CIT 380 Securing Computer Systems

CIT 380: Securing Computer Systems Slide #1

CIT 380 Securing Computer Systems

Threats

Vocabulary

• CIA Triad– Confidentiality– Integrity– Availability

• States of Information– Storage– Processing– Transmission

Vocabulary

• Security Measures– Technology– Policies and practices– Education, Training, and awareness

• Threats, Attacks, Assets

• Prevention, Detection, Recovery, Survivability

Vocabulary

• Risk

• Security trade-offs

• Cost-Benefit Analysis

• Script Kiddies

• Security Researchers

• Hacker , Cracker, Attacker

• Black Hat, White Hat

What are threats?

• What threats can you think of to your home?

• To your money (including bank accounts, checks, credit and debit cards)?

• To your home computer?

Digital Threats: More of the Same

• Theft

• Vandalism

• Extortion

• Con Games

• Fraud

• Stalking

Digital Threats: What’s Different

Automation– Salami Attack from Office Space.

Action at a Distance– Volodya Levin, from St. Petersburg, Russia, stole

over $10million from US Citibank. Arrested in London.

– Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA.

Digital Threats: What’s Different

Technique Propagation– Criminals share techniques rapidly and globally.

Next Slide

• The percentage of respondents answering that their organization experienced unauthorized use of computer systems in the last 12 months

Survival Time

• The main issue here is of course that the time to download critical patches will exceed this survival time.

Current Threat Information

• SANS Internet Storm Center– http://isc.sans.edu/index.html

• Bugtraq– http://www.securityfocus.com/– http://www.securityfocus.com/archive/1

• CERT– http://www.cert.org/

Current Threat Information

• Packet Storm– http://packetstormsecurity.org/

Who are the Attackers?

• Hackers vs Crackers

• Levels of attackers– Developer

• Finds new security vulnerabilities

• Writes tools and exploits

– User• Understands tools; modifies tools/exploits

– Script Kiddie

Who are the Attackers?Criminals.

– 1993: Thieves installed bogus ATM at Manchester Mall. Saved account#s + PINs.

Organized crime.– 2000: Mafia-led organization members arrested for

attempt to steal $680million from Bank of Sicily.

Malicious insiders.– 2001: Mike Ventimiglia deletes files of his employer,

GTE. $200,000 damage.

Industrial espionage.– 2001: Verdicts in Cadence Design Systems vs. Avant

against 7 employees incl CEO. 5 sentenced to jail.

Who are the Attackers?Press.

– 1998: Cincinnati Enquirer reporter Michael Gallagher breaks into Chiquita Fruits voicemail to expose illegal activities.

Police.– 1997: LAPD illegal wiretapping scandal.

Terrorists.– 1999: DOS attacks and web defacements against NATO

country computers during Kosovo bombings.National Intelligence.

– 2000: Former CIA Directory Woolsey admitted to using ECHELON information to help US companies win foreign contracts.

Scary Internet Stuff: Underground

• http://www.youtube.com/watch?v=AYWYvJ__Dxk&feature=related

What Are Our Defenses?

• Firewalls • Virus Scanners • Spyware Scanners• Intrusion Detection

Systems (IDS/IPS) • Patches • Backups

Prevent

Detect

Respond

Recover

What Are The Attacks?

• Phishing

• Malware

• Ransomware

• Spyware

• Botnets

Phishing E-mail

Phishing Site

Scary Internet Stuff: Phishing

• http://www.youtube.com/watch?v=Ao20tAS3x3I&feature=related

Amazon.com - Your Cancellation (516-203578-8141423)

order-update@amazon.com

Dear Customer,

Your order has been successfully canceled. For your reference, here`s a summary of your order:

You just canceled order #991-86824-273919

Status: CANCELED

_____________________________________________________________________

ORDER DETAILSSold by: Amazon.com, LLC

_____________________________________________________________________

Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.

Thank you for visiting Amazon.com!

---------------------------------------------------------------------Amazon.comEarth`s Biggest Selectionhttp://www.amazon.com---------------------------------------------------------------------

Malware

• Trojan Horses • Viruses • Worms

Ransomware

Spyware and Adware

Most Trojan Horses, some infect directly.

– Browser hijacking – Pop-up advertisements – Keystroke and network logging – Steal confidential data from email and files

Spyware and Adware

89% of PCs are infected with spyware

(2006Q2 Webroot .) – http://www.webroot.com/resources/

stateofspyware/excerpt.html

Rootkits

• Execution Redirection• File Hiding• Process Hiding• Network Hiding

User Program

Rootkit

Rootkits Video

• http://www.youtube.com/watch?v=PcqnG4-NkZ4

Botnets

Worm or direct attack usurps control of PC, then installs control software to listen for instructions. Instructions can include:

• Attempt to infect other PCs • Send spam message • Launch DOS attack • Upgrade attack and control software • Virus writers sell botnets to spammers for

