Computer Systems Security


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Computer Systems Security

  1. 1. Computer Systems Security
  2. 2. Outline <ul><li>Computer Systems Security Introduction </li></ul><ul><li>Examples of Information Security </li></ul><ul><li>Identity Theft </li></ul><ul><li>Hackers </li></ul><ul><li>Types of threats </li></ul><ul><li>Botnets/Zombies </li></ul><ul><li>Securing your network </li></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><li>VPN </li></ul></ul><ul><ul><li>Email </li></ul></ul><ul><ul><li>Web </li></ul></ul><ul><ul><li>Wireless </li></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>Computers </li></ul></ul>
  3. 3. Computer Security / Information Security <ul><li>Protection of digital information from theft, corruption or natural disaster </li></ul><ul><li>What is being protected? </li></ul><ul><ul><li>Personal or Company Data </li></ul></ul><ul><ul><li>Credit card numbers </li></ul></ul><ul><ul><li>Bank Account Information </li></ul></ul><ul><ul><li>Company from sabotage </li></ul></ul><ul><ul><ul><li>Delete data </li></ul></ul></ul><ul><ul><ul><li>Alter websites </li></ul></ul></ul><ul><ul><ul><li>Denial of Service </li></ul></ul></ul><ul><ul><li>Use Computer Resources to attack others </li></ul></ul><ul><ul><ul><li>Hard disk space </li></ul></ul></ul><ul><ul><ul><li>Fast Processor </li></ul></ul></ul><ul><ul><ul><li>Internet Connection </li></ul></ul></ul>
  4. 4. Where Hackers Attack? What Hackers Do? <ul><li>Email </li></ul><ul><li>Web </li></ul><ul><li>Firewall </li></ul><ul><li>Network </li></ul><ul><li>Operating System / Application Vulnerabilities </li></ul><ul><li>Mobile </li></ul><ul><li>Telephone </li></ul><ul><li>Phishing </li></ul><ul><li>Spoofing </li></ul><ul><li>Keystroke logging </li></ul><ul><ul><li>Malware </li></ul></ul><ul><ul><ul><li>Virus - replicates through applications </li></ul></ul></ul><ul><ul><ul><li>Trojan horse – can create backdoor through application </li></ul></ul></ul><ul><ul><ul><li>Worms – doesn’t need to attach to any application (makes backdoor zombies) </li></ul></ul></ul><ul><ul><ul><li>Adware – Pop up advertising </li></ul></ul></ul><ul><ul><ul><li>Spyware - Monitors users surfing habits and degrades system performance </li></ul></ul></ul><ul><ul><ul><li>Rootkit – Hidden. Replaces system executables </li></ul></ul></ul><ul><ul><ul><li>Crimeware – Financial or Political crime. 2005: $30M in theft </li></ul></ul></ul>
  5. 5. Identity theft <ul><li>Fraud crime that involves someone pretending to be someone else in order to steal money or to get other benefits. </li></ul><ul><li>3.7 % of American adults are victims to identity theft. </li></ul><ul><ul><li>Stealing mail through dumpster diving </li></ul></ul><ul><ul><li>Retrieving info from disposed computers </li></ul></ul><ul><ul><li>Research internet about victim through internet searches or public records </li></ul></ul><ul><ul><li>Steals payment or id cards by skimming a compromised card reader or pick pocketing </li></ul></ul><ul><ul><li>Eavesdropping on public transactions (shoulder surfing) </li></ul></ul><ul><ul><li>Trojan horses, hacking </li></ul></ul><ul><ul><li>Data breach (post of personal info on web or mail) </li></ul></ul><ul><ul><li>Changing your address </li></ul></ul><ul><ul><li>Phishing </li></ul></ul>
  6. 6. Types of Hackers <ul><li>White Hat- breaks security for non-malicious reasons. Enjoys learning about computer security </li></ul><ul><li>Black Hat – Someone who is hacking for credit card fraud, identity theft, intellectual property theft. Crackers. </li></ul><ul><li>Script kiddie – non-expert who uses pre-packaged automated tools written by others. </li></ul><ul><li>Hacktivist – Uses technology to announce a social, ideological, religious, or political message. Defaces websites, DOS attacks. Cyberterrorism. </li></ul>
