1 / 57

Computer Security and Privacy

Table of Contents. Computer SecurityTechnologyComputer security risks to home users VirusesPGP - Pretty Good PrivacyUC Davis Computer Security Lab ProjectsReferences. Computer Security. Computer security is the process of preventing and detecting unauthorized use of computersComputer security

veata
Télécharger la présentation

Computer Security and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Computer Security and Privacy Alex Mack

    2. Table of Contents Computer Security Technology Computer security risks to home users Viruses PGP - Pretty Good Privacy UC Davis Computer Security Lab Projects References

    3. Computer Security Computer security is the process of preventing and detecting unauthorized use of computers Computer security keeps strangers from reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer.

    4. Computer Security (cont) As hackers have control of your computer, they have the ability to hide their true location as they launch attacks. They can watch all of your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data. Hackers are always discovering new vulnerabilities to exploit in computer software. The complexity of software makes it difficult to thoroughly test the security of computer systems.

    5. Computer Security (cont) When vulnerabilities are discovered, computer vendors develop patches to address these problems. Users install the patches, or correctly configure the software to operate more securely. Some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure.

    6. Technology Broadband Cable modem access DSL access Protocal IP address Static Addressing Dynamic Addressing Network Address Translation (NAT) TCP and UDP Ports

    7. Technology (cont) Firewall Antivirus software

    8. Broadband Broadband refers to high–speed network connections. Cable modems and Digital Subscriber Line (DSL) are referred to as broadband Internet connections. Bandwidth describes the relative speed of a network connection. Most current dial-up modems can support a bandwidth of 56 kbps (thousand bits per second).

    9. Cable modem access A cable modem allows a single computer or network of computers to connect to the Internet via the cable TV network. It has an Ethernet LAN (Local Area Network) connection to the computer, and is capable of speeds in excess of 5 Mbps. Since cable providers turn neighborhoods into LANs that share the same bandwidth, speeds tend to be lower than the maximum.

    10. Cable modem access (cont) Shared bandwidth slows down network access, and causes cable modem users to be more susceptible to risks such as packet sniffing and unprotected windows shares.

    11. DSL access DSL provides the user with dedicated bandwidth. The maximum bandwidth of DSL users is usually lower than the maximum bandwidth of cable modem users. The dedicated bandwidth is only dedicated between your home and the DSL provider’s central office. DSL access is not as susceptible to packet sniffing as cable modem access.

    12. Protocal A protocol is a well-defined specification that allows computers to communicate across a network. Protocols define the "grammar" that computers can use to "talk" to each other. IP stands for "Internet Protocol". It can be thought of as the common language of computers on the Internet.

    13. IP address IP addresses are analogous to telephone numbers. When a computer on the Internet needs to send to send data to another computer, it must first know its IP address. IP addresses are shown as four numbers separated by decimal points. Ex: 10.24.254.3 If you type the name of a server into your web browser, your computer will ask its Domain Name System (DNS) Server what the numeric IP address is that is associated with that server name.

    14. IP address (cont) Every computer on the Internet has an IP address associated with it that uniquely identifies it. An IP address may change over time if the computer is dialing into an Internet Service Provides (ISP), connected behind a network firewall, or connected to a broadband service using dynamic IP addressing.

    15. Static Addressing Static IP addressing occurs when an ISP permanently assigns one or more IP addresses for each user. These addresses do not change over time, however, if a static address is assigned but not in use, it is effectively wasted. Since ISPs have a limited number of addresses allocated to them, they sometimes need to make more efficient use of their addresses.

    16. Dynamic Addressing Dynamic IP addressing allows the ISP to efficiently utilize their address space. Using dynamic IP addressing, the IP addresses of individual user computers may change over time. If a dynamic address is not in use, it can be automatically reassigned to another computer as needed.

    17. Network Address Translation (NAT) NAT provides a way to hide the IP address of a private network from Internet, while still allowing computers on that network to access the Internet. Using NAT masquerading, one or more devices on a LAN can be made to appear as a single IP address to the provide Internet. NAT masquerading allows for multiple computers to use a single cable modem or DSL connection without, requiring the ISP to provide more than one IP address to the user.

    18. TCP and UDP Ports TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are both protocols that use IP. They both allow individual applications on those computers to talk to each other. Ports allow a computer to differentiate services such as email data from web data.

