnet • Cross international boundaries • Distributed Denial of Service: Attack web pages • $100 per 1000 infected computers • Command & Control: 51% of malware attacks

  12. History of Cyber-Security • Surveillance State • Information Warfare • Cyber Crime • Hacktivism • Vandalism • Experimentation Target: Finance, Retail, Food • 55% of external breaches Cost of Credit Card Numbers: • U.S.: $10 • European: $50 • Bulk: $1 or more

  13. Keystroke Logger • Silently tracks the keys you enter • Sends credit card info, password to the criminal • You see unusual charges on credit card statement • 75% of Malware

  14. trojan horse • Trojan Horse: Masquerades as beneficial program • The Zeus Trojan: Infected millions of computers • Mostly in the U.S. and often via Facebook • 2007 - today: top 5 malware problems • Steals bank passwords and empties accounts • Can impersonate a bank website

  15. War Driving & Hacking • Gonzalez cracked and exposed over 170 million credit card numbers • Stole from: Barnes & Noble, Boston Market, OfficeMax, Sports Authority, TJ Maxx, Dave & Buster’s, Marshall’s, Heartland Payment Systems, 7-Eleven, and Hannaford Brothers • Sentenced to 20 years prison, 2009 • Followed by 3 years supervised release • 2003 arrested & released: became informant to Secret Service

  16. ATM - Point of Sale: Credit Card Fraud • Skimmers used at ATMs, gas stations, stores. • Skimmers make up 91% of physical security attacks (35%) • Skimmers match color of bank ATMs • Manufactured in bulk, by 3D printers • Check for loose parts; hide PIN • Gonzalez encode PINs onto debit card magnetic strips

  17. Ransomware • You are infected. Buy antivirus. • You’ve stored underage pornography. Pay a fine or go to jail. -FBI • CryptoLocker: Your disk has been encrypted. Pay to decrypt. • Pay in 72 hours or else… • Backup can be corrupted – MS Shadow • Swansea, Massachusetts Police paid $750

  18. Password Cracking:Dictionary Attack & Brute force

  19. History of Cyber-Security • Surveillance State • Information Warfare • Cyber Crime • Hacktivism • Vandalism • Experimentation 2010 Stuxnet worm, • Developed by U.S., Israel • Hit Iranian nuclear power plants • damaged nearly 1000 centrifuges • nearly 1/5 of those in service • Iran attacked American banks, oil companies

  20. information Warfare • Next wars will be computer attacks to power, water, financial systems, military systems, etc • Cyberweapons are MUCH cheaper than military • Causes as much damage • High priority: Protecting utilities, infrastructure • New black market in 0-day attacks. • Governments pay more > $150,000/bug • Govts. include Israel, Britain, India, Russia, Brazil, North Korea, Middle Eastern countries, U.S. • New hacking firms openly publicize products

  21. History of Cyber-Security • Surveillance State • Information Warfare • Cyber Crime • Hacktivism • Vandalism • Experimentation • 21% external breaches: State affiliated • 96% from China

  22. China – IPR Theft • People’s Liberation Army targets manufacturing, research, military aircraft • NY Times fought off China for 4 months • Who gave info on P.M. Wen Jiabo? • 45 mostly-new malware • Attacked from 8 AM-midnight China time • Stole all passwords; hacked 53 PCs • Discussed repeatedly at Pres. Level • China says U.S. guilty (Snowden)

  23. Snowden Releases… • NSA has requested/manipulated: • Water down encryption • Install backdoors in software • Collect communication data • Verizon, Google, Yahoo, Microsoft and Facebook were coerced into …? • Gag orders prevent companies from speaking • Yahoo/Google: nearly 200 million records, Dec 2012 • Includes email metadata (headers) and content

  24. LavaBit • Provided secure email services…including to Edgar Snowden • FBI wanted Software, Private Key and Passwords for ALL clients • LadarLevison: “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.” • Effect: Buyers wary of products from surveillance-state/info warfare countries

  25. Is Your Computer Safe? • Yes • No

  26. Is Your Computer Safe? • Yes • No “The confidence that people have in security is inversely proportional to how much they know about it.” -Roger Johnston

  27. Recognizing a break-in or compromise • Symptoms: • Antivirus software detects a problem • Pop-ups suddenly appear (may sell security software) • Disk space disappears • Files or transactions appear that should not be there • System slows down to a crawl • Stolen laptop (1 in 10 stolen in laptop lifetime) • Often not recognized

  28. Malware detection • (Additional) Spyware symptoms: • Change to your browser homepage/start page • Searches end up on a strange site • Firewall turns off automatically • Lots of network activity while not particularly active • New icons, programs, favorites which you did not add • Frequent firewall alerts about unknown programs trying to access the Internet • Often not recognized

  29. Safe & Secure User practices

  30. Anti-virus / anti-spyware:For PC, Tablet, SmartPhone • Anti-virus software detects malware and can remove it before damage is done • Install, keep anti-virus software updated • Anti-virus is important but limited in capability

  31. avoid social engineering & malicious software • Do not open email attachments unless • you expect the email with attachment • you trust the sender • Do not click on links in emails unless you are absolutely sure of their validity • Only visit and/or download software from web pages you trust

  32. Use a Firewall Web Response Illegal Dest IP Address Email Response Web Request SSH Connect Request DNS Request Web Response Ping Request Illegal Source IP Address Email Response FTP request Microsoft NetBIOS Name Service Email Connect Request Telnet Request

  33. Protect Your Operating System • Microsoft regularly issues updates to fix security problems • Windows Update should automatically install updates. • Avoid logging in as administrator

  34. Creating a good password Merry Christmas Bad Password (Lengthen) Merry Xmas MerryChrisToYou (Synonym) (Intertwine Letters) MerryJul (convert vowels to numeric) (Abbreviate) MaryJul MerChr2You (Keypad shift Right …. Up) MXemrarsy Glad*Jes*Birth M5rryXm1s Mary*Jul Good Password ,rttuc,sd J3446sjqw mErcHr2yOu

  35. Creating a good password

  36. Access Control: Mandatory vs. Role-Based

  37. Security Access Token

  38. Kind-oF Secure online banking & business • Always use secure browser to do online purchasing • Never use a Debit card on-line. • Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security

  39. Back-up important information • Disappearing info: Malware, ransomware, disk failure, … • What information is important to you? • Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?

  40. Wisconsin 134.98Data Breach notification law • Restricted data includes: • Social Security Number • Driver’s license # or state ID # • Financial account number (credit/debit) and access code/password • DNA profile (Statute 939.74) • Biometric data • In US, HIPAA protects: • Health status, treatment, or payment

  41. Thanks to: UW Parkside: Sabbatical Keep Safe! Thank You For Coming!Any Questions?

More Related