SlideShare a Scribd company logo

Protect Your Organization with Information Security

David Joao Vieira Carvalho
David Joao Vieira Carvalho
1 of 19
Download to read offline
1 The Need for Security 2 Functions of Information Security  Protects the organization‘s ability to function  Enables the safe operation of applications implemented on the organization‘s IT systems  Protects the data the organization collects and uses  Safeguards the technology assets in use at the organization 3 Why We Need Information Security?  Because there are threats 4 Threats  A threat is an object, person, or other entity that represents a constant danger to an asset  Threat agent 5 Threats  The 2007 CSI survey  494 computer security practitioners  46% sufered security incidents  29% reported to law enforcement  Average annual loss $350,424  1/5 suffered ‗targeted attack‘  The source of the greatest financial losses?  Most prevalent security problem  Insider abuse of network access  Email 6 Threat Categories  Acts of human error or failure  Compromises to intellectual property  Deliberate acts of espionage or trespass  Deliberate acts of information extortion  Deliberate acts of sabotage or vandalism  Deliberate acts of theft  Deliberate software attack  Forces of nature  Deviations in quality of service  Technical hardware failures or errors  Technical software failures or errors  Technological obsolesce
2 7 Acts of Human Error or Failure 8 Acts of Human Error or Failure  Includes acts done without malicious intent  Caused by:  Inexperience  Improper training  Incorrect assumptions  Other circumstances  Employees are greatest threats to information security 9 Acts of Human Error or Failure  Employee mistakes can easily lead to the following:  revelation of classified data  entry of erroneous data  accidental deletion or modification of data  storage of data in unprotected areas  failure to protect information  Many of these threats can be prevented with controls 10 Deliberate Acts of Theft  Illegal taking of another‘s property - physical, electronic, or intellectual  The value of information suffers when it is copied and taken away without the owner‘s knowledge  Physical theft can be controlled  a wide variety of measures used from locked doors to guards or alarm systems  Electronic theft is a more complex problem to manage and control  organizations may not even know it has occurred 11 Deviations in Quality of Service by Service Providers  Situations of product or services not delivered as expected  Information system depends on many inter-dependent support systems  Three sets of service issues that dramatically affect the availability of information and systems are  Internet service  Communications  Power irregularities 12 Internet Service Issues  Loss of Internet service can lead to considerable loss in the availability of information  organizations have sales staff and telecommuters working at remote locations  When an organization outsource its web servers, the outsourcer assumes responsibility for  All Internet Services  The hardware and operating system software used to operate the web site
3 13 Power Irregularities Voltage levels can increase, decrease, or cease:  spike – momentary increase  surge – prolonged increase  sag – momentary low voltage  brownout – prolonged drop  fault – momentary loss of power  blackout – prolonged loss  Electronic equipment is susceptible to fluctuations, controls can be applied to manage power quality  Surge protector  UPS 14 Communications and Other Services  Other utility services have potential impact  Among these are  telephone  water & wastewater  trash pickup  cable television  natural or propane gas  custodial services  The threat of loss of services can lead to inability to function properly 15 Forces of Nature  Forces of nature, or acts of God are dangerous because they are unexpected and can occur with very little warning  Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information  Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation  Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations 16 Compromises to Intellectual Property  ―the ownership of ideas and control over the tangible or virtual representation of those ideas‖  Many organizations are in business to create intellectual property  trade secrets  Copyrights  trademarks  Patents Trade Secret  Definition  any valuable business information that is not generally known and is subject to reasonable efforts to preserve confidentiality  Protected from exploitation by  those who either obtain access through improper means  those who obtain the information from one who they know or should have known gained access through improper means  those who breach a promise to keep the information confidential  Fragile 17 Trade Secret  Uniform Trade Secret Act  Drafted by the National Conference of Commissioners on Uniform State Laws in 1970  Amended in 1985  Recent case  http://edition.cnn.com/2007/LAW/05/23/coca.c ola.sentencing/ 18
4 Copyright  Definition  a form of intellectual property protection that granted by the federal government  a copyright is provided to the authors of ―original works of authorship‖  regardless of whether the work has been published  regardless of whether the work has been registered 19 Copyright  Work protected  Literature  Music  Dramatic  Pantomimes or choreography  Pictorial, graphical or sculptural  Motion picture and audiovisual  Sound recording  Architectural  A copyright protects only the form of expression 20 Copyright  Laws and regulations  Digital Millennium Copyright Act  Recent case  http://www.techspot.com/news/28301- torrentspy-loses-copyright-infringement- lawsuit.html  Exemption  http://www.securityfocus.com/brief/365 21 Trademarks  Definition  A ―trademark‖ (which relates to goods) and a ―service mark‖ (which relates to services) can be any word, name, symbol, or device, or any combination, used, or intended to be used, in commerce.  To acquire federal trademark rights  start using the slogan, name or logo in commerce (i.e., some kind of commercial use) and then subsequently file a trademark application  or  file an intent to use application which will lock in your filing date but which does not require immediate use 22 Trademarks  Laws  U.S. Trademark Law  Case  http://cyber.law.harvard.edu/property00/domain /SportyShort.html 23 Patents  Definition  A patent is a proprietary right granted by the Federal government to an inventor who files a patent application with the United States Patent Office.  Three types of patents  Utility patent  covers the functional aspects of products and processes  Design patent  covers the ornamental design of useful objects  Plant patent  covers a new variety of living plant  protect inventions and methods that exhibit patentable subject matter  http://www.pcmag.com/article2/0,1895,2125974,00.asp  http://www.engadget.com/2009/02/25/microsoft-files-patent-lawsuit- against-tomtom-over-linux-based-g/ 24
5 25 Software Piracy  Most common IP breaches involve software piracy  Watchdog organizations investigate:  Software & Information Industry Association (SIIA)  Business Software Alliance (BSA)  Enforcement of copyright has been attempted with technical security mechanisms  26 Compromise to Intellectual Property  Copyright reminder 27 Compromise to Intellectual Property  License Agreement Window 28 Compromise to Intellectual Property 29 Espionage/Trespass  Broad category of activities that breach confidentiality  Unauthorized accessing of information  Competitive intelligence vs. espionage  Shoulder surfing, hidden camera, etc  Controls implemented to mark the boundaries of an organization‘s virtual territory giving notice to trespassers that they are encroaching on the organization‘s cyberspace 30