    19. TCP and UDP Ports (cont) A port is simply a number associated with each application that uniquely identifies that service on that computer. TCP and UDP use ports to identify services. Common port numbers are 80 for web (HTTP), 25 for email (SMTP), and 53 for Dmain Name System (DNS).

    20. Firewall Firewall is a system or group of systems that enforces an access control policy between two networks. Software Firewall – specialized software running on an individual computer Network Firewall – a dedicated device designed to protect one or more computers Both types of firewall allow the user to define access policies for inbound connections to the computers they are protecting. Firewalls control what services the protected computers are able to access on the Internet.

    21. Antivirus software Antivirus software packages look for patterns in the files or memory of your computer that indicate the possible prescence of a known virus. They know what to look for through the use of virus profiles provided by the vendor. The software’s effectiveness are dependent on having the latest virus profiles installed on your computer, so that the software can look for recently discovered viruses.

    22. Computer security risks to home users Information security is concerned with three main areas: Confidentiality - information should be available only to those who rightfully have access to it Integrity -- information should be modified only by those who are authorized to do so Availability -- information should be accessible to those who need it when they need it

    23. Computer security risks to home users (cont) These concepts apply to home Internet users just as much as they would to any corporate or government network. Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you weren't connected to the Internet (hard disk failures, theft, power outages).

    24. Computer security risks to home users (cont) Intentional misuse of your computer: Trojan horse programs Back door and remote administration programs Denial of service Being an intermediary for another attack Unprotected Windows shares Mobile code (Java/JavaScript/ActiveX)

    25. Computer security risks to home users (cont) Cross-site scripting Email spoofing Email borne viruses Hidden file extensions Chat clients Packet sniffing

    26. Trojan horse programs Trojan horse programs are a common way for intruders to trick you into installing "back door" programs.

    27. Back door and remote administration programs Back door or remote administration programs, once installed, allow other people to access and control your computer. Three programs commonly used by intruders to gain remote access to your computer are BackOrifice, Netbus, and SubSeven

    28. Denial of service Denial-of-service (DoS) causes your computer to crash or to become so busy processing data that you are unable to use it.

    29. Being an intermediary for another attack Intruders will frequently use compromised computers as launching pads for attacking other systems. They install an "agent" that runs on the compromised computer awaiting further instructions. When a number of agents are running on different computers, a single "handler" can instruct all of them to launch a denial-of-service attack on another system.

    30. Unprotected Windows shares Unprotected Windows networking shares can be exploited by intruders in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. The greater immediate risk to the Internet community is the potentially large number of computers attached to the Internet with unprotected Windows networking shares combined with distributed attack tools

    31. Mobile code (Java/JavaScript/ActiveX) Mobile code are programming languages that let web developers write code that is executed by your web browser. They can be used by intruders to gather information or to run malicious code on your computer. Mobile code vulnerabilities that affect Java, JavaScript, and ActiveX are often applicable to email as well as web pages.

    32. Cross-site scripting A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. You can potentially expose your web browser to malicious scripts by: Following links in web pages, email messages, or newsgroup postings without knowing what they link to Using interactive forms on an untrustworthy site Viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags

    33. Email spoofing Email spoofing is when an email message appears to have originated from one source when it actually was sent from another source. Spoofed email can range from harmless pranks to social engineering ploys. Examples: email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

    34. Email borne viruses Viruses and other types of malicious code are often spread as attachments to email messages. Malicious code might be distributed in amusing or enticing programs. Many recent viruses use these social engineering techniques to spread. Ex: W32/Sircam W32/Goner

    35. Hidden file extensions Windows operating systems contain an option to "Hide file extensions for known file types“ Multiple email-borne viruses are known to exploit hidden file extensions. Files attached to the email messages sent by these viruses may appear to be harmless when in fact the file is a malicious script

    36. Chat clients Chat clients provide groups of individuals with the means to exchange dialog, web URLs, and in many cases, files of any type. Since many chat clients allow for the exchange of executable code, they present risks similar to those of email clients.

    37. Packet sniffing A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text. With many passwords captured by the packet sniffer, intruders can launch widespread attacks on systems. Installing a packet sniffer does not necessarily require administrator-level access.

