Computer Security at Home

782 views
727 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
782
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • I love the name of the boat “Temporary Insanity II” Makes you wonder what happened to “Temporary Insanity I”
  • Florida Power and Light workers working in a culvert at Orland International Airport running power lines They stumbled across this 18 foot gator . . .
  • and these 87 rattle snakes in a nest
  • Maybe this is what happened to the first boat the guy owned from the previous slide . . .
  • There wasn’t much to the then ARPAnet in 1980. Few machines connected by slow – by today’s standards – links. They were at research facilities, government, military, and contractors.
  • Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html Credit should go to Bell Labs Internet Mapping Project. This map appeared in the December 1998 Wired. Colors denote related IP addresses. Pink is MCI, the “magnetic north of the Internet” according to Bill Cheswick. They used traceroute among 61,000 routers around the world, as of 12/98.
  • According to a recent study by the Radicati group 31% click on links in SPAM 18% try to unsubscribe 10% purchase from SPAM
  • The opening sequence of " Raiders of the Lost Ark " shows a physical manifestation of "defense in depth". In it, Indiana Jones  must defeat multiple disparate mechanisms (poison darts, open pits, rolling boulders, closing stone doors, pressure-sensitive floor tiles, spikes, etc.) in order to abscond with the idol. Also reference “Search for the Holy Grail” where Indiana must find the secrets to the location to the grail surviving numerous traps along the way until he ultimately must survive three tests at the scene of the grail. A similar movie would be the Bruce Willis movie, “Die Hard”. The crooks must get a password which they couldn’t get from the executive so they shoot him. They have to drill the safe, wait for the power to be cut, etc. etc. etc.
  • For example, think about how a bank protects itself from a robbery. It uses vaults, armed guards and bulletproof glass dividers to protect against break-ins; alarm systems and security cameras to detect unauthorized entry; recovery plans and alternate facilities to help it recover in the event of a theft; laws and marketing to deter robbery attempts; and insurance to transfer the residual risk. Such an approach guarantees security redundancy; should any one of the controls fail, others are there to back it up. If the bank security guard falls asleep, the alarm system will detect unauthorized activity. If the alarm system is disabled, the security cameras will record the break-in. And so on. The problem with most approaches to digital defense-in-depth is that they assume that each control has "binary effectiveness"--that is, it works either all of the time or not at all. And, as we all know, perfect security is impossible. We all pay lip service to the idea that "no security is perfect," but most of us translate that into a belief that good security controls will still be in excess of 99 percent effective. It's laudable to try to achieve this level of effectiveness with any one security control, but it's totally unrealistic. Trying to achieve even 90 percent effectiveness in some controls is incredibly costly, time-consuming and counterproductive. A better (and broader) approach to defense-in-depth is one that I call "synergistic security." Like traditional conceptions of defense-in-depth, the success of synergistic security hinges on the redundancy of security controls. But unlike binary security controls, synergistic controls are not either "on" or "off." Each synergistic control is purposefully understood to be (significantly) less than 100 percent effective, making it more practical to maintain while also reducing cost, infringement, management and maintenance burdens. Let's go back to the bank example. What is it that keeps banks from being robbed? And how effective are each of the controls? If you think about it, a security guard, a surveillance camera and a vault are independently only about 70 percent or 80 percent effective in preventing a robbery. For example, the vault in most banks is kept open during banking hours. For the vault to be 90 percent effective or better, it would have to be kept closed almost all the time. This, in turn, would force a bank manager to open and close it every time he needed to get some money or help a customer with a safe deposit box. Imagine how much time that would take; the bank would have to dedicate a manager to doing nothing else but opening and closing the vault!
  • Computer Security at Home

    1. 1. Jim Coffman CISSP, CSSA, CCSA, MCSE Security Engineer Computer Security @ Home
    2. 2. Ever felt like the world is after you?
    3. 3. Trouble just comes out of nowhere?
    4. 4. A new danger at every corner?
    5. 5. Or “pack” of dangers
    6. 6. It’s the little things that will save you.
    7. 7. A little extra effort can make the difference!
    8. 8. Agenda 1. It’s A Brave New World . . . 2. And It Can Be A Scary Place 3. Ways to Protect Yourself Today 4. Security On A Tight Budget 5. Where To Go For Hope
    9. 9. It’s A Brave New World . . .
