Ne Course Part One


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ne Course Part One

  1. 1. Network Professional Course Data & Network Security U Nyein Oo COO/Director Myanma Computer Co., Ltd
  2. 2. Part One Computer Virus
  3. 3. Topics to be covered <ul><li>Computer virus </li></ul><ul><li>Different type of virus </li></ul><ul><ul><li>Macro virus </li></ul></ul><ul><ul><li>Worm </li></ul></ul><ul><ul><li>Trojan horse </li></ul></ul><ul><ul><li>Hybrids </li></ul></ul><ul><ul><li>Malware </li></ul></ul><ul><ul><li>Spam </li></ul></ul><ul><ul><li>Spyware </li></ul></ul><ul><ul><li>And </li></ul></ul><ul><li>preventing Computer Virus </li></ul>
  4. 4. What is Computer Virus? <ul><li>In 1983, Fred Cohen coined the term “computer virus”, assume a virus was &quot; a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself .” </li></ul><ul><li>Mr. Cohen expanded his definition a year later in his 1984 paper, “A Computer Virus”, noting that “ a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs”. </li></ul>
  5. 5. Some History on Fred Cohen <ul><li>BS (Electrical Engineering ) </li></ul><ul><li>MS (Information Science) </li></ul><ul><li>Ph.D (Electrical and Computer Engineering) </li></ul><ul><li>Inventor of “Computer Viruses” (1983) </li></ul><ul><li>First published most current virus defense techniques </li></ul><ul><li>Consultant, computer security </li></ul><ul><li>Fred Cohen &Associates </li></ul><ul><li>Sandia National Laboratories </li></ul><ul><li>Global reputation for integrity </li></ul>
  6. 6. Macro virus <ul><li>Macro viruses are a special case of viruses. Instead of infecting software program files directly, macro viruses infect Microsoft Office documents and templates. </li></ul><ul><li>They exist because Microsoft has implemented a complete programming language in their Office applications which allows any document to contain software code. </li></ul>
  7. 7. Macro virus (cont:) <ul><li>Macro viruses can be extremely dangerous, since the scripting language built-in to Microsoft Office (called &quot;Visual Basic for Applications&quot;) gives the virus full control of the computer, including the ability to run arbitrary software, send e-mail, delete files, or activate some other malicious payload. </li></ul>
  8. 8. What is worm? <ul><li>In contrast to viruses, computer worms are malicious programs that copy themselves from system to system, rather than sensitive legal files. </li></ul><ul><li>For example, a mass-mailing </li></ul><ul><li>email worm is a worm that </li></ul><ul><li>sends copies of itself via email. </li></ul><ul><li>A network worm makes copies </li></ul><ul><li>of itself throughout a network, </li></ul><ul><li>an Internet worm sends copies </li></ul><ul><li>of itself via vulnerable computers </li></ul><ul><li>on the Internet, and so on. </li></ul>
  9. 9. What is Trojan Horses? <ul><li>Trojans, another form of malware, are generally agreed upon as doing something other than the user expected, with that “something” defined as malicious. </li></ul><ul><li>Most often, Trojans are </li></ul><ul><li>associated with remote </li></ul><ul><li>access programs that perform </li></ul><ul><li>illicit operations such as </li></ul><ul><li>password-stealing or which </li></ul><ul><li>allow compromised machines </li></ul><ul><li>to be used for targeted denial </li></ul><ul><li>(rejection) of service attacks. </li></ul>
  10. 10. Trojan Horses (cont:) <ul><li>One of the more basic forms of a denial of service (DoS) attack involves flooding a target system with so much data, traffic, or commands that it can no longer perform its core functions. </li></ul><ul><li>When multiple machines are gathered together to launch such an attack, it is known as a distributed denial of service attack, or DDoS. </li></ul>
  11. 11. What is Hybrids? <ul><li>In fact, most dangerous software combines the features of several types. One of the first successful e-mail attacks, the Happy99 Virus , wasn't merely a virus. </li></ul><ul><li>When opened, it displayed </li></ul><ul><li>a pleasant fireworks animation, </li></ul><ul><li>tricking the user into thinking it </li></ul><ul><li>was a harmless entertainment </li></ul><ul><li>like a trojan. </li></ul>
  12. 12. Hybrids (cont:) <ul><li>Then, like a virus, it modified the computer's operating system files and installed software code which would create copies of itself whenever the user sent e-mail. </li></ul><ul><li>Finally, like a worm, Happy99 propagated to other computers via e-mail. </li></ul>