    38. Computer security risks to home users (cont) Accidents and other risks: Disk failure Power failure and surges Physical Theft

    39. Computer security risks to home users (cont) Actions home users can take to protect their computer systems: Consult your system support personnel if you work from home Use virus protection software Use a firewall Don't open unknown email attachments Don't run programs of unknown origin Disable hidden filename extensions

    40. Computer security risks to home users (cont) Keep all applications, including your operating system, patched Turn off your computer or disconnect from the network when not in use Disable Java, JavaScript, and ActiveX if possible Disable scripting features in email programs Make regular backups of critical data Make a boot disk in case your computer is damaged or compromised

    41. Viruses Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to other computers, or even erase everything on your hard disk. Computer viruses are often spread by attachments in e-mail messages or instant messaging messages.

    42. Viruses (cont) Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. They can be hidden in illicit software or other files or programs you might download. Once a virus is on your computer, its type or the method it used to get there is not as important as removing it and preventing further infection.

    43. Viruses (cont) A computer worm is a software program that is designed to copy itself from one computer to another, without human interaction. It can can copy itself automatically. A worm can send out copies of itself to every contact in your e-mail address book, and then it can send itself to all of the contacts your contact's e-mail address books. They clog networks and can cause long waits for you and everyone else to view Web pages on the Internet.

    44. Viruses (cont) Spyware is software that performs certain behaviors, generally without appropriately obtaining your consent first. Spyware displays advertisements called adware and tracks personal or sensitive information. They can make changes to your computer that can be annoying and cause your computer slow down or crash.

    45. Viruses (cont) Spyware can change your Web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them.

    46. Viruses (cont) Trojans can hide in small programs that appear to be useful, or harmless sites but can infect your computer by opening a secret backdoor that will allow an intruder to remotely gain access to your computer. They rely on being small and deceptive to propagate themselves across the internet, usually attached to some other file. Trojans and spyware predominantly want information from you that will help the monitoring site build a profile of you that they will exploit commercially.

    47. Viruses (cont) Trojans and spyware provide a doorway to a hacker to infiltrate your system and monitor your actions with such tools as keyloggers and password stealers, with a view to stealing from you. Other trojans can stay latent in the background to provide an accessway to a hacker for future exploitation such as a Denial of Service Attack.

    48. Viruses (cont) Five main types of remote access spyware Trojans are: File Server Remote Administration Password Stealer Key Loggers Denial of Service

    49. PGP - Pretty Good Privacy PGP is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and, finally, public-key cryptography. Each public key is bound to a user name and/or an e-mail address.

    50. PGP - Pretty Good Privacy (cont) PGP supports message authentication and integrity checking. The sender uses PGP to create a digital signature for the message with either the RSA or DSA signature algorithms. PGP encryption can also be used to protect data in long-term data storage such as disk files. The security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct cryptanalysis.

    51. UC Davis Computer Security Lab Projects Anomaly Detection in Database Systems MURI Protocol Research

    52. Anomaly Detection in Database Systems Database systems provide mechanisms that can be employed to ensure the integrity of the stored data. Mechanisms for enforcing organizational security policies are often not adequately used. Security policies are often not known or not well specified, making it difficult or even impossible to translate them into appropriate security mechanisms. Security policies do not sufficiently guard data stored in a database system against "privileged users".

    53. Anomaly Detection in Database Systems (cont) The security goals of database systems are availability, confidentiality and integrity. Misuse detection systems (MDSs) are a cost-effective compromise to establish and assure a certain degree of security in a system. The system called DEMIDS (DEtection of MIsuse in Database Systems) provides a rich set of tools to derive user profiles from audit logs. DEMIDS detects malicious behavior by legitimate users who abuse their privileges.

    54. MURI Protocol Research The goal of this project is to conduct research on security and on protocol validation methods: Develop a method of attacks and a language for describing attack behavior Develop a language in which security policies can be stated Develop tools to support the reasoning about policies, including consistency, completeness, and the projection of policies to enforcement sites.

    55. MURI Protocol Research (cont) Develop a verification system to support the formal reasoning of protocols. To support the testing of protocols, we will develop a tester's assistant (TA).

    56. References http://www.obscure.org/~jaws/security.html http://www.cert.org/tech_tips/home_networks.html http://www.microsoft.com/security/antivirus/whatis.aspx http://www.microsoft.com/security/worms/whatis.aspx http://www.microsoft.com/security/spyware/whatis.aspx http://en.wikipedia.org/wiki/Pretty_Good_Privacy http://www.anti-trojan.org/whatisatrojan.html

    57. References (cont) http://seclab.cs.ucdavis.edu/projects/anomaly.html http://seclab.cs.ucdavis.edu/projects/MURIsum.html

More Related