  7. 7. How the Hacker Attacks? <ul><li>Network enumeration – discover info about intended target (Port Scanner) </li></ul><ul><li>Vulnerability analysis – identifying potential ways of attack (Packet Sniffer) </li></ul><ul><li>Exploitation – attempting to compromise the system by vulnerabilities found in the analysis (Spoof, Virus, Spyware, Trojan Horse) </li></ul><ul><li>He makes himself a master </li></ul><ul><li>Covers his tracks by modifying log entries </li></ul><ul><li>Finds passwords by running a “dictionary attack” </li></ul><ul><li>Use of Trojan horses to find passwords through “login”, “telnet”, or “ftp” </li></ul><ul><li>Gives himself “root” privileges / system administrator </li></ul><ul><li>Install Sniffer programs to collect all passwords that come through system </li></ul><ul><li>Searches trusts on the network by searching the systems /etc/host.equiv and the users .rhosts files. </li></ul><ul><li>Once in, the intruder can install software, read, copy or erase data. </li></ul>
  8. 8. Botnets and Zombies <ul><li>Software Robots, or bots, that run autonomously and automaically. </li></ul><ul><li>Zombie computers are computers that were attacked to run software via worms, trojan horses or backdoors </li></ul><ul><li>Most zombie computer users are unaware their systems are being used this way. </li></ul><ul><ul><li>Zombies have been used to extensively send e-mail spam (50 – 80%) </li></ul></ul><ul><ul><li>Click fraud against sites displaying pay per click ads </li></ul></ul><ul><ul><li>Phishing or money mule recruiting websites </li></ul></ul><ul><ul><li>Distributed denial-of-service attacks </li></ul></ul>
  9. 9. Securing your Network
  10. 10. Encryption <ul><li>Uses an algorithm (cipher) to make data unreadable unless the receiver has a key </li></ul><ul><li>Diffusion and confusion principles </li></ul><ul><li>Over 70 % of companies use encryption for some of their data in transit </li></ul><ul><li>Network encryption </li></ul><ul><ul><li>Encryption with router </li></ul></ul><ul><ul><li>Encryption with safenet device </li></ul></ul>
  11. 11. Symmetric-key cryptography <ul><li>Single key encrypt/decrypt data </li></ul><ul><li>Keys are small </li></ul><ul><li>Algorithm are fast </li></ul><ul><li>Different keys are needed for each pair of users </li></ul><ul><li>DES, AES, Blowfish, CAST5 </li></ul><ul><li>Face-to-Face exchange of keys </li></ul>
  12. 12. Asymmetric Key Encryption / Public-Key cryptography <ul><li>Uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. </li></ul><ul><li>Diffie-Hellman key exchange – Protocol that allows 2 parties connection w/ Shared secret key over insecure communications channel. 1976 </li></ul><ul><li>RSA – algorithm for public-key cryptography. Signing and Encryption 1977 </li></ul><ul><li>Binds public keys with users with a certificate authority (CA) </li></ul><ul><li>Different keys are used to encrypt/decrypt (key pair) </li></ul><ul><li>Keys are large, Algorithms are slow </li></ul><ul><li>Public Key encryption – message is encrypted with recipient’s public key </li></ul><ul><li>Digital signatures – message signed with sender’s private key (need sender’s public key to decrypt) </li></ul><ul><li>PGP – Cryptographic software for secure communication and storage by binding public keys to user name and/or email address. </li></ul><ul><li>Common Examples: </li></ul><ul><li>Email encryption and/or sender authentication </li></ul><ul><li>Encryption of documents </li></ul><ul><li>Authentication (Smart cards) </li></ul><ul><li>Bootstrapping secure communication (IKE and SSL) </li></ul><ul><li>Mobile Signature </li></ul><ul><li>Examples: RSA, TLS, PGP, GPG, and ElGamal </li></ul>