6 31 Espionage/Trespass  What is a hacker?  a person who illegally gains access to and sometimes tampers with information in a computer system  an expert at programming and solving problems with a computer 32 Espionage/Trespass  Generally two skill levels among hackers:  Expert hacker  develops software scripts and codes exploits  usually a master of many skills  will often create attack software and share with others  Script kiddies  hackers of limited skill  use expert-written software to exploit a system  do not usually fully understand the systems they hack  Other terms for system rule breakers:  Cracker - an individual who ―cracks‖ or removes protection designed to prevent unauthorized duplication  Phreaker - hacks the public telephone network 33 Information Extortion  Information extortion is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use  Extortion found in credit card number theft 34 Technical Hardware Failures or Errors  Technical hardware failures or errors occur when a manufacturer distributes to users equipment containing flaws  Intel Pentium II processor  These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability  Some errors are terminal, in that they result in the unrecoverable loss of the equipment  Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated 35 Technical Software Failures or Errors  This category of threats comes from purchasing software with unrevealed faults  Large quantities of computer code are written, debugged, published, and sold only to determine that not all bugs were resolved  Sometimes, unique combinations of certain software and hardware reveal new bugs  Sometimes, these items aren‘t errors, but are purposeful shortcuts left by programmers for honest or dishonest reasons 36 Technological Obsolescence  When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems  Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks  Ideally, proper planning by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action
7 37 Deliberate Act of Sabotage or Vandalism  Individual or group who want to deliberately sabotage the operations of a computer system or business, or perform acts of vandalism to either destroy an asset or damage the image of the organization  These threats can range from petty vandalism to organized sabotage  Organizations rely on image so Web defacing can lead to dropping consumer confidence and sales  Rising threat of hacktivist or cyber-activist operations – the most extreme version is cyber-terrorism 38 Deliberate Software Attacks  When an individual or group designs software to attack systems, they create malicious code/software called malware  Designed to damage, destroy, or deny service to the target systems  Mainly targeting Windows OS  http://stason.org/TULARC/os/linux.virus.html  http://www.sophos.com/pressoffice/news/articl es/2006/02/macosxleap.html Deliberate Software Attack  Includes:  macro virus  boot virus  worms  Trojan horses  logic bombs  back door or trap door  denial-of-service attacks  polymorphic  hoaxes 39 40 Virus  A virus is a computer program that copies itself from file to file and typically performs malicious or nuisance attacks on the infected system  Upon activation, copies its code into one or more larger programs  Hard to detect as well as hard to destroy or deactivate Symptoms of Virus  Computer runs slower then usual  Computer no longer boots up  Screen sometimes flicker  PC speaker beeps periodically  System crashes for no reason  Files/directories sometimes disappear  Denial of Service (DoS)  Display some strange message on the screen 41 42 HI Virus The Hi virus was submitted in August, 1992. It is originally from Eastern Europe. Hi is a memory resident infector of .EXE programs. When the first Hi infected program is executed, the Hi virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 1,024 bytes. Interrupt 21 will be hooked by the virus. Once the Hi virus is memory resident, it will infect .EXE programs when they are executed. Infected programs will have a file length increase of 460 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text string can be found near the end of all infected programs: "Hi"
8 Worms  Spread over network connection  Worms replicate  First worm released on the Internet was called Morris worm, it was released on Nov 2, 1988. Worms  Bubbleboy Discovery Date: 11/8/1999 Origin: Argentina (?) Length: 4992 Type: Worm/Macro SubType: VbScript Risk Assessment: Low Category: Stealth/Companion Worms  Bubbleboy  requires WSL (windows scripting language), Outlook or Outlook Express, and IE5  Does not work in Windows NT  Effects Spanish and English version of Windows  2 variants have been identified  Is a ―latent virus‖ on a Unix or Linux system  May cause DoS Worms  How Bubbleboy works  Bubbleboy is embedded within an email message of HTML format.  a VbScript while the user views a HTML page  a file named ―Update.hta‖ is placed in the start up directory  upon reboot Bubbleboy executes Worms  How Bubbleboy works  changes the registered owner/organization  HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionRegisteredOwner = ―Bubble Boy‖  HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionRegisteredOrganization = ―Vandalay Industry‖  using the Outlook MAPI address book it sends itself to each entry  marks itself in the registry  HKEY_LOCAL_MACHINESoftwareOutlook.bubbleboy = ―OUTLOOK.Bubbleboy1.0 by Zulu‖ 48 Trojan Horse  A Trojan Horse is any program in which malicious or harmful code is contained inside of what appears to be a harmless program  Malicious intent  Edit programs even registry information  Delete files  Set the computer as an FTP server  Obtain password  Spy  Usually doesn‘t reproduce
9 49 Trojan Horse  Back Orifice Discovery Date: 10/15/1998 Origin: Pro-hacker Website Length: 124,928 Type: Trojan SubType: Remote Access Risk Assessment: Low Category: Stealth Trojan Horse  About Back Orifice  requires Windows to work  distributed by ―Cult of the Dead Cow‖  similar to PC Anywhere, Carbon Copy software  allows remote access and control of other computers  install a reference in the registry  once infected, runs in the background  by default uses UDP port 54320 TCP port 54321  In Australia 72% of 92 ISP surveyed were infected with Back Orifice Trojan Horse  Features of Back Orifice  pings and query servers  reboot or lock up the system  list cached and screen saver password  display system information  logs keystrokes  edit registry  server control  receive and send files  display a message box Macro  Specific to certain applications  Comprise a high percentage of the viruses  Usually made in WordBasic and Visual Basic for Applications (VBA)  Microsoft shipped ―Concept‖, the first macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995 Macro  Melissa Discovery Date: 3/26/1999 Origin: Newsgroup Posting Length: varies depending on variant Type: Macro/Worm Subtype: Macro Risk Assessment: High Category: Companion
10 Macro  Melissa  requires WSL, Outlook or Outlook Express Word 97 SR1 or Office 2000  105 lines of code (original variant)  received either as an infected template or email attachment  lowers computer defenses to future macro virus attacks  may cause DoS  infects template files with it’s own macro code  80% of of the 150 Fortune 1000 companies were affected Macro  How Melissa works  the virus is activated through a MS word document  document displays reference to pornographic websites while macro runs  1st lowers the macro protection security setting for future attacks  checks to see is it has run in current session before  HKEY_LOCAL_MACHINESoftwareMicrosoftOfficeMelis sa = ―by Kwyjibo‖  propagates itself using the Outlook MAPI address book (emails sent to the first 50 addresses) Macro  How Melissa works  infects the Normal.dot template file with it‘s own code  Lastly if the minutes of the hour match up to the date the macro inserts a quote by Bart Simpson into the current document  ―Twenty two points, plus triple word score, plus fifty points for using all my letters. Game‘s over. I‘m outta here.‖ 58 Back Door/Trap Door  Payload of virus, worm, Trojan horse  Allow the attacker to access the system at will with special privileges  Back Orifice and Subseven 59 Polymorphism Boot Virus  Most difficult to remove 60