$0.10/compromised PC

Scary Internet Stuff: Botnets

• http://www.youtube.com/watch?v=BRhauoXpNSs

Wikipedia: Botnet

• http://en.wikipedia.org/wiki/Botnet – Historical list of botnets

• Kraken botnet– http://en.wikipedia.org/wiki/Kraken_botnet

Key Points• Computer crimes same as pre-computer crimes.• Differences in digital threats

– Automation– Action at a distance– Technique propagation

• Digital threats– Phishing – Malware – Ransomware – Spyware

– Botnets

References1. Alexander Gostev et. al., “Malware Evolution: January – March 2006,” Virus List,

http://www.viruslist.com/en/analysis?pubid=184012401, April 12, 2006.2. The Honeynet Project, Know Your Enemy, 2nd edition, Addison-Wesley, 2004. 3. John Leyden, "The illicit trade in compromised PCs," The Register, Apr 30 2004. 4. Stuart McClure, Joel Scambray, and George Kurtz, Hacking Exposed, 5th edition,

McGraw-Hill, 2005. 5. Rachna Dhamija and J. D. Tygar, "The Battle Against Phishing: Dynamic Security

Skins," Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005.

6. SANS Internet Storm Center, http://isc.sans.org/survivalhistory.php7. Schneier, Bruce, Beyond Fear, Copernicus Books, 2003.8. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006 9. Stuart Staniford, Vern Paxson, and Nicholas Weaver, "How to 0wn the Internet in Your

Spare Time," Proceedings of the 11th USENIX Security Symposium, 2002. 10. Richard Stiennon, "Spyware: 2004 Was Only the Beginning," CIO Update, Jan 26

2005. 11. Thompson, Ken, “Reflections on Trusting Trust”, Communication of the ACM, Vol.

27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)

CIT 380 Securing Computer Systems

Documents

Certificate in Translation (CIT) CIT-03

NEW JURISDICTION OF THE PR. CIT/CIT CHARGE; …office.incometaxindia.gov.in/kanpur/Documents/...NEW JURISDICTION OF THE PR. CIT/CIT CHARGE; ADDL. CIT/ JT. CIT RANGES & ASSESSING OFFICERS

Cit Cit EastvaleNews .com

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction

ED 380 381 SO 024 739 AUTHOR Ruth, Amy, Ed. …ED 380 381 AUTHOR TITLE INSTITUTION REPORT NO PUB DATE NOTE AVAILABLE FROM PUB TYPE JOURNAL CIT EDRS PRICE DESCRIPTORS IDENTIFIERS ABSTRACT

CIT 480: Securing Computer Systemswaldenj/classes/2015/fall/cit480/... · Nmap scan report for scanme.nmap.org (74.207.244.221) ... flags. • Null Scan: Turns off all TCP flags

CIT 480: Securing Computer Systems · 2019. 8. 25. · Vulnerability scanners can identify thousands of potential security issues. – Automatically and quickly. – On a regular

Slide #1 CIT 380: Securing Computer Systems TCP/IP

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Access Control

· Samar Calba o Cit Catbalo an Cit Maasin Cit Ormoc Cit Tacloban Cit Ba ba Cit Boron an Cit Others Bukidnon Cami uin Lanao del Norte Misamis Oriental Misamis Occidental Ca a an

CIT 480: Securing Computer Systemswaldenj/classes/2016/spring/cit480/... · wireless network packets destined for other hosts. ... – If network location unsatisfactory, ARP spoofing

CIT - Cork Institute of Technology - CIT

CIT 380: Securing Computer Systems

CIT 480: Securing Computer Systemswaldenj/classes/2016/spring/cit480/... · – Trusted copy of TLS certificate or public key stored in browser. – Successfully detected ANSSI (French

Certificate in Translation (CIT) CIT-01egyanagar.osou.ac.in/slmfiles/CIT-01-BLOCK-02.pdf · Certificate in Translation (CIT) CIT-01 ... Homonyms, Homophones, ... The soldier decided

6025 380 380 380 380 - filest.edunet.net · 6025 380 380 380 380 . Created Date: 10/28/2019 8:14:04 PM

CIT 380: Securing Computer Systemswaldenj/classes/2015/spring/cit480/...CIT 480: Securing Computer Systems Slide #22 nmap OS fingerprint examples > sudo nmap -O scanme.nmap.org Device

CIT 480: Securing Computer Systemswaldenj/classes/2014/fall/... · 2019. 8. 25. · CIT 480: Securing Computer Systems Biometrics are not infallible What are False Accept and Reject

CIT 380: Securing Computer Systemswaldenj/classes/2013/fall/cit380/lectures/... · plugged into the network. – Unlicensed spectrum in the 2.4 and 5 GHz ranges. Coverage – Personal

CIT 380: Securing Computer Systemswaldenj/classes/2014/fall/... · 2019. 8. 25. · – Based on MD5, SHA-1, or SHA-2, key based on master secret. 4. Pseudorandom Function – Used