  13. 13. What is malware? <ul><li>Taken as a group, these many types of software are called &quot;malicious software&quot;, because they modify your computer's files without asking and attempt to perform some kind of annoying or dangerous activity. </li></ul><ul><li>In the computer community, </li></ul><ul><li>the spectrum of malicious </li></ul><ul><li>software is often called </li></ul><ul><li>malware . </li></ul>
  14. 14. What is SPAM? <ul><li>&quot;Spamming [the sending of unsolicited email] is the scourge of electronic-mail and newsgroups on the Internet. </li></ul><ul><li>It can seriously interfere with the operation of public services, to say nothing of the effect it may have on any individual's e-mail mail system. </li></ul><ul><li>Spammers are, in effect, taking </li></ul><ul><li>resources away from users and </li></ul><ul><li>service suppliers without </li></ul><ul><li>compensation and without </li></ul><ul><li>authorization.&quot; </li></ul>
  15. 15. Spyware <ul><li>Spyware is any software or program that employs a user's Internet connection in the background (the so-called &quot;backchannel&quot;) without their knowledge or explicit permission. </li></ul>
  16. 17. Virus Encyclopedia <ul><li>1. File Virus </li></ul><ul><li>2. Boot Virus </li></ul><ul><li>3. Multi parties Virus (File and Boot ) </li></ul><ul><li>4. Multi Platform Virus </li></ul><ul><li>5. Virus Constructors </li></ul><ul><li>6. Script Virus </li></ul><ul><li>7. Polymorphic Generator </li></ul><ul><li>8. Virus Hoaxes </li></ul><ul><li>9. Palm </li></ul><ul><li>10. Jokes </li></ul>
  17. 18. File Extensions of Evil <ul><li>User File Extension </li></ul><ul><li>Xxx.doc </li></ul><ul><li>Xxx.xls </li></ul><ul><li>Xxx.ppt </li></ul><ul><li>xxx.pmd </li></ul><ul><li>Xxx.pdf </li></ul><ul><li>Xxx.bmp </li></ul><ul><li>And others </li></ul><ul><li>System File Extension </li></ul><ul><li>Xxx.exe </li></ul><ul><li>Xxx.bat </li></ul><ul><li> </li></ul><ul><li>xxx.sys </li></ul><ul><li> </li></ul><ul><li>Xxx.dll </li></ul><ul><li>And others </li></ul>
  18. 19. The Golden Rule of E-mail Protection <ul><li>NEVER OPEN AN E-MAIL ATTACHMENT UNLESS YOU HAVE INDEPENDENTLY CONFIRMED ITS CONTENT AND VALIDITY! </li></ul><ul><li>a separate e-mail with a clear description of the file names and contents of the attachments, </li></ul><ul><li>a telephone call discussing the attached files, </li></ul><ul><li>a face-to-face conversation, or </li></ul><ul><li>any other communication independent of the e-mail containing the attachments, which specifies the file names and file contents. </li></ul>
  19. 20. Example of Attached File
  20. 21. Other Ways to Secure Your System <ul><li>Don't use file and print sharing unless you must </li></ul><ul><li>If you do use file sharing, use good passwords </li></ul><ul><li>Don't allow Windows to open .VBS(vb script) </li></ul><ul><li> or .WSF(Windows Script) files </li></ul><ul><li>Beware software of unknown origin </li></ul><ul><li>Forged E-mail Addresses </li></ul><ul><li>Anti-virus Software </li></ul><ul><li>Malicious Software Documented at Rice </li></ul><ul><li>To get More Help </li></ul><ul><li>To Find Security Patches </li></ul>
  21. 22. Example of Service Pack File
  22. 23. Top ten viruses reported to Sophos in April 2004 Top 10 Virus Report in Feb 2007
  23. 24. Top Antivirus Software <ul><li>Nortan Antivirus ( ) </li></ul><ul><li>Mcafee Antivirus ( ) </li></ul><ul><li>Bitdeffender ( ) </li></ul><ul><li>F-Secure ( ) </li></ul><ul><li>PC-cillin ( ) </li></ul><ul><li>E-safe…etc </li></ul>
  24. 32. criteria of anti-virus software. <ul><li>Ease of Use </li></ul><ul><li>Effective at Identifying Viruses and Worms </li></ul><ul><li>Effective at Cleaning or Isolating Infected Files </li></ul><ul><li>Activity Reporting </li></ul><ul><li>Feature Set (Scanning Capabilities) </li></ul><ul><li>Ease of Installation and Setup </li></ul><ul><li>Help Documentation </li></ul>
  25. 33. Main Features of Antivirus <ul><li>Provides complete e-mail virus Protection </li></ul><ul><li>Eliminates all types of viruses   </li></ul><ul><li>Easy to use: install and forget </li></ul><ul><li>Automatic virus definitions updates   </li></ul><ul><li>Uses powerful virus scanning engines   </li></ul><ul><li>Creates detailed scan reports ..etc </li></ul>