11 Logical Bomb  ―explosion‖ based on ―logic‖ 61 Spyware: what is it?  spyware is programming that is put in your computer to ―spy‖ on you  adware pushes ads, track Internet habits and performs other sneaky tricks 62 Spyware: how do you know when you have it?  Computers slow down to a crawl  Annoying Pop-ups appear  Browser Start Page changes  Unwanted toolbars, tray programs  New programs are installed on your PC and show up on the desktop 63 Cases of Spyware Infection 64 65 Spybot in action Here
12 MALWARE BASED ATTACK How bad guys get malware onto your computer? How does malware spread from one computer to the whole network? 67 IP Scan and Attack 69 Web Browsing  Attacker makes all Web content files infectious, so that users who browse to those pages become infected 70 Email  http://www.ikeafans.com/blog/phony-ikea- email-contains-netsky-worm/ 71 Network Space  Unprotected share  Public file server 72 P-2-P Download  Attractive names  Avril_latest_album.exe, … 73
13 74 W32/Netsky.p@MM  Email propogation  The worm exploits the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2), to automatically execute the virus on vulnerable systems.  P2P propogation  Emule, edonkey, kazaa, icq  Copy to the directory  1001 Sex and more.rtf.exe, 3D Studio Max 6 3dsmax.exe, ACDSee 10.exe, Adobe Photoshop 10 crack.exe, Adobe Photoshop 10 full.exe, Ahead Nero 8.exe, Altkins Diet.doc.exe, American Idol.doc.exe, Arnold Schwarzenegger.jpg.exe, Best Matrix Screensaver new.scr, Britney sex xxx.jpg.exe, … 75 Virus and Worm Hoaxes A More Creative Way  http://isc.sans.org/diary.html?storyid=5797 76 78 Password-related Attacks  Password Crack - Attempting to reverse calculate a password  Brute Force - The application of computing and network resources to try every possible combination of options of a password  Dictionary - The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses 79 Brute Force Attack 80 Dictionary Attack
14 81 Spam  Spam - unsolicited commercial e-mail - while many consider spam a nuisance rather than an attack, it is emerging as a vector for some attacks  http://www.spamlaws.com/spam-laws.html  http://www.msnbc.msn.com/id/18955115/ wid/11915829?GT1=9951  http://technology.timesonline.co.uk/tol/new s/tech_and_web/article5598661.ece 82 Spam Spam  2.4m: the number of spam emails MSN says it blocks daily  $100bn: cost of computer repairs and lost productivity this year 71%: of email users filter spam  51%: of internet users say they have lost trust in email because of spam  $5.5m: the amount MySpace won from TheGlobe.com in spam compensation in February 83 84 Spoofing  Spoofing - technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host  Email spoofing 85 DoS  Denial-of-service (DoS) –  Attacks that prevent the system from processing or responding to legitimate traffic or requests from resources and objects  Most common form  attacker sends a large number of data packets to a target  Server cannot process them all  Other forms  exploiting a known fault or vulnerability in an operating system or application  often result in a system crash, or 100% CPU utilization 86 DoS (Cont‘d)  Possible consequences  System crashes  System reboots  Data corruption  Blockage of services  No known means by which DoS attack can be prevented  Normally impossible to trace back to the origin
15 87 DoS (Cont‘d)  Mail-bombing - an attacker routes large quantities of e-mail to the target Example on How to Launch a DOS Attack 88 89 DDoS (Distributed Denial of Service)  An attack in which a coordinated stream of requests is launched against a target from many locations at the same time 90 DRDoS (Distributed Reflective Denial of Service)  Take advantage of the normal operation mechanisms of key Internet services  DNS, router update protocols, etc  Used by the infamous ―Mafia Boy‖ who took down cnn.com, yahoo.com, amazon.com and ebay.com 91 DRDoS 92 Other Forms of DoS  Error in operating systems, services, and applications.
16 93 One Example of DoS Attack  SYN flood attack 94 95 Sniffer  A program and/or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information from a network 96 Sniffer 97 Man-in-the-Middle Attack  Man-in-the-Middle - an attacker sniffs packets from the network, modifies them, and inserts them back into the network 98 Attack Descriptions  Buffer Overflow –  application error occurs when more data is sent to a buffer than it can handle  when the buffer overflows, the attacker can make the target system execute instructions, or the attacker can take advantage of some other unintended consequence of the failure
17 99 Social Engineering  The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker 100 Attack Descriptions  ―People are the weakest link‖ 101 102 Phishing Phishing in Action (HSBC) 103 104
18 Anti-Phishing Working Group 105 http://www.antiphishing.org/ Pharming Out-Scams Phishing First came Phishing, in which con artists hooked unwary Internet users one by one into compromising their personal data Pharmers can scoop up many victims in a single pass 106 What is Pharming? New use for a relatively old concept: domain spoofing Pharmers simply redirect as many users as possible from legitimate commercial websites to malicious ones 107 Pharming most alarming threat DNS poisoning Large group of users to be silently shuttled to a bogus website even when typing in the correct URL You no longer have to click a URL link to hand over your information to identity thieves 108 Certificate Mismatch 109 Industry Approach - Phishing  Based on social engineering – Self defense relies on common sense of the user  The automated detection of new Phishing fraud is very difficult  Only an extensive forensic analysis by law enforcement can prove the evidence of Phishing  Try to mitigate by  URL blocking of known URLs of Phishing websites  Spam blocking of emails of Phishing scams that are sent en mass 110
19 Industry Approach - Pharming  Browsers that could authenticate website identity. (CardSpace, OpenID)  Browser toolbars displaying the true physical location of a website's host (e.g. Russia)  Some financial institutions are experimenting with "multi-factor authentication" logins, including:  single-use passwords (e.g. tokens)  automatic telephone call-backs 111 Security Recommendations  Do not open e-mail attachments unless you know the source and are expecting the attachment  Do not reply to the e-mail from an unknown source  Do not click on entrusted hyperlinks to the Internet  Do not download unapproved software from the Internet  Do not respond or visit the website indicated by an instant message or e-mail  Do not give out personal information over the Internet  Before revealing any identifying information, ask how it will be used and secured. 112  ―People are the weakest link. You can have the best technology; firewalls, intrusion- detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.‖ — Kevin Mitnick 113 Brick Attack  the best configured firewall in the world can‘t stand up to a well placed brick 114 115 Timing Attack  Timing Attack –  relatively new  works by exploring the contents of a web browser‘s cache  can allow collection of information on access to password- protected sites  another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms 116 Legal Attack  Attacks that use the legal system  Persuade a judge and jury that there could be a flaw in the system.