    10. 10. The “Good Ol’ Days” Source: http://nric.org
    11. 11. The “New World” . . . (at least as of 1998) Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html
    12. 12. Forget Online Banking – I’ll do it myself
    13. 13. Things are not always as they seem Second scanner over original captures your account information.
    14. 14. Fraud – But don’t they need my PIN?
    15. 15. Fraud – yes, they need your PIN . . . Things are not always as they appear.
    16. 16. And It Can Be A Scary Place
    17. 17. Computer Security <ul><li>Computer Security is everyone’s problem. </li></ul><ul><li>86% of all attacks are aimed at home users, not corporate users.* </li></ul><ul><li>Trojans and Worms don’t care who you are, they just know you as an IP address. </li></ul>* Symantec Internet Security Threat Report 10, Sept. 2006
    18. 18. You are valuable . . . <ul><li>Your personal identity & financial information are valuable to hackers; </li></ul><ul><li>so they want to infect you with a keystroke logger Trojan. </li></ul><ul><li>Your system can be used as a zombie to further their DDOS attacks; </li></ul><ul><li>so they want to infect you via mass mailing worms. </li></ul>
    19. 19. You are valuable . . . <ul><li>They are counting on gullible end users buying junk online; </li></ul><ul><li>so they come at you with SPAM and Phishing attacks. </li></ul><ul><li>And then some of these people are just plain sick in the head; </li></ul><ul><li>so they try to “engage” our children online. </li></ul>
    20. 20. You are vulnerable . . . <ul><li>What is the AVERAGE lifespan of an unprotected PC on the Internet before it is attacked AND compromised? </li></ul><ul><li>. . . 4 </li></ul><ul><li>. . .minutes. </li></ul><ul><li>Some machines were compromised in as little as 30 seconds. </li></ul>Source November 2004 study by Kevin Mitnick and AvantGarde
    21. 21. Worms & Viruses
    22. 22. Danger Will Robinson!! <ul><li>Viruses and Worms can carry the same “payload” or destructive result. </li></ul><ul><ul><li>Create new accounts or delete existing accounts </li></ul></ul><ul><ul><li>Open back doors to future malware programs </li></ul></ul><ul><ul><li>Erase Hard drives </li></ul></ul><ul><ul><li>Delete Files </li></ul></ul><ul><ul><li>Change data files </li></ul></ul><ul><ul><li>Change users rights </li></ul></ul><ul><ul><li>Commit attacks on other systems </li></ul></ul><ul><ul><li>Disable Antivirus or other security software </li></ul></ul><ul><ul><li>Capture and transmit passwords and logins to remote hacker </li></ul></ul><ul><li>There are well over 60,000 known viruses and 400 new ones are created every month. </li></ul>
    23. 23. Outbreak <ul><li>Worms spread across networks, like the Internet which is just a big network. </li></ul><ul><li>Worms can spread worldwide in minutes which does not give antivirus software companies enough time to update their antivirus signatures. </li></ul><ul><li>Many of the new viruses / worms know how to turn off your security software. </li></ul>
    24. 24. Example: W32.BugbearB@mm - a mass mailing worm <ul><li>Spread across networks shutting down the following security programs on all systems </li></ul><ul><ul><li>Zonealarm.exe Wfindv32.exe Webscanx.exe Vsstat.exe </li></ul></ul><ul><ul><li>Vshwin32.exe Vsecomr.exe Vscan40.exe Vettray.exe </li></ul></ul><ul><ul><li>Vet95.exe Tds2-Nt.exe Tds2-98.exe Tca.exe </li></ul></ul><ul><ul><li>Tbscan.exe Sweep95.exe Sphinx.exe Smc.exe </li></ul></ul><ul><ul><li>Serv95.exe Scrscan.exe Scanpm.exe Scan95.exe </li></ul></ul><ul><ul><li>Scan32.exe Safeweb.exe Rescue.exe Rav7win.exe </li></ul></ul><ul><ul><li>Rav7.exe Persfw.exe Pcfwallicon.exe Pccwin98.exe </li></ul></ul><ul><ul><li>Pavw.exe Pavsched.exe Pavcl.exe Padmin.exe </li></ul></ul><ul><ul><li>Outpost.exe Nvc95.exe Nupgrade.exe Normist.exe Nmain.exe Nisum.exe Navwnt.exe Navw32.exe </li></ul></ul><ul><ul><li>Navnt.exe Navlu32.exe Navapw32.exe N32scanw.exe </li></ul></ul><ul><ul><li>Mpftray.exe Moolive.exe Luall.exe Lookout.exe </li></ul></ul><ul><ul><li>Lockdown2000.exe Jedi.exe Iomon98.exe Iface.exe </li></ul></ul><ul><ul><li>Icsuppnt.exe Icsupp95.exe Icmon.exe Icloadnt.exe </li></ul></ul><ul><ul><li>Icload95.exe Ibmavsp.exe Ibmasn.exe Iamserv.exe </li></ul></ul><ul><ul><li>Iamapp.exe Frw.exe Fprot.exe Fp-Win.exe </li></ul></ul><ul><ul><li>Findviru.exe F-Stopw.exe F-Prot95.exe F-Prot.exe </li></ul></ul><ul><ul><li>F-Agnt95.exe Espwatch.exe Esafe.exe Ecengine.exe </li></ul></ul><ul><ul><li>Dvp95_0.exe Dvp95.exe Cleaner3.exe Cleaner.exe </li></ul></ul><ul><ul><li>Claw95cf.exe Claw95.exe Cfinet32.exe Cfinet.exe </li></ul></ul><ul><ul><li>Cfiaudit.exe Cfiadmin.exe Blackice.exe Blackd.exe </li></ul></ul><ul><ul><li>Avwupd32.exe Avwin95.exe Avsched32.exe Avpupd.exe </li></ul></ul><ul><ul><li>Avptc32.exe Avpm.exe Avpdos32.exe Avpcc.exe </li></ul></ul><ul><ul><li>Avp32.exe Avp.exe Avnt.exe Avkserv.exe </li></ul></ul><ul><ul><li>Avgctrl.exe Ave32.exe Avconsol.exe Autodown.exe </li></ul></ul><ul><ul><li>Apvxdwin.exe Anti-Trojan.exe Ackwin32.exe Avpm.exe </li></ul></ul>
    25. 25. Is that all it did? <ul><li>Places itself in the startup folder to auto-execute when your PC reboots </li></ul><ul><li>Searches for addresses in email program databases then launches it’s own email server and mails a virus laden email to every address it found on your system </li></ul><ul><li>Creates a back door on your PC for the hacker to get back on your system </li></ul><ul><li>Captures keystrokes and send them back to the hacker </li></ul>
    26. 26. SPAM & PHISHING
    27. 27. “Phishing” Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Hackers have used emails that appear to be from Microsoft, Ebay, Paypal, AOL and every imaginable bank. The language and graphics can be very convincing. &quot;Due to your inactivity your account has been put On Hold. To remove this status you have to Log In to your account and review Discover Privacy Policy.&quot;
    28. 31. SPYWARE
    29. 32. What harm can it do? <ul><li>Beyond the invasion of privacy… </li></ul><ul><li>Spyware can also negatively impact your system’s performance to the point where your system crashes and becomes unusable. </li></ul><ul><li>Spyware can transmit data about your systems vulnerabilities back to hackers. </li></ul><ul><li>Spyware often hijacks your browser’s start page or floods you with pop-ups. </li></ul>
    30. 33. So what’s a Trojan / RAT? <ul><li>A program that you download or someone sends you. </li></ul><ul><li>It’s supposed to be: </li></ul><ul><ul><li>Cool New Game! </li></ul></ul><ul><ul><li>Beautiful Screensaver </li></ul></ul><ul><ul><li>Hot Song or Movie </li></ul></ul><ul><ul><li>Great Utility, etc, etc, etc … </li></ul></ul><ul><li>When you launch it, </li></ul><ul><li>the program may do something cool </li></ul><ul><li>but it also infects your machine. </li></ul>
    31. 34. What do they do? <ul><li>Transmit back to the hacker letting him know your PC is now infected and listening. </li></ul><ul><li>Captures and transmits every thing you type </li></ul><ul><li>back to the hacker. </li></ul><ul><li>Allows the hacker to take remote control of your PC including searching your drive and viewing what you see on your screen. </li></ul>
    32. 35. Ways to Protect Yourself Today
    33. 36. Ways to protect yourself TODAY <ul><li>Keep your Operating System patches up to date. </li></ul><ul><li>Install Antivirus and keep it up to date. </li></ul><ul><li>Install Spyware software. </li></ul><ul><li>Use a hardware based firewall </li></ul><ul><li>Use complex passwords and if you must record the passwords, do it off-line or encrypt them. </li></ul>