  26. 34. Activity Log File Location
  27. 35. Preventing Computer Virus <ul><li>Install anti-virus software and keep the virus definitions up to date. </li></ul><ul><li>Don't automatically open attachments </li></ul><ul><li>Scan all incoming email attachments </li></ul><ul><li>Get immediate protection </li></ul><ul><li>Update your anti-virus software frequently. </li></ul><ul><li>Avoid downloading files you can't be sure are safe </li></ul><ul><li>Don't boot from a floppy disk </li></ul><ul><li>Don't share floppies </li></ul><ul><li>Scan floppies before using them </li></ul><ul><li>Use common sense </li></ul>
  28. 36. Useful links <ul><li>Virus Encyclopedia </li></ul><ul><li>http:// / </li></ul><ul><li>Virus pattern downloads http:// </li></ul><ul><li>Subscribe to email alerts on Virus http:// / </li></ul><ul><li>Online virus scanner, Housecall                             </li></ul><ul><li>http:// / </li></ul><ul><li>Real-time Virus Tracking </li></ul><ul><li>http:// / </li></ul><ul><li>Mcafee Security </li></ul><ul><li> </li></ul><ul><li>Nortan Antivirus </li></ul><ul><li> </li></ul>
  29. 37. Part Two O thers Data Security Issue
  30. 38. Topic to be covered <ul><li>Encryption </li></ul><ul><li>Firewall </li></ul><ul><li>Authentication </li></ul><ul><li>Virtual Private Network (VPN) </li></ul><ul><li>Digital Certificate </li></ul><ul><li>Digital Signature </li></ul><ul><li>Certification Authorities </li></ul><ul><li>On-Line Security Assistants </li></ul>
  31. 39. Encryption <ul><li>The translation of data into a secret code. Encryption is the most effective way to achieve data security. </li></ul><ul><li>To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. </li></ul><ul><li>Unencrypted data is called plain text; encrypted data is referred to as cipher text. </li></ul><ul><li>There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption. </li></ul>
  32. 40. Sample Diagram for Encryption
  33. 41. Firewall <ul><li>A combination of hardware and software that secures access to and from the LAN. </li></ul><ul><li>A firewall blocks unwanted access to the protected network while giving the protected network access to networks outside of the firewall. </li></ul><ul><li>An organization will typically install a firewall to give users access to the internet while protecting their internal information. </li></ul>
  34. 42. Sample usage of Firewall
  35. 43. Authentication <ul><li>Determines a user's identity, as well as determining what a user is authorized to access. </li></ul><ul><li>The most common form of authentication is user name and password, although this also provides the lowest level of security. </li></ul><ul><li>VPNs use digital certificates and digital signatures to more accurately identify the user. </li></ul>
  36. 44. Sample Authentication
  37. 45. Virtual Private Network <ul><li>A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. </li></ul><ul><li>The idea of the VPN is to give the company the same capabilities at much lower cost by using the shared public infrastructure rather than a private one. </li></ul>
  38. 46. Tunneling Protocol <ul><li>A tunneling protocol is a network protocol which encapsulates one protocol or session inside another. Protocol A is encapsulated within protocol B, such that A treats B as though it were a data link layer. </li></ul><ul><li>Tunneling is used to get data between administrative domains which use a protocol that is not supported by the internet connecting those domains. </li></ul>
  39. 47. VPNs Scenarios <ul><li>Internet VPN </li></ul><ul><ul><li>Over the public access Internet </li></ul></ul><ul><ul><li>Connect remote office across the Internet </li></ul></ul><ul><ul><li>Connect remote dialup users to their home gateway through ISP: known as VPDN </li></ul></ul><ul><li>Intranet VPN </li></ul><ul><ul><li>Within an enterprise or organization that might or might not involve traffic traversing a WAN </li></ul></ul><ul><li>Extranet VPN </li></ul><ul><ul><li>Between two or more separate entities that can involve data traversing the Internet or some other WAN </li></ul></ul>
  40. 48. Sample usage of VPN