  13. 13. Firewall Security <ul><li>Software and Hardware Firewalls </li></ul><ul><li>Methods of protection: </li></ul><ul><ul><li>Packet filtering </li></ul></ul><ul><ul><li>Proxy service </li></ul></ul><ul><ul><li>Stateful inspection </li></ul></ul><ul><li>Access Control Lists </li></ul><ul><ul><li>IP Addresses </li></ul></ul><ul><ul><li>Domain Names </li></ul></ul><ul><ul><li>Specific Words and phrases to sniff </li></ul></ul><ul><ul><li>Ports </li></ul></ul><ul><ul><li>Protocols </li></ul></ul><ul><ul><ul><li>IP, TCP, HTTP, FTP, UDP, ICMP, SMTP, SNMP, Telnet </li></ul></ul></ul><ul><li>Log monitoring </li></ul><ul><li>Updating and Patching </li></ul><ul><li>Vulnerability Testing </li></ul><ul><li>2 different firewalls for one network </li></ul><ul><li>VPN’s </li></ul>
  14. 14. Virtual private network <ul><li>VPNs play important role in today’s enterprises by providing the ability to deploy a simple, secure, scalable, robust, cost-effective networking solution. </li></ul><ul><li>Point to Point connection support multiple protocols. </li></ul><ul><li>VPN authentication and encrypted/cryptographic tunneling protocols provide confidentiality and privacy for user or site. </li></ul><ul><ul><ul><li>Router to router </li></ul></ul></ul><ul><ul><ul><li>Firewall to router </li></ul></ul></ul><ul><ul><ul><li>PC to router </li></ul></ul></ul><ul><ul><ul><li>PC to server </li></ul></ul></ul>
  15. 15. VPN Security <ul><li>Data Confidentiality </li></ul><ul><ul><li>IPsec VPN – Secures IP: IPSec has two encryption modes: tunnel and transport . Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. </li></ul></ul><ul><ul><li>Protocols: IKE (secure), AH (integrity), ESP (confidentiality) </li></ul></ul><ul><ul><li>L2TP – session layer tunneling protocol. (UDP 1701) </li></ul></ul><ul><ul><li>NAT – Masking IP </li></ul></ul><ul><ul><li>Data Integrity – checking if data is whole </li></ul></ul><ul><ul><li>AAA servers (authentication, authorization, and accounting) RADIUS </li></ul></ul><ul><ul><li>Software: </li></ul></ul><ul><ul><li>SSTP –VPN tunnel that supports Transport-level security through SSL 3.0 (port 443) – remote access for clients w/ 2008 and Vista. </li></ul></ul><ul><ul><li>Hardware: </li></ul></ul><ul><ul><li>Cisco/Netgear/Juniper/Checkpoint etc. – SSL VPN concentrator/client. Can use browser </li></ul></ul>
  16. 16. Email Security <ul><li>Email server </li></ul><ul><ul><li>S/MIME: public key encryption and signing with CA </li></ul></ul><ul><ul><li>TLS: security and data integrity </li></ul></ul><ul><ul><li>OpenPGP: web of trust, users sign each other’s public keys. </li></ul></ul><ul><ul><li>Identity based encryption – Uses arbitrary string as a public key, enabling data to be protected without the need for certificates. </li></ul></ul><ul><ul><li>Mail sessions encryption: no port change </li></ul></ul><ul><ul><ul><li>STARTTLS (IMAP and POP3) </li></ul></ul></ul>
  17. 17. Web Security SSL/TLS <ul><li>Cryptographic protocols for internet communications </li></ul><ul><li>The SSLv3 protocol was superseded by TLS </li></ul><ul><li>Used for HTTPS, SMTP etc. </li></ul><ul><li>Public Keys are distributed as X.509 certs </li></ul><ul><li>Uses Hierarchical systems (CA’s) for validation </li></ul>
  18. 18. Wireless Security <ul><li>Laptop wireless, Bluetooth, barcode readers, PDA’s, wireless printers/copiers. </li></ul><ul><li>Man-in-the-middle attacks – soft AP, 2 NIC’s, hotspots </li></ul><ul><li>DoS – bombards AP / EAP failures </li></ul><ul><li>Network injection – AP re-configuration </li></ul><ul><li>Caffe Latte attack – defeats WEP by floods of ARP requests </li></ul><ul><li>Counteracting risks </li></ul><ul><li>MAC ID filtering </li></ul><ul><li>Static IP addressing / no DHCP </li></ul><ul><li>Wi-Fi Protected Access (WPA/WPA2) </li></ul>