Recommended

Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Business Value of Security and Control
Business Value of Security and ControlBusiness Value of Security and Control
Business Value of Security and ControlSyama Raveendran
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systemsProf. Othman Alsalloum
 

Recommended

Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Business Value of Security and Control
Business Value of Security and ControlBusiness Value of Security and Control
Business Value of Security and ControlSyama Raveendran
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systemsProf. Othman Alsalloum
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptWilsonWanjohi5
 

More Related Content

What's hot

Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 

What's hot (20)

Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
 
Information security
Information securityInformation security
Information security
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
 
12 security policies
12 security policies12 security policies
12 security policies
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Information Security
Information SecurityInformation Security
Information Security
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Topic11
Topic11Topic11
Topic11
 

Similar to Protect Your Organization with Information Security

Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptWilsonWanjohi5
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptRamaNingaiah
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIan Dave Balatbat
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptssuser6c59cb
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
obrien13e_chap011.ppt
obrien13e_chap011.pptobrien13e_chap011.ppt
obrien13e_chap011.pptPradeep513562
 
Securing Management Information Systems.ppt
Securing Management Information Systems.pptSecuring Management Information Systems.ppt
Securing Management Information Systems.pptRoshni814224
 
08 -Securing Information Systems at workplace.ppt
08 -Securing Information Systems at workplace.ppt08 -Securing Information Systems at workplace.ppt
08 -Securing Information Systems at workplace.pptRoshni814224
 