    34. 37. Ways to protect yourself TODAY <ul><li>Use caution when opening and responding to emails even from known parties. </li></ul><ul><li>Use caution when downloading files from sources that are not very well known. </li></ul><ul><li>Jealously guard your personal data. </li></ul><ul><li>Use a credit card with a small credit line for online purchases. </li></ul>
    35. 38. Ways to protect yourself TODAY <ul><li>Read those license agreements – some actually state that you will accept undesirable spyware. </li></ul><ul><li>Turn your computers off when not in use, especially at night. </li></ul><ul><li>Keep backups of your valuable data on read only, offline media like CD, DVD or tape. </li></ul><ul><li>Don’t email personal data. It is usually an insecure transmission medium. </li></ul>
    36. 39. Ways to protect yourself TODAY <ul><li>Do NOT post your email address on web sites or in public newsgroups. Spammers use spiders to scour web sites and harvest those addresses. </li></ul><ul><li>If you must publish an email address, use a secondary address, not the one you want friends and family to use. </li></ul>
    37. 40. Fraud Tips <ul><li>Don’t trust phone calls or emails asking you to provide personal information such as account numbers, user names, logins, passwords or birth dates. Reputable administrators NEVER EVER ask for passwords; they can reset your account password for you without needing to know your old password. </li></ul><ul><li>Pay close attention to the URLs you are taken to. Simple changes in names can lead you to a hacker site. </li></ul><ul><li>WWW.DlSC0VERCARD.COM -> What’s wrong? </li></ul>
    38. 41. Ways to protect yourself TODAY <ul><li>DO NOT REPLY TO SPAM EMAILS! ! ! </li></ul><ul><li>Attempting to “unsubscribe” just confirms to the Spammer that there is a live human being at that email address so they SPAM you more!! </li></ul><ul><li>Replying to the email also confirms to the spammer that your ISP is not doing a good job filtering emails so they will spam your ISP. (Internet Service Provider) </li></ul>
    39. 42. Ways to protect yourself TODAY <ul><li>Do not click on web site links in spam! This will confirm you address and likely take you to a bogus, hacker run web site. </li></ul><ul><li>Do not even open the spam email as it could contain imbedded attacks like Active X, Java, VBScript that auto execute. </li></ul><ul><li>Obviously, do not BUY anything from them. </li></ul>
    40. 43. CYA without $$$
    41. 44. Words of Wisdom <ul><li>Remember that “good” security NOW </li></ul><ul><li>is better than “perfect” security NEVER. </li></ul><ul><li>So . . . start by addressing the cheapest, easiest and fastest steps to implement. </li></ul>
    42. 45. CYA without the $$$ <ul><li>Security software doesn’t need to break the bank </li></ul>
    43. 46. Security Freeware <ul><li>FIREWALL / UTM </li></ul><ul><ul><li>Windows Firewall Installed with Windows XP Service Pack 2 </li></ul></ul><ul><ul><li>Zone Alarm http://www.zonelabs.com </li></ul></ul><ul><ul><li>Kerio http://www.sunbelt-software.com/kerio.cfm </li></ul></ul><ul><ul><li>Comodo http://www.personalfirewall.comodo.com/ </li></ul></ul><ul><li>ANTI-VIRUS </li></ul><ul><ul><li>Grisoft AVG http://free.grisoft.com/doc/1 </li></ul></ul><ul><ul><li>Avast http://www.avast.com/eng/download-avast-home.html </li></ul></ul><ul><ul><li>ClamWin http://www.clamwin.com/ </li></ul></ul><ul><ul><li>Antivir http://www.free-av.com </li></ul></ul><ul><li>SPYWARE </li></ul><ul><ul><li>Lavasoft Ad-aware http:// www.lavasoft.de/software/adaware / </li></ul></ul><ul><ul><li>Javacool Spyware Blaster / Guard http://www.javacoolsoftware.com </li></ul></ul><ul><ul><li>Spybot Search & Destroy http://spybot.safer-networking.de/en / </li></ul></ul><ul><ul><li>Grisoft ewido http://free.grisoft.com/doc/ewido-anti-spyware-free/lng/us/tpl/v5 </li></ul></ul><ul><ul><li>Sophos RootKit Eliminator http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html </li></ul></ul><ul><li>WEB BROWSING TOOLS: </li></ul><ul><ul><li>McAfee Site Advisor http://www.siteadvisor.com/ </li></ul></ul><ul><ul><li>ShieldsUp Online Test www.grc.com </li></ul></ul><ul><ul><li>HackerWhacker http://www.hackerwatch.org/probe/ </li></ul></ul>
    44. 47. Security Freeware <ul><li>SPAM: Use primary email account for friends and a second free email account for online surfing / shopping. </li></ul><ul><ul><li>K9 http://www.keir.net/k9.html </li></ul></ul><ul><ul><li>SpamBayes http:// spambayes.sourceforge.net / </li></ul></ul><ul><ul><li>Despammed www.despammed.com </li></ul></ul><ul><ul><li>SpamAssassin http://spamassassin.apache.org/ </li></ul></ul><ul><li>PHISHING TOOLBARS: </li></ul><ul><ul><li>Netcraft http:// toolbar.netcraft.com / </li></ul></ul><ul><ul><li>Earthlink http:// www.earthlink.net /software/free/toolbar/ </li></ul></ul><ul><ul><li>PhishGuard http:// www.phishguard.com/default.htm </li></ul></ul><ul><ul><li>Spoofstick http:// www.spoofstick.com / </li></ul></ul><ul><ul><li>CallingID http://callingid.com/Default.aspx </li></ul></ul><ul><li>VARIOUS: </li></ul><ul><ul><li>Microsoft Baseline Security Analyzer http://www.microsoft.com/ technet/security/tools/mbsahome.mspx </li></ul></ul>
    45. 48. Where To Go For Help
    46. 49. Best Places for More Information <ul><li>BEWEBAWARE.org </li></ul><ul><li>CERT.org/homeusers </li></ul><ul><li>CERT.org/tech_tips/home_networks </li></ul><ul><li>GETNETWISE.org </li></ul><ul><li>FIREWALLGUIDE.org </li></ul><ul><li>MICROSOFT.com/athome/security </li></ul><ul><li>PCWORLD.com </li></ul><ul><li>PCMAGAZINE.com </li></ul><ul><li>SANS.org/rr/whitepapers/hsoffice </li></ul><ul><li>STAYSAFEONLINE.info </li></ul><ul><li>US-CERT.gov </li></ul>
    47. 50. Best Places for More Information <ul><li>SpywareWarrior.com </li></ul><ul><li>Antiphishing.org </li></ul><ul><li>FTC.gov </li></ul><ul><li>PCMagazine & PCWorld </li></ul><ul><li>Microsoft.com </li></ul><ul><li>Symantec.com/athome/security </li></ul><ul><li>hhi.corecom.com/phishing.htm </li></ul><ul><li>theregister.co.uk/security </li></ul><ul><li>Phishinginfo.org </li></ul><ul><li>CoreStreet.com/spoofstickFirewallguide.com </li></ul><ul><li>Firewallguide.com/anti-virus </li></ul><ul><li>Anti-Virus-Software-Review.com </li></ul><ul><li>HackFix.org </li></ul><ul><li>Tom-Cat.com/security </li></ul><ul><li>PracticallyNetworked.com </li></ul>
    48. 51.
    49. 52. Evolution of a Password <ul><li>Examples: </li></ul><ul><ul><li>Favorite Singer? </li></ul></ul>Frank Sinatra Fr@nk Sin@tr@ Fr@nk 5!n@tr@
    50. 53. Evolution of a Password <ul><li>Examples: </li></ul><ul><ul><li>Favorite Nursery Rhyme? </li></ul></ul>Humpty Dumpty sat on a wall. HDsoawall HDso@w@ll HDs0@w@11
    51. 54. Evolution of a Password <ul><li>Examples: </li></ul><ul><ul><li>Favorite Sports Team? </li></ul></ul>Raiders [email_address] R@|der5
    52. 55. Why use 1 defense when you can use 3? Indiana Jones <ul><li>Open Pits </li></ul><ul><li>Stone Doors </li></ul><ul><li>Trick Floor Tiles </li></ul><ul><li>Poison Darts </li></ul><ul><li>Spikes </li></ul><ul><li>Rolling Boulders </li></ul>
    53. 56. Why use 1 defense when you can use 3? Banks <ul><li>Bars </li></ul><ul><li>Cameras </li></ul><ul><li>Locks / Safes </li></ul><ul><li>Guards with Guns </li></ul><ul><li>Bullet Proof Glass </li></ul><ul><li>Insurance / FDIC </li></ul><ul><li>Dye Packs </li></ul><ul><li>Mantraps </li></ul><ul><li>Alarms </li></ul>

    ×