  19. 19. Wireless TKIP and CCMP Encryption Protocols <ul><li>TKIP vulnerability to a keystream recovery attack. </li></ul><ul><li>Counter Mode with Cipher Block Chaining Message Authentication Code Protocol </li></ul><ul><li>Mandatory for WPA2 </li></ul><ul><li>Replaces TKIP (protocol for WPA/WEP) </li></ul><ul><li>Advanced Encryption Standard (AES algorithm) – 128-bit key and 128-bit block </li></ul>
  20. 20. Advanced Encryption Standard <ul><li>SubBytes </li></ul><ul><li>Rijndael S-box lookup byte replacement </li></ul><ul><li>2. ShiftRows </li></ul><ul><li>Cyclically shift bytes to left (Diffusion) </li></ul><ul><li>3. MixColumns </li></ul><ul><li>Each column is multiplied with fixed polynomial (Diffusion) </li></ul><ul><li>AddRoundKey </li></ul><ul><li>Subkey is combined with the state (XOR) </li></ul>
  21. 21. Securing your computer <ul><li>Install and use anti-virus programs </li></ul><ul><li>User awareness </li></ul><ul><li>Keep your system patched </li></ul><ul><li>Don’t install software / plug ins from unknown sources </li></ul><ul><li>Use care when reading email attachments </li></ul><ul><li>Install and use a firewall program </li></ul><ul><li>Make backups of important files and folders </li></ul><ul><li>Use strong passwords </li></ul><ul><li>Use care when downloading and installing programs </li></ul><ul><li>Install and use a hardware Firewall </li></ul><ul><li>Install and use a file encryption program and access controls. </li></ul><ul><li>Social Networking Smarts </li></ul>
  22. 22. Securing Applications <ul><li>Login security </li></ul><ul><li>Use SSL on login/registration pages </li></ul><ul><li>Enforce: numbers, letters, punctuation, caps, symbols in password </li></ul><ul><li>Minimum number of characters in password </li></ul><ul><li>Store encrypted password with md5 or similar hash algorithm </li></ul><ul><li>Lockout account after 3 bad attempts </li></ul><ul><li>For a forgotten password – send out a password reset request, or a randomly generated password </li></ul><ul><li>  </li></ul><ul><li>User data </li></ul><ul><li>Encrypt any sensitive data such a passwords or credit card numbers </li></ul><ul><li>Grant users access to specific data via roles </li></ul><ul><li>  </li></ul><ul><li>Database </li></ul><ul><li>Use a specific database login for the website to use, don’t use SA. </li></ul><ul><li>Lock down access to tables and stored procedures using logins/roles. </li></ul><ul><li>Change default port that database runs on. </li></ul><ul><li>  </li></ul><ul><li>Systems </li></ul><ul><li>Possibly secure/encrypt any application configuration files which contain database login information. </li></ul><ul><li>More “physical” separation of layers (UI, Database) allows tighter control of security. </li></ul><ul><li>Keep up to date on patches. </li></ul><ul><li>Other </li></ul><ul><li>Keep an eye on bots / frequent multiple hits from a block of IP addresses. </li></ul><ul><li>Watch for SQL injection attacks. </li></ul><ul><li>Lock down ports not being used. </li></ul><ul><li>Make sure port 25 is not relaying. </li></ul>