Chapter 9 security privacy csc
Chapter 9 security privacy cscChapter 9 security privacy csc
Chapter 9 security privacy cscHisyam Rosly
 

Similar to Protect Your Organization with Information Security (20)

Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
SHAILENDRA.ppt
SHAILENDRA.pptSHAILENDRA.ppt
SHAILENDRA.ppt
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
IT-Presentation.pptx
IT-Presentation.pptxIT-Presentation.pptx
IT-Presentation.pptx
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
obrien13e_chap011.ppt
obrien13e_chap011.pptobrien13e_chap011.ppt
obrien13e_chap011.ppt
 
Securing Management Information Systems.ppt
Securing Management Information Systems.pptSecuring Management Information Systems.ppt
Securing Management Information Systems.ppt
 
08 -Securing Information Systems at workplace.ppt
08 -Securing Information Systems at workplace.ppt08 -Securing Information Systems at workplace.ppt
08 -Securing Information Systems at workplace.ppt
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Unit v
Unit vUnit v
Unit v
 
Chapter 9 security privacy csc
Chapter 9 security privacy cscChapter 9 security privacy csc
Chapter 9 security privacy csc
 
MIS chap # 9.....
MIS chap # 9.....MIS chap # 9.....
MIS chap # 9.....
 

Protect Your Organization with Information Security

  • 1. 1 The Need for Security 2 Functions of Information Security  Protects the organization‘s ability to function  Enables the safe operation of applications implemented on the organization‘s IT systems  Protects the data the organization collects and uses  Safeguards the technology assets in use at the organization 3 Why We Need Information Security?  Because there are threats 4 Threats  A threat is an object, person, or other entity that represents a constant danger to an asset  Threat agent 5 Threats  The 2007 CSI survey  494 computer security practitioners  46% sufered security incidents  29% reported to law enforcement  Average annual loss $350,424  1/5 suffered ‗targeted attack‘  The source of the greatest financial losses?  Most prevalent security problem  Insider abuse of network access  Email 6 Threat Categories  Acts of human error or failure  Compromises to intellectual property  Deliberate acts of espionage or trespass  Deliberate acts of information extortion  Deliberate acts of sabotage or vandalism  Deliberate acts of theft  Deliberate software attack  Forces of nature  Deviations in quality of service  Technical hardware failures or errors  Technical software failures or errors  Technological obsolesce
  • 2. 2 7 Acts of Human Error or Failure 8 Acts of Human Error or Failure  Includes acts done without malicious intent  Caused by:  Inexperience  Improper training  Incorrect assumptions  Other circumstances  Employees are greatest threats to information security 9 Acts of Human Error or Failure  Employee mistakes can easily lead to the following:  revelation of classified data  entry of erroneous data  accidental deletion or modification of data  storage of data in unprotected areas  failure to protect information  Many of these threats can be prevented with controls 10 Deliberate Acts of Theft  Illegal taking of another‘s property - physical, electronic, or intellectual  The value of information suffers when it is copied and taken away without the owner‘s knowledge  Physical theft can be controlled  a wide variety of measures used from locked doors to guards or alarm systems  Electronic theft is a more complex problem to manage and control  organizations may not even know it has occurred 11 Deviations in Quality of Service by Service Providers  Situations of product or services not delivered as expected  Information system depends on many inter-dependent support systems  Three sets of service issues that dramatically affect the availability of information and systems are  Internet service  Communications  Power irregularities 12 Internet Service Issues  Loss of Internet service can lead to considerable loss in the availability of information  organizations have sales staff and telecommuters working at remote locations  When an organization outsource its web servers, the outsourcer assumes responsibility for  All Internet Services  The hardware and operating system software used to operate the web site
  • 3. 3 13 Power Irregularities Voltage levels can increase, decrease, or cease:  spike – momentary increase  surge – prolonged increase  sag – momentary low voltage  brownout – prolonged drop  fault – momentary loss of power  blackout – prolonged loss  Electronic equipment is susceptible to fluctuations, controls can be applied to manage power quality  Surge protector  UPS 14 Communications and Other Services  Other utility services have potential impact  Among these are  telephone  water & wastewater  trash pickup  cable television  natural or propane gas  custodial services  The threat of loss of services can lead to inability to function properly 15 Forces of Nature  Forces of nature, or acts of God are dangerous because they are unexpected and can occur with very little warning  Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information  Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation  Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations 16 Compromises to Intellectual Property  ―the ownership of ideas and control over the tangible or virtual representation of those ideas‖  Many organizations are in business to create intellectual property  trade secrets  Copyrights  trademarks  Patents Trade Secret  Definition  any valuable business information that is not generally known and is subject to reasonable efforts to preserve confidentiality  Protected from exploitation by  those who either obtain access through improper means  those who obtain the information from one who they know or should have known gained access through improper means  those who breach a promise to keep the information confidential  Fragile 17 Trade Secret  Uniform Trade Secret Act  Drafted by the National Conference of Commissioners on Uniform State Laws in 1970  Amended in 1985  Recent case  http://edition.cnn.com/2007/LAW/05/23/coca.c ola.sentencing/ 18
