230 likes | 374 Vues
James Harland james.harland@rmit.edu.au. COSC1078 Introduction to Information Technology Lecture 22 Internet Security. Introduction to IT. 1 Introduction 2 Images 3 Audio 4 Video WebLearnTest 1 5 Binary Representation Assignment 1 6 Data Storage 7 Machine Processing
E N D
Intro to IT James Harland james.harland@rmit.edu.au COSC1078 Introduction to Information TechnologyLecture 22Internet Security
Intro to IT Introduction to IT 1 Introduction 2Images 3Audio 4Video WebLearnTest 1 5 Binary Representation Assignment 1 6 Data Storage 7Machine Processing 8 Operating Systems WebLearn Test 2 9 Processes Assignment 2 10 Internet 11Internet Security WebLearnTest 3 12Future of IT Assignment 3, Peer and Self Assessment
Intro to IT Overview • Questions? • Exam • Assignment 3 • Peer and Self Assessment • Internet Security • Questions?
Assignment 3 Reflect Answer reflection questions from tutorials See last lecture for ideas Research Write about a particular IT topic of your choice (5-6 paragraphs) electronic voting, information security, 3D user interfaces, digital music, digital video, electronic commerce, natural language processing, DNA computing, quantum computing, cryptography, malware detection and removal, Moore's Law, green computing, … Lecture 21: Internet Security Intro to IT
Exam 2010 exam is available now 2010 exam answers will be available on May 29th 2011 exam will be available on June 5th 2011 exam answers will be available on June 12th 2012 exam available on June 19th Lecture 21: Internet Security Intro to IT
SE Fundamentals Self and Peer Assessment • How well has each person contributed to the group? • Evaluated over the entire semester • Assessed on process, not product • Work out a grade for each person (CR, DI etc) • Then convert this to a mark out of 20 • Submit list of marks to tutor with justifications • Repeat previous step until the tutor is satisfied • See guidelines in Blackboard material
Assignment 3 Review (re-) answer What is IT? questions from Tutorial 1 Identify difficult parts of the course Suggest new questions Include favourites from Assignments 1 and 2 Reflect Answer reflection questions from tutorials Research Write about a particular IT topic of your choice (5-6 paragraphs) Lecture 21: Internet Security Intro to IT
Intro to IT Internet Security pass word fire spam wall patch key logger war virus driving Trojan horse worm phishing proxy
Security vs access It is always a trade-off(a balance between two competing forces) More security means less access More access means less security Redundancy can be either fatal or vital Nothing is perfect! Intro to IT
Freedom vs security `Everything which is not forbidden is allowed’ -- Principle of English Law `Everything which is not allowed is forbidden’ -- Common security principle `Anything not mandatory is forbidden’ -- “military policy” `Anything not forbidden is compulsory’(??) — T.H. White (The Once and Future King) Intro to IT
Intro to IT Passwords • Should be: • Long (8 characters or more) • Not obvious or from a dictionary • Contain capitals, numerals and non-alphanumeric characters (!&^*$@.,’[]{}? …) • Recorded securely somewhere • Transmitted in encrypted form only • Older programs such as FTP, Telnet transmit this in plaintext …
Intro to IT Firewalls • Device which limits internet connections • Limit network uses to only approved ones • Prevent malicious software reporting information • Prevent outside attacks • May need to have ports opened to allow applications to work • Only work on applications, not on content
Intro to IT Proxy servers • All internet traffic routed via proxy server • Acts as an internet gateway • Once proxy is secure, so is network • Can filter content • Can cache content • Often used with a firewall in a corporate environment
Intro to IT Wardriving • Driving around to find a vulnerable wireless signal • Find a wireless connection that doesn’t require a password(so add one to yours if you haven’t!) • Attack systems that use a default admin login name and password (change yours!) • Snoop on transmissions which are not encrypted (encrypt yours!) • Using a MAC address whitelist means only specified devices can connect to your router
Intro to IT Viruses,Worms,Trojans • Virus:self-replicating program that attaches itself to files and is spread when they are transferred • Worm:self-replicating program that pro-actively spreads itself • Trojan horse:a program that appears legitimate but is in fact malicious
Intro to IT Malware and Spyware • Malicioussoftware: • Hidden mail server • Key logging (to capture passwords) • Enable machine takeover • Direct traffic to particular web sites • Analyse behaviour • Act as a proxy • …
Intro to IT Denial of service • Prevent network from working normally • Flood a server with ‘invalid’ inputs • Use a network of compromised machines to generate an overwhelming number of requests (Conficker?) • Such zombie machines can form a botnet, which then attack a particular server
Intro to IT Tricking the user • Users are often the weakest link in security • Email attachments containing trojan horses • ‘Phishing’ • Malicious web pages • Malicious documents (macros in spreadsheets) • Account stealing (via key logging) • Scams (‘I have $10 million to import’, ‘You have just won the lottery’, …)
Intro to IT Protecting your system • Keep up to date with patches (Windows update, Software update) • Use a firewall • Use anti-virus software and keep it up to date • Use anti-spyware tools • Filter email for spam and suspicious messages • Be aware of ‘fake alerts’
Stuxnet? Windows-based worm Discovered in July, 2010 Designed to attack a very specific industrial plant Assumes plant operator would use a Windows laptop to reprogram plant machinery Not clear who was behind it … Look at the video Lecture 22: Internet Security Intro to IT
Stuxnet? Designed for Siemens equipment Siemens have said none of their customers were effected! Iran has ‘embargoed’ Siemens equipment … “The attackers took great care to make sure that only their designated targets were hit...It was a marksman’s job." "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them" Lecture 22: Internet Security Intro to IT
Privacy and encryption Cryptography has been a major political headache for governments Public-key cryptography makes Amazon possible … Terrorist groups can use the same technology to keep things private… Should governments be able to keep encryption keys? See PGP and Phil Zimmermann… Lecture 22: Internet Security Intro to IT
Intro to IT Conclusion • Work on Assignment 3 • Check your software defenses!