  23. 23. Security Management <ul><li>Small homes </li></ul><ul><li>A basic firewall like COMODO Internet Security or a unified threat management system. </li></ul><ul><li>For Windows users, basic Antivirus software like AVG Antivirus , ESET NOD32 Antivirus , KasperSky , McAfee , or Norton AntiVirus . An anti-spyware program such as Windows Defender or Spybot would also be a good idea. There are many other types of antivirus or antispyware programs out there to be considered. </li></ul><ul><li>When using a wireless connection, use a robust password. Also try and use the strongest security supported by your wireless devices, such as WPA or WPA2. </li></ul><ul><li>Use passwords for all accounts. </li></ul><ul><li>Have multiple account per family member. Disable the guest account (Control Panel> Administrative Tools> Computer Management> Users). </li></ul><ul><li>Raise awareness about information security to children. [5] </li></ul><ul><li>Medium businesses </li></ul><ul><li>A fairly strong firewall or Unified Threat Management System </li></ul><ul><li>Strong Antivirus software and Internet Security Software. </li></ul><ul><li>For authentication , use strong passwords and change it on a bi-weekly/monthly basis. </li></ul><ul><li>When using a wireless connection, use a robust password. </li></ul><ul><li>Raise awareness about physical security to employees. </li></ul><ul><li>Use an optional network analyzer or network monitor. </li></ul><ul><li>It's important that company need an enlightened administrator or manager. </li></ul><ul><li>Large businesses </li></ul><ul><li>A strong firewall and proxy to keep unwanted people out. </li></ul><ul><li>A strong Antivirus software package and Internet Security Software package. </li></ul><ul><li>For authentication , use strong passwords and change it on a weekly/bi-weekly basis. </li></ul><ul><li>When using a wireless connection, use a robust password. </li></ul><ul><li>Exercise physical security precautions to employees. </li></ul><ul><li>Prepare a network analyzer or network monitor and use it when needed. </li></ul><ul><li>Implement physical security management like closed circuit television for entry areas and restricted zones. </li></ul><ul><li>Security fencing to mark the company's perimeter. </li></ul><ul><li>Fire extinguishers for fire-sensitive areas like server rooms and security rooms. </li></ul><ul><li>Security guards can help to maximize security. </li></ul><ul><li>School </li></ul><ul><li>An adjustable firewall and proxy to allow authorized users access from the outside and inside. </li></ul><ul><li>Strong Antivirus software and Internet Security Software packages. </li></ul><ul><li>Wireless connections that lead to firewalls . </li></ul><ul><li>Children's Internet Protection Act compliance. </li></ul><ul><li>Supervision of network to guarantee updates and changes based on popular site usage. </li></ul><ul><li>Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources. </li></ul><ul><li>Large Government </li></ul><ul><li>A strong firewall and proxy to keep unwanted people out. </li></ul><ul><li>Strong Antivirus software and Internet Security Software suites. </li></ul><ul><li>Strong encryption , usually with a 256 bit key. </li></ul><ul><li>Whitelist authorized wireless connection, block all else. </li></ul><ul><li>All network hardware is in secure zones. </li></ul><ul><li>All host should be on a private network that is invisible from the outside. </li></ul><ul><li>Put all servers in a DMZ , or a firewall from the outside and from the inside. </li></ul><ul><li>Security fencing to mark perimeter and set wireless range to this. </li></ul>
  24. 24. Computer Security Compromise Action <ul><li>Unplug Network / Disable wireless / Turn off computer </li></ul><ul><li>Research behavior </li></ul><ul><li>Block IP on Firewall </li></ul><ul><li>Scan Computer and Network </li></ul><ul><li>Fix the problem or reformat </li></ul><ul><li>Who is it? </li></ul><ul><ul><li>Logs </li></ul></ul><ul><ul><li>Application </li></ul></ul><ul><ul><li>Firewall </li></ul></ul><ul><ul><li>Email header </li></ul></ul><ul><ul><li>nslookup </li></ul></ul><ul><ul><li>Netstat –an </li></ul></ul><ul><ul><li>whois / netsol </li></ul></ul>