  • 4. 4 Copyright  Definition  a form of intellectual property protection that granted by the federal government  a copyright is provided to the authors of ―original works of authorship‖  regardless of whether the work has been published  regardless of whether the work has been registered 19 Copyright  Work protected  Literature  Music  Dramatic  Pantomimes or choreography  Pictorial, graphical or sculptural  Motion picture and audiovisual  Sound recording  Architectural  A copyright protects only the form of expression 20 Copyright  Laws and regulations  Digital Millennium Copyright Act  Recent case  http://www.techspot.com/news/28301- torrentspy-loses-copyright-infringement- lawsuit.html  Exemption  http://www.securityfocus.com/brief/365 21 Trademarks  Definition  A ―trademark‖ (which relates to goods) and a ―service mark‖ (which relates to services) can be any word, name, symbol, or device, or any combination, used, or intended to be used, in commerce.  To acquire federal trademark rights  start using the slogan, name or logo in commerce (i.e., some kind of commercial use) and then subsequently file a trademark application  or  file an intent to use application which will lock in your filing date but which does not require immediate use 22 Trademarks  Laws  U.S. Trademark Law  Case  http://cyber.law.harvard.edu/property00/domain /SportyShort.html 23 Patents  Definition  A patent is a proprietary right granted by the Federal government to an inventor who files a patent application with the United States Patent Office.  Three types of patents  Utility patent  covers the functional aspects of products and processes  Design patent  covers the ornamental design of useful objects  Plant patent  covers a new variety of living plant  protect inventions and methods that exhibit patentable subject matter  http://www.pcmag.com/article2/0,1895,2125974,00.asp  http://www.engadget.com/2009/02/25/microsoft-files-patent-lawsuit- against-tomtom-over-linux-based-g/ 24
  • 5. 5 25 Software Piracy  Most common IP breaches involve software piracy  Watchdog organizations investigate:  Software & Information Industry Association (SIIA)  Business Software Alliance (BSA)  Enforcement of copyright has been attempted with technical security mechanisms  26 Compromise to Intellectual Property  Copyright reminder 27 Compromise to Intellectual Property  License Agreement Window 28 Compromise to Intellectual Property 29 Espionage/Trespass  Broad category of activities that breach confidentiality  Unauthorized accessing of information  Competitive intelligence vs. espionage  Shoulder surfing, hidden camera, etc  Controls implemented to mark the boundaries of an organization‘s virtual territory giving notice to trespassers that they are encroaching on the organization‘s cyberspace 30
  • 6. 6 31 Espionage/Trespass  What is a hacker?  a person who illegally gains access to and sometimes tampers with information in a computer system  an expert at programming and solving problems with a computer 32 Espionage/Trespass  Generally two skill levels among hackers:  Expert hacker  develops software scripts and codes exploits  usually a master of many skills  will often create attack software and share with others  Script kiddies  hackers of limited skill  use expert-written software to exploit a system  do not usually fully understand the systems they hack  Other terms for system rule breakers:  Cracker - an individual who ―cracks‖ or removes protection designed to prevent unauthorized duplication  Phreaker - hacks the public telephone network 33 Information Extortion  Information extortion is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use  Extortion found in credit card number theft 34 Technical Hardware Failures or Errors  Technical hardware failures or errors occur when a manufacturer distributes to users equipment containing flaws  Intel Pentium II processor  These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability  Some errors are terminal, in that they result in the unrecoverable loss of the equipment  Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated 35 Technical Software Failures or Errors  This category of threats comes from purchasing software with unrevealed faults  Large quantities of computer code are written, debugged, published, and sold only to determine that not all bugs were resolved  Sometimes, unique combinations of certain software and hardware reveal new bugs  Sometimes, these items aren‘t errors, but are purposeful shortcuts left by programmers for honest or dishonest reasons 36 Technological Obsolescence  When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems  Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks  Ideally, proper planning by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action
  • 7. 7 37 Deliberate Act of Sabotage or Vandalism  Individual or group who want to deliberately sabotage the operations of a computer system or business, or perform acts of vandalism to either destroy an asset or damage the image of the organization  These threats can range from petty vandalism to organized sabotage  Organizations rely on image so Web defacing can lead to dropping consumer confidence and sales  Rising threat of hacktivist or cyber-activist operations – the most extreme version is cyber-terrorism 38 Deliberate Software Attacks  When an individual or group designs software to attack systems, they create malicious code/software called malware  Designed to damage, destroy, or deny service to the target systems  Mainly targeting Windows OS  http://stason.org/TULARC/os/linux.virus.html  http://www.sophos.com/pressoffice/news/articl es/2006/02/macosxleap.html Deliberate Software Attack  Includes:  macro virus  boot virus  worms  Trojan horses  logic bombs  back door or trap door  denial-of-service attacks  polymorphic  hoaxes 39 40 Virus  A virus is a computer program that copies itself from file to file and typically performs malicious or nuisance attacks on the infected system  Upon activation, copies its code into one or more larger programs  Hard to detect as well as hard to destroy or deactivate Symptoms of Virus  Computer runs slower then usual  Computer no longer boots up  Screen sometimes flicker  PC speaker beeps periodically  System crashes for no reason  Files/directories sometimes disappear  Denial of Service (DoS)  Display some strange message on the screen 41 42 HI Virus The Hi virus was submitted in August, 1992. It is originally from Eastern Europe. Hi is a memory resident infector of .EXE programs. When the first Hi infected program is executed, the Hi virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 1,024 bytes. Interrupt 21 will be hooked by the virus. Once the Hi virus is memory resident, it will infect .EXE programs when they are executed. Infected programs will have a file length increase of 460 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text string can be found near the end of all infected programs: "Hi"
