Information Security

295 views
239 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
295
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Security

  1. 1. Information Security February 20, 2006 DePaul University CSRT
  2. 2. Information Security at DePaul <ul><li>Who we are </li></ul><ul><ul><li>Information Services </li></ul></ul><ul><ul><li>Business Continuity and Security (BCS) </li></ul></ul><ul><ul><li>Computer Security Response Team (CSRT) </li></ul></ul><ul><li>Web Site </li></ul><ul><ul><li>http://is.depaul.edu/security/information_security </li></ul></ul><ul><li>Email Addresses </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul>
  3. 3. How do I protect my computer? <ul><li>Top Five steps: </li></ul><ul><li>Update Operating System </li></ul><ul><ul><li>Windows Automated Updates </li></ul></ul><ul><li>Use Anti-virus and Spyware/Adware removal software </li></ul><ul><li>Strong Passwords </li></ul><ul><li>Firewall (software or hardware) </li></ul><ul><li>Common Sense </li></ul><ul><li>Recommended Tool </li></ul><ul><li>Microsoft Baseline Security Analyzer </li></ul><ul><li>http://www.microsoft.com/technet/security/tools/mbsahome.mspx </li></ul>
  4. 4. Who is out there? <ul><li>Terms </li></ul><ul><li>Black Hats </li></ul><ul><ul><li>Malicious or criminal hacker. </li></ul></ul><ul><li>Hackers </li></ul><ul><ul><ul><li>A person who enjoys exploring the details of programmable systems and how to stretch their capabilities </li></ul></ul></ul><ul><li>Crackers </li></ul><ul><ul><li>One who breaks security on a system </li></ul></ul><ul><li>Script Kiddies </li></ul><ul><ul><li>Do mischief with scripts and programs written by others, often without understanding the exploit they are using. </li></ul></ul>
  5. 5. Why should we worry? Skill Level of Miscreants
  6. 6. My computer has an address? <ul><li>IP Address </li></ul><ul><ul><li>An identifier for a computer or device </li></ul></ul><ul><ul><li>DePaul net block – 140.192.0.0/16 </li></ul></ul><ul><ul><li>0-255 </li></ul></ul><ul><li>Port Number </li></ul><ul><ul><li>Number assigned to an application program running in the computer </li></ul></ul><ul><ul><li>Port Numbers: 0 – 65535 </li></ul></ul><ul><ul><li>Web – port 80 </li></ul></ul><ul><li>Connection </li></ul><ul><ul><li>Source: 140.192.79.91 (4628)  Destination: 216.239.37.99 (80) </li></ul></ul>
  7. 7. Why does a firewall help? <ul><li>Prevents some communications to your computer </li></ul><ul><ul><li>hopefully only unwanted traffic  </li></ul></ul><ul><li>Software </li></ul><ul><ul><li>Windows Firewall </li></ul></ul><ul><ul><ul><li>http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx </li></ul></ul></ul><ul><ul><li>Commercial/Freeware </li></ul></ul><ul><ul><ul><li>Kerio, ZoneAlarm, Blackice … </li></ul></ul></ul><ul><li>Hardware </li></ul><ul><ul><li>Firewall Devices </li></ul></ul><ul><ul><li>Broadband Routers </li></ul></ul>
  8. 8. How do they find my computer? <ul><li>$ sudo nmap -sS x.x.x.x </li></ul><ul><li>Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2006-02-20 09:57 CST </li></ul><ul><li>Interesting ports on (x.x.x.x): </li></ul><ul><li>(The 1654 ports scanned but not shown below are in state: closed) </li></ul><ul><li>PORT STATE SERVICE </li></ul><ul><li>135/tcp open msrpc </li></ul><ul><li>139/tcp open netbios-ssn </li></ul><ul><li>1025/tcp open NFS-or-IIS </li></ul><ul><li>5000/tcp open UPnP </li></ul><ul><li>5101/tcp open admdog </li></ul><ul><li>Nmap run completed -- 1 IP address (1 host up) scanned in 0.956 seconds </li></ul>
  9. 9. A typical day <ul><li>Scanning logs </li></ul><ul><li>Jan 19 00:15:23 CST 2006 Number of scans: 15639 </li></ul><ul><li>Destination Ports </li></ul><ul><li>Total     Port </li></ul><ul><li>======    ===== </li></ul><ul><li>175      445 Windows (File Shares) </li></ul><ul><li>592     139 Windows (File Shares) </li></ul><ul><li>867     1433 MS-SQL - slammer worm </li></ul><ul><li>8571      135 Windows (RPC Vulnerabilities) </li></ul>
  10. 10. What do they want? <ul><li>Resources </li></ul><ul><ul><li>Storage </li></ul></ul><ul><ul><li>Access </li></ul></ul><ul><ul><li>Bandwidth </li></ul></ul><ul><ul><li>Launching point for attacks </li></ul></ul><ul><li>Profitable </li></ul><ul><li>Information </li></ul><ul><ul><li>Personal </li></ul></ul><ul><ul><li>Corporate </li></ul></ul><ul><ul><li>Source Code </li></ul></ul><ul><li>Challenge </li></ul><ul><li>Activism </li></ul><ul><ul><li>Political - Hacktivism </li></ul></ul>
  11. 11. How do they do it? <ul><li>Attack Vectors </li></ul><ul><ul><li>Email </li></ul></ul><ul><ul><ul><li>Attachments </li></ul></ul></ul><ul><ul><ul><li>Messages </li></ul></ul></ul><ul><ul><li>Deception/Social Engineering </li></ul></ul><ul><ul><ul><li>Scams and Fraud </li></ul></ul></ul><ul><ul><ul><li>Hoaxes </li></ul></ul></ul><ul><ul><li>Attackers </li></ul></ul><ul><ul><ul><li>Vulnerabilities and Exploits </li></ul></ul></ul><ul><ul><ul><li>Open Shares/Weak Passwords </li></ul></ul></ul><ul><ul><li>Web Pages </li></ul></ul><ul><ul><li>Malware (Malicious Software </li></ul></ul><ul><ul><li>Instant Messaging, Internet Relay Chat (IRC) and Peer to Peer File Sharing (P2P) </li></ul></ul>
  12. 12. Questions <ul><li>Thank you… </li></ul>

×