  41. 49. Why should use VPN? <ul><li>Data confidentiality </li></ul><ul><ul><li>Encrypt the packets before transmitting across the network </li></ul></ul><ul><li>Data Integrity </li></ul><ul><ul><li>Authenticate peers and examine packets ensuring that data has not been altered during transmission </li></ul></ul><ul><li>Data origin authentication </li></ul><ul><ul><li>Authenticate the source of data sent </li></ul></ul><ul><ul><li>Depend on data integrity service </li></ul></ul><ul><li>Anti-replay </li></ul><ul><ul><li>Detect and reject replayed packets preventing spoofing and MITM attacks </li></ul></ul>
  42. 50. Digital Certificate <ul><li>Electronic counterparts to driver licenses, passports. </li></ul><ul><li>Certificates are the framework for identification information, and bind identities with public keys. </li></ul><ul><li>They provide a foundation for </li></ul><ul><ul><ul><li>identification , </li></ul></ul></ul><ul><ul><ul><li>authentication and </li></ul></ul></ul><ul><ul><ul><li>non-repudiation. </li></ul></ul></ul><ul><li>Enable individuals and organizations to secure business and personal transactions across communication networks. </li></ul>
  43. 51. Types of Certificates <ul><li>Root or Authority certificates </li></ul><ul><li>These are self signed by the CA that created them </li></ul><ul><li>Institutional authority certificates </li></ul><ul><li>Also called as “campus certificates” </li></ul><ul><li>Client certificates </li></ul><ul><li>These are also known as end-entity </li></ul><ul><li>certificates, identity certificates,or personal </li></ul><ul><li>certificates. </li></ul><ul><li>Web server certificates </li></ul><ul><li>used for secure communications to and from </li></ul><ul><li>Web servers </li></ul>
  44. 52. Sample of Digital Certificate
  45. 53. Content of Digital Certificate <ul><li>Version </li></ul><ul><li>Serial number </li></ul><ul><li>Certificate issuer </li></ul><ul><li>Certificate holder </li></ul><ul><li>Validity period Attributes, known as certificate extensions, that contain additional information such as allowable uses for this certificate </li></ul><ul><li>Digital signature from the certification authority to ensure that the certificate has not been altered and to indicate the identity of the issuer </li></ul><ul><li>And other… </li></ul>
  46. 54. Digital Signature <ul><li>An electronic signature that can be used to authenticate the identity of the sender of a message, or of the signer of a document. </li></ul><ul><li>It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. </li></ul>
  47. 55. How Digital Signature Work?
  48. 56. Digital Certificate Sample
  49. 57. Verisign Certificate Sample
  50. 58. Certification Authority <ul><li>A third party organization which is used to confirm the relationship between a party to the https transaction and that party's public key. </li></ul><ul><li>Certification authorities may be widely known and trusted institutions for Internet based transactions; where https is used on companies internal networks, an internal department within the company may fulfill this role. </li></ul>
  51. 59. How CA Work?
  52. 60. Some Famous CAs <ul><li>Verisign ( </li></ul><ul><li>Europki ( </li></ul><ul><li>CyberTrust ( </li></ul><ul><li>And many more… </li></ul>
  53. 64. On Line Security Assistant <ul><li>The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. Following the Morris worm incident, which brought 10 percent of internet systems to a halt in November 1988, the Defense Advanced Research Projects Agency (DARPA) charged the SEI with setting up a center to coordinate communication among experts during security emergencies and to help prevent future incidents. This center was named the CERT Coordination Center (CERT/CC) . </li></ul>
  54. 65. On Line Security Assistants
  55. 66. Area of work by CERT <ul><li>Software Assurance </li></ul><ul><li>Secure Systems </li></ul><ul><li>Organizational Security </li></ul><ul><li>Coordinated Response </li></ul><ul><li>Education and Training </li></ul>
  56. 67. Participation in Organizations <ul><li>Forum of Incident Response and Security Teams (FIRST) - The CERT/CC was a founding member of FIRST, which is a coalition of individual response teams around the world. </li></ul><ul><li>Internet Engineering Task Force (IETF) - The IETF is an international organization that is instrumental in developing internet standards. </li></ul><ul><li>National Security Telecommunications Advisory Committee's Network Security Information Exchange (NSTAC NSIE) - The NSTAC NSIE works to reduce vulnerabilities in critical infrastructures. </li></ul>
  57. 70. Myanmar Online Security
  58. 71. Thanks You!