  • 8. 8 Worms  Spread over network connection  Worms replicate  First worm released on the Internet was called Morris worm, it was released on Nov 2, 1988. Worms  Bubbleboy Discovery Date: 11/8/1999 Origin: Argentina (?) Length: 4992 Type: Worm/Macro SubType: VbScript Risk Assessment: Low Category: Stealth/Companion Worms  Bubbleboy  requires WSL (windows scripting language), Outlook or Outlook Express, and IE5  Does not work in Windows NT  Effects Spanish and English version of Windows  2 variants have been identified  Is a ―latent virus‖ on a Unix or Linux system  May cause DoS Worms  How Bubbleboy works  Bubbleboy is embedded within an email message of HTML format.  a VbScript while the user views a HTML page  a file named ―Update.hta‖ is placed in the start up directory  upon reboot Bubbleboy executes Worms  How Bubbleboy works  changes the registered owner/organization  HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionRegisteredOwner = ―Bubble Boy‖  HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionRegisteredOrganization = ―Vandalay Industry‖  using the Outlook MAPI address book it sends itself to each entry  marks itself in the registry  HKEY_LOCAL_MACHINESoftwareOutlook.bubbleboy = ―OUTLOOK.Bubbleboy1.0 by Zulu‖ 48 Trojan Horse  A Trojan Horse is any program in which malicious or harmful code is contained inside of what appears to be a harmless program  Malicious intent  Edit programs even registry information  Delete files  Set the computer as an FTP server  Obtain password  Spy  Usually doesn‘t reproduce
  • 9. 9 49 Trojan Horse  Back Orifice Discovery Date: 10/15/1998 Origin: Pro-hacker Website Length: 124,928 Type: Trojan SubType: Remote Access Risk Assessment: Low Category: Stealth Trojan Horse  About Back Orifice  requires Windows to work  distributed by ―Cult of the Dead Cow‖  similar to PC Anywhere, Carbon Copy software  allows remote access and control of other computers  install a reference in the registry  once infected, runs in the background  by default uses UDP port 54320 TCP port 54321  In Australia 72% of 92 ISP surveyed were infected with Back Orifice Trojan Horse  Features of Back Orifice  pings and query servers  reboot or lock up the system  list cached and screen saver password  display system information  logs keystrokes  edit registry  server control  receive and send files  display a message box Macro  Specific to certain applications  Comprise a high percentage of the viruses  Usually made in WordBasic and Visual Basic for Applications (VBA)  Microsoft shipped ―Concept‖, the first macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995 Macro  Melissa Discovery Date: 3/26/1999 Origin: Newsgroup Posting Length: varies depending on variant Type: Macro/Worm Subtype: Macro Risk Assessment: High Category: Companion
  • 10. 10 Macro  Melissa  requires WSL, Outlook or Outlook Express Word 97 SR1 or Office 2000  105 lines of code (original variant)  received either as an infected template or email attachment  lowers computer defenses to future macro virus attacks  may cause DoS  infects template files with it’s own macro code  80% of of the 150 Fortune 1000 companies were affected Macro  How Melissa works  the virus is activated through a MS word document  document displays reference to pornographic websites while macro runs  1st lowers the macro protection security setting for future attacks  checks to see is it has run in current session before  HKEY_LOCAL_MACHINESoftwareMicrosoftOfficeMelis sa = ―by Kwyjibo‖  propagates itself using the Outlook MAPI address book (emails sent to the first 50 addresses) Macro  How Melissa works  infects the Normal.dot template file with it‘s own code  Lastly if the minutes of the hour match up to the date the macro inserts a quote by Bart Simpson into the current document  ―Twenty two points, plus triple word score, plus fifty points for using all my letters. Game‘s over. I‘m outta here.‖ 58 Back Door/Trap Door  Payload of virus, worm, Trojan horse  Allow the attacker to access the system at will with special privileges  Back Orifice and Subseven 59 Polymorphism Boot Virus  Most difficult to remove 60
  • 11. 11 Logical Bomb  ―explosion‖ based on ―logic‖ 61 Spyware: what is it?  spyware is programming that is put in your computer to ―spy‖ on you  adware pushes ads, track Internet habits and performs other sneaky tricks 62 Spyware: how do you know when you have it?  Computers slow down to a crawl  Annoying Pop-ups appear  Browser Start Page changes  Unwanted toolbars, tray programs  New programs are installed on your PC and show up on the desktop 63 Cases of Spyware Infection 64 65 Spybot in action Here
  • 12. 12 MALWARE BASED ATTACK How bad guys get malware onto your computer? How does malware spread from one computer to the whole network? 67 IP Scan and Attack 69 Web Browsing  Attacker makes all Web content files infectious, so that users who browse to those pages become infected 70 Email  http://www.ikeafans.com/blog/phony-ikea- email-contains-netsky-worm/ 71 Network Space  Unprotected share  Public file server 72 P-2-P Download  Attractive names  Avril_latest_album.exe, … 73
  • 13. 13 74 W32/Netsky.p@MM  Email propogation  The worm exploits the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2), to automatically execute the virus on vulnerable systems.  P2P propogation  Emule, edonkey, kazaa, icq  Copy to the directory  1001 Sex and more.rtf.exe, 3D Studio Max 6 3dsmax.exe, ACDSee 10.exe, Adobe Photoshop 10 crack.exe, Adobe Photoshop 10 full.exe, Ahead Nero 8.exe, Altkins Diet.doc.exe, American Idol.doc.exe, Arnold Schwarzenegger.jpg.exe, Best Matrix Screensaver new.scr, Britney sex xxx.jpg.exe, … 75 Virus and Worm Hoaxes A More Creative Way  http://isc.sans.org/diary.html?storyid=5797 76 78 Password-related Attacks  Password Crack - Attempting to reverse calculate a password  Brute Force - The application of computing and network resources to try every possible combination of options of a password  Dictionary - The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses 79 Brute Force Attack 80 Dictionary Attack
  • 14. 14 81 Spam  Spam - unsolicited commercial e-mail - while many consider spam a nuisance rather than an attack, it is emerging as a vector for some attacks  http://www.spamlaws.com/spam-laws.html  http://www.msnbc.msn.com/id/18955115/ wid/11915829?GT1=9951  http://technology.timesonline.co.uk/tol/new s/tech_and_web/article5598661.ece 82 Spam Spam  2.4m: the number of spam emails MSN says it blocks daily  $100bn: cost of computer repairs and lost productivity this year 71%: of email users filter spam  51%: of internet users say they have lost trust in email because of spam  $5.5m: the amount MySpace won from TheGlobe.com in spam compensation in February 83 84 Spoofing  Spoofing - technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host  Email spoofing 85 DoS  Denial-of-service (DoS) –  Attacks that prevent the system from processing or responding to legitimate traffic or requests from resources and objects  Most common form  attacker sends a large number of data packets to a target  Server cannot process them all  Other forms  exploiting a known fault or vulnerability in an operating system or application  often result in a system crash, or 100% CPU utilization 86 DoS (Cont‘d)  Possible consequences  System crashes  System reboots  Data corruption  Blockage of services  No known means by which DoS attack can be prevented  Normally impossible to trace back to the origin
  • 15. 15 87 DoS (Cont‘d)  Mail-bombing - an attacker routes large quantities of e-mail to the target Example on How to Launch a DOS Attack 88 89 DDoS (Distributed Denial of Service)  An attack in which a coordinated stream of requests is launched against a target from many locations at the same time 90 DRDoS (Distributed Reflective Denial of Service)  Take advantage of the normal operation mechanisms of key Internet services  DNS, router update protocols, etc  Used by the infamous ―Mafia Boy‖ who took down cnn.com, yahoo.com, amazon.com and ebay.com 91 DRDoS 92 Other Forms of DoS  Error in operating systems, services, and applications.
  • 16. 16 93 One Example of DoS Attack  SYN flood attack 94 95 Sniffer  A program and/or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information from a network 96 Sniffer 97 Man-in-the-Middle Attack  Man-in-the-Middle - an attacker sniffs packets from the network, modifies them, and inserts them back into the network 98 Attack Descriptions  Buffer Overflow –  application error occurs when more data is sent to a buffer than it can handle  when the buffer overflows, the attacker can make the target system execute instructions, or the attacker can take advantage of some other unintended consequence of the failure
  • 17. 17 99 Social Engineering  The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker 100 Attack Descriptions  ―People are the weakest link‖ 101 102 Phishing Phishing in Action (HSBC) 103 104
  • 18. 18 Anti-Phishing Working Group 105 http://www.antiphishing.org/ Pharming Out-Scams Phishing First came Phishing, in which con artists hooked unwary Internet users one by one into compromising their personal data Pharmers can scoop up many victims in a single pass 106 What is Pharming? New use for a relatively old concept: domain spoofing Pharmers simply redirect as many users as possible from legitimate commercial websites to malicious ones 107 Pharming most alarming threat DNS poisoning Large group of users to be silently shuttled to a bogus website even when typing in the correct URL You no longer have to click a URL link to hand over your information to identity thieves 108 Certificate Mismatch 109 Industry Approach - Phishing  Based on social engineering – Self defense relies on common sense of the user  The automated detection of new Phishing fraud is very difficult  Only an extensive forensic analysis by law enforcement can prove the evidence of Phishing  Try to mitigate by  URL blocking of known URLs of Phishing websites  Spam blocking of emails of Phishing scams that are sent en mass 110
  • 19. 19 Industry Approach - Pharming  Browsers that could authenticate website identity. (CardSpace, OpenID)  Browser toolbars displaying the true physical location of a website's host (e.g. Russia)  Some financial institutions are experimenting with "multi-factor authentication" logins, including:  single-use passwords (e.g. tokens)  automatic telephone call-backs 111 Security Recommendations  Do not open e-mail attachments unless you know the source and are expecting the attachment  Do not reply to the e-mail from an unknown source  Do not click on entrusted hyperlinks to the Internet  Do not download unapproved software from the Internet  Do not respond or visit the website indicated by an instant message or e-mail  Do not give out personal information over the Internet  Before revealing any identifying information, ask how it will be used and secured. 112  ―People are the weakest link. You can have the best technology; firewalls, intrusion- detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.‖ — Kevin Mitnick 113 Brick Attack  the best configured firewall in the world can‘t stand up to a well placed brick 114 115 Timing Attack  Timing Attack –  relatively new  works by exploring the contents of a web browser‘s cache  can allow collection of information on access to password- protected sites  another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms 116 Legal Attack  Attacks that use the legal system  Persuade a judge and jury that there could be a